[prep-release-3.3.12] Update changelog for 3.3.12

These have default values and do not require setting in user_add().

.devcontainer/Dockerfile

@@ -0,0 +1,20 @@
+# Debian version
+ARG VARIANT="buster"
+FROM mcr.microsoft.com/vscode/devcontainers/base:0-${VARIANT}
+
+# Install PHP
+RUN apt-get -y update
+RUN apt-get -y install php php-xml php-mbstring php-curl php-zip php-xdebug
+
+# Install Composer
+RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer
+
+# Install MySQL
+RUN apt-get -y install mysql-server php-mysql
+
+# Xdebug
+ADD resources/xdebug.ini /etc/php/8.1/apache2/conf.d/xdebug.ini
+
+# Configure Apache
+RUN echo "Listen 8080" >> /etc/apache2/ports.conf && \
+    a2enmod rewrite

.devcontainer/devcontainer.json

@@ -0,0 +1,37 @@
+// For format details, see https://aka.ms/devcontainer.json. For config options, see the README at:
+// https://github.com/microsoft/vscode-dev-containers/tree/v0.238.1/containers/ubuntu
+{
+	"name": "Ubuntu",
+	"build": {
+		"dockerfile": "Dockerfile",
+		// Update 'VARIANT' to pick an Ubuntu version: jammy / ubuntu-22.04, focal / ubuntu-20.04, bionic /ubuntu-18.04
+		// Use ubuntu-22.04 or ubuntu-18.04 on local arm64/Apple Silicon.
+		"args": { "VARIANT": "ubuntu-22.04" }
+	},
+
+	// Configure tool-specific properties.
+	"customizations": {
+		// Configure properties specific to VS Code.
+		"vscode": {
+			"settings": {
+				// Allow Xdebug to listen to requests from remote (or container)
+				"remote.localPortHost": "allInterfaces"
+			},
+			//"devPort": {},
+			// Specify which VS Code extensions to install (List of IDs)
+			"extensions": ["xdebug.php-debug"]
+			}
+		},
+
+	// Use 'forwardPorts' to make a list of ports inside the container available locally.
+	"forwardPorts": [80, 9003],
+
+	// Use 'postCreateCommand' to run commands after the container is created.
+	"postStartCommand": "bash .devcontainer/resources/setup.sh",
+
+	// Comment out to connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root.
+	"remoteUser": "vscode",
+	"features": {
+		"github-cli": "latest"
+	}
+}

.devcontainer/resources/phpbb-config.yml

@@ -0,0 +1,38 @@
+installer:
+    admin:
+        name: admin
+        password: adminadmin
+        email: admin@example.org
+
+    board:
+        lang: en
+        name: My Board
+        description: My amazing new phpBB board
+
+    database:
+        dbms: mysqli
+        dbhost: 127.0.0.1
+        dbport: 3306
+        dbuser: phpbb
+        dbpasswd: phpbb
+        dbname: phpbb
+        table_prefix: phpbb_
+
+    email:
+        enabled: false
+        smtp_delivery : ~
+        smtp_host: ~
+        smtp_port: ~
+        smtp_auth: ~
+        smtp_user: ~
+        smtp_pass: ~
+
+    server:
+        cookie_secure: false
+        server_protocol: http://
+        force_server_vars: false
+        server_name: localhost
+        server_port: 80
+        script_path: /
+
+    extensions: []

.devcontainer/resources/setup.sh

@@ -0,0 +1,44 @@
+# setup.sh
+# Commands to install and configure phpBB
+
+# Start MySQL
+echo "[Codespaces] Start MySQL"
+sudo service mysql start
+
+# Start Apache
+echo "[Codespaces] Start Apache"
+sudo service apache2 start
+
+# Add SSH key
+echo "[Codespaces] Add SSH key"
+echo "$SSH_KEY" > /home/vscode/.ssh/id_rsa && chmod 600 /home/vscode/.ssh/id_rsa
+
+# Create a MySQL user to use
+echo "[Codespaces] Create MySQL user"
+sudo mysql -u root<<EOFMYSQL
+    CREATE USER 'phpbb'@'localhost' IDENTIFIED BY 'phpbb';
+    GRANT ALL PRIVILEGES ON *.* TO 'phpbb'@'localhost' WITH GRANT OPTION;
+    CREATE DATABASE IF NOT EXISTS phpbb;
+EOFMYSQL
+
+# Download dependencies
+echo "[Codespaces] Install Composer dependencies"
+composer install --no-interaction
+
+# Symlink the webroot so it can be viewed
+echo "[Codespaces] Create Symlink of webroot"
+sudo rm -rf /var/www/html
+sudo ln -s /workspaces/phpbb/phpBB /var/www/html
+
+# Copy phpBB config
+echo "[Codespaces] Copy phpBB configuration"
+cp /workspaces/phpbb/.devcontainer/resources/phpbb-config.yml /workspaces/phpbb/phpBB/install/install-config.yml
+
+# Install phpBB
+echo "[Codespaces] Run phpBB CLI installation"
+cd /workspaces/phpbb/phpBB && composer install --no-interaction
+sudo php /workspaces/phpbb/phpBB/install/phpbbcli.php install /workspaces/phpbb/phpBB/install/install-config.yml
+rm -rf /workspaces/phpbb/phpBB/install
+
+# Finished
+echo "[Codespaces] phpBB installation completed"

.devcontainer/resources/xdebug.ini

@@ -0,0 +1,10 @@
+zend_extension=xdebug.so
+
+[xdebug]
+xdebug.mode=develop,debug
+xdebug.discover_client_host=1
+xdebug.client_port=9003
+xdebug.start_with_request=yes
+xdebug.log='/var/log/xdebug/xdebug.log'
+xdebug.connect_timeout_ms=2000
+xdebug.idekey=VSCODE

.github/PULL_REQUEST_TEMPLATE.md

@@ -5,6 +5,6 @@ Checklist:
 - [ ] Code follows coding guidelines: [master](https://area51.phpbb.com/docs/master/coding-guidelines.html) and [3.3.x](https://area51.phpbb.com/docs/dev/3.3.x/development/coding_guidelines.html)
 - [ ] Commit follows commit message [format](https://area51.phpbb.com/docs/dev/3.3.x/development/git.html)
 
-Tracker ticket (set the ticket ID to **your ticket ID**):
+Tracker ticket:
 
 https://tracker.phpbb.com/browse/PHPBB3-12345

.github/setup-ldap.sh

@@ -16,4 +16,4 @@ mkdir /var/tmp/slapd
 cp .github/ldap/slapd.conf /var/tmp/slapd/slapd.conf
 slapd -d 256 -d 128 -f /var/tmp/slapd/slapd.conf -h ldap://localhost:3389 &
 sleep 3
-ldapadd -h localhost:3389 -D "cn=admin,dc=example,dc=com" -w adminadmin -f .github/ldap/base.ldif
+ldapadd -H ldap://localhost:3389 -D "cn=admin,dc=example,dc=com" -w adminadmin -f .github/ldap/base.ldif

.github/setup-phpbb.sh

@@ -31,6 +31,6 @@ php ../composer.phar install --dev --no-interaction
 if [[ "$PHP_VERSION" =~ ^nightly$ || "$PHP_VERSION" =~ ^8 ]]
 then
 	php ../composer.phar remove phpunit/dbunit --dev --update-with-dependencies \
-	&& php ../composer.phar require symfony/yaml:~4.4 misantron/dbunit:~5.0 phpunit/phpunit:^9.3 --dev --update-with-all-dependencies --ignore-platform-reqs
+	&& php ../composer.phar require symfony/yaml:~4.4 misantron/dbunit:~5.0 phpunit/phpunit:^9.3 doctrine/instantiator:^1.4 --dev --update-with-all-dependencies --ignore-platform-reqs
 fi
 cd ..

.github/workflows/tests.yml

@@ -17,7 +17,7 @@ on:
 jobs:
     # Basic checks, e.g. parse errors, commit messages, etc.
     basic-checks:
-        runs-on: ubuntu-18.04
+        runs-on: ubuntu-22.04
         strategy:
             matrix:
                 include:
@@ -29,7 +29,7 @@ jobs:
 
         steps:
             - name: Checkout repository
-              uses: actions/checkout@v2
+              uses: actions/checkout@v4
               with:
                   fetch-depth: 100
 
@@ -46,12 +46,12 @@ jobs:
                   PHP_VERSION: ${{ matrix.php }}
               run: |
                   cd phpBB
-                  echo "::set-output name=dir::$(composer config cache-files-dir)"
-                  echo "::set-output name=version::${PHP_VERSION%.*}"
+                  echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
+                  echo "version=${PHP_VERSION%.*}" >> $GITHUB_OUTPUT
                   cd ..
 
             - name: Cache Composer dependencies
-              uses: actions/cache@v2
+              uses: actions/cache@v4
               with:
                   path: ${{ steps.composer-cache.outputs.dir }}
                   key: composer-${{ steps.composer-cache.outputs.version }}-${{ hashFiles('phpBB/composer.lock') }}
@@ -88,32 +88,30 @@ jobs:
 
     # Tests for MySQL and MariaDB
     mysql-tests:
-        runs-on: ubuntu-18.04
+        runs-on: ubuntu-22.04
         strategy:
             matrix:
                 include:
-                    - php: '7.1'
+                    - php: '7.2'
                       db: "mariadb:10.1"
-                    - php: '7.1'
+                    - php: '7.2'
                       db: "mariadb:10.2"
-                    - php: '7.1'
+                    - php: '7.2'
                       db: "mariadb:10.3"
-                    - php: '7.1'
+                    - php: '7.2'
                       db: "mariadb:10.4"
-                    - php: '7.1'
+                    - php: '7.2'
                       db: "mariadb:10.5"
-                    - php: '7.1'
+                    - php: '7.2'
                       db: "mysql:5.6"
                       db_alias: "MySQL Slow Tests"
                       SLOWTESTS: 1
-                    - php: '7.1'
+                    - php: '7.2'
                       db: "mysql:5.6"
                       db_alias: "MyISAM Tests"
                       MYISAM: 1
-                    - php: '7.1'
+                    - php: '7.2'
                       db: "mysql:5.6"
-                    - php: '7.1'
-                      db: "mysql:5.7"
                     - php: '7.2'
                       db: "mysql:5.7"
                     - php: '7.3'
@@ -128,6 +126,8 @@ jobs:
                       db: "mysql:5.7"
                     - php: '8.2'
                       db: "mysql:5.7"
+                    - php: '8.3'
+                      db: "mysql:5.7"
 
         name: PHP ${{ matrix.php }} - ${{ matrix.db_alias != '' && matrix.db_alias || matrix.db }}
 
@@ -157,14 +157,14 @@ jobs:
 
         steps:
             - name: Checkout repository
-              uses: actions/checkout@v2
+              uses: actions/checkout@v4
 
             - id: database-type
               env:
                   MATRIX_DB: ${{ matrix.db }}
               run: |
                   db=$(echo "${MATRIX_DB%%:*}")
-                  echo "::set-output name=db::$db"
+                  echo "db=$db" >> $GITHUB_OUTPUT
 
             - name: Setup PHP
               uses: shivammathur/setup-php@v2
@@ -179,12 +179,12 @@ jobs:
                   PHP_VERSION: ${{ matrix.php }}
               run: |
                   cd phpBB
-                  echo "::set-output name=dir::$(composer config cache-files-dir)"
-                  echo "::set-output name=version::${PHP_VERSION%.*}"
+                  echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
+                  echo "version=${PHP_VERSION%.*}" >> $GITHUB_OUTPUT
                   cd ..
 
             - name: Cache Composer dependencies
-              uses: actions/cache@v2
+              uses: actions/cache@v4
               with:
                   path: ${{ steps.composer-cache.outputs.dir }}
                   key: composer-${{ steps.composer-cache.outputs.version }}-${{ hashFiles('phpBB/composer.lock') }}
@@ -229,22 +229,22 @@ jobs:
 
     # Tests for PostgreSQL
     postgres-tests:
-        runs-on: ubuntu-18.04
+        runs-on: ubuntu-22.04
         strategy:
             matrix:
                 include:
-                    - php: '7.1'
+                    - php: '7.2'
+                      db: "postgres:9.3"
+                    - php: '7.2'
                       db: "postgres:9.5"
-                    - php: '7.1'
+                    - php: '7.2'
                       db: "postgres:9.6"
-                    - php: '7.1'
+                    - php: '7.2'
                       db: "postgres:10"
-                    - php: '7.1'
+                    - php: '7.2'
                       db: "postgres:11"
-                    - php: '7.1'
+                    - php: '7.2'
                       db: "postgres:12"
-                    - php: '7.1'
-                      db: "postgres:13"
                     - php: '7.2'
                       db: "postgres:13"
                     - php: '7.3'
@@ -259,12 +259,14 @@ jobs:
                       db: "postgres:14"
                     - php: '8.2'
                       db: "postgres:14"
+                    - php: '8.3'
+                      db: "postgres:14"
 
         name: PHP ${{ matrix.php }} - ${{ matrix.db }}
 
         services:
             postgres:
-                image: ${{ matrix.db != 'postgres:9.5' && matrix.db != 'postgres:9.6' && matrix.db != 'postgres:10' && matrix.db != 'postgres:11' && matrix.db != 'postgres:12' && matrix.db != 'postgres:13' && 'postgres:10' || matrix.db }}
+                image: ${{ matrix.db != 'postgres:9.3' && matrix.db != 'postgres:9.5' && matrix.db != 'postgres:9.6' && matrix.db != 'postgres:10' && matrix.db != 'postgres:11' && matrix.db != 'postgres:12' && matrix.db != 'postgres:13' && 'postgres:10' || matrix.db }}
                 env:
                     POSTGRES_HOST: localhost
                     POSTGRES_USER: postgres
@@ -290,14 +292,14 @@ jobs:
 
         steps:
             - name: Checkout repository
-              uses: actions/checkout@v2
+              uses: actions/checkout@v4
 
             - id: database-type
               env:
                   MATRIX_DB: ${{ matrix.db }}
               run: |
                   db=$(echo "${MATRIX_DB%%:*}")
-                  echo "::set-output name=db::$db"
+                  echo "db=$db" >> $GITHUB_OUTPUT
 
             - name: Setup PHP
               uses: shivammathur/setup-php@v2
@@ -312,12 +314,12 @@ jobs:
                   PHP_VERSION: ${{ matrix.php }}
               run: |
                   cd phpBB
-                  echo "::set-output name=dir::$(composer config cache-files-dir)"
-                  echo "::set-output name=version::${PHP_VERSION%.*}"
+                  echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
+                  echo "version=${PHP_VERSION%.*}" >> $GITHUB_OUTPUT
                   cd ..
 
             - name: Cache Composer dependencies
-              uses: actions/cache@v2
+              uses: actions/cache@v4
               with:
                   path: ${{ steps.composer-cache.outputs.dir }}
                   key: composer-${{ steps.composer-cache.outputs.version }}-${{ hashFiles('phpBB/composer.lock') }}
@@ -345,11 +347,11 @@ jobs:
 
     # Other database types, namely sqlite3 and mssql
     other-tests:
-        runs-on: ubuntu-18.04
+        runs-on: ubuntu-22.04
         strategy:
             matrix:
                 include:
-                    - php: '7.1'
+                    - php: '7.2'
                       db: "sqlite3"
                     - php: '7.2'
                       db: "mcr.microsoft.com/mssql/server:2017-latest"
@@ -388,7 +390,7 @@ jobs:
 
         steps:
             - name: Checkout repository
-              uses: actions/checkout@v2
+              uses: actions/checkout@v4
 
             - id: database-type
               env:
@@ -400,7 +402,7 @@ jobs:
                   else
                       db=$(echo "${MATRIX_DB%%:*}")
                   fi
-                  echo "::set-output name=db::$db"
+                  echo "db=$db" >> $GITHUB_OUTPUT
 
             - name: Setup PHP
               uses: shivammathur/setup-php@v2
@@ -415,12 +417,12 @@ jobs:
                   PHP_VERSION: ${{ matrix.php }}
               run: |
                   cd phpBB
-                  echo "::set-output name=dir::$(composer config cache-files-dir)"
-                  echo "::set-output name=version::${PHP_VERSION%.*}"
+                  echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
+                  echo "version=${PHP_VERSION%.*}" >> $GITHUB_OUTPUT
                   cd ..
 
             - name: Cache Composer dependencies
-              uses: actions/cache@v2
+              uses: actions/cache@v4
               with:
                   path: ${{ steps.composer-cache.outputs.dir }}
                   key: composer-${{ steps.composer-cache.outputs.version }}-${{ hashFiles('phpBB/composer.lock') }}
@@ -464,6 +466,9 @@ jobs:
                     - php: '8.2'
                       db: "postgres"
                       type: 'unit'
+                    - php: '8.3'
+                      db: "postgres"
+                      type: 'unit'
                     - php: '7.4'
                       db: "postgres"
                       type: 'functional'
@@ -476,6 +481,9 @@ jobs:
                     - php: '8.2'
                       db: "postgres"
                       type: 'functional'
+                    - php: '8.3'
+                      db: "postgres"
+                      type: 'functional'
 
         name: Windows - PHP ${{ matrix.php }} - ${{ matrix.db }} - ${{ matrix.type }}
 
@@ -485,7 +493,7 @@ jobs:
                   git config --system core.autocrlf false
                   git config --system core.eol lf
             - name: Checkout repository
-              uses: actions/checkout@v2
+              uses: actions/checkout@v4
 
             - name: Setup PHP
               uses: shivammathur/setup-php@v2
@@ -499,13 +507,13 @@ jobs:
               id: composer-cache
               run: |
                   cd phpBB
-                  echo "::set-output name=dir::$(composer config cache-files-dir)"
+                  echo "dir=$(composer config cache-files-dir)" >> $env:GITHUB_OUTPUT
                   $major_version="${{ matrix.php }}".substring(0,1)
-                  echo "::set-output name=version::$major_version"
+                  echo "version=$major_version" >> $env:GITHUB_OUTPUT
                   cd ..
 
             - name: Cache Composer dependencies
-              uses: actions/cache@v2
+              uses: actions/cache@v4
               with:
                   path: ${{ steps.composer-cache.outputs.dir }}
                   key: composer-${{ steps.composer-cache.outputs.version }}-${{ hashFiles('phpBB/composer.lock') }}
@@ -548,7 +556,7 @@ jobs:
                   cd ${env:GITHUB_WORKSPACE}\phpBB
                   php ..\composer.phar install
                   php ..\composer.phar remove phpunit/dbunit --dev --update-with-dependencies
-                  php ..\composer.phar require symfony/yaml:~4.4 misantron/dbunit:~5.0 phpunit/phpunit:^9.3 --dev --update-with-all-dependencies --ignore-platform-reqs
+                  php ..\composer.phar require symfony/yaml:~4.4 misantron/dbunit:~5.0 phpunit/phpunit:^9.3 doctrine/instantiator:^1.4 --dev --update-with-all-dependencies --ignore-platform-reqs
                   cd ..
             - name: Setup database
               run: |

.vscode/launch.json

@@ -0,0 +1,18 @@
+{
+    // Use IntelliSense to learn about possible attributes.
+    // Hover to view descriptions of existing attributes.
+    // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
+    "version": "0.2.0",
+    "configurations": [
+        {
+            "name": "Debug phpBB",
+            "type": "php",
+            "request": "launch",
+            "port": 9003,
+            "pathMappings": {
+                "/var/www/html": "${workspaceRoot}/phpBB/"
+            },
+            "log": true
+        }
+    ]
+}

.vscode/settings.json

@@ -0,0 +1,3 @@
+{
+    "php.debug.ideKey": "VSCODE"
+}

README.md

@@ -27,7 +27,10 @@ To run an installation from the repo (and not from a pre-built package) on a loc
   php ../composer.phar install
   ```
 
-Alternatively, you can read our [Vagrant documentation](phpBB/docs/vagrant.md) to find out how to use Vagrant to develop and contribute to phpBB.
+Alternatively, you can read:
+
+* Our [Vagrant documentation](phpBB/docs/vagrant.md) to find out how to use Vagrant to develop and contribute to phpBB.
+* Our [GitHub Codespaces documentation](phpBB/docs/codespaces.md) to learn about phpBB's cloud-based development environment.
 
 ## 📓 Documentation
 

build/build.xml

@@ -2,9 +2,9 @@
 
 <project name="phpBB" description="The phpBB forum software" default="all" basedir="../">
 	<!-- a few settings for the build -->
-	<property name="newversion" value="3.3.8" />
-	<property name="prevversion" value="3.3.7" />
-	<property name="olderversions" value="3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.7-pl1, 3.1.8, 3.1.9, 3.1.10, 3.1.11, 3.1.12, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.2.6, 3.2.7, 3.2.8, 3.2.9, 3.2.10, 3.2.11, 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.3.4, 3.3.5, 3.3.6, 3.3.8-RC1" />
+	<property name="newversion" value="3.3.12" />
+	<property name="prevversion" value="3.3.11" />
+	<property name="olderversions" value="3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.7-pl1, 3.1.8, 3.1.9, 3.1.10, 3.1.11, 3.1.12, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.2.6, 3.2.7, 3.2.8, 3.2.9, 3.2.10, 3.2.11, 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.3.4, 3.3.5, 3.3.6, 3.3.7, 3.3.8, 3.3.9, 3.3.10, 3.3.12-RC1" />
 	<!-- no configuration should be needed beyond this point -->
 
 	<property name="oldversions" value="${olderversions}, ${prevversion}" />
@@ -362,6 +362,8 @@
 		<chmod mode="0777" file="${dir}/store" />
 		<chmod mode="0777" file="${dir}/files" />
 		<chmod mode="0777" file="${dir}/images/avatars/upload" />
+		<!-- set permissions of executable scripts to 755 -->
+		<chmod mode="0755" file="${dir}/bin/phpbbcli.php" />
 	</target>
 
 	<target name="clean-vendor-dir">

git-tools/hooks/prepare-commit-msg

@@ -34,6 +34,12 @@ then
 	ticket_id=$(sed -E 's/(ticket\/)(security\/)?([0-9]+)(.+$)?/\3/gm;t;d' <<< "$branch");
 	branch_title=$(sed -E 's/(ticket\/)(security\/)?([0-9]+)(.+$)?/\1\2\3/gm;t;d' <<< "$branch");
 
+	# Fall back to branch name if no ticket ID
+	if [ -z "$branch_title" ];
+	then
+		branch_title="$branch";
+	fi
+
 	if [ "security/" = "$(sed -E 's/(ticket\/)(security\/)?([0-9]+)(.+$)?/\2/gm;t;d' <<< "$branch")" ];
 	then
 		tail="$(printf '\n\nSECURITY-%s' "$ticket_id")";

phpBB/adm/index.php

@@ -61,8 +61,8 @@ $template->set_custom_style(array(
 	),
 ), $phpbb_admin_path . 'style');
 
-$template->assign_var('T_ASSETS_PATH', $phpbb_root_path . 'assets');
-$template->assign_var('T_TEMPLATE_PATH', $phpbb_admin_path . 'style');
+$template->assign_var('T_ASSETS_PATH', $phpbb_path_helper->update_web_root_path($phpbb_root_path . 'assets'));
+$template->assign_var('T_TEMPLATE_PATH', $phpbb_path_helper->update_web_root_path($phpbb_root_path . 'style'));
 
 // Instantiate new module
 $module = new p_master();

phpBB/adm/style/acp_search.html

@@ -78,28 +78,31 @@
 
 <!-- ELSEIF S_INDEX -->
 
-	<script>
-	// <![CDATA[
-		/**
-		* Popup search progress bar
-		*/
-		function popup_progress_bar(progress_type)
-		{
-			close_waitscreen = 0;
-			// no scrollbars
-			popup('{UA_PROGRESS_BAR}&amp;type=' + progress_type, 400, 240, '_index');
-		}
-	// ]]>
-	</script>
-
 	<h1>{L_ACP_SEARCH_INDEX}</h1>
 
 	<!-- IF S_CONTINUE_INDEXING -->
-		<p>{L_CONTINUE_EXPLAIN}</p>
+		<p>
+			{% if S_CONTINUE_INDEXING == 'create' %}
+				{{ lang('CONTINUE_INDEXING_EXPLAIN') }}
+			{% else %}
+				{{ lang('CONTINUE_DELETING_INDEX_EXPLAIN') }}
+			{% endif %}
+		</p>
 
 		<form id="acp_search_continue" method="post" action="{U_CONTINUE_INDEXING}">
 			<fieldset>
-				<legend>{L_ACP_SUBMIT_CHANGES}</legend>
+				<legend>{{ lang('CONTINUE_INDEXING') }}</legend>
+				{% if CONTINUE_PROGRESS %}
+					<div class="centered-text">
+						<br>
+						<progress
+							value="{{ CONTINUE_PROGRESS.VALUE }}"
+							max="{{ CONTINUE_PROGRESS.TOTAL }}"
+							style="height: 2em; width: 20em;"></progress><br>
+						{{ CONTINUE_PROGRESS.PERCENTAGE|number_format(2) ~ ' %' }}<br>
+						{{ lang('SEARCH_INDEX_PROGRESS', CONTINUE_PROGRESS.VALUE, CONTINUE_PROGRESS.REMAINING, CONTINUE_PROGRESS.TOTAL) }}
+					</div>
+				{% endif %}
 				<p class="submit-buttons">
 					<input class="button1" type="submit" id="submit" name="submit" value="{L_SUBMIT}" />&nbsp;
 					<input class="button2" type="submit" id="cancel" name="cancel" value="{L_CANCEL}" />
@@ -151,10 +154,10 @@
 			<p class="quick">
 			<!-- IF backend.S_INDEXED -->
 				<input type="hidden" name="action" value="delete" />
-				<input class="button2" type="submit" value="{L_DELETE_INDEX}" onclick="popup_progress_bar('delete');" />
+				<input class="button2" type="submit" name="submit" value="{{ lang('DELETE_INDEX') }}" />
 			<!-- ELSE -->
 				<input type="hidden" name="action" value="create" />
-				<input class="button2" type="submit" value="{L_CREATE_INDEX}" onclick="popup_progress_bar('create');" />
+				<input class="button2" type="submit" name="submit" value="{{ lang('CREATE_INDEX') }}" />
 			<!-- ENDIF -->
 			</p>
 			{S_FORM_TOKEN}
@@ -165,6 +168,24 @@
 
 	<!-- ENDIF -->
 
+<!-- ELSEIF S_INDEX_PROGRESS -->
+	<div class="successbox">
+		<h3>{{ INDEXING_TITLE }}</h3>
+		<p>
+			{{ INDEXING_EXPLAIN }}
+			{% if INDEXING_PROGRESS %}<br>{{ INDEXING_PROGRESS }}{% endif %}
+			{% if INDEXING_RATE %}<br>{{ INDEXING_RATE }}{% endif %}
+			{% if INDEXING_PROGRESS_BAR %}
+				<br>
+				<progress
+					value="{{ INDEXING_PROGRESS_BAR.VALUE }}"
+					max="{{ INDEXING_PROGRESS_BAR.TOTAL }}"
+					style="height: 2em; width: 20em;"></progress><br>
+				{{ INDEXING_PROGRESS_BAR.PERCENTAGE|number_format(2) ~ ' %' }}<br>
+				{{ lang('SEARCH_INDEX_PROGRESS', INDEXING_PROGRESS_BAR.VALUE, INDEXING_PROGRESS_BAR.REMAINING, INDEXING_PROGRESS_BAR.TOTAL) }}
+			{% endif %}
+		</p>
+	</div>
 <!-- ENDIF -->
 
 <!-- INCLUDE overall_footer.html -->

phpBB/adm/style/acp_users.html

@@ -137,9 +137,13 @@
 				<td><a href="{group.U_EDIT_GROUP}">{group.GROUP_NAME}</a></td>
 				<td><!-- IF group.S_IS_MEMBER --><!-- IF group.S_NO_DEFAULT --><a href="{group.U_DEFAULT}">{L_GROUP_DEFAULT}</a><!-- ELSE --><strong>{L_GROUP_DEFAULT}</strong><!-- ENDIF --><!-- ELSEIF not group.S_IS_MEMBER and group.U_APPROVE --><a href="{group.U_APPROVE}">{L_GROUP_APPROVE}</a><!-- ELSE -->&nbsp;<!-- ENDIF --></td>
 				<td><!-- IF group.S_IS_MEMBER and not group.S_SPECIAL_GROUP --><a href="{group.U_DEMOTE_PROMOTE}">{group.L_DEMOTE_PROMOTE}</a><!-- ELSE -->&nbsp;<!-- ENDIF --></td>
-				<td><a href="{group.U_DELETE}">{L_GROUP_DELETE}</a></td>
+				<td>{% if group.U_DELETE %}<a href="{{ group.U_DELETE }}">{{ lang('GROUP_DELETE') }}</a>{% endif %}</td>
 			</tr>
 		<!-- ENDIF -->
+	<!-- BEGINELSE -->
+		<tr>
+			<td class="row3 centered-text" colspan="4">{{ lang('NO_GROUP') }}</td>
+		</tr>
 	<!-- END group -->
 	</tbody>
 	</table>

phpBB/adm/style/acp_users_warnings.html

@@ -14,7 +14,7 @@
 	<!-- BEGIN warn -->
 		<tr>
 			<td>{warn.USERNAME}</td>
-			<td style="text-align: center; nowrap: nowrap;">{warn.DATE}</td>
+			<td style="text-align: center; white-space: nowrap;">{warn.DATE}</td>
 			<td>{warn.ACTION}</td>
 			<td style="text-align: center;"><input type="checkbox" class="radio" name="mark[]" value="{warn.ID}" /></td>
 		</tr>

phpBB/adm/style/captcha_recaptcha_acp.html

@@ -21,6 +21,20 @@
 	<dd><input id="recaptcha_privkey" name="recaptcha_privkey" value="{RECAPTCHA_PRIVKEY}" size="50" type="text" /></dd>
 </dl>
 
+<dl>
+	<dt>
+		<label>{{ lang('RECAPTCHA_V3_DOMAIN') ~ lang('COLON') }}</label>
+		<br><span>{{ lang('RECAPTCHA_V3_DOMAIN_EXPLAIN') }}</span>
+	</dt>
+	<dd>
+		{% for domain in RECAPTCHA_V2_DOMAINS %}
+		<label>
+			<input class="radio" name="recaptcha_v2_domain" type="radio" value="{{ domain }}"{{ domain == RECAPTCHA_V2_DOMAIN ? ' checked' }}>
+			<span>{{ domain }}</span>
+		</label>
+		{% endfor %}
+	</dd>
+</dl>
 
 </fieldset>
 <fieldset>

phpBB/adm/style/installer_footer.html

@@ -23,7 +23,7 @@ installLang = {
 </script>
 
 <script src="{T_JQUERY_LINK}"></script>
-<!-- IF S_ALLOW_CDN --><script>window.jQuery || document.write('\x3Cscript src="{T_ASSETS_PATH}/javascript/jquery-3.6.0.min.js">\x3C/script>');</script><!-- ENDIF -->
+<!-- IF S_ALLOW_CDN --><script>window.jQuery || document.write('\x3Cscript src="{T_ASSETS_PATH}/javascript/jquery-3.7.1.min.js">\x3C/script>');</script><!-- ENDIF -->
 <script src="{T_ASSETS_PATH}/javascript/core.js?assets_version={T_ASSETS_VERSION}"></script>
 <!-- INCLUDEJS admin.js -->
 {$SCRIPTS}

phpBB/adm/style/overall_footer.html

@@ -34,7 +34,7 @@
 </div>
 
 <script src="{T_JQUERY_LINK}"></script>
-<!-- IF S_ALLOW_CDN --><script>window.jQuery || document.write('\x3Cscript src="{T_ASSETS_PATH}/javascript/jquery-3.6.0.min.js?assets_version={T_ASSETS_VERSION}">\x3C/script>');</script><!-- ENDIF -->
+<!-- IF S_ALLOW_CDN --><script>window.jQuery || document.write('\x3Cscript src="{T_ASSETS_PATH}/javascript/jquery-3.7.1.min.js?assets_version={T_ASSETS_VERSION}">\x3C/script>');</script><!-- ENDIF -->
 <script src="{T_ASSETS_PATH}/javascript/core.js?assets_version={T_ASSETS_VERSION}"></script>
 <!-- INCLUDEJS ajax.js -->
 <!-- INCLUDEJS admin.js -->
@@ -42,5 +42,7 @@
 <!-- EVENT acp_overall_footer_after -->
 {$SCRIPTS}
 
+{% EVENT acp_overall_footer_body_after %}
+
 </body>
 </html>

phpBB/adm/style/simple_footer.html

@@ -17,11 +17,13 @@
 </div>
 
 <script src="{T_JQUERY_LINK}"></script>
-<!-- IF S_ALLOW_CDN --><script>window.jQuery || document.write('\x3Cscript src="{T_ASSETS_PATH}/javascript/jquery-3.6.0.min.js?assets_version={T_ASSETS_VERSION}">\x3C/script>');</script><!-- ENDIF -->
+<!-- IF S_ALLOW_CDN --><script>window.jQuery || document.write('\x3Cscript src="{T_ASSETS_PATH}/javascript/jquery-3.7.1.min.js?assets_version={T_ASSETS_VERSION}">\x3C/script>');</script><!-- ENDIF -->
 <script src="{T_ASSETS_PATH}/javascript/core.js?assets_version={T_ASSETS_VERSION}"></script>
 
 <!-- EVENT acp_simple_footer_after -->
 {$SCRIPTS}
 
+{% EVENT acp_simple_footer_body_after %}
+
 </body>
 </html>

phpBB/common.php

@@ -12,7 +12,7 @@
 */
 
 /**
-* Minimum Requirement: PHP 7.1.3
+* Minimum Requirement: PHP 7.2.0
 */
 
 if (!defined('IN_PHPBB'))
@@ -51,20 +51,10 @@ if (!defined('PHPBB_INSTALLED'))
 		$server_port = 443;
 	}
 
-	$script_name = (!empty($_SERVER['PHP_SELF'])) ? $_SERVER['PHP_SELF'] : getenv('PHP_SELF');
-	if (!$script_name)
-	{
-		$script_name = (!empty($_SERVER['REQUEST_URI'])) ? $_SERVER['REQUEST_URI'] : getenv('REQUEST_URI');
-	}
-
-	// $phpbb_root_path accounts for redirects from e.g. /adm
-	$script_path = trim(dirname($script_name)) . '/' . $phpbb_root_path . 'install/app.' . $phpEx;
-	// Replace any number of consecutive backslashes and/or slashes with a single slash
-	// (could happen on some proxy setups and/or Windows servers)
-	$script_path = preg_replace('#[\\\\/]{2,}#', '/', $script_path);
+	$script_path = phpbb_get_install_redirect($phpbb_root_path, $phpEx);
 
 	// Eliminate . and .. from the path
-	require($phpbb_root_path . 'phpbb/filesystem.' . $phpEx);
+	require($phpbb_root_path . 'phpbb/filesystem/filesystem.' . $phpEx);
 	$phpbb_filesystem = new phpbb\filesystem\filesystem();
 	$script_path = $phpbb_filesystem->clean_path($script_path);
 
@@ -114,6 +104,14 @@ $phpbb_class_loader_ext->register();
 try
 {
 	$phpbb_container_builder = new \phpbb\di\container_builder($phpbb_root_path, $phpEx);
+
+	// Check that cache directory is writable before trying to build container
+	$cache_dir = $phpbb_container_builder->get_cache_dir();
+	if (file_exists($cache_dir) && !is_writable($phpbb_container_builder->get_cache_dir()))
+	{
+		die('Unable to write to the cache directory path "' . $cache_dir . '". Ensure that the web server user can write to the cache folder.');
+	}
+
 	$phpbb_container = $phpbb_container_builder->with_config($phpbb_config_php_file)->get_container();
 }
 catch (InvalidArgumentException $e)

phpBB/composer.json

@@ -26,14 +26,14 @@
 		"phpbb/phpbb-core": "self.version"
 	},
 	"require": {
-		"php": "^7.1.3",
+		"php": "^7.2 || ^8.0.0",
 		"ext-json": "*",
 		"ext-mbstring": "*",
 		"bantu/ini-get-wrapper": "~1.0",
+		"carlos-mg89/oauth": "^0.8.15",
 		"composer/package-versions-deprecated": "^1.11",
 		"google/recaptcha": "~1.1",
 		"guzzlehttp/guzzle": "~6.3",
-		"lusitanian/oauth": "^0.8.1",
 		"marc1706/fast-image-size": "^1.1",
 		"s9e/text-formatter": "^2.0",
 		"symfony/config": "~3.4",
@@ -74,7 +74,10 @@
 	},
 	"config": {
 		"platform": {
-			"php": "7.1.3"
+			"php": "7.2"
+		},
+		"allow-plugins": {
+			"composer/installers": true
 		}
 	}
 }

phpBB/config/default/container/services_content.yml

@@ -67,7 +67,15 @@ services:
             - '@controller.helper'
             - '@dispatcher'
 
+    posting.lock:
+        class: phpbb\lock\posting
+        shared: false
+        arguments:
+            - '@cache.driver'
+            - '@config'
+
     viewonline_helper:
         class: phpbb\viewonline_helper
         arguments:
             - '@filesystem'
+            - '@dbal.conn'

phpBB/config/default/container/services_event.yml

@@ -9,6 +9,7 @@ services:
         arguments:
             - '@template'
             - '@language'
+            - '@user'
             - '%debug.exceptions%'
         tags:
             - { name: kernel.event_subscriber }

phpBB/config/installer/container/services_install_controller.yml

@@ -4,6 +4,7 @@ services:
         arguments:
             - '@phpbb.installer.controller.helper'
             - '@language'
+            - '@path_helper'
             - '@template'
             - '%core.root_path%'
 

phpBB/cron.php

@@ -12,6 +12,9 @@
 */
 
 use Symfony\Component\HttpFoundation\RedirectResponse;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Routing\Exception\ExceptionInterface;
+use Symfony\Component\Routing\Exception\RouteNotFoundException;
 
 /**
 */
@@ -28,10 +31,49 @@ $cron_type = $request->variable('cron_type', '');
 
 $get_params_array = $request->get_super_global(\phpbb\request\request_interface::GET);
 
+/* @var $http_kernel \Symfony\Component\HttpKernel\HttpKernel */
+$http_kernel = $phpbb_container->get('http_kernel');
+
+/* @var $symfony_request \phpbb\symfony_request */
+$symfony_request = $phpbb_container->get('symfony_request');
+
 /** @var \phpbb\controller\helper $controller_helper */
 $controller_helper = $phpbb_container->get('controller.helper');
-$response = new RedirectResponse(
-	$controller_helper->route('phpbb_cron_run', $get_params_array, false),
-	301
+$cron_route = 'phpbb_cron_run';
+
+try
+{
+	$response = new RedirectResponse(
+		$controller_helper->route($cron_route, $get_params_array, false),
+		Response::HTTP_MOVED_PERMANENTLY
+	);
+	$response->send();
+	$http_kernel->terminate($symfony_request, $response);
+	exit();
+}
+catch (RouteNotFoundException $exception)
+{
+	$error = 'ROUTE_NOT_FOUND';
+	$error_parameters = $cron_route;
+	$error_code = Response::HTTP_NOT_FOUND;
+}
+catch (ExceptionInterface $exception)
+{
+	$error = 'ROUTE_INVALID_MISSING_PARAMS';
+	$error_parameters = $cron_route;
+	$error_code = Response::HTTP_BAD_REQUEST;
+}
+catch (Throwable $exception)
+{
+	$error = $exception->getMessage();
+	$error_parameters = [];
+	$error_code = Response::HTTP_INTERNAL_SERVER_ERROR;
+}
+
+$language = $phpbb_container->get('language');
+$response = new Response(
+	$language->lang($error, $error_parameters),
+	$error_code
 );
 $response->send();
+$http_kernel->terminate($symfony_request, $response);

phpBB/docs/CHANGELOG.html

@@ -50,6 +50,13 @@
 <ol>
 	<li><a href="#changelog">Changelog</a>
 	<ul>
+		<li><a href="#v3312rc1">Changes since 3.3.12-RC1</a></li>
+		<li><a href="#v3311">Changes since 3.3.11</a></li>
+		<li><a href="#v3310">Changes since 3.3.10</a></li>
+		<li><a href="#v3310rc1">Changes since 3.3.10-RC1</a></li>
+		<li><a href="#v339">Changes since 3.3.9</a></li>
+		<li><a href="#v339rc1">Changes since 3.3.9-RC1</a></li>
+		<li><a href="#v338">Changes since 3.3.8</a></li>
 		<li><a href="#v337">Changes since 3.3.7</a></li>
 		<li><a href="#v336">Changes since 3.3.6</a></li>
 		<li><a href="#v336rc1">Changes since 3.3.6-RC1</a></li>
@@ -162,6 +169,209 @@
 		<div class="inner">
 
 		<div class="content">
+			<a name="v3312rc1"></a><h3>Changes since 3.3.12-RC1</h3>
+			<h4>Bug</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17312">PHPBB3-17312</a>] - User last visit gets updated too often</li>
+			</ul>
+			<h4>Improvement</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17324">PHPBB3-17324</a>] - Add template event to notification_dropdown.html</li>
+			</ul>
+			<h4>Hardening</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/SECURITY-276">SECURITY-276</a>] - Prevent resending activation email too often</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/SECURITY-278">SECURITY-278</a>] - Always release cron lock, even invalid task is passed</li>
+			</ul>
+
+			<a name="v3311"></a><h3>Changes since 3.3.11</h3>
+			<h4>Bug</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-14047">PHPBB3-14047</a>] - Jabber discards messages when stream gets closed without waiting for acknowledgement</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-15325">PHPBB3-15325</a>] - Global moderator permissions shown in forum moderator permissions</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16470">PHPBB3-16470</a>] - Memberlist bug - sorting by Last active date is incorrect</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17077">PHPBB3-17077</a>] - Multiple posts at once, even if the user shouldn't ignore the flood interval</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17117">PHPBB3-17117</a>] - Deactivated notification method leads to crash</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17130">PHPBB3-17130</a>] - Text reparser changes magic URL state in posts</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17187">PHPBB3-17187</a>] - Unread Topic URL Link Not Working On MCP View Forum Topic List</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17200">PHPBB3-17200</a>] - Color Parse Error In viewonline.php Legend</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17201">PHPBB3-17201</a>] - Redirect to installer might be invalid when accessing subfolder</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17202">PHPBB3-17202</a>] - The bidi.css File Is Loaded When Viewing LTR Topic Print View Page</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17203">PHPBB3-17203</a>] - Group Description With BBCode Ordered List Breaks Layout</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17207">PHPBB3-17207</a>] - Extensions are unable to use PHPBB_USE_BOARD_URL_PATH</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17208">PHPBB3-17208</a>] - Update Error YouTube Profilfeld</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17212">PHPBB3-17212</a>] - Who is online incorrectly reports page when posting with only post URL parameter</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17237">PHPBB3-17237</a>] - QUICKMOD_ACTION_NOT_ALLOWED uses &quot; instead of ' </li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17286">PHPBB3-17286</a>] - Non-existent urls to be written down to session_page</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17292">PHPBB3-17292</a>] - Link to spamhaus.org no longer valid</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17296">PHPBB3-17296</a>] - mod_security false positive denies access to ACP</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17302">PHPBB3-17302</a>] - Password reset function does not update all necessary data</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17306">PHPBB3-17306</a>] - Wrong declaration of function input values</li>
+			</ul>
+			<h4>Improvement</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17230">PHPBB3-17230</a>] - Update doctum for PHP 8.1 support</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17232">PHPBB3-17232</a>] - Improve MySQL error messages in PHP 8.1+</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17233">PHPBB3-17233</a>] - Add PHP 8.3 tests to the 3.3.x branch</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17235">PHPBB3-17235</a>] - Missing autocomplete for username &amp; password</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17236">PHPBB3-17236</a>] - Update symfony dependencies to improve PHP 8.3 compatibility</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17277">PHPBB3-17277</a>] - Add template events to UCP</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17284">PHPBB3-17284</a>] - Add event to add content after the online users list in viewtopic</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17293">PHPBB3-17293</a>] - Update composer and dependencies to latest versions</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17299">PHPBB3-17299</a>] - Allow core event to modify variables while sending email</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17303">PHPBB3-17303</a>] - Update jQuery to 3.7+</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17305">PHPBB3-17305</a>] - Improve queries for unanswered topics and posts</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17310">PHPBB3-17310</a>] - Update GitHub actions workflows to Node.js 20</li>
+			</ul>
+			<h4>Task</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17204">PHPBB3-17204</a>] - Update composer and node dependencies</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17280">PHPBB3-17280</a>] - Fallback to branch name on branches without ticket ID</li>
+			</ul>
+
+			<a name="v3310"></a><h3>Changes since 3.3.10</h3>
+			<h4>Bug</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-8777">PHPBB3-8777</a>] - Users can be removed from all groups leaving no default group</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-11184">PHPBB3-11184</a>] - ACP purports to allow editing of Founder admin permissions</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-12785">PHPBB3-12785</a>] - Redirection of URI are calculated using PHP_SELF</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-13276">PHPBB3-13276</a>] - INCLUDEJS and INCLUDECSS do not obey PHPBB_USE_BOARD_URL_PATH</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-13364">PHPBB3-13364</a>] - Index Subject not updated after moderation</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-15129">PHPBB3-15129</a>] - Wrong Installation guide link</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16796">PHPBB3-16796</a>] - misalignment on index and viewforum for topics and posts titles</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16877">PHPBB3-16877</a>] - OAuth account linking throws a PHP error - PHP 8</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17004">PHPBB3-17004</a>] - Pagination doesn't not show up in UCP &gt; Front Page</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17040">PHPBB3-17040</a>] - bidi.css is loaded when viewing LTR print view pages</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17041">PHPBB3-17041</a>] - RTL Pagination Dropdown Arrow Faces The Wrong Way</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17042">PHPBB3-17042</a>] - Group Description With BBCode List Breaks Layout</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17043">PHPBB3-17043</a>] - Remove Duplicate CP Rule From bidi.css</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17045">PHPBB3-17045</a>] - UCP attachments list page top and bottom pagination counts language strings and font size are different</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17046">PHPBB3-17046</a>] - IE tweaks in simple_header should be included the same as in overall_header</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17053">PHPBB3-17053</a>] - sql_freeresult not working for mysqli &amp; PHP 8</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17076">PHPBB3-17076</a>] - Signature length limit bug</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17086">PHPBB3-17086</a>] - phpBB / Codespaces support</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17089">PHPBB3-17089</a>] - Warning users without post causes PHP warning</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17097">PHPBB3-17097</a>] - PHP 8.2 Deprecations</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17098">PHPBB3-17098</a>] - body class {S_CONTENT_DIRECTION} is missing in ucp_pm_viewmessage_print.html</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17107">PHPBB3-17107</a>] - Who is online incorectly reports Forum location when replying/quoting </li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17115">PHPBB3-17115</a>] - PHP warning with native search backend if query ends with a space followed by hyphen</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17126">PHPBB3-17126</a>] - Filename in instructions about running all tests does not exist</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17127">PHPBB3-17127</a>] - Guest users stats got purged when resetting password</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17129">PHPBB3-17129</a>] - Youtube profile field not up to date in new installations</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17132">PHPBB3-17132</a>] - Missing language variable leads to PHP error in convertor</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17137">PHPBB3-17137</a>] - Attachments can be deleted after end of post editing or deletion time</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17139">PHPBB3-17139</a>] - PHP fatal error while updating with advanced update package</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17140">PHPBB3-17140</a>] - Required parameter phpbb_root_path missing in local_url_bbcode migration</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17141">PHPBB3-17141</a>] - Empty referrer may result in PHP error in get_web_root_path()</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17142">PHPBB3-17142</a>] - Installation errors when using MSSQL+ IIS + PHP 8.2 </li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17145">PHPBB3-17145</a>] - Field 'pf_phpbb_occupation' doesn't have a default value</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17146">PHPBB3-17146</a>] - Undefined array key in notifications code</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17148">PHPBB3-17148</a>] - phpBB3.3.10 Setup does not support PostgreSQL 8.3 </li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17150">PHPBB3-17150</a>] - Forum Image Breaks Layout If Big Image Used - (Forum List Forum Image)</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17160">PHPBB3-17160</a>] - Missing 'Mark' Column Header On MCP Front Page</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17171">PHPBB3-17171</a>] - Remove non functional responsive placeholder text rules in responsive.css</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17172">PHPBB3-17172</a>] - Hovering over a forum link / subforum link shows 'No unread posts' on the tooltip</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17189">PHPBB3-17189</a>] - Installer permission handling on PHP 8.2</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17194">PHPBB3-17194</a>] - Php version in vagrant configuration is not set correctly</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17198">PHPBB3-17198</a>] - Gravatar requires https by default</li>
+			</ul>
+			<h4>Improvement</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-8071">PHPBB3-8071</a>] - DBAL function &quot;sql_nextid&quot; - name is misleading</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-11765">PHPBB3-11765</a>] - short_ipv6() doesn't expect IPv4 embedded IPv6 addresses</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-12904">PHPBB3-12904</a>] - Required custom profile fields and asterisk</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-13399">PHPBB3-13399</a>] - Problem with plurals - 'CHARACTERS'</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-15973">PHPBB3-15973</a>] - Canonical for the index page</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16913">PHPBB3-16913</a>] - Add Search Index Progress Bar with Stats</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17025">PHPBB3-17025</a>] - Move post destination topic field should not be populated with a zero</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17125">PHPBB3-17125</a>] - Message Editor layout Broken in Latest Safari</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17128">PHPBB3-17128</a>] - Link to PHP date() function</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17152">PHPBB3-17152</a>] - Add template event to viewtopic_body.html</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17188">PHPBB3-17188</a>] - Condition to check if a utf8 string is malformed is wrong</li>
+			</ul>
+			<h4>Task</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17116">PHPBB3-17116</a>] - Useless duplicate conditions in ucp_pm_history.html</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17149">PHPBB3-17149</a>] - Update authors and pull request template</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17154">PHPBB3-17154</a>] - Update composer and dependencies to latest versions</li>
+			</ul>
+			<h4>Hardening</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/SECURITY-132">SECURITY-132</a>] - Limit CAPTCHA attempts at registration for single session</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/SECURITY-279">SECURITY-279</a>] - Escape smilies URL and prevent paths in .pak filename</li>
+			</ul>
+
+			<a name="v3310rc1"></a><h3>Changes since 3.3.10-RC1</h3>
+			<h4>Bug</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17091">PHPBB3-17091</a>] - PHP 8.0 builds fail due to incompatible doctrine/instantiator</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17092">PHPBB3-17092</a>] - Check for error codes when querying Spamhaus</li>
+			</ul>
+
+			<a name="v339"></a><h3>Changes since 3.3.9</h3>
+			<h4>Bug</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16938">PHPBB3-16938</a>] - Unexistent css property in inline style</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17039">PHPBB3-17039</a>] - Group name not colored in manage groups due to typo</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17056">PHPBB3-17056</a>] - PHP 8.2 Deprecation warning about ${var} syntax</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17065">PHPBB3-17065</a>] - Emoji characters in MCP add feedback cause SQL error</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17074">PHPBB3-17074</a>] - Condition to avoid creation of roles with same name is broken</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17081">PHPBB3-17081</a>] - Invalid accept attribute in the post editor</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17082">PHPBB3-17082</a>] - Ability to warn Anonymous</li>
+			</ul>
+			<h4>Improvement</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-13291">PHPBB3-13291</a>] - Close notification drop down after clicking &quot;mark all read&quot;</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16105">PHPBB3-16105</a>] - Use &quot;global&quot; reCAPTCHA domain to circumvent blocking in some countries</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17068">PHPBB3-17068</a>] - ALLOW_CDN_EXPLAIN: Incomplete and imprecise description</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17075">PHPBB3-17075</a>] - Add template events to ACP footer after SCRIPTS</li>
+			</ul>
+			<h4>Task</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17066">PHPBB3-17066</a>] - Update GitHub Actions configuration to resolve deprecations</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17071">PHPBB3-17071</a>] - Update the emoji CDN</li>
+			</ul>
+			<h4>Hardening</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/SECURITY-275">SECURITY-275</a>] - Improve handling of exceptions in cron redirect</li>
+			</ul>
+
+			<a name="v339rc1"></a><h3>Changes since 3.3.9-RC1</h3>
+			<h4>Bug</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17058">PHPBB3-17058</a>] - Special character issue in emails from PHP 8.0 and higher</li>
+			</ul>
+			<h4>Hardening</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/SECURITY-274">SECURITY-274</a>] - Reset login keys/session when resetting password</li>
+			</ul>
+
+			<a name="v338"></a><h3>Changes since 3.3.8</h3>
+			<h4>Bug</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16917">PHPBB3-16917</a>] - bin/phpbb.cli requires 755 permissions</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16932">PHPBB3-16932</a>] - Invalid email To: header on notifications to users with @ in name</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17003">PHPBB3-17003</a>] - Icon of a topic do not show up in the UCP &gt; Front Page.</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17019">PHPBB3-17019</a>] - Missing &quot;youtube&quot; profilefield stops Database update</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17023">PHPBB3-17023</a>] - phpBB 3.3: PHP8 supported but not indicated by composer.json</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17026">PHPBB3-17026</a>] - Session viewonline not defined in Memberlist</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17030">PHPBB3-17030</a>] - Feed doesn't generate valid RFC-3339 dates</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17032">PHPBB3-17032</a>] - Missing or invalid user entry for anonymous user may result in stack overflow</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17036">PHPBB3-17036</a>] - Update guzzle to latest version</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17050">PHPBB3-17050</a>] - Unnecessary trailing slash in void HTML elements</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17051">PHPBB3-17051</a>] - Textformatter may generate PHP warnings if user is not fully initialized in PHP 8.1</li>
+			</ul>
+			<h4>Improvement</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16916">PHPBB3-16916</a>] - Enhance the PHP version error message on startup and install</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17005">PHPBB3-17005</a>] - List item closing tag missing slash in posting_topic_review</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17006">PHPBB3-17006</a>] - &quot;www.&quot; not needed and may lead to confusion</li>
+			</ul>
+			<h4>Task</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17048">PHPBB3-17048</a>] - Update composer and dependencies for 3.3.9</li>
+			</ul>
+
 			<a name="v337"></a><h3>Changes since 3.3.7</h3>
 			<h4>Bug</h4>
 			<ul>

phpBB/docs/CREDITS.txt

@@ -25,7 +25,6 @@ phpBB Lead Developer:    Marc (Marc Alexander)
 phpBB Developers:        CHItA (Máté Bartus)
                          Derky (Derk Ruitenbeek)
                          Hanakin (Michael Miday)
-                         mrgoldy (Gijs Martens)
                          Nicofuma (Tristan Darricau)
                          rubencm (Rubén Calvo)
 
@@ -64,6 +63,7 @@ phpBB Developers:        A_Jelly_Doughnut (Josh Woody) [01/2010 - 11/2010]
                          imkingdavid (David King)      [11/2012 - 06/2014]
                          kellanved (Henry Sudhof)      [04/2007 - 03/2011]
                          MichaelC (Michael Cullum)     [11/2017 - 09/2019]
+                         mrgoldy (Gijs Martens)        [03/2020 - 06/2023]
                          nickvergessen (Joas Schilling)[04/2010 - 12/2015]
                          Oleg (Oleg Pudeyev)           [01/2011 - 05/2013]
                          prototech (Cesar Gallegos)    [01/2014 - 12/2016]

phpBB/docs/INSTALL.html

@@ -147,7 +147,7 @@
 			<li>Oracle</li>
 		</ul>
 		</li>
-		<li><strong>PHP 7.1.3+</strong> up to and including <strong>PHP 8.1</strong> with support for the database you intend to use.</li>
+		<li><strong>PHP 7.2.0+</strong> up to and including <strong>PHP 8.3</strong> with support for the database you intend to use.</li>
 		<li>The following PHP modules are required:
 		<ul>
 			<li>json</li>

phpBB/docs/README.html

@@ -265,7 +265,7 @@
 
 	<ul>
 		<li>Your server type/version, e.g. Apache 2.2.3, IIS 7, Sambar, etc.</li>
-		<li>PHP version and mode of operation, e.g. PHP 7.1.3 as a module, PHP 7.1.3 running as CGI, etc.</li>
+		<li>PHP version and mode of operation, e.g. PHP 7.2.0 as a module, PHP 7.2.7 running as CGI, etc.</li>
 		<li>DB type/version, e.g. MySQL 5.0.77, PostgreSQL 9.0.6, MSSQL Server 2000 (via ODBC), etc.</li>
 	</ul>
 
@@ -323,11 +323,11 @@
 
 		<div class="content">
 
-	<p>phpBB 3.3.x takes advantage of new features added in PHP 7.1. We recommend that you upgrade to the latest stable release of PHP to run phpBB. The minimum version required is PHP 7.1.3 and the maximum supported version is the latest stable version of PHP.</p>
+	<p>phpBB 3.3.x takes advantage of new features added in PHP 7.2. We recommend that you upgrade to the latest stable release of PHP to run phpBB. The minimum version required is PHP 7.2.0 and the maximum supported version is the latest stable version of PHP.</p>
 
 	<p>Please remember that running any application on a development (unstable, e.g. a beta release) version of PHP can lead to strange/unexpected results which may appear to be bugs in the application. Therefore, we recommend you upgrade to the newest stable version of PHP before running phpBB. If you are running a development version of PHP please check any bugs you find on a system running a stable release before submitting.</p>
 
-	<p>This board has been developed and tested under Linux and Windows (amongst others) running Apache using MySQLi 4.1.3, 4.x, 5.x, MariaDB 5.x, PostgreSQL 8.x, Oracle 8 and SQLite 3. Versions of PHP used range from 7.1.3 to 7.2.x and 7.3.x without issues.</p>
+	<p>This board has been developed and tested under Linux and Windows (amongst others) running Apache using MySQLi 4.1.3, 4.x, 5.x, MariaDB 5.x, PostgreSQL 8.x, Oracle 8 and SQLite 3. Versions of PHP used range from 7.2.0 to 7.4.x and 8.0.x to 8.3.x.</p>
 
 <a name="phpsec"></a><h3>7.i. Notice on PHP security issues</h3>
 

phpBB/docs/codespaces.md

@@ -0,0 +1,55 @@
+## Using GitHub Codespaces with phpBB
+
+phpBB includes support for [Codespaces](https://docs.github.com/en/codespaces), GitHub's cloud-based software development environment. This allows developers and contributors to run and modify phpBB on a consistent environment through a GitHub account without the need to set up a local web server.
+
+Codespaces is completely web-based and does not require any code to be downloaded locally.
+
+Features include:
+
+* Automatic phpBB installation
+* Access to [VS Code](https://docs.github.com/en/codespaces/the-githubdev-web-based-editor) through the web browser 
+* [Xdebug](https://github.com/xdebug/vscode-php-debug) pre-configured to step through the phpBB code and add breakpoints
+* Full LAMP stack with database access
+* Commit, push and test code entirely online
+
+## How it works
+
+### To run phpBB in Codespaces
+
+* On the GitHub.com website, fork the `phpbb/phpbb` repository.
+* Under the `Code` button, click the `Codespaces` tab and then the `+` button to create a new Codespace.
+* It may take several minutes to configure and install phpBB on the newly created virtual machine. Once it is ready, a web-based VS Code instance will appear.
+* Under the `Ports` tab, click on the local address under port 80 to open the private website for the new phpBB installation.
+    * By default, the login details for the new phpBB installation are `admin` / `adminadmin`
+    * Port 9003 is also open to allow Xdebug connections.
+
+### To use the command line
+
+* Click on the `Terminal` tab at the bottom of VS Code and make sure the `bash` window is selected in the right sidebar.
+* The `workspaces/phpbb` directory contains the code from the workspace.
+* Run `mysql -h 127.0.0.1 -u phpbb -p` to log into the MySQL database. The password is `phpbb` and the database name is `phpbb`.
+    * Tip: type `use phpbb;` after logging in to MySQL to switch to the correct database, then queries can be run for the phpBB tables.
+
+### To debug code
+
+* Click the `Run and Debug` tab on the left sidebar in VS Code, then click the green play button next to the `Debug phpBB` option.
+    * Tip: to confirm that Xdebug is working correctly, run `lsof -i :9003` on the command line. It should show that the port is listening for connections.
+* In any of the files in the `phpBB/` directory, add a breakpoint by clicking just to the left of a line number in VS Code. Then, access the private website created on port 80 (found under the VS Code `Ports` tab) through the web browser and navigate to the page with a breakpoint. VS Code will automatically pause execution where the breakpoint is hit, and under the `Run and Debug` tab a variable list will be shown.
+
+### To commit and push code
+
+* To save a change made using VS Code on Codespaces, click the `Source Control` tab on the left sidebar in VS Code.
+* To stage changes or discard changes, right click the file(s) and select the appropriate option.
+* Type a commit message and select the `Commit and Push` option.
+
+**Remember to stop a Codespace once you are finished with it.** GitHub provides all users with a limited number of free core hours per month. A Codespace can be stopped (or deleted) from the main repository page on GitHub.com.
+
+## Technical information
+
+All of the Codespaces configuration can be found in the `.devcontainer/` directory. The `devcontainer.json` holds the general environment information and `Dockerfile` contains the commands to set up the LAMP stack which enables phpBB to run.
+
+`setup.sh` is used to install phpBB from the command line, using pre-determined details from `phpbb-config.yml`.
+
+Codespaces can run without the configuration inside the `.vscode/` directory, however by including this no manual intervention is required to set the Xdebug IDE code to `VSCode` (inside `settings.json`) and  `Debug phpBB` information, such as the path mapping from the Apache webroot to the `phpbb/phpBB` directory (inside `launch.json`).
+
+This configuration information can be safely modified to change the development environment, followed by `Ctrl+Shift+P` in VS Code and selection of the `Full Rebuild Container` option.

phpBB/docs/events.md

@@ -274,6 +274,12 @@ acp_overall_footer_after
 * Since: 3.1.0-a1
 * Purpose: Add content below the footer in the ACP
 
+acp_overall_footer_body_after
+===
+* Location: adm/style/overall_footer.html
+* Since: 3.3.10-RC1
+* Purpose: Add content before the `</body>` tag but after the $SCRIPTS var, i.e. after the js scripts have been loaded
+
 acp_overall_header_body_before
 ===
 * Location: adm/style/overall_header.html
@@ -558,6 +564,12 @@ acp_simple_footer_after
 * Since: 3.1.0-a1
 * Purpose: Add content below the simple footer in the ACP
 
+acp_simple_footer_body_after
+===
+* Location: adm/style/simple_footer.html
+* Since: 3.3.10-RC1
+* Purpose: Add content before the `</body>` tag but after the $SCRIPTS var, i.e. after the js scripts have been loaded
+
 acp_simple_header_body_before
 ===
 * Location: adm/style/simple_header.html
@@ -1585,6 +1597,20 @@ navbar_header_username_prepend
 * Since: 3.1.0-RC1
 * Purpose: Add text and HTMl before the username shown in the navbar.
 
+notification_dropdown_footer_after
+===
+* Locations:
+    + styles/prosilver/template/notification_dropdown.html
+* Since: 3.3.12
+* Purpose: Add content after notifications list footer.
+
+notification_dropdown_footer_before
+===
+* Locations:
+    + styles/prosilver/template/notification_dropdown.html
+* Since: 3.3.12
+* Purpose: Add content before notifications list footer.
+
 overall_footer_after
 ===
 * Locations:
@@ -2488,6 +2514,13 @@ ucp_agreement_terms_before
 * Since: 3.1.0-b3
 * Purpose: Add content before the terms of agreement text at user registration
 
+ucp_footer_content_after
+===
+* Locations:
+    + styles/prosilver/template/ucp_footer.html
+* Since: 3.3.12-RC1
+* Purpose: Add optional elements after tab panels content in UCP
+
 ucp_friend_list_after
 ===
 * Locations:
@@ -2502,6 +2535,13 @@ ucp_friend_list_before
 * Since: 3.1.0-a4
 * Purpose: Add optional elements before list of friends in UCP
 
+ucp_header_content_before
+===
+* Locations:
+    + styles/prosilver/template/ucp_header.html
+* Since: 3.3.12-RC1
+* Purpose: Add optional elements before tab panels content in UCP
+
 ucp_header_friends_offline_username_full_append
 ===
 * Locations:
@@ -2572,6 +2612,34 @@ ucp_main_subscribed_topic_title_after
 * Since: 3.3.8-RC1
 * Purpose: Add content right after the topic title viewing UCP subscribed topics
 
+ucp_notifications_content_after
+===
+* Locations:
+    + styles/prosilver/template/ucp_notifications.html
+* Since: 3.3.12-RC1
+* Purpose: Add optional elements after UCP notification options tab content
+
+ucp_notifications_content_before
+===
+* Locations:
+    + styles/prosilver/template/ucp_notifications.html
+* Since: 3.3.12-RC1
+* Purpose: Add optional elements before UCP notification options tab content
+
+ucp_notifications_form_after
+===
+* Locations:
+    + styles/prosilver/template/ucp_notifications.html
+* Since: 3.3.12-RC1
+* Purpose: Add optional elements after HTMP form in UCP notification options tab
+
+ucp_notifications_form_before
+===
+* Locations:
+    + styles/prosilver/template/ucp_notifications.html
+* Since: 3.3.12-RC1
+* Purpose: Add optional elements before HTMP form in UCP notificationoptions tab
+
 ucp_pm_history_post_buttons_after
 ===
 * Locations:
@@ -3146,6 +3214,13 @@ viewtopic_body_footer_before
 * Purpose: Add content to the bottom of the View topic screen below the posts
 and quick reply, directly before the jumpbox in Prosilver.
 
+viewtopic_body_online_list_after
+===
+* Locations:
+    + styles/prosilver/template/viewtopic_body.html
+* Since: 3.3.12-RC1
+* Purpose: Add content after the online users list
+
 viewtopic_body_online_list_before
 ===
 * Locations:
@@ -3292,6 +3367,13 @@ viewtopic_body_postrow_content_after
 * Since: 3.2.4-RC1
 * Purpose: Add content after the message content in topics views
 
+viewtopic_body_postrow_content_before
+===
+* Locations:
+    + styles/prosilver/template/viewtopic_body.html
+* Since: 3.3.11-RC1
+* Purpose: Add content before the message content in topics views
+
 viewtopic_body_postrow_custom_fields_after
 ===
 * Locations:

phpBB/includes/acp/acp_icons.php

@@ -550,7 +550,7 @@ class acp_icons
 						trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
 					}
 
-					if (!($pak_ary = @file($phpbb_root_path . $img_path . '/' . $pak)))
+					if (!($pak_ary = @file($phpbb_root_path . $img_path . '/' . utf8_basename($pak))))
 					{
 						trigger_error($user->lang['PAK_FILE_NOT_READABLE'] . adm_back_link($this->u_action), E_USER_WARNING);
 					}
@@ -654,7 +654,7 @@ class acp_icons
 							{
 								$replace_sql = ($mode == 'smilies') ? $code : $img;
 								$sql = array(
-									$fields . '_url'		=> $img,
+									$fields . '_url'		=> utf8_substr(rawurlencode($img), 0, 50),
 									$fields . '_height'		=> (int) $height,
 									$fields . '_width'		=> (int) $width,
 									'display_on_posting'	=> (int) $display_on_posting,
@@ -676,7 +676,7 @@ class acp_icons
 								++$order;
 
 								$sql = array(
-									$fields . '_url'	=> $img,
+									$fields . '_url'	=> utf8_substr(rawurlencode($img), 0, 50),
 									$fields . '_height'	=> (int) $height,
 									$fields . '_width'	=> (int) $width,
 									$fields . '_order'	=> (int) $order,

phpBB/includes/acp/acp_inactive.php

@@ -238,10 +238,11 @@ class acp_inactive
 
 						$messenger->save_queue();
 
-						// Add the remind state to the database
+						// Add the remind state to the database and increase activation expiration by one day
 						$sql = 'UPDATE ' . USERS_TABLE . '
 							SET user_reminded = user_reminded + 1,
-								user_reminded_time = ' . time() . '
+								user_reminded_time = ' . time() . ',
+								user_actkey_expiration = ' . (int) $user::get_token_expiration() . '
 							WHERE ' . $db->sql_in_set('user_id', $user_ids);
 						$db->sql_query($sql);
 

phpBB/includes/acp/acp_main.php

@@ -430,11 +430,11 @@ class acp_main
 		// Version check
 		$user->add_lang('install');
 
-		if ($auth->acl_get('a_server') && version_compare(PHP_VERSION, '7.1.3', '<'))
+		if ($auth->acl_get('a_server') && version_compare(PHP_VERSION, '7.2.0', '<'))
 		{
 			$template->assign_vars(array(
 				'S_PHP_VERSION_OLD'	=> true,
-				'L_PHP_VERSION_OLD'	=> sprintf($user->lang['PHP_VERSION_OLD'], PHP_VERSION, '7.1.3', '<a href="https://www.phpbb.com/support/docs/en/3.3/ug/quickstart/requirements">', '</a>'),
+				'L_PHP_VERSION_OLD'	=> sprintf($user->lang['PHP_VERSION_OLD'], PHP_VERSION, '7.2.0', '<a href="https://www.phpbb.com/support/docs/en/3.3/ug/quickstart/requirements">', '</a>'),
 			));
 		}
 

phpBB/includes/acp/acp_permission_roles.php

@@ -179,7 +179,7 @@ class acp_permission_roles
 					$db->sql_freeresult($result);
 
 					// Make sure we only print out the error if we add the role or change it's name
-					if ($row && ($mode == 'add' || ($mode == 'edit' && $role_row['role_name'] != $role_name)))
+					if ($row && ($action == 'add' || ($action == 'edit' && $role_row['role_name'] != $role_name)))
 					{
 						trigger_error(sprintf($user->lang['ROLE_NAME_ALREADY_EXIST'], $role_name) . adm_back_link($this->u_action), E_USER_WARNING);
 					}

phpBB/includes/acp/acp_search.php

@@ -239,7 +239,7 @@ class acp_search
 
 	function index($id, $mode)
 	{
-		global $db, $user, $template, $phpbb_log, $request;
+		global $db, $language, $user, $template, $phpbb_log, $request;
 		global $config, $phpbb_admin_path, $phpEx;
 
 		$action = $request->variable('action', '');
@@ -262,11 +262,6 @@ class acp_search
 		{
 			switch ($action)
 			{
-				case 'progress_bar':
-					$type = $request->variable('type', '');
-					$this->display_progress_bar($type);
-				break;
-
 				case 'delete':
 					$this->state[1] = 'delete';
 				break;
@@ -311,14 +306,29 @@ class acp_search
 						{
 							$this->state = array('');
 							$this->save_state();
-							trigger_error($error . adm_back_link($this->u_action) . $this->close_popup_js(), E_USER_WARNING);
+							trigger_error($error . adm_back_link($this->u_action), E_USER_WARNING);
 						}
 					}
+					else if ($submit)
+					{
+						meta_refresh(1, append_sid($this->u_action . '&action=delete&skip_rows=' . $post_counter . '&hash=' . generate_link_hash('acp_search')));
+						$template->assign_vars([
+							'S_INDEX_PROGRESS'		=> true,
+							'INDEXING_TITLE'		=> $language->lang('DELETING_INDEX_IN_PROGRESS'),
+							'INDEXING_EXPLAIN'		=> $language->lang('DELETING_INDEX_IN_PROGRESS_EXPLAIN'),
+							'INDEXING_PROGRESS_BAR'	=> $this->get_post_index_progress($post_counter),
+						]);
+
+						$this->tpl_name = 'acp_search';
+						$this->page_title = 'ACP_SEARCH_INDEX';
+
+						return;
+					}
 					else
 					{
 						$starttime = microtime(true);
 						$row_count = 0;
-						while (still_on_time() && $post_counter <= $this->max_post_id)
+						while (still_on_time() && $post_counter < $this->max_post_id)
 						{
 							$sql = 'SELECT post_id, poster_id, forum_id
 								FROM ' . POSTS_TABLE . '
@@ -350,7 +360,20 @@ class acp_search
 							$totaltime = microtime(true) - $starttime;
 							$rows_per_second = $row_count / $totaltime;
 							meta_refresh(1, append_sid($this->u_action . '&amp;action=delete&amp;skip_rows=' . $post_counter . '&amp;hash=' . generate_link_hash('acp_search')));
-							trigger_error($user->lang('SEARCH_INDEX_DELETE_REDIRECT', (int) $row_count, $post_counter) . $user->lang('SEARCH_INDEX_DELETE_REDIRECT_RATE', $rows_per_second));
+
+							$template->assign_vars([
+								'S_INDEX_PROGRESS'		=> true,
+								'INDEXING_TITLE'		=> $language->lang('DELETING_INDEX_IN_PROGRESS'),
+								'INDEXING_EXPLAIN'		=> $language->lang('DELETING_INDEX_IN_PROGRESS_EXPLAIN'),
+								'INDEXING_PROGRESS'		=> $language->lang('SEARCH_INDEX_DELETE_REDIRECT', $row_count, $post_counter),
+								'INDEXING_RATE'			=> $language->lang('SEARCH_INDEX_DELETE_REDIRECT_RATE', $rows_per_second),
+								'INDEXING_PROGRESS_BAR'	=> $this->get_post_index_progress($post_counter),
+							]);
+
+							$this->tpl_name = 'acp_search';
+							$this->page_title = 'ACP_SEARCH_INDEX';
+
+							return;
 						}
 					}
 
@@ -360,7 +383,7 @@ class acp_search
 					$this->save_state();
 
 					$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_SEARCH_INDEX_REMOVED', false, array($name));
-					trigger_error($user->lang['SEARCH_INDEX_REMOVED'] . adm_back_link($this->u_action) . $this->close_popup_js());
+					trigger_error($user->lang['SEARCH_INDEX_REMOVED'] . adm_back_link($this->u_action));
 				break;
 
 				case 'create':
@@ -371,9 +394,25 @@ class acp_search
 						{
 							$this->state = array('');
 							$this->save_state();
-							trigger_error($error . adm_back_link($this->u_action) . $this->close_popup_js(), E_USER_WARNING);
+							trigger_error($error . adm_back_link($this->u_action), E_USER_WARNING);
 						}
 					}
+					else if ($submit)
+					{
+						meta_refresh(1, append_sid($this->u_action . '&amp;action=create&amp;skip_rows=' . $post_counter . '&amp;hash=' . generate_link_hash('acp_search')));
+
+						$template->assign_vars([
+							'S_INDEX_PROGRESS'		=> true,
+							'INDEXING_TITLE'		=> $language->lang('INDEXING_IN_PROGRESS'),
+							'INDEXING_EXPLAIN'		=> $language->lang('INDEXING_IN_PROGRESS_EXPLAIN'),
+							'INDEXING_PROGRESS_BAR'	=> $this->get_post_index_progress($post_counter),
+						]);
+
+						$this->tpl_name = 'acp_search';
+						$this->page_title = 'ACP_SEARCH_INDEX';
+
+						return;
+					}
 					else
 					{
 						$sql = 'SELECT forum_id, enable_indexing
@@ -388,7 +427,7 @@ class acp_search
 
 						$starttime = microtime(true);
 						$row_count = 0;
-						while (still_on_time() && $post_counter <= $this->max_post_id)
+						while (still_on_time() && $post_counter < $this->max_post_id)
 						{
 							$sql = 'SELECT post_id, post_subject, post_text, poster_id, forum_id
 								FROM ' . POSTS_TABLE . '
@@ -437,7 +476,19 @@ class acp_search
 							$totaltime = microtime(true) - $starttime;
 							$rows_per_second = $row_count / $totaltime;
 							meta_refresh(1, append_sid($this->u_action . '&amp;action=create&amp;skip_rows=' . $post_counter . '&amp;hash=' . generate_link_hash('acp_search')));
-							trigger_error($user->lang('SEARCH_INDEX_CREATE_REDIRECT', (int) $row_count, $post_counter) . $user->lang('SEARCH_INDEX_CREATE_REDIRECT_RATE', $rows_per_second));
+							$template->assign_vars([
+								'S_INDEX_PROGRESS'		=> true,
+								'INDEXING_TITLE'		=> $language->lang('INDEXING_IN_PROGRESS'),
+								'INDEXING_EXPLAIN'		=> $language->lang('INDEXING_IN_PROGRESS_EXPLAIN'),
+								'INDEXING_PROGRESS'		=> $language->lang('SEARCH_INDEX_CREATE_REDIRECT', $row_count, $post_counter),
+								'INDEXING_RATE'			=> $language->lang('SEARCH_INDEX_CREATE_REDIRECT_RATE', $rows_per_second),
+								'INDEXING_PROGRESS_BAR'	=> $this->get_post_index_progress($post_counter),
+							]);
+
+							$this->tpl_name = 'acp_search';
+							$this->page_title = 'ACP_SEARCH_INDEX';
+
+							return;
 						}
 					}
 
@@ -447,7 +498,7 @@ class acp_search
 					$this->save_state();
 
 					$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_SEARCH_INDEX_CREATED', false, array($name));
-					trigger_error($user->lang['SEARCH_INDEX_CREATED'] . adm_back_link($this->u_action) . $this->close_popup_js());
+					trigger_error($user->lang['SEARCH_INDEX_CREATED'] . adm_back_link($this->u_action));
 				break;
 			}
 		}
@@ -516,8 +567,6 @@ class acp_search
 		$template->assign_vars(array(
 			'S_INDEX'				=> true,
 			'U_ACTION'				=> $this->u_action . '&amp;hash=' . generate_link_hash('acp_search'),
-			'U_PROGRESS_BAR'		=> append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&amp;mode=$mode&amp;action=progress_bar"),
-			'UA_PROGRESS_BAR'		=> addslashes(append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&amp;mode=$mode&amp;action=progress_bar")),
 		));
 
 		if (isset($this->state[1]))
@@ -525,41 +574,11 @@ class acp_search
 			$template->assign_vars(array(
 				'S_CONTINUE_INDEXING'	=> $this->state[1],
 				'U_CONTINUE_INDEXING'	=> $this->u_action . '&amp;action=' . $this->state[1] . '&amp;hash=' . generate_link_hash('acp_search'),
-				'L_CONTINUE'			=> ($this->state[1] == 'create') ? $user->lang['CONTINUE_INDEXING'] : $user->lang['CONTINUE_DELETING_INDEX'],
-				'L_CONTINUE_EXPLAIN'	=> ($this->state[1] == 'create') ? $user->lang['CONTINUE_INDEXING_EXPLAIN'] : $user->lang['CONTINUE_DELETING_INDEX_EXPLAIN'])
-			);
+				'CONTINUE_PROGRESS'	=> (isset($this->state[2]) && $this->state[2] > 0) ? $this->get_post_index_progress($this->state[2]) : $this->get_post_index_progress(0)
+			));
 		}
 	}
 
-	function display_progress_bar($type)
-	{
-		global $template, $user;
-
-		$l_type = ($type == 'create') ? 'INDEXING_IN_PROGRESS' : 'DELETING_INDEX_IN_PROGRESS';
-
-		adm_page_header($user->lang[$l_type]);
-
-		$template->set_filenames(array(
-			'body'	=> 'progress_bar.html')
-		);
-
-		$template->assign_vars(array(
-			'L_PROGRESS'			=> $user->lang[$l_type],
-			'L_PROGRESS_EXPLAIN'	=> $user->lang[$l_type . '_EXPLAIN'])
-		);
-
-		adm_page_footer();
-	}
-
-	function close_popup_js()
-	{
-		return "<script type=\"text/javascript\">\n" .
-			"// <![CDATA[\n" .
-			"	close_waitscreen = 1;\n" .
-			"// ]]>\n" .
-			"</script>\n";
-	}
-
 	function get_search_types()
 	{
 		global $phpbb_extension_manager;
@@ -586,6 +605,41 @@ class acp_search
 		return $max_post_id;
 	}
 
+	/**
+	 * Get progress stats of search index with HTML progress bar.
+	 *
+	 * @param int		$post_counter	Post ID of last post indexed.
+	 * @return array	Returns array with progress bar data.
+	 */
+	function get_post_index_progress(int $post_counter)
+	{
+		global $db, $language;
+
+		$sql = 'SELECT COUNT(post_id) as done_count
+			FROM ' . POSTS_TABLE . '
+			WHERE post_id <= ' . (int) $post_counter;
+		$result = $db->sql_query($sql);
+		$done_count = (int) $db->sql_fetchfield('done_count');
+		$db->sql_freeresult($result);
+
+		$sql = 'SELECT COUNT(post_id) as remain_count
+			FROM ' . POSTS_TABLE . '
+			WHERE post_id > ' . (int) $post_counter;
+		$result = $db->sql_query($sql);
+		$remain_count = (int) $db->sql_fetchfield('remain_count');
+		$db->sql_freeresult($result);
+
+		$total_count = $done_count + $remain_count;
+		$percent = ($done_count / $total_count) * 100;
+
+		return [
+			'VALUE'			=> $done_count,
+			'TOTAL'			=> $total_count,
+			'PERCENTAGE'	=> $percent,
+			'REMAINING'		=> $remain_count,
+		];
+	}
+
 	function save_state($state = false)
 	{
 		global $config;

phpBB/includes/acp/acp_users.php

@@ -385,14 +385,18 @@ class acp_users
 									$user_actkey = empty($user_activation_key) ? $user_actkey : $user_activation_key;
 								}
 
-								if ($user_row['user_type'] == USER_NORMAL || empty($user_activation_key))
-								{
-									$sql = 'UPDATE ' . USERS_TABLE . "
-										SET user_actkey = '" . $db->sql_escape($user_actkey) . "'
-										WHERE user_id = $user_id";
-									$db->sql_query($sql);
-								}
+								// Always update actkey even if same and also update actkey expiration to 24 hours from now
+								$sql_ary = [
+									'user_actkey'				=> $user_actkey,
+									'user_actkey_expiration'	=> $user::get_token_expiration(),
+								];
 
+								$sql = 'UPDATE ' . USERS_TABLE . '
+									SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
+									WHERE user_id = ' . (int) $user_id;
+								$db->sql_query($sql);
+
+								// Start sending email
 								$messenger = new messenger(false);
 
 								$messenger->template($email_template, $user_row['user_lang']);
@@ -1084,7 +1088,7 @@ class acp_users
 					$s_action_options .= '<option value="' . $value . '">' . $user->lang['USER_ADMIN_' . $lang] . '</option>';
 				}
 
-				$last_active = (!empty($user_row['session_time'])) ? $user_row['session_time'] : $user_row['user_lastvisit'];
+				$last_active = (!empty($user_row['session_time'])) ? $user_row['session_time'] : $user_row['user_last_active'];
 
 				$inactive_reason = '';
 				if ($user_row['user_type'] == USER_INACTIVE)
@@ -1128,7 +1132,7 @@ class acp_users
 				$db->sql_freeresult($result);
 
 				$template->assign_vars(array(
-					'L_NAME_CHARS_EXPLAIN'		=> $user->lang($config['allow_name_chars'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_name_chars']), $user->lang('CHARACTERS', (int) $config['max_name_chars'])),
+					'L_NAME_CHARS_EXPLAIN'		=> $user->lang($config['allow_name_chars'] . '_EXPLAIN', $user->lang('CHARACTERS_XY', (int) $config['min_name_chars']), $user->lang('CHARACTERS_XY', (int) $config['max_name_chars'])),
 					'L_CHANGE_PASSWORD_EXPLAIN'	=> $user->lang($config['pass_complex'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_pass_chars'])),
 					'L_POSTS_IN_QUEUE'			=> $user->lang('NUM_POSTS_IN_QUEUE', $user_row['posts_in_queue']),
 					'S_FOUNDER'					=> ($user->data['user_type'] == USER_FOUNDER) ? true : false,
@@ -2515,7 +2519,7 @@ class acp_users
 							'U_EDIT_GROUP'		=> append_sid("{$phpbb_admin_path}index.$phpEx", "i=groups&amp;mode=manage&amp;action=edit&amp;u=$user_id&amp;g={$data['group_id']}&amp;back_link=acp_users_groups"),
 							'U_DEFAULT'			=> $this->u_action . "&amp;action=default&amp;u=$user_id&amp;g=" . $data['group_id'] . '&amp;hash=' . generate_link_hash('acp_users'),
 							'U_DEMOTE_PROMOTE'	=> $this->u_action . '&amp;action=' . (($data['group_leader']) ? 'demote' : 'promote') . "&amp;u=$user_id&amp;g=" . $data['group_id'] . '&amp;hash=' . generate_link_hash('acp_users'),
-							'U_DELETE'			=> $this->u_action . "&amp;action=delete&amp;u=$user_id&amp;g=" . $data['group_id'],
+							'U_DELETE'			=> count($id_ary) > 1 ? $this->u_action . "&amp;action=delete&amp;u=$user_id&amp;g=" . $data['group_id'] : '',
 							'U_APPROVE'			=> ($group_type == 'pending') ? $this->u_action . "&amp;action=approve&amp;u=$user_id&amp;g=" . $data['group_id'] : '',
 
 							'GROUP_NAME'		=> $group_helper->get_name($data['group_name']),

phpBB/includes/acp/auth.php

@@ -95,7 +95,7 @@ class auth_admin extends \phpbb\auth\auth
 			}
 			else
 			{
-				$hold_ary = ($group_id !== false) ? $this->acl_group_raw_data($group_id, $auth_option . '%', ($scope == 'global') ? 0 : false) : $this->$acl_user_function($user_id, $auth_option . '%', ($scope == 'global') ? 0 : false);
+				$hold_ary = ($group_id !== false) ? $this->acl_group_raw_data($group_id, $auth_option . '%') : $this->$acl_user_function($user_id, $auth_option . '%', ($scope == 'global') ? 0 : false);
 			}
 		}
 

phpBB/includes/constants.php

@@ -28,7 +28,7 @@ if (!defined('IN_PHPBB'))
 */
 
 // phpBB Version
-@define('PHPBB_VERSION', '3.3.8');
+@define('PHPBB_VERSION', '3.3.12');
 
 // QA-related
 // define('PHPBB_QA', 1);

phpBB/includes/functions.php

@@ -1814,6 +1814,31 @@ function redirect($url, $return = false, $disable_cd_check = false)
 	exit;
 }
 
+/**
+ * Returns the install redirect path for phpBB.
+ *
+ * @param string $phpbb_root_path The root path of the phpBB installation.
+ * @param string $phpEx The file extension of php files, e.g., "php".
+ * @return string The install redirect path.
+ */
+function phpbb_get_install_redirect(string $phpbb_root_path, string $phpEx): string
+{
+	$script_name = (!empty($_SERVER['REQUEST_URI'])) ? $_SERVER['REQUEST_URI'] : getenv('REQUEST_URI');
+	if (!$script_name)
+	{
+		$script_name = (!empty($_SERVER['PHP_SELF'])) ? $_SERVER['PHP_SELF'] : getenv('PHP_SELF');
+	}
+
+	// Add trailing dot to prevent dirname() from returning parent directory if $script_name is a directory
+	$script_name = substr($script_name, -1) === '/' ? $script_name . '.' : $script_name;
+
+	// $phpbb_root_path accounts for redirects from e.g. /adm
+	$script_path = trim(dirname($script_name)) . '/' . $phpbb_root_path . 'install/app.' . $phpEx;
+	// Replace any number of consecutive backslashes and/or slashes with a single slash
+	// (could happen on some proxy setups and/or Windows servers)
+	return preg_replace('#[\\\\/]{2,}#', '/', $script_path);
+}
+
 /**
 * Re-Apply session id after page reloads
 */
@@ -2918,7 +2943,7 @@ function get_censor_preg_expression($word)
 
 /**
 * Returns the first block of the specified IPv6 address and as many additional
-* ones as specified in the length paramater.
+* ones as specified in the length parameter.
 * If length is zero, then an empty string is returned.
 * If length is greater than 3 the complete IP will be returned
 */
@@ -2929,6 +2954,14 @@ function short_ipv6($ip, $length)
 		return '';
 	}
 
+	// Handle IPv4 embedded IPv6 addresses
+	if (preg_match('/(?:\d{1,3}\.){3}\d{1,3}$/i', $ip))
+	{
+		$binary_ip = inet_pton($ip);
+		$ip_v6 = $binary_ip ? inet_ntop($binary_ip) : $ip;
+		$ip = $ip_v6 ?: $ip;
+	}
+
 	// extend IPv6 addresses
 	$blocks = substr_count($ip, ':') + 1;
 	if ($blocks < 9)
@@ -3695,15 +3728,11 @@ function phpbb_get_avatar($row, $alt, $ignore_config = false, $lazy = false)
 	{
 		if ($lazy)
 		{
-			// Determine board url - we may need it later
-			$board_url = generate_board_url() . '/';
 			// This path is sent with the base template paths in the assign_vars()
 			// call below. We need to correct it in case we are accessing from a
 			// controller because the web paths will be incorrect otherwise.
 			$phpbb_path_helper = $phpbb_container->get('path_helper');
-			$corrected_path = $phpbb_path_helper->get_web_root_path();
-
-			$web_path = (defined('PHPBB_USE_BOARD_URL_PATH') && PHPBB_USE_BOARD_URL_PATH) ? $board_url : $corrected_path;
+			$web_path = $phpbb_path_helper->get_web_root_path();
 
 			$theme = "{$web_path}styles/" . rawurlencode($user->style['style_path']) . '/theme';
 
@@ -3891,15 +3920,12 @@ function page_header($page_title = '', $display_online_list = false, $item_id =
 		$db->sql_freeresult($result);
 	}
 
-	// Determine board url - we may need it later
-	$board_url = generate_board_url() . '/';
 	// This path is sent with the base template paths in the assign_vars()
 	// call below. We need to correct it in case we are accessing from a
 	// controller because the web paths will be incorrect otherwise.
 	/* @var $phpbb_path_helper \phpbb\path_helper */
 	$phpbb_path_helper = $phpbb_container->get('path_helper');
-	$corrected_path = $phpbb_path_helper->get_web_root_path();
-	$web_path = (defined('PHPBB_USE_BOARD_URL_PATH') && PHPBB_USE_BOARD_URL_PATH) ? $board_url : $corrected_path;
+	$web_path = $phpbb_path_helper->get_web_root_path();
 
 	// Send a proper content-language to the output
 	$user_lang = $user->lang['USER_LANG'];
@@ -4002,7 +4028,7 @@ function page_header($page_title = '', $display_online_list = false, $item_id =
 		'_SID'				=> $_SID,
 		'SESSION_ID'		=> $user->session_id,
 		'ROOT_PATH'			=> $web_path,
-		'BOARD_URL'			=> $board_url,
+		'BOARD_URL'			=> generate_board_url() . '/',
 
 		'L_LOGIN_LOGOUT'	=> $l_login_logout,
 		'L_INDEX'			=> ($config['board_index_text'] !== '') ? $config['board_index_text'] : $user->lang['FORUM_INDEX'],
@@ -4089,7 +4115,7 @@ function page_header($page_title = '', $display_online_list = false, $item_id =
 
 		'T_FONT_AWESOME_LINK'	=> !empty($config['allow_cdn']) && !empty($config['load_font_awesome_url']) ? $config['load_font_awesome_url'] : "{$web_path}assets/css/font-awesome.min.css?assets_version=" . $config['assets_version'],
 
-		'T_JQUERY_LINK'			=> !empty($config['allow_cdn']) && !empty($config['load_jquery_url']) ? $config['load_jquery_url'] : "{$web_path}assets/javascript/jquery-3.6.0.min.js?assets_version=" . $config['assets_version'],
+		'T_JQUERY_LINK'			=> !empty($config['allow_cdn']) && !empty($config['load_jquery_url']) ? $config['load_jquery_url'] : "{$web_path}assets/javascript/jquery-3.7.1.min.js?assets_version=" . $config['assets_version'],
 		'S_ALLOW_CDN'			=> !empty($config['allow_cdn']),
 		'S_COOKIE_NOTICE'		=> !empty($config['cookie_notice']),
 

phpBB/includes/functions_acp.php

@@ -178,7 +178,7 @@ function adm_page_footer($copyright_html = true)
 		'TRANSLATION_INFO'	=> (!empty($user->lang['TRANSLATION_INFO'])) ? $user->lang['TRANSLATION_INFO'] : '',
 		'S_COPYRIGHT_HTML'	=> $copyright_html,
 		'CREDIT_LINE'		=> $user->lang('POWERED_BY', '<a href="https://www.phpbb.com/">phpBB</a>&reg; Forum Software &copy; phpBB Limited'),
-		'T_JQUERY_LINK'		=> !empty($config['allow_cdn']) && !empty($config['load_jquery_url']) ? $config['load_jquery_url'] : "{$phpbb_root_path}assets/javascript/jquery-3.6.0.min.js",
+		'T_JQUERY_LINK'		=> !empty($config['allow_cdn']) && !empty($config['load_jquery_url']) ? $config['load_jquery_url'] : "{$phpbb_root_path}assets/javascript/jquery-3.7.1.min.js",
 		'S_ALLOW_CDN'		=> !empty($config['allow_cdn']),
 		'VERSION'			=> $config['version'])
 	);

phpBB/includes/functions_content.php

@@ -320,7 +320,7 @@ function bump_topic_allowed($forum_id, $topic_bumped, $last_post_time, $topic_po
 * Generates a text with approx. the specified length which contains the specified words and their context
 *
 * @param	string	$text	The full text from which context shall be extracted
-* @param	string	$words	An array of words which should be contained in the result, has to be a valid part of a PCRE pattern (escape with preg_quote!)
+* @param	array	$words	An array of words which should be contained in the result, has to be a valid part of a PCRE pattern (escape with preg_quote!)
 * @param	int		$length	The desired length of the resulting text, however the result might be shorter or longer than this value
 *
 * @return	string			Context of the specified words separated by "..."
@@ -1088,7 +1088,7 @@ function smiley_text($text, $force_option = false)
 	}
 	else
 	{
-		$root_path = (defined('PHPBB_USE_BOARD_URL_PATH') && PHPBB_USE_BOARD_URL_PATH) ? generate_board_url() . '/' : $phpbb_path_helper->get_web_root_path();
+		$root_path = $phpbb_path_helper->get_web_root_path();
 
 		/**
 		* Event to override the root_path for smilies

phpBB/includes/functions_display.php

@@ -1603,7 +1603,7 @@ function phpbb_show_profile($data, $user_notes_enabled = false, $warn_user_enabl
 
 	if ($data['user_allow_viewonline'] || $auth->acl_get('u_viewonline'))
 	{
-		$last_active = (!empty($data['session_time'])) ? $data['session_time'] : $data['user_lastvisit'];
+		$last_active = (!empty($data['session_time'])) ? $data['session_time'] : $data['user_last_active'];
 	}
 	else
 	{

phpBB/includes/functions_jabber.php

@@ -51,6 +51,9 @@ class jabber
 
 	var $features = array();
 
+	/** @var string Stream close handshake */
+	private const STREAM_CLOSE_HANDSHAKE = '</stream:stream>';
+
 	/**
 	* Constructor
 	*
@@ -58,7 +61,7 @@ class jabber
 	* @param int $port Jabber server port
 	* @param string $username Jabber username or JID
 	* @param string $password Jabber password
-	* @param boold $use_ssl Use ssl
+	* @param bool $use_ssl Use ssl
 	* @param bool $verify_peer Verify SSL certificate
 	* @param bool $verify_peer_name Verify Jabber peer name
 	* @param bool $allow_self_signed Allow self signed certificates
@@ -183,7 +186,15 @@ class jabber
 				$this->send_presence('offline', '', true);
 			}
 
-			$this->send('</stream:stream>');
+			$this->send(self::STREAM_CLOSE_HANDSHAKE);
+			// Check stream close handshake reply
+			$stream_close_reply = $this->listen();
+
+			if ($stream_close_reply != self::STREAM_CLOSE_HANDSHAKE)
+			{
+				$this->add_to_log("Error: Unexpected stream close handshake reply ”{$stream_close_reply}”");
+			}
+
 			$this->session = array();
 			return fclose($this->connection);
 		}

phpBB/includes/functions_messenger.php

@@ -427,7 +427,7 @@ class messenger
 			$user->session_begin();
 		}
 
-		$calling_page = html_entity_decode($request->server('PHP_SELF'), ENT_COMPAT);
+		$calling_page = html_entity_decode($request->server('REQUEST_URI'), ENT_COMPAT);
 
 		switch ($type)
 		{
@@ -582,6 +582,11 @@ class messenger
 		);
 		extract($phpbb_dispatcher->trigger_event('core.notification_message_email', compact($vars)));
 
+		$this->addresses = $addresses;
+		$this->subject = $subject;
+		$this->msg = $msg;
+		unset($addresses, $subject, $msg);
+
 		if ($break)
 		{
 			return true;
@@ -597,7 +602,7 @@ class messenger
 			$this->from = $board_contact;
 		}
 
-		$encode_eol = ($config['smtp_delivery']) ? "\r\n" : PHP_EOL;
+		$encode_eol = $config['smtp_delivery'] || PHP_VERSION_ID >= 80000 ? "\r\n" : PHP_EOL;
 
 		// Build to, cc and bcc strings
 		$to = $cc = $bcc = '';
@@ -629,7 +634,7 @@ class messenger
 			}
 			else
 			{
-				$result = phpbb_mail($mail_to, $this->subject, $this->msg, $headers, PHP_EOL, $err_msg);
+				$result = phpbb_mail($mail_to, $this->subject, $this->msg, $headers, $encode_eol, $err_msg);
 			}
 
 			if (!$result)
@@ -952,7 +957,8 @@ class queue
 							}
 							else
 							{
-								$result = phpbb_mail($to, $subject, $msg, $headers, PHP_EOL, $err_msg);
+								$encode_eol = $config['smtp_delivery'] || PHP_VERSION_ID >= 80000 ? "\r\n" : PHP_EOL;
+								$result = phpbb_mail($to, $subject, $msg, $headers, $encode_eol, $err_msg);
 							}
 
 							if (!$result)
@@ -1882,7 +1888,7 @@ function mail_encode($str, $eol = "\r\n")
 	{
 		$encoded_char = $is_quoted_printable
 			? $char = preg_replace_callback(
-				'/[=_\?\x20\x00-\x1F\x80-\xFF]/',
+				'/[()<>@,;:\\\\".\[\]=_?\x20\x00-\x1F\x80-\xFF]/',
 				function ($matches)
 				{
 					$hex = dechex(ord($matches[0]));

phpBB/includes/functions_posting.php

@@ -189,7 +189,7 @@ function generate_smilies($mode, $forum_id)
 
 	if (count($smilies))
 	{
-		$root_path = (defined('PHPBB_USE_BOARD_URL_PATH') && PHPBB_USE_BOARD_URL_PATH) ? generate_board_url() . '/' : $phpbb_path_helper->get_web_root_path();
+		$root_path = $phpbb_path_helper->get_web_root_path();
 
 		foreach ($smilies as $row)
 		{
@@ -420,7 +420,7 @@ function update_post_information($type, $ids, $return_update_sql = false)
 */
 function posting_gen_topic_icons($mode, $icon_id)
 {
-	global $phpbb_root_path, $config, $template, $cache;
+	global $phpbb_root_path, $phpbb_path_helper, $config, $template, $cache;
 
 	// Grab icons
 	$icons = $cache->obtain_icons();
@@ -432,7 +432,7 @@ function posting_gen_topic_icons($mode, $icon_id)
 
 	if (count($icons))
 	{
-		$root_path = (defined('PHPBB_USE_BOARD_URL_PATH') && PHPBB_USE_BOARD_URL_PATH) ? generate_board_url() . '/' : $phpbb_root_path;
+		$root_path = $phpbb_path_helper->get_web_root_path();
 
 		foreach ($icons as $id => $data)
 		{
@@ -834,7 +834,7 @@ function posting_gen_attachment_entry($attachment_data, &$filename_data, $show_a
 		'FILESIZE'						=> $config['max_filesize'],
 		'FILE_COMMENT'					=> (isset($filename_data['filecomment'])) ? $filename_data['filecomment'] : '',
 		'MAX_ATTACHMENT_FILESIZE'		=> $config['max_filesize'] > 0 ? $user->lang('MAX_ATTACHMENT_FILESIZE', get_formatted_filesize($config['max_filesize'])) : '',
-		'ALLOWED_ATTACHMENTS'			=> !empty($allowed_attachments) ? implode(',', $allowed_attachments) : '',
+		'ALLOWED_ATTACHMENTS'			=> !empty($allowed_attachments) ? '.' . implode(',.', $allowed_attachments) : '',
 	];
 
 	/**
@@ -1345,7 +1345,7 @@ function delete_post($forum_id, $topic_id, $post_id, &$data, $is_soft = false, $
 	{
 		$post_mode = 'delete_first_post';
 	}
-	else if ($data['topic_last_post_id'] == $post_id)
+	else if ($data['topic_last_post_id'] <= $post_id)
 	{
 		$post_mode = 'delete_last_post';
 	}
@@ -2872,7 +2872,14 @@ function phpbb_handle_post_delete($forum_id, $topic_id, $post_id, &$post_data, $
 					$delete_reason
 				));
 
-				$meta_info = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "p=$next_post_id") . "#p$next_post_id";
+				if ($next_post_id > 0)
+				{
+					$meta_info = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "p=$next_post_id") . "#p$next_post_id";
+				}
+				else
+				{
+					$meta_info = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "t=$topic_id");
+				}
 				$message = $user->lang['POST_DELETED'];
 
 				if (!$request->is_ajax())

phpBB/includes/functions_transfer.php

@@ -281,7 +281,7 @@ class ftp extends transfer
 		}
 
 		// Init some needed values
-		$this->transfer();
+		parent::__construct();
 
 		return;
 	}
@@ -341,6 +341,11 @@ class ftp extends transfer
 	*/
 	function _mkdir($dir)
 	{
+		if (!$this->connection)
+		{
+			return false;
+		}
+
 		return @ftp_mkdir($this->connection, $dir);
 	}
 
@@ -350,6 +355,11 @@ class ftp extends transfer
 	*/
 	function _rmdir($dir)
 	{
+		if (!$this->connection)
+		{
+			return false;
+		}
+
 		return @ftp_rmdir($this->connection, $dir);
 	}
 
@@ -359,6 +369,11 @@ class ftp extends transfer
 	*/
 	function _rename($old_handle, $new_handle)
 	{
+		if (!$this->connection)
+		{
+			return false;
+		}
+
 		return @ftp_rename($this->connection, $old_handle, $new_handle);
 	}
 
@@ -368,6 +383,11 @@ class ftp extends transfer
 	*/
 	function _chdir($dir = '')
 	{
+		if (!$this->connection)
+		{
+			return false;
+		}
+
 		if ($dir && $dir !== '/')
 		{
 			if (substr($dir, -1, 1) == '/')
@@ -385,6 +405,11 @@ class ftp extends transfer
 	*/
 	function _chmod($file, $perms)
 	{
+		if (!$this->connection)
+		{
+			return false;
+		}
+
 		if (function_exists('ftp_chmod'))
 		{
 			$err = @ftp_chmod($this->connection, $perms, $file);
@@ -406,6 +431,11 @@ class ftp extends transfer
 	*/
 	function _put($from_file, $to_file)
 	{
+		if (!$this->connection)
+		{
+			return false;
+		}
+
 		// We only use the BINARY file mode to cicumvent rewrite actions from ftp server (mostly linefeeds being replaced)
 		$mode = FTP_BINARY;
 
@@ -425,6 +455,11 @@ class ftp extends transfer
 	*/
 	function _delete($file)
 	{
+		if (!$this->connection)
+		{
+			return false;
+		}
+
 		return @ftp_delete($this->connection, $file);
 	}
 
@@ -449,6 +484,11 @@ class ftp extends transfer
 	*/
 	function _cwd()
 	{
+		if (!$this->connection)
+		{
+			return false;
+		}
+
 		return @ftp_pwd($this->connection);
 	}
 
@@ -458,6 +498,11 @@ class ftp extends transfer
 	*/
 	function _ls($dir = './')
 	{
+		if (!$this->connection)
+		{
+			return false;
+		}
+
 		$list = @ftp_nlist($this->connection, $dir);
 
 		// See bug #46295 - Some FTP daemons don't like './'
@@ -498,6 +543,11 @@ class ftp extends transfer
 	*/
 	function _site($command)
 	{
+		if (!$this->connection)
+		{
+			return false;
+		}
+
 		return @ftp_site($this->connection, $command);
 	}
 }
@@ -782,6 +832,11 @@ class ftp_fsock extends transfer
 	*/
 	function _send_command($command, $args = '', $check = true)
 	{
+		if (!$this->connection)
+		{
+			return false;
+		}
+
 		if (!empty($args))
 		{
 			$command = "$command $args";
@@ -871,6 +926,11 @@ class ftp_fsock extends transfer
 	*/
 	function _close_data_connection()
 	{
+		if (!$this->connection)
+		{
+			return false;
+		}
+
 		return @fclose($this->data_connection);
 	}
 
@@ -880,6 +940,11 @@ class ftp_fsock extends transfer
 	*/
 	function _check_command($return = false)
 	{
+		if (!$this->connection)
+		{
+			return false;
+		}
+
 		$response = '';
 
 		do

phpBB/includes/functions_user.php

@@ -210,18 +210,18 @@ function user_add($user_row, $cp_data = false, $notifications_data = null)
 
 	// These are the additional vars able to be specified
 	$additional_vars = array(
-		'user_permissions'	=> '',
-		'user_timezone'		=> $config['board_timezone'],
-		'user_dateformat'	=> $config['default_dateformat'],
-		'user_lang'			=> $config['default_lang'],
-		'user_style'		=> (int) $config['default_style'],
-		'user_actkey'		=> '',
-		'user_ip'			=> '',
-		'user_regdate'		=> time(),
-		'user_passchg'		=> time(),
-		'user_options'		=> 230271,
+		'user_permissions'			=> '',
+		'user_timezone'				=> $config['board_timezone'],
+		'user_dateformat'			=> $config['default_dateformat'],
+		'user_lang'					=> $config['default_lang'],
+		'user_style'				=> (int) $config['default_style'],
+		'user_actkey'				=> '',
+		'user_ip'					=> '',
+		'user_regdate'				=> time(),
+		'user_passchg'				=> time(),
+		'user_options'				=> 230271,
 		// We do not set the new flag here - registration scripts need to specify it
-		'user_new'			=> 0,
+		'user_new'					=> 0,
 
 		'user_inactive_reason'	=> 0,
 		'user_inactive_time'	=> 0,

phpBB/includes/mcp/mcp_forum.php

@@ -344,6 +344,7 @@ function mcp_forum_view($id, $mode, $action, $forum_info)
 			}
 			$topic_row = array_merge($topic_row, array(
 				'U_VIEW_TOPIC'		=> append_sid("{$phpbb_root_path}mcp.$phpEx", "i=$id&f=$forum_id&t={$row_ary['topic_id']}&mode=topic_view"),
+				'U_NEWEST_POST' 	=> append_sid("{$phpbb_root_path}mcp.$phpEx", "i=$id&f=$forum_id&t={$row_ary['topic_id']}&mode=topic_view&view=unread#unread"),
 
 				'S_SELECT_TOPIC'	=> ($merge_select && !in_array($row_ary['topic_id'], $source_topic_ids)) ? true : false,
 				'U_SELECT_TOPIC'	=> $u_select_topic,

phpBB/includes/mcp/mcp_notes.php

@@ -98,7 +98,7 @@ class mcp_notes
 		$userrow = $db->sql_fetchrow($result);
 		$db->sql_freeresult($result);
 
-		if (!$userrow)
+		if (!$userrow || (int) $userrow['user_id'] === ANONYMOUS)
 		{
 			trigger_error('NO_USER');
 		}
@@ -162,16 +162,16 @@ class mcp_notes
 		{
 			if (check_form_key('mcp_notes'))
 			{
-				$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_FEEDBACK', false, array($userrow['username']));
-				$phpbb_log->add('mod', $user->data['user_id'], $user->ip, 'LOG_USER_FEEDBACK', false, array(
+				$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_FEEDBACK', false, [$userrow['username']]);
+				$phpbb_log->add('mod', $user->data['user_id'], $user->ip, 'LOG_USER_FEEDBACK', false, [
 					'forum_id' => 0,
 					'topic_id' => 0,
 					$userrow['username']
-				));
-				$phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_GENERAL', false, array(
+				]);
+				$phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_GENERAL', false, [
 					'reportee_id' => $user_id,
-					$usernote
-				));
+					utf8_encode_ucr($usernote)
+				]);
 
 				$msg = $user->lang['USER_FEEDBACK_ADDED'];
 			}

phpBB/includes/mcp/mcp_topic.php

@@ -54,6 +54,7 @@ function mcp_topic_view($id, $mode, $action)
 	$sort			= isset($_POST['sort']) ? true : false;
 	$submitted_id_list	= $request->variable('post_ids', array(0));
 	$checked_ids = $post_id_list = $request->variable('post_id_list', array(0));
+	$view		= $request->variable('view', '');
 
 	// Resync Topic?
 	if ($action == 'resync')
@@ -179,6 +180,7 @@ function mcp_topic_view($id, $mode, $action)
 	{
 		$rowset[] = $row;
 		$post_id_list[] = $row['post_id'];
+		$rowset_posttime['post_time'] = $row['post_time'];
 	}
 	$db->sql_freeresult($result);
 
@@ -194,6 +196,16 @@ function mcp_topic_view($id, $mode, $action)
 		$topic_tracking_info = get_complete_topic_tracking($topic_info['forum_id'], $topic_id);
 	}
 
+	$first_unread = $post_unread = false;
+
+	$post_unread = (isset($topic_tracking_info[$topic_id]) && $rowset_posttime['post_time'] > $topic_tracking_info[$topic_id]) ? true : false;
+
+	$s_first_unread = false;
+	if (!$first_unread && $post_unread)
+	{
+		$s_first_unread = $first_unread = true;
+	}
+
 	$has_unapproved_posts = $has_deleted_posts = false;
 
 	// Grab extensions
@@ -287,10 +299,13 @@ function mcp_topic_view($id, $mode, $action)
 			'S_POST_DELETED'	=> ($row['post_visibility'] == ITEM_DELETED && $auth->acl_get('m_approve', $topic_info['forum_id'])),
 			'S_CHECKED'			=> (($submitted_id_list && !in_array(intval($row['post_id']), $submitted_id_list)) || in_array(intval($row['post_id']), $checked_ids)) ? true : false,
 			'S_HAS_ATTACHMENTS'	=> (!empty($attachments[$row['post_id']])) ? true : false,
+			'S_FIRST_UNREAD'	=> $s_first_unread,
+			'S_UNREAD_VIEW'		=> $view == 'unread',
 
 			'U_POST_DETAILS'	=> "$url&i=$id&p={$row['post_id']}&mode=post_details",
 			'U_MCP_APPROVE'		=> ($auth->acl_get('m_approve', $topic_info['forum_id'])) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue&mode=approve_details&p=' . $row['post_id']) : '',
 			'U_MCP_REPORT'		=> ($auth->acl_get('m_report', $topic_info['forum_id'])) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=reports&mode=report_details&p=' . $row['post_id']) : '',
+			'U_MINI_POST'		=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'p=' . $row['post_id']) . '#p' . $row['post_id'],
 		);
 
 		/**
@@ -383,7 +398,7 @@ function mcp_topic_view($id, $mode, $action)
 		'TOPIC_TITLE'		=> $topic_info['topic_title'],
 		'U_VIEW_TOPIC'		=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", 't=' . $topic_info['topic_id']),
 
-		'TO_TOPIC_ID'		=> $to_topic_id,
+		'TO_TOPIC_ID'		=> $to_topic_id ?: '',
 		'TO_TOPIC_INFO'		=> ($to_topic_id) ? sprintf($user->lang['YOU_SELECTED_TOPIC'], $to_topic_id, '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", 't=' . $to_topic_id) . '">' . $to_topic_info['topic_title'] . '</a>') : '',
 
 		'SPLIT_SUBJECT'		=> $subject,
@@ -638,9 +653,13 @@ function split_topic($action, $topic_id, $to_forum_id, $subject)
 			$topic_info['topic_title']
 		));
 
-		// Change topic title of first post
-		$sql = 'UPDATE ' . POSTS_TABLE . "
-			SET post_subject = '" . $db->sql_escape($subject) . "'
+		// Change topic title of first post and write icon_id to post
+		$sql_ary = [
+			'post_subject'		=> $subject,
+			'icon_id'			=> $icon_id,
+		];
+		$sql = 'UPDATE ' . POSTS_TABLE . '
+			SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
 			WHERE post_id = {$post_id_list[0]}";
 		$db->sql_query($sql);
 
@@ -732,6 +751,7 @@ function split_topic($action, $topic_id, $to_forum_id, $subject)
 
 		// Update forum statistics
 		$config->increment('num_topics', 1, false);
+		sync('forum', 'forum_id', [$to_forum_id], true, true);
 
 		// Link back to both topics
 		$return_link = sprintf($user->lang['RETURN_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", 't=' . $post_info['topic_id']) . '">', '</a>') . '<br /><br />' . sprintf($user->lang['RETURN_NEW_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", 't=' . $to_topic_id) . '">', '</a>');

phpBB/includes/mcp/mcp_warn.php

@@ -386,7 +386,7 @@ class mcp_warn
 		$user_row = $db->sql_fetchrow($result);
 		$db->sql_freeresult($result);
 
-		if (!$user_row)
+		if (!$user_row || (int) $user_row['user_id'] === ANONYMOUS)
 		{
 			trigger_error('NO_USER');
 		}
@@ -603,8 +603,8 @@ function add_warning($user_row, $warning, $send_pm = true, $post_id = 0)
 	$db->sql_freeresult($result);
 
 	$phpbb_log->add('mod', $user->data['user_id'], $user->ip, 'LOG_USER_WARNING', false, array(
-		'forum_id' => $row['forum_id'],
-		'topic_id' => $row['topic_id'],
+		'forum_id' => $row['forum_id'] ?? 0,
+		'topic_id' => $row['topic_id'] ?? 0,
 		'post_id'  => $post_id,
 		$user_row['username']
 	));

phpBB/includes/message_parser.php

@@ -1154,7 +1154,7 @@ class parse_message extends bbcode_firstpass
 		}
 
 		// Store message length...
-		$message_length = ($mode == 'post') ? utf8_strlen($this->message) : utf8_strlen(preg_replace('#\[\/?[a-z\*\+\-]+(=[\S]+)?\]#ius', ' ', $this->message));
+		$message_length = ($mode == 'post') ? utf8_strlen($this->message) : utf8_strlen(preg_replace('#\[\/?[a-z\*\+\-]+(?:=\S+?)?\]#ius', '', $this->message));
 
 		// Maximum message length check. 0 disables this check completely.
 		if ((int) $config['max_' . $mode . '_chars'] > 0 && $message_length > (int) $config['max_' . $mode . '_chars'])

phpBB/includes/startup.php

@@ -23,11 +23,11 @@ $level = E_ALL & ~E_NOTICE & ~E_DEPRECATED;
 error_reporting($level);
 
 /**
-* Minimum Requirement: PHP 7.1.3
+* Minimum Requirement: PHP 7.2.0
 */
-if (version_compare(PHP_VERSION, '7.1.3', '<'))
+if (version_compare(PHP_VERSION, '7.2.0', '<'))
 {
-	die('You are running an unsupported PHP version. Please upgrade to PHP 7.1.3 or higher before trying to install or update to phpBB 3.3');
+	die('You are running an unsupported PHP version (' . PHP_VERSION . '). Please upgrade to PHP 7.2.0 or higher before trying to install or update to phpBB 3.3');
 }
 // Register globals and magic quotes have been dropped in PHP 5.4 so no need for extra checks
 

phpBB/includes/ucp/ucp_attachments.php

@@ -41,7 +41,7 @@ class ucp_attachments
 		if ($delete && count($delete_ids))
 		{
 			// Validate $delete_ids...
-			$sql = 'SELECT a.attach_id, p.post_edit_locked, t.topic_status, f.forum_id, f.forum_status
+			$sql = 'SELECT a.attach_id, a.in_message, p.post_edit_locked, p.post_time, t.topic_status, f.forum_id, f.forum_status, pt.folder_id
 				FROM ' . ATTACHMENTS_TABLE . ' a
 				LEFT JOIN ' . POSTS_TABLE . ' p
 					ON (a.post_msg_id = p.post_id AND a.in_message = 0)
@@ -49,6 +49,10 @@ class ucp_attachments
 					ON (t.topic_id = p.topic_id AND a.in_message = 0)
 				LEFT JOIN ' . FORUMS_TABLE . ' f
 					ON (f.forum_id = t.forum_id AND a.in_message = 0)
+				LEFT JOIN ' . PRIVMSGS_TABLE . ' pr
+					ON (a.post_msg_id = pr.msg_id AND a.in_message = 1)
+				LEFT JOIN ' . PRIVMSGS_TO_TABLE . ' pt
+					ON (a.post_msg_id = pt.msg_id AND a.poster_id = pt.author_id AND a.poster_id = pt.user_id AND a.in_message = 1)
 				WHERE a.poster_id = ' . $user->data['user_id'] . '
 					AND a.is_orphan = 0
 					AND ' . $db->sql_in_set('a.attach_id', $delete_ids);
@@ -57,7 +61,7 @@ class ucp_attachments
 			$delete_ids = array();
 			while ($row = $db->sql_fetchrow($result))
 			{
-				if (!$auth->acl_get('m_edit', $row['forum_id']) && ($row['forum_status'] == ITEM_LOCKED || $row['topic_status'] == ITEM_LOCKED || $row['post_edit_locked']))
+				if (!$this->can_delete_file($row))
 				{
 					continue;
 				}
@@ -135,12 +139,13 @@ class ucp_attachments
 		$pagination = $phpbb_container->get('pagination');
 		$start = $pagination->validate_start($start, $config['topics_per_page'], $num_attachments);
 
-		$sql = 'SELECT a.*, t.topic_title, pr.message_subject as message_title, p.post_edit_locked, t.topic_status, f.forum_id, f.forum_status
+		$sql = 'SELECT a.*, t.topic_title, pr.message_subject as message_title, pr.message_time as message_time, pt.folder_id, p.post_edit_locked, p.post_time, t.topic_status, f.forum_id, f.forum_status
 			FROM ' . ATTACHMENTS_TABLE . ' a
 				LEFT JOIN ' . POSTS_TABLE . ' p ON (a.post_msg_id = p.post_id AND a.in_message = 0)
 				LEFT JOIN ' . TOPICS_TABLE . ' t ON (a.topic_id = t.topic_id AND a.in_message = 0)
 				LEFT JOIN ' . FORUMS_TABLE . ' f ON (f.forum_id = t.forum_id AND a.in_message = 0)
 				LEFT JOIN ' . PRIVMSGS_TABLE . ' pr ON (a.post_msg_id = pr.msg_id AND a.in_message = 1)
+				LEFT JOIN ' . PRIVMSGS_TO_TABLE . ' pt ON (a.post_msg_id = pt.msg_id AND a.poster_id = pt.author_id AND a.poster_id = pt.user_id AND a.in_message = 1)
 			WHERE a.poster_id = ' . $user->data['user_id'] . "
 				AND a.is_orphan = 0
 			ORDER BY $order_by";
@@ -177,7 +182,7 @@ class ucp_attachments
 					'TOPIC_ID'			=> $row['topic_id'],
 
 					'S_IN_MESSAGE'		=> $row['in_message'],
-					'S_LOCKED'			=> !$row['in_message'] && !$auth->acl_get('m_edit', $row['forum_id']) && ($row['forum_status'] == ITEM_LOCKED || $row['topic_status'] == ITEM_LOCKED || $row['post_edit_locked']),
+					'S_LOCKED'			=> !$this->can_delete_file($row),
 
 					'U_VIEW_ATTACHMENT'	=> append_sid("{$phpbb_root_path}download/file.$phpEx", 'id=' . $row['attach_id']),
 					'U_VIEW_TOPIC'		=> $view_topic)
@@ -216,4 +221,29 @@ class ucp_attachments
 		$this->tpl_name = 'ucp_attachments';
 		$this->page_title = 'UCP_ATTACHMENTS';
 	}
+
+	/**
+	 * Check if the user can delete the file
+	 *
+	 * @param array $row
+	 *
+	 * @return bool True if user can delete the file, false if not
+	 */
+	private function can_delete_file(array $row): bool
+	{
+		global $auth, $config;
+
+		if ($row['in_message'])
+		{
+			return ($row['message_time'] > (time() - ($config['pm_edit_time'] * 60)) || !$config['pm_edit_time']) && $row['folder_id'] == PRIVMSGS_OUTBOX && $auth->acl_get('u_pm_edit');
+		}
+		else
+		{
+			$can_edit_time = !$config['edit_time'] || $row['post_time'] > (time() - ($config['edit_time'] * 60));
+			$can_delete_time = !$config['delete_time'] || $row['post_time'] > (time() - ($config['delete_time'] * 60));
+			$item_locked = !$auth->acl_get('m_edit', $row['forum_id']) && ($row['forum_status'] == ITEM_LOCKED || $row['topic_status'] == ITEM_LOCKED || $row['post_edit_locked']);
+
+			return !$item_locked && $can_edit_time && $can_delete_time;
+		}
+	}
 }

phpBB/includes/ucp/ucp_main.php

@@ -35,8 +35,14 @@ class ucp_main
 
 	function main($id, $mode)
 	{
-		global $config, $db, $user, $auth, $template, $phpbb_root_path, $phpEx, $phpbb_dispatcher;
-		global $request;
+		global $config, $db, $user, $auth, $template, $phpbb_root_path, $phpEx, $phpbb_dispatcher, $cache;
+		global $request, $phpbb_container, $language;
+
+		/* @var $pagination \phpbb\pagination */
+		$pagination = $phpbb_container->get('pagination');
+
+		/* @var $phpbb_content_visibility \phpbb\content_visibility */
+		$phpbb_content_visibility = $phpbb_container->get('content.visibility');
 
 		switch ($mode)
 		{
@@ -44,8 +50,8 @@ class ucp_main
 
 				$user->add_lang('memberlist');
 
-				$sql_from = TOPICS_TABLE . ' t ';
-				$sql_select = '';
+				$sql_from = TOPICS_TABLE . ' t LEFT JOIN ' . FORUMS_TABLE . ' f ON (f.forum_id = t.forum_id) ';
+				$sql_select = ', f.enable_icons';
 
 				if ($config['load_db_track'])
 				{
@@ -137,6 +143,9 @@ class ucp_main
 				}
 				unset($topic_forum_list);
 
+				// Grab icons
+				$icons = $cache->obtain_icons();
+
 				foreach ($topic_list as $topic_id)
 				{
 					$row = &$rowset[$topic_id];
@@ -149,6 +158,9 @@ class ucp_main
 					$folder_img = ($unread_topic) ? $folder_new : $folder;
 					$folder_alt = ($unread_topic) ? 'UNREAD_POSTS' : (($row['topic_status'] == ITEM_LOCKED) ? 'TOPIC_LOCKED' : 'NO_UNREAD_POSTS');
 
+					// Replies
+					$replies = $phpbb_content_visibility->get_count('topic_posts', $row, $forum_id) - 1;
+
 					if ($row['topic_status'] == ITEM_LOCKED)
 					{
 						$folder_img .= '_locked';
@@ -176,10 +188,14 @@ class ucp_main
 						'TOPIC_TITLE'				=> censor_text($row['topic_title']),
 						'TOPIC_TYPE'				=> $topic_type,
 
+						'TOPIC_ICON_IMG'		=> !empty($icons[$row['icon_id']]) ? $icons[$row['icon_id']]['img'] : '',
+						'TOPIC_ICON_IMG_WIDTH'	=> !empty($icons[$row['icon_id']]) ? $icons[$row['icon_id']]['width'] : '',
+						'TOPIC_ICON_IMG_HEIGHT'	=> !empty($icons[$row['icon_id']]) ? $icons[$row['icon_id']]['height'] : '',
 						'TOPIC_IMG_STYLE'		=> $folder_img,
 						'TOPIC_FOLDER_IMG'		=> $user->img($folder_img, $folder_alt),
 						'ATTACH_ICON_IMG'		=> ($auth->acl_get('u_download') && $auth->acl_get('f_download', $forum_id) && $row['topic_attachment']) ? $user->img('icon_topic_attach', '') : '',
 
+						'S_TOPIC_ICONS'		=> $row['enable_icons'] ? true : false,
 						'S_USER_POSTED'		=> (!empty($row['topic_posted']) && $row['topic_posted']) ? true : false,
 						'S_UNREAD'			=> $unread_topic,
 
@@ -211,6 +227,8 @@ class ucp_main
 					extract($phpbb_dispatcher->trigger_event('core.ucp_main_front_modify_template_vars', compact($vars)));
 
 					$template->assign_block_vars('topicrow', $topicrow);
+
+					$pagination->generate_template_pagination(append_sid("{$phpbb_root_path}viewtopic.$phpEx", "t=$topic_id"), 'topicrow.pagination', 'start', $replies + 1, $config['posts_per_page'], 1, true, true);
 				}
 
 				if ($config['load_user_activity'])

phpBB/includes/ucp/ucp_pm_viewmessage.php

@@ -213,6 +213,8 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row)
 		$u_jabber = append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=contact&action=jabber&u=' . $author_id);
 	}
 
+	$can_edit_pm = ($message_row['message_time'] > time() - ($config['pm_edit_time'] * 60) || !$config['pm_edit_time']) && $folder_id == PRIVMSGS_OUTBOX && $auth->acl_get('u_pm_edit');
+
 	$msg_data = array(
 		'MESSAGE_AUTHOR_FULL'		=> get_username_string('full', $author_id, $user_info['username'], $user_info['user_colour'], $user_info['username']),
 		'MESSAGE_AUTHOR_COLOUR'		=> get_username_string('colour', $author_id, $user_info['username'], $user_info['user_colour'], $user_info['username']),
@@ -253,7 +255,7 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row)
 		'U_EMAIL'			=> $user_info['email'],
 		'U_REPORT'			=> ($config['allow_pm_report']) ? $phpbb_container->get('controller.helper')->route('phpbb_report_pm_controller', array('id' => $message_row['msg_id'])) : '',
 		'U_QUOTE'			=> ($auth->acl_get('u_sendpm') && $author_id != ANONYMOUS) ? "$url&mode=compose&action=quote&f=$folder_id&p=" . $message_row['msg_id'] : '',
-		'U_EDIT'			=> (($message_row['message_time'] > time() - ($config['pm_edit_time'] * 60) || !$config['pm_edit_time']) && $folder_id == PRIVMSGS_OUTBOX && $auth->acl_get('u_pm_edit')) ? "$url&mode=compose&action=edit&f=$folder_id&p=" . $message_row['msg_id'] : '',
+		'U_EDIT'			=> $can_edit_pm ? "$url&mode=compose&action=edit&f=$folder_id&p=" . $message_row['msg_id'] : '',
 		'U_POST_REPLY_PM'	=> ($auth->acl_get('u_sendpm') && $author_id != ANONYMOUS) ? "$url&mode=compose&action=reply&f=$folder_id&p=" . $message_row['msg_id'] : '',
 		'U_POST_REPLY_ALL'	=> ($auth->acl_get('u_sendpm') && $author_id != ANONYMOUS) ? "$url&mode=compose&action=reply&f=$folder_id&reply_to_all=1&p=" . $message_row['msg_id'] : '',
 		'U_PREVIOUS_PM'		=> "$url&f=$folder_id&p=" . $message_row['msg_id'] . "&view=previous",

phpBB/includes/ucp/ucp_profile.php

@@ -143,7 +143,7 @@ class ucp_profile
 							));
 						}
 
-						if ($auth->acl_get('u_chgpasswd') && $data['new_password'] && !$passwords_manager->check($data['new_password'], $user->data['user_password']))
+						if ($auth->acl_get('u_chgpasswd') && $data['new_password'])
 						{
 							$sql_ary['user_passchg'] = time();
 
@@ -196,9 +196,10 @@ class ucp_profile
 							{
 								$notifications_manager = $phpbb_container->get('notification_manager');
 								$notifications_manager->add_notifications('notification.type.admin_activate_user', array(
-									'user_id'		=> $user->data['user_id'],
-									'user_actkey'	=> $user_actkey,
-									'user_regdate'	=> time(), // Notification time
+									'user_id'					=> $user->data['user_id'],
+									'user_actkey'				=> $user_actkey,
+									'user_actkey_expiration'	=> $user::get_token_expiration(),
+									'user_regdate'				=> time(), // Notification time
 								));
 							}
 
@@ -265,7 +266,7 @@ class ucp_profile
 					'NEW_PASSWORD'		=> $data['new_password'],
 					'CUR_PASSWORD'		=> '',
 
-					'L_USERNAME_EXPLAIN'		=> $user->lang($config['allow_name_chars'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_name_chars']), $user->lang('CHARACTERS', (int) $config['max_name_chars'])),
+					'L_USERNAME_EXPLAIN'		=> $user->lang($config['allow_name_chars'] . '_EXPLAIN', $user->lang('CHARACTERS_XY', (int) $config['min_name_chars']), $user->lang('CHARACTERS_XY', (int) $config['max_name_chars'])),
 					'L_CHANGE_PASSWORD_EXPLAIN'	=> $user->lang($config['pass_complex'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_pass_chars'])),
 
 					'S_FORCE_PASSWORD'	=> ($auth->acl_get('u_chgpasswd') && $config['chg_passforce'] && $user->data['user_passchg'] < time() - ($config['chg_passforce'] * 86400)) ? true : false,

phpBB/includes/ucp/ucp_register.php

@@ -300,7 +300,7 @@ class ucp_register
 
 				if ($config['max_reg_attempts'] && $captcha->get_attempt_count() > $config['max_reg_attempts'])
 				{
-					$error[] = $user->lang['TOO_MANY_REGISTERS'];
+					trigger_error('TOO_MANY_REGISTERS');
 				}
 			}
 
@@ -381,18 +381,19 @@ class ucp_register
 				$passwords_manager = $phpbb_container->get('passwords.manager');
 
 				$user_row = array(
-					'username'				=> $data['username'],
-					'user_password'			=> $passwords_manager->hash($data['new_password']),
-					'user_email'			=> $data['email'],
-					'group_id'				=> (int) $group_id,
-					'user_timezone'			=> $data['tz'],
-					'user_lang'				=> $data['lang'],
-					'user_type'				=> $user_type,
-					'user_actkey'			=> $user_actkey,
-					'user_ip'				=> $user->ip,
-					'user_regdate'			=> time(),
-					'user_inactive_reason'	=> $user_inactive_reason,
-					'user_inactive_time'	=> $user_inactive_time,
+					'username'					=> $data['username'],
+					'user_password'				=> $passwords_manager->hash($data['new_password']),
+					'user_email'				=> $data['email'],
+					'group_id'					=> (int) $group_id,
+					'user_timezone'				=> $data['tz'],
+					'user_lang'					=> $data['lang'],
+					'user_type'					=> $user_type,
+					'user_actkey'				=> $user_actkey,
+					'user_actkey_expiration'	=> $user::get_token_expiration(),
+					'user_ip'					=> $user->ip,
+					'user_regdate'				=> time(),
+					'user_inactive_reason'		=> $user_inactive_reason,
+					'user_inactive_time'		=> $user_inactive_time,
 				);
 
 				if ($config['new_member_post_limit'])
@@ -644,8 +645,8 @@ class ucp_register
 			'EMAIL'				=> $data['email'],
 
 			'L_REG_COND'				=> $l_reg_cond,
-			'L_USERNAME_EXPLAIN'		=> $user->lang($config['allow_name_chars'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_name_chars']), $user->lang('CHARACTERS', (int) $config['max_name_chars'])),
-			'L_PASSWORD_EXPLAIN'		=> $user->lang($config['pass_complex'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_pass_chars'])),
+			'L_USERNAME_EXPLAIN'		=> $user->lang($config['allow_name_chars'] . '_EXPLAIN', $user->lang('CHARACTERS_XY', (int) $config['min_name_chars']), $user->lang('CHARACTERS_XY', (int) $config['max_name_chars'])),
+			'L_PASSWORD_EXPLAIN'		=> $user->lang($config['pass_complex'] . '_EXPLAIN', $user->lang('CHARACTERS_XY', (int) $config['min_pass_chars'])),
 
 			'S_LANG_OPTIONS'	=> (count($lang_row) > 1) ? language_select($data['lang'], $lang_row) : '',
 			'S_TZ_PRESELECT'	=> !$submit,

phpBB/includes/ucp/ucp_resend.php

@@ -45,7 +45,7 @@ class ucp_resend
 				trigger_error('FORM_INVALID');
 			}
 
-			$sql = 'SELECT user_id, group_id, username, user_email, user_type, user_lang, user_actkey, user_inactive_reason
+			$sql = 'SELECT user_id, group_id, username, user_email, user_type, user_lang, user_actkey, user_actkey_expiration, user_inactive_reason
 				FROM ' . USERS_TABLE . "
 				WHERE user_email = '" . $db->sql_escape($email) . "'
 					AND username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
@@ -73,6 +73,12 @@ class ucp_resend
 				trigger_error('ACCOUNT_DEACTIVATED');
 			}
 
+			// Do not resend activation email if valid one still exists
+			if (!empty($user_row['user_actkey']) && (int) $user_row['user_actkey_expiration'] >= time())
+			{
+				trigger_error('ACTIVATION_ALREADY_SENT');
+			}
+
 			// Determine coppa status on group (REGISTERED(_COPPA))
 			$sql = 'SELECT group_name, group_type
 				FROM ' . GROUPS_TABLE . '
@@ -144,6 +150,8 @@ class ucp_resend
 				$db->sql_freeresult($result);
 			}
 
+			$this->update_activation_expiration();
+
 			meta_refresh(3, append_sid("{$phpbb_root_path}index.$phpEx"));
 
 			$message = ($config['require_activation'] == USER_ACTIVATION_ADMIN) ? $user->lang['ACTIVATION_EMAIL_SENT_ADMIN'] : $user->lang['ACTIVATION_EMAIL_SENT'];
@@ -160,4 +168,23 @@ class ucp_resend
 		$this->tpl_name = 'ucp_resend';
 		$this->page_title = 'UCP_RESEND';
 	}
+
+	/**
+	 * Update activation expiration to 1 day from now
+	 *
+	 * @return void
+	 */
+	protected function update_activation_expiration(): void
+	{
+		global $db, $user;
+
+		$sql_ary = [
+			'user_actkey_expiration'	=> $user::get_token_expiration(),
+		];
+
+		$sql = 'UPDATE ' . USERS_TABLE . '
+			SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
+			WHERE user_id = ' . (int) $user->id();
+		$db->sql_query($sql);
+	}
 }

phpBB/index.php

@@ -227,6 +227,7 @@ $template->assign_vars(array(
 	'S_DISPLAY_BIRTHDAY_LIST'	=> $show_birthdays,
 	'S_INDEX'					=> true,
 
+	'U_CANONICAL'		=> generate_board_url() . '/',
 	'U_MARK_FORUMS'		=> ($user->data['is_registered'] || $config['load_anon_lastread']) ? append_sid("{$phpbb_root_path}index.$phpEx", 'hash=' . generate_link_hash('global') . '&mark=forums&mark_time=' . time()) : '',
 	'U_MCP'				=> ($auth->acl_get('m_') || $auth->acl_getf_global('m_')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=main&mode=front', true, $user->session_id) : '')
 );

phpBB/install/app.php

@@ -20,9 +20,9 @@ define('IN_INSTALL', true);
 $phpbb_root_path = '../';
 $phpEx = substr(strrchr(__FILE__, '.'), 1);
 
-if (version_compare(PHP_VERSION, '7.1.3', '<'))
+if (version_compare(PHP_VERSION, '7.2.0', '<'))
 {
-	die('You are running an unsupported PHP version. Please upgrade to PHP 7.1.3 or higher before trying to install or update to phpBB 3.3');
+	die('You are running an unsupported PHP version (' . PHP_VERSION . '). Please upgrade to PHP 7.2.0 or higher before trying to install or update to phpBB 3.3');
 }
 
 $startup_new_path = $phpbb_root_path . 'install/update/update/new/install/startup.' . $phpEx;

phpBB/install/convertors/convert_phpbb20.php

@@ -38,7 +38,7 @@ $dbms = $phpbb_config_php_file->convert_30_dbms_to_31($dbms);
 $convertor_data = array(
 	'forum_name'	=> 'phpBB 2.0.x',
 	'version'		=> '1.0.3',
-	'phpbb_version'	=> '3.3.8',
+	'phpbb_version'	=> '3.3.12',
 	'author'		=> '<a href="https://www.phpbb.com/">phpBB Limited</a>',
 	'dbms'			=> $dbms,
 	'dbhost'		=> $dbhost,
@@ -901,6 +901,7 @@ if (!$get_info)
 				array('user_email',				'users.user_email',					'strtolower'),
 				array('user_birthday',			((defined('MOD_BIRTHDAY')) ? 'users.user_birthday' : ''),	'phpbb_get_birthday'),
 				array('user_lastvisit',			'users.user_lastvisit',				'intval'),
+				array('user_last_active',		'users.user_lastvisit',				'intval'),
 				array('user_lastmark',			'users.user_lastvisit',				'intval'),
 				array('user_lang',				$config['default_lang'],			''),
 				array('',						'users.user_lang',					''),

phpBB/install/phpbbcli.php

@@ -23,7 +23,7 @@ if (php_sapi_name() !== 'cli')
 define('IN_PHPBB', true);
 define('IN_INSTALL', true);
 define('PHPBB_ENVIRONMENT', 'production');
-define('PHPBB_VERSION', '3.3.8');
+define('PHPBB_VERSION', '3.3.12');
 $phpbb_root_path = __DIR__ . '/../';
 $phpEx = substr(strrchr(__FILE__, '.'), 1);
 

phpBB/install/schemas/schema_data.sql

@@ -200,7 +200,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('load_cpf_viewtopic
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('load_db_lastread', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('load_db_track', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('load_font_awesome_url', 'https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('load_jquery_url', '//ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('load_jquery_url', '//ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('load_jumpbox', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('load_moderators', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('load_notifications', '1');
@@ -316,7 +316,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('update_hashes_lock
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_icons_path', 'images/upload_icons');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_path', 'files');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('use_system_cron', '0');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.3.8');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.3.12');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_expire_days', '90');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_gc', '14400');
 
@@ -527,10 +527,10 @@ INSERT INTO phpbb_forums (forum_name, forum_desc, left_id, right_id, parent_id,
 INSERT INTO phpbb_forums (forum_name, forum_desc, left_id, right_id, parent_id, forum_type, forum_posts_approved, forum_posts_unapproved, forum_posts_softdeleted, forum_topics_approved, forum_topics_unapproved, forum_topics_softdeleted, forum_last_post_id, forum_last_poster_id, forum_last_poster_name, forum_last_poster_colour, forum_last_post_subject, forum_last_post_time, forum_link, forum_password, forum_image, forum_rules, forum_rules_link, forum_rules_uid, forum_desc_uid, prune_freq, prune_days, prune_viewed, forum_parents, forum_flags) VALUES ('{L_FORUMS_TEST_FORUM_TITLE}', '{L_FORUMS_TEST_FORUM_DESC}', 2, 3, 1, 1, 1, 0, 0, 1, 0, 0, 1, 2, 'Admin', 'AA0000', '{L_TOPICS_TOPIC_TITLE}', 972086460, '', '', '', '', '', '', '', 1, 7, 7, '', 48);
 
 # -- Users / Anonymous user
-INSERT INTO phpbb_users (user_type, group_id, username, username_clean, user_regdate, user_password, user_email, user_lang, user_style, user_rank, user_colour, user_posts, user_permissions, user_ip, user_birthday, user_lastpage, user_last_confirm_key, user_post_sortby_type, user_post_sortby_dir, user_topic_sortby_type, user_topic_sortby_dir, user_avatar, user_sig, user_sig_bbcode_uid, user_jabber, user_actkey, user_newpasswd, user_allow_massemail) VALUES (2, 1, 'Anonymous', 'anonymous', 0, '', '', 'en', 1, 0, '', 0, '', '', '', '', '', 't', 'a', 't', 'd', '', '', '', '', '', '', 0);
+INSERT INTO phpbb_users (user_type, group_id, username, username_clean, user_regdate, user_password, user_email, user_lang, user_style, user_rank, user_colour, user_posts, user_permissions, user_ip, user_birthday, user_lastpage, user_last_confirm_key, user_post_sortby_type, user_post_sortby_dir, user_topic_sortby_type, user_topic_sortby_dir, user_avatar, user_sig, user_sig_bbcode_uid, user_jabber, user_actkey, user_actkey_expiration, user_newpasswd, user_allow_massemail) VALUES (2, 1, 'Anonymous', 'anonymous', 0, '', '', 'en', 1, 0, '', 0, '', '', '', '', '', 't', 'a', 't', 'd', '', '', '', '', '', 0, '', 0);
 
 # -- username: Admin    password: admin (change this or remove it once everything is working!)
-INSERT INTO phpbb_users (user_type, group_id, username, username_clean, user_regdate, user_password, user_email, user_lang, user_style, user_rank, user_colour, user_posts, user_permissions, user_ip, user_birthday, user_lastpage, user_last_confirm_key, user_post_sortby_type, user_post_sortby_dir, user_topic_sortby_type, user_topic_sortby_dir, user_avatar, user_sig, user_sig_bbcode_uid, user_jabber, user_actkey, user_newpasswd) VALUES (3, 5, 'Admin', 'admin', 0, '21232f297a57a5a743894a0e4a801fc3', 'admin@yourdomain.com', 'en', 1, 1, 'AA0000', 1, '', '', '', '', '', 't', 'a', 't', 'd', '', '', '', '', '', '');
+INSERT INTO phpbb_users (user_type, group_id, username, username_clean, user_regdate, user_password, user_email, user_lang, user_style, user_rank, user_colour, user_posts, user_permissions, user_ip, user_birthday, user_lastpage, user_last_confirm_key, user_post_sortby_type, user_post_sortby_dir, user_topic_sortby_type, user_topic_sortby_dir, user_avatar, user_sig, user_sig_bbcode_uid, user_jabber, user_actkey, user_actkey_expiration, user_newpasswd) VALUES (3, 5, 'Admin', 'admin', 0, '21232f297a57a5a743894a0e4a801fc3', 'admin@yourdomain.com', 'en', 1, 1, 'AA0000', 1, '', '', '', '', '', 't', 'a', 't', 'd', '', '', '', '', '', 0, '');
 
 # -- Groups
 INSERT INTO phpbb_groups (group_name, group_type, group_founder_manage, group_colour, group_legend, group_avatar, group_desc, group_desc_uid, group_max_recipients) VALUES ('GUESTS', 3, 0, '', 0, '', '', '', 5);
@@ -834,10 +834,10 @@ INSERT INTO phpbb_profile_fields (field_name, field_type, field_ident, field_len
 INSERT INTO phpbb_profile_fields (field_name, field_type, field_ident, field_length, field_minlen, field_maxlen, field_novalue, field_default_value, field_validation, field_required, field_show_novalue, field_show_on_reg, field_show_on_pm, field_show_on_vt, field_show_on_ml, field_show_profile, field_hide, field_no_view, field_active, field_order, field_is_contact, field_contact_desc, field_contact_url) VALUES ('phpbb_occupation', 'profilefields.type.text', 'phpbb_occupation', '3|30', '2', '500', '', '', '.*', 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 4, 0, '', '');
 INSERT INTO phpbb_profile_fields (field_name, field_type, field_ident, field_length, field_minlen, field_maxlen, field_novalue, field_default_value, field_validation, field_required, field_show_novalue, field_show_on_reg, field_show_on_pm, field_show_on_vt, field_show_on_ml, field_show_profile, field_hide, field_no_view, field_active, field_order, field_is_contact, field_contact_desc, field_contact_url) VALUES ('phpbb_icq', 'profilefields.type.string', 'phpbb_icq', '20', '3', '15', '', '', '[0-9]+', 0, 0, 0, 1, 1, 1, 1, 0, 0, 0, 6, 1, 'SEND_ICQ_MESSAGE', 'https://www.icq.com/people/%s/');
 INSERT INTO phpbb_profile_fields (field_name, field_type, field_ident, field_length, field_minlen, field_maxlen, field_novalue, field_default_value, field_validation, field_required, field_show_novalue, field_show_on_reg, field_show_on_pm, field_show_on_vt, field_show_on_ml, field_show_profile, field_hide, field_no_view, field_active, field_order, field_is_contact, field_contact_desc, field_contact_url) VALUES ('phpbb_yahoo', 'profilefields.type.string', 'phpbb_yahoo', '40', '5', '255', '', '', '.*', 0, 0, 0, 1, 1, 1, 1, 0, 0, 0, 8, 1, 'SEND_YIM_MESSAGE', 'ymsgr:sendim?%s');
-INSERT INTO phpbb_profile_fields (field_name, field_type, field_ident, field_length, field_minlen, field_maxlen, field_novalue, field_default_value, field_validation, field_required, field_show_novalue, field_show_on_reg, field_show_on_pm, field_show_on_vt, field_show_on_ml, field_show_profile, field_hide, field_no_view, field_active, field_order, field_is_contact, field_contact_desc, field_contact_url) VALUES ('phpbb_facebook', 'profilefields.type.string', 'phpbb_facebook', '20', '5', '50', '', '', '[\w.]+', 0, 0, 0, 1, 1, 1, 1, 0, 0, 1, 9, 1, 'VIEW_FACEBOOK_PROFILE', 'http://facebook.com/%s/');
-INSERT INTO phpbb_profile_fields (field_name, field_type, field_ident, field_length, field_minlen, field_maxlen, field_novalue, field_default_value, field_validation, field_required, field_show_novalue, field_show_on_reg, field_show_on_pm, field_show_on_vt, field_show_on_ml, field_show_profile, field_hide, field_no_view, field_active, field_order, field_is_contact, field_contact_desc, field_contact_url) VALUES ('phpbb_twitter', 'profilefields.type.string', 'phpbb_twitter', '20', '1', '15', '', '', '[\w_]+', 0, 0, 0, 1, 1, 1, 1, 0, 0, 1, 10, 1, 'VIEW_TWITTER_PROFILE', 'http://twitter.com/%s');
+INSERT INTO phpbb_profile_fields (field_name, field_type, field_ident, field_length, field_minlen, field_maxlen, field_novalue, field_default_value, field_validation, field_required, field_show_novalue, field_show_on_reg, field_show_on_pm, field_show_on_vt, field_show_on_ml, field_show_profile, field_hide, field_no_view, field_active, field_order, field_is_contact, field_contact_desc, field_contact_url) VALUES ('phpbb_facebook', 'profilefields.type.string', 'phpbb_facebook', '20', '5', '50', '', '', '[\w.]+', 0, 0, 0, 1, 1, 1, 1, 0, 0, 1, 9, 1, 'VIEW_FACEBOOK_PROFILE', 'https://facebook.com/%s/');
+INSERT INTO phpbb_profile_fields (field_name, field_type, field_ident, field_length, field_minlen, field_maxlen, field_novalue, field_default_value, field_validation, field_required, field_show_novalue, field_show_on_reg, field_show_on_pm, field_show_on_vt, field_show_on_ml, field_show_profile, field_hide, field_no_view, field_active, field_order, field_is_contact, field_contact_desc, field_contact_url) VALUES ('phpbb_twitter', 'profilefields.type.string', 'phpbb_twitter', '20', '1', '15', '', '', '[\w_]+', 0, 0, 0, 1, 1, 1, 1, 0, 0, 1, 10, 1, 'VIEW_TWITTER_PROFILE', 'https://twitter.com/%s');
 INSERT INTO phpbb_profile_fields (field_name, field_type, field_ident, field_length, field_minlen, field_maxlen, field_novalue, field_default_value, field_validation, field_required, field_show_novalue, field_show_on_reg, field_show_on_pm, field_show_on_vt, field_show_on_ml, field_show_profile, field_hide, field_no_view, field_active, field_order, field_is_contact, field_contact_desc, field_contact_url) VALUES ('phpbb_skype', 'profilefields.type.string', 'phpbb_skype', '20', '6', '32', '', '', '[a-zA-Z][\w\.,\-_]+', 0, 0, 0, 1, 1, 1, 1, 0, 0, 1, 11, 1, 'VIEW_SKYPE_PROFILE', 'skype:%s?userinfo');
-INSERT INTO phpbb_profile_fields (field_name, field_type, field_ident, field_length, field_minlen, field_maxlen, field_novalue, field_default_value, field_validation, field_required, field_show_novalue, field_show_on_reg, field_show_on_pm, field_show_on_vt, field_show_on_ml, field_show_profile, field_hide, field_no_view, field_active, field_order, field_is_contact, field_contact_desc, field_contact_url) VALUES ('phpbb_youtube', 'profilefields.type.string', 'phpbb_youtube', '20', '3', '60', '', '', '[a-zA-Z][\w\.,\-_]+', 0, 0, 0, 1, 1, 1, 1, 0, 0, 1, 12, 1, 'VIEW_YOUTUBE_CHANNEL', 'http://youtube.com/user/%s');
+INSERT INTO phpbb_profile_fields (field_name, field_type, field_ident, field_length, field_minlen, field_maxlen, field_novalue, field_default_value, field_validation, field_required, field_show_novalue, field_show_on_reg, field_show_on_pm, field_show_on_vt, field_show_on_ml, field_show_profile, field_hide, field_no_view, field_active, field_order, field_is_contact, field_contact_desc, field_contact_url) VALUES ('phpbb_youtube', 'profilefields.type.string', 'phpbb_youtube', '20', '3', '60', '', '', '(@[a-zA-Z0-9_.-]{3,30}|c/[a-zA-Z][\w\.,\-_]+|(channel|user)/[a-zA-Z][\w\.,\-_]+)', 0, 0, 0, 1, 1, 1, 1, 0, 0, 1, 12, 1, 'VIEW_YOUTUBE_PROFILE', 'https://youtube.com/%s');
 
 # User Notification Options (for first user)
 INSERT INTO phpbb_user_notifications (item_type, item_id, user_id, method) VALUES('notification.type.post', 0, 2, 'notification.method.board');

phpBB/install/startup.php

@@ -159,9 +159,9 @@ function installer_shutdown_function($display_errors)
 		installer_class_loader($phpbb_root_path, $phpEx);
 		$supported_error_levels = E_ALL & ~E_NOTICE & ~E_DEPRECATED & ~E_USER_DEPRECATED;
 
-		$cache = new \phpbb\cache\driver\file(__DIR__ . '/../cache/installer');
+		$cache = new \phpbb\cache\driver\file(__DIR__ . '/../cache/installer/');
 		$filesystem = new \phpbb\filesystem\filesystem();
-		if (strpos($error['file'], $filesystem->realpath($cache->cache_dir)) !== false)
+		if (strpos($error['file'], $filesystem->realpath($cache->cache_dir)) !== false && is_writable($cache->cache_dir))
 		{
 			$file_age = @filemtime($error['file']);
 

phpBB/language/en/acp/board.php

@@ -44,7 +44,7 @@ $lang = array_merge($lang, array(
 	'BOARD_STYLE'					=> 'Board style',
 	'CUSTOM_DATEFORMAT'				=> 'Custom…',
 	'DEFAULT_DATE_FORMAT'			=> 'Date format',
-	'DEFAULT_DATE_FORMAT_EXPLAIN'	=> 'The date format is the same as the PHP <code><a href="https://secure.php.net/manual/function.date.php">date()</a></code> function.',
+	'DEFAULT_DATE_FORMAT_EXPLAIN'	=> 'The syntax uses the same format as the PHP <a href="https://www.php.net/manual/datetime.format.php">date functions</a>.',
 	'DEFAULT_LANGUAGE'				=> 'Default language',
 	'DEFAULT_STYLE'					=> 'Default style',
 	'DEFAULT_STYLE_EXPLAIN'			=> 'The default style for new users.',
@@ -386,7 +386,7 @@ $lang = array_merge($lang, array(
 	'ACP_LOAD_SETTINGS_EXPLAIN'	=> 'Here you can enable and disable certain board functions to reduce the amount of processing required. On most servers there is no need to disable any functions. However on certain systems or in shared hosting environments it may be beneficial to disable capabilities you do not really need. You can also specify limits for system load and active sessions beyond which the board will go offline.',
 
 	'ALLOW_CDN'						=> 'Allow usage of third party content delivery networks',
-	'ALLOW_CDN_EXPLAIN'				=> 'If this setting is enabled, some files will be served from external third party servers instead of your server. This reduces the network bandwidth required by your server, but may present a privacy issue for some board administrators. In a default phpBB installation, this includes loading “jQuery” and the font “Open Sans” from Google’s content delivery network.',
+	'ALLOW_CDN_EXPLAIN'				=> 'If this setting is enabled, some files will be served from external third party servers instead of your server. This reduces the network bandwidth used by your server, but may present a privacy issue in some countries. In a default phpBB installation, this includes loading “jQuery” and the font “Open Sans” from Google’s content delivery network. This also applies to the “Font Awesome” font, which phpBB and some extensions use to render icons.',
 	'ALLOW_LIVE_SEARCHES'			=> 'Allow live searches',
 	'ALLOW_LIVE_SEARCHES_EXPLAIN'	=> 'If this setting is enabled, users are provided with keyword suggestions as they type in certain fields throughout the board.',
 	'CUSTOM_PROFILE_FIELDS'			=> 'Custom profile fields',
@@ -483,7 +483,7 @@ $lang = array_merge($lang, array(
 	'SCRIPT_PATH'				=> 'Script path',
 	'SCRIPT_PATH_EXPLAIN'		=> 'The path where phpBB is located relative to the domain name, e.g. <samp>/phpBB3</samp>.',
 	'SERVER_NAME'				=> 'Domain name',
-	'SERVER_NAME_EXPLAIN'		=> 'The domain name this board runs from (for example: <samp>www.example.com</samp>).',
+	'SERVER_NAME_EXPLAIN'		=> 'The domain name this board runs from (for example: <samp>example.com</samp>).',
 	'SERVER_PORT'				=> 'Server port',
 	'SERVER_PORT_EXPLAIN'		=> 'The port your server is running on, usually 80, only change if different.',
 	'SERVER_PROTOCOL'			=> 'Server protocol',

phpBB/language/en/acp/common.php

@@ -738,6 +738,10 @@ $lang = array_merge($lang, array(
 	'LOG_SEARCH_INDEX_CREATED'	=> '<strong>Created search index for</strong><br />» %s',
 	'LOG_SEARCH_INDEX_REMOVED'	=> '<strong>Removed search index for</strong><br />» %s',
 	'LOG_SPHINX_ERROR'			=> '<strong>Sphinx Error</strong><br />» %s',
+
+	'LOG_SPAMHAUS_OPEN_RESOLVER'		=> 'Spamhaus does not allow queries using an open resolver. Blacklist checking has been disabled. For more information, see https://www.spamhaus.com/product/help-for-spamhaus-public-mirror-users/.',
+	'LOG_SPAMHAUS_VOLUME_LIMIT'			=> 'Spamhaus query volume limit has been exceeded. Blacklist checking has been disabled. For more information, see https://www.spamhaus.com/product/help-for-spamhaus-public-mirror-users/.',
+
 	'LOG_STYLE_ADD'				=> '<strong>Added new style</strong><br />» %s',
 	'LOG_STYLE_DELETE'			=> '<strong>Deleted style</strong><br />» %s',
 	'LOG_STYLE_EDIT_DETAILS'	=> '<strong>Edited style</strong><br />» %s',

phpBB/language/en/acp/permissions.php

@@ -59,7 +59,7 @@ $lang = array_merge($lang, array(
 
 	'ACL_NEVER'				=> 'Never',
 	'ACL_SET'				=> 'Setting permissions',
-	'ACL_SET_EXPLAIN'		=> 'Permissions are based on a simple <strong>YES</strong>/<strong>NO</strong> system. Setting an option to <strong>NEVER</strong> for a user or usergroup overrides any other value assigned to it. If you do not wish to assign a value for an option for this user or group select <strong>NO</strong>. If values are assigned for this option elsewhere they will be used in preference, else <strong>NEVER</strong> is assumed. All objects marked (with the checkbox in front of them) will copy the permission set you defined.',
+	'ACL_SET_EXPLAIN'		=> 'Permissions are based on a simple <strong>YES</strong>/<strong>NO</strong> system. Setting an option to <strong>NEVER</strong> for a user or usergroup overrides any other value assigned to it. If you do not wish to assign a value for an option for this user or group select <strong>NO</strong>. If values are assigned for this option elsewhere they will be used in preference, else <strong>NEVER</strong> is assumed. All objects marked (with the checkbox in front of them) will copy the permission set you defined. Please note that setting administrative permissions for founder accounts does not have any effect as admin permissions are always set to <strong>YES</strong> for founders.',
 	'ACL_SETTING'			=> 'Setting',
 
 	'ACL_TYPE_A_'			=> 'Administrative permissions',

phpBB/language/en/acp/permissions_phpbb.php

@@ -159,9 +159,9 @@ $lang = array_merge($lang, array(
 	'ACL_M_MERGE'	=> 'Can merge topics',
 
 	'ACL_M_INFO'		=> 'Can view post details',
-	'ACL_M_WARN'		=> 'Can issue warnings<br /><em>This setting is only assigned globally. It is not forum based.</em>', // This moderator setting is only global (and not local)
-	'ACL_M_PM_REPORT'	=> 'Can close and delete reports of private messages<br /><em>This setting is only assigned globally. It is not forum based.</em>', // This moderator setting is only global (and not local)
-	'ACL_M_BAN'			=> 'Can manage bans<br /><em>This setting is only assigned globally. It is not forum based.</em>', // This moderator setting is only global (and not local)
+	'ACL_M_WARN'		=> 'Can issue warnings',
+	'ACL_M_PM_REPORT'	=> 'Can close and delete reports of private messages',
+	'ACL_M_BAN'			=> 'Can manage bans',
 ));
 
 // Admin Permissions

phpBB/language/en/acp/search.php

@@ -52,7 +52,7 @@ $lang = array_merge($lang, array(
 	'DEFAULT_SEARCH_RETURN_CHARS'			=> 'Default number of returned characters',
 	'DEFAULT_SEARCH_RETURN_CHARS_EXPLAIN'	=> 'The default number of characters that will be returned while searching. A value of 0 will return the entire post.',
 	'DELETE_INDEX'							=> 'Delete index',
-	'DELETING_INDEX_IN_PROGRESS'			=> 'Deleting the index in progress',
+	'DELETING_INDEX_IN_PROGRESS'			=> 'Deletion of index is in progress…',
 	'DELETING_INDEX_IN_PROGRESS_EXPLAIN'	=> 'The search backend is currently cleaning its index. This can take a few minutes.',
 
 	'FULLTEXT_MYSQL_INCOMPATIBLE_DATABASE'	=> 'The MySQL fulltext backend can only be used with MySQL4 and above.',
@@ -92,7 +92,7 @@ $lang = array_merge($lang, array(
 	'GO_TO_SEARCH_INDEX'					=> 'Go to search index page',
 
 	'INDEX_STATS'							=> 'Index statistics',
-	'INDEXING_IN_PROGRESS'					=> 'Indexing in progress',
+	'INDEXING_IN_PROGRESS'					=> 'Indexing in progress…',
 	'INDEXING_IN_PROGRESS_EXPLAIN'			=> 'The search backend is currently indexing all posts on the board. This can take from a few minutes to a few hours depending on your board’s size.',
 
 	'LIMIT_SEARCH_LOAD'						=> 'Search page system load limit',
@@ -112,18 +112,19 @@ $lang = array_merge($lang, array(
 	'SEARCH_GUEST_INTERVAL'					=> 'Guest search flood interval',
 	'SEARCH_GUEST_INTERVAL_EXPLAIN'			=> 'Number of seconds guests must wait between searches. If one guest searches all others have to wait until the time interval passed.',
 	'SEARCH_INDEX_CREATE_REDIRECT'			=> array(
-		2	=> 'All posts up to post id %2$d have now been indexed, of which %1$d posts were within this step.<br />',
+		2	=> 'All posts up to post id %2$d have now been indexed, of which %1$d posts were within this step.',
 	),
 	'SEARCH_INDEX_CREATE_REDIRECT_RATE'		=> array(
-		2	=> 'The current rate of indexing is approximately %1$.1f posts per second.<br />Indexing in progress…',
+		2	=> 'The current rate of indexing is approximately %1$.1f posts per second.',
 	),
 	'SEARCH_INDEX_DELETE_REDIRECT'			=> array(
-		2	=> 'All posts up to post id %2$d have been removed from the search index, of which %1$d posts were within this step.<br />',
+		2	=> 'All posts up to post id %2$d have been removed from the search index, of which %1$d posts were within this step.',
 	),
 	'SEARCH_INDEX_DELETE_REDIRECT_RATE'		=> array(
-		2	=> 'The current rate of deleting is approximately %1$.1f posts per second.<br />Deleting in progress…',
+		2	=> 'The current rate of deleting is approximately %1$.1f posts per second.',
 	),
 	'SEARCH_INDEX_CREATED'					=> 'Successfully indexed all posts in the board database.',
+	'SEARCH_INDEX_PROGRESS'					=> 'Done: %1$d | Pending: %2$d | Total: %3$d',
 	'SEARCH_INDEX_REMOVED'					=> 'Successfully deleted the search index for this backend.',
 	'SEARCH_INTERVAL'						=> 'User search flood interval',
 	'SEARCH_INTERVAL_EXPLAIN'				=> 'Number of seconds users must wait between searches. This interval is checked independently for each user.',

phpBB/language/en/common.php

@@ -64,6 +64,7 @@ $lang = array_merge($lang, array(
 	'ACCOUNT_DEACTIVATED'			=> 'Your account has been manually deactivated and is only able to be reactivated by an administrator.',
 	'ACP'							=> 'Administration Control Panel',
 	'ACP_SHORT'						=> 'ACP',
+	'ACTIVATION_ALREADY_SENT'		=> 'The activation email has already been sent to your email address. You can try again after 24 hours. If you continue to have problems activating your account, please contact a board administrator.',
 	'ACTIVE'						=> 'active',
 	'ACTIVE_ERROR'					=> 'The specified username is currently inactive. If you have problems activating your account, please contact a board administrator.',
 	'ADMINISTRATOR'					=> 'Administrator',
@@ -169,6 +170,11 @@ $lang = array_merge($lang, array(
 		1	=> '%d character',
 		2	=> '%d characters',
 	),
+	// Special version to be used when describing ranges e.g. "min x characters and max y characters"
+	'CHARACTERS_XY'			=> array(
+		1	=> '%d character',
+		2	=> '%d characters',
+	),
 	'COLLAPSE_VIEW'			=> 'Collapse view',
 	'CLOSE_WINDOW'			=> 'Close window',
 	'CODE'					=> 'Code',
@@ -678,6 +684,10 @@ $lang = array_merge($lang, array(
 	'RETURN_TOPIC'				=> '%sReturn to the topic last visited%s',
 	'RETURN_TO'					=> 'Return to “%s”',
 	'RETURN_TO_INDEX'			=> 'Return to Board Index',
+
+	'ROUTE_NOT_FOUND'				=> 'The requested route “%s” could not be found.',
+	'ROUTE_INVALID_MISSING_PARAMS'	=> 'Invalid or missing parameters passed for route “%s”.',
+
 	'FEED'						=> 'Feed',
 	'FEED_NEWS'					=> 'News',
 	'FEED_TOPICS_ACTIVE'		=> 'Active Topics',

phpBB/language/en/install.php

@@ -45,7 +45,7 @@ $lang = array_merge($lang, array(
 
 	// Introduction page
 	'INTRODUCTION_TITLE'	=> 'Introduction',
-	'INTRODUCTION_BODY'		=> 'Welcome to phpBB3!<br /><br />phpBB® is the most widely used open source bulletin board solution in the world. phpBB3 is the latest installment in a package line started in 2000. Like its predecessors, phpBB3 is feature-rich, user-friendly, and fully supported by the phpBB Team. phpBB3 greatly improves on what made phpBB2 popular, and adds commonly requested features that were not present in previous versions. We hope it exceeds your expectations.<br /><br />This installation system will guide you through installing phpBB3, updating to the latest version of phpBB3 from past releases, as well as converting to phpBB3 from a different discussion board system (including phpBB2). For more information, we encourage you to read <a href="../docs/INSTALL.html">the installation guide</a>.<br /><br />To read the phpBB3 license or learn about obtaining support and our stance on it, please select the respective options from the side menu. To continue, please select the appropriate tab above.',
+	'INTRODUCTION_BODY'		=> 'Welcome to phpBB3!<br /><br />phpBB® is the most widely used open source bulletin board solution in the world. phpBB3 is the latest installment in a package line started in 2000. Like its predecessors, phpBB3 is feature-rich, user-friendly, and fully supported by the phpBB Team. phpBB3 greatly improves on what made phpBB2 popular, and adds commonly requested features that were not present in previous versions. We hope it exceeds your expectations.<br /><br />This installation system will guide you through installing phpBB3, updating to the latest version of phpBB3 from past releases, as well as converting to phpBB3 from a different discussion board system (including phpBB2). For more information, we encourage you to read <a href="%1$s">the installation guide</a>.<br /><br />To read the phpBB3 license or learn about obtaining support and our stance on it, please select the respective options from the side menu. To continue, please select the appropriate tab above.',
 
 	// Support page
 	'SUPPORT_TITLE'		=> 'Support',
@@ -105,7 +105,7 @@ $lang = array_merge($lang, array(
 
 	// Server requirements
 	'PHP_VERSION_REQD'					=> 'PHP version',
-	'PHP_VERSION_REQD_EXPLAIN'			=> 'phpBB requires PHP version 7.1.3 or higher.',
+	'PHP_VERSION_REQD_EXPLAIN'			=> 'phpBB requires PHP version 7.2.0 or higher.',
 	'PHP_GETIMAGESIZE_SUPPORT'			=> 'PHP getimagesize() function is required',
 	'PHP_GETIMAGESIZE_SUPPORT_EXPLAIN'	=> 'In order for phpBB to function correctly, the getimagesize function needs to be available.',
 	'PCRE_UTF_SUPPORT'					=> 'PCRE UTF-8 support',
@@ -508,10 +508,12 @@ $lang = array_merge($lang, array(
 	'CHECK_TABLE_PREFIX'		=> 'Please check your table prefix and try again.',
 
 	// Conversion in progress
+	'CATEGORY'					=> 'Category',
 	'CONTINUE_CONVERT'			=> 'Continue conversion',
 	'CONTINUE_CONVERT_BODY'		=> 'A previous conversion attempt has been determined. You are now able to choose between starting a new conversion or continuing the conversion.',
 	'CONVERT_NEW_CONVERSION'	=> 'New conversion',
 	'CONTINUE_OLD_CONVERSION'	=> 'Continue previously started conversion',
+	'POST_ID'					=> 'Post ID',
 
 	// Start conversion
 	'SUB_INTRO'					=> 'Introduction',
@@ -568,6 +570,10 @@ $lang = array_merge($lang, array(
 	'CONVERT_COMPLETE'			=> 'Conversion completed',
 	'CONVERT_COMPLETE_EXPLAIN'	=> 'You have now successfully converted your board to phpBB 3.3. You can now login and <a href="../">access your board</a>. Please ensure that the settings were transferred correctly before enabling your board by deleting the install directory. Remember that help on using phpBB is available online via the <a href="https://www.phpbb.com/support/docs/en/3.3/ug/">Documentation</a> and the <a href="https://www.phpbb.com/community/viewforum.php?f=661">support forums</a>.',
 
+	'COLLIDING_CLEAN_USERNAME'			=> '<strong>%s</strong> is the clean username for:',
+	'COLLIDING_USER'					=> '» user id: <strong>%d</strong> username: <strong>%s</strong> (%d posts)',
+	'COLLIDING_USERNAMES_FOUND'			=> 'Colliding usernames were found on your old board. In order to complete the conversion please delete or rename these users so that there is only one user on your old board for each clean username.',
+	'CONV_ERR_FATAL'					=> 'Fatal conversion error',
 	'CONV_ERROR_ATTACH_FTP_DIR'			=> 'FTP upload for attachments is enabled at the old board. Please disable the FTP upload option and make sure a valid upload directory is specified, then copy all attachment files to this new web accessible directory. Once you have done this, restart the convertor.',
 	'CONV_ERROR_CONFIG_EMPTY'			=> 'There is no configuration information available for the conversion.',
 	'CONV_ERROR_FORUM_ACCESS'			=> 'Unable to get forum access information.',

phpBB/language/en/mcp.php

@@ -259,7 +259,7 @@ $lang = array_merge($lang, array(
 	'ONLY_TOPIC'			=> 'Only topic “%s”',
 	'OTHER_USERS'			=> 'Other users posting from this IP',
 
-	'QUICKMOD_ACTION_NOT_ALLOWED' => "%s not allowed as quickmod",
+	'QUICKMOD_ACTION_NOT_ALLOWED' => '%s not allowed as quickmod',
 
 	'PM_REPORT_CLOSED_SUCCESS'	=> 'The selected PM report has been closed successfully.',
 	'PM_REPORT_DELETED_SUCCESS'	=> 'The selected PM report has been deleted successfully.',

phpBB/language/en/memberlist.php

@@ -149,5 +149,5 @@ $lang = array_merge($lang, array(
 	'VIEW_FACEBOOK_PROFILE'	=> 'View Facebook Profile',
 	'VIEW_SKYPE_PROFILE'	=> 'View Skype Profile',
 	'VIEW_TWITTER_PROFILE'	=> 'View Twitter Profile',
-	'VIEW_YOUTUBE_CHANNEL'	=> 'View YouTube Channel',
+	'VIEW_YOUTUBE_PROFILE'	=> 'View YouTube Profile',
 ));

phpBB/language/en/ucp.php

@@ -116,7 +116,7 @@ $lang = array_merge($lang, array(
 	'BIRTHDAY'					=> 'Birthday',
 	'BIRTHDAY_EXPLAIN'			=> 'Setting a year will list your age when it is your birthday.',
 	'BOARD_DATE_FORMAT'			=> 'My date format',
-	'BOARD_DATE_FORMAT_EXPLAIN'	=> 'The syntax used is identical to the PHP <a href="https://secure.php.net/manual/function.date.php">date()</a> function.',
+	'BOARD_DATE_FORMAT_EXPLAIN'	=> 'The syntax uses the same format as the PHP <a href="https://www.php.net/manual/datetime.format.php">date functions</a>.',
 	'BOARD_LANGUAGE'			=> 'My language',
 	'BOARD_STYLE'				=> 'My board style',
 	'BOARD_TIMEZONE'			=> 'My timezone',

phpBB/memberlist.php

@@ -1036,7 +1036,7 @@ switch ($mode)
 		if ($auth->acl_get('u_viewonline'))
 		{
 			$sort_key_text['l'] = $user->lang['SORT_LAST_ACTIVE'];
-			$sort_key_sql['l'] = 'u.user_lastvisit';
+			$sort_key_sql['l'] = 'u.user_last_active';
 		}
 
 		$sort_key_text['m'] = $user->lang['SORT_RANK'];
@@ -1138,15 +1138,15 @@ switch ($mode)
 				{
 					if ($active_select === 'lt' && (int) $active[0] == 0 && (int) $active[1] == 0 && (int) $active[2] == 0)
 					{
-						$sql_where .= ' AND u.user_lastvisit = 0';
+						$sql_where .= ' AND u.user_last_active = 0';
 					}
 					else if ($active_select === 'gt')
 					{
-						$sql_where .= ' AND u.user_lastvisit ' . $find_key_match[$active_select] . ' ' . $active_time;
+						$sql_where .= ' AND u.user_last_active ' . $find_key_match[$active_select] . ' ' . $active_time;
 					}
 					else
 					{
-						$sql_where .= ' AND (u.user_lastvisit > 0 AND u.user_lastvisit < ' . $active_time . ')';
+						$sql_where .= ' AND (u.user_last_active > 0 AND u.user_last_active < ' . $active_time . ')';
 					}
 				}
 			}
@@ -1634,17 +1634,20 @@ switch ($mode)
 		if (count($user_list))
 		{
 			// Session time?! Session time...
-			$sql = 'SELECT session_user_id, MAX(session_time) AS session_time
+			$sql = 'SELECT session_user_id, MAX(session_time) AS session_time, MIN(session_viewonline) AS session_viewonline
 				FROM ' . SESSIONS_TABLE . '
 				WHERE session_time >= ' . (time() - $config['session_length']) . '
 					AND ' . $db->sql_in_set('session_user_id', $user_list) . '
 				GROUP BY session_user_id';
 			$result = $db->sql_query($sql);
 
-			$session_times = array();
+			$session_ary = [];
 			while ($row = $db->sql_fetchrow($result))
 			{
-				$session_times[$row['session_user_id']] = $row['session_time'];
+				$session_ary[$row['session_user_id']] = [
+					'session_time' => $row['session_time'],
+					'session_viewonline' => $row['session_viewonline'],
+				];
 			}
 			$db->sql_freeresult($result);
 
@@ -1708,8 +1711,9 @@ switch ($mode)
 			$id_cache = array();
 			while ($row = $db->sql_fetchrow($result))
 			{
-				$row['session_time'] = (!empty($session_times[$row['user_id']])) ? $session_times[$row['user_id']] : 0;
-				$row['last_visit'] = (!empty($row['session_time'])) ? $row['session_time'] : $row['user_lastvisit'];
+				$row['session_time'] = $session_ary[$row['user_id']]['session_time'] ?? 0;
+				$row['session_viewonline'] = $session_ary[$row['user_id']]['session_viewonline'] ?? 0;
+				$row['last_visit'] = (!empty($row['session_time'])) ? $row['session_time'] : $row['user_last_active'];
 
 				$id_cache[$row['user_id']] = $row;
 			}

phpBB/phpbb/attachment/upload.php

@@ -48,6 +48,9 @@ class upload
 	/** @var dispatcher */
 	protected $phpbb_dispatcher;
 
+	/** @var string */
+	protected $phpbb_root_path;
+
 	/** @var plupload Plupload */
 	protected $plupload;
 

phpBB/phpbb/auth/auth.php

@@ -524,19 +524,19 @@ class auth
 			ORDER BY role_id ASC';
 		$result = $db->sql_query($sql);
 
-		$this->role_cache = array();
+		$role_cache = array();
 		while ($row = $db->sql_fetchrow($result))
 		{
-			$this->role_cache[$row['role_id']][$row['auth_option_id']] = (int) $row['auth_setting'];
+			$role_cache[$row['role_id']][$row['auth_option_id']] = (int) $row['auth_setting'];
 		}
 		$db->sql_freeresult($result);
 
-		foreach ($this->role_cache as $role_id => $role_options)
+		foreach ($role_cache as $role_id => $role_options)
 		{
-			$this->role_cache[$role_id] = serialize($role_options);
+			$role_cache[$role_id] = serialize($role_options);
 		}
 
-		$cache->put('_role_cache', $this->role_cache);
+		$cache->put('_role_cache', $role_cache);
 
 		// Now empty user permissions
 		$where_sql = '';
@@ -776,6 +776,7 @@ class auth
 
 		$sql_group = ($group_id !== false) ? ((!is_array($group_id)) ? 'group_id = ' . (int) $group_id : $db->sql_in_set('group_id', array_map('intval', $group_id))) : '';
 		$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? 'AND a.forum_id = ' . (int) $forum_id : 'AND ' . $db->sql_in_set('a.forum_id', array_map('intval', $forum_id))) : '';
+		$sql_is_local = $forum_id !== false ? 'AND ao.is_local <> 0' : '';
 
 		$sql_opts = '';
 		$hold_ary = $sql_ary = array();
@@ -787,9 +788,10 @@ class auth
 
 		// Grab group settings - non-role specific...
 		$sql_ary[] = 'SELECT a.group_id, a.forum_id, a.auth_setting, a.auth_option_id, ao.auth_option
-			FROM ' . ACL_GROUPS_TABLE . ' a, ' . ACL_OPTIONS_TABLE . ' ao
+			FROM ' . ACL_GROUPS_TABLE . ' a, ' . ACL_OPTIONS_TABLE . " ao
 			WHERE a.auth_role_id = 0
-				AND a.auth_option_id = ao.auth_option_id ' .
+				AND a.auth_option_id = ao.auth_option_id
+				$sql_is_local " .
 				(($sql_group) ? 'AND a.' . $sql_group : '') . "
 				$sql_forum
 				$sql_opts
@@ -797,9 +799,10 @@ class auth
 
 		// Now grab group settings - role specific...
 		$sql_ary[] = 'SELECT a.group_id, a.forum_id, r.auth_setting, r.auth_option_id, ao.auth_option
-			FROM ' . ACL_GROUPS_TABLE . ' a, ' . ACL_ROLES_DATA_TABLE . ' r, ' . ACL_OPTIONS_TABLE . ' ao
+			FROM ' . ACL_GROUPS_TABLE . ' a, ' . ACL_ROLES_DATA_TABLE . ' r, ' . ACL_OPTIONS_TABLE . " ao
 			WHERE a.auth_role_id = r.role_id
-				AND r.auth_option_id = ao.auth_option_id ' .
+				$sql_is_local
+				AND r.auth_option_id = ao.auth_option_id " .
 				(($sql_group) ? 'AND a.' . $sql_group : '') . "
 				$sql_forum
 				$sql_opts
@@ -828,9 +831,9 @@ class auth
 		global $db, $cache;
 
 		// Check if the role-cache is there
-		if (($this->role_cache = $cache->get('_role_cache')) === false)
+		if (($role_cache = $cache->get('_role_cache')) === false)
 		{
-			$this->role_cache = array();
+			$role_cache = array();
 
 			// We pre-fetch roles
 			$sql = 'SELECT *
@@ -840,16 +843,16 @@ class auth
 
 			while ($row = $db->sql_fetchrow($result))
 			{
-				$this->role_cache[$row['role_id']][$row['auth_option_id']] = (int) $row['auth_setting'];
+				$role_cache[$row['role_id']][$row['auth_option_id']] = (int) $row['auth_setting'];
 			}
 			$db->sql_freeresult($result);
 
-			foreach ($this->role_cache as $role_id => $role_options)
+			foreach ($role_cache as $role_id => $role_options)
 			{
-				$this->role_cache[$role_id] = serialize($role_options);
+				$role_cache[$role_id] = serialize($role_options);
 			}
 
-			$cache->put('_role_cache', $this->role_cache);
+			$cache->put('_role_cache', $role_cache);
 		}
 
 		$hold_ary = array();
@@ -865,7 +868,7 @@ class auth
 			// If a role is assigned, assign all options included within this role. Else, only set this one option.
 			if ($row['auth_role_id'])
 			{
-				$hold_ary[$row['forum_id']] = (empty($hold_ary[$row['forum_id']])) ? unserialize($this->role_cache[$row['auth_role_id']]) : $hold_ary[$row['forum_id']] + unserialize($this->role_cache[$row['auth_role_id']]);
+				$hold_ary[$row['forum_id']] = (empty($hold_ary[$row['forum_id']])) ? unserialize($role_cache[$row['auth_role_id']]) : $hold_ary[$row['forum_id']] + unserialize($role_cache[$row['auth_role_id']]);
 			}
 			else
 			{
@@ -890,9 +893,9 @@ class auth
 			{
 				$this->_set_group_hold_ary($hold_ary[$row['forum_id']], $row['auth_option_id'], $row['auth_setting']);
 			}
-			else if (!empty($this->role_cache[$row['auth_role_id']]))
+			else if (!empty($role_cache[$row['auth_role_id']]))
 			{
-				foreach (unserialize($this->role_cache[$row['auth_role_id']]) as $option_id => $setting)
+				foreach (unserialize($role_cache[$row['auth_role_id']]) as $option_id => $setting)
 				{
 					$this->_set_group_hold_ary($hold_ary[$row['forum_id']], $option_id, $setting);
 				}

phpBB/phpbb/avatar/driver/local.php

@@ -23,7 +23,7 @@ class local extends \phpbb\avatar\driver\driver
 	*/
 	public function get_data($row)
 	{
-		$root_path = (defined('PHPBB_USE_BOARD_URL_PATH') && PHPBB_USE_BOARD_URL_PATH) ? generate_board_url() . '/' : $this->path_helper->get_web_root_path();
+		$root_path = $this->path_helper->get_web_root_path();
 
 		return array(
 			'src' => $root_path . $this->config['avatar_gallery_path'] . '/' . $row['avatar'],

phpBB/phpbb/avatar/driver/remote.php

@@ -62,7 +62,7 @@ class remote extends \phpbb\avatar\driver\driver
 
 		if (!preg_match('#^(http|https|ftp)://#i', $url))
 		{
-			$url = 'http://' . $url;
+			$url = 'https://' . $url;
 		}
 
 		if (!function_exists('validate_data'))

phpBB/phpbb/avatar/driver/upload.php

@@ -62,7 +62,7 @@ class upload extends \phpbb\avatar\driver\driver
 	*/
 	public function get_data($row)
 	{
-		$root_path = (defined('PHPBB_USE_BOARD_URL_PATH') && PHPBB_USE_BOARD_URL_PATH) ? generate_board_url() . '/' : $this->path_helper->get_web_root_path();
+		$root_path = $this->path_helper->get_web_root_path();
 
 		return array(
 			'src' => $root_path . 'download/file.' . $this->php_ext . '?avatar=' . $row['avatar'],

phpBB/phpbb/cache/driver/base.php

@@ -115,6 +115,7 @@ abstract class base implements \phpbb\cache\driver\driver_interface
 	*/
 	function sql_exists($query_id)
 	{
+		$query_id = $this->clean_query_id($query_id);
 		return isset($this->sql_rowset[$query_id]);
 	}
 
@@ -123,6 +124,7 @@ abstract class base implements \phpbb\cache\driver\driver_interface
 	*/
 	function sql_fetchrow($query_id)
 	{
+		$query_id = $this->clean_query_id($query_id);
 		if ($this->sql_row_pointer[$query_id] < count($this->sql_rowset[$query_id]))
 		{
 			return $this->sql_rowset[$query_id][$this->sql_row_pointer[$query_id]++];
@@ -136,6 +138,7 @@ abstract class base implements \phpbb\cache\driver\driver_interface
 	*/
 	function sql_fetchfield($query_id, $field)
 	{
+		$query_id = $this->clean_query_id($query_id);
 		if ($this->sql_row_pointer[$query_id] < count($this->sql_rowset[$query_id]))
 		{
 			return (isset($this->sql_rowset[$query_id][$this->sql_row_pointer[$query_id]][$field])) ? $this->sql_rowset[$query_id][$this->sql_row_pointer[$query_id]++][$field] : false;
@@ -149,6 +152,7 @@ abstract class base implements \phpbb\cache\driver\driver_interface
 	*/
 	function sql_rowseek($rownum, $query_id)
 	{
+		$query_id = $this->clean_query_id($query_id);
 		if ($rownum >= count($this->sql_rowset[$query_id]))
 		{
 			return false;
@@ -163,6 +167,7 @@ abstract class base implements \phpbb\cache\driver\driver_interface
 	*/
 	function sql_freeresult($query_id)
 	{
+		$query_id = $this->clean_query_id($query_id);
 		if (!isset($this->sql_rowset[$query_id]))
 		{
 			return false;
@@ -231,4 +236,21 @@ abstract class base implements \phpbb\cache\driver\driver_interface
 
 		@rmdir($dir);
 	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public function clean_query_id($query_id)
+	{
+		// Some DBMS functions accept/return objects and/or resources instead of integer identifier
+		// Attempting to cast object to int will throw error, hence correctly handle all cases
+		if (is_resource($query_id))
+		{
+			return function_exists('get_resource_id') ? get_resource_id($query_id) : (int) $query_id;
+		}
+		else
+		{
+			return is_object($query_id) ? spl_object_id($query_id) : $query_id;
+		}
+	}
 }

phpBB/phpbb/cache/driver/driver_interface.php

@@ -164,4 +164,13 @@ interface driver_interface
 	* @return bool
 	*/
 	public function sql_freeresult($query_id);
+
+	/**
+	 * Ensure query ID can be used by cache
+	 *
+	 * @param object|resource|int|string $query_id Mixed type query id
+	 *
+	 * @return int|string Query id in string or integer format
+	 */
+	public function clean_query_id($query_id);
 }

phpBB/phpbb/cache/driver/file.php

@@ -37,9 +37,9 @@ class file extends \phpbb\cache\driver\base
 		$this->cache_dir = !is_null($cache_dir) ? $cache_dir : $phpbb_container->getParameter('core.cache_dir');
 		$this->filesystem = new \phpbb\filesystem\filesystem();
 
-		if (!is_dir($this->cache_dir))
+		if ($this->filesystem->is_writable(dirname($this->cache_dir)) && !is_dir($this->cache_dir))
 		{
-			@mkdir($this->cache_dir, 0777, true);
+			mkdir($this->cache_dir, 0777, true);
 		}
 	}
 

phpBB/phpbb/captcha/plugins/recaptcha.php

@@ -15,18 +15,13 @@ namespace phpbb\captcha\plugins;
 
 class recaptcha extends captcha_abstract
 {
-	var $recaptcha_server = 'http://www.google.com/recaptcha/api';
-	var $recaptcha_server_secure = 'https://www.google.com/recaptcha/api'; // class constants :(
-
-	var $response;
+	private $response;
 
 	/**
 	* Constructor
 	*/
 	public function __construct()
 	{
-		global $request;
-		$this->recaptcha_server = $request->is_secure() ? $this->recaptcha_server_secure : $this->recaptcha_server;
 	}
 
 	function init($type)
@@ -94,6 +89,12 @@ class recaptcha extends captcha_abstract
 				}
 			}
 
+			$recaptcha_domain = $request->variable('recaptcha_v2_domain', '', true);
+			if (in_array($recaptcha_domain, recaptcha_v3::$supported_domains))
+			{
+				$config->set('recaptcha_v2_domain', $recaptcha_domain);
+			}
+
 			$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_CONFIG_VISUAL');
 			trigger_error($user->lang['CONFIG_UPDATED'] . adm_back_link($module->u_action));
 		}
@@ -110,9 +111,11 @@ class recaptcha extends captcha_abstract
 			}
 
 			$template->assign_vars(array(
-				'CAPTCHA_PREVIEW'	=> $this->get_demo_template($id),
-				'CAPTCHA_NAME'		=> $this->get_service_name(),
-				'U_ACTION'			=> $module->u_action,
+				'CAPTCHA_PREVIEW'		=> $this->get_demo_template($id),
+				'CAPTCHA_NAME'			=> $this->get_service_name(),
+				'RECAPTCHA_V2_DOMAIN'	=> $config['recaptcha_v2_domain'] ?? recaptcha_v3::GOOGLE,
+				'RECAPTCHA_V2_DOMAINS'	=> recaptcha_v3::$supported_domains,
+				'U_ACTION'				=> $module->u_action,
 			));
 
 		}
@@ -140,9 +143,10 @@ class recaptcha extends captcha_abstract
 		{
 			$contact_link = phpbb_get_board_contact_link($config, $phpbb_root_path, $phpEx);
 			$explain = $user->lang(($this->type != CONFIRM_POST) ? 'CONFIRM_EXPLAIN' : 'POST_CONFIRM_EXPLAIN', '<a href="' . $contact_link . '">', '</a>');
+			$domain = $config['recaptcha_v2_domain'] ?? recaptcha_v3::GOOGLE;
 
 			$template->assign_vars(array(
-				'RECAPTCHA_SERVER'			=> $this->recaptcha_server,
+				'RECAPTCHA_SERVER'			=> sprintf('//%1$s/recaptcha/api', $domain),
 				'RECAPTCHA_PUBKEY'			=> isset($config['recaptcha_pubkey']) ? $config['recaptcha_pubkey'] : '',
 				'S_RECAPTCHA_AVAILABLE'		=> self::is_available(),
 				'S_CONFIRM_CODE'			=> true,

phpBB/phpbb/captcha/plugins/recaptcha_v3.php

@@ -30,6 +30,14 @@ class recaptcha_v3 extends captcha_abstract
 	 */
 	const GOOGLE		= 'google.com';
 	const RECAPTCHA		= 'recaptcha.net';
+	const RECAPTCHA_CN	= 'recaptcha.google.cn';
+
+	/** @var string[] List of supported domains */
+	static public $supported_domains = [
+		self::GOOGLE,
+		self::RECAPTCHA,
+		self::RECAPTCHA_CN
+	];
 
 	/** @var array CAPTCHA types mapped to their action */
 	static protected $actions = [
@@ -180,9 +188,14 @@ class recaptcha_v3 extends captcha_abstract
 				trigger_error($language->lang('EMPTY_RECAPTCHA_V3_REQUEST_METHOD') . adm_back_link($module->u_action), E_USER_WARNING);
 			}
 
+			$recaptcha_domain = $request->variable('recaptcha_v3_domain', '', true);
+			if (in_array($recaptcha_domain, self::$supported_domains))
+			{
+				$config->set('recaptcha_v3_domain', $recaptcha_domain);
+			}
+
 			$config->set('recaptcha_v3_key', $request->variable('recaptcha_v3_key', '', true));
 			$config->set('recaptcha_v3_secret', $request->variable('recaptcha_v3_secret', '', true));
-			$config->set('recaptcha_v3_domain', $request->variable('recaptcha_v3_domain', '', true));
 			$config->set('recaptcha_v3_method', $recaptcha_v3_method);
 
 			foreach (self::$actions as $action)
@@ -211,7 +224,7 @@ class recaptcha_v3 extends captcha_abstract
 			'RECAPTCHA_V3_SECRET'		=> $config['recaptcha_v3_secret'] ?? '',
 
 			'RECAPTCHA_V3_DOMAIN'		=> $config['recaptcha_v3_domain'] ?? self::GOOGLE,
-			'RECAPTCHA_V3_DOMAINS'		=> [self::GOOGLE, self::RECAPTCHA],
+			'RECAPTCHA_V3_DOMAINS'		=> self::$supported_domains,
 
 			'RECAPTCHA_V3_METHOD'		=> $config['recaptcha_v3_method'] ?? '',
 			'RECAPTCHA_V3_METHODS'		=> [

phpBB/phpbb/config/config.php

@@ -50,6 +50,7 @@ class config implements \ArrayAccess, \IteratorAggregate, \Countable
 	* @param  string $key The configuration option's name.
 	* @return bool        Whether the configuration option exists.
 	*/
+	#[\ReturnTypeWillChange]
 	public function offsetExists($key)
 	{
 		return isset($this->config[$key]);
@@ -61,6 +62,7 @@ class config implements \ArrayAccess, \IteratorAggregate, \Countable
 	* @param  string $key The configuration option's name.
 	* @return string      The configuration value
 	*/
+	#[\ReturnTypeWillChange]
 	public function offsetGet($key)
 	{
 		return (isset($this->config[$key])) ? $this->config[$key] : '';
@@ -75,6 +77,7 @@ class config implements \ArrayAccess, \IteratorAggregate, \Countable
 	* @param string $key   The configuration option's name.
 	* @param string $value The temporary value.
 	*/
+	#[\ReturnTypeWillChange]
 	public function offsetSet($key, $value)
 	{
 		$this->config[$key] = $value;
@@ -85,6 +88,7 @@ class config implements \ArrayAccess, \IteratorAggregate, \Countable
 	*
 	* @param string $key The configuration option's name.
 	*/
+	#[\ReturnTypeWillChange]
 	public function offsetUnset($key)
 	{
 		trigger_error('Config values have to be deleted explicitly with the \phpbb\config\config::delete($key) method.', E_USER_ERROR);

phpBB/phpbb/console/command/user/add.php

@@ -290,18 +290,17 @@ class add extends command
 		{
 			case USER_ACTIVATION_SELF:
 				$email_template = 'user_welcome_inactive';
-				$user_actkey = gen_rand_string(mt_rand(6, 10));
 			break;
 			case USER_ACTIVATION_ADMIN:
 				$email_template = 'admin_welcome_inactive';
-				$user_actkey = gen_rand_string(mt_rand(6, 10));
 			break;
 			default:
 				$email_template = 'user_welcome';
-				$user_actkey = '';
 			break;
 		}
 
+		$user_actkey = $this->get_activation_key($user_id);
+
 		if (!class_exists('messenger'))
 		{
 			require($this->phpbb_root_path . 'includes/functions_messenger.' . $this->php_ext);
@@ -321,6 +320,35 @@ class add extends command
 		$messenger->send(NOTIFY_EMAIL);
 	}
 
+	/**
+	 * Get user activation key
+	 *
+	 * @param int $user_id User ID
+	 *
+	 * @return string User activation key for user
+	 */
+	protected function get_activation_key(int $user_id): string
+	{
+		$user_actkey = '';
+
+		if ($this->config['require_activation'] == USER_ACTIVATION_SELF || $this->config['require_activation'] == USER_ACTIVATION_ADMIN)
+		{
+			$user_actkey = gen_rand_string(mt_rand(6, 10));
+
+			$sql_ary = [
+				'user_actkey'				=> $user_actkey,
+				'user_actkey_expiration'	=> \phpbb\user::get_token_expiration(),
+			];
+
+			$sql = 'UPDATE ' . USERS_TABLE . '
+				SET ' . $this->db->sql_build_array('UPDATE', $sql_ary) . '
+				WHERE user_id = ' . (int) $user_id;
+			$this->db->sql_query($sql);
+		}
+
+		return $user_actkey;
+	}
+
 	/**
 	 * Helper to translate questions to the user
 	 *

phpBB/phpbb/content_visibility.php

@@ -501,11 +501,15 @@ class content_visibility
 			$postcounts[$num_posts][] = $poster_id;
 		}
 
+		$postcount_change = 0;
+
 		// Update users postcounts
 		foreach ($postcounts as $num_posts => $poster_ids)
 		{
 			if (in_array($visibility, array(ITEM_REAPPROVE, ITEM_DELETED)))
 			{
+				$postcount_change -= $num_posts;
+
 				$sql = 'UPDATE ' . $this->users_table . '
 					SET user_posts = 0
 					WHERE ' . $this->db->sql_in_set('user_id', $poster_ids) . '
@@ -520,6 +524,8 @@ class content_visibility
 			}
 			else
 			{
+				$postcount_change += $num_posts;
+
 				$sql = 'UPDATE ' . $this->users_table . '
 					SET user_posts = user_posts + ' . $num_posts . '
 					WHERE ' . $this->db->sql_in_set('user_id', $poster_ids);
@@ -527,6 +533,11 @@ class content_visibility
 			}
 		}
 
+		if ($postcount_change != 0)
+		{
+			$this->config->increment('num_posts', $postcount_change, false);
+		}
+
 		$update_topic_postcount = true;
 
 		// Sync the first/last topic information if needed

phpBB/phpbb/cron/event/cron_runner_listener.php

@@ -85,9 +85,8 @@ class cron_runner_listener implements EventSubscriberInterface
 				{
 					$task->run();
 				}
-
-				$this->cron_lock->release();
 			}
+			$this->cron_lock->release();
 		}
 	}
 

phpBB/phpbb/datetime.php

@@ -57,6 +57,7 @@ class datetime extends \DateTime
 	* @param boolean $force_absolute Force output of a non relative date
 	* @return string Formatted date time
 	*/
+	#[\ReturnTypeWillChange]
 	public function format($format = '', $force_absolute = false)
 	{
 		$format		= $format ? $format : $this->user->date_format;