[prep-release-3.3.5] Update changelog for 3.3.5

[ticket/16878] Default to threads value of 1 when using argon with libsodium

.github/check-doctum-parse-errors.sh

@@ -11,16 +11,17 @@
 set -e
 
 if [ ! -f doctum.phar ]; then
-	# Download the latest (5.1.x) release if the file does not exist
+	# Download the latest (5.x.x) release if the file does not exist
 	# Remove it to update your phar
-	curl -O https://doctum.long-term.support/releases/5.1/doctum.phar
+	curl -O https://doctum.long-term.support/releases/5/doctum.phar
 	rm -f doctum.phar.sha256
-	curl -O https://doctum.long-term.support/releases/5.1/doctum.phar.sha256
+	curl -O https://doctum.long-term.support/releases/5/doctum.phar.sha256
 	sha256sum --strict --check doctum.phar.sha256
 	rm -f doctum.phar.sha256
-	# You can fetch the latest (5.1.x) version code here:
-	# https://doctum.long-term.support/releases/5.1/VERSION
+	chmod +x ./doctum.phar
+	# You can fetch the latest (5.x.x) version code here:
+	# https://doctum.long-term.support/releases/5/VERSION
 fi
 # Show the version to inform users of the script
-php doctum.phar --version
-php doctum.phar parse build/doctum-checkout.conf.php -v
+./doctum.phar version --text
+./doctum.phar parse build/doctum-checkout.conf.php -v

.github/setup-webserver.sh

@@ -28,12 +28,12 @@ NGINX_PHP_CONF="$DIR/nginx-php.conf"
 PHP_FPM_BIN="/usr/sbin/php-fpm$PHP_VERSION"
 PHP_FPM_CONF="$DIR/php-fpm.conf"
 
-if [ ! -f $PHP_FPM_BIN ] && [ "$PHP_VERSION" == '8.1' ] && [ -f "/usr/bin/php-fpm" ]
+if [ ! -f $PHP_FPM_BIN ] && [ -f "/usr/bin/php-fpm" ]
 then
 	PHP_FPM_BIN="/usr/bin/php-fpm"
 fi
 
-if [ ! -f $PHP_FPM_BIN ] && [ "$PHP_VERSION" != '8.1' ]
+if [ ! -f $PHP_FPM_BIN ]
 then
 	sudo apt-get install php$PHP_VERSION-fpm php$PHP_VERSION-cli \
 						php$PHP_VERSION-curl php$PHP_VERSION-xml php$PHP_VERSION-mbstring \

.github/workflows/tests.yml

@@ -5,10 +5,14 @@ on:
         branches:
             - 3.3.x
             - master
+            - 'prep-release-*'
+        tags:
+            - 'release-*'
     pull_request:
         branches:
             - 3.3.x
             - master
+            - 'prep-release-*'
 
 jobs:
     # Basic checks, e.g. parse errors, commit messages, etc.
@@ -18,7 +22,7 @@ jobs:
             matrix:
                 include:
                     - db: 'none'
-                      php: '7.1'
+                      php: '7.2'
                       NOTESTS: 1
 
         name: PHP ${{ matrix.php }} - ${{ matrix.db }}
@@ -77,11 +81,10 @@ jobs:
                   .github/check-executable-files.sh ./
 
             - name: Check commit message
-              env:
-                  BRANCH: ${{ github.event.pull_request.base.sha }}
               if: github.event_name == 'pull_request'
               run: |
-                  git-tools/commit-msg-hook-range.sh $BRANCH..$GITHUB_SHA
+                  git fetch origin $GITHUB_BASE_REF &> /dev/null
+                  git-tools/commit-msg-hook-range.sh $(git rev-parse origin/$GITHUB_BASE_REF)..$GITHUB_SHA
 
     # Tests for MySQL and MariaDB
     mysql-tests:
@@ -150,7 +153,6 @@ jobs:
                 ports:
                     - 6379:6379
 
-
         steps:
             - name: Checkout repository
               uses: actions/checkout@v2
@@ -241,6 +243,16 @@ jobs:
                       db: "postgres:12"
                     - php: '7.1'
                       db: "postgres:13"
+                    - php: '7.2'
+                      db: "postgres:13"
+                    - php: '7.3'
+                      db: "postgres:13"
+                    - php: '7.4'
+                      db: "postgres:13"
+                    - php: '8.0'
+                      db: "postgres:12"
+                    - php: '8.0'
+                      db: "postgres:13"
 
         name: PHP ${{ matrix.php }} - ${{ matrix.db }}
 
@@ -270,7 +282,6 @@ jobs:
                 ports:
                     - 6379:6379
 
-
         steps:
             - name: Checkout repository
               uses: actions/checkout@v2
@@ -437,6 +448,10 @@ jobs:
                 include:
                     - php: '7.4'
                       db: "postgres"
+                    - php: '8.0'
+                      db: "postgres"
+                    - php: '8.1'
+                      db: "postgres"
 
         name: Windows - PHP ${{ matrix.php }} - ${{ matrix.db }}
 
@@ -508,6 +523,8 @@ jobs:
                   Set-ACL -Path "${env:TEMP_DIR}" -ACLObject $acl
                   cd ${env:GITHUB_WORKSPACE}\phpBB
                   php ..\composer.phar install
+                  php ..\composer.phar remove phpunit/dbunit --dev --update-with-dependencies
+                  php ..\composer.phar require symfony/yaml:~4.4 misantron/dbunit:~5.0 phpunit/phpunit:^9.3 --dev --update-with-all-dependencies --ignore-platform-reqs
                   cd ..
             - name: Setup database
               run: |

.gitignore

@@ -30,3 +30,4 @@ node_modules
 .vagrant
 .idea
 *.DS_Store*
+/.vscode

README.md

@@ -1,4 +1,4 @@
-[![phpBB](phpBB/styles/all/imgs/svg/phpbb_logo_large_cosmic.svg)](https://www.phpbb.com)
+[<img src="phpBB/styles/all/imgs/svg/phpbb_logo_large_cosmic.svg" alt="phpBB" style="max-width:40%" width="400">](https://www.phpbb.com)
 
 phpBB is a free open-source bulletin board written in PHP.
 

build/build.xml

@@ -2,9 +2,9 @@
 
 <project name="phpBB" description="The phpBB forum software" default="all" basedir="../">
 	<!-- a few settings for the build -->
-	<property name="newversion" value="3.3.3" />
-	<property name="prevversion" value="3.3.2" />
-	<property name="olderversions" value="3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.7-pl1, 3.1.8, 3.1.9, 3.1.10, 3.1.11, 3.1.12, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.2.6, 3.2.7, 3.2.8, 3.2.9, 3.2.10, 3.2.11, 3.3.0, 3.3.1, 3.3.3-RC1" />
+	<property name="newversion" value="3.3.5" />
+	<property name="prevversion" value="3.3.4" />
+	<property name="olderversions" value="3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.7-pl1, 3.1.8, 3.1.9, 3.1.10, 3.1.11, 3.1.12, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.2.6, 3.2.7, 3.2.8, 3.2.9, 3.2.10, 3.2.11, 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.3.5-RC1" />
 	<!-- no configuration should be needed beyond this point -->
 
 	<property name="oldversions" value="${olderversions}, ${prevversion}" />
@@ -128,13 +128,13 @@
 	<!-- Builds docs for current branch into build/api/output/master -->
 	<target name="docs">
 		<exec dir="."
-			command="php doctum.phar update build/doctum-checkout.conf.php"
+			command="./doctum.phar update build/doctum-checkout.conf.php"
 			passthru="true" />
 	</target>
 	<!-- Builds docs for multiple branches/tags into build/api/output/$branch -->
 	<target name="docs-all">
 		<exec dir="."
-			command="php doctum.phar update build/doctum-all.conf.php"
+			command="./doctum.phar update build/doctum-all.conf.php"
 			passthru="true" />
 	</target>
 

build/build_changelog.php

@@ -38,6 +38,7 @@ else
 	$xml = simplexml_load_string(file_get_contents($url));
 }
 
+$types = [];
 foreach ($xml->xpath('//item') as $item)
 {
 	$key = (string) $item->key;
@@ -45,23 +46,26 @@ foreach ($xml->xpath('//item') as $item)
 	$keyUrl = 'https://tracker.phpbb.com/browse/' . $key;
 	$keyLink = '<a href="' . $keyUrl . '">' . $key . '</a>';
 
-	$value = str_replace($key, $keyLink, htmlspecialchars($item->title));
+	$value = str_replace($key, $keyLink, htmlspecialchars($item->title, ENT_COMPAT));
 	$value = str_replace(']', '] -', $value);
 
 	$types[(string) $item->type][$key] = $value;
 }
 
-ksort($types);
-foreach ($types as $type => $tickets)
+if (count($types))
 {
-	echo "<h4>$type</h4>\n";
-	echo "<ul>\n";
-
-	uksort($tickets, 'strnatcasecmp');
-
-	foreach ($tickets as $ticket)
+	ksort($types);
+	foreach ($types as $type => $tickets)
 	{
-		echo "<li>$ticket</li>\n";
+		echo "<h4>$type</h4>\n";
+		echo "<ul>\n";
+
+		uksort($tickets, 'strnatcasecmp');
+
+		foreach ($tickets as $ticket)
+		{
+			echo "<li>$ticket</li>\n";
+		}
+		echo "</ul>\n";
 	}
-	echo "</ul>\n";
 }

build/build_helper.php

@@ -43,10 +43,10 @@ class build_package
 		$_before = $this->versions[count($this->versions) - 2];
 
 		$this->locations = array(
-			'new_version'	=> dirname(dirname(__FILE__)) . '/phpBB/',
-			'old_versions'	=> dirname(__FILE__) . '/old_versions/',
-			'root'			=> dirname(__FILE__) . '/',
-			'package_dir'	=> dirname(__FILE__) . '/new_version/'
+			'new_version'	=> dirname(__DIR__) . '/phpBB/',
+			'old_versions'	=> __DIR__ . '/old_versions/',
+			'root'			=> __DIR__ . '/',
+			'package_dir'	=> __DIR__ . '/new_version/'
 		);
 
 		$this->package_infos = array(

build/code_sniffer/phpbb/Sniffs/ControlStructures/StaticKeywordSniff.php

@@ -0,0 +1,57 @@
+<?php
+/**
+ *
+ * This file is part of the phpBB Forum Software package.
+ *
+ * @copyright (c) phpBB Limited <https://www.phpbb.com>
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
+
+use PHP_CodeSniffer\Files\File;
+use PHP_CodeSniffer\Sniffs\Sniff;
+
+/**
+ * Checks that the visibility qualifiers are placed after the static keyword
+ * according to the coding guidelines
+ */
+class phpbb_Sniffs_ControlStructures_StaticKeywordSniff implements Sniff
+{
+	/**
+	 * Registers the tokens that this sniff wants to listen for.
+	 */
+	public function register()
+	{
+		return [
+			T_STATIC,
+		];
+	}
+
+	/**
+	 * Processes this test, when one of its tokens is encountered.
+	 *
+	 * @param File $phpcsFile The file being scanned.
+	 * @param int $stackPtr  The position of the current token in the stack passed in $tokens.
+	 *
+	 * @return void
+	 */
+	public function process(File $phpcsFile, $stackPtr)
+	{
+		$tokens = $phpcsFile->getTokens();
+
+		$disallowed_after_tokens = [
+			T_PUBLIC,
+			T_PROTECTED,
+			T_PRIVATE,
+		];
+
+		if (in_array($tokens[$stackPtr + 2]['code'], $disallowed_after_tokens))
+		{
+			$error = 'Access specifier (e.g. public) should not follow static scope attribute. Encountered "' . $tokens[$stackPtr + 2]['content'] . '" after static';
+			$phpcsFile->addWarning($error, $stackPtr, 'InvalidStaticFunctionDeclaration', [], 1);
+		}
+	}
+}

build/code_sniffer/ruleset-php-legacy.xml

@@ -89,4 +89,7 @@
  <!-- There MUST be one space between control structure and opening parenthesis -->
  <rule ref="./phpbb/Sniffs/ControlStructures/OpeningParenthesisSniff.php" />
 
+ <!-- Static qualifier MUST be placed before the visibility qualifiers. -->
+ <rule ref="./phpbb/Sniffs/ControlStructures/StaticKeywordSniff.php" />
+
 </ruleset>

git-tools/hooks/commit-msg

@@ -1,7 +1,7 @@
 #!/bin/sh
 #
 # A hook to check syntax of a phpBB3 commit message, per:
-# * <http://wiki.phpbb.com/display/DEV/Git>
+# * <https://area51.phpbb.com/docs/dev/master/development/git.html>
 # * <http://area51.phpbb.com/phpBB/viewtopic.php?p=209919#p209919>
 #
 # This is a commit-msg hook.

phpBB/adm/style/acp_bbcodes.html

@@ -31,11 +31,11 @@
 	</fieldset>
 
 	<fieldset>
-		<legend>{L_BBCODE_HELPLINE}</legend>
-		<p>{L_BBCODE_HELPLINE_EXPLAIN}</p>
+		<legend>{{ lang('BBCODE_HELPLINE') }}</legend>
+		<p>{{ lang('BBCODE_HELPLINE_EXPLAIN') }}</p>
 	<dl>
-		<dt><label for="bbcode_helpline">{L_BBCODE_HELPLINE_TEXT}</label></dt>
-		<dd><input type="text" id="bbcode_helpline" name="bbcode_helpline" size="60" maxlength="255" value="{BBCODE_HELPLINE}" /></dd>
+		<dt><label for="bbcode_helpline">{{ lang('BBCODE_HELPLINE_TEXT') }}</label></dt>
+		<dd><textarea id="bbcode_helpline" name="bbcode_helpline" cols="60" rows="4">{{ BBCODE_HELPLINE }}</textarea></dd>
 	</dl>
 	</fieldset>
 

phpBB/adm/style/acp_database.html

@@ -58,7 +58,6 @@
 	<dl>
 		<dt><label for="type">{L_BACKUP_TYPE}{L_COLON}</label></dt>
 		<dd><label><input type="radio" class="radio" name="type" value="full" id="type" checked="checked" /> {L_FULL_BACKUP}</label>
-			<label><input type="radio" name="type" class="radio" value="structure" /> {L_STRUCTURE_ONLY}</label>
 			<label><input type="radio" class="radio" name="type" value="data" /> {L_DATA_ONLY}</label></dd>
 	</dl>
 	<dl>

phpBB/adm/style/acp_inactive.html

@@ -45,7 +45,7 @@
 	</tr>
 <!-- BEGINELSE -->
 	<tr>
-		<td colspan="6" style="text-align: center;">{L_NO_INACTIVE_USERS}</td>
+		<td colspan="7" style="text-align: center;">{L_NO_INACTIVE_USERS}</td>
 	</tr>
 <!-- END inactive -->
 </tbody>

phpBB/adm/style/acp_styles.html

@@ -96,10 +96,10 @@
 	<thead>
 	<tr>
 		<th>{L_STYLE_NAME}</th>
-		<th width="10%" style="white-space: nowrap; text-align: center;">{{ lang('STYLE_VERSION') }}</th>
-		<th width="10%" style="white-space: nowrap; text-align: center;">{L_STYLE_PHPBB_VERSION}</th>
-		<!-- IF not STYLES_LIST_HIDE_COUNT --><th width="10%" style="white-space: nowrap; text-align: center;">{L_STYLE_USED_BY}</th><!-- ENDIF -->
-		<th width="25%" style="white-space: nowrap; text-align: center;">{L_ACTIONS}</th>
+		<th style="width: 10%; white-space: nowrap; text-align: center;">{{ lang('STYLE_VERSION') }}</th>
+		<th style="width: 10%; white-space: nowrap; text-align: center;">{L_STYLE_PHPBB_VERSION}</th>
+		<!-- IF not STYLES_LIST_HIDE_COUNT --><th style="width: 10%; white-space: nowrap; text-align: center;">{L_STYLE_USED_BY}</th><!-- ENDIF -->
+		<th style="width: 25%; white-space: nowrap; text-align: center;">{L_ACTIONS}</th>
 		{STYLES_LIST_EXTRA}
 		<th>&nbsp;</th>
 	</tr>
@@ -146,7 +146,7 @@
 			<!-- END actions -->
 		</td>
 		{styles_list.EXTRA}
-		<td class="{$ROW_CLASS} mark" width="20">
+		<td class="{$ROW_CLASS} mark" style="width: 20px;">
 			<!-- IF styles_list.STYLE_ID -->
 				{% if styles_list.STYLE_NAME !== 'prosilver' %}
 					<input class="checkbox" type="checkbox" name="ids[]" value="{styles_list.STYLE_ID}" />

phpBB/adm/style/admin.css

@@ -2738,4 +2738,29 @@ fieldset.permissions .padding {
 	height: 1em;
 	width: 1em;
 }
+
+.acp-icon {
+	font-size: 1.5em;
+}
 /* stylelint-enable declaration-property-unit-whitelist */
+
+.acp-icon-move-up,
+.acp-icon-move-down {
+	color: #4ba5de;
+}
+
+.acp-icon-settings {
+	color: #62c046;
+}
+
+.acp-icon-delete {
+	color: #d74558;
+}
+
+.acp-icon-resync {
+	color: #f69934;
+}
+
+.acp-icon-disabled {
+	color: #d0d0d0;
+}

phpBB/adm/style/admin.js

@@ -254,5 +254,10 @@ function parse_document(container)
 		});
 
 		$('#configlist').closest('.send-stats-data-row').addClass('send-stats-data-hidden');
+
+		// Do not underline actions icons on hover (could not be done via CSS)
+		$('.actions a:has(i.acp-icon)').mouseover(function () {
+			$(this).css("text-decoration", "none");
+		});
 	});
 })(jQuery);

phpBB/adm/style/captcha_qa_acp.html

@@ -2,7 +2,6 @@
 
 <a id="maincontent"></a>
 
-
 	<a href="<!-- IF U_LIST -->{U_LIST}<!-- ELSE -->{U_ACTION}<!-- ENDIF -->" style="float: {S_CONTENT_FLOW_END};">&laquo; {L_BACK}</a>
 
 	<h1>{L_QUESTIONS}</h1>
@@ -25,15 +24,18 @@
 		<td style="vertical-align: top; width: 50px; text-align: center; white-space: nowrap;">{L_ACTION}</td>
 	</tr>
 	</thead>
+
 	<tbody>
-	<!-- BEGIN questions -->
-	<tr>
-		<td style="text-align: left;">{questions.QUESTION_TEXT}</td>
-		<td style="text-align: center;">{questions.QUESTION_LANG}</td>
-		<td style="text-align: center;"><a href="{questions.U_EDIT}">{ICON_EDIT}</a>&nbsp;<a href="{questions.U_DELETE}">{ICON_DELETE}</a></td>
-	</tr>
-	<!-- END questions -->
+	{% for question in questions %}
+		<tr>
+			{# RTL is already managed by CSS #}
+			<td>{{ question.QUESTION_TEXT }}</td>
+			<td style="text-align: center;">{{ question.QUESTION_LANG }}</td>
+			<td style="text-align: center;"><a href="{{ question.U_EDIT }}">{{ ICON_EDIT }}</a> <a href="{{ question.U_DELETE }}">{{ ICON_DELETE }}</a></td>
+		</tr>
+	{% endfor %}
 	</tbody>
+
 	</table>
 	<fieldset class="quick">
 		<input class="button1" type="submit" name="add" value="{L_ADD}" />

phpBB/adm/style/installer_footer.html

@@ -23,7 +23,7 @@ installLang = {
 </script>
 
 <script src="{T_JQUERY_LINK}"></script>
-<!-- IF S_ALLOW_CDN --><script>window.jQuery || document.write('\x3Cscript src="{T_ASSETS_PATH}/javascript/jquery-3.5.1.min.js">\x3C/script>');</script><!-- ENDIF -->
+<!-- IF S_ALLOW_CDN --><script>window.jQuery || document.write('\x3Cscript src="{T_ASSETS_PATH}/javascript/jquery-3.6.0.min.js">\x3C/script>');</script><!-- ENDIF -->
 <script src="{T_ASSETS_PATH}/javascript/core.js?assets_version={T_ASSETS_VERSION}"></script>
 <!-- INCLUDEJS admin.js -->
 {$SCRIPTS}

phpBB/adm/style/overall_footer.html

@@ -24,7 +24,7 @@
 
 		<div id="phpbb_alert" class="phpbb_alert" data-l-err="{L_ERROR}" data-l-timeout-processing-req="{L_TIMEOUT_PROCESSING_REQ}">
 			<a href="#" class="alert_close"></a>
-			<h3 class="alert_title"></h3><p class="alert_text"></p>
+			<h3 class="alert_title">&nbsp;</h3><p class="alert_text"></p>
 		</div>
 		<div id="phpbb_confirm" class="phpbb_alert">
 			<a href="#" class="alert_close"></a>
@@ -34,7 +34,7 @@
 </div>
 
 <script src="{T_JQUERY_LINK}"></script>
-<!-- IF S_ALLOW_CDN --><script>window.jQuery || document.write('\x3Cscript src="{T_ASSETS_PATH}/javascript/jquery-3.5.1.min.js?assets_version={T_ASSETS_VERSION}">\x3C/script>');</script><!-- ENDIF -->
+<!-- IF S_ALLOW_CDN --><script>window.jQuery || document.write('\x3Cscript src="{T_ASSETS_PATH}/javascript/jquery-3.6.0.min.js?assets_version={T_ASSETS_VERSION}">\x3C/script>');</script><!-- ENDIF -->
 <script src="{T_ASSETS_PATH}/javascript/core.js?assets_version={T_ASSETS_VERSION}"></script>
 <!-- INCLUDEJS ajax.js -->
 <!-- INCLUDEJS admin.js -->

phpBB/adm/style/overall_header.html

@@ -12,10 +12,10 @@
 
 <script>
 // <![CDATA[
-var jump_page = '{LA_JUMP_PAGE}{L_COLON}';
-var on_page = '{CURRENT_PAGE}';
-var per_page = '{PER_PAGE}';
-var base_url = '{BASE_URL|e('js')}';
+var jump_page = "{{ lang_js('JUMP_PAGE') ~ lang_js('COLON') }}";
+var on_page = '{{ CURRENT_PAGE }}';
+var per_page = '{{ PER_PAGE }}';
+var base_url = "{{ BASE_URL|e('js') }}";
 
 /**
 * Jump to page

phpBB/adm/style/simple_footer.html

@@ -17,7 +17,7 @@
 </div>
 
 <script src="{T_JQUERY_LINK}"></script>
-<!-- IF S_ALLOW_CDN --><script>window.jQuery || document.write('\x3Cscript src="{T_ASSETS_PATH}/javascript/jquery-3.5.1.min.js?assets_version={T_ASSETS_VERSION}">\x3C/script>');</script><!-- ENDIF -->
+<!-- IF S_ALLOW_CDN --><script>window.jQuery || document.write('\x3Cscript src="{T_ASSETS_PATH}/javascript/jquery-3.6.0.min.js?assets_version={T_ASSETS_VERSION}">\x3C/script>');</script><!-- ENDIF -->
 <script src="{T_ASSETS_PATH}/javascript/core.js?assets_version={T_ASSETS_VERSION}"></script>
 
 <!-- EVENT acp_simple_footer_after -->

phpBB/composer.json

@@ -15,8 +15,9 @@
 	"support": {
 		"issues": "https://tracker.phpbb.com",
 		"forum": "https://www.phpbb.com/community/",
-		"wiki": "https://wiki.phpbb.com",
-		"irc": "irc://irc.freenode.org/phpbb"
+		"docs": "https://www.phpbb.com/support/docs/",
+		"irc": "irc://irc.libera.chat/phpbb",
+		"chat": "https://www.phpbb.com/support/chat/"
 	},
 	"scripts": {
 		"post-update-cmd": "echo 'You MUST manually modify the clean-vendor-dir target in build/build.xml when adding or upgrading dependencies.'"
@@ -34,7 +35,6 @@
 		"guzzlehttp/guzzle": "~6.3",
 		"lusitanian/oauth": "^0.8.1",
 		"marc1706/fast-image-size": "^1.1",
-		"patchwork/utf8": "^1.1",
 		"s9e/text-formatter": "^2.0",
 		"symfony/config": "~3.4",
 		"symfony/console": "~3.4",
@@ -45,6 +45,9 @@
 		"symfony/finder": "~3.4",
 		"symfony/http-foundation": "~3.4",
 		"symfony/http-kernel": "~3.4",
+		"symfony/polyfill-intl-normalizer": "^1.23",
+		"symfony/polyfill-mbstring": "^1.23",
+		"symfony/polyfill-php72": "^1.23",
 		"symfony/process": "^3.4",
 		"symfony/proxy-manager-bridge": "~3.4",
 		"symfony/routing": "~3.4",

phpBB/composer.lock

@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "aba28293c9c05523b3fb2f91dac53f17",
+    "content-hash": "1b58e9d5054a0881d4c29cb2e9523908",
     "packages": [
         {
             "name": "bantu/ini-get-wrapper",
@@ -42,16 +42,16 @@
         },
         {
             "name": "composer/package-versions-deprecated",
-            "version": "1.11.99.1",
+            "version": "1.11.99.3",
             "source": {
                 "type": "git",
                 "url": "https://github.com/composer/package-versions-deprecated.git",
-                "reference": "7413f0b55a051e89485c5cb9f765fe24bb02a7b6"
+                "reference": "fff576ac850c045158a250e7e27666e146e78d18"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/composer/package-versions-deprecated/zipball/7413f0b55a051e89485c5cb9f765fe24bb02a7b6",
-                "reference": "7413f0b55a051e89485c5cb9f765fe24bb02a7b6",
+                "url": "https://api.github.com/repos/composer/package-versions-deprecated/zipball/fff576ac850c045158a250e7e27666e146e78d18",
+                "reference": "fff576ac850c045158a250e7e27666e146e78d18",
                 "shasum": ""
             },
             "require": {
@@ -95,7 +95,7 @@
             "description": "Composer plugin that provides efficient querying for installed package versions (no runtime IO)",
             "support": {
                 "issues": "https://github.com/composer/package-versions-deprecated/issues",
-                "source": "https://github.com/composer/package-versions-deprecated/tree/1.11.99.1"
+                "source": "https://github.com/composer/package-versions-deprecated/tree/1.11.99.3"
             },
             "funding": [
                 {
@@ -111,7 +111,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2020-11-11T10:22:58+00:00"
+            "time": "2021-08-17T13:49:14+00:00"
         },
         {
             "name": "google/recaptcha",
@@ -238,16 +238,16 @@
         },
         {
             "name": "guzzlehttp/promises",
-            "version": "1.4.0",
+            "version": "1.4.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/guzzle/promises.git",
-                "reference": "60d379c243457e073cff02bc323a2a86cb355631"
+                "reference": "8e7d04f1f6450fef59366c399cfad4b9383aa30d"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/promises/zipball/60d379c243457e073cff02bc323a2a86cb355631",
-                "reference": "60d379c243457e073cff02bc323a2a86cb355631",
+                "url": "https://api.github.com/repos/guzzle/promises/zipball/8e7d04f1f6450fef59366c399cfad4b9383aa30d",
+                "reference": "8e7d04f1f6450fef59366c399cfad4b9383aa30d",
                 "shasum": ""
             },
             "require": {
@@ -287,22 +287,22 @@
             ],
             "support": {
                 "issues": "https://github.com/guzzle/promises/issues",
-                "source": "https://github.com/guzzle/promises/tree/1.4.0"
+                "source": "https://github.com/guzzle/promises/tree/1.4.1"
             },
-            "time": "2020-09-30T07:37:28+00:00"
+            "time": "2021-03-07T09:25:29+00:00"
         },
         {
             "name": "guzzlehttp/psr7",
-            "version": "1.7.0",
+            "version": "1.8.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/guzzle/psr7.git",
-                "reference": "53330f47520498c0ae1f61f7e2c90f55690c06a3"
+                "reference": "dc960a912984efb74d0a90222870c72c87f10c91"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/psr7/zipball/53330f47520498c0ae1f61f7e2c90f55690c06a3",
-                "reference": "53330f47520498c0ae1f61f7e2c90f55690c06a3",
+                "url": "https://api.github.com/repos/guzzle/psr7/zipball/dc960a912984efb74d0a90222870c72c87f10c91",
+                "reference": "dc960a912984efb74d0a90222870c72c87f10c91",
                 "shasum": ""
             },
             "require": {
@@ -362,9 +362,9 @@
             ],
             "support": {
                 "issues": "https://github.com/guzzle/psr7/issues",
-                "source": "https://github.com/guzzle/psr7/tree/1.7.0"
+                "source": "https://github.com/guzzle/psr7/tree/1.8.2"
             },
-            "time": "2020-09-30T07:37:11+00:00"
+            "time": "2021-04-26T09:17:50+00:00"
         },
         {
             "name": "lusitanian/oauth",
@@ -571,83 +571,6 @@
             },
             "time": "2017-05-04T11:12:50+00:00"
         },
-        {
-            "name": "patchwork/utf8",
-            "version": "v1.3.3",
-            "source": {
-                "type": "git",
-                "url": "https://github.com/tchwork/utf8.git",
-                "reference": "e1fa4d4a57896d074c9a8d01742b688d5db4e9d5"
-            },
-            "dist": {
-                "type": "zip",
-                "url": "https://api.github.com/repos/tchwork/utf8/zipball/e1fa4d4a57896d074c9a8d01742b688d5db4e9d5",
-                "reference": "e1fa4d4a57896d074c9a8d01742b688d5db4e9d5",
-                "shasum": ""
-            },
-            "require": {
-                "lib-pcre": ">=7.3",
-                "php": ">=5.3.0"
-            },
-            "require-dev": {
-                "symfony/phpunit-bridge": "^3.4|^4.4"
-            },
-            "suggest": {
-                "ext-iconv": "Use iconv for best performance",
-                "ext-intl": "Use Intl for best performance",
-                "ext-mbstring": "Use Mbstring for best performance",
-                "ext-wfio": "Use WFIO for UTF-8 filesystem access on Windows"
-            },
-            "type": "library",
-            "extra": {
-                "branch-alias": {
-                    "dev-master": "1.3-dev"
-                }
-            },
-            "autoload": {
-                "psr-4": {
-                    "Patchwork\\": "src/Patchwork/"
-                },
-                "classmap": [
-                    "src/Normalizer.php"
-                ]
-            },
-            "notification-url": "https://packagist.org/downloads/",
-            "license": [
-                "(Apache-2.0 or GPL-2.0)"
-            ],
-            "authors": [
-                {
-                    "name": "Nicolas Grekas",
-                    "email": "p@tchwork.com"
-                }
-            ],
-            "description": "Portable and performant UTF-8, Unicode and Grapheme Clusters for PHP",
-            "homepage": "https://github.com/tchwork/utf8",
-            "keywords": [
-                "grapheme",
-                "i18n",
-                "unicode",
-                "utf-8",
-                "utf8"
-            ],
-            "support": {
-                "issues": "https://github.com/tchwork/utf8/issues",
-                "source": "https://github.com/tchwork/utf8/tree/v1.3.3"
-            },
-            "funding": [
-                {
-                    "url": "https://github.com/nicolas-grekas",
-                    "type": "github"
-                },
-                {
-                    "url": "https://tidelift.com/funding/github/packagist/patchwork/utf8",
-                    "type": "tidelift"
-                }
-            ],
-            "abandoned": "symfony/polyfill-mbstring or symfony/string",
-            "time": "2021-01-07T16:38:58+00:00"
-        },
         {
             "name": "psr/container",
             "version": "1.0.0",
@@ -756,16 +679,16 @@
         },
         {
             "name": "psr/log",
-            "version": "1.1.3",
+            "version": "1.1.4",
             "source": {
                 "type": "git",
                 "url": "https://github.com/php-fig/log.git",
-                "reference": "0f73288fd15629204f9d42b7055f72dacbe811fc"
+                "reference": "d49695b909c3b7628b6289db5479a1c204601f11"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/php-fig/log/zipball/0f73288fd15629204f9d42b7055f72dacbe811fc",
-                "reference": "0f73288fd15629204f9d42b7055f72dacbe811fc",
+                "url": "https://api.github.com/repos/php-fig/log/zipball/d49695b909c3b7628b6289db5479a1c204601f11",
+                "reference": "d49695b909c3b7628b6289db5479a1c204601f11",
                 "shasum": ""
             },
             "require": {
@@ -789,7 +712,7 @@
             "authors": [
                 {
                     "name": "PHP-FIG",
-                    "homepage": "http://www.php-fig.org/"
+                    "homepage": "https://www.php-fig.org/"
                 }
             ],
             "description": "Common interface for logging libraries",
@@ -800,9 +723,9 @@
                 "psr-3"
             ],
             "support": {
-                "source": "https://github.com/php-fig/log/tree/1.1.3"
+                "source": "https://github.com/php-fig/log/tree/1.1.4"
             },
-            "time": "2020-03-23T09:12:05+00:00"
+            "time": "2021-05-03T11:20:27+00:00"
         },
         {
             "name": "ralouphie/getallheaders",
@@ -850,21 +773,21 @@
         },
         {
             "name": "s9e/regexp-builder",
-            "version": "1.4.4",
+            "version": "1.4.5",
             "source": {
                 "type": "git",
                 "url": "https://github.com/s9e/RegexpBuilder.git",
-                "reference": "605b33841a766abd40ba3d07c15d0f62b5e7f033"
+                "reference": "45992e3389e0179672f3a3605d66891a8b64918c"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/s9e/RegexpBuilder/zipball/605b33841a766abd40ba3d07c15d0f62b5e7f033",
-                "reference": "605b33841a766abd40ba3d07c15d0f62b5e7f033",
+                "url": "https://api.github.com/repos/s9e/RegexpBuilder/zipball/45992e3389e0179672f3a3605d66891a8b64918c",
+                "reference": "45992e3389e0179672f3a3605d66891a8b64918c",
                 "shasum": ""
             },
             "require": {
                 "lib-pcre": ">=7.2",
-                "php": ">=5.5.1"
+                "php": ">=7.1"
             },
             "require-dev": {
                 "phpunit/phpunit": "*"
@@ -886,9 +809,9 @@
             ],
             "support": {
                 "issues": "https://github.com/s9e/RegexpBuilder/issues",
-                "source": "https://github.com/s9e/RegexpBuilder/tree/1.4.4"
+                "source": "https://github.com/s9e/RegexpBuilder/tree/1.4.5"
             },
-            "time": "2020-01-08T02:46:22+00:00"
+            "time": "2021-04-28T21:45:11+00:00"
         },
         {
             "name": "s9e/sweetdom",
@@ -936,16 +859,16 @@
         },
         {
             "name": "s9e/text-formatter",
-            "version": "2.8.1",
+            "version": "2.10.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/s9e/TextFormatter.git",
-                "reference": "2ac2ab8c28849311424a78ea21a8368423053ce3"
+                "reference": "00df71d0a803c041efa320ce2f2c0e56c1a6fca9"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/s9e/TextFormatter/zipball/2ac2ab8c28849311424a78ea21a8368423053ce3",
-                "reference": "2ac2ab8c28849311424a78ea21a8368423053ce3",
+                "url": "https://api.github.com/repos/s9e/TextFormatter/zipball/00df71d0a803c041efa320ce2f2c0e56c1a6fca9",
+                "reference": "00df71d0a803c041efa320ce2f2c0e56c1a6fca9",
                 "shasum": ""
             },
             "require": {
@@ -972,7 +895,7 @@
             },
             "type": "library",
             "extra": {
-                "version": "2.8.1"
+                "version": "2.10.0"
             },
             "autoload": {
                 "psr-4": {
@@ -1004,9 +927,9 @@
             ],
             "support": {
                 "issues": "https://github.com/s9e/TextFormatter/issues",
-                "source": "https://github.com/s9e/TextFormatter/tree/2.8.1"
+                "source": "https://github.com/s9e/TextFormatter/tree/2.10.0"
             },
-            "time": "2020-12-27T17:14:06+00:00"
+            "time": "2021-08-11T15:45:12+00:00"
         },
         {
             "name": "symfony/config",
@@ -1586,16 +1509,16 @@
         },
         {
             "name": "symfony/http-kernel",
-            "version": "v3.4.47",
+            "version": "v3.4.49",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/http-kernel.git",
-                "reference": "a98a4c30089e6a2d52a9fa236f718159b539f6f5"
+                "reference": "5aa72405f5bd5583c36ed6e756acb17d3f98ac40"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/http-kernel/zipball/a98a4c30089e6a2d52a9fa236f718159b539f6f5",
-                "reference": "a98a4c30089e6a2d52a9fa236f718159b539f6f5",
+                "url": "https://api.github.com/repos/symfony/http-kernel/zipball/5aa72405f5bd5583c36ed6e756acb17d3f98ac40",
+                "reference": "5aa72405f5bd5583c36ed6e756acb17d3f98ac40",
                 "shasum": ""
             },
             "require": {
@@ -1668,7 +1591,7 @@
             "description": "Symfony HttpKernel Component",
             "homepage": "https://symfony.com",
             "support": {
-                "source": "https://github.com/symfony/http-kernel/tree/v3.4.47"
+                "source": "https://github.com/symfony/http-kernel/tree/v3.4.49"
             },
             "funding": [
                 {
@@ -1684,20 +1607,20 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2020-11-27T08:42:42+00:00"
+            "time": "2021-05-19T12:06:59+00:00"
         },
         {
             "name": "symfony/polyfill-ctype",
-            "version": "v1.22.0",
+            "version": "v1.23.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-ctype.git",
-                "reference": "c6c942b1ac76c82448322025e084cadc56048b4e"
+                "reference": "46cd95797e9df938fdd2b03693b5fca5e64b01ce"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/c6c942b1ac76c82448322025e084cadc56048b4e",
-                "reference": "c6c942b1ac76c82448322025e084cadc56048b4e",
+                "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/46cd95797e9df938fdd2b03693b5fca5e64b01ce",
+                "reference": "46cd95797e9df938fdd2b03693b5fca5e64b01ce",
                 "shasum": ""
             },
             "require": {
@@ -1709,7 +1632,7 @@
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-main": "1.22-dev"
+                    "dev-main": "1.23-dev"
                 },
                 "thanks": {
                     "name": "symfony/polyfill",
@@ -1747,7 +1670,7 @@
                 "portable"
             ],
             "support": {
-                "source": "https://github.com/symfony/polyfill-ctype/tree/v1.22.0"
+                "source": "https://github.com/symfony/polyfill-ctype/tree/v1.23.0"
             },
             "funding": [
                 {
@@ -1763,20 +1686,20 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2021-01-07T16:49:33+00:00"
+            "time": "2021-02-19T12:13:01+00:00"
         },
         {
             "name": "symfony/polyfill-intl-idn",
-            "version": "v1.22.0",
+            "version": "v1.23.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-intl-idn.git",
-                "reference": "0eb8293dbbcd6ef6bf81404c9ce7d95bcdf34f44"
+                "reference": "65bd267525e82759e7d8c4e8ceea44f398838e65"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-intl-idn/zipball/0eb8293dbbcd6ef6bf81404c9ce7d95bcdf34f44",
-                "reference": "0eb8293dbbcd6ef6bf81404c9ce7d95bcdf34f44",
+                "url": "https://api.github.com/repos/symfony/polyfill-intl-idn/zipball/65bd267525e82759e7d8c4e8ceea44f398838e65",
+                "reference": "65bd267525e82759e7d8c4e8ceea44f398838e65",
                 "shasum": ""
             },
             "require": {
@@ -1790,7 +1713,7 @@
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-main": "1.22-dev"
+                    "dev-main": "1.23-dev"
                 },
                 "thanks": {
                     "name": "symfony/polyfill",
@@ -1834,7 +1757,7 @@
                 "shim"
             ],
             "support": {
-                "source": "https://github.com/symfony/polyfill-intl-idn/tree/v1.22.0"
+                "source": "https://github.com/symfony/polyfill-intl-idn/tree/v1.23.0"
             },
             "funding": [
                 {
@@ -1850,20 +1773,20 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2021-01-07T16:49:33+00:00"
+            "time": "2021-05-27T09:27:20+00:00"
         },
         {
             "name": "symfony/polyfill-intl-normalizer",
-            "version": "v1.22.0",
+            "version": "v1.23.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-intl-normalizer.git",
-                "reference": "6e971c891537eb617a00bb07a43d182a6915faba"
+                "reference": "8590a5f561694770bdcd3f9b5c69dde6945028e8"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-intl-normalizer/zipball/6e971c891537eb617a00bb07a43d182a6915faba",
-                "reference": "6e971c891537eb617a00bb07a43d182a6915faba",
+                "url": "https://api.github.com/repos/symfony/polyfill-intl-normalizer/zipball/8590a5f561694770bdcd3f9b5c69dde6945028e8",
+                "reference": "8590a5f561694770bdcd3f9b5c69dde6945028e8",
                 "shasum": ""
             },
             "require": {
@@ -1875,7 +1798,7 @@
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-main": "1.22-dev"
+                    "dev-main": "1.23-dev"
                 },
                 "thanks": {
                     "name": "symfony/polyfill",
@@ -1918,7 +1841,7 @@
                 "shim"
             ],
             "support": {
-                "source": "https://github.com/symfony/polyfill-intl-normalizer/tree/v1.22.0"
+                "source": "https://github.com/symfony/polyfill-intl-normalizer/tree/v1.23.0"
             },
             "funding": [
                 {
@@ -1934,20 +1857,20 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2021-01-07T17:09:11+00:00"
+            "time": "2021-02-19T12:13:01+00:00"
         },
         {
             "name": "symfony/polyfill-mbstring",
-            "version": "v1.22.0",
+            "version": "v1.23.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-mbstring.git",
-                "reference": "f377a3dd1fde44d37b9831d68dc8dea3ffd28e13"
+                "reference": "9174a3d80210dca8daa7f31fec659150bbeabfc6"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/f377a3dd1fde44d37b9831d68dc8dea3ffd28e13",
-                "reference": "f377a3dd1fde44d37b9831d68dc8dea3ffd28e13",
+                "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/9174a3d80210dca8daa7f31fec659150bbeabfc6",
+                "reference": "9174a3d80210dca8daa7f31fec659150bbeabfc6",
                 "shasum": ""
             },
             "require": {
@@ -1959,7 +1882,7 @@
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-main": "1.22-dev"
+                    "dev-main": "1.23-dev"
                 },
                 "thanks": {
                     "name": "symfony/polyfill",
@@ -1998,7 +1921,7 @@
                 "shim"
             ],
             "support": {
-                "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.22.0"
+                "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.23.1"
             },
             "funding": [
                 {
@@ -2014,7 +1937,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2021-01-07T16:49:33+00:00"
+            "time": "2021-05-27T12:26:48+00:00"
         },
         {
             "name": "symfony/polyfill-php56",
@@ -2154,16 +2077,16 @@
         },
         {
             "name": "symfony/polyfill-php72",
-            "version": "v1.22.0",
+            "version": "v1.23.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-php72.git",
-                "reference": "cc6e6f9b39fe8075b3dabfbaf5b5f645ae1340c9"
+                "reference": "9a142215a36a3888e30d0a9eeea9766764e96976"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-php72/zipball/cc6e6f9b39fe8075b3dabfbaf5b5f645ae1340c9",
-                "reference": "cc6e6f9b39fe8075b3dabfbaf5b5f645ae1340c9",
+                "url": "https://api.github.com/repos/symfony/polyfill-php72/zipball/9a142215a36a3888e30d0a9eeea9766764e96976",
+                "reference": "9a142215a36a3888e30d0a9eeea9766764e96976",
                 "shasum": ""
             },
             "require": {
@@ -2172,7 +2095,7 @@
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-main": "1.22-dev"
+                    "dev-main": "1.23-dev"
                 },
                 "thanks": {
                     "name": "symfony/polyfill",
@@ -2210,7 +2133,7 @@
                 "shim"
             ],
             "support": {
-                "source": "https://github.com/symfony/polyfill-php72/tree/v1.22.0"
+                "source": "https://github.com/symfony/polyfill-php72/tree/v1.23.0"
             },
             "funding": [
                 {
@@ -2226,7 +2149,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2021-01-07T16:49:33+00:00"
+            "time": "2021-05-27T09:17:38+00:00"
         },
         {
             "name": "symfony/process",
@@ -3177,16 +3100,16 @@
         },
         {
             "name": "phing/phing",
-            "version": "2.16.3",
+            "version": "2.17.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/phingofficial/phing.git",
-                "reference": "b34c2bf9cd6abd39b4287dee31e68673784c8567"
+                "reference": "c0a3bce822c088d60b30a577c25debb42325d0f8"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/phingofficial/phing/zipball/b34c2bf9cd6abd39b4287dee31e68673784c8567",
-                "reference": "b34c2bf9cd6abd39b4287dee31e68673784c8567",
+                "url": "https://api.github.com/repos/phingofficial/phing/zipball/c0a3bce822c088d60b30a577c25debb42325d0f8",
+                "reference": "c0a3bce822c088d60b30a577c25debb42325d0f8",
                 "shasum": ""
             },
             "require": {
@@ -3269,22 +3192,36 @@
             "support": {
                 "irc": "irc://irc.freenode.net/phing",
                 "issues": "https://www.phing.info/trac/report",
-                "source": "https://github.com/phingofficial/phing/tree/oldstable"
+                "source": "https://github.com/phingofficial/phing/tree/2.17.0"
             },
-            "time": "2020-02-03T18:50:54+00:00"
+            "funding": [
+                {
+                    "url": "https://github.com/mrook",
+                    "type": "github"
+                },
+                {
+                    "url": "https://github.com/siad007",
+                    "type": "github"
+                },
+                {
+                    "url": "https://www.patreon.com/michielrook",
+                    "type": "patreon"
+                }
+            ],
+            "time": "2021-08-31T13:33:01+00:00"
         },
         {
             "name": "php-webdriver/webdriver",
-            "version": "1.9.0",
+            "version": "1.11.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/php-webdriver/php-webdriver.git",
-                "reference": "e3633154554605274cc9d59837f55a7427d72003"
+                "reference": "da16e39968f8dd5cfb7d07eef91dc2b731c69880"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/php-webdriver/php-webdriver/zipball/e3633154554605274cc9d59837f55a7427d72003",
-                "reference": "e3633154554605274cc9d59837f55a7427d72003",
+                "url": "https://api.github.com/repos/php-webdriver/php-webdriver/zipball/da16e39968f8dd5cfb7d07eef91dc2b731c69880",
+                "reference": "da16e39968f8dd5cfb7d07eef91dc2b731c69880",
                 "shasum": ""
             },
             "require": {
@@ -3300,7 +3237,7 @@
             },
             "require-dev": {
                 "friendsofphp/php-cs-fixer": "^2.0",
-                "ondram/ci-detector": "^2.1 || ^3.5",
+                "ondram/ci-detector": "^2.1 || ^3.5 || ^4.0",
                 "php-coveralls/php-coveralls": "^2.4",
                 "php-mock/php-mock-phpunit": "^1.1 || ^2.0",
                 "php-parallel-lint/php-parallel-lint": "^1.2",
@@ -3312,11 +3249,6 @@
                 "ext-SimpleXML": "For Firefox profile creation"
             },
             "type": "library",
-            "extra": {
-                "branch-alias": {
-                    "dev-main": "1.8.x-dev"
-                }
-            },
             "autoload": {
                 "psr-4": {
                     "Facebook\\WebDriver\\": "lib/"
@@ -3340,9 +3272,9 @@
             ],
             "support": {
                 "issues": "https://github.com/php-webdriver/php-webdriver/issues",
-                "source": "https://github.com/php-webdriver/php-webdriver/tree/1.9.0"
+                "source": "https://github.com/php-webdriver/php-webdriver/tree/1.11.1"
             },
-            "time": "2020-11-19T15:21:05+00:00"
+            "time": "2021-05-21T15:12:49+00:00"
         },
         {
             "name": "phpdocumentor/reflection-common",
@@ -3697,16 +3629,16 @@
         },
         {
             "name": "phpunit/php-file-iterator",
-            "version": "2.0.3",
+            "version": "2.0.4",
             "source": {
                 "type": "git",
                 "url": "https://github.com/sebastianbergmann/php-file-iterator.git",
-                "reference": "4b49fb70f067272b659ef0174ff9ca40fdaa6357"
+                "reference": "28af674ff175d0768a5a978e6de83f697d4a7f05"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/sebastianbergmann/php-file-iterator/zipball/4b49fb70f067272b659ef0174ff9ca40fdaa6357",
-                "reference": "4b49fb70f067272b659ef0174ff9ca40fdaa6357",
+                "url": "https://api.github.com/repos/sebastianbergmann/php-file-iterator/zipball/28af674ff175d0768a5a978e6de83f697d4a7f05",
+                "reference": "28af674ff175d0768a5a978e6de83f697d4a7f05",
                 "shasum": ""
             },
             "require": {
@@ -3745,7 +3677,7 @@
             ],
             "support": {
                 "issues": "https://github.com/sebastianbergmann/php-file-iterator/issues",
-                "source": "https://github.com/sebastianbergmann/php-file-iterator/tree/2.0.3"
+                "source": "https://github.com/sebastianbergmann/php-file-iterator/tree/2.0.4"
             },
             "funding": [
                 {
@@ -3753,7 +3685,7 @@
                     "type": "github"
                 }
             ],
-            "time": "2020-11-30T08:25:21+00:00"
+            "time": "2021-07-19T06:46:01+00:00"
         },
         {
             "name": "phpunit/php-text-template",
@@ -3861,16 +3793,16 @@
         },
         {
             "name": "phpunit/php-token-stream",
-            "version": "3.1.2",
+            "version": "3.1.3",
             "source": {
                 "type": "git",
                 "url": "https://github.com/sebastianbergmann/php-token-stream.git",
-                "reference": "472b687829041c24b25f475e14c2f38a09edf1c2"
+                "reference": "9c1da83261628cb24b6a6df371b6e312b3954768"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/sebastianbergmann/php-token-stream/zipball/472b687829041c24b25f475e14c2f38a09edf1c2",
-                "reference": "472b687829041c24b25f475e14c2f38a09edf1c2",
+                "url": "https://api.github.com/repos/sebastianbergmann/php-token-stream/zipball/9c1da83261628cb24b6a6df371b6e312b3954768",
+                "reference": "9c1da83261628cb24b6a6df371b6e312b3954768",
                 "shasum": ""
             },
             "require": {
@@ -3908,7 +3840,7 @@
             ],
             "support": {
                 "issues": "https://github.com/sebastianbergmann/php-token-stream/issues",
-                "source": "https://github.com/sebastianbergmann/php-token-stream/tree/3.1.2"
+                "source": "https://github.com/sebastianbergmann/php-token-stream/tree/3.1.3"
             },
             "funding": [
                 {
@@ -3917,7 +3849,7 @@
                 }
             ],
             "abandoned": true,
-            "time": "2020-11-30T08:38:46+00:00"
+            "time": "2021-07-26T12:15:06+00:00"
         },
         {
             "name": "phpunit/phpunit",
@@ -4622,6 +4554,7 @@
                     "type": "github"
                 }
             ],
+            "abandoned": true,
             "time": "2020-11-30T07:30:19+00:00"
         },
         {
@@ -4673,16 +4606,16 @@
         },
         {
             "name": "squizlabs/php_codesniffer",
-            "version": "3.5.8",
+            "version": "3.6.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/squizlabs/PHP_CodeSniffer.git",
-                "reference": "9d583721a7157ee997f235f327de038e7ea6dac4"
+                "reference": "ffced0d2c8fa8e6cdc4d695a743271fab6c38625"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/squizlabs/PHP_CodeSniffer/zipball/9d583721a7157ee997f235f327de038e7ea6dac4",
-                "reference": "9d583721a7157ee997f235f327de038e7ea6dac4",
+                "url": "https://api.github.com/repos/squizlabs/PHP_CodeSniffer/zipball/ffced0d2c8fa8e6cdc4d695a743271fab6c38625",
+                "reference": "ffced0d2c8fa8e6cdc4d695a743271fab6c38625",
                 "shasum": ""
             },
             "require": {
@@ -4725,7 +4658,7 @@
                 "source": "https://github.com/squizlabs/PHP_CodeSniffer",
                 "wiki": "https://github.com/squizlabs/PHP_CodeSniffer/wiki"
             },
-            "time": "2020-10-23T02:01:07+00:00"
+            "time": "2021-04-09T00:54:41+00:00"
         },
         {
             "name": "symfony/browser-kit",
@@ -4979,12 +4912,12 @@
             "version": "1.9.1",
             "source": {
                 "type": "git",
-                "url": "https://github.com/webmozart/assert.git",
+                "url": "https://github.com/webmozarts/assert.git",
                 "reference": "bafc69caeb4d49c39fd0779086c03a3738cbb389"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/webmozart/assert/zipball/bafc69caeb4d49c39fd0779086c03a3738cbb389",
+                "url": "https://api.github.com/repos/webmozarts/assert/zipball/bafc69caeb4d49c39fd0779086c03a3738cbb389",
                 "reference": "bafc69caeb4d49c39fd0779086c03a3738cbb389",
                 "shasum": ""
             },
@@ -5022,8 +4955,8 @@
                 "validate"
             ],
             "support": {
-                "issues": "https://github.com/webmozart/assert/issues",
-                "source": "https://github.com/webmozart/assert/tree/master"
+                "issues": "https://github.com/webmozarts/assert/issues",
+                "source": "https://github.com/webmozarts/assert/tree/1.9.1"
             },
             "time": "2020-07-08T17:02:28+00:00"
         }

phpBB/develop/create_schema_files.php

@@ -18,7 +18,7 @@
 * If you overwrite the original schema files please make sure you save the file with UNIX linefeeds.
 */
 
-$schema_path = dirname(__FILE__) . '/../install/schemas/';
+$schema_path = __DIR__ . '/../install/schemas/';
 $supported_dbms = array(
 	'mssql',
 	'mysql_41',
@@ -34,7 +34,7 @@ if (!is_writable($schema_path))
 }
 
 define('IN_PHPBB', true);
-$phpbb_root_path = dirname(__FILE__) . '/../';
+$phpbb_root_path = __DIR__ . '/../';
 $phpEx = substr(strrchr(__FILE__, '.'), 1);
 
 include($phpbb_root_path . 'vendor/autoload.php');

phpBB/develop/create_variable_overview.php

@@ -220,7 +220,7 @@ foreach ($files_to_parse as $file_num => $data)
 			{
 				$_var = str_replace(array('{', '}'), array('', ''), $var);
 				$lang_references[$_var][] = $data['single_filename'];
-				$lang_data .= '<li>' . $var . '<br>' . "\n" . ((isset($lang[$_var])) ? htmlspecialchars(str_replace("\\'", "'", $lang[$_var])) : '<span style="color:red">No Language Variable available</span>') . '<br></li><br>' . "\n";
+				$lang_data .= '<li>' . $var . '<br>' . "\n" . ((isset($lang[$_var])) ? htmlspecialchars(str_replace("\\'", "'", $lang[$_var]), ENT_COMPAT) : '<span style="color:red">No Language Variable available</span>') . '<br></li><br>' . "\n";
 			}
 		}
 		$lang_data .= '</ul>';

phpBB/develop/export_events_for_rst.php

@@ -0,0 +1,140 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+if (php_sapi_name() != 'cli')
+{
+	die("This program must be run from the command line.\n");
+}
+
+$phpEx = substr(strrchr(__FILE__, '.'), 1);
+$phpbb_root_path = __DIR__ . '/../';
+define('IN_PHPBB', true);
+
+function usage()
+{
+	echo "Usage: export_events_for_rst.php COMMAND [VERSION] [EXTENSION]\n";
+	echo "\n";
+	echo "COMMAND:\n";
+	echo "    all:\n";
+	echo "        Generate the complete rst for the Event List\n";
+	echo "\n";
+	echo "    diff:\n";
+	echo "        Generate the Event Diff for the release highlights\n";
+	echo "\n";
+	echo "    php:\n";
+	echo "        Generate the PHP event section of Event_List\n";
+	echo "\n";
+	echo "    adm:\n";
+	echo "        Generate the ACP Template event section of Event_List\n";
+	echo "\n";
+	echo "    styles:\n";
+	echo "        Generate the Styles Template event section of Event_List\n";
+	echo "\n";
+	echo "VERSION (diff only):\n";
+	echo "    Filter events (minimum version)\n";
+	echo "\n";
+	echo "EXTENSION (Optional):\n";
+	echo "    If not given, only core events will be exported.\n";
+	echo "    Otherwise only events from the extension will be exported.\n";
+	echo "\n";
+	exit(2);
+}
+
+function validate_argument_count($arguments, $count)
+{
+	if ($arguments <= $count)
+	{
+		usage();
+	}
+}
+
+validate_argument_count($argc, 1);
+
+$action = $argv[1];
+$extension = isset($argv[2]) ? $argv[2] : null;
+$min_version = null;
+require __DIR__ . '/../phpbb/event/php_exporter.' . $phpEx;
+require __DIR__ . '/../phpbb/event/md_exporter.' . $phpEx;
+require __DIR__ . '/../phpbb/event/rst_exporter.' . $phpEx;
+require __DIR__ . '/../includes/functions.' . $phpEx;
+require __DIR__ . '/../phpbb/event/recursive_event_filter_iterator.' . $phpEx;
+require __DIR__ . '/../phpbb/recursive_dot_prefix_filter_iterator.' . $phpEx;
+
+switch ($action)
+{
+
+	case 'diff':
+		echo '== Event changes ==' . "\n";
+		echo "Event changes\n";
+		echo "=============\n\n";
+		$min_version = $extension;
+		$extension = isset($argv[3]) ? $argv[3] : null;
+
+	case 'all':
+		if ($action === 'all')
+		{
+			echo "==========================\n";
+			echo "Events List\n";
+			echo "==========================\n\n";
+		}
+
+
+	case 'php':
+		$exporter = new \phpbb\event\php_exporter($phpbb_root_path, $extension, $min_version);
+		$exporter->crawl_phpbb_directory_php();
+		echo $exporter->export_events_for_rst($action);
+
+		if ($action === 'php')
+		{
+			break;
+		}
+		echo "\n\n";
+		// no break;
+
+	case 'styles':
+		$exporter = new \phpbb\event\md_exporter($phpbb_root_path, $extension, $min_version);
+		if ($min_version && $action === 'diff')
+		{
+			$exporter->crawl_eventsmd('docs/events.md', 'styles');
+		}
+		else
+		{
+			$exporter->crawl_phpbb_directory_styles('docs/events.md');
+		}
+		echo $exporter->export_events_for_rst($action);
+
+		if ($action === 'styles')
+		{
+			break;
+		}
+		echo "\n\n";
+		// no break;
+
+	case 'adm':
+		$exporter = new \phpbb\event\md_exporter($phpbb_root_path, $extension, $min_version);
+		if ($min_version && $action === 'diff')
+		{
+			$exporter->crawl_eventsmd('docs/events.md', 'adm');
+		}
+		else
+		{
+			$exporter->crawl_phpbb_directory_adm('docs/events.md');
+		}
+		echo $exporter->export_events_for_rst($action);
+
+		echo "\n";
+	break;
+
+	default:
+		usage();
+}

phpBB/develop/imageset_to_css.php

@@ -290,7 +290,7 @@ function dump_code($code, $filename = 'file.txt')
 	$list = explode("\n", $code);
 	$height = 15 * count($list);
 	echo ' [ <a href="?download=', $hash, '">download</a> <a href="javascript:void(0);" onclick="document.getElementById(\'code-', $hash, '\').style.height = \'', $height, 'px\'; this.style.display = \'none\'; return false;">expand</a> ]<br />';
-	echo '<textarea id="code-', $hash, '" onfocus="this.select();" style="width: 98%; height: 200px;">', htmlspecialchars($code), '</textarea><br />';
+	echo '<textarea id="code-', $hash, '" onfocus="this.select();" style="width: 98%; height: 200px;">', htmlspecialchars($code, ENT_COMPAT), '</textarea><br />';
 }
 
 function css($list, $path = './', $bidi = false)

phpBB/develop/lang_duplicates.php

@@ -34,7 +34,7 @@ $mode = $request->variable('mode', '');
 $modules = find_modules($phpbb_root_path . 'language/en');
 
 $kkeys = $keys = array();
-$langdir = dirname(__FILE__);
+$langdir = __DIR__;
 
 if (isset($lang))
 {

phpBB/develop/namespacify.php

@@ -191,4 +191,3 @@ foreach ($iterator as $file)
 		file_put_contents($file->getPathname(), $code);
 	}
 }
-

phpBB/develop/repair_bots.php

@@ -2,7 +2,7 @@
 /**
 * Rebuild BOTS
 *
-* You should make a backup from your whole database. Things can and will go wrong. 
+* You should make a backup from your whole database. Things can and will go wrong.
 * This will only work if no BOTs were added.
 *
 */
@@ -24,10 +24,14 @@ $user->setup();
 
 $bots = array(
 	'AdsBot [Google]'			=> array('AdsBot-Google', ''),
+	'Ahrefs [Bot]'				=> array('AhrefsBot/', ''),
 	'Alexa [Bot]'				=> array('ia_archiver', ''),
 	'Alta Vista [Bot]'			=> array('Scooter/', ''),
+	'Amazon [Bot]'				=> array('Amazonbot/', ''),
 	'Ask Jeeves [Bot]'			=> array('Ask Jeeves', ''),
-	'Baidu [Spider]'			=> array('Baiduspider+(', ''),
+	'Baidu [Spider]'			=> array('Baiduspider', ''),
+	'Bing [Bot]'				=> array('bingbot/', ''),
+	'DuckDuckGo [Bot]'			=> array('DuckDuckBot/', ''),
 	'Exabot [Bot]'				=> array('Exabot/', ''),
 	'FAST Enterprise [Crawler]'	=> array('FAST Enterprise Crawler', ''),
 	'FAST WebCrawler [Crawler]'	=> array('FAST-WebCrawler/', ''),
@@ -41,7 +45,7 @@ $bots = array(
 	'Heritrix [Crawler]'		=> array('heritrix/1.', ''),
 	'IBM Research [Bot]'		=> array('ibm.com/cs/crawler', ''),
 	'ICCrawler - ICjobs'		=> array('ICCrawler - ICjobs', ''),
-	'ichiro [Crawler]'			=> array('ichiro/2', ''),
+	'ichiro [Crawler]'			=> array('ichiro/', ''),
 	'Majestic-12 [Bot]'			=> array('MJ12bot/', ''),
 	'Metager [Bot]'				=> array('MetagerBot/', ''),
 	'MSN NewsBlogs'				=> array('msnbot-NewsBlogs/', ''),
@@ -54,6 +58,7 @@ $bots = array(
 	'Online link [Validator]'	=> array('online link validator', ''),
 	'psbot [Picsearch]'			=> array('psbot/0', ''),
 	'Seekport [Bot]'			=> array('Seekbot/', ''),
+	'Semrush [Bot]'				=> array('SemrushBot/', ''),
 	'Sensis [Crawler]'			=> array('Sensis Web Crawler', ''),
 	'SEO Crawler'				=> array('SEO search Crawler/', ''),
 	'Seoma [Crawler]'			=> array('Seoma [SEO Crawler]', ''),
@@ -63,7 +68,7 @@ $bots = array(
 	'Synoo [Bot]'				=> array('SynooBot/', ''),
 	'Telekom [Bot]'				=> array('crawleradmin.t-info@telekom.de', ''),
 	'TurnitinBot [Bot]'			=> array('TurnitinBot/', ''),
-	'Voyager [Bot]'				=> array('voyager/1.0', ''),
+	'Voyager [Bot]'				=> array('voyager/', ''),
 	'W3 [Sitesearch]'			=> array('W3 SiteSearch Crawler', ''),
 	'W3C [Linkcheck]'			=> array('W3C-checklink/', ''),
 	'W3C [Validator]'			=> array('W3C_*Validator', ''),
@@ -74,7 +79,7 @@ $bots = array(
 	'Yahoo [Bot]'				=> array('Yahoo! Slurp', ''),
 	'YahooSeeker [Bot]'			=> array('YahooSeeker/', ''),
 );
-	
+
 $bot_ids = array();
 user_get_id_name($bot_ids, array_keys($bots), USER_IGNORE);
 foreach($bot_ids as $bot)

phpBB/docs/CHANGELOG.html

@@ -50,6 +50,10 @@
 <ol>
 	<li><a href="#changelog">Changelog</a>
 	<ul>
+		<li><a href="#v335rc1">Changes since 3.3.5-RC1</a></li>
+		<li><a href="#v334">Changes since 3.3.4</a></li>
+		<li><a href="#v334rc1">Changes since 3.3.4-RC1</a></li>
+		<li><a href="#v333">Changes since 3.3.3</a></li>
 		<li><a href="#v332">Changes since 3.3.2</a></li>
 		<li><a href="#v331">Changes since 3.3.1</a></li>
 		<li><a href="#v331rc1">Changes since 3.3.1-RC1</a></li>
@@ -154,6 +158,129 @@
 		<div class="inner">
 
 		<div class="content">
+			<a name="v335rc1"></a><h3>Changes since 3.3.5-RC1</h3>
+			<h4>Bug</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16878">PHPBB3-16878</a>] - Error in password_hash() with ARGON2 + Sodium &amp; threadcount &gt; 1</li>
+			</ul>
+			<h4>Hardening</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/SECURITY-254">SECURITY-254</a>] - Disallow whitespace characters that might be invisible</li>
+			</ul>
+
+			<a name="v334"></a><h3>Changes since 3.3.4</h3>
+			<h4>Bug</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-12075">PHPBB3-12075</a>] - Language file Modules needs to be added to acp_extensions</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-13700">PHPBB3-13700</a>] - Column 'field_show_on_pm' not created before migration profilefield_interests</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16292">PHPBB3-16292</a>] - Database errors during conversion not propagated</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16570">PHPBB3-16570</a>] - Automatic updater no longer handles merge conflicts</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16657">PHPBB3-16657</a>] - Encoded characters inserted from live search for usernames</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16729">PHPBB3-16729</a>] - Unknown named parameter $log_data in phpbb/log/log.php</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16730">PHPBB3-16730</a>] - Build changelog throwing PHP warnings on no changes in version</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16749">PHPBB3-16749</a>] - SQL error on installation</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16757">PHPBB3-16757</a>] - RTL problem in random question text in ACP</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16765">PHPBB3-16765</a>] - contact_admin_acp_module migration lacks effectively_installed check</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16766">PHPBB3-16766</a>] - Updater only shows truncated error messages</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16767">PHPBB3-16767</a>] - Migrator shows wrong migration as missing if unfulfillable</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16770">PHPBB3-16770</a>] - Invalid position of static qualifier in 3.3.4 migration</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16772">PHPBB3-16772</a>] - Emoji not supported in email signature</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16773">PHPBB3-16773</a>] - PostgreSQL backups are missing constraint declarations</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16784">PHPBB3-16784</a>] - Ignore .vscode files in git</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16785">PHPBB3-16785</a>] - Latest release missing from previous versions in build.xml</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16787">PHPBB3-16787</a>] - Error message when &quot;fsockopen&quot; is deactivated</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16789">PHPBB3-16789</a>] - user_delete documentation incorrect</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16793">PHPBB3-16793</a>] - PHP Warning when checking topic/post attachment visibility in PHP 8</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16799">PHPBB3-16799</a>] - OAuth external account linking triggers fatal error on PHP 8</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16808">PHPBB3-16808</a>] - Container used before initialization causes error in PHP8</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16810">PHPBB3-16810</a>] - The no closing tag in Custom BBCodes is still shown onclick</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16812">PHPBB3-16812</a>] - login_body.html missing dt tag for autologin</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16823">PHPBB3-16823</a>] - Datetime class incorrectly handles edge yesterday/today/tomorrow cases</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16832">PHPBB3-16832</a>] - Wrong singular language shown in UCP attachments</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16865">PHPBB3-16865</a>] - Update IRC + discord links in composer and documentation and update docs</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16870">PHPBB3-16870</a>] - Setting float config value can fail with CLI db:migrate</li>
+			</ul>
+			<h4>Improvement</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-15729">PHPBB3-15729</a>] - Don't unnecessarily encode email headers in Base64</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-15925">PHPBB3-15925</a>] - Add core events for sync and mcp functions</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16138">PHPBB3-16138</a>] - Eliminate redundant f= and t= parameters from board urls</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16736">PHPBB3-16736</a>] - Enforce placement of visibility qualifiers after static</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16748">PHPBB3-16748</a>] - Update coding guidelines to place static after visibility qualifiers</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16752">PHPBB3-16752</a>] - Create event exporter to restructured text</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16754">PHPBB3-16754</a>] - Update doctum</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16771">PHPBB3-16771</a>] - Add core events to MCP</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16783">PHPBB3-16783</a>] - Remove structure only backup</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16788">PHPBB3-16788</a>] - Update s9e/text-formatter to latest</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16795">PHPBB3-16795</a>] - Add template events around signature in viewtopic</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16798">PHPBB3-16798</a>] - Scale down phpBB logo in readme</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16804">PHPBB3-16804</a>] - Extend bbcode help line tooltip</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16809">PHPBB3-16809</a>] - Reset UCP preferences at end of test</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16816">PHPBB3-16816</a>] - acp style html validation fixes</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16822">PHPBB3-16822</a>] - Replace patchwork/utf8 with symfony/polyfill</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16829">PHPBB3-16829</a>] - Add forumtitle and lastsubject text decoration hover</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16831">PHPBB3-16831</a>] - fix tabs missing delimiters and remove old commented classes</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16850">PHPBB3-16850</a>] - Update webfont.js to latest</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16851">PHPBB3-16851</a>] - Add Amazonbot, AhrefsBot and SemrushBot</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16858">PHPBB3-16858</a>] - Update to the latest version of jQuery 3.6.0</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16867">PHPBB3-16867</a>] - Update symfony and text-formatter to latest versions</li>
+			</ul>
+			<h4>New Feature</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16856">PHPBB3-16856</a>] - Add lang_js() function to twig as replacement for LA_</li>
+			</ul>
+			<h4>Task</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16769">PHPBB3-16769</a>] - Update composer to latest version</li>
+			</ul>
+
+			<a name="v334rc1"></a><h3>Changes since 3.3.4-RC1</h3>
+			<h4>Bug</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16735">PHPBB3-16735</a>] - Trying to access array offset on value of type bool</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16739">PHPBB3-16739</a>] - Wrong variable in report_pm.txt subject</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16740">PHPBB3-16740</a>] - Installation errors in php 8 when using postgresql</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16743">PHPBB3-16743</a>] - Properly check if TMP file exists - PHP 8</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16747">PHPBB3-16747</a>] - Typo in phpBB/language/en/email/post_in_queue.txt </li>
+			</ul>
+
+			<a name="v333"></a><h3>Changes since 3.3.3</h3>
+			<h4>Bug</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16655">PHPBB3-16655</a>] - Suppress &quot;you now also have to pass the CAPTCHA test&quot; message for invisible CAPTCHAs</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16685">PHPBB3-16685</a>] - SQL error in ACP if database name contains a dash</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16690">PHPBB3-16690</a>] - Changing default argument in htmlspecialchars* functions causes test fail</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16691">PHPBB3-16691</a>] - Illegal string offset 'username' on MCP PM report pages</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16696">PHPBB3-16696</a>] - Unsupported operand types in viewforum.php - PHP8</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16697">PHPBB3-16697</a>] - Unable to login after conversion from phpBB2</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16698">PHPBB3-16698</a>] - Check for default char set in includes/acp_main.php checks only for 'UTF-8'</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16705">PHPBB3-16705</a>] - File upload fails with PHP 8 - Error parsing server response</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16706">PHPBB3-16706</a>] - Undefined array key when user is banned</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16707">PHPBB3-16707</a>] - Disable unstable PHP 8.1 builds on Github Actions</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16719">PHPBB3-16719</a>] - PHP notice/warning on installation</li>
+			</ul>
+			<h4>Improvement</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-15392">PHPBB3-15392</a>] - Change dirname(__FILE__) to __DIR__ everywhere</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16589">PHPBB3-16589</a>] - Change wording of e-mail templates to decrease word count</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16620">PHPBB3-16620</a>] - Output short array syntax in dev:migration-tips</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16660">PHPBB3-16660</a>] - Remove or Rename &quot;Reset&quot; Button in &quot;Reset Password&quot; Dialogue </li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16681">PHPBB3-16681</a>] - Replace action icons with font icons</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16684">PHPBB3-16684</a>] - GitHub Actions should run on newly created tag and release branches</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16686">PHPBB3-16686</a>] - Simplify get_database_size() SQL query for PostgreSQL</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16689">PHPBB3-16689</a>] - Bitly oauth SQL error if identifier is null</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16709">PHPBB3-16709</a>] - Update s9e/text-formatter to latest release</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16710">PHPBB3-16710</a>] - Allow WEBP images in attachments</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16712">PHPBB3-16712</a>] - Implement thumbnails for WEBP images in attachments</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16724">PHPBB3-16724</a>] - Add some template events</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16725">PHPBB3-16725</a>] - Add MCP core event</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16728">PHPBB3-16728</a>] - Add search result template event</li>
+			</ul>
+			<h4>Task</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16726">PHPBB3-16726</a>] - Update composer packages to latest versions</li>
+			</ul>
+
 			<a name="v332"></a><h3>Changes since 3.3.2</h3>
 			<h4>Bug</h4>
 			<ul>

phpBB/docs/README.html

@@ -204,7 +204,7 @@
 
 	<a name="irc"></a><h3>3.iv Internet Relay Chat</h3>
 
-	<p>Another place you may find help is our IRC channel. This operates on the Freenode IRC network, <a href="irc://irc.freenode.net">irc.freenode.net</a> and the channel is <em>#phpbb</em> and can be accessed by any decent IRC client such as mIRC, XChat, etc. Again, please do not abuse this service and be respectful of other users.</p>
+	<p>Another place you may find help is our IRC channel. This operates on the Libera IRC network, <a href="irc://irc.libera.chat">irc.libera.chat</a> and the channel is <em>#phpbb</em> and can be accessed by any decent IRC client such as mIRC, XChat, etc. Again, please do not abuse this service and be respectful of other users.</p>
 
 	<p>There are other IRC channels available, please see <a href="https://www.phpbb.com/support/irc/">https://www.phpbb.com/support/irc/</a> for the complete list.</p>
 

phpBB/docs/coding-guidelines.html

@@ -718,18 +718,18 @@ switch ($mode)
 	<h4>Class Members</h4>
 	<p>Use the explicit visibility qualifiers <code>public</code>, <code>private</code> and <code>protected</code> for all properties instead of <code>var</code>.
 
-	<p>Place the <code>static</code> qualifier before the visibility qualifiers.</p>
+	<p>Place the <code>static</code> qualifier after the visibility qualifiers.</p>
 
 	<p class="bad">//Wrong </p>
 	<div class="codebox"><pre>
 var $x;
-private static function f()</pre>
+static private function f()</pre>
 	</div>
 
 	<p class="good">// Right </p>
 	<div class="codebox"><pre>
 public $x;
-static private function f()</pre>
+private static function f()</pre>
 	</div>
 
 	<h4>Constants</h4>

phpBB/docs/events.md

@@ -986,6 +986,34 @@ mcp_forum_actions_before
 * Since: 3.1.11-RC1
 * Purpose: Add some information before actions fieldset
 
+mcp_forum_last_post_author_username_append
+===
+* Locations:
+    + styles/prosilver/template/mcp_forum.html (2)
+* Since: 3.3.4-RC1
+* Purpose: Append information to last post author username of member
+
+mcp_forum_last_post_author_username_prepend
+===
+* Locations:
+    + styles/prosilver/template/mcp_forum.html (2)
+* Since: 3.3.4-RC1
+* Purpose: Prepend information to last post author username of member
+
+mcp_forum_topic_author_username_append
+===
+* Locations:
+    + styles/prosilver/template/mcp_forum.html
+* Since: 3.3.4-RC1
+* Purpose: Append information to topic author username of member
+
+mcp_forum_topic_author_username_prepend
+===
+* Locations:
+    + styles/prosilver/template/mcp_forum.html
+* Since: 3.3.4-RC1
+* Purpose: Prepend information to topic author username of member
+
 mcp_forum_topic_title_after
 ===
 * Locations:
@@ -2237,6 +2265,13 @@ search_results_header_before
 * Since: 3.1.4-RC1
 * Purpose: Add content before the header of the search results.
 
+search_results_jumpbox_before
+===
+* Locations:
+    + styles/prosilver/template/search_results.html
+* Since: 3.3.4-RC1
+* Purpose: Add content before the jumpbox of the search results.
+
 search_results_last_post_author_username_append
 ===
 * Locations:
@@ -2279,6 +2314,13 @@ search_results_post_before
 * Since: 3.1.0-b3
 * Purpose: Add data before search result posts
 
+search_results_post_subject_before
+===
+* Locations:
+    + styles/prosilver/template/search_results.html
+* Since: 3.3.4-RC1
+* Purpose: Add data before search result posts subject
+
 search_results_postprofile_after
 ===
 * Locations:
@@ -2328,6 +2370,20 @@ search_results_topic_before
 * Since: 3.1.0-b4
 * Purpose: Add data before search result topics
 
+search_results_topic_header_lastpost_after
+===
+* Locations:
+    + styles/prosilver/template/search_results.html
+* Since: 3.3.4-RC1
+* Purpose: Add header column(s) after `lastpost` column in search result topics
+
+search_results_topic_row_lastpost_after
+===
+* Locations:
+    + styles/prosilver/template/search_results.html
+* Since: 3.3.4-RC1
+* Purpose: Add data column(s) after `lastpost` column in search result topics
+
 search_results_topic_title_after
 ===
 * Locations:
@@ -3303,6 +3359,20 @@ viewtopic_body_postrow_rank_before
 * Purpose: Add data before the rank on the user profile when viewing
 a post
 
+viewtopic_body_postrow_signature_after
+===
+* Locations:
+    + styles/prosilver/template/viewtopic_body.html
+* Since: 3.3.5-RC1
+* Purpose: Add content after the signature
+
+viewtopic_body_postrow_signature_before
+===
+* Locations:
+    + styles/prosilver/template/viewtopic_body.html
+* Since: 3.3.5-RC1
+* Purpose: Add content before the signature
+
 viewtopic_body_topic_actions_before
 ===
 * Locations:

phpBB/download/file.php

@@ -220,7 +220,7 @@ else
 		{
 			phpbb_download_handle_forum_auth($db, $auth, $attachment['topic_id']);
 
-			$sql = 'SELECT forum_id, post_visibility
+			$sql = 'SELECT forum_id, poster_id, post_visibility
 				FROM ' . POSTS_TABLE . '
 				WHERE post_id = ' . (int) $attachment['post_msg_id'];
 			$result = $db->sql_query($sql);

phpBB/includes/acp/acp_attachments.php

@@ -759,7 +759,7 @@ class acp_attachments
 									continue;
 								}
 
-								$filename_list .= '<option value="' . htmlspecialchars($img) . '"' . $selected . '>' . htmlspecialchars($img) . '</option>';
+								$filename_list .= '<option value="' . htmlspecialchars($img, ENT_COMPAT) . '"' . $selected . '>' . htmlspecialchars($img, ENT_COMPAT) . '</option>';
 							}
 						}
 
@@ -1278,7 +1278,7 @@ class acp_attachments
 
 						'S_IN_MESSAGE'		=> (bool) $row['in_message'],
 
-						'U_VIEW_TOPIC'		=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", "t={$row['topic_id']}&amp;p={$row['post_msg_id']}") . "#p{$row['post_msg_id']}",
+						'U_VIEW_TOPIC'		=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", "p={$row['post_msg_id']}") . "#p{$row['post_msg_id']}",
 						'U_FILE'			=> append_sid($phpbb_root_path . 'download/file.' . $phpEx, 'mode=view&amp;id=' . $row['attach_id']))
 					);
 				}

phpBB/includes/acp/acp_bbcodes.php

@@ -62,7 +62,7 @@ class acp_bbcodes
 				}
 
 				$bbcode_match = $row['bbcode_match'];
-				$bbcode_tpl = htmlspecialchars($row['bbcode_tpl']);
+				$bbcode_tpl = htmlspecialchars($row['bbcode_tpl'], ENT_COMPAT);
 				$display_on_posting = $row['display_on_posting'];
 				$bbcode_helpline = $row['bbcode_helpline'];
 			break;
@@ -86,7 +86,7 @@ class acp_bbcodes
 				$display_on_posting = $request->variable('display_on_posting', 0);
 
 				$bbcode_match = $request->variable('bbcode_match', '');
-				$bbcode_tpl = htmlspecialchars_decode($request->variable('bbcode_tpl', '', true));
+				$bbcode_tpl = htmlspecialchars_decode($request->variable('bbcode_tpl', '', true), ENT_COMPAT);
 				$bbcode_helpline = $request->variable('bbcode_helpline', '', true);
 			break;
 		}
@@ -235,7 +235,7 @@ class acp_bbcodes
 						trigger_error($user->lang['BBCODE_TAG_DEF_TOO_LONG'] . adm_back_link($this->u_action), E_USER_WARNING);
 					}
 
-					if (strlen($bbcode_helpline) > 255)
+					if (strlen($bbcode_helpline) > 3000)
 					{
 						trigger_error($user->lang['BBCODE_HELPLINE_TOO_LONG'] . adm_back_link($this->u_action), E_USER_WARNING);
 					}
@@ -334,7 +334,7 @@ class acp_bbcodes
 						'action'				=> $action,
 						'bbcode'				=> $bbcode_id,
 						'bbcode_match'			=> $bbcode_match,
-						'bbcode_tpl'			=> htmlspecialchars($bbcode_tpl),
+						'bbcode_tpl'			=> htmlspecialchars($bbcode_tpl, ENT_COMPAT),
 						'bbcode_helpline'		=> $bbcode_helpline,
 						'display_on_posting'	=> $display_on_posting,
 						)))

phpBB/includes/acp/acp_board.php

@@ -589,6 +589,7 @@ class acp_board
 					'site_home_text',
 					'board_index_text',
 					'board_disable_msg',
+					'board_email_sig',
 				];
 
 				/**
@@ -719,8 +720,8 @@ class acp_board
 				$messenger->set_addresses($user->data);
 				$messenger->anti_abuse_headers($config, $user);
 				$messenger->assign_vars(array(
-					'USERNAME'	=> htmlspecialchars_decode($user->data['username']),
-					'MESSAGE'	=> htmlspecialchars_decode($request->variable('send_test_email_text', '', true)),
+					'USERNAME'	=> htmlspecialchars_decode($user->data['username'], ENT_COMPAT),
+					'MESSAGE'	=> htmlspecialchars_decode($request->variable('send_test_email_text', '', true), ENT_COMPAT),
 				));
 				$messenger->send(NOTIFY_EMAIL);
 

phpBB/includes/acp/acp_database.php

@@ -69,20 +69,6 @@ class acp_database
 							trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
 						}
 
-						$store = true;
-						$structure = false;
-						$schema_data = false;
-
-						if ($type == 'full' || $type == 'structure')
-						{
-							$structure = true;
-						}
-
-						if ($type == 'full' || $type == 'data')
-						{
-							$schema_data = true;
-						}
-
 						@set_time_limit(1200);
 						@set_time_limit(0);
 
@@ -92,14 +78,14 @@ class acp_database
 
 						/** @var phpbb\db\extractor\extractor_interface $extractor Database extractor */
 						$extractor = $phpbb_container->get('dbal.extractor');
-						$extractor->init_extractor($format, $filename, $time, false, $store);
+						$extractor->init_extractor($format, $filename, $time, false, true);
 
 						$extractor->write_start($table_prefix);
 
 						foreach ($table as $table_name)
 						{
 							// Get the table structure
-							if ($structure)
+							if ($type == 'full')
 							{
 								$extractor->write_table($table_name);
 							}
@@ -123,15 +109,11 @@ class acp_database
 
 									default:
 										$extractor->flush('TRUNCATE TABLE ' . $table_name . ";\n");
-									break;
 								}
 							}
 
-							// Data
-							if ($schema_data)
-							{
-								$extractor->write_data($table_name);
-							}
+							// Only supported types are full and data, therefore always write the data
+							$extractor->write_data($table_name);
 						}
 
 						$extractor->write_end();

phpBB/includes/acp/acp_email.php

@@ -205,7 +205,7 @@ class acp_email
 				$email_template = 'admin_send_email';
 				$template_data = array(
 					'CONTACT_EMAIL' => phpbb_get_board_contact($config, $phpEx),
-					'MESSAGE'		=> htmlspecialchars_decode($message),
+					'MESSAGE'		=> htmlspecialchars_decode($message, ENT_COMPAT),
 				);
 				$generate_log_entry = true;
 
@@ -252,7 +252,7 @@ class acp_email
 
 					$messenger->anti_abuse_headers($config, $user);
 
-					$messenger->subject(htmlspecialchars_decode($subject));
+					$messenger->subject(htmlspecialchars_decode($subject, ENT_COMPAT));
 					$messenger->set_mail_priority($priority);
 
 					$messenger->assign_vars($template_data);

phpBB/includes/acp/acp_extensions.php

@@ -53,7 +53,7 @@ class acp_extensions
 		$this->phpbb_container = $phpbb_container;
 		$this->php_ini = $this->phpbb_container->get('php_ini');
 
-		$this->user->add_lang(array('install', 'acp/extensions', 'migrator'));
+		$this->user->add_lang(array('install', 'acp/extensions', 'acp/modules', 'migrator'));
 
 		$this->page_title = 'ACP_EXTENSIONS';
 

phpBB/includes/acp/acp_help_phpbb.php

@@ -90,7 +90,7 @@ class acp_help_phpbb
 
 			if (!empty($response))
 			{
-				$decoded_response = json_decode(htmlspecialchars_decode($response), true);
+				$decoded_response = json_decode(htmlspecialchars_decode($response, ENT_COMPAT), true);
 
 				if ($decoded_response && isset($decoded_response['status']) && $decoded_response['status'] == 'ok')
 				{
@@ -126,7 +126,7 @@ class acp_help_phpbb
 			}
 
 			$template->assign_block_vars('providers', array(
-				'NAME'	=> htmlspecialchars($provider),
+				'NAME'	=> htmlspecialchars($provider, ENT_COMPAT),
 			));
 
 			foreach ($data as $key => $value)

phpBB/includes/acp/acp_icons.php

@@ -693,7 +693,7 @@ class acp_icons
 
 					foreach ($_paks as $pak)
 					{
-						$pak_options .= '<option value="' . $pak . '">' . htmlspecialchars($pak) . '</option>';
+						$pak_options .= '<option value="' . $pak . '">' . htmlspecialchars($pak, ENT_COMPAT) . '</option>';
 					}
 
 					$template->assign_vars(array(

phpBB/includes/acp/acp_inactive.php

@@ -130,7 +130,7 @@ class acp_inactive
 								$messenger->anti_abuse_headers($config, $user);
 
 								$messenger->assign_vars(array(
-									'USERNAME'	=> htmlspecialchars_decode($row['username']))
+									'USERNAME'	=> htmlspecialchars_decode($row['username'], ENT_COMPAT))
 								);
 
 								$messenger->send(NOTIFY_EMAIL);
@@ -224,7 +224,7 @@ class acp_inactive
 							$messenger->anti_abuse_headers($config, $user);
 
 							$messenger->assign_vars(array(
-								'USERNAME'		=> htmlspecialchars_decode($row['username']),
+								'USERNAME'		=> htmlspecialchars_decode($row['username'], ENT_COMPAT),
 								'REGISTER_DATE'	=> $user->format_date($row['user_regdate'], false, true),
 								'U_ACTIVATE'	=> generate_board_url() . "/ucp.$phpEx?mode=activate&u=" . $row['user_id'] . '&k=' . $row['user_actkey'])
 							);

phpBB/includes/acp/acp_language.php

@@ -274,7 +274,7 @@ class acp_language
 
 				$lang_pack = array(
 					'iso'		=> $lang_iso,
-					'name'		=> trim(htmlspecialchars($file[0])),
+					'name'		=> trim(htmlspecialchars($file[0], ENT_COMPAT)),
 					'local_name'=> trim(htmlspecialchars($file[1], ENT_COMPAT, 'UTF-8')),
 					'author'	=> trim(htmlspecialchars($file[2], ENT_COMPAT, 'UTF-8'))
 				);
@@ -420,7 +420,7 @@ class acp_language
 			foreach ($new_ary as $iso => $lang_ary)
 			{
 				$template->assign_block_vars('notinst', array(
-					'ISO'			=> htmlspecialchars($lang_ary['iso']),
+					'ISO'			=> htmlspecialchars($lang_ary['iso'], ENT_COMPAT),
 					'LOCAL_NAME'	=> htmlspecialchars($lang_ary['local_name'], ENT_COMPAT, 'UTF-8'),
 					'NAME'			=> htmlspecialchars($lang_ary['name'], ENT_COMPAT, 'UTF-8'),
 					'U_INSTALL'		=> $this->u_action . '&action=install&iso=' . urlencode($lang_ary['iso']) . '&hash=' . generate_link_hash('acp_language'))

phpBB/includes/acp/acp_logs.php

@@ -108,7 +108,7 @@ class acp_logs
 		$sql_sort = $sort_by_sql[$sort_key] . ' ' . (($sort_dir == 'd') ? 'DESC' : 'ASC');
 
 		$keywords = $request->variable('keywords', '', true);
-		$keywords_param = !empty($keywords) ? '&keywords=' . urlencode(htmlspecialchars_decode($keywords)) : '';
+		$keywords_param = !empty($keywords) ? '&keywords=' . urlencode(htmlspecialchars_decode($keywords, ENT_COMPAT)) : '';
 
 		$l_title = $user->lang['ACP_' . strtoupper($mode) . '_LOGS'];
 		$l_title_explain = $user->lang['ACP_' . strtoupper($mode) . '_LOGS_EXPLAIN'];

phpBB/includes/acp/acp_main.php

@@ -704,7 +704,7 @@ class acp_main
 				'S_MBSTRING_ENCODING_TRANSLATION_FAIL'	=> $encoding_translation && ($encoding_translation != 0),
 				'S_MBSTRING_HTTP_INPUT_FAIL'			=> !empty($http_input),
 				'S_MBSTRING_HTTP_OUTPUT_FAIL'			=> !empty($http_output),
-				'S_DEFAULT_CHARSET_FAIL'				=> $default_charset !== 'UTF-8',
+				'S_DEFAULT_CHARSET_FAIL'				=> $default_charset !== null && strtolower($default_charset) !== 'utf-8',
 			]);
 		}
 

phpBB/includes/acp/acp_ranks.php

@@ -70,7 +70,7 @@ class acp_ranks
 					'rank_title'		=> $rank_title,
 					'rank_special'		=> $special_rank,
 					'rank_min'			=> $min_posts,
-					'rank_image'		=> htmlspecialchars_decode($rank_image)
+					'rank_image'		=> htmlspecialchars_decode($rank_image, ENT_COMPAT)
 				);
 
 				/**
@@ -206,7 +206,7 @@ class acp_ranks
 							continue;
 						}
 
-						$filename_list .= '<option value="' . htmlspecialchars($img) . '"' . $selected . '>' . $img . ((in_array($img, $existing_imgs)) ? ' ' . $user->lang['RANK_IMAGE_IN_USE'] : '') . '</option>';
+						$filename_list .= '<option value="' . htmlspecialchars($img, ENT_COMPAT) . '"' . $selected . '>' . $img . ((in_array($img, $existing_imgs)) ? ' ' . $user->lang['RANK_IMAGE_IN_USE'] : '') . '</option>';
 					}
 				}
 
@@ -221,7 +221,7 @@ class acp_ranks
 
 					'RANK_TITLE'		=> (isset($ranks['rank_title'])) ? $ranks['rank_title'] : '',
 					'S_FILENAME_LIST'	=> $filename_list,
-					'RANK_IMAGE'		=> ($edit_img) ? $phpbb_root_path . $config['ranks_path'] . '/' . $edit_img : htmlspecialchars($phpbb_admin_path) . 'images/spacer.gif',
+					'RANK_IMAGE'		=> ($edit_img) ? $phpbb_root_path . $config['ranks_path'] . '/' . $edit_img : htmlspecialchars($phpbb_admin_path, ENT_COMPAT) . 'images/spacer.gif',
 					'S_SPECIAL_RANK'	=> (isset($ranks['rank_special']) && $ranks['rank_special']) ? true : false,
 					'MIN_POSTS'			=> (isset($ranks['rank_min']) && !$ranks['rank_special']) ? $ranks['rank_min'] : 0,
 				);

phpBB/includes/acp/acp_styles.php

@@ -205,7 +205,7 @@ class acp_styles
 		{
 			if (in_array($dir, $this->reserved_style_names))
 			{
-				$messages[] = $this->user->lang('STYLE_NAME_RESERVED', htmlspecialchars($dir));
+				$messages[] = $this->user->lang('STYLE_NAME_RESERVED', htmlspecialchars($dir, ENT_COMPAT));
 				continue;
 			}
 
@@ -225,12 +225,12 @@ class acp_styles
 					$found = true;
 					$installed_names[] = $style['style_name'];
 					$installed_dirs[] = $style['style_path'];
-					$messages[] = sprintf($this->user->lang['STYLE_INSTALLED'], htmlspecialchars($style['style_name']));
+					$messages[] = sprintf($this->user->lang['STYLE_INSTALLED'], htmlspecialchars($style['style_name'], ENT_COMPAT));
 				}
 			}
 			if (!$found)
 			{
-				$messages[] = sprintf($this->user->lang['STYLE_NOT_INSTALLED'], htmlspecialchars($dir));
+				$messages[] = sprintf($this->user->lang['STYLE_NOT_INSTALLED'], htmlspecialchars($dir, ENT_COMPAT));
 			}
 		}
 
@@ -598,7 +598,7 @@ class acp_styles
 		{
 			$this->template->assign_block_vars('parent_styles', array(
 				'STYLE_ID'		=> $row['style_id'],
-				'STYLE_NAME'	=> htmlspecialchars($row['style_name']),
+				'STYLE_NAME'	=> htmlspecialchars($row['style_name'], ENT_COMPAT),
 				'LEVEL'			=> $row['level'],
 				'SPACER'		=> str_repeat('  ', $row['level']),
 				)
@@ -609,9 +609,9 @@ class acp_styles
 		$this->template->assign_vars(array(
 			'S_STYLE_DETAILS'	=> true,
 			'STYLE_ID'			=> $style['style_id'],
-			'STYLE_NAME'		=> htmlspecialchars($style['style_name']),
-			'STYLE_PATH'		=> htmlspecialchars($style['style_path']),
-			'STYLE_VERSION'		=> htmlspecialchars($style_cfg['style_version']),
+			'STYLE_NAME'		=> htmlspecialchars($style['style_name'], ENT_COMPAT),
+			'STYLE_PATH'		=> htmlspecialchars($style['style_path'], ENT_COMPAT),
+			'STYLE_VERSION'		=> htmlspecialchars($style_cfg['style_version'], ENT_COMPAT),
 			'STYLE_COPYRIGHT'	=> strip_tags($style['style_copyright']),
 			'STYLE_PARENT'		=> $style['style_parent_id'],
 			'S_STYLE_ACTIVE'	=> $style['style_active'],
@@ -657,7 +657,7 @@ class acp_styles
 		{
 			if (empty($style['_shown']))
 			{
-				$style['_note'] = sprintf($this->user->lang['REQUIRES_STYLE'], htmlspecialchars($style['style_parent_tree']));
+				$style['_note'] = sprintf($this->user->lang['REQUIRES_STYLE'], htmlspecialchars($style['style_parent_tree'], ENT_COMPAT));
 				$this->list_style($style, 0);
 			}
 		}
@@ -826,7 +826,7 @@ class acp_styles
 				{
 					// Parent style is not installed yet
 					$style['_available'] = false;
-					$style['_note'] = sprintf($this->user->lang['REQUIRES_STYLE'], htmlspecialchars($parent));
+					$style['_note'] = sprintf($this->user->lang['REQUIRES_STYLE'], htmlspecialchars($parent, ENT_COMPAT));
 				}
 			}
 
@@ -966,10 +966,10 @@ class acp_styles
 		$row = array(
 			// Style data
 			'STYLE_ID'				=> $style['style_id'],
-			'STYLE_NAME'			=> htmlspecialchars($style['style_name']),
+			'STYLE_NAME'			=> htmlspecialchars($style['style_name'], ENT_COMPAT),
 			'STYLE_VERSION'			=> $style_cfg['style_version'] ?? '-',
 			'STYLE_PHPBB_VERSION'	=> $style_cfg['phpbb_version'],
-			'STYLE_PATH'			=> htmlspecialchars($style['style_path']),
+			'STYLE_PATH'			=> htmlspecialchars($style['style_path'], ENT_COMPAT),
 			'STYLE_COPYRIGHT'		=> strip_tags($style['style_copyright']),
 			'STYLE_ACTIVE'			=> $style['style_active'],
 
@@ -979,7 +979,7 @@ class acp_styles
 			'LEVEL'				=> $level,
 			'PADDING'			=> (4 + 16 * $level),
 			'SHOW_COPYRIGHT'	=> ($style['style_id']) ? false : true,
-			'STYLE_PATH_FULL'	=> htmlspecialchars($this->styles_path_absolute . '/' . $style['style_path']) . '/',
+			'STYLE_PATH_FULL'	=> htmlspecialchars($this->styles_path_absolute . '/' . $style['style_path'], ENT_COMPAT) . '/',
 
 			// Comment to show below style
 			'COMMENT'		=> (isset($style['_note'])) ? $style['_note'] : '',

phpBB/includes/acp/acp_users.php

@@ -402,8 +402,8 @@ class acp_users
 								$messenger->anti_abuse_headers($config, $user);
 
 								$messenger->assign_vars(array(
-									'WELCOME_MSG'	=> htmlspecialchars_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename'])),
-									'USERNAME'		=> htmlspecialchars_decode($user_row['username']),
+									'WELCOME_MSG'	=> htmlspecialchars_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename']), ENT_COMPAT),
+									'USERNAME'		=> htmlspecialchars_decode($user_row['username'], ENT_COMPAT),
 									'U_ACTIVATE'	=> "$server_url/ucp.$phpEx?mode=activate&u={$user_row['user_id']}&k=$user_actkey")
 								);
 
@@ -466,7 +466,7 @@ class acp_users
 									$messenger->anti_abuse_headers($config, $user);
 
 									$messenger->assign_vars(array(
-										'USERNAME'	=> htmlspecialchars_decode($user_row['username']))
+										'USERNAME'	=> htmlspecialchars_decode($user_row['username'], ENT_COMPAT))
 									);
 
 									$messenger->send(NOTIFY_EMAIL);
@@ -2277,7 +2277,7 @@ class acp_users
 					}
 					else
 					{
-						$view_topic = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "t={$row['topic_id']}&p={$row['post_msg_id']}") . '#p' . $row['post_msg_id'];
+						$view_topic = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "p={$row['post_msg_id']}") . '#p' . $row['post_msg_id'];
 					}
 
 					$template->assign_block_vars('attach', array(

phpBB/includes/acp/auth.php

@@ -488,7 +488,7 @@ class auth_admin extends \phpbb\auth\auth
 
 					if ($s_role_options)
 					{
-						$s_role_options = '<option value="0"' . ((!$current_role_id) ? ' selected="selected"' : '') . ' title="' . htmlspecialchars($user->lang['NO_ROLE_ASSIGNED_EXPLAIN']) . '">' . $user->lang['NO_ROLE_ASSIGNED'] . '</option>' . $s_role_options;
+						$s_role_options = '<option value="0"' . ((!$current_role_id) ? ' selected="selected"' : '') . ' title="' . htmlspecialchars($user->lang['NO_ROLE_ASSIGNED_EXPLAIN'], ENT_COMPAT) . '">' . $user->lang['NO_ROLE_ASSIGNED'] . '</option>' . $s_role_options;
 					}
 
 					if (!$current_role_id && $mode != 'view')
@@ -585,7 +585,7 @@ class auth_admin extends \phpbb\auth\auth
 
 					if ($s_role_options)
 					{
-						$s_role_options = '<option value="0"' . ((!$current_role_id) ? ' selected="selected"' : '') . ' title="' . htmlspecialchars($user->lang['NO_ROLE_ASSIGNED_EXPLAIN']) . '">' . $user->lang['NO_ROLE_ASSIGNED'] . '</option>' . $s_role_options;
+						$s_role_options = '<option value="0"' . ((!$current_role_id) ? ' selected="selected"' : '') . ' title="' . htmlspecialchars($user->lang['NO_ROLE_ASSIGNED_EXPLAIN'], ENT_COMPAT) . '">' . $user->lang['NO_ROLE_ASSIGNED'] . '</option>' . $s_role_options;
 					}
 
 					if (!$current_role_id && $mode != 'view')

phpBB/includes/constants.php

@@ -28,7 +28,7 @@ if (!defined('IN_PHPBB'))
 */
 
 // phpBB Version
-@define('PHPBB_VERSION', '3.3.3');
+@define('PHPBB_VERSION', '3.3.5');
 
 // QA-related
 // define('PHPBB_QA', 1);
@@ -247,7 +247,10 @@ define('BANLIST_TABLE',				$table_prefix . 'banlist');
 define('BBCODES_TABLE',				$table_prefix . 'bbcodes');
 define('BOOKMARKS_TABLE',			$table_prefix . 'bookmarks');
 define('BOTS_TABLE',				$table_prefix . 'bots');
-@define('CONFIG_TABLE',				$table_prefix . 'config');
+if (!defined('CONFIG_TABLE'))
+{
+	define('CONFIG_TABLE',			$table_prefix . 'config');
+}
 define('CONFIG_TEXT_TABLE',			$table_prefix . 'config_text');
 define('CONFIRM_TABLE',				$table_prefix . 'confirm');
 define('DISALLOW_TABLE',			$table_prefix . 'disallow');

phpBB/includes/diff/renderer.php

@@ -322,17 +322,17 @@ class diff_renderer_unified extends diff_renderer
 
 	function _context($lines)
 	{
-		return '<pre class="diff context">' . htmlspecialchars($this->_lines($lines, ' ')) . '<br /></pre>';
+		return '<pre class="diff context">' . htmlspecialchars($this->_lines($lines, ' '), ENT_COMPAT) . '<br /></pre>';
 	}
 
 	function _added($lines)
 	{
-		return '<pre class="diff added">' . htmlspecialchars($this->_lines($lines, '+')) . '<br /></pre>';
+		return '<pre class="diff added">' . htmlspecialchars($this->_lines($lines, '+'), ENT_COMPAT) . '<br /></pre>';
 	}
 
 	function _deleted($lines)
 	{
-		return '<pre class="diff removed">' . htmlspecialchars($this->_lines($lines, '-')) . '<br /></pre>';
+		return '<pre class="diff removed">' . htmlspecialchars($this->_lines($lines, '-'), ENT_COMPAT) . '<br /></pre>';
 	}
 
 	function _changed($orig, $final)
@@ -519,7 +519,7 @@ class diff_renderer_inline extends diff_renderer
 
 	function _encode(&$string)
 	{
-		$string = htmlspecialchars($string);
+		$string = htmlspecialchars($string, ENT_COMPAT);
 	}
 }
 
@@ -539,7 +539,7 @@ class diff_renderer_raw extends diff_renderer
 	*/
 	function get_diff_content($diff)
 	{
-		return '<textarea style="height: 290px;" rows="15" cols="76" class="full">' . htmlspecialchars($this->render($diff)) . '</textarea>';
+		return '<textarea style="height: 290px;" rows="15" cols="76" class="full">' . htmlspecialchars($this->render($diff), ENT_COMPAT) . '</textarea>';
 	}
 
 	function _block_header($xbeg, $xlen, $ybeg, $ylen)
@@ -649,7 +649,7 @@ class diff_renderer_side_by_side extends diff_renderer
 
 							foreach ($change['lines'] as $_line)
 							{
-								$line .= htmlspecialchars($_line) . '<br />';
+								$line .= htmlspecialchars($_line, ENT_COMPAT) . '<br />';
 							}
 
 							$output .= '<tr><td class="added_empty">&nbsp;</td><td class="added"><pre>' . ((strlen($line)) ? $line : '&nbsp;') . '<br /></pre></td></tr>';
@@ -660,14 +660,14 @@ class diff_renderer_side_by_side extends diff_renderer
 
 							foreach ($change['lines'] as $_line)
 							{
-								$line .= htmlspecialchars($_line) . '<br />';
+								$line .= htmlspecialchars($_line, ENT_COMPAT) . '<br />';
 							}
 
 							$output .= '<tr><td class="removed"><pre>' . ((strlen($line)) ? $line : '&nbsp;') . '<br /></pre></td><td class="removed_empty">&nbsp;</td></tr>';
 						break;
 
 						case 'empty':
-							$current_context .= htmlspecialchars($change['line']) . '<br />';
+							$current_context .= htmlspecialchars($change['line'], ENT_COMPAT) . '<br />';
 						break;
 
 						case 'change':
@@ -678,9 +678,9 @@ class diff_renderer_side_by_side extends diff_renderer
 
 							for ($row = 0, $row_max = max($oldsize, $newsize); $row < $row_max; ++$row)
 							{
-								$left .= isset($change['old'][$row]) ? htmlspecialchars($change['old'][$row]) : '';
+								$left .= isset($change['old'][$row]) ? htmlspecialchars($change['old'][$row], ENT_COMPAT) : '';
 								$left .= '<br />';
-								$right .= isset($change['new'][$row]) ? htmlspecialchars($change['new'][$row]) : '';
+								$right .= isset($change['new'][$row]) ? htmlspecialchars($change['new'][$row], ENT_COMPAT) : '';
 								$right .= '<br />';
 							}
 

phpBB/includes/functions.php

@@ -1075,7 +1075,7 @@ function get_complete_topic_tracking($forum_id, $topic_ids, $global_announce_lis
 * @param string $sql_limit		Limits the size of unread topics list, 0 for unlimited query
 * @param string $sql_limit_offset  Sets the offset of the first row to search, 0 to search from the start
 *
-* @return array[int][int]		Topic ids as keys, mark_time of topic as value
+* @return int[]		Topic ids as keys, mark_time of topic as value
 */
 function get_unread_topics($user_id = false, $sql_extra = '', $sql_sort = '', $sql_limit = 1001, $sql_limit_offset = 0)
 {
@@ -1464,10 +1464,9 @@ function tracking_unserialize($string, $max_depth = 3)
 * @return string The corrected url.
 *
 * Examples:
-* <code>
-* append_sid("{$phpbb_root_path}viewtopic.$phpEx?t=1&amp;f=2");
-* append_sid("{$phpbb_root_path}viewtopic.$phpEx", 't=1&amp;f=2');
-* append_sid("{$phpbb_root_path}viewtopic.$phpEx", 't=1&f=2', false);
+* <code> append_sid("{$phpbb_root_path}viewtopic.$phpEx?t=1");
+* append_sid("{$phpbb_root_path}viewtopic.$phpEx", 't=1');
+* append_sid("{$phpbb_root_path}viewtopic.$phpEx", 't=1', false);
 * append_sid("{$phpbb_root_path}viewtopic.$phpEx", array('t' => 1, 'f' => 2));
 * </code>
 *
@@ -2703,7 +2702,7 @@ function parse_cfg_file($filename, $lines = false)
 		}
 
 		// Determine first occurrence, since in values the equal sign is allowed
-		$key = htmlspecialchars(strtolower(trim(substr($line, 0, $delim_pos))));
+		$key = htmlspecialchars(strtolower(trim(substr($line, 0, $delim_pos))), ENT_COMPAT);
 		$value = trim(substr($line, $delim_pos + 1));
 
 		if (in_array($value, array('off', 'false', '0')))
@@ -2720,11 +2719,11 @@ function parse_cfg_file($filename, $lines = false)
 		}
 		else if (($value[0] == "'" && $value[strlen($value) - 1] == "'") || ($value[0] == '"' && $value[strlen($value) - 1] == '"'))
 		{
-			$value = htmlspecialchars(substr($value, 1, strlen($value)-2));
+			$value = htmlspecialchars(substr($value, 1, strlen($value)-2), ENT_COMPAT);
 		}
 		else
 		{
-			$value = htmlspecialchars($value);
+			$value = htmlspecialchars($value, ENT_COMPAT);
 		}
 
 		$parsed_items[$key] = $value;
@@ -2757,7 +2756,7 @@ function get_backtrace()
 	foreach ($backtrace as $trace)
 	{
 		// Strip the current directory from path
-		$trace['file'] = (empty($trace['file'])) ? '(not given by php)' : htmlspecialchars(phpbb_filter_root_path($trace['file']));
+		$trace['file'] = (empty($trace['file'])) ? '(not given by php)' : htmlspecialchars(phpbb_filter_root_path($trace['file']), ENT_COMPAT);
 		$trace['line'] = (empty($trace['line'])) ? '(not given by php)' : $trace['line'];
 
 		// Only show function arguments for include etc.
@@ -2765,7 +2764,7 @@ function get_backtrace()
 		$argument = '';
 		if (!empty($trace['args'][0]) && in_array($trace['function'], array('include', 'require', 'include_once', 'require_once')))
 		{
-			$argument = htmlspecialchars(phpbb_filter_root_path($trace['args'][0]));
+			$argument = htmlspecialchars(phpbb_filter_root_path($trace['args'][0]), ENT_COMPAT);
 		}
 
 		$trace['class'] = (!isset($trace['class'])) ? '' : $trace['class'];
@@ -2775,7 +2774,7 @@ function get_backtrace()
 		$output .= '<b>FILE:</b> ' . $trace['file'] . '<br />';
 		$output .= '<b>LINE:</b> ' . ((!empty($trace['line'])) ? $trace['line'] : '') . '<br />';
 
-		$output .= '<b>CALL:</b> ' . htmlspecialchars($trace['class'] . $trace['type'] . $trace['function']);
+		$output .= '<b>CALL:</b> ' . htmlspecialchars($trace['class'] . $trace['type'] . $trace['function'], ENT_COMPAT);
 		$output .= '(' . (($argument !== '') ? "'$argument'" : '') . ')<br />';
 	}
 	$output .= '</div>';
@@ -2996,7 +2995,7 @@ function msg_handler($errno, $msg_text, $errfile, $errline)
 
 			// Check the error reporting level and return if the error level does not match
 			// If DEBUG is defined the default level is E_ALL
-			if (($errno & ($phpbb_container->getParameter('debug.show_errors') ? E_ALL : error_reporting())) == 0)
+			if (($errno & ($phpbb_container != null && $phpbb_container->getParameter('debug.show_errors') ? E_ALL : error_reporting())) == 0)
 			{
 				return;
 			}
@@ -3240,12 +3239,12 @@ function phpbb_filter_root_path($errfile)
 	{
 		if ($phpbb_filesystem)
 		{
-			$root_path = $phpbb_filesystem->realpath(dirname(__FILE__) . '/../');
+			$root_path = $phpbb_filesystem->realpath(__DIR__ . '/../');
 		}
 		else
 		{
 			$filesystem = new \phpbb\filesystem\filesystem();
-			$root_path = $filesystem->realpath(dirname(__FILE__) . '/../');
+			$root_path = $filesystem->realpath(__DIR__ . '/../');
 		}
 	}
 
@@ -4049,7 +4048,7 @@ function page_header($page_title = '', $display_online_list = false, $item_id =
 		'S_ENABLE_FEEDS_TOPICS_ACTIVE'	=> ($config['feed_topics_active']) ? true : false,
 		'S_ENABLE_FEEDS_NEWS'		=> ($s_feed_news) ? true : false,
 
-		'S_LOAD_UNREADS'			=> ($config['load_unreads_search'] && ($config['load_anon_lastread'] || $user->data['is_registered'])) ? true : false,
+		'S_LOAD_UNREADS'			=> (bool) $config['load_unreads_search'] && ($config['load_anon_lastread'] || !empty($user->data['is_registered'])),
 
 		'S_SEARCH_HIDDEN_FIELDS'	=> build_hidden_fields($s_search_hidden_fields),
 
@@ -4070,7 +4069,7 @@ function page_header($page_title = '', $display_online_list = false, $item_id =
 
 		'T_FONT_AWESOME_LINK'	=> !empty($config['allow_cdn']) && !empty($config['load_font_awesome_url']) ? $config['load_font_awesome_url'] : "{$web_path}assets/css/font-awesome.min.css?assets_version=" . $config['assets_version'],
 
-		'T_JQUERY_LINK'			=> !empty($config['allow_cdn']) && !empty($config['load_jquery_url']) ? $config['load_jquery_url'] : "{$web_path}assets/javascript/jquery-3.5.1.min.js?assets_version=" . $config['assets_version'],
+		'T_JQUERY_LINK'			=> !empty($config['allow_cdn']) && !empty($config['load_jquery_url']) ? $config['load_jquery_url'] : "{$web_path}assets/javascript/jquery-3.6.0.min.js?assets_version=" . $config['assets_version'],
 		'S_ALLOW_CDN'			=> !empty($config['allow_cdn']),
 		'S_COOKIE_NOTICE'		=> !empty($config['cookie_notice']),
 
@@ -4405,6 +4404,6 @@ function phpbb_get_board_contact_link(\phpbb\config\config $config, $phpbb_root_
 	}
 	else
 	{
-		return 'mailto:' . htmlspecialchars($config['board_contact']);
+		return 'mailto:' . htmlspecialchars($config['board_contact'], ENT_COMPAT);
 	}
 }

phpBB/includes/functions_acp.php

@@ -93,16 +93,16 @@ function adm_page_header($page_title)
 
 		'T_ASSETS_VERSION'		=> $config['assets_version'],
 
-		'ICON_MOVE_UP'				=> '<img src="' . htmlspecialchars($phpbb_admin_path) . 'images/icon_up.gif" alt="' . $user->lang['MOVE_UP'] . '" title="' . $user->lang['MOVE_UP'] . '" />',
-		'ICON_MOVE_UP_DISABLED'		=> '<img src="' . htmlspecialchars($phpbb_admin_path) . 'images/icon_up_disabled.gif" alt="' . $user->lang['MOVE_UP'] . '" title="' . $user->lang['MOVE_UP'] . '" />',
-		'ICON_MOVE_DOWN'			=> '<img src="' . htmlspecialchars($phpbb_admin_path) . 'images/icon_down.gif" alt="' . $user->lang['MOVE_DOWN'] . '" title="' . $user->lang['MOVE_DOWN'] . '" />',
-		'ICON_MOVE_DOWN_DISABLED'	=> '<img src="' . htmlspecialchars($phpbb_admin_path) . 'images/icon_down_disabled.gif" alt="' . $user->lang['MOVE_DOWN'] . '" title="' . $user->lang['MOVE_DOWN'] . '" />',
-		'ICON_EDIT'					=> '<img src="' . htmlspecialchars($phpbb_admin_path) . 'images/icon_edit.gif" alt="' . $user->lang['EDIT'] . '" title="' . $user->lang['EDIT'] . '" />',
-		'ICON_EDIT_DISABLED'		=> '<img src="' . htmlspecialchars($phpbb_admin_path) . 'images/icon_edit_disabled.gif" alt="' . $user->lang['EDIT'] . '" title="' . $user->lang['EDIT'] . '" />',
-		'ICON_DELETE'				=> '<img src="' . htmlspecialchars($phpbb_admin_path) . 'images/icon_delete.gif" alt="' . $user->lang['DELETE'] . '" title="' . $user->lang['DELETE'] . '" />',
-		'ICON_DELETE_DISABLED'		=> '<img src="' . htmlspecialchars($phpbb_admin_path) . 'images/icon_delete_disabled.gif" alt="' . $user->lang['DELETE'] . '" title="' . $user->lang['DELETE'] . '" />',
-		'ICON_SYNC'					=> '<img src="' . htmlspecialchars($phpbb_admin_path) . 'images/icon_sync.gif" alt="' . $user->lang['RESYNC'] . '" title="' . $user->lang['RESYNC'] . '" />',
-		'ICON_SYNC_DISABLED'		=> '<img src="' . htmlspecialchars($phpbb_admin_path) . 'images/icon_sync_disabled.gif" alt="' . $user->lang['RESYNC'] . '" title="' . $user->lang['RESYNC'] . '" />',
+		'ICON_MOVE_UP'				=> '<i class="icon acp-icon acp-icon-move-up fa-arrow-circle-up fa-fw" title="' . $user->lang('MOVE_UP') . '"></i>',
+		'ICON_MOVE_UP_DISABLED'		=> '<i class="icon acp-icon acp-icon-disabled fa-arrow-circle-up fa-fw" title="' . $user->lang('MOVE_UP') . '"></i>',
+		'ICON_MOVE_DOWN'			=> '<i class="icon acp-icon acp-icon-move-down fa-arrow-circle-down fa-fw" title="' . $user->lang('MOVE_DOWN') . '"></i>',
+		'ICON_MOVE_DOWN_DISABLED'	=> '<i class="icon acp-icon acp-icon-disabled fa-arrow-circle-down fa-fw" title="' . $user->lang('MOVE_DOWN') . '"></i>',
+		'ICON_EDIT'					=> '<i class="icon acp-icon acp-icon-settings fa-cog fa-fw" title="' . $user->lang('EDIT') . '"></i>',
+		'ICON_EDIT_DISABLED'		=> '<i class="icon acp-icon acp-icon-disabled fa-cog fa-fw" title="' . $user->lang('EDIT') . '"></i>',
+		'ICON_DELETE'				=> '<i class="icon acp-icon acp-icon-delete fa-times-circle fa-fw" title="' . $user->lang('DELETE') . '"></i>',
+		'ICON_DELETE_DISABLED'		=> '<i class="icon acp-icon acp-icon-disabled fa-times-circle fa-fw" title="' . $user->lang('DELETE') . '"></i>',
+		'ICON_SYNC'					=> '<i class="icon acp-icon acp-icon-resync fa-refresh fa-fw" title="' . $user->lang('RESYNC') . '"></i>',
+		'ICON_SYNC_DISABLED'		=> '<i class="icon acp-icon acp-icon-disabled fa-refresh fa-fw" title="' . $user->lang('RESYNC') . '"></i>',
 
 		'S_USER_LANG'			=> $user->lang['USER_LANG'],
 		'S_CONTENT_DIRECTION'	=> $user->lang['DIRECTION'],
@@ -178,7 +178,7 @@ function adm_page_footer($copyright_html = true)
 		'TRANSLATION_INFO'	=> (!empty($user->lang['TRANSLATION_INFO'])) ? $user->lang['TRANSLATION_INFO'] : '',
 		'S_COPYRIGHT_HTML'	=> $copyright_html,
 		'CREDIT_LINE'		=> $user->lang('POWERED_BY', '<a href="https://www.phpbb.com/">phpBB</a>&reg; Forum Software &copy; phpBB Limited'),
-		'T_JQUERY_LINK'		=> !empty($config['allow_cdn']) && !empty($config['load_jquery_url']) ? $config['load_jquery_url'] : "{$phpbb_root_path}assets/javascript/jquery-3.5.1.min.js",
+		'T_JQUERY_LINK'		=> !empty($config['allow_cdn']) && !empty($config['load_jquery_url']) ? $config['load_jquery_url'] : "{$phpbb_root_path}assets/javascript/jquery-3.6.0.min.js",
 		'S_ALLOW_CDN'		=> !empty($config['allow_cdn']),
 		'VERSION'			=> $config['version'])
 	);

phpBB/includes/functions_admin.php

@@ -1324,7 +1324,7 @@ function update_posted_info(&$topic_ids)
 */
 function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false, $sync_extra = false)
 {
-	global $db;
+	global $db, $phpbb_dispatcher;
 
 	if (is_array($where_ids))
 	{
@@ -1826,11 +1826,26 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 			// 5: Retrieve last_post infos
 			if (count($post_ids))
 			{
-				$sql = 'SELECT p.post_id, p.poster_id, p.post_subject, p.post_time, p.post_username, u.username, u.user_colour
-					FROM ' . POSTS_TABLE . ' p, ' . USERS_TABLE . ' u
-					WHERE ' . $db->sql_in_set('p.post_id', $post_ids) . '
-						AND p.poster_id = u.user_id';
-				$result = $db->sql_query($sql);
+				$sql_ary = array(
+					'SELECT'	=> 'p.post_id, p.poster_id, p.post_subject, p.post_time, p.post_username, u.username, u.user_colour',
+					'FROM'		=> array(
+						POSTS_TABLE	=> 'p',
+						USERS_TABLE => 'u',
+					),
+					'WHERE'		=> $db->sql_in_set('p.post_id', $post_ids) . '
+						AND p.poster_id = u.user_id',
+				);
+
+				/**
+				* Event to modify the SQL array to get the post and user data from all forums' last posts
+				*
+				* @event core.sync_forum_last_post_info_sql
+				* @var	array	sql_ary		SQL array with some post and user data from the last posts list
+				* @since 3.3.5-RC1
+				*/
+				$vars = ['sql_ary'];
+				extract($phpbb_dispatcher->trigger_event('core.sync_forum_last_post_info_sql', compact($vars)));
+				$result = $db->sql_query($db->sql_build_query('SELECT', $sql_ary));
 
 				while ($row = $db->sql_fetchrow($result))
 				{
@@ -1862,7 +1877,6 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 						}
 					}
 				}
-				unset($post_info);
 			}
 
 			// 6: Now do that thing
@@ -1873,6 +1887,23 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 				array_push($fieldnames, 'posts_approved', 'posts_unapproved', 'posts_softdeleted', 'topics_approved', 'topics_unapproved', 'topics_softdeleted');
 			}
 
+			/**
+			* Event to modify the SQL array to get the post and user data from all forums' last posts
+			*
+			* @event core.sync_modify_forum_data
+			* @var	array	forum_data		Array with data to update for all forum ids
+			* @var	array	post_info		Array with some post and user data from the last posts list
+			* @var	array	fieldnames		Array with the partial column names that are being updated
+			* @since 3.3.5-RC1
+			*/
+			$vars = [
+				'forum_data',
+				'post_info',
+				'fieldnames',
+			];
+			extract($phpbb_dispatcher->trigger_event('core.sync_modify_forum_data', compact($vars)));
+			unset($post_info);
+
 			foreach ($forum_data as $forum_id => $row)
 			{
 				$sql_ary = array();
@@ -2041,11 +2072,31 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 				unset($delete_topics, $delete_topic_ids);
 			}
 
-			$sql = 'SELECT p.post_id, p.topic_id, p.post_visibility, p.poster_id, p.post_subject, p.post_username, p.post_time, u.username, u.user_colour
-				FROM ' . POSTS_TABLE . ' p, ' . USERS_TABLE . ' u
-				WHERE ' . $db->sql_in_set('p.post_id', $post_ids) . '
-					AND u.user_id = p.poster_id';
-			$result = $db->sql_query($sql);
+			$sql_ary = array(
+				'SELECT'	=> 'p.post_id, p.topic_id, p.post_visibility, p.poster_id, p.post_subject, p.post_username, p.post_time, u.username, u.user_colour',
+				'FROM'		=> array(
+					POSTS_TABLE	=> 'p',
+					USERS_TABLE => 'u',
+				),
+				'WHERE'		=> $db->sql_in_set('p.post_id', $post_ids) . '
+					AND u.user_id = p.poster_id',
+			);
+
+			$custom_fieldnames = [];
+			/**
+			* Event to modify the SQL array to get the post and user data from all topics' last posts
+			*
+			* @event core.sync_topic_last_post_info_sql
+			* @var	array	sql_ary					SQL array with some post and user data from the last posts list
+			* @var	array	custom_fieldnames		Empty array for custom fieldnames to update the topics_table with
+			* @since 3.3.5-RC1
+			*/
+			$vars = [
+				'sql_ary',
+				'custom_fieldnames',
+			];
+			extract($phpbb_dispatcher->trigger_event('core.sync_topic_last_post_info_sql', compact($vars)));
+			$result = $db->sql_query($db->sql_build_query('SELECT', $sql_ary));
 
 			while ($row = $db->sql_fetchrow($result))
 			{
@@ -2067,6 +2118,22 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 					$topic_data[$topic_id]['last_poster_name'] = ($row['poster_id'] == ANONYMOUS) ? $row['post_username'] : $row['username'];
 					$topic_data[$topic_id]['last_poster_colour'] = $row['user_colour'];
 				}
+
+				/**
+				* Event to modify the topic_data when syncing topics
+				*
+				* @event core.sync_modify_topic_data
+				* @var	array	topic_data		Array with the topics' data we are syncing
+				* @var	array	row				Array with some of the current user and post data
+				* @var	int		topic_id		The current topic_id of $row
+				* @since 3.3.5-RC1
+				*/
+				$vars = [
+					'topic_data',
+					'row',
+					'topic_id',
+				];
+				extract($phpbb_dispatcher->trigger_event('core.sync_modify_topic_data', compact($vars)));
 			}
 			$db->sql_freeresult($result);
 
@@ -2182,6 +2249,10 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 			// These are fields that will be synchronised
 			$fieldnames = array('time', 'visibility', 'posts_approved', 'posts_unapproved', 'posts_softdeleted', 'poster', 'first_post_id', 'first_poster_name', 'first_poster_colour', 'last_post_id', 'last_post_subject', 'last_post_time', 'last_poster_id', 'last_poster_name', 'last_poster_colour');
 
+			// Add custom fieldnames
+			$fieldnames = array_merge($fieldnames, $custom_fieldnames);
+			unset($custom_fieldnames);
+
 			if ($sync_extra)
 			{
 				// This routine assumes that post_reported values are correct
@@ -2418,7 +2489,7 @@ function auto_prune($forum_id, $prune_mode, $prune_flags, $prune_days, $prune_fr
 * must be carried through for the moderators table.
 *
 * @param \phpbb\db\driver\driver_interface $db Database connection
-* @param \phpbb\cache\driver\driver_interface Cache driver
+* @param \phpbb\cache\driver\driver_interface $cache Cache driver
 * @param \phpbb\auth\auth $auth Authentication object
 * @return null
 */
@@ -2605,7 +2676,7 @@ function phpbb_cache_moderators($db, $cache, $auth)
 * @param	mixed	$forum_id		Restrict the log entries to the given forum_id (can also be an array of forum_ids)
 * @param	int		$topic_id		Restrict the log entries to the given topic_id
 * @param	int		$user_id		Restrict the log entries to the given user_id
-* @param	int		$log_time		Only get log entries newer than the given timestamp
+* @param	int		$limit_days		Only get log entries newer than the given timestamp
 * @param	string	$sort_by		SQL order option, e.g. 'l.log_time DESC'
 * @param	string	$keywords		Will only return log entries that have the keywords in log_operation or log_data
 *
@@ -2847,7 +2918,7 @@ function get_database_size()
 			$database_size	= 0;
 
 			$sql = 'SHOW TABLE STATUS
-				FROM ' . $db_name;
+				FROM ' . $db->sql_quote($db_name);
 			$result = $db->sql_query($sql, 7200);
 
 			while ($row = $db->sql_fetchrow($result))
@@ -2900,37 +2971,18 @@ function get_database_size()
 		break;
 
 		case 'postgres':
-			$sql = "SELECT proname
-				FROM pg_proc
-				WHERE proname = 'pg_database_size'";
-			$result = $db->sql_query($sql);
-			$row = $db->sql_fetchrow($result);
-			$db->sql_freeresult($result);
+			$database = $db->get_db_name();
 
-			if ($row['proname'] == 'pg_database_size')
+			if (strpos($database, '.') !== false)
 			{
-				$database = $db->get_db_name();
-				if (strpos($database, '.') !== false)
-				{
-					list($database, ) = explode('.', $database);
-				}
-
-				$sql = "SELECT oid
-					FROM pg_database
-					WHERE datname = '$database'";
-				$result = $db->sql_query($sql);
-				$row = $db->sql_fetchrow($result);
-				$db->sql_freeresult($result);
-
-				$oid = $row['oid'];
-
-				$sql = 'SELECT pg_database_size(' . $oid . ') as size';
-				$result = $db->sql_query($sql);
-				$row = $db->sql_fetchrow($result);
-				$db->sql_freeresult($result);
-
-				$database_size = $row['size'];
+				$database = explode('.', $database)[0];
 			}
+
+			$sql = "SELECT pg_database_size('" . $database . "') AS dbsize";
+			$result = $db->sql_query($sql, 7200);
+			$row = $db->sql_fetchrow($result);
+			$database_size = !empty($row['dbsize']) ? $row['dbsize'] : false;
+			$db->sql_freeresult($result);
 		break;
 
 		case 'oracle':

phpBB/includes/functions_compatibility.php

@@ -223,12 +223,12 @@ function get_remote_file($host, $directory, $filename, &$errstr, &$errno, $port
 /**
  * Add log entry
  *
- * @param	string	$mode				The mode defines which log_type is used and from which log the entry is retrieved
- * @param	int		$forum_id			Mode 'mod' ONLY: forum id of the related item, NOT INCLUDED otherwise
- * @param	int		$topic_id			Mode 'mod' ONLY: topic id of the related item, NOT INCLUDED otherwise
- * @param	int		$reportee_id		Mode 'user' ONLY: user id of the reportee, NOT INCLUDED otherwise
- * @param	string	$log_operation		Name of the operation
- * @param	array	$additional_data	More arguments can be added, depending on the log_type
+ * string	$mode				The mode defines which log_type is used and from which log the entry is retrieved
+ * int		$forum_id			Mode 'mod' ONLY: forum id of the related item, NOT INCLUDED otherwise
+ * int		$topic_id			Mode 'mod' ONLY: topic id of the related item, NOT INCLUDED otherwise
+ * int		$reportee_id		Mode 'user' ONLY: user id of the reportee, NOT INCLUDED otherwise
+ * string	$log_operation		Name of the operation
+ * array	$additional_data	More arguments can be added, depending on the log_type
  *
  * @return	int|bool		Returns the log_id, if the entry was added to the database, false otherwise.
  *
@@ -345,7 +345,8 @@ function set_config_count($config_name, $increment, $is_dynamic = false, \phpbb\
  *										Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks
  * @param	bool			$cookie		This param is mapped to \phpbb\request\request_interface::COOKIE as the last param for
  * 										\phpbb\request\request_interface::variable for backwards compatability reasons.
- * @param	\phpbb\request\request_interface|null|false	If an instance of \phpbb\request\request_interface is given the instance is stored in
+ * @param	\phpbb\request\request_interface|null|false	$request
+ * 										If an instance of \phpbb\request\request_interface is given the instance is stored in
  *										a static variable and used for all further calls where this parameters is null. Until
  *										the function is called with an instance it automatically creates a new \phpbb\request\request
  *										instance on every call. By passing false this per-call instantiation can be restored
@@ -758,7 +759,7 @@ function phpbb_http_login($param)
 	{
 		if ($request->is_set($k, \phpbb\request\request_interface::SERVER))
 		{
-			$username = htmlspecialchars_decode($request->server($k));
+			$username = htmlspecialchars_decode($request->server($k), ENT_COMPAT);
 			break;
 		}
 	}
@@ -768,7 +769,7 @@ function phpbb_http_login($param)
 	{
 		if ($request->is_set($k, \phpbb\request\request_interface::SERVER))
 		{
-			$password = htmlspecialchars_decode($request->server($k));
+			$password = htmlspecialchars_decode($request->server($k), ENT_COMPAT);
 			break;
 		}
 	}

phpBB/includes/functions_content.php

@@ -803,8 +803,8 @@ function make_clickable_callback($type, $whitespace, $url, $relative_url, $class
 	$orig_url		= $url;
 	$orig_relative	= $relative_url;
 	$append			= '';
-	$url			= htmlspecialchars_decode($url);
-	$relative_url	= htmlspecialchars_decode($relative_url);
+	$url			= htmlspecialchars_decode($url, ENT_COMPAT);
+	$relative_url	= htmlspecialchars_decode($relative_url, ENT_COMPAT);
 
 	// make sure no HTML entities were matched
 	$chars = array('<', '>', '"');
@@ -911,9 +911,9 @@ function make_clickable_callback($type, $whitespace, $url, $relative_url, $class
 		break;
 	}
 
-	$url	= htmlspecialchars($url);
-	$text	= htmlspecialchars($text);
-	$append	= htmlspecialchars($append);
+	$url	= htmlspecialchars($url, ENT_COMPAT);
+	$text	= htmlspecialchars($text, ENT_COMPAT);
+	$append	= htmlspecialchars($append, ENT_COMPAT);
 
 	$html	= "$whitespace<!-- $tag --><a$class href=\"$url\">$text</a><!-- $tag -->$append";
 
@@ -1456,7 +1456,7 @@ function truncate_string($string, $max_length = 60, $max_store_length = 255, $al
 		$string = substr($string, 4);
 	}
 
-	$_chars = utf8_str_split(htmlspecialchars_decode($string));
+	$_chars = utf8_str_split(htmlspecialchars_decode($string, ENT_COMPAT));
 	$chars = array_map('utf8_htmlspecialchars', $_chars);
 
 	// Now check the length ;)
@@ -1471,7 +1471,7 @@ function truncate_string($string, $max_length = 60, $max_store_length = 255, $al
 	if (utf8_strlen($string) > $max_store_length)
 	{
 		// let's split again, we do not want half-baked strings where entities are split
-		$_chars = utf8_str_split(htmlspecialchars_decode($string));
+		$_chars = utf8_str_split(htmlspecialchars_decode($string, ENT_COMPAT));
 		$chars = array_map('utf8_htmlspecialchars', $_chars);
 
 		do

phpBB/includes/functions_convert.php

@@ -1127,6 +1127,7 @@ function add_user_group($group_id, $user_id, $group_leader = false)
 *
 * @param string $group The name of the special group to add to
 * @param string $select_query An SQL query to retrieve the user(s) to add to the group
+* @param bool $use_src_db
 */
 function user_group_auth($group, $select_query, $use_src_db)
 {
@@ -1835,10 +1836,12 @@ function add_bots()
 
 	$bots = array(
 		'AdsBot [Google]'			=> array('AdsBot-Google', ''),
+		'Ahrefs [Bot]'				=> array('AhrefsBot/', ''),
 		'Alexa [Bot]'				=> array('ia_archiver', ''),
 		'Alta Vista [Bot]'			=> array('Scooter/', ''),
+		'Amazon [Bot]'				=> array('Amazonbot/', ''),
 		'Ask Jeeves [Bot]'			=> array('Ask Jeeves', ''),
-		'Baidu [Spider]'			=> array('Baiduspider+(', ''),
+		'Baidu [Spider]'			=> array('Baiduspider', ''),
 		'Bing [Bot]'				=> array('bingbot/', ''),
 		'DuckDuckGo [Bot]'			=> array('DuckDuckBot/', ''),
 		'Exabot [Bot]'				=> array('Exabot/', ''),
@@ -1854,7 +1857,7 @@ function add_bots()
 		'Heritrix [Crawler]'		=> array('heritrix/1.', ''),
 		'IBM Research [Bot]'		=> array('ibm.com/cs/crawler', ''),
 		'ICCrawler - ICjobs'		=> array('ICCrawler - ICjobs', ''),
-		'ichiro [Crawler]'			=> array('ichiro/2', ''),
+		'ichiro [Crawler]'			=> array('ichiro/', ''),
 		'Majestic-12 [Bot]'			=> array('MJ12bot/', ''),
 		'Metager [Bot]'				=> array('MetagerBot/', ''),
 		'MSN NewsBlogs'				=> array('msnbot-NewsBlogs/', ''),
@@ -1867,6 +1870,7 @@ function add_bots()
 		'Online link [Validator]'	=> array('online link validator', ''),
 		'psbot [Picsearch]'			=> array('psbot/0', ''),
 		'Seekport [Bot]'			=> array('Seekbot/', ''),
+		'Semrush [Bot]'				=> array('SemrushBot/', ''),
 		'Sensis [Crawler]'			=> array('Sensis Web Crawler', ''),
 		'SEO Crawler'				=> array('SEO search Crawler/', ''),
 		'Seoma [Crawler]'			=> array('Seoma [SEO Crawler]', ''),
@@ -1876,7 +1880,7 @@ function add_bots()
 		'Synoo [Bot]'				=> array('SynooBot/', ''),
 		'Telekom [Bot]'				=> array('crawleradmin.t-info@telekom.de', ''),
 		'TurnitinBot [Bot]'			=> array('TurnitinBot/', ''),
-		'Voyager [Bot]'				=> array('voyager/1.0', ''),
+		'Voyager [Bot]'				=> array('voyager/', ''),
 		'W3 [Sitesearch]'			=> array('W3 SiteSearch Crawler', ''),
 		'W3C [Linkcheck]'			=> array('W3C-checklink/', ''),
 		'W3C [Validator]'			=> array('W3C_*Validator', ''),

phpBB/includes/functions_display.php

@@ -551,7 +551,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 			}
 			$last_post_time = $user->format_date($row['forum_last_post_time']);
 			$last_post_time_rfc3339 = gmdate(DATE_RFC3339, $row['forum_last_post_time']);
-			$last_post_url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $row['forum_id_last_post'] . '&p=' . $row['forum_last_post_id']) . '#p' . $row['forum_last_post_id'];
+			$last_post_url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'p=' . $row['forum_last_post_id']) . '#p' . $row['forum_last_post_id'];
 		}
 		else
 		{
@@ -1086,12 +1086,12 @@ function display_custom_bbcodes()
 	// Start counting from 22 for the bbcode ids (every bbcode takes two ids - opening/closing)
 	$num_predefined_bbcodes = NUM_PREDEFINED_BBCODES;
 
-	$sql_ary = array(
-		'SELECT'	=> 'b.bbcode_id, b.bbcode_tag, b.bbcode_helpline',
-		'FROM'		=> array(BBCODES_TABLE => 'b'),
+	$sql_ary = [
+		'SELECT'	=> 'b.bbcode_id, b.bbcode_tag, b.bbcode_helpline, b.bbcode_match',
+		'FROM'		=> [BBCODES_TABLE => 'b'],
 		'WHERE'		=> 'b.display_on_posting = 1',
 		'ORDER_BY'	=> 'b.bbcode_tag',
-	);
+	];
 
 	/**
 	* Event to modify the SQL query before custom bbcode data is queried
@@ -1119,13 +1119,18 @@ function display_custom_bbcodes()
 		// Convert Numeric Character References to UTF-8 chars.
 		$row['bbcode_helpline'] = utf8_decode_ncr($row['bbcode_helpline']);
 
-		$custom_tags = array(
-			'BBCODE_NAME'		=> "'[{$row['bbcode_tag']}]', '[/" . str_replace('=', '', $row['bbcode_tag']) . "]'",
+		// Does the closing bbcode tag exists? If so display it.
+		$bbcode_close_tag	= '%\[\/' . utf8_strtolower($row['bbcode_tag']) . '\]%';
+		$bbcode_match_str	= utf8_strtolower($row['bbcode_match']);
+		$bbcode_name_clean	= preg_match($bbcode_close_tag, $bbcode_match_str) ? "'[{$row['bbcode_tag']}]', '[/" . str_replace('=', '', $row['bbcode_tag']) . "]'" : "'[{$row['bbcode_tag']}]', ''";
+
+		$custom_tags = [
+			'BBCODE_NAME'		=> $bbcode_name_clean,
 			'BBCODE_ID'			=> $num_predefined_bbcodes + ($i * 2),
 			'BBCODE_TAG'		=> $row['bbcode_tag'],
 			'BBCODE_TAG_CLEAN'	=> str_replace('=', '-', $row['bbcode_tag']),
 			'BBCODE_HELPLINE'	=> $row['bbcode_helpline'],
-		);
+		];
 
 		/**
 		* Event to modify the template data block of a custom bbcode

phpBB/includes/functions_download.php

@@ -208,7 +208,7 @@ function send_file_to_browser($attachment, $upload_dir, $category)
 
 	if (empty($user->browser) || ((strpos(strtolower($user->browser), 'msie') !== false) && !phpbb_is_greater_ie_version($user->browser, 7)))
 	{
-		header('Content-Disposition: attachment; ' . header_filename(htmlspecialchars_decode($attachment['real_filename'])));
+		header('Content-Disposition: attachment; ' . header_filename(htmlspecialchars_decode($attachment['real_filename'], ENT_COMPAT)));
 		if (empty($user->browser) || (strpos(strtolower($user->browser), 'msie 6.0') !== false))
 		{
 			header('Expires: ' . gmdate('D, d M Y H:i:s', time()) . ' GMT');
@@ -216,7 +216,7 @@ function send_file_to_browser($attachment, $upload_dir, $category)
 	}
 	else
 	{
-		header('Content-Disposition: ' . ((strpos($attachment['mimetype'], 'image') === 0) ? 'inline' : 'attachment') . '; ' . header_filename(htmlspecialchars_decode($attachment['real_filename'])));
+		header('Content-Disposition: ' . ((strpos($attachment['mimetype'], 'image') === 0) ? 'inline' : 'attachment') . '; ' . header_filename(htmlspecialchars_decode($attachment['real_filename'], ENT_COMPAT)));
 		if (phpbb_is_greater_ie_version($user->browser, 7) && (strpos($attachment['mimetype'], 'image') !== 0))
 		{
 			header('X-Download-Options: noopen');
@@ -242,7 +242,7 @@ function send_file_to_browser($attachment, $upload_dir, $category)
 			// X-Sendfile - http://blog.lighttpd.net/articles/2006/07/02/x-sendfile
 			// Lighttpd's X-Sendfile does not support range requests as of 1.4.26
 			// and always requires an absolute path.
-			header('X-Sendfile: ' . dirname(__FILE__) . "/../$upload_dir/{$attachment['physical_filename']}");
+			header('X-Sendfile: ' . __DIR__ . "/../$upload_dir/{$attachment['physical_filename']}");
 			exit;
 		}
 
@@ -327,7 +327,7 @@ function download_allowed()
 		return true;
 	}
 
-	$url = htmlspecialchars_decode($request->header('Referer'));
+	$url = htmlspecialchars_decode($request->header('Referer'), ENT_COMPAT);
 
 	if (!$url)
 	{
@@ -656,15 +656,15 @@ function phpbb_download_handle_forum_auth($db, $auth, $topic_id)
 {
 	global $phpbb_container;
 
-	$sql_array = array(
-		'SELECT'	=> 't.topic_visibility, t.forum_id, f.forum_name, f.forum_password, f.parent_id',
-		'FROM'		=> array(
+	$sql_array = [
+		'SELECT'	=> 't.forum_id, t.topic_poster, t.topic_visibility, f.forum_name, f.forum_password, f.parent_id',
+		'FROM'		=> [
 			TOPICS_TABLE => 't',
 			FORUMS_TABLE => 'f',
-		),
-		'WHERE'	=> 't.topic_id = ' . (int) $topic_id . '
+		],
+		'WHERE'		=> 't.topic_id = ' . (int) $topic_id . '
 			AND t.forum_id = f.forum_id',
-	);
+	];
 
 	$sql = $db->sql_build_query('SELECT', $sql_array);
 	$result = $db->sql_query($sql);

phpBB/includes/functions_mcp.php

@@ -51,8 +51,18 @@ function phpbb_module_warn_url($mode, $module_row)
 	{
 		global $forum_id, $post_id;
 
-		$url_extra = ($forum_id) ? "&f=$forum_id" : '';
-		$url_extra .= ($post_id) ? "&p=$post_id" : '';
+		if ($post_id)
+		{
+			$url_extra = "&p=$post_id";
+		}
+		else if ($forum_id)
+		{
+			$url_extra = "&f=$forum_id";
+		}
+		else
+		{
+			$url_extra = '';
+		}
 
 		return $url_extra;
 	}
@@ -93,10 +103,22 @@ function phpbb_extra_url()
 {
 	global $forum_id, $topic_id, $post_id, $report_id, $user_id;
 
-	$url_extra = '';
-	$url_extra .= ($forum_id) ? "&f=$forum_id" : '';
-	$url_extra .= ($topic_id) ? "&t=$topic_id" : '';
-	$url_extra .= ($post_id) ? "&p=$post_id" : '';
+	if ($post_id)
+	{
+		$url_extra = "&p=$post_id";
+	}
+	else if ($topic_id)
+	{
+		$url_extra = "&t=$topic_id";
+	}
+	else if ($forum_id)
+	{
+		$url_extra = "&f=$forum_id";
+	}
+	else
+	{
+		$url_extra = '';
+	}
 	$url_extra .= ($user_id) ? "&u=$user_id" : '';
 	$url_extra .= ($report_id) ? "&r=$report_id" : '';
 
@@ -383,7 +405,7 @@ function phpbb_get_pm_data($pm_ids)
 /**
 * sorting in mcp
 *
-* @param string $where_sql should either be WHERE (default if ommited) or end with AND or OR
+* $where_sql should either be WHERE (default if ommited) or end with AND or OR
 *
 * $mode reports and reports_closed: the $where parameters uses aliases p for posts table and r for report table
 * $mode unapproved_posts: the $where parameters uses aliases p for posts table and t for topic table
@@ -684,7 +706,7 @@ function phpbb_mcp_sorting($mode, &$sort_days_val, &$sort_key_val, &$sort_dir_va
 * @param	string	$table			The table to find the ids in
 * @param	string	$sql_id			The ids relevant column name
 * @param	array	$acl_list		A list of permissions the user need to have
-* @param	mixed	$singe_forum	Limit to one forum id (int) or the first forum found (true)
+* @param	mixed	$single_forum	Limit to one forum id (int) or the first forum found (true)
 *
 * @return	mixed	False if no ids were able to be retrieved, true if at least one id left.
 *					Additionally, this value can be the forum_id assigned if $single_forum was set.

phpBB/includes/functions_messenger.php

@@ -320,8 +320,8 @@ class messenger
 		// We add some standard variables we always use, no need to specify them always
 		$this->assign_vars(array(
 			'U_BOARD'	=> generate_board_url(),
-			'EMAIL_SIG'	=> str_replace('<br />', "\n", "-- \n" . htmlspecialchars_decode($config['board_email_sig'])),
-			'SITENAME'	=> htmlspecialchars_decode($config['sitename']),
+			'EMAIL_SIG'	=> str_replace('<br />', "\n", "-- \n" . htmlspecialchars_decode($config['board_email_sig'], ENT_COMPAT)),
+			'SITENAME'	=> htmlspecialchars_decode($config['sitename'], ENT_COMPAT),
 		));
 
 		$subject = $this->subject;
@@ -427,7 +427,7 @@ class messenger
 			$user->session_begin();
 		}
 
-		$calling_page = htmlspecialchars_decode($request->server('PHP_SELF'));
+		$calling_page = htmlspecialchars_decode($request->server('PHP_SELF'), ENT_COMPAT);
 
 		switch ($type)
 		{
@@ -440,7 +440,7 @@ class messenger
 			break;
 		}
 
-		$message .= '<br /><em>' . htmlspecialchars($calling_page) . '</em><br /><br />' . $msg . '<br />';
+		$message .= '<br /><em>' . htmlspecialchars($calling_page, ENT_COMPAT) . '</em><br /><br />' . $msg . '<br />';
 		$phpbb_log->add('critical', $user->data['user_id'], $user->ip, 'LOG_ERROR_' . $type, false, array($message));
 	}
 
@@ -557,7 +557,7 @@ class messenger
 			$use_queue = true;
 		}
 
-		$contact_name = htmlspecialchars_decode($config['board_contact_name']);
+		$contact_name = htmlspecialchars_decode($config['board_contact_name'], ENT_COMPAT);
 		$board_contact = (($contact_name !== '') ? '"' . mail_encode($contact_name) . '" ' : '') . '<' . $config['board_contact'] . '>';
 
 		$break = false;
@@ -691,7 +691,7 @@ class messenger
 		if (!$use_queue)
 		{
 			include_once($phpbb_root_path . 'includes/functions_jabber.' . $phpEx);
-			$this->jabber = new jabber($config['jab_host'], $config['jab_port'], $config['jab_username'], htmlspecialchars_decode($config['jab_password']), $config['jab_use_ssl'], $config['jab_verify_peer'], $config['jab_verify_peer_name'], $config['jab_allow_self_signed']);
+			$this->jabber = new jabber($config['jab_host'], $config['jab_port'], $config['jab_username'], htmlspecialchars_decode($config['jab_password'], ENT_COMPAT), $config['jab_use_ssl'], $config['jab_verify_peer'], $config['jab_verify_peer_name'], $config['jab_allow_self_signed']);
 
 			if (!$this->jabber->connect())
 			{
@@ -891,7 +891,7 @@ class queue
 					}
 
 					include_once($phpbb_root_path . 'includes/functions_jabber.' . $phpEx);
-					$this->jabber = new jabber($config['jab_host'], $config['jab_port'], $config['jab_username'], htmlspecialchars_decode($config['jab_password']), $config['jab_use_ssl'], $config['jab_verify_peer'], $config['jab_verify_peer_name'], $config['jab_allow_self_signed']);
+					$this->jabber = new jabber($config['jab_host'], $config['jab_port'], $config['jab_username'], htmlspecialchars_decode($config['jab_password'], ENT_COMPAT), $config['jab_use_ssl'], $config['jab_verify_peer'], $config['jab_verify_peer_name'], $config['jab_allow_self_signed']);
 
 					if (!$this->jabber->connect())
 					{
@@ -1196,7 +1196,7 @@ function smtpmail($addresses, $subject, $message, &$err_msg, $headers = false)
 		}
 
 		$err_msg = (isset($user->lang['NO_CONNECT_TO_SMTP_HOST'])) ? sprintf($user->lang['NO_CONNECT_TO_SMTP_HOST'], $errno, $errstr) : "Could not connect to smtp host : $errno : $errstr";
-		$err_msg .= ($error_contents) ? '<br /><br />' . htmlspecialchars($error_contents) : '';
+		$err_msg .= ($error_contents) ? '<br /><br />' . htmlspecialchars($error_contents, ENT_COMPAT) : '';
 		return false;
 	}
 
@@ -1208,7 +1208,7 @@ function smtpmail($addresses, $subject, $message, &$err_msg, $headers = false)
 	}
 
 	// Let me in. This function handles the complete authentication process
-	if ($err_msg = $smtp->log_into_server($config['smtp_host'], $config['smtp_username'], htmlspecialchars_decode($config['smtp_password']), $config['smtp_auth_method']))
+	if ($err_msg = $smtp->log_into_server($config['smtp_host'], $config['smtp_username'], htmlspecialchars_decode($config['smtp_password'], ENT_COMPAT), $config['smtp_auth_method']))
 	{
 		$smtp->close_session($err_msg);
 		return false;
@@ -1259,7 +1259,7 @@ function smtpmail($addresses, $subject, $message, &$err_msg, $headers = false)
 	{
 		$user->session_begin();
 		$err_msg .= '<br /><br />';
-		$err_msg .= (isset($user->lang['INVALID_EMAIL_LOG'])) ? sprintf($user->lang['INVALID_EMAIL_LOG'], htmlspecialchars($mail_to_address)) : '<strong>' . htmlspecialchars($mail_to_address) . '</strong> possibly an invalid email address?';
+		$err_msg .= (isset($user->lang['INVALID_EMAIL_LOG'])) ? sprintf($user->lang['INVALID_EMAIL_LOG'], htmlspecialchars($mail_to_address, ENT_COMPAT)) : '<strong>' . htmlspecialchars($mail_to_address, ENT_COMPAT) . '</strong> possibly an invalid email address?';
 		$smtp->close_session($err_msg);
 		return false;
 	}
@@ -1342,7 +1342,7 @@ class smtp_class
 	{
 		if ($this->backtrace)
 		{
-			$this->backtrace_log[] = utf8_htmlspecialchars($message);
+			$this->backtrace_log[] = utf8_htmlspecialchars($message, ENT_COMPAT);
 		}
 	}
 
@@ -1848,18 +1848,27 @@ class smtp_class
 *
 * Please note that this version fully supports RFC 2045 section 6.8.
 *
+* @param string $str
 * @param string $eol End of line we are using (optional to be backwards compatible)
 */
 function mail_encode($str, $eol = "\r\n")
 {
-	// define start delimimter, end delimiter and spacer
-	$start = "=?UTF-8?B?";
+	// Check if string contains ASCII only characters
+	$is_ascii = strlen($str) === utf8_strlen($str);
+
+	// Define start delimimter, end delimiter and spacer
+	// Use the Quoted-Printable encoding for ASCII strings to avoid unnecessary encoding in Base64
+	$start = $is_ascii ? "=?US-ASCII?Q?" : "=?UTF-8?B?";
 	$end = "?=";
 	$delimiter = "$eol ";
 
-	// Maximum length is 75. $split_length *must* be a multiple of 4, but <= 75 - strlen($start . $delimiter . $end)!!!
-	$split_length = 60;
-	$encoded_str = base64_encode($str);
+	// Maximum encoded-word length is 75 as per RFC 2047 section 2.
+	// $split_length *must* be a multiple of 4, but <= 75 - strlen($start . $delimiter . $end)!!!
+	$split_length = 75 - strlen($start . $delimiter . $end);
+	$split_length = $split_length - $split_length % 4;
+
+	// Use the Quoted-Printable encoding for ASCII strings to avoid unnecessary encoding in Base64
+	$encoded_str = $is_ascii ? quoted_printable_encode($str) : base64_encode($str);
 
 	// If encoded string meets the limits, we just return with the correct data.
 	if (strlen($encoded_str) <= $split_length)
@@ -1868,7 +1877,7 @@ function mail_encode($str, $eol = "\r\n")
 	}
 
 	// If there is only ASCII data, we just return what we want, correctly splitting the lines.
-	if (strlen($str) === utf8_strlen($str))
+	if ($is_ascii)
 	{
 		return $start . implode($end . $delimiter . $start, str_split($encoded_str, $split_length)) . $end;
 	}

phpBB/includes/functions_posting.php

@@ -256,7 +256,7 @@ function generate_smilies($mode, $forum_id)
 */
 function update_post_information($type, $ids, $return_update_sql = false)
 {
-	global $db;
+	global $db, $phpbb_dispatcher;
 
 	if (empty($ids))
 	{
@@ -340,14 +340,35 @@ function update_post_information($type, $ids, $return_update_sql = false)
 
 	if (count($last_post_ids))
 	{
-		$sql = 'SELECT p.' . $type . '_id, p.post_id, p.post_subject, p.post_time, p.poster_id, p.post_username, u.user_id, u.username, u.user_colour
-			FROM ' . POSTS_TABLE . ' p, ' . USERS_TABLE . ' u
-			WHERE p.poster_id = u.user_id
-				AND ' . $db->sql_in_set('p.post_id', $last_post_ids);
-		$result = $db->sql_query($sql);
+		$sql_ary = array(
+			'SELECT'	=> 'p.' . $type . '_id, p.post_id, p.post_subject, p.post_time, p.poster_id, p.post_username, u.user_id, u.username, u.user_colour',
+			'FROM'		=> array(
+				POSTS_TABLE	=> 'p',
+				USERS_TABLE => 'u',
+			),
+			'WHERE'		=> $db->sql_in_set('p.post_id', $last_post_ids) . '
+				AND p.poster_id = u.user_id',
+		);
 
+		/**
+		* Event to modify the SQL array to get the post and user data from all last posts
+		*
+		* @event core.update_post_info_modify_posts_sql
+		* @var	string	type				The table being updated (forum or topic)
+		* @var	array	sql_ary				SQL array to get some of the last posts' data
+		* @since 3.3.5-RC1
+		*/
+		$vars = [
+			'type',
+			'sql_ary',
+		];
+		extract($phpbb_dispatcher->trigger_event('core.update_post_info_modify_posts_sql', compact($vars)));
+		$result = $db->sql_query($db->sql_build_query('SELECT', $sql_ary));
+
+		$rowset = array();
 		while ($row = $db->sql_fetchrow($result))
 		{
+			$rowset[] = $row;
 			$update_sql[$row["{$type}_id"]][] = $type . '_last_post_id = ' . (int) $row['post_id'];
 			$update_sql[$row["{$type}_id"]][] = "{$type}_last_post_subject = '" . $db->sql_escape($row['post_subject']) . "'";
 			$update_sql[$row["{$type}_id"]][] = $type . '_last_post_time = ' . (int) $row['post_time'];
@@ -356,6 +377,23 @@ function update_post_information($type, $ids, $return_update_sql = false)
 			$update_sql[$row["{$type}_id"]][] = "{$type}_last_poster_name = '" . (($row['poster_id'] == ANONYMOUS) ? $db->sql_escape($row['post_username']) : $db->sql_escape($row['username'])) . "'";
 		}
 		$db->sql_freeresult($result);
+
+		/**
+		* Event to modify the update_sql array to add new update data for forum or topic last posts
+		*
+		* @event core.update_post_info_modify_sql
+		* @var	string	type				The table being updated (forum or topic)
+		* @var	array	rowset				Array with the posts data
+		* @var	array	update_sql			Array with SQL data to update the forums or topics table with
+		* @since 3.3.5-RC1
+		*/
+		$vars = [
+			'type',
+			'rowset',
+			'update_sql',
+		];
+		extract($phpbb_dispatcher->trigger_event('core.update_post_info_modify_sql', compact($vars)));
+		unset($rowset);
 	}
 	unset($empty_forums, $ids, $last_post_ids);
 
@@ -542,12 +580,17 @@ function get_supported_image_types($type = false)
 				case IMAGETYPE_WBMP:
 					$new_type = ($format & IMG_WBMP) ? IMG_WBMP : false;
 				break;
+
+				// WEBP
+				case IMAGETYPE_WEBP:
+					$new_type = ($format & IMG_WEBP) ? IMG_WEBP : false;
+				break;
 			}
 		}
 		else
 		{
-			$new_type = array();
-			$go_through_types = array(IMG_GIF, IMG_JPG, IMG_PNG, IMG_WBMP);
+			$new_type = [];
+			$go_through_types = [IMG_GIF, IMG_JPG, IMG_PNG, IMG_WBMP, IMG_WEBP];
 
 			foreach ($go_through_types as $check_type)
 			{
@@ -558,14 +601,14 @@ function get_supported_image_types($type = false)
 			}
 		}
 
-		return array(
+		return [
 			'gd'		=> ($new_type) ? true : false,
 			'format'	=> $new_type,
 			'version'	=> (function_exists('imagecreatetruecolor')) ? 2 : 1
-		);
+		];
 	}
 
-	return array('gd' => false);
+	return ['gd' => false];
 }
 
 /**
@@ -659,6 +702,10 @@ function create_thumbnail($source, $destination, $mimetype)
 				case IMG_WBMP:
 					$image = @imagecreatefromwbmp($source);
 				break;
+
+				case IMG_WEBP:
+					$image = @imagecreatefromwebp($source);
+				break;
 			}
 
 			if (empty($image))
@@ -710,6 +757,10 @@ function create_thumbnail($source, $destination, $mimetype)
 				case IMG_WBMP:
 					imagewbmp($new_image, $destination);
 				break;
+
+				case IMG_WEBP:
+					imagewebp($new_image, $destination);
+				break;
 			}
 
 			imagedestroy($new_image);
@@ -924,10 +975,10 @@ function load_drafts($topic_id = 0, $forum_id = 0, $id = 0, $pm_action = '', $ms
 			$topic_forum_id = ($topic_rows[$draft['topic_id']]['forum_id']) ? $topic_rows[$draft['topic_id']]['forum_id'] : $forum_id;
 
 			$link_topic = true;
-			$view_url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $topic_forum_id . '&t=' . $draft['topic_id']);
+			$view_url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", 't=' . $draft['topic_id']);
 			$title = $topic_rows[$draft['topic_id']]['topic_title'];
 
-			$insert_url = append_sid("{$phpbb_root_path}posting.$phpEx", 'f=' . $topic_forum_id . '&t=' . $draft['topic_id'] . '&mode=reply&d=' . $draft['draft_id']);
+			$insert_url = append_sid("{$phpbb_root_path}posting.$phpEx", 't=' . $draft['topic_id'] . '&mode=reply&d=' . $draft['draft_id']);
 		}
 		else if ($draft['forum_id'] && $auth->acl_get('f_read', $draft['forum_id']))
 		{
@@ -1147,7 +1198,7 @@ function topic_review($topic_id, $forum_id, $mode = 'topic_review', $cur_post_id
 		$post_subject = censor_text($post_subject);
 
 		$post_anchor = ($mode == 'post_review') ? 'ppr' . $row['post_id'] : 'pr' . $row['post_id'];
-		$u_show_post = append_sid($phpbb_root_path . 'viewtopic.' . $phpEx, "f=$forum_id&t=$topic_id&p={$row['post_id']}&view=show#p{$row['post_id']}");
+		$u_show_post = append_sid($phpbb_root_path . 'viewtopic.' . $phpEx, "t=$topic_id&p={$row['post_id']}&view=show#p{$row['post_id']}");
 
 		$l_deleted_message = '';
 		if ($row['post_visibility'] == ITEM_DELETED)
@@ -1196,7 +1247,7 @@ function topic_review($topic_id, $forum_id, $mode = 'topic_review', $cur_post_id
 			'POST_TIME'			=> $row['post_time'],
 			'USER_ID'			=> $row['user_id'],
 			'U_MINI_POST'		=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'p=' . $row['post_id']) . '#p' . $row['post_id'],
-			'U_MCP_DETAILS'		=> ($auth->acl_get('m_info', $forum_id)) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=main&mode=post_details&f=' . $forum_id . '&p=' . $row['post_id'], true, $user->session_id) : '',
+			'U_MCP_DETAILS'		=> ($auth->acl_get('m_info', $forum_id)) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=main&mode=post_details&p=' . $row['post_id'], true, $user->session_id) : '',
 			'POSTER_QUOTE'		=> ($show_quote_button && $auth->acl_get('f_reply', $forum_id)) ? addslashes(get_username_string('username', $poster_id, $row['username'], $row['user_colour'], $row['post_username'])) : '',
 		);
 
@@ -2490,27 +2541,35 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll_ary, &$data
 		}
 	}
 
-	$params = $add_anchor = '';
+	$params = [];
+	$add_anchor = '';
+	$url = "{$phpbb_root_path}viewtopic.$phpEx";
 
 	if ($post_visibility == ITEM_APPROVED ||
 		($auth->acl_get('m_softdelete', $data_ary['forum_id']) && $post_visibility == ITEM_DELETED) ||
 		($auth->acl_get('m_approve', $data_ary['forum_id']) && in_array($post_visibility, array(ITEM_UNAPPROVED, ITEM_REAPPROVE))))
 	{
-		$params .= '&t=' . $data_ary['topic_id'];
-
 		if ($mode != 'post')
 		{
-			$params .= '&p=' . $data_ary['post_id'];
+			$params['p'] = $data_ary['post_id'];
 			$add_anchor = '#p' . $data_ary['post_id'];
 		}
+		else
+		{
+			$params['t'] = $data_ary['topic_id'];
+		}
 	}
 	else if ($mode != 'post' && $post_mode != 'edit_first_post' && $post_mode != 'edit_topic')
 	{
-		$params .= '&t=' . $data_ary['topic_id'];
+		$params['t'] = $data_ary['topic_id'];
+	}
+	else
+	{
+		$url = "{$phpbb_root_path}viewforum.$phpEx";
+		$params['f'] = $data_ary['forum_id'];
 	}
 
-	$url = (!$params) ? "{$phpbb_root_path}viewforum.$phpEx" : "{$phpbb_root_path}viewtopic.$phpEx";
-	$url = append_sid($url, 'f=' . $data_ary['forum_id'] . $params) . $add_anchor;
+	$url = append_sid($url, $params) . $add_anchor;
 
 	$poll = $poll_ary;
 	$data = $data_ary;
@@ -2571,7 +2630,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll_ary, &$data
 *				- 'topic_last_poster_name'
 *				- 'topic_last_poster_colour'
 * @param int $bump_time The time at which topic was bumped, usually it is a current time as obtained via time().
-* @return string An URL to the bumped topic, example: ./viewtopic.php?forum_id=1&amptopic_id=2&ampp=3#p3
+* @return string An URL to the bumped topic, example: ./viewtopic.php?p=3#p3
 */
 function phpbb_bump_topic($forum_id, $topic_id, $post_data, $bump_time = false)
 {
@@ -2660,7 +2719,7 @@ function phpbb_bump_topic($forum_id, $topic_id, $post_data, $bump_time = false)
 		$post_data['topic_title']
 	));
 
-	$url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$forum_id&t=$topic_id&p={$post_data['topic_last_post_id']}") . "#p{$post_data['topic_last_post_id']}";
+	$url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "p={$post_data['topic_last_post_id']}") . "#p{$post_data['topic_last_post_id']}";
 
 	return $url;
 }
@@ -2791,7 +2850,7 @@ function phpbb_handle_post_delete($forum_id, $topic_id, $post_id, &$post_data, $
 					$delete_reason
 				));
 
-				$meta_info = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$forum_id&t=$topic_id&p=$next_post_id") . "#p$next_post_id";
+				$meta_info = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "p=$next_post_id") . "#p$next_post_id";
 				$message = $user->lang['POST_DELETED'];
 
 				if (!$request->is_ajax())

phpBB/includes/functions_user.php

@@ -425,7 +425,7 @@ function user_add($user_row, $cp_data = false, $notifications_data = null)
 /**
  * Delete user(s) and their related data
  *
- * @param string	$mode				Mode of posts deletion (retain|delete)
+ * @param string	$mode				Mode of posts deletion (retain|remove)
  * @param mixed		$user_ids			Either an array of integers or an integer
  * @param bool		$retain_username	True if username should be retained, false otherwise
  * @return bool
@@ -464,7 +464,7 @@ function user_delete($mode, $user_ids, $retain_username = true)
 	 * Event before of the performing of the user(s) delete action
 	 *
 	 * @event core.delete_user_before
-	 * @var string	mode				Mode of posts deletion (retain|delete)
+	 * @var string	mode				Mode of posts deletion (retain|remove)
 	 * @var array	user_ids			ID(s) of the user(s) bound to be deleted
 	 * @var bool	retain_username		True if username should be retained, false otherwise
 	 * @var array	user_rows			Array containing data of the user(s) bound to be deleted
@@ -774,7 +774,7 @@ function user_delete($mode, $user_ids, $retain_username = true)
 	 * Event after the user(s) delete action has been performed
 	 *
 	 * @event core.delete_user_after
-	 * @var string	mode				Mode of posts deletion (retain|delete)
+	 * @var string	mode				Mode of posts deletion (retain|remove)
 	 * @var array	user_ids			ID(s) of the deleted user(s)
 	 * @var bool	retain_username		True if username should be retained, false otherwise
 	 * @var array	user_rows			Array containing data of the deleted user(s)
@@ -797,6 +797,8 @@ function user_delete($mode, $user_ids, $retain_username = true)
 * Flips user_type from active to inactive and vice versa, handles group membership updates
 *
 * @param string $mode can be flip for flipping from active/inactive, activate or deactivate
+* @param array $user_id_ary
+* @param int $reason
 */
 function user_active_flip($mode, $user_id_ary, $reason = INACTIVE_MANUAL)
 {
@@ -919,6 +921,7 @@ function user_active_flip($mode, $user_id_ary, $reason = INACTIVE_MANUAL)
 * @param string $ban_len_other Ban length as a date (YYYY-MM-DD)
 * @param boolean $ban_exclude Exclude these entities from banning?
 * @param string $ban_reason String describing the reason for this ban
+* @param string $ban_give_reason
 * @return boolean
 */
 function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reason, $ban_give_reason = '')
@@ -1510,7 +1513,7 @@ function user_ipwhois($ip)
 		$ipwhois = (empty($buffer)) ? $ipwhois : $buffer;
 	}
 
-	$ipwhois = htmlspecialchars($ipwhois);
+	$ipwhois = htmlspecialchars($ipwhois, ENT_COMPAT);
 
 	// Magic URL ;)
 	return trim(make_clickable($ipwhois, false, ''));
@@ -1572,11 +1575,11 @@ function validate_string($string, $optional = false, $min = 0, $max = 0)
 		return false;
 	}
 
-	if ($min && utf8_strlen(htmlspecialchars_decode($string)) < $min)
+	if ($min && utf8_strlen(htmlspecialchars_decode($string, ENT_COMPAT)) < $min)
 	{
 		return 'TOO_SHORT';
 	}
-	else if ($max && utf8_strlen(htmlspecialchars_decode($string)) > $max)
+	else if ($max && utf8_strlen(htmlspecialchars_decode($string, ENT_COMPAT)) > $max)
 	{
 		return 'TOO_LONG';
 	}
@@ -1611,6 +1614,7 @@ function validate_num($num, $optional = false, $min = 0, $max = 1E99)
 /**
 * Validate Date
 * @param	string $date_string a date in the dd-mm-yyyy format
+* @param	bool $optional
 * @return	boolean
 */
 function validate_date($date_string, $optional = false)
@@ -1748,7 +1752,8 @@ function validate_username($username, $allowed_username = false, $allow_all_name
 	}
 
 	// ... fast checks first.
-	if (strpos($username, '&quot;') !== false || strpos($username, '"') !== false || empty($clean_username))
+	if (strpos($username, '&quot;') !== false || strpos($username, '"') !== false || empty($clean_username)
+		|| preg_match('/[\x{180E}\x{2005}-\x{200D}\x{202F}\x{205F}\x{2060}\x{FEFF}]/u', $username))
 	{
 		return 'INVALID_CHARS';
 	}
@@ -1882,6 +1887,7 @@ function validate_password($password)
 * Check to see if email address is a valid address and contains a MX record
 *
 * @param string $email The email to check
+* @param $config
 *
 * @return mixed Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
 */
@@ -3621,7 +3627,8 @@ function group_update_listings($group_id)
 /**
 * Funtion to make a user leave the NEWLY_REGISTERED system group.
 * @access public
-* @param $user_id The id of the user to remove from the group
+* @param int $user_id The id of the user to remove from the group
+* @param mixed $user_data The id of the user to remove from the group
 */
 function remove_newly_registered($user_id, $user_data = false)
 {

phpBB/includes/mcp/mcp_forum.php

@@ -166,12 +166,13 @@ function mcp_forum_view($id, $mode, $action, $forum_info)
 
 	if ($config['load_db_lastread'])
 	{
-		$read_tracking_join = ' LEFT JOIN ' . TOPICS_TRACK_TABLE . ' tt ON (tt.topic_id = t.topic_id AND tt.user_id = ' . $user->data['user_id'] . ')';
-		$read_tracking_select = ', tt.mark_time';
+		$sql_read_tracking['LEFT_JOIN'][] = ['FROM' => [TOPICS_TRACK_TABLE => 'tt'], 'ON' => 'tt.topic_id = t.topic_id AND tt.user_id = ' . $user->data['user_id']];
+		$sql_read_tracking['SELECT'] = ', tt.mark_time';
 	}
 	else
 	{
-		$read_tracking_join = $read_tracking_select = '';
+		$sql_read_tracking['LEFT_JOIN'] = [];
+		$sql_read_tracking['SELECT'] = '';
 	}
 
 	/* @var $phpbb_content_visibility \phpbb\content_visibility */
@@ -209,10 +210,31 @@ function mcp_forum_view($id, $mode, $action, $forum_info)
 	}
 	$db->sql_freeresult($result);
 
-	$sql = "SELECT t.*$read_tracking_select
-		FROM " . TOPICS_TABLE . " t $read_tracking_join
-		WHERE " . $db->sql_in_set('t.topic_id', $topic_list, false, true);
+	$sql_ary = [
+		'SELECT'	=> 't.*' . $sql_read_tracking['SELECT'],
+		'FROM'		=> [TOPICS_TABLE => 't'],
+		'LEFT_JOIN'	=> $sql_read_tracking['LEFT_JOIN'],
+		'WHERE'		=> $db->sql_in_set('t.topic_id', $topic_list, false, true),
+	];
 
+	/**
+	* Event to modify SQL query before MCP forum topic data is queried
+	*
+	* @event core.mcp_forum_topic_data_modify_sql
+	* @var	array	sql_ary		SQL query array to get the MCP forum topic data
+	* @var	int		forum_id	The forum ID
+	* @var	array	topic_list	The array of MCP forum topic IDs
+	*
+	* @since 3.3.4-RC1
+	*/
+	$vars = [
+		'sql_ary',
+		'forum_id',
+		'topic_list',
+	];
+	extract($phpbb_dispatcher->trigger_event('core.mcp_forum_topic_data_modify_sql', compact($vars)));
+
+	$sql = $db->sql_build_query('SELECT', $sql_ary);
 	$result = $db->sql_query($sql);
 	while ($row_ary = $db->sql_fetchrow($result))
 	{
@@ -520,8 +542,8 @@ function merge_topics($forum_id, $topic_ids, $to_topic_id)
 		sync('forum', 'forum_id', $sync_forums, true, true);
 
 		// Link to the new topic
-		$return_link .= (($return_link) ? '<br /><br />' : '') . sprintf($user->lang['RETURN_NEW_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $to_forum_id . '&amp;t=' . $to_topic_id) . '">', '</a>');
-		$redirect = $request->variable('redirect', "{$phpbb_root_path}viewtopic.$phpEx?f=$to_forum_id&amp;t=$to_topic_id");
+		$return_link .= (($return_link) ? '<br /><br />' : '') . sprintf($user->lang['RETURN_NEW_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", 't=' . $to_topic_id) . '">', '</a>');
+		$redirect = $request->variable('redirect', "{$phpbb_root_path}viewtopic.$phpEx?t=$to_topic_id");
 		$redirect = reapply_sid($redirect);
 
 		/**

phpBB/includes/mcp/mcp_front.php

@@ -105,7 +105,7 @@ function mcp_front_view($id, $mode, $action)
 			* @var	int		total						Number of unapproved posts
 			* @var	array	post_list					List of unapproved posts
 			* @var	array	forum_list					List of forums that contain the posts
-			* @var	array	forum_names					Associative array with forum_id as key and it's corresponding forum_name as value
+			* @var	array	forum_names					Associative array with forum_id as key and its corresponding forum_name as value
 			* @since 3.1.0-RC3
 			*/
 			$vars = array('total', 'post_list', 'forum_list', 'forum_names');
@@ -119,16 +119,37 @@ function mcp_front_view($id, $mode, $action)
 						AND t.topic_id = p.topic_id
 						AND p.poster_id = u.user_id
 					ORDER BY p.post_time DESC, p.post_id DESC';
+
+				/**
+				 * Alter posts data SQL query
+				 *
+				 * @event core.mcp_front_view_modify_posts_data_sql
+				 * @var	array	forum_list		List of forums that contain the posts
+				 * @var	array	forum_names		Associative array with forum_id as key and its corresponding forum_name as value
+				 * @var	array	post_list		List of unapproved posts
+				 * @var	string	sql				String with the SQL query to be executed
+				 * @var	int		total			Number of unapproved posts
+				 * @since 3.3.5-RC1
+				 */
+				$vars = [
+					'forum_list',
+					'forum_names',
+					'post_list',
+					'sql',
+					'total',
+				];
+				extract($phpbb_dispatcher->trigger_event('core.mcp_front_view_modify_posts_data_sql', compact($vars)));
+
 				$result = $db->sql_query($sql);
 
 				while ($row = $db->sql_fetchrow($result))
 				{
-					$template->assign_block_vars('unapproved', array(
-						'U_POST_DETAILS'	=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue&mode=approve_details&f=' . $row['forum_id'] . '&p=' . $row['post_id']),
+					$unapproved_post_row = [
+						'U_POST_DETAILS'	=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue&mode=approve_details&p=' . $row['post_id']),
 						'U_MCP_FORUM'		=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=main&mode=forum_view&f=' . $row['forum_id']),
-						'U_MCP_TOPIC'		=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=main&mode=topic_view&f=' . $row['forum_id'] . '&t=' . $row['topic_id']),
+						'U_MCP_TOPIC'		=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=main&mode=topic_view&t=' . $row['topic_id']),
 						'U_FORUM'			=> append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $row['forum_id']),
-						'U_TOPIC'			=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $row['forum_id'] . '&t=' . $row['topic_id']),
+						'U_TOPIC'			=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", 't=' . $row['topic_id']),
 
 						'AUTHOR_FULL'		=> get_username_string('full', $row['poster_id'], $row['username'], $row['user_colour']),
 						'AUTHOR'			=> get_username_string('username', $row['poster_id'], $row['username'], $row['user_colour']),
@@ -141,7 +162,27 @@ function mcp_front_view($id, $mode, $action)
 						'SUBJECT'		=> ($row['post_subject']) ? $row['post_subject'] : $user->lang['NO_SUBJECT'],
 						'POST_TIME'		=> $user->format_date($row['post_time']),
 						'ATTACH_ICON_IMG'	=> ($auth->acl_get('u_download') && $auth->acl_get('f_download', $row['forum_id']) && $row['post_attachment']) ? $user->img('icon_topic_attach', $user->lang['TOTAL_ATTACHMENTS']) : '',
-					));
+					];
+
+					/**
+					 * Alter unapproved posts template block for MCP front page
+					 *
+					 * @event core.mcp_front_view_modify_unapproved_post_row
+					 * @var	array	forum_names				Array containing forum names
+					 * @var	string	mode					MCP front view mode
+					 * @var	array	row						Array with unapproved post data
+					 * @var	array	unapproved_post_row		Template block array of the unapproved post
+					 * @since 3.3.5-RC1
+					 */
+					$vars = [
+						'forum_names',
+						'mode',
+						'row',
+						'unapproved_post_row',
+					];
+					extract($phpbb_dispatcher->trigger_event('core.mcp_front_view_modify_unapproved_post_row', compact($vars)));
+
+					$template->assign_block_vars('unapproved', $unapproved_post_row);
 				}
 				$db->sql_freeresult($result);
 			}
@@ -238,12 +279,12 @@ function mcp_front_view($id, $mode, $action)
 
 				while ($row = $db->sql_fetchrow($result))
 				{
-					$template->assign_block_vars('report', array(
-						'U_POST_DETAILS'	=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'f=' . $row['forum_id'] . '&p=' . $row['post_id'] . "&i=reports&mode=report_details"),
+					$reported_post_row = [
+						'U_POST_DETAILS'	=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'p=' . $row['post_id'] . "&i=reports&mode=report_details"),
 						'U_MCP_FORUM'		=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'f=' . $row['forum_id'] . "&i=$id&mode=forum_view"),
-						'U_MCP_TOPIC'		=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'f=' . $row['forum_id'] . '&t=' . $row['topic_id'] . "&i=$id&mode=topic_view"),
+						'U_MCP_TOPIC'		=> append_sid("{$phpbb_root_path}mcp.$phpEx", 't=' . $row['topic_id'] . "&i=$id&mode=topic_view"),
 						'U_FORUM'			=> append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $row['forum_id']),
-						'U_TOPIC'			=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $row['forum_id'] . '&t=' . $row['topic_id']),
+						'U_TOPIC'			=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", 't=' . $row['topic_id']),
 
 						'REPORTER_FULL'		=> get_username_string('full', $row['user_id'], $row['username'], $row['user_colour']),
 						'REPORTER'			=> get_username_string('username', $row['user_id'], $row['username'], $row['user_colour']),
@@ -261,7 +302,27 @@ function mcp_front_view($id, $mode, $action)
 						'REPORT_TIME'	=> $user->format_date($row['report_time']),
 						'POST_TIME'		=> $user->format_date($row['post_time']),
 						'ATTACH_ICON_IMG'	=> ($auth->acl_get('u_download') && $auth->acl_get('f_download', $row['forum_id']) && $row['post_attachment']) ? $user->img('icon_topic_attach', $user->lang['TOTAL_ATTACHMENTS']) : '',
-					));
+					];
+
+					/**
+					 * Alter reported posts template block for MCP front page
+					 *
+					 * @event core.mcp_front_view_modify_reported_post_row
+					 * @var	array	forum_list			List of forums that contain the posts
+					 * @var	string	mode				MCP front view mode
+					 * @var	array	reported_post_row	Template block array of the reported post
+					 * @var	array	row					Array with reported post data
+					 * @since 3.3.5-RC1
+					 */
+					$vars = [
+						'forum_list',
+						'mode',
+						'reported_post_row',
+						'row',
+					];
+					extract($phpbb_dispatcher->trigger_event('core.mcp_front_view_modify_reported_post_row', compact($vars)));
+
+					$template->assign_block_vars('report', $reported_post_row);
 				}
 				$db->sql_freeresult($result);
 			}

phpBB/includes/mcp/mcp_logs.php

@@ -179,7 +179,7 @@ class mcp_logs
 		$sql_sort = $sort_by_sql[$sort_key] . ' ' . (($sort_dir == 'd') ? 'DESC' : 'ASC');
 
 		$keywords = $request->variable('keywords', '', true);
-		$keywords_param = !empty($keywords) ? '&keywords=' . urlencode(htmlspecialchars_decode($keywords)) : '';
+		$keywords_param = !empty($keywords) ? '&keywords=' . urlencode(htmlspecialchars_decode($keywords, ENT_COMPAT)) : '';
 
 		// Grab log data
 		$log_data = array();

phpBB/includes/mcp/mcp_main.php

@@ -1171,7 +1171,7 @@ function mcp_delete_post($post_ids, $is_soft = false, $soft_delete_reason = '',
 		$return_link = array();
 		if ($affected_topics == 1 && $topic_id)
 		{
-			$return_link[] = sprintf($user->lang['RETURN_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$forum_id&amp;t=$topic_id") . '">', '</a>');
+			$return_link[] = sprintf($user->lang['RETURN_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", "t=$topic_id") . '">', '</a>');
 		}
 		$return_link[] = sprintf($user->lang['RETURN_FORUM'], '<a href="' . append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_id) . '">', '</a>');
 
@@ -1230,7 +1230,7 @@ function mcp_delete_post($post_ids, $is_soft = false, $soft_delete_reason = '',
 		$return_link = array();
 		if ($affected_topics == 1 && !$deleted_topics && $topic_id)
 		{
-			$return_link[] = sprintf($user->lang['RETURN_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$forum_id&amp;t=$topic_id") . '">', '</a>');
+			$return_link[] = sprintf($user->lang['RETURN_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", "t=$topic_id") . '">', '</a>');
 		}
 		$return_link[] = sprintf($user->lang['RETURN_FORUM'], '<a href="' . append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_id) . '">', '</a>');
 
@@ -1563,6 +1563,26 @@ function mcp_fork_topic($topic_ids)
 						$counter[$row['poster_id']] = 1;
 					}
 				}
+
+				/**
+				* Modify the forked post's sql array before it's inserted into the database.
+				*
+				* @event core.mcp_main_modify_fork_post_sql
+				* @var	int		new_topic_id	The newly created topic ID
+				* @var	int		to_forum_id		The forum ID where the forked topic has been moved to
+				* @var	array	sql_ary			SQL Array with the post's data
+				* @var	array	row				Post data
+				* @var	array	counter			Array with post counts
+				* @since 3.3.5-RC1
+				*/
+				$vars = [
+					'new_topic_id',
+					'to_forum_id',
+					'sql_ary',
+					'row',
+					'counter',
+				];
+				extract($phpbb_dispatcher->trigger_event('core.mcp_main_modify_fork_post_sql', compact($vars)));
 				$db->sql_query('INSERT INTO ' . POSTS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary));
 				$new_post_id = $db->sql_nextid();
 

phpBB/includes/mcp/mcp_notes.php

@@ -206,7 +206,7 @@ class mcp_notes
 		$sql_sort = $sort_by_sql[$sk] . ' ' . (($sd == 'd') ? 'DESC' : 'ASC');
 
 		$keywords = $request->variable('keywords', '', true);
-		$keywords_param = !empty($keywords) ? '&keywords=' . urlencode(htmlspecialchars_decode($keywords)) : '';
+		$keywords_param = !empty($keywords) ? '&keywords=' . urlencode(htmlspecialchars_decode($keywords, ENT_COMPAT)) : '';
 
 		$log_data = array();
 		$log_count = 0;

phpBB/includes/mcp/mcp_post.php

@@ -220,7 +220,7 @@ function mcp_post_details($id, $mode, $action)
 	$mcp_post_template_data = array(
 		'U_MCP_ACTION'			=> "$url&i=main&quickmod=1&mode=post_details", // Use this for mode paramaters
 		'U_POST_ACTION'			=> "$url&i=$id&mode=post_details", // Use this for action parameters
-		'U_APPROVE_ACTION'		=> append_sid("{$phpbb_root_path}mcp.$phpEx", "i=queue&p=$post_id&f={$post_info['forum_id']}"),
+		'U_APPROVE_ACTION'		=> append_sid("{$phpbb_root_path}mcp.$phpEx", "i=queue&p=$post_id"),
 
 		'S_CAN_VIEWIP'			=> $auth->acl_get('m_info', $post_info['forum_id']),
 		'S_CAN_CHGPOSTER'		=> $auth->acl_get('m_chgposter', $post_info['forum_id']),
@@ -236,18 +236,18 @@ function mcp_post_details($id, $mode, $action)
 		'DELETED_MESSAGE'		=> $l_deleted_by,
 		'DELETE_REASON'			=> $post_info['post_delete_reason'],
 
-		'U_EDIT'				=> ($auth->acl_get('m_edit', $post_info['forum_id'])) ? append_sid("{$phpbb_root_path}posting.$phpEx", "mode=edit&f={$post_info['forum_id']}&p={$post_info['post_id']}") : '',
+		'U_EDIT'				=> ($auth->acl_get('m_edit', $post_info['forum_id'])) ? append_sid("{$phpbb_root_path}posting.$phpEx", "mode=edit&p={$post_info['post_id']}") : '',
 		'U_FIND_USERNAME'		=> append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=mcp_chgposter&field=username&select_single=true'),
-		'U_MCP_APPROVE'			=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue&mode=approve_details&f=' . $post_info['forum_id'] . '&p=' . $post_id),
-		'U_MCP_REPORT'			=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=reports&mode=report_details&f=' . $post_info['forum_id'] . '&p=' . $post_id),
+		'U_MCP_APPROVE'			=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue&mode=approve_details&p=' . $post_id),
+		'U_MCP_REPORT'			=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=reports&mode=report_details&p=' . $post_id),
 		'U_MCP_USER_NOTES'		=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=notes&mode=user_notes&u=' . $post_info['user_id']),
 		'U_MCP_WARN_USER'		=> ($auth->acl_get('m_warn')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=warn&mode=warn_user&u=' . $post_info['user_id']) : '',
-		'U_VIEW_POST'			=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $post_info['forum_id'] . '&p=' . $post_info['post_id'] . '#p' . $post_info['post_id']),
-		'U_VIEW_TOPIC'			=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $post_info['forum_id'] . '&t=' . $post_info['topic_id']),
+		'U_VIEW_POST'			=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'p=' . $post_info['post_id'] . '#p' . $post_info['post_id']),
+		'U_VIEW_TOPIC'			=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", 't=' . $post_info['topic_id']),
 
 		'MINI_POST_IMG'			=> ($post_unread) ? $user->img('icon_post_target_unread', 'UNREAD_POST') : $user->img('icon_post_target', 'POST'),
 
-		'RETURN_TOPIC'			=> sprintf($user->lang['RETURN_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f={$post_info['forum_id']}&amp;p=$post_id") . "#p$post_id\">", '</a>'),
+		'RETURN_TOPIC'			=> sprintf($user->lang['RETURN_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", "p=$post_id") . "#p$post_id\">", '</a>'),
 		'RETURN_FORUM'			=> sprintf($user->lang['RETURN_FORUM'], '<a href="' . append_sid("{$phpbb_root_path}viewforum.$phpEx", "f={$post_info['forum_id']}&amp;start={$start}") . '">', '</a>'),
 		'REPORTED_IMG'			=> $user->img('icon_topic_reported', $user->lang['POST_REPORTED']),
 		'UNAPPROVED_IMG'		=> $user->img('icon_topic_unapproved', $user->lang['POST_UNAPPROVED']),

phpBB/includes/mcp/mcp_queue.php

@@ -278,12 +278,12 @@ class mcp_queue
 					$l_deleted_by = '';
 				}
 
-				$post_url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $post_info['forum_id'] . '&p=' . $post_info['post_id'] . '#p' . $post_info['post_id']);
-				$topic_url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $post_info['forum_id'] . '&t=' . $post_info['topic_id']);
+				$post_url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'p=' . $post_info['post_id'] . '#p' . $post_info['post_id']);
+				$topic_url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", 't=' . $post_info['topic_id']);
 
 				$post_data = array(
 					'S_MCP_QUEUE'			=> true,
-					'U_APPROVE_ACTION'		=> append_sid("{$phpbb_root_path}mcp.$phpEx", "i=queue&p=$post_id&f=$forum_id"),
+					'U_APPROVE_ACTION'		=> append_sid("{$phpbb_root_path}mcp.$phpEx", "i=queue&p=$post_id"),
 					'S_CAN_DELETE_POST'		=> $auth->acl_get('m_delete', $post_info['forum_id']),
 					'S_CAN_VIEWIP'			=> $auth->acl_get('m_info', $post_info['forum_id']),
 					'S_POST_REPORTED'		=> $post_info['post_reported'],
@@ -294,9 +294,9 @@ class mcp_queue
 					'DELETED_MESSAGE'		=> $l_deleted_by,
 					'DELETE_REASON'			=> $post_info['post_delete_reason'],
 
-					'U_EDIT'				=> ($auth->acl_get('m_edit', $post_info['forum_id'])) ? append_sid("{$phpbb_root_path}posting.$phpEx", "mode=edit&f={$post_info['forum_id']}&p={$post_info['post_id']}") : '',
-					'U_MCP_APPROVE'			=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue&mode=approve_details&f=' . $post_info['forum_id'] . '&p=' . $post_id),
-					'U_MCP_REPORT'			=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=reports&mode=report_details&f=' . $post_info['forum_id'] . '&p=' . $post_id),
+					'U_EDIT'				=> ($auth->acl_get('m_edit', $post_info['forum_id'])) ? append_sid("{$phpbb_root_path}posting.$phpEx", "mode=edit&p={$post_info['post_id']}") : '',
+					'U_MCP_APPROVE'			=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue&mode=approve_details&p=' . $post_id),
+					'U_MCP_REPORT'			=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=reports&mode=report_details&p=' . $post_id),
 					'U_MCP_USER_NOTES'		=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=notes&mode=user_notes&u=' . $post_info['user_id']),
 					'U_MCP_WARN_USER'		=> ($auth->acl_get('m_warn')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=warn&mode=warn_user&u=' . $post_info['user_id']) : '',
 					'U_VIEW_POST'			=> $post_url,
@@ -324,7 +324,7 @@ class mcp_queue
 					'POST_ID'				=> $post_info['post_id'],
 					'S_FIRST_POST'			=> ($post_info['topic_first_post_id'] == $post_id),
 
-					'U_LOOKUP_IP'			=> ($auth->acl_get('m_info', $post_info['forum_id'])) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue&mode=approve_details&f=' . $post_info['forum_id'] . '&p=' . $post_id . '&lookup=' . $post_info['poster_ip']) . '#ip' : '',
+					'U_LOOKUP_IP'			=> ($auth->acl_get('m_info', $post_info['forum_id'])) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue&mode=approve_details&p=' . $post_id . '&lookup=' . $post_info['poster_ip']) . '#ip' : '',
 				);
 
 				/**
@@ -614,10 +614,10 @@ class mcp_queue
 					}
 
 					$post_row = array(
-						'U_TOPIC'			=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $row['forum_id'] . '&t=' . $row['topic_id']),
+						'U_TOPIC'			=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", 't=' . $row['topic_id']),
 						'U_VIEWFORUM'		=> append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $row['forum_id']),
-						'U_VIEWPOST'		=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $row['forum_id'] . '&p=' . $row['post_id']) . (($mode == 'unapproved_posts') ? '#p' . $row['post_id'] : ''),
-						'U_VIEW_DETAILS'	=> append_sid("{$phpbb_root_path}mcp.$phpEx", "i=queue&start=$start&mode=approve_details&f={$row['forum_id']}&p={$row['post_id']}" . (($mode == 'unapproved_topics') ? "&t={$row['topic_id']}" : '')),
+						'U_VIEWPOST'		=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'p=' . $row['post_id']) . (($mode == 'unapproved_posts') ? '#p' . $row['post_id'] : ''),
+						'U_VIEW_DETAILS'	=> append_sid("{$phpbb_root_path}mcp.$phpEx", "i=queue&start=$start&mode=approve_details&p={$row['post_id']}" . (($mode == 'unapproved_topics') ? "&t={$row['topic_id']}" : '')),
 
 						'POST_AUTHOR_FULL'		=> get_username_string('full', $row['poster_id'], $row['username'], $row['user_colour'], $row['post_username']),
 						'POST_AUTHOR_COLOUR'	=> get_username_string('colour', $row['poster_id'], $row['username'], $row['user_colour'], $row['post_username']),
@@ -746,7 +746,7 @@ class mcp_queue
 					$topic_info[$topic_id]['last_post'] = true;
 				}
 
-				$post_url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f={$post_data['forum_id']}&t={$post_data['topic_id']}&p={$post_data['post_id']}") . '#p' . $post_data['post_id'];
+				$post_url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "p={$post_data['post_id']}") . '#p' . $post_data['post_id'];
 
 				$approve_log[] = array(
 					'forum_id'		=> $post_data['forum_id'],
@@ -984,7 +984,7 @@ class mcp_queue
 				$phpbb_content_visibility->set_topic_visibility(ITEM_APPROVED, $topic_id, $topic_data['forum_id'], $user->data['user_id'], time(), '');
 				$first_post_ids[$topic_id] = (int) $topic_data['topic_first_post_id'];
 
-				$topic_url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f={$topic_data['forum_id']}&t={$topic_id}");
+				$topic_url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "t={$topic_id}");
 
 				$approve_log[] = array(
 					'forum_id'		=> $topic_data['forum_id'],
@@ -1430,7 +1430,7 @@ class mcp_queue
 				{
 					// However this is only possible if the topic still exists,
 					// Otherwise we go back to the viewforum page
-					$redirect = append_sid($phpbb_root_path . 'viewforum.' . $phpEx, 'f=' . $request->variable('f', 0));
+					$redirect = append_sid($phpbb_root_path . 'viewforum.' . $phpEx, 'f=' . $post_data['forum_id']);
 				}
 			}
 

phpBB/includes/mcp/mcp_reports.php

@@ -251,7 +251,7 @@ class mcp_reports
 				// So it can be sent through the event below.
 				$report_template = array(
 					'S_MCP_REPORT'			=> true,
-					'S_CLOSE_ACTION'		=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=reports&mode=report_details&f=' . $post_info['forum_id'] . '&p=' . $post_id),
+					'S_CLOSE_ACTION'		=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=reports&mode=report_details&p=' . $post_id),
 					'S_CAN_VIEWIP'			=> $auth->acl_get('m_info', $post_info['forum_id']),
 					'S_POST_REPORTED'		=> $post_info['post_reported'],
 					'S_POST_UNAPPROVED'		=> $post_info['post_visibility'] == ITEM_UNAPPROVED || $post_info['post_visibility'] == ITEM_REAPPROVE,
@@ -259,16 +259,16 @@ class mcp_reports
 					'S_REPORT_CLOSED'		=> $report['report_closed'],
 					'S_USER_NOTES'			=> true,
 
-					'U_EDIT'					=> ($auth->acl_get('m_edit', $post_info['forum_id'])) ? append_sid("{$phpbb_root_path}posting.$phpEx", "mode=edit&f={$post_info['forum_id']}&p={$post_info['post_id']}") : '',
-					'U_MCP_APPROVE'				=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue&mode=approve_details&f=' . $post_info['forum_id'] . '&p=' . $post_id),
-					'U_MCP_REPORT'				=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=reports&mode=report_details&f=' . $post_info['forum_id'] . '&p=' . $post_id),
+					'U_EDIT'					=> ($auth->acl_get('m_edit', $post_info['forum_id'])) ? append_sid("{$phpbb_root_path}posting.$phpEx", "mode=edit&p={$post_info['post_id']}") : '',
+					'U_MCP_APPROVE'				=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue&mode=approve_details&p=' . $post_id),
+					'U_MCP_REPORT'				=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=reports&mode=report_details&p=' . $post_id),
 					'U_MCP_REPORTER_NOTES'		=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=notes&mode=user_notes&u=' . $report['user_id']),
 					'U_MCP_USER_NOTES'			=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=notes&mode=user_notes&u=' . $post_info['user_id']),
 					'U_MCP_WARN_REPORTER'		=> ($auth->acl_get('m_warn')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=warn&mode=warn_user&u=' . $report['user_id']) : '',
 					'U_MCP_WARN_USER'			=> ($auth->acl_get('m_warn')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=warn&mode=warn_user&u=' . $post_info['user_id']) : '',
 					'U_VIEW_FORUM'				=> append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $post_info['forum_id']),
-					'U_VIEW_POST'				=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $post_info['forum_id'] . '&p=' . $post_info['post_id'] . '#p' . $post_info['post_id']),
-					'U_VIEW_TOPIC'				=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $post_info['forum_id'] . '&t=' . $post_info['topic_id']),
+					'U_VIEW_POST'				=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'p=' . $post_info['post_id'] . '#p' . $post_info['post_id']),
+					'U_VIEW_TOPIC'				=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", 't=' . $post_info['topic_id']),
 
 					'EDIT_IMG'				=> $user->img('icon_post_edit', $user->lang['EDIT_POST']),
 					'MINI_POST_IMG'			=> ($post_unread) ? $user->img('icon_post_target_unread', 'UNREAD_POST') : $user->img('icon_post_target', 'POST'),
@@ -300,7 +300,7 @@ class mcp_reports
 					'POST_ID'				=> $post_info['post_id'],
 					'SIGNATURE'				=> $post_info['user_sig'],
 
-					'U_LOOKUP_IP'			=> ($auth->acl_get('m_info', $post_info['forum_id'])) ? $this->u_action . '&r=' . $report_id . '&p=' . $post_id . '&f=' . $forum_id . '&lookup=' . $post_info['poster_ip'] . '#ip' : '',
+					'U_LOOKUP_IP'			=> ($auth->acl_get('m_info', $post_info['forum_id'])) ? $this->u_action . '&r=' . $report_id . '&p=' . $post_id . '&lookup=' . $post_info['poster_ip'] . '#ip' : '',
 				);
 
 				/**
@@ -493,14 +493,33 @@ class mcp_reports
 							AND ru.user_id = r.user_id
 							AND r.pm_id = 0
 						ORDER BY ' . $sort_order_sql;
+
+					/**
+					 * Alter sql query to get reports data for requested forum and topic or just forum
+					 *
+					 * @event core.mcp_reports_modify_reports_data_sql
+					 * @var	string	sql						String with the query to be executed
+					 * @var	array	forum_list				List of forums that contain the posts
+					 * @var	int		topic_id				topic_id in the page request
+					 * @var	string	sort_order_sql			String with the ORDER BY SQL code used in this query
+					 * @since 3.3.5-RC1
+					 */
+					$vars = [
+						'sql',
+						'forum_list',
+						'topic_id',
+						'sort_order_sql',
+					];
+					extract($phpbb_dispatcher->trigger_event('core.mcp_reports_modify_reports_data_sql', compact($vars)));
+
 					$result = $db->sql_query($sql);
 
 					while ($row = $db->sql_fetchrow($result))
 					{
-						$template->assign_block_vars('postrow', array(
+						$post_row = [
 							'U_VIEWFORUM'				=> append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $row['forum_id']),
-							'U_VIEWPOST'				=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $row['forum_id'] . '&p=' . $row['post_id']) . '#p' . $row['post_id'],
-							'U_VIEW_DETAILS'			=> append_sid("{$phpbb_root_path}mcp.$phpEx", "i=reports&start=$start&mode=report_details&f={$row['forum_id']}&r={$row['report_id']}"),
+							'U_VIEWPOST'				=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'p=' . $row['post_id']) . '#p' . $row['post_id'],
+							'U_VIEW_DETAILS'			=> append_sid("{$phpbb_root_path}mcp.$phpEx", "i=reports&start=$start&mode=report_details&r={$row['report_id']}"),
 
 							'POST_AUTHOR_FULL'		=> get_username_string('full', $row['poster_id'], $row['username'], $row['user_colour'], $row['post_username']),
 							'POST_AUTHOR_COLOUR'	=> get_username_string('colour', $row['poster_id'], $row['username'], $row['user_colour'], $row['post_username']),
@@ -520,13 +539,37 @@ class mcp_reports
 							'REPORT_TIME'	=> $user->format_date($row['report_time']),
 							'TOPIC_TITLE'	=> $row['topic_title'],
 							'ATTACH_ICON_IMG'	=> ($auth->acl_get('u_download') && $auth->acl_get('f_download', $row['forum_id']) && $row['post_attachment']) ? $user->img('icon_topic_attach', $user->lang['TOTAL_ATTACHMENTS']) : '',
-						));
+						];
+
+						/**
+						 * Alter posts template block for MCP reports
+						 *
+						 * @event core.mcp_reports_modify_post_row
+						 * @var	string	mode		Post report mode
+						 * @var	array	forum_data	Array containing forum data
+						 * @var	array	post_row	Template block array of the post
+						 * @var	array	row			Array with original post and report data
+						 * @var	int		start		Start item of this page
+						 * @var	int		topic_id	topic_id in the page request
+						 * @since 3.3.5-RC1
+						 */
+						$vars = [
+							'mode',
+							'forum_data',
+							'post_row',
+							'row',
+							'start',
+							'topic_id',
+						];
+						extract($phpbb_dispatcher->trigger_event('core.mcp_reports_modify_post_row', compact($vars)));
+
+						$template->assign_block_vars('postrow', $post_row);
 					}
 					$db->sql_freeresult($result);
 					unset($report_ids, $row);
 				}
 
-				$base_url = $this->u_action . "&f=$forum_id&t=$topic_id&st=$sort_days&sk=$sort_key&sd=$sort_dir";
+				$base_url = $this->u_action . "&t=$topic_id&st=$sort_days&sk=$sort_key&sd=$sort_dir";
 				$pagination->generate_template_pagination($base_url, 'pagination', 'start', $total, $config['topics_per_page'], $start);
 
 				// Now display the page
@@ -830,7 +873,7 @@ function close_report($report_id_list, $mode, $action, $pm = false)
 
 			if (count($topic_ids) === 1)
 			{
-				$return_topic = sprintf($user->lang['RETURN_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", 't=' . current($topic_ids) . '&amp;f=' . current($forum_ids)) . '">', '</a>') . '<br /><br />';
+				$return_topic = sprintf($user->lang['RETURN_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", 't=' . current($topic_ids)) . '">', '</a>') . '<br /><br />';
 			}
 		}
 

phpBB/includes/mcp/mcp_topic.php

@@ -288,9 +288,9 @@ function mcp_topic_view($id, $mode, $action)
 			'S_CHECKED'			=> (($submitted_id_list && !in_array(intval($row['post_id']), $submitted_id_list)) || in_array(intval($row['post_id']), $checked_ids)) ? true : false,
 			'S_HAS_ATTACHMENTS'	=> (!empty($attachments[$row['post_id']])) ? true : false,
 
-			'U_POST_DETAILS'	=> "$url&i=$id&p={$row['post_id']}&mode=post_details" . (($forum_id) ? "&f=$forum_id" : ''),
-			'U_MCP_APPROVE'		=> ($auth->acl_get('m_approve', $topic_info['forum_id'])) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue&mode=approve_details&f=' . $topic_info['forum_id'] . '&p=' . $row['post_id']) : '',
-			'U_MCP_REPORT'		=> ($auth->acl_get('m_report', $topic_info['forum_id'])) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=reports&mode=report_details&f=' . $topic_info['forum_id'] . '&p=' . $row['post_id']) : '',
+			'U_POST_DETAILS'	=> "$url&i=$id&p={$row['post_id']}&mode=post_details",
+			'U_MCP_APPROVE'		=> ($auth->acl_get('m_approve', $topic_info['forum_id'])) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue&mode=approve_details&p=' . $row['post_id']) : '',
+			'U_MCP_REPORT'		=> ($auth->acl_get('m_report', $topic_info['forum_id'])) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=reports&mode=report_details&p=' . $row['post_id']) : '',
 		);
 
 		/**
@@ -379,12 +379,12 @@ function mcp_topic_view($id, $mode, $action)
 		$pagination->generate_template_pagination($base_url, 'pagination', 'start', $total, $posts_per_page, $start);
 	}
 
-	$template->assign_vars(array(
+	$topic_row = [
 		'TOPIC_TITLE'		=> $topic_info['topic_title'],
-		'U_VIEW_TOPIC'		=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $topic_info['forum_id'] . '&t=' . $topic_info['topic_id']),
+		'U_VIEW_TOPIC'		=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", 't=' . $topic_info['topic_id']),
 
 		'TO_TOPIC_ID'		=> $to_topic_id,
-		'TO_TOPIC_INFO'		=> ($to_topic_id) ? sprintf($user->lang['YOU_SELECTED_TOPIC'], $to_topic_id, '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $to_topic_info['forum_id'] . '&amp;t=' . $to_topic_id) . '">' . $to_topic_info['topic_title'] . '</a>') : '',
+		'TO_TOPIC_INFO'		=> ($to_topic_id) ? sprintf($user->lang['YOU_SELECTED_TOPIC'], $to_topic_id, '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", 't=' . $to_topic_id) . '">' . $to_topic_info['topic_title'] . '</a>') : '',
 
 		'SPLIT_SUBJECT'		=> $subject,
 		'POSTS_PER_PAGE'	=> $posts_per_page,
@@ -416,11 +416,53 @@ function mcp_topic_view($id, $mode, $action)
 
 		'U_SELECT_TOPIC'	=> "$url&amp;i=$id&amp;mode=forum_view&amp;action=merge_select" . (($forum_id) ? "&amp;f=$forum_id" : ''),
 
-		'RETURN_TOPIC'		=> sprintf($user->lang['RETURN_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f={$topic_info['forum_id']}&amp;t={$topic_info['topic_id']}&amp;start=$start") . '">', '</a>'),
+		'RETURN_TOPIC'		=> sprintf($user->lang['RETURN_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", "t={$topic_info['topic_id']}&amp;start=$start") . '">', '</a>'),
 		'RETURN_FORUM'		=> sprintf($user->lang['RETURN_FORUM'], '<a href="' . append_sid("{$phpbb_root_path}viewforum.$phpEx", "f={$topic_info['forum_id']}&amp;start=$start") . '">', '</a>'),
 
 		'TOTAL_POSTS'		=> $user->lang('VIEW_TOPIC_POSTS', (int) $total),
-	));
+	];
+
+	/**
+	 * Event to modify the template data block for topic data output in the MCP
+	 *
+	 * @event core.mcp_topic_review_modify_topic_row
+	 * @var	string	action					Moderation action type to be performed with the topic
+	 * @var	bool	has_unapproved_posts	Flag indicating if the topic has unapproved posts
+	 * @var	int		icon_id					Split topic icon ID
+	 * @var	int		id						ID of the tab we are displaying
+	 * @var	string	mode					Mode of the MCP page we are displaying
+	 * @var	int		topic_id				The topic ID we are currently reviewing
+	 * @var	int		forum_id				The forum ID we are currently in
+	 * @var	bool	s_topic_icons			Flag indicating if split topic icon to be displayed
+	 * @var	int		start					Start item of this page
+	 * @var	string	subject					Subject of the topic to be split
+	 * @var	array	topic_info				Array with topic data
+	 * @var	int		to_forum_id				Forum id the topic is being moved to
+	 * @var	int		to_topic_id				Topic ID the topic is being merged with
+	 * @var	array	topic_row				Topic template data array
+	 * @var	int		total					Total posts count
+	 * @since 3.3.5-RC1
+	 */
+	$vars = [
+		'action',
+		'has_unapproved_posts',
+		'icon_id',
+		'id',
+		'mode',
+		'topic_id',
+		'forum_id',
+		's_topic_icons',
+		'start',
+		'subject',
+		'topic_info',
+		'to_forum_id',
+		'to_topic_id',
+		'topic_row',
+		'total',
+	];
+	extract($phpbb_dispatcher->trigger_event('core.mcp_topic_review_modify_topic_row', compact($vars)));
+
+	$template->assign_vars($topic_row);
 }
 
 /**
@@ -692,10 +734,36 @@ function split_topic($action, $topic_id, $to_forum_id, $subject)
 		$config->increment('num_topics', 1, false);
 
 		// Link back to both topics
-		$return_link = sprintf($user->lang['RETURN_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $post_info['forum_id'] . '&amp;t=' . $post_info['topic_id']) . '">', '</a>') . '<br /><br />' . sprintf($user->lang['RETURN_NEW_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $to_forum_id . '&amp;t=' . $to_topic_id) . '">', '</a>');
-		$redirect = $request->variable('redirect', "{$phpbb_root_path}viewtopic.$phpEx?f=$to_forum_id&amp;t=$to_topic_id");
+		$return_link = sprintf($user->lang['RETURN_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", 't=' . $post_info['topic_id']) . '">', '</a>') . '<br /><br />' . sprintf($user->lang['RETURN_NEW_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", 't=' . $to_topic_id) . '">', '</a>');
+		$redirect = $request->variable('redirect', "{$phpbb_root_path}viewtopic.$phpEx?t=$to_topic_id");
 		$redirect = reapply_sid($redirect);
 
+		/**
+		 * Event to access topic data after split
+		 *
+		 * @event core.mcp_topic_split_topic_after
+		 * @var	string	action			Split action type to be performed with the topic
+		 * @var	int		topic_id		The topic ID we are currently splitting
+		 * @var	int		forum_id		The forum ID we are currently in
+		 * @var	int		start			Start item of this page
+		 * @var	string	subject			Subject of the topic to be split
+		 * @var	array	topic_info		Array with topic data
+		 * @var	int		to_forum_id		Forum id the topic is being moved to
+		 * @var	int		to_topic_id		Topic ID the topic is being split to
+		 * @since 3.3.5-RC1
+		 */
+		$vars = [
+			'action',
+			'topic_id',
+			'forum_id',
+			'start',
+			'subject',
+			'topic_info',
+			'to_forum_id',
+			'to_topic_id',
+		];
+		extract($phpbb_dispatcher->trigger_event('core.mcp_topic_split_topic_after', compact($vars)));
+
 		meta_refresh(3, $redirect);
 		trigger_error($user->lang[$success_msg] . '<br /><br />' . $return_link);
 	}
@@ -789,7 +857,7 @@ function merge_posts($topic_id, $to_topic_id)
 
 		if ($row)
 		{
-			$return_link .= sprintf($user->lang['RETURN_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $row['forum_id'] . '&amp;t=' . $topic_id) . '">', '</a>');
+			$return_link .= sprintf($user->lang['RETURN_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", 't=' . $topic_id) . '">', '</a>');
 		}
 		else
 		{
@@ -812,8 +880,8 @@ function merge_posts($topic_id, $to_topic_id)
 		sync('forum', 'forum_id', $sync_forums, true, true);
 
 		// Link to the new topic
-		$return_link .= (($return_link) ? '<br /><br />' : '') . sprintf($user->lang['RETURN_NEW_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $to_forum_id . '&amp;t=' . $to_topic_id) . '">', '</a>');
-		$redirect = $request->variable('redirect', "{$phpbb_root_path}viewtopic.$phpEx?f=$to_forum_id&amp;t=$to_topic_id");
+		$return_link .= (($return_link) ? '<br /><br />' : '') . sprintf($user->lang['RETURN_NEW_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", 't=' . $to_topic_id) . '">', '</a>');
+		$redirect = $request->variable('redirect', "{$phpbb_root_path}viewtopic.$phpEx?t=$to_topic_id");
 		$redirect = reapply_sid($redirect);
 
 		/**

phpBB/includes/mcp/mcp_warn.php

@@ -238,10 +238,10 @@ class mcp_warn
 
 		$user_id = $user_row['user_id'];
 
-		if (strpos($this->u_action, "&f=$forum_id&p=$post_id") === false)
+		if (strpos($this->u_action, "&p=$post_id") === false)
 		{
-			$this->p_master->adjust_url("&f=$forum_id&p=$post_id");
-			$this->u_action .= "&f=$forum_id&p=$post_id";
+			$this->p_master->adjust_url("&p=$post_id");
+			$this->u_action .= "&p=$post_id";
 		}
 
 		// Check if can send a notification
@@ -358,7 +358,7 @@ class mcp_warn
 			'AVATAR_IMG'		=> $avatar_img,
 			'RANK_IMG'			=> $user_rank_data['img'],
 
-			'L_WARNING_POST_DEFAULT'	=> sprintf($user->lang['WARNING_POST_DEFAULT'], generate_board_url() . "/viewtopic.$phpEx?f=$forum_id&p=$post_id#p$post_id"),
+			'L_WARNING_POST_DEFAULT'	=> sprintf($user->lang['WARNING_POST_DEFAULT'], generate_board_url() . "/viewtopic.$phpEx?p=$post_id#p$post_id"),
 
 			'S_CAN_NOTIFY'		=> $s_can_notify,
 		));

phpBB/includes/message_parser.php

@@ -506,7 +506,7 @@ class bbcode_firstpass extends bbcode
 				}
 
 				// Because highlight_string is specialcharing the text (but we already did this before), we have to reverse this in order to get correct results
-				$code = htmlspecialchars_decode($code);
+				$code = htmlspecialchars_decode($code, ENT_COMPAT);
 				$code = highlight_string($code, true);
 
 				$str_from = array('<span style="color: ', '<font color="syntax', '</font>', '<code>', '</code>','[', ']', '.', ':');

phpBB/includes/questionnaire/questionnaire.php

@@ -38,7 +38,7 @@ class phpbb_questionnaire_data_collector
 	/**
 	* Constructor.
 	*
-	* @param	string
+	* @param	string $install_id
 	*/
 	function __construct($install_id)
 	{
@@ -150,11 +150,11 @@ class phpbb_questionnaire_system_data_provider
 
 		// Start discovering the IPV4 server address, if available
 		// Try apache, IIS, fall back to 0.0.0.0
-		$server_address = htmlspecialchars_decode($request->server('SERVER_ADDR', $request->server('LOCAL_ADDR', '0.0.0.0')));
+		$server_address = htmlspecialchars_decode($request->server('SERVER_ADDR', $request->server('LOCAL_ADDR', '0.0.0.0')), ENT_COMPAT);
 
 		return array(
 			'os'	=> PHP_OS,
-			'httpd'	=> htmlspecialchars_decode($request->server('SERVER_SOFTWARE')),
+			'httpd'	=> htmlspecialchars_decode($request->server('SERVER_SOFTWARE'), ENT_COMPAT),
 			// we don't want the real IP address (for privacy policy reasons) but only
 			// a network address to see whether your installation is running on a private or public network.
 			'private_ip'	=> $this->is_private_ip($server_address),

phpBB/includes/ucp/ucp_activate.php

@@ -134,7 +134,7 @@ class ucp_activate
 			$messenger->anti_abuse_headers($config, $user);
 
 			$messenger->assign_vars(array(
-				'USERNAME'	=> htmlspecialchars_decode($user_row['username']))
+				'USERNAME'	=> htmlspecialchars_decode($user_row['username'], ENT_COMPAT))
 			);
 
 			$messenger->send($user_row['user_notify_type']);

phpBB/includes/ucp/ucp_attachments.php

@@ -159,7 +159,7 @@ class ucp_attachments
 				}
 				else
 				{
-					$view_topic = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "t={$row['topic_id']}&p={$row['post_msg_id']}") . "#p{$row['post_msg_id']}";
+					$view_topic = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "p={$row['post_msg_id']}") . "#p{$row['post_msg_id']}";
 				}
 
 				$template->assign_block_vars('attachrow', array(
@@ -194,7 +194,7 @@ class ucp_attachments
 
 		$template->assign_vars(array(
 			'TOTAL_ATTACHMENTS'		=> $num_attachments,
-			'NUM_ATTACHMENTS'		=> $user->lang('NUM_ATTACHMENTS', $num_attachments),
+			'NUM_ATTACHMENTS'		=> $user->lang('NUM_ATTACHMENTS', (int) $num_attachments),
 
 			'L_TITLE'				=> $user->lang['UCP_ATTACHMENTS'],
 

phpBB/includes/ucp/ucp_login_link.php

@@ -230,7 +230,7 @@ class ucp_login_link
 						$user->lang[$result['error_msg']],
 						($config['email_enable']) ? '<a href="' . append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=sendpassword') . '">' : '',
 						($config['email_enable']) ? '</a>' : '',
-						($config['board_contact']) ? '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">' : '',
+						($config['board_contact']) ? '<a href="mailto:' . htmlspecialchars($config['board_contact'], ENT_COMPAT) . '">' : '',
 						($config['board_contact']) ? '</a>' : ''
 					);
 				break;
@@ -242,7 +242,7 @@ class ucp_login_link
 					// Assign admin contact to some error messages
 					if ($result['error_msg'] == 'LOGIN_ERROR_USERNAME' || $result['error_msg'] == 'LOGIN_ERROR_PASSWORD')
 					{
-						$login_error = (!$config['board_contact']) ? sprintf($user->lang[$result['error_msg']], '', '') : sprintf($user->lang[$result['error_msg']], '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">', '</a>');
+						$login_error = (!$config['board_contact']) ? sprintf($user->lang[$result['error_msg']], '', '') : sprintf($user->lang[$result['error_msg']], '<a href="mailto:' . htmlspecialchars($config['board_contact'], ENT_COMPAT) . '">', '</a>');
 					}
 
 				break;

phpBB/includes/ucp/ucp_main.php

@@ -184,10 +184,10 @@ class ucp_main
 						'S_UNREAD'			=> $unread_topic,
 
 						'U_TOPIC_AUTHOR'		=> get_username_string('profile', $row['topic_poster'], $row['topic_first_poster_name'], $row['topic_first_poster_colour']),
-						'U_LAST_POST'			=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$forum_id&t=$topic_id&p=" . $row['topic_last_post_id']) . '#p' . $row['topic_last_post_id'],
+						'U_LAST_POST'			=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", "p=" . $row['topic_last_post_id']) . '#p' . $row['topic_last_post_id'],
 						'U_LAST_POST_AUTHOR'	=> get_username_string('profile', $row['topic_last_poster_id'], $row['topic_last_poster_name'], $row['topic_last_poster_colour']),
-						'U_NEWEST_POST'			=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$forum_id&t=$topic_id&view=unread") . '#unread',
-						'U_VIEW_TOPIC'			=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$forum_id&t=$topic_id"),
+						'U_NEWEST_POST'			=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", "t=$topic_id&view=unread") . '#unread',
+						'U_VIEW_TOPIC'			=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", "t=$topic_id"),
 					);
 
 					/**
@@ -396,7 +396,7 @@ class ucp_main
 						if ($row['forum_last_post_id'])
 						{
 							$last_post_time = $user->format_date($row['forum_last_post_time']);
-							$last_post_url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$forum_id&p=" . $row['forum_last_post_id']) . '#p' . $row['forum_last_post_id'];
+							$last_post_url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "p=" . $row['forum_last_post_id']) . '#p' . $row['forum_last_post_id'];
 						}
 						else
 						{
@@ -677,10 +677,10 @@ class ucp_main
 					if (isset($topic_rows[$draft['topic_id']]) && $auth->acl_get('f_read', $topic_rows[$draft['topic_id']]['forum_id']))
 					{
 						$link_topic = true;
-						$view_url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $topic_rows[$draft['topic_id']]['forum_id'] . '&t=' . $draft['topic_id']);
+						$view_url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", 't=' . $draft['topic_id']);
 						$title = $topic_rows[$draft['topic_id']]['topic_title'];
 
-						$insert_url = append_sid("{$phpbb_root_path}posting.$phpEx", 'f=' . $topic_rows[$draft['topic_id']]['forum_id'] . '&t=' . $draft['topic_id'] . '&mode=reply&d=' . $draft['draft_id']);
+						$insert_url = append_sid("{$phpbb_root_path}posting.$phpEx", 't=' . $draft['topic_id'] . '&mode=reply&d=' . $draft['draft_id']);
 					}
 					else if ($auth->acl_get('f_read', $draft['forum_id']))
 					{
@@ -940,7 +940,7 @@ class ucp_main
 			$folder_img = $folder_alt = $topic_type = '';
 			topic_status($row, $replies, $unread_topic, $folder_img, $folder_alt, $topic_type);
 
-			$view_topic_url_params = "f=$forum_id&t=$topic_id";
+			$view_topic_url_params = "t=$topic_id";
 			$view_topic_url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", $view_topic_url_params);
 
 			// Send vars to template
@@ -1022,7 +1022,7 @@ class ucp_main
 
 			$template->assign_block_vars('topicrow', $template_vars);
 
-			$pagination->generate_template_pagination(append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $row['forum_id'] . "&t=$topic_id"), 'topicrow.pagination', 'start', $replies + 1, $config['posts_per_page'], 1, true, true);
+			$pagination->generate_template_pagination(append_sid("{$phpbb_root_path}viewtopic.$phpEx", "t=$topic_id"), 'topicrow.pagination', 'start', $replies + 1, $config['posts_per_page'], 1, true, true);
 		}
 	}
 }

phpBB/includes/ucp/ucp_profile.php

@@ -186,7 +186,7 @@ class ucp_profile
 							$messenger->anti_abuse_headers($config, $user);
 
 							$messenger->assign_vars(array(
-								'USERNAME'		=> htmlspecialchars_decode($data['username']),
+								'USERNAME'		=> htmlspecialchars_decode($data['username'], ENT_COMPAT),
 								'U_ACTIVATE'	=> "$server_url/ucp.$phpEx?mode=activate&u={$user->data['user_id']}&k=$user_actkey")
 							);
 

phpBB/includes/ucp/ucp_register.php

@@ -472,9 +472,9 @@ class ucp_register
 					$messenger->anti_abuse_headers($config, $user);
 
 					$messenger->assign_vars(array(
-						'WELCOME_MSG'	=> htmlspecialchars_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename'])),
-						'USERNAME'		=> htmlspecialchars_decode($data['username']),
-						'PASSWORD'		=> htmlspecialchars_decode($data['new_password']),
+						'WELCOME_MSG'	=> htmlspecialchars_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename']), ENT_COMPAT),
+						'USERNAME'		=> htmlspecialchars_decode($data['username'], ENT_COMPAT),
+						'PASSWORD'		=> htmlspecialchars_decode($data['new_password'], ENT_COMPAT),
 						'U_ACTIVATE'	=> "$server_url/ucp.$phpEx?mode=activate&u=$user_id&k=$user_actkey")
 					);
 

phpBB/includes/ucp/ucp_resend.php

@@ -99,8 +99,8 @@ class ucp_resend
 				$messenger->anti_abuse_headers($config, $user);
 
 				$messenger->assign_vars(array(
-					'WELCOME_MSG'	=> htmlspecialchars_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename'])),
-					'USERNAME'		=> htmlspecialchars_decode($user_row['username']),
+					'WELCOME_MSG'	=> htmlspecialchars_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename']), ENT_COMPAT),
+					'USERNAME'		=> htmlspecialchars_decode($user_row['username'], ENT_COMPAT),
 					'U_ACTIVATE'	=> generate_board_url() . "/ucp.$phpEx?mode=activate&u={$user_row['user_id']}&k={$user_row['user_actkey']}")
 				);
 
@@ -134,7 +134,7 @@ class ucp_resend
 					$messenger->anti_abuse_headers($config, $user);
 
 					$messenger->assign_vars(array(
-						'USERNAME'			=> htmlspecialchars_decode($user_row['username']),
+						'USERNAME'			=> htmlspecialchars_decode($user_row['username'], ENT_COMPAT),
 						'U_USER_DETAILS'	=> generate_board_url() . "/memberlist.$phpEx?mode=viewprofile&u={$user_row['user_id']}",
 						'U_ACTIVATE'		=> generate_board_url() . "/ucp.$phpEx?mode=activate&u={$user_row['user_id']}&k={$user_row['user_actkey']}")
 					);

phpBB/includes/utf/utf_tools.php

@@ -22,11 +22,9 @@ if (!defined('IN_PHPBB'))
 setlocale(LC_CTYPE, 'C');
 
 /**
-* Setup the UTF-8 portability layer
-*/
-Patchwork\Utf8\Bootup::initUtf8Encode();
-Patchwork\Utf8\Bootup::initMbstring();
-Patchwork\Utf8\Bootup::initIntl();
+ * UTF-8 portability layer is provided by
+ * symfony/polyfill-mbstring, symfony/polyfill-intl-normalizer, symfony/polyfill-php72
+ */
 
 /**
 * UTF-8 tools
@@ -171,7 +169,7 @@ function utf8_strspn($str, $mask, $start = null, $length = null)
 * Make a string's first character uppercase
 *
 * @author Harry Fuecks
-* @param string
+* @param string $str
 * @return string with first character as upper case (if applicable)
 */
 function utf8_ucfirst($str)

phpBB/install/app.php

@@ -16,7 +16,7 @@
  */
 define('IN_PHPBB', true);
 define('IN_INSTALL', true);
-define('PHPBB_ENVIRONMENT', 'production');
+
 $phpbb_root_path = '../';
 $phpEx = substr(strrchr(__FILE__, '.'), 1);
 

phpBB/install/convert/controller/convertor.php

@@ -506,7 +506,7 @@ class convertor
 			{
 				/** @var \phpbb\db\driver\driver_interface $src_db */
 				$src_db = new $src_dbms();
-				$src_db->sql_connect($src_dbhost, $src_dbuser, htmlspecialchars_decode($src_dbpasswd), $src_dbname, $src_dbport, false, true);
+				$src_db->sql_connect($src_dbhost, $src_dbuser, htmlspecialchars_decode($src_dbpasswd, ENT_COMPAT), $src_dbname, $src_dbport, false, true);
 				$same_db = false;
 			}
 			else

phpBB/install/convert/convertor.php

@@ -132,7 +132,7 @@ class convertor
 			$dbms = $convert->src_dbms;
 			/** @var \phpbb\db\driver\driver $src_db */
 			$src_db = new $dbms();
-			$src_db->sql_connect($convert->src_dbhost, $convert->src_dbuser, htmlspecialchars_decode($convert->src_dbpasswd), $convert->src_dbname, $convert->src_dbport, false, true);
+			$src_db->sql_connect($convert->src_dbhost, $convert->src_dbuser, htmlspecialchars_decode($convert->src_dbpasswd, ENT_COMPAT), $convert->src_dbname, $convert->src_dbport, false, true);
 			$same_db = false;
 		}
 		else
@@ -763,7 +763,7 @@ class convertor
 										{
 											if (!$db->sql_query($insert_query . $waiting_sql))
 											{
-												$this->db_error($user->lang['DB_ERR_INSERT'], htmlspecialchars($insert_query . $waiting_sql) . '<br /><br />' . htmlspecialchars(print_r($db->_sql_error(), true)), __LINE__, __FILE__, true);
+												$this->db_error($user->lang['DB_ERR_INSERT'], htmlspecialchars($insert_query . $waiting_sql, ENT_COMPAT) . '<br /><br />' . htmlspecialchars(print_r($db->_sql_error(), true), ENT_COMPAT), __LINE__, __FILE__, true);
 											}
 										}
 
@@ -782,7 +782,7 @@ class convertor
 
 								if (!$db->sql_query($insert_sql))
 								{
-									$this->db_error($user->lang['DB_ERR_INSERT'], htmlspecialchars($insert_sql) . '<br /><br />' . htmlspecialchars(print_r($db->_sql_error(), true)), __LINE__, __FILE__, true);
+									$this->db_error($user->lang['DB_ERR_INSERT'], htmlspecialchars($insert_sql, ENT_COMPAT) . '<br /><br />' . htmlspecialchars(print_r($db->_sql_error(), true), ENT_COMPAT), __LINE__, __FILE__, true);
 								}
 								$db->sql_return_on_error(false);
 
@@ -817,7 +817,7 @@ class convertor
 						foreach ($waiting_rows as $waiting_sql)
 						{
 							$db->sql_query($insert_query . $waiting_sql);
-							$this->db_error($user->lang['DB_ERR_INSERT'], htmlspecialchars($insert_query . $waiting_sql) . '<br /><br />' . htmlspecialchars(print_r($db->_sql_error(), true)), __LINE__, __FILE__, true);
+							$this->db_error($user->lang['DB_ERR_INSERT'], htmlspecialchars($insert_query . $waiting_sql, ENT_COMPAT) . '<br /><br />' . htmlspecialchars(print_r($db->_sql_error(), true), ENT_COMPAT), __LINE__, __FILE__, true);
 						}
 
 						$db->sql_return_on_error(false);
@@ -1468,6 +1468,12 @@ class convertor
 									$value = array($value);
 								}
 
+								// Add ENT_COMPAT default flag to html specialchars/entities functions, see PHPBB3-16690
+								if (in_array($execution, ['htmlspecialchars', 'htmlentities', 'htmlspecialchars_decode', 'html_entitity_decode']))
+								{
+									$value[] = ENT_COMPAT;
+								}
+
 								$value = call_user_func_array($execution, $value);
 							}
 							else if (strpos($type, 'execute') === 0)
@@ -1517,6 +1523,12 @@ class convertor
 									$value = array($value);
 								}
 
+								// Add ENT_COMPAT default flag to html specialchars/entities functions, see PHPBB3-16690
+								if (in_array($execution, ['htmlspecialchars', 'htmlentities', 'htmlspecialchars_decode', 'html_entitity_decode']))
+								{
+									$value[] = ENT_COMPAT;
+								}
+
 								$value = call_user_func_array($execution, $value);
 							}
 							else if (strpos($type, 'execute') === 0)

phpBB/install/convertors/convert_phpbb20.php

@@ -38,7 +38,7 @@ $dbms = $phpbb_config_php_file->convert_30_dbms_to_31($dbms);
 $convertor_data = array(
 	'forum_name'	=> 'phpBB 2.0.x',
 	'version'		=> '1.0.3',
-	'phpbb_version'	=> '3.3.3',
+	'phpbb_version'	=> '3.3.5',
 	'author'		=> '<a href="https://www.phpbb.com/">phpBB Limited</a>',
 	'dbms'			=> $dbms,
 	'dbhost'		=> $dbhost,

phpBB/install/phpbbcli.php

@@ -23,7 +23,7 @@ if (php_sapi_name() !== 'cli')
 define('IN_PHPBB', true);
 define('IN_INSTALL', true);
 define('PHPBB_ENVIRONMENT', 'production');
-define('PHPBB_VERSION', '3.3.3');
+define('PHPBB_VERSION', '3.3.5');
 $phpbb_root_path = __DIR__ . '/../';
 $phpEx = substr(strrchr(__FILE__, '.'), 1);
 

phpBB/install/schemas/schema_data.sql

@@ -200,7 +200,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('load_cpf_viewtopic
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('load_db_lastread', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('load_db_track', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('load_font_awesome_url', 'https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('load_jquery_url', '//ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('load_jquery_url', '//ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('load_jumpbox', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('load_moderators', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('load_notifications', '1');
@@ -316,7 +316,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('update_hashes_lock
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_icons_path', 'images/upload_icons');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_path', 'files');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('use_system_cron', '0');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.3.3');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.3.5');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_expire_days', '90');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_gc', '14400');
 

phpBB/install/startup.php

@@ -49,13 +49,19 @@ function phpbb_include_updated($path, $phpbb_root_path, $optional = false)
 
 function installer_msg_handler($errno, $msg_text, $errfile, $errline)
 {
-	global $phpbb_installer_container;
+	global $phpbb_installer_container, $msg_long_text;
 
 	if (error_reporting() == 0)
 	{
 		return true;
 	}
 
+	// If the message handler is stripping text, fallback to the long version if available
+	if (!$msg_text && !empty($msg_long_text))
+	{
+		$msg_text = $msg_long_text;
+	}
+
 	switch ($errno)
 	{
 		case E_NOTICE:
@@ -87,6 +93,21 @@ function installer_msg_handler($errno, $msg_text, $errfile, $errline)
 		case E_USER_ERROR:
 			$msg = '<b>General Error:</b><br>' . $msg_text . '<br> in file ' . $errfile . ' on line ' . $errline . '<br><br>';
 
+			if (!empty($phpbb_installer_container))
+			{
+				try
+				{
+					/** @var \phpbb\install\helper\iohandler\iohandler_interface $iohandler */
+					$iohandler = $phpbb_installer_container->get('installer.helper.iohandler');
+					$iohandler->add_error_message($msg);
+					$iohandler->send_response(true);
+					exit();
+				}
+				catch (\phpbb\install\helper\iohandler\exception\iohandler_not_implemented_exception $e)
+				{
+					throw new \phpbb\exception\runtime_exception($msg);
+				}
+			}
 			throw new \phpbb\exception\runtime_exception($msg);
 		break;
 		case E_DEPRECATED:

phpBB/language/en/acp/database.php

@@ -70,7 +70,6 @@ $lang = array_merge($lang, array(
 	'START_RESTORE'			=> 'Start restore',
 	'STORE_AND_DOWNLOAD'	=> 'Store and download',
 	'STORE_LOCAL'			=> 'Store file locally',
-	'STRUCTURE_ONLY'		=> 'Structure only',
 
 	'TABLE_SELECT'		=> 'Table select',
 	'TABLE_SELECT_ERROR'=> 'You must select at least one table.',

phpBB/language/en/captcha_recaptcha.php

@@ -44,10 +44,11 @@ $lang = array_merge($lang, [
 	'CAPTCHA_RECAPTCHA'				=> 'reCaptcha v2',
 	'CAPTCHA_RECAPTCHA_V3'			=> 'reCaptcha v3',
 
-	'RECAPTCHA_INCORRECT'			=> 'The solution you provided was incorrect',
-	'RECAPTCHA_NOSCRIPT'			=> 'Please enable JavaScript in your browser to load the challenge.',
-	'RECAPTCHA_NOT_AVAILABLE'		=> 'In order to use reCaptcha, you must create an account on <a href="https://www.google.com/recaptcha">www.google.com/recaptcha</a>.',
-	'RECAPTCHA_INVISIBLE'			=> 'This CAPTCHA is actually invisible. To verify that it works, a small icon should appear in right bottom corner of this page.',
+	'RECAPTCHA_INCORRECT'				=> 'The solution you provided was incorrect',
+	'RECAPTCHA_NOSCRIPT'				=> 'Please enable JavaScript in your browser to load the challenge.',
+	'RECAPTCHA_NOT_AVAILABLE'			=> 'In order to use reCaptcha, you must create an account on <a href="https://www.google.com/recaptcha">www.google.com/recaptcha</a>.',
+	'RECAPTCHA_INVISIBLE'				=> 'This CAPTCHA is actually invisible. To verify that it works, a small icon should appear in right bottom corner of this page.',
+	'RECAPTCHA_V3_LOGIN_ERROR_ATTEMPTS'	=> 'You have exceeded the maximum number of login attempts allowed.<br>In addition to your username and password the invisible reCAPTCHA v3 will be used to authenticate your session.',
 
 	'RECAPTCHA_PUBLIC'				=> 'Site key',
 	'RECAPTCHA_PUBLIC_EXPLAIN'		=> 'Your site reCAPTCHA key. Keys can be obtained on <a href="https://www.google.com/recaptcha">www.google.com/recaptcha</a>. Please, use reCAPTCHA v2 &gt; Invisible reCAPTCHA badge type.',

phpBB/language/en/common.php

@@ -95,6 +95,7 @@ $lang = array_merge($lang, array(
 	'AUTH_PROVIDER_OAUTH_ERROR_INVALID_ENTRY'				=> 'Invalid database entry.',
 	'AUTH_PROVIDER_OAUTH_ERROR_INVALID_SERVICE_TYPE'		=> 'Invalid service type provided to OAuth service handler.',
 	'AUTH_PROVIDER_OAUTH_ERROR_REQUEST'						=> 'Something went wrong when processing your OAuth request.',
+	'AUTH_PROVIDER_OAUTH_RETURN_ERROR'						=> 'The external service returned a wrong value therefore your request can not be processed.',
 	'AUTH_PROVIDER_OAUTH_ERROR_SERVICE_NOT_CREATED'			=> 'OAuth service not created',
 	'AUTH_PROVIDER_OAUTH_SERVICE_BITLY'						=> 'Bitly',
 	'AUTH_PROVIDER_OAUTH_SERVICE_FACEBOOK'					=> 'Facebook',