[prep-release-3.3.11] Update changelog for 3.3.11

[ticket/security-132] Limit maximum number of captcha attempts at register

.devcontainer/Dockerfile

@@ -0,0 +1,20 @@
+# Debian version
+ARG VARIANT="buster"
+FROM mcr.microsoft.com/vscode/devcontainers/base:0-${VARIANT}
+
+# Install PHP
+RUN apt-get -y update
+RUN apt-get -y install php php-xml php-mbstring php-curl php-zip php-xdebug
+
+# Install Composer
+RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer
+
+# Install MySQL
+RUN apt-get -y install mysql-server php-mysql
+
+# Xdebug
+ADD resources/xdebug.ini /etc/php/8.1/apache2/conf.d/xdebug.ini
+
+# Configure Apache
+RUN echo "Listen 8080" >> /etc/apache2/ports.conf && \
+    a2enmod rewrite

.devcontainer/devcontainer.json

@@ -0,0 +1,37 @@
+// For format details, see https://aka.ms/devcontainer.json. For config options, see the README at:
+// https://github.com/microsoft/vscode-dev-containers/tree/v0.238.1/containers/ubuntu
+{
+	"name": "Ubuntu",
+	"build": {
+		"dockerfile": "Dockerfile",
+		// Update 'VARIANT' to pick an Ubuntu version: jammy / ubuntu-22.04, focal / ubuntu-20.04, bionic /ubuntu-18.04
+		// Use ubuntu-22.04 or ubuntu-18.04 on local arm64/Apple Silicon.
+		"args": { "VARIANT": "ubuntu-22.04" }
+	},
+
+	// Configure tool-specific properties.
+	"customizations": {
+		// Configure properties specific to VS Code.
+		"vscode": {
+			"settings": {
+				// Allow Xdebug to listen to requests from remote (or container)
+				"remote.localPortHost": "allInterfaces"
+			},
+			//"devPort": {},
+			// Specify which VS Code extensions to install (List of IDs)
+			"extensions": ["xdebug.php-debug"]
+			}
+		},
+
+	// Use 'forwardPorts' to make a list of ports inside the container available locally.
+	"forwardPorts": [80, 9003],
+
+	// Use 'postCreateCommand' to run commands after the container is created.
+	"postStartCommand": "bash .devcontainer/resources/setup.sh",
+
+	// Comment out to connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root.
+	"remoteUser": "vscode",
+	"features": {
+		"github-cli": "latest"
+	}
+}

.devcontainer/resources/phpbb-config.yml

@@ -0,0 +1,38 @@
+installer:
+    admin:
+        name: admin
+        password: adminadmin
+        email: admin@example.org
+
+    board:
+        lang: en
+        name: My Board
+        description: My amazing new phpBB board
+
+    database:
+        dbms: mysqli
+        dbhost: 127.0.0.1
+        dbport: 3306
+        dbuser: phpbb
+        dbpasswd: phpbb
+        dbname: phpbb
+        table_prefix: phpbb_
+
+    email:
+        enabled: false
+        smtp_delivery : ~
+        smtp_host: ~
+        smtp_port: ~
+        smtp_auth: ~
+        smtp_user: ~
+        smtp_pass: ~
+
+    server:
+        cookie_secure: false
+        server_protocol: http://
+        force_server_vars: false
+        server_name: localhost
+        server_port: 80
+        script_path: /
+
+    extensions: []

.devcontainer/resources/setup.sh

@@ -0,0 +1,44 @@
+# setup.sh
+# Commands to install and configure phpBB
+
+# Start MySQL
+echo "[Codespaces] Start MySQL"
+sudo service mysql start
+
+# Start Apache
+echo "[Codespaces] Start Apache"
+sudo service apache2 start
+
+# Add SSH key
+echo "[Codespaces] Add SSH key"
+echo "$SSH_KEY" > /home/vscode/.ssh/id_rsa && chmod 600 /home/vscode/.ssh/id_rsa
+
+# Create a MySQL user to use
+echo "[Codespaces] Create MySQL user"
+sudo mysql -u root<<EOFMYSQL
+    CREATE USER 'phpbb'@'localhost' IDENTIFIED BY 'phpbb';
+    GRANT ALL PRIVILEGES ON *.* TO 'phpbb'@'localhost' WITH GRANT OPTION;
+    CREATE DATABASE IF NOT EXISTS phpbb;
+EOFMYSQL
+
+# Download dependencies
+echo "[Codespaces] Install Composer dependencies"
+composer install --no-interaction
+
+# Symlink the webroot so it can be viewed
+echo "[Codespaces] Create Symlink of webroot"
+sudo rm -rf /var/www/html
+sudo ln -s /workspaces/phpbb/phpBB /var/www/html
+
+# Copy phpBB config
+echo "[Codespaces] Copy phpBB configuration"
+cp /workspaces/phpbb/.devcontainer/resources/phpbb-config.yml /workspaces/phpbb/phpBB/install/install-config.yml
+
+# Install phpBB
+echo "[Codespaces] Run phpBB CLI installation"
+cd /workspaces/phpbb/phpBB && composer install --no-interaction
+sudo php /workspaces/phpbb/phpBB/install/phpbbcli.php install /workspaces/phpbb/phpBB/install/install-config.yml
+rm -rf /workspaces/phpbb/phpBB/install
+
+# Finished
+echo "[Codespaces] phpBB installation completed"

.devcontainer/resources/xdebug.ini

@@ -0,0 +1,10 @@
+zend_extension=xdebug.so
+
+[xdebug]
+xdebug.mode=develop,debug
+xdebug.discover_client_host=1
+xdebug.client_port=9003
+xdebug.start_with_request=yes
+xdebug.log='/var/log/xdebug/xdebug.log'
+xdebug.connect_timeout_ms=2000
+xdebug.idekey=VSCODE

.github/PULL_REQUEST_TEMPLATE.md

@@ -5,6 +5,6 @@ Checklist:
 - [ ] Code follows coding guidelines: [master](https://area51.phpbb.com/docs/master/coding-guidelines.html) and [3.3.x](https://area51.phpbb.com/docs/dev/3.3.x/development/coding_guidelines.html)
 - [ ] Commit follows commit message [format](https://area51.phpbb.com/docs/dev/3.3.x/development/git.html)
 
-Tracker ticket (set the ticket ID to **your ticket ID**):
+Tracker ticket:
 
 https://tracker.phpbb.com/browse/PHPBB3-12345

.github/setup-phpbb.sh

@@ -31,6 +31,6 @@ php ../composer.phar install --dev --no-interaction
 if [[ "$PHP_VERSION" =~ ^nightly$ || "$PHP_VERSION" =~ ^8 ]]
 then
 	php ../composer.phar remove phpunit/dbunit --dev --update-with-dependencies \
-	&& php ../composer.phar require symfony/yaml:~4.4 misantron/dbunit:~5.0 phpunit/phpunit:^9.3 --dev --update-with-all-dependencies --ignore-platform-reqs
+	&& php ../composer.phar require symfony/yaml:~4.4 misantron/dbunit:~5.0 phpunit/phpunit:^9.3 doctrine/instantiator:^1.4 --dev --update-with-all-dependencies --ignore-platform-reqs
 fi
 cd ..

.github/workflows/tests.yml

@@ -17,7 +17,7 @@ on:
 jobs:
     # Basic checks, e.g. parse errors, commit messages, etc.
     basic-checks:
-        runs-on: ubuntu-18.04
+        runs-on: ubuntu-20.04
         strategy:
             matrix:
                 include:
@@ -29,7 +29,7 @@ jobs:
 
         steps:
             - name: Checkout repository
-              uses: actions/checkout@v2
+              uses: actions/checkout@v3
               with:
                   fetch-depth: 100
 
@@ -46,12 +46,12 @@ jobs:
                   PHP_VERSION: ${{ matrix.php }}
               run: |
                   cd phpBB
-                  echo "::set-output name=dir::$(composer config cache-files-dir)"
-                  echo "::set-output name=version::${PHP_VERSION%.*}"
+                  echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
+                  echo "version=${PHP_VERSION%.*}" >> $GITHUB_OUTPUT
                   cd ..
 
             - name: Cache Composer dependencies
-              uses: actions/cache@v2
+              uses: actions/cache@v3
               with:
                   path: ${{ steps.composer-cache.outputs.dir }}
                   key: composer-${{ steps.composer-cache.outputs.version }}-${{ hashFiles('phpBB/composer.lock') }}
@@ -88,32 +88,30 @@ jobs:
 
     # Tests for MySQL and MariaDB
     mysql-tests:
-        runs-on: ubuntu-18.04
+        runs-on: ubuntu-20.04
         strategy:
             matrix:
                 include:
-                    - php: '7.1'
+                    - php: '7.2'
                       db: "mariadb:10.1"
-                    - php: '7.1'
+                    - php: '7.2'
                       db: "mariadb:10.2"
-                    - php: '7.1'
+                    - php: '7.2'
                       db: "mariadb:10.3"
-                    - php: '7.1'
+                    - php: '7.2'
                       db: "mariadb:10.4"
-                    - php: '7.1'
+                    - php: '7.2'
                       db: "mariadb:10.5"
-                    - php: '7.1'
+                    - php: '7.2'
                       db: "mysql:5.6"
                       db_alias: "MySQL Slow Tests"
                       SLOWTESTS: 1
-                    - php: '7.1'
+                    - php: '7.2'
                       db: "mysql:5.6"
                       db_alias: "MyISAM Tests"
                       MYISAM: 1
-                    - php: '7.1'
+                    - php: '7.2'
                       db: "mysql:5.6"
-                    - php: '7.1'
-                      db: "mysql:5.7"
                     - php: '7.2'
                       db: "mysql:5.7"
                     - php: '7.3'
@@ -157,14 +155,14 @@ jobs:
 
         steps:
             - name: Checkout repository
-              uses: actions/checkout@v2
+              uses: actions/checkout@v3
 
             - id: database-type
               env:
                   MATRIX_DB: ${{ matrix.db }}
               run: |
                   db=$(echo "${MATRIX_DB%%:*}")
-                  echo "::set-output name=db::$db"
+                  echo "db=$db" >> $GITHUB_OUTPUT
 
             - name: Setup PHP
               uses: shivammathur/setup-php@v2
@@ -179,12 +177,12 @@ jobs:
                   PHP_VERSION: ${{ matrix.php }}
               run: |
                   cd phpBB
-                  echo "::set-output name=dir::$(composer config cache-files-dir)"
-                  echo "::set-output name=version::${PHP_VERSION%.*}"
+                  echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
+                  echo "version=${PHP_VERSION%.*}" >> $GITHUB_OUTPUT
                   cd ..
 
             - name: Cache Composer dependencies
-              uses: actions/cache@v2
+              uses: actions/cache@v3
               with:
                   path: ${{ steps.composer-cache.outputs.dir }}
                   key: composer-${{ steps.composer-cache.outputs.version }}-${{ hashFiles('phpBB/composer.lock') }}
@@ -229,22 +227,22 @@ jobs:
 
     # Tests for PostgreSQL
     postgres-tests:
-        runs-on: ubuntu-18.04
+        runs-on: ubuntu-20.04
         strategy:
             matrix:
                 include:
-                    - php: '7.1'
+                    - php: '7.2'
+                      db: "postgres:9.3"
+                    - php: '7.2'
                       db: "postgres:9.5"
-                    - php: '7.1'
+                    - php: '7.2'
                       db: "postgres:9.6"
-                    - php: '7.1'
+                    - php: '7.2'
                       db: "postgres:10"
-                    - php: '7.1'
+                    - php: '7.2'
                       db: "postgres:11"
-                    - php: '7.1'
+                    - php: '7.2'
                       db: "postgres:12"
-                    - php: '7.1'
-                      db: "postgres:13"
                     - php: '7.2'
                       db: "postgres:13"
                     - php: '7.3'
@@ -264,7 +262,7 @@ jobs:
 
         services:
             postgres:
-                image: ${{ matrix.db != 'postgres:9.5' && matrix.db != 'postgres:9.6' && matrix.db != 'postgres:10' && matrix.db != 'postgres:11' && matrix.db != 'postgres:12' && matrix.db != 'postgres:13' && 'postgres:10' || matrix.db }}
+                image: ${{ matrix.db != 'postgres:9.3' && matrix.db != 'postgres:9.5' && matrix.db != 'postgres:9.6' && matrix.db != 'postgres:10' && matrix.db != 'postgres:11' && matrix.db != 'postgres:12' && matrix.db != 'postgres:13' && 'postgres:10' || matrix.db }}
                 env:
                     POSTGRES_HOST: localhost
                     POSTGRES_USER: postgres
@@ -290,14 +288,14 @@ jobs:
 
         steps:
             - name: Checkout repository
-              uses: actions/checkout@v2
+              uses: actions/checkout@v3
 
             - id: database-type
               env:
                   MATRIX_DB: ${{ matrix.db }}
               run: |
                   db=$(echo "${MATRIX_DB%%:*}")
-                  echo "::set-output name=db::$db"
+                  echo "db=$db" >> $GITHUB_OUTPUT
 
             - name: Setup PHP
               uses: shivammathur/setup-php@v2
@@ -312,12 +310,12 @@ jobs:
                   PHP_VERSION: ${{ matrix.php }}
               run: |
                   cd phpBB
-                  echo "::set-output name=dir::$(composer config cache-files-dir)"
-                  echo "::set-output name=version::${PHP_VERSION%.*}"
+                  echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
+                  echo "version=${PHP_VERSION%.*}" >> $GITHUB_OUTPUT
                   cd ..
 
             - name: Cache Composer dependencies
-              uses: actions/cache@v2
+              uses: actions/cache@v3
               with:
                   path: ${{ steps.composer-cache.outputs.dir }}
                   key: composer-${{ steps.composer-cache.outputs.version }}-${{ hashFiles('phpBB/composer.lock') }}
@@ -345,11 +343,11 @@ jobs:
 
     # Other database types, namely sqlite3 and mssql
     other-tests:
-        runs-on: ubuntu-18.04
+        runs-on: ubuntu-20.04
         strategy:
             matrix:
                 include:
-                    - php: '7.1'
+                    - php: '7.2'
                       db: "sqlite3"
                     - php: '7.2'
                       db: "mcr.microsoft.com/mssql/server:2017-latest"
@@ -388,7 +386,7 @@ jobs:
 
         steps:
             - name: Checkout repository
-              uses: actions/checkout@v2
+              uses: actions/checkout@v3
 
             - id: database-type
               env:
@@ -400,7 +398,7 @@ jobs:
                   else
                       db=$(echo "${MATRIX_DB%%:*}")
                   fi
-                  echo "::set-output name=db::$db"
+                  echo "db=$db" >> $GITHUB_OUTPUT
 
             - name: Setup PHP
               uses: shivammathur/setup-php@v2
@@ -415,12 +413,12 @@ jobs:
                   PHP_VERSION: ${{ matrix.php }}
               run: |
                   cd phpBB
-                  echo "::set-output name=dir::$(composer config cache-files-dir)"
-                  echo "::set-output name=version::${PHP_VERSION%.*}"
+                  echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
+                  echo "version=${PHP_VERSION%.*}" >> $GITHUB_OUTPUT
                   cd ..
 
             - name: Cache Composer dependencies
-              uses: actions/cache@v2
+              uses: actions/cache@v3
               with:
                   path: ${{ steps.composer-cache.outputs.dir }}
                   key: composer-${{ steps.composer-cache.outputs.version }}-${{ hashFiles('phpBB/composer.lock') }}
@@ -485,7 +483,7 @@ jobs:
                   git config --system core.autocrlf false
                   git config --system core.eol lf
             - name: Checkout repository
-              uses: actions/checkout@v2
+              uses: actions/checkout@v3
 
             - name: Setup PHP
               uses: shivammathur/setup-php@v2
@@ -499,13 +497,13 @@ jobs:
               id: composer-cache
               run: |
                   cd phpBB
-                  echo "::set-output name=dir::$(composer config cache-files-dir)"
+                  echo "dir=$(composer config cache-files-dir)" >> $env:GITHUB_OUTPUT
                   $major_version="${{ matrix.php }}".substring(0,1)
-                  echo "::set-output name=version::$major_version"
+                  echo "version=$major_version" >> $env:GITHUB_OUTPUT
                   cd ..
 
             - name: Cache Composer dependencies
-              uses: actions/cache@v2
+              uses: actions/cache@v3
               with:
                   path: ${{ steps.composer-cache.outputs.dir }}
                   key: composer-${{ steps.composer-cache.outputs.version }}-${{ hashFiles('phpBB/composer.lock') }}
@@ -548,7 +546,7 @@ jobs:
                   cd ${env:GITHUB_WORKSPACE}\phpBB
                   php ..\composer.phar install
                   php ..\composer.phar remove phpunit/dbunit --dev --update-with-dependencies
-                  php ..\composer.phar require symfony/yaml:~4.4 misantron/dbunit:~5.0 phpunit/phpunit:^9.3 --dev --update-with-all-dependencies --ignore-platform-reqs
+                  php ..\composer.phar require symfony/yaml:~4.4 misantron/dbunit:~5.0 phpunit/phpunit:^9.3 doctrine/instantiator:^1.4 --dev --update-with-all-dependencies --ignore-platform-reqs
                   cd ..
             - name: Setup database
               run: |

.vscode/launch.json

@@ -0,0 +1,18 @@
+{
+    // Use IntelliSense to learn about possible attributes.
+    // Hover to view descriptions of existing attributes.
+    // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
+    "version": "0.2.0",
+    "configurations": [
+        {
+            "name": "Debug phpBB",
+            "type": "php",
+            "request": "launch",
+            "port": 9003,
+            "pathMappings": {
+                "/var/www/html": "${workspaceRoot}/phpBB/"
+            },
+            "log": true
+        }
+    ]
+}

.vscode/settings.json

@@ -0,0 +1,3 @@
+{
+    "php.debug.ideKey": "VSCODE"
+}

README.md

@@ -27,7 +27,10 @@ To run an installation from the repo (and not from a pre-built package) on a loc
   php ../composer.phar install
   ```
 
-Alternatively, you can read our [Vagrant documentation](phpBB/docs/vagrant.md) to find out how to use Vagrant to develop and contribute to phpBB.
+Alternatively, you can read:
+
+* Our [Vagrant documentation](phpBB/docs/vagrant.md) to find out how to use Vagrant to develop and contribute to phpBB.
+* Our [GitHub Codespaces documentation](phpBB/docs/codespaces.md) to learn about phpBB's cloud-based development environment.
 
 ## 📓 Documentation
 

build/build.xml

@@ -2,9 +2,9 @@
 
 <project name="phpBB" description="The phpBB forum software" default="all" basedir="../">
 	<!-- a few settings for the build -->
-	<property name="newversion" value="3.3.8" />
-	<property name="prevversion" value="3.3.7" />
-	<property name="olderversions" value="3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.7-pl1, 3.1.8, 3.1.9, 3.1.10, 3.1.11, 3.1.12, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.2.6, 3.2.7, 3.2.8, 3.2.9, 3.2.10, 3.2.11, 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.3.4, 3.3.5, 3.3.6, 3.3.8-RC1" />
+	<property name="newversion" value="3.3.11" />
+	<property name="prevversion" value="3.3.10" />
+	<property name="olderversions" value="3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.7-pl1, 3.1.8, 3.1.9, 3.1.10, 3.1.11, 3.1.12, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.2.6, 3.2.7, 3.2.8, 3.2.9, 3.2.10, 3.2.11, 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.3.4, 3.3.5, 3.3.6, 3.3.7, 3.3.8, 3.3.9" />
 	<!-- no configuration should be needed beyond this point -->
 
 	<property name="oldversions" value="${olderversions}, ${prevversion}" />
@@ -362,6 +362,8 @@
 		<chmod mode="0777" file="${dir}/store" />
 		<chmod mode="0777" file="${dir}/files" />
 		<chmod mode="0777" file="${dir}/images/avatars/upload" />
+		<!-- set permissions of executable scripts to 755 -->
+		<chmod mode="0755" file="${dir}/bin/phpbbcli.php" />
 	</target>
 
 	<target name="clean-vendor-dir">

phpBB/adm/style/acp_search.html

@@ -78,28 +78,31 @@
 
 <!-- ELSEIF S_INDEX -->
 
-	<script>
-	// <![CDATA[
-		/**
-		* Popup search progress bar
-		*/
-		function popup_progress_bar(progress_type)
-		{
-			close_waitscreen = 0;
-			// no scrollbars
-			popup('{UA_PROGRESS_BAR}&amp;type=' + progress_type, 400, 240, '_index');
-		}
-	// ]]>
-	</script>
-
 	<h1>{L_ACP_SEARCH_INDEX}</h1>
 
 	<!-- IF S_CONTINUE_INDEXING -->
-		<p>{L_CONTINUE_EXPLAIN}</p>
+		<p>
+			{% if S_CONTINUE_INDEXING == 'create' %}
+				{{ lang('CONTINUE_INDEXING_EXPLAIN') }}
+			{% else %}
+				{{ lang('CONTINUE_DELETING_INDEX_EXPLAIN') }}
+			{% endif %}
+		</p>
 
 		<form id="acp_search_continue" method="post" action="{U_CONTINUE_INDEXING}">
 			<fieldset>
-				<legend>{L_ACP_SUBMIT_CHANGES}</legend>
+				<legend>{{ lang('CONTINUE_INDEXING') }}</legend>
+				{% if CONTINUE_PROGRESS %}
+					<div class="centered-text">
+						<br>
+						<progress
+							value="{{ CONTINUE_PROGRESS.VALUE }}"
+							max="{{ CONTINUE_PROGRESS.TOTAL }}"
+							style="height: 2em; width: 20em;"></progress><br>
+						{{ CONTINUE_PROGRESS.PERCENTAGE|number_format(2) ~ ' %' }}<br>
+						{{ lang('SEARCH_INDEX_PROGRESS', CONTINUE_PROGRESS.VALUE, CONTINUE_PROGRESS.REMAINING, CONTINUE_PROGRESS.TOTAL) }}
+					</div>
+				{% endif %}
 				<p class="submit-buttons">
 					<input class="button1" type="submit" id="submit" name="submit" value="{L_SUBMIT}" />&nbsp;
 					<input class="button2" type="submit" id="cancel" name="cancel" value="{L_CANCEL}" />
@@ -151,10 +154,10 @@
 			<p class="quick">
 			<!-- IF backend.S_INDEXED -->
 				<input type="hidden" name="action" value="delete" />
-				<input class="button2" type="submit" value="{L_DELETE_INDEX}" onclick="popup_progress_bar('delete');" />
+				<input class="button2" type="submit" name="submit" value="{{ lang('DELETE_INDEX') }}" />
 			<!-- ELSE -->
 				<input type="hidden" name="action" value="create" />
-				<input class="button2" type="submit" value="{L_CREATE_INDEX}" onclick="popup_progress_bar('create');" />
+				<input class="button2" type="submit" name="submit" value="{{ lang('CREATE_INDEX') }}" />
 			<!-- ENDIF -->
 			</p>
 			{S_FORM_TOKEN}
@@ -165,6 +168,24 @@
 
 	<!-- ENDIF -->
 
+<!-- ELSEIF S_INDEX_PROGRESS -->
+	<div class="successbox">
+		<h3>{{ INDEXING_TITLE }}</h3>
+		<p>
+			{{ INDEXING_EXPLAIN }}
+			{% if INDEXING_PROGRESS %}<br>{{ INDEXING_PROGRESS }}{% endif %}
+			{% if INDEXING_RATE %}<br>{{ INDEXING_RATE }}{% endif %}
+			{% if INDEXING_PROGRESS_BAR %}
+				<br>
+				<progress
+					value="{{ INDEXING_PROGRESS_BAR.VALUE }}"
+					max="{{ INDEXING_PROGRESS_BAR.TOTAL }}"
+					style="height: 2em; width: 20em;"></progress><br>
+				{{ INDEXING_PROGRESS_BAR.PERCENTAGE|number_format(2) ~ ' %' }}<br>
+				{{ lang('SEARCH_INDEX_PROGRESS', INDEXING_PROGRESS_BAR.VALUE, INDEXING_PROGRESS_BAR.REMAINING, INDEXING_PROGRESS_BAR.TOTAL) }}
+			{% endif %}
+		</p>
+	</div>
 <!-- ENDIF -->
 
 <!-- INCLUDE overall_footer.html -->

phpBB/adm/style/acp_users.html

@@ -137,9 +137,13 @@
 				<td><a href="{group.U_EDIT_GROUP}">{group.GROUP_NAME}</a></td>
 				<td><!-- IF group.S_IS_MEMBER --><!-- IF group.S_NO_DEFAULT --><a href="{group.U_DEFAULT}">{L_GROUP_DEFAULT}</a><!-- ELSE --><strong>{L_GROUP_DEFAULT}</strong><!-- ENDIF --><!-- ELSEIF not group.S_IS_MEMBER and group.U_APPROVE --><a href="{group.U_APPROVE}">{L_GROUP_APPROVE}</a><!-- ELSE -->&nbsp;<!-- ENDIF --></td>
 				<td><!-- IF group.S_IS_MEMBER and not group.S_SPECIAL_GROUP --><a href="{group.U_DEMOTE_PROMOTE}">{group.L_DEMOTE_PROMOTE}</a><!-- ELSE -->&nbsp;<!-- ENDIF --></td>
-				<td><a href="{group.U_DELETE}">{L_GROUP_DELETE}</a></td>
+				<td>{% if group.U_DELETE %}<a href="{{ group.U_DELETE }}">{{ lang('GROUP_DELETE') }}</a>{% endif %}</td>
 			</tr>
 		<!-- ENDIF -->
+	<!-- BEGINELSE -->
+		<tr>
+			<td class="row3 centered-text" colspan="4">{{ lang('NO_GROUP') }}</td>
+		</tr>
 	<!-- END group -->
 	</tbody>
 	</table>

phpBB/adm/style/acp_users_warnings.html

@@ -14,7 +14,7 @@
 	<!-- BEGIN warn -->
 		<tr>
 			<td>{warn.USERNAME}</td>
-			<td style="text-align: center; nowrap: nowrap;">{warn.DATE}</td>
+			<td style="text-align: center; white-space: nowrap;">{warn.DATE}</td>
 			<td>{warn.ACTION}</td>
 			<td style="text-align: center;"><input type="checkbox" class="radio" name="mark[]" value="{warn.ID}" /></td>
 		</tr>

phpBB/adm/style/captcha_recaptcha_acp.html

@@ -21,6 +21,20 @@
 	<dd><input id="recaptcha_privkey" name="recaptcha_privkey" value="{RECAPTCHA_PRIVKEY}" size="50" type="text" /></dd>
 </dl>
 
+<dl>
+	<dt>
+		<label>{{ lang('RECAPTCHA_V3_DOMAIN') ~ lang('COLON') }}</label>
+		<br><span>{{ lang('RECAPTCHA_V3_DOMAIN_EXPLAIN') }}</span>
+	</dt>
+	<dd>
+		{% for domain in RECAPTCHA_V2_DOMAINS %}
+		<label>
+			<input class="radio" name="recaptcha_v2_domain" type="radio" value="{{ domain }}"{{ domain == RECAPTCHA_V2_DOMAIN ? ' checked' }}>
+			<span>{{ domain }}</span>
+		</label>
+		{% endfor %}
+	</dd>
+</dl>
 
 </fieldset>
 <fieldset>

phpBB/adm/style/overall_footer.html

@@ -42,5 +42,7 @@
 <!-- EVENT acp_overall_footer_after -->
 {$SCRIPTS}
 
+{% EVENT acp_overall_footer_body_after %}
+
 </body>
 </html>

phpBB/adm/style/simple_footer.html

@@ -23,5 +23,7 @@
 <!-- EVENT acp_simple_footer_after -->
 {$SCRIPTS}
 
+{% EVENT acp_simple_footer_body_after %}
+
 </body>
 </html>

phpBB/common.php

@@ -12,7 +12,7 @@
 */
 
 /**
-* Minimum Requirement: PHP 7.1.3
+* Minimum Requirement: PHP 7.2.0
 */
 
 if (!defined('IN_PHPBB'))
@@ -51,10 +51,10 @@ if (!defined('PHPBB_INSTALLED'))
 		$server_port = 443;
 	}
 
-	$script_name = (!empty($_SERVER['PHP_SELF'])) ? $_SERVER['PHP_SELF'] : getenv('PHP_SELF');
+	$script_name = (!empty($_SERVER['REQUEST_URI'])) ? $_SERVER['REQUEST_URI'] : getenv('REQUEST_URI');
 	if (!$script_name)
 	{
-		$script_name = (!empty($_SERVER['REQUEST_URI'])) ? $_SERVER['REQUEST_URI'] : getenv('REQUEST_URI');
+		$script_name = (!empty($_SERVER['PHP_SELF'])) ? $_SERVER['PHP_SELF'] : getenv('PHP_SELF');
 	}
 
 	// $phpbb_root_path accounts for redirects from e.g. /adm
@@ -114,6 +114,14 @@ $phpbb_class_loader_ext->register();
 try
 {
 	$phpbb_container_builder = new \phpbb\di\container_builder($phpbb_root_path, $phpEx);
+
+	// Check that cache directory is writable before trying to build container
+	$cache_dir = $phpbb_container_builder->get_cache_dir();
+	if (file_exists($cache_dir) && !is_writable($phpbb_container_builder->get_cache_dir()))
+	{
+		die('Unable to write to the cache directory path "' . $cache_dir . '". Ensure that the web server user can write to the cache folder.');
+	}
+
 	$phpbb_container = $phpbb_container_builder->with_config($phpbb_config_php_file)->get_container();
 }
 catch (InvalidArgumentException $e)

phpBB/composer.json

@@ -26,14 +26,14 @@
 		"phpbb/phpbb-core": "self.version"
 	},
 	"require": {
-		"php": "^7.1.3",
+		"php": "^7.2 || ^8.0.0",
 		"ext-json": "*",
 		"ext-mbstring": "*",
 		"bantu/ini-get-wrapper": "~1.0",
+		"carlos-mg89/oauth": "^0.8.15",
 		"composer/package-versions-deprecated": "^1.11",
 		"google/recaptcha": "~1.1",
 		"guzzlehttp/guzzle": "~6.3",
-		"lusitanian/oauth": "^0.8.1",
 		"marc1706/fast-image-size": "^1.1",
 		"s9e/text-formatter": "^2.0",
 		"symfony/config": "~3.4",
@@ -74,7 +74,10 @@
 	},
 	"config": {
 		"platform": {
-			"php": "7.1.3"
+			"php": "7.2"
+		},
+		"allow-plugins": {
+			"composer/installers": true
 		}
 	}
 }

phpBB/config/default/container/services_content.yml

@@ -71,3 +71,4 @@ services:
         class: phpbb\viewonline_helper
         arguments:
             - '@filesystem'
+            - '@dbal.conn'

phpBB/config/installer/container/services_install_controller.yml

@@ -4,6 +4,7 @@ services:
         arguments:
             - '@phpbb.installer.controller.helper'
             - '@language'
+            - '@path_helper'
             - '@template'
             - '%core.root_path%'
 

phpBB/cron.php

@@ -12,6 +12,9 @@
 */
 
 use Symfony\Component\HttpFoundation\RedirectResponse;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Routing\Exception\ExceptionInterface;
+use Symfony\Component\Routing\Exception\RouteNotFoundException;
 
 /**
 */
@@ -28,10 +31,49 @@ $cron_type = $request->variable('cron_type', '');
 
 $get_params_array = $request->get_super_global(\phpbb\request\request_interface::GET);
 
+/* @var $http_kernel \Symfony\Component\HttpKernel\HttpKernel */
+$http_kernel = $phpbb_container->get('http_kernel');
+
+/* @var $symfony_request \phpbb\symfony_request */
+$symfony_request = $phpbb_container->get('symfony_request');
+
 /** @var \phpbb\controller\helper $controller_helper */
 $controller_helper = $phpbb_container->get('controller.helper');
-$response = new RedirectResponse(
-	$controller_helper->route('phpbb_cron_run', $get_params_array, false),
-	301
+$cron_route = 'phpbb_cron_run';
+
+try
+{
+	$response = new RedirectResponse(
+		$controller_helper->route($cron_route, $get_params_array, false),
+		Response::HTTP_MOVED_PERMANENTLY
+	);
+	$response->send();
+	$http_kernel->terminate($symfony_request, $response);
+	exit();
+}
+catch (RouteNotFoundException $exception)
+{
+	$error = 'ROUTE_NOT_FOUND';
+	$error_parameters = $cron_route;
+	$error_code = Response::HTTP_NOT_FOUND;
+}
+catch (ExceptionInterface $exception)
+{
+	$error = 'ROUTE_INVALID_MISSING_PARAMS';
+	$error_parameters = $cron_route;
+	$error_code = Response::HTTP_BAD_REQUEST;
+}
+catch (Throwable $exception)
+{
+	$error = $exception->getMessage();
+	$error_parameters = [];
+	$error_code = Response::HTTP_INTERNAL_SERVER_ERROR;
+}
+
+$language = $phpbb_container->get('language');
+$response = new Response(
+	$language->lang($error, $error_parameters),
+	$error_code
 );
 $response->send();
+$http_kernel->terminate($symfony_request, $response);

phpBB/docs/CHANGELOG.html

@@ -50,6 +50,11 @@
 <ol>
 	<li><a href="#changelog">Changelog</a>
 	<ul>
+		<li><a href="#v3310">Changes since 3.3.10</a></li>
+		<li><a href="#v3310rc1">Changes since 3.3.10-RC1</a></li>
+		<li><a href="#v339">Changes since 3.3.9</a></li>
+		<li><a href="#v339rc1">Changes since 3.3.9-RC1</a></li>
+		<li><a href="#v338">Changes since 3.3.8</a></li>
 		<li><a href="#v337">Changes since 3.3.7</a></li>
 		<li><a href="#v336">Changes since 3.3.6</a></li>
 		<li><a href="#v336rc1">Changes since 3.3.6-RC1</a></li>
@@ -162,6 +167,149 @@
 		<div class="inner">
 
 		<div class="content">
+			<a name="v3310"></a><h3>Changes since 3.3.10</h3>
+			<h4>Bug</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-8777">PHPBB3-8777</a>] - Users can be removed from all groups leaving no default group</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-11184">PHPBB3-11184</a>] - ACP purports to allow editing of Founder admin permissions</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-12785">PHPBB3-12785</a>] - Redirection of URI are calculated using PHP_SELF</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-13276">PHPBB3-13276</a>] - INCLUDEJS and INCLUDECSS do not obey PHPBB_USE_BOARD_URL_PATH</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-13364">PHPBB3-13364</a>] - Index Subject not updated after moderation</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-15129">PHPBB3-15129</a>] - Wrong Installation guide link</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16796">PHPBB3-16796</a>] - misalignment on index and viewforum for topics and posts titles</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16877">PHPBB3-16877</a>] - OAuth account linking throws a PHP error - PHP 8</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17004">PHPBB3-17004</a>] - Pagination doesn't not show up in UCP &gt; Front Page</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17040">PHPBB3-17040</a>] - bidi.css is loaded when viewing LTR print view pages</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17041">PHPBB3-17041</a>] - RTL Pagination Dropdown Arrow Faces The Wrong Way</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17042">PHPBB3-17042</a>] - Group Description With BBCode List Breaks Layout</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17043">PHPBB3-17043</a>] - Remove Duplicate CP Rule From bidi.css</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17045">PHPBB3-17045</a>] - UCP attachments list page top and bottom pagination counts language strings and font size are different</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17046">PHPBB3-17046</a>] - IE tweaks in simple_header should be included the same as in overall_header</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17053">PHPBB3-17053</a>] - sql_freeresult not working for mysqli &amp; PHP 8</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17076">PHPBB3-17076</a>] - Signature length limit bug</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17086">PHPBB3-17086</a>] - phpBB / Codespaces support</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17089">PHPBB3-17089</a>] - Warning users without post causes PHP warning</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17097">PHPBB3-17097</a>] - PHP 8.2 Deprecations</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17098">PHPBB3-17098</a>] - body class {S_CONTENT_DIRECTION} is missing in ucp_pm_viewmessage_print.html</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17107">PHPBB3-17107</a>] - Who is online incorectly reports Forum location when replying/quoting </li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17115">PHPBB3-17115</a>] - PHP warning with native search backend if query ends with a space followed by hyphen</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17126">PHPBB3-17126</a>] - Filename in instructions about running all tests does not exist</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17127">PHPBB3-17127</a>] - Guest users stats got purged when resetting password</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17129">PHPBB3-17129</a>] - Youtube profile field not up to date in new installations</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17132">PHPBB3-17132</a>] - Missing language variable leads to PHP error in convertor</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17137">PHPBB3-17137</a>] - Attachments can be deleted after end of post editing or deletion time</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17139">PHPBB3-17139</a>] - PHP fatal error while updating with advanced update package</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17140">PHPBB3-17140</a>] - Required parameter phpbb_root_path missing in local_url_bbcode migration</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17141">PHPBB3-17141</a>] - Empty referrer may result in PHP error in get_web_root_path()</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17142">PHPBB3-17142</a>] - Installation errors when using MSSQL+ IIS + PHP 8.2 </li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17145">PHPBB3-17145</a>] - Field 'pf_phpbb_occupation' doesn't have a default value</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17146">PHPBB3-17146</a>] - Undefined array key in notifications code</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17148">PHPBB3-17148</a>] - phpBB3.3.10 Setup does not support PostgreSQL 8.3 </li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17150">PHPBB3-17150</a>] - Forum Image Breaks Layout If Big Image Used - (Forum List Forum Image)</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17160">PHPBB3-17160</a>] - Missing 'Mark' Column Header On MCP Front Page</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17171">PHPBB3-17171</a>] - Remove non functional responsive placeholder text rules in responsive.css</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17172">PHPBB3-17172</a>] - Hovering over a forum link / subforum link shows 'No unread posts' on the tooltip</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17189">PHPBB3-17189</a>] - Installer permission handling on PHP 8.2</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17194">PHPBB3-17194</a>] - Php version in vagrant configuration is not set correctly</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17198">PHPBB3-17198</a>] - Gravatar requires https by default</li>
+			</ul>
+			<h4>Improvement</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-8071">PHPBB3-8071</a>] - DBAL function &quot;sql_nextid&quot; - name is misleading</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-11765">PHPBB3-11765</a>] - short_ipv6() doesn't expect IPv4 embedded IPv6 addresses</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-12904">PHPBB3-12904</a>] - Required custom profile fields and asterisk</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-13399">PHPBB3-13399</a>] - Problem with plurals - 'CHARACTERS'</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-15973">PHPBB3-15973</a>] - Canonical for the index page</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16913">PHPBB3-16913</a>] - Add Search Index Progress Bar with Stats</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17025">PHPBB3-17025</a>] - Move post destination topic field should not be populated with a zero</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17125">PHPBB3-17125</a>] - Message Editor layout Broken in Latest Safari</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17128">PHPBB3-17128</a>] - Link to PHP date() function</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17152">PHPBB3-17152</a>] - Add template event to viewtopic_body.html</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17188">PHPBB3-17188</a>] - Condition to check if a utf8 string is malformed is wrong</li>
+			</ul>
+			<h4>Task</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17116">PHPBB3-17116</a>] - Useless duplicate conditions in ucp_pm_history.html</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17149">PHPBB3-17149</a>] - Update authors and pull request template</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17154">PHPBB3-17154</a>] - Update composer and dependencies to latest versions</li>
+			</ul>
+			<h4>Hardening</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/SECURITY-132">SECURITY-132</a>] - Limit CAPTCHA attempts at registration for single session</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/SECURITY-279">SECURITY-279</a>] - Escape smilies URL and prevent paths in .pak filename</li>
+			</ul>
+
+			<a name="v3310rc1"></a><h3>Changes since 3.3.10-RC1</h3>
+			<h4>Bug</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17091">PHPBB3-17091</a>] - PHP 8.0 builds fail due to incompatible doctrine/instantiator</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17092">PHPBB3-17092</a>] - Check for error codes when querying Spamhaus</li>
+			</ul>
+
+			<a name="v339"></a><h3>Changes since 3.3.9</h3>
+			<h4>Bug</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16938">PHPBB3-16938</a>] - Unexistent css property in inline style</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17039">PHPBB3-17039</a>] - Group name not colored in manage groups due to typo</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17056">PHPBB3-17056</a>] - PHP 8.2 Deprecation warning about ${var} syntax</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17065">PHPBB3-17065</a>] - Emoji characters in MCP add feedback cause SQL error</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17074">PHPBB3-17074</a>] - Condition to avoid creation of roles with same name is broken</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17081">PHPBB3-17081</a>] - Invalid accept attribute in the post editor</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17082">PHPBB3-17082</a>] - Ability to warn Anonymous</li>
+			</ul>
+			<h4>Improvement</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-13291">PHPBB3-13291</a>] - Close notification drop down after clicking &quot;mark all read&quot;</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16105">PHPBB3-16105</a>] - Use &quot;global&quot; reCAPTCHA domain to circumvent blocking in some countries</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17068">PHPBB3-17068</a>] - ALLOW_CDN_EXPLAIN: Incomplete and imprecise description</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17075">PHPBB3-17075</a>] - Add template events to ACP footer after SCRIPTS</li>
+			</ul>
+			<h4>Task</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17066">PHPBB3-17066</a>] - Update GitHub Actions configuration to resolve deprecations</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17071">PHPBB3-17071</a>] - Update the emoji CDN</li>
+			</ul>
+			<h4>Hardening</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/SECURITY-275">SECURITY-275</a>] - Improve handling of exceptions in cron redirect</li>
+			</ul>
+
+			<a name="v339rc1"></a><h3>Changes since 3.3.9-RC1</h3>
+			<h4>Bug</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17058">PHPBB3-17058</a>] - Special character issue in emails from PHP 8.0 and higher</li>
+			</ul>
+			<h4>Hardening</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/SECURITY-274">SECURITY-274</a>] - Reset login keys/session when resetting password</li>
+			</ul>
+
+			<a name="v338"></a><h3>Changes since 3.3.8</h3>
+			<h4>Bug</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16917">PHPBB3-16917</a>] - bin/phpbb.cli requires 755 permissions</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16932">PHPBB3-16932</a>] - Invalid email To: header on notifications to users with @ in name</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17003">PHPBB3-17003</a>] - Icon of a topic do not show up in the UCP &gt; Front Page.</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17019">PHPBB3-17019</a>] - Missing &quot;youtube&quot; profilefield stops Database update</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17023">PHPBB3-17023</a>] - phpBB 3.3: PHP8 supported but not indicated by composer.json</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17026">PHPBB3-17026</a>] - Session viewonline not defined in Memberlist</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17030">PHPBB3-17030</a>] - Feed doesn't generate valid RFC-3339 dates</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17032">PHPBB3-17032</a>] - Missing or invalid user entry for anonymous user may result in stack overflow</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17036">PHPBB3-17036</a>] - Update guzzle to latest version</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17050">PHPBB3-17050</a>] - Unnecessary trailing slash in void HTML elements</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17051">PHPBB3-17051</a>] - Textformatter may generate PHP warnings if user is not fully initialized in PHP 8.1</li>
+			</ul>
+			<h4>Improvement</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16916">PHPBB3-16916</a>] - Enhance the PHP version error message on startup and install</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17005">PHPBB3-17005</a>] - List item closing tag missing slash in posting_topic_review</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17006">PHPBB3-17006</a>] - &quot;www.&quot; not needed and may lead to confusion</li>
+			</ul>
+			<h4>Task</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17048">PHPBB3-17048</a>] - Update composer and dependencies for 3.3.9</li>
+			</ul>
+
 			<a name="v337"></a><h3>Changes since 3.3.7</h3>
 			<h4>Bug</h4>
 			<ul>

phpBB/docs/CREDITS.txt

@@ -25,7 +25,6 @@ phpBB Lead Developer:    Marc (Marc Alexander)
 phpBB Developers:        CHItA (Máté Bartus)
                          Derky (Derk Ruitenbeek)
                          Hanakin (Michael Miday)
-                         mrgoldy (Gijs Martens)
                          Nicofuma (Tristan Darricau)
                          rubencm (Rubén Calvo)
 
@@ -64,6 +63,7 @@ phpBB Developers:        A_Jelly_Doughnut (Josh Woody) [01/2010 - 11/2010]
                          imkingdavid (David King)      [11/2012 - 06/2014]
                          kellanved (Henry Sudhof)      [04/2007 - 03/2011]
                          MichaelC (Michael Cullum)     [11/2017 - 09/2019]
+                         mrgoldy (Gijs Martens)        [03/2020 - 06/2023]
                          nickvergessen (Joas Schilling)[04/2010 - 12/2015]
                          Oleg (Oleg Pudeyev)           [01/2011 - 05/2013]
                          prototech (Cesar Gallegos)    [01/2014 - 12/2016]

phpBB/docs/INSTALL.html

@@ -147,7 +147,7 @@
 			<li>Oracle</li>
 		</ul>
 		</li>
-		<li><strong>PHP 7.1.3+</strong> up to and including <strong>PHP 8.1</strong> with support for the database you intend to use.</li>
+		<li><strong>PHP 7.2.0+</strong> up to and including <strong>PHP 8.1</strong> with support for the database you intend to use.</li>
 		<li>The following PHP modules are required:
 		<ul>
 			<li>json</li>

phpBB/docs/README.html

@@ -265,7 +265,7 @@
 
 	<ul>
 		<li>Your server type/version, e.g. Apache 2.2.3, IIS 7, Sambar, etc.</li>
-		<li>PHP version and mode of operation, e.g. PHP 7.1.3 as a module, PHP 7.1.3 running as CGI, etc.</li>
+		<li>PHP version and mode of operation, e.g. PHP 7.2.0 as a module, PHP 7.2.7 running as CGI, etc.</li>
 		<li>DB type/version, e.g. MySQL 5.0.77, PostgreSQL 9.0.6, MSSQL Server 2000 (via ODBC), etc.</li>
 	</ul>
 
@@ -323,11 +323,11 @@
 
 		<div class="content">
 
-	<p>phpBB 3.3.x takes advantage of new features added in PHP 7.1. We recommend that you upgrade to the latest stable release of PHP to run phpBB. The minimum version required is PHP 7.1.3 and the maximum supported version is the latest stable version of PHP.</p>
+	<p>phpBB 3.3.x takes advantage of new features added in PHP 7.2. We recommend that you upgrade to the latest stable release of PHP to run phpBB. The minimum version required is PHP 7.2.0 and the maximum supported version is the latest stable version of PHP.</p>
 
 	<p>Please remember that running any application on a development (unstable, e.g. a beta release) version of PHP can lead to strange/unexpected results which may appear to be bugs in the application. Therefore, we recommend you upgrade to the newest stable version of PHP before running phpBB. If you are running a development version of PHP please check any bugs you find on a system running a stable release before submitting.</p>
 
-	<p>This board has been developed and tested under Linux and Windows (amongst others) running Apache using MySQLi 4.1.3, 4.x, 5.x, MariaDB 5.x, PostgreSQL 8.x, Oracle 8 and SQLite 3. Versions of PHP used range from 7.1.3 to 7.2.x and 7.3.x without issues.</p>
+	<p>This board has been developed and tested under Linux and Windows (amongst others) running Apache using MySQLi 4.1.3, 4.x, 5.x, MariaDB 5.x, PostgreSQL 8.x, Oracle 8 and SQLite 3. Versions of PHP used range from 7.2.0 to 7.4.x, 8.0.x and 8.1.x.</p>
 
 <a name="phpsec"></a><h3>7.i. Notice on PHP security issues</h3>
 

phpBB/docs/codespaces.md

@@ -0,0 +1,55 @@
+## Using GitHub Codespaces with phpBB
+
+phpBB includes support for [Codespaces](https://docs.github.com/en/codespaces), GitHub's cloud-based software development environment. This allows developers and contributors to run and modify phpBB on a consistent environment through a GitHub account without the need to set up a local web server.
+
+Codespaces is completely web-based and does not require any code to be downloaded locally.
+
+Features include:
+
+* Automatic phpBB installation
+* Access to [VS Code](https://docs.github.com/en/codespaces/the-githubdev-web-based-editor) through the web browser 
+* [Xdebug](https://github.com/xdebug/vscode-php-debug) pre-configured to step through the phpBB code and add breakpoints
+* Full LAMP stack with database access
+* Commit, push and test code entirely online
+
+## How it works
+
+### To run phpBB in Codespaces
+
+* On the GitHub.com website, fork the `phpbb/phpbb` repository.
+* Under the `Code` button, click the `Codespaces` tab and then the `+` button to create a new Codespace.
+* It may take several minutes to configure and install phpBB on the newly created virtual machine. Once it is ready, a web-based VS Code instance will appear.
+* Under the `Ports` tab, click on the local address under port 80 to open the private website for the new phpBB installation.
+    * By default, the login details for the new phpBB installation are `admin` / `adminadmin`
+    * Port 9003 is also open to allow Xdebug connections.
+
+### To use the command line
+
+* Click on the `Terminal` tab at the bottom of VS Code and make sure the `bash` window is selected in the right sidebar.
+* The `workspaces/phpbb` directory contains the code from the workspace.
+* Run `mysql -h 127.0.0.1 -u phpbb -p` to log into the MySQL database. The password is `phpbb` and the database name is `phpbb`.
+    * Tip: type `use phpbb;` after logging in to MySQL to switch to the correct database, then queries can be run for the phpBB tables.
+
+### To debug code
+
+* Click the `Run and Debug` tab on the left sidebar in VS Code, then click the green play button next to the `Debug phpBB` option.
+    * Tip: to confirm that Xdebug is working correctly, run `lsof -i :9003` on the command line. It should show that the port is listening for connections.
+* In any of the files in the `phpBB/` directory, add a breakpoint by clicking just to the left of a line number in VS Code. Then, access the private website created on port 80 (found under the VS Code `Ports` tab) through the web browser and navigate to the page with a breakpoint. VS Code will automatically pause execution where the breakpoint is hit, and under the `Run and Debug` tab a variable list will be shown.
+
+### To commit and push code
+
+* To save a change made using VS Code on Codespaces, click the `Source Control` tab on the left sidebar in VS Code.
+* To stage changes or discard changes, right click the file(s) and select the appropriate option.
+* Type a commit message and select the `Commit and Push` option.
+
+**Remember to stop a Codespace once you are finished with it.** GitHub provides all users with a limited number of free core hours per month. A Codespace can be stopped (or deleted) from the main repository page on GitHub.com.
+
+## Technical information
+
+All of the Codespaces configuration can be found in the `.devcontainer/` directory. The `devcontainer.json` holds the general environment information and `Dockerfile` contains the commands to set up the LAMP stack which enables phpBB to run.
+
+`setup.sh` is used to install phpBB from the command line, using pre-determined details from `phpbb-config.yml`.
+
+Codespaces can run without the configuration inside the `.vscode/` directory, however by including this no manual intervention is required to set the Xdebug IDE code to `VSCode` (inside `settings.json`) and  `Debug phpBB` information, such as the path mapping from the Apache webroot to the `phpbb/phpBB` directory (inside `launch.json`).
+
+This configuration information can be safely modified to change the development environment, followed by `Ctrl+Shift+P` in VS Code and selection of the `Full Rebuild Container` option.

phpBB/docs/events.md

@@ -274,6 +274,12 @@ acp_overall_footer_after
 * Since: 3.1.0-a1
 * Purpose: Add content below the footer in the ACP
 
+acp_overall_footer_body_after
+===
+* Location: adm/style/overall_footer.html
+* Since: 3.3.10-RC1
+* Purpose: Add content before the `</body>` tag but after the $SCRIPTS var, i.e. after the js scripts have been loaded
+
 acp_overall_header_body_before
 ===
 * Location: adm/style/overall_header.html
@@ -558,6 +564,12 @@ acp_simple_footer_after
 * Since: 3.1.0-a1
 * Purpose: Add content below the simple footer in the ACP
 
+acp_simple_footer_body_after
+===
+* Location: adm/style/simple_footer.html
+* Since: 3.3.10-RC1
+* Purpose: Add content before the `</body>` tag but after the $SCRIPTS var, i.e. after the js scripts have been loaded
+
 acp_simple_header_body_before
 ===
 * Location: adm/style/simple_header.html
@@ -3292,6 +3304,13 @@ viewtopic_body_postrow_content_after
 * Since: 3.2.4-RC1
 * Purpose: Add content after the message content in topics views
 
+viewtopic_body_postrow_content_before
+===
+* Locations:
+    + styles/prosilver/template/viewtopic_body.html
+* Since: 3.3.11-RC1
+* Purpose: Add content before the message content in topics views
+
 viewtopic_body_postrow_custom_fields_after
 ===
 * Locations:

phpBB/includes/acp/acp_icons.php

@@ -550,7 +550,7 @@ class acp_icons
 						trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
 					}
 
-					if (!($pak_ary = @file($phpbb_root_path . $img_path . '/' . $pak)))
+					if (!($pak_ary = @file($phpbb_root_path . $img_path . '/' . utf8_basename($pak))))
 					{
 						trigger_error($user->lang['PAK_FILE_NOT_READABLE'] . adm_back_link($this->u_action), E_USER_WARNING);
 					}
@@ -654,7 +654,7 @@ class acp_icons
 							{
 								$replace_sql = ($mode == 'smilies') ? $code : $img;
 								$sql = array(
-									$fields . '_url'		=> $img,
+									$fields . '_url'		=> utf8_substr(rawurlencode($img), 0, 50),
 									$fields . '_height'		=> (int) $height,
 									$fields . '_width'		=> (int) $width,
 									'display_on_posting'	=> (int) $display_on_posting,
@@ -676,7 +676,7 @@ class acp_icons
 								++$order;
 
 								$sql = array(
-									$fields . '_url'	=> $img,
+									$fields . '_url'	=> utf8_substr(rawurlencode($img), 0, 50),
 									$fields . '_height'	=> (int) $height,
 									$fields . '_width'	=> (int) $width,
 									$fields . '_order'	=> (int) $order,

phpBB/includes/acp/acp_main.php

@@ -430,11 +430,11 @@ class acp_main
 		// Version check
 		$user->add_lang('install');
 
-		if ($auth->acl_get('a_server') && version_compare(PHP_VERSION, '7.1.3', '<'))
+		if ($auth->acl_get('a_server') && version_compare(PHP_VERSION, '7.2.0', '<'))
 		{
 			$template->assign_vars(array(
 				'S_PHP_VERSION_OLD'	=> true,
-				'L_PHP_VERSION_OLD'	=> sprintf($user->lang['PHP_VERSION_OLD'], PHP_VERSION, '7.1.3', '<a href="https://www.phpbb.com/support/docs/en/3.3/ug/quickstart/requirements">', '</a>'),
+				'L_PHP_VERSION_OLD'	=> sprintf($user->lang['PHP_VERSION_OLD'], PHP_VERSION, '7.2.0', '<a href="https://www.phpbb.com/support/docs/en/3.3/ug/quickstart/requirements">', '</a>'),
 			));
 		}
 

phpBB/includes/acp/acp_permission_roles.php

@@ -179,7 +179,7 @@ class acp_permission_roles
 					$db->sql_freeresult($result);
 
 					// Make sure we only print out the error if we add the role or change it's name
-					if ($row && ($mode == 'add' || ($mode == 'edit' && $role_row['role_name'] != $role_name)))
+					if ($row && ($action == 'add' || ($action == 'edit' && $role_row['role_name'] != $role_name)))
 					{
 						trigger_error(sprintf($user->lang['ROLE_NAME_ALREADY_EXIST'], $role_name) . adm_back_link($this->u_action), E_USER_WARNING);
 					}

phpBB/includes/acp/acp_search.php

@@ -239,7 +239,7 @@ class acp_search
 
 	function index($id, $mode)
 	{
-		global $db, $user, $template, $phpbb_log, $request;
+		global $db, $language, $user, $template, $phpbb_log, $request;
 		global $config, $phpbb_admin_path, $phpEx;
 
 		$action = $request->variable('action', '');
@@ -262,11 +262,6 @@ class acp_search
 		{
 			switch ($action)
 			{
-				case 'progress_bar':
-					$type = $request->variable('type', '');
-					$this->display_progress_bar($type);
-				break;
-
 				case 'delete':
 					$this->state[1] = 'delete';
 				break;
@@ -311,14 +306,29 @@ class acp_search
 						{
 							$this->state = array('');
 							$this->save_state();
-							trigger_error($error . adm_back_link($this->u_action) . $this->close_popup_js(), E_USER_WARNING);
+							trigger_error($error . adm_back_link($this->u_action), E_USER_WARNING);
 						}
 					}
+					else if ($submit)
+					{
+						meta_refresh(1, append_sid($this->u_action . '&action=delete&skip_rows=' . $post_counter . '&hash=' . generate_link_hash('acp_search')));
+						$template->assign_vars([
+							'S_INDEX_PROGRESS'		=> true,
+							'INDEXING_TITLE'		=> $language->lang('DELETING_INDEX_IN_PROGRESS'),
+							'INDEXING_EXPLAIN'		=> $language->lang('DELETING_INDEX_IN_PROGRESS_EXPLAIN'),
+							'INDEXING_PROGRESS_BAR'	=> $this->get_post_index_progress($post_counter),
+						]);
+
+						$this->tpl_name = 'acp_search';
+						$this->page_title = 'ACP_SEARCH_INDEX';
+
+						return;
+					}
 					else
 					{
 						$starttime = microtime(true);
 						$row_count = 0;
-						while (still_on_time() && $post_counter <= $this->max_post_id)
+						while (still_on_time() && $post_counter < $this->max_post_id)
 						{
 							$sql = 'SELECT post_id, poster_id, forum_id
 								FROM ' . POSTS_TABLE . '
@@ -350,7 +360,20 @@ class acp_search
 							$totaltime = microtime(true) - $starttime;
 							$rows_per_second = $row_count / $totaltime;
 							meta_refresh(1, append_sid($this->u_action . '&amp;action=delete&amp;skip_rows=' . $post_counter . '&amp;hash=' . generate_link_hash('acp_search')));
-							trigger_error($user->lang('SEARCH_INDEX_DELETE_REDIRECT', (int) $row_count, $post_counter) . $user->lang('SEARCH_INDEX_DELETE_REDIRECT_RATE', $rows_per_second));
+
+							$template->assign_vars([
+								'S_INDEX_PROGRESS'		=> true,
+								'INDEXING_TITLE'		=> $language->lang('DELETING_INDEX_IN_PROGRESS'),
+								'INDEXING_EXPLAIN'		=> $language->lang('DELETING_INDEX_IN_PROGRESS_EXPLAIN'),
+								'INDEXING_PROGRESS'		=> $language->lang('SEARCH_INDEX_DELETE_REDIRECT', $row_count, $post_counter),
+								'INDEXING_RATE'			=> $language->lang('SEARCH_INDEX_DELETE_REDIRECT_RATE', $rows_per_second),
+								'INDEXING_PROGRESS_BAR'	=> $this->get_post_index_progress($post_counter),
+							]);
+
+							$this->tpl_name = 'acp_search';
+							$this->page_title = 'ACP_SEARCH_INDEX';
+
+							return;
 						}
 					}
 
@@ -360,7 +383,7 @@ class acp_search
 					$this->save_state();
 
 					$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_SEARCH_INDEX_REMOVED', false, array($name));
-					trigger_error($user->lang['SEARCH_INDEX_REMOVED'] . adm_back_link($this->u_action) . $this->close_popup_js());
+					trigger_error($user->lang['SEARCH_INDEX_REMOVED'] . adm_back_link($this->u_action));
 				break;
 
 				case 'create':
@@ -371,9 +394,25 @@ class acp_search
 						{
 							$this->state = array('');
 							$this->save_state();
-							trigger_error($error . adm_back_link($this->u_action) . $this->close_popup_js(), E_USER_WARNING);
+							trigger_error($error . adm_back_link($this->u_action), E_USER_WARNING);
 						}
 					}
+					else if ($submit)
+					{
+						meta_refresh(1, append_sid($this->u_action . '&amp;action=create&amp;skip_rows=' . $post_counter . '&amp;hash=' . generate_link_hash('acp_search')));
+
+						$template->assign_vars([
+							'S_INDEX_PROGRESS'		=> true,
+							'INDEXING_TITLE'		=> $language->lang('INDEXING_IN_PROGRESS'),
+							'INDEXING_EXPLAIN'		=> $language->lang('INDEXING_IN_PROGRESS_EXPLAIN'),
+							'INDEXING_PROGRESS_BAR'	=> $this->get_post_index_progress($post_counter),
+						]);
+
+						$this->tpl_name = 'acp_search';
+						$this->page_title = 'ACP_SEARCH_INDEX';
+
+						return;
+					}
 					else
 					{
 						$sql = 'SELECT forum_id, enable_indexing
@@ -388,7 +427,7 @@ class acp_search
 
 						$starttime = microtime(true);
 						$row_count = 0;
-						while (still_on_time() && $post_counter <= $this->max_post_id)
+						while (still_on_time() && $post_counter < $this->max_post_id)
 						{
 							$sql = 'SELECT post_id, post_subject, post_text, poster_id, forum_id
 								FROM ' . POSTS_TABLE . '
@@ -437,7 +476,19 @@ class acp_search
 							$totaltime = microtime(true) - $starttime;
 							$rows_per_second = $row_count / $totaltime;
 							meta_refresh(1, append_sid($this->u_action . '&amp;action=create&amp;skip_rows=' . $post_counter . '&amp;hash=' . generate_link_hash('acp_search')));
-							trigger_error($user->lang('SEARCH_INDEX_CREATE_REDIRECT', (int) $row_count, $post_counter) . $user->lang('SEARCH_INDEX_CREATE_REDIRECT_RATE', $rows_per_second));
+							$template->assign_vars([
+								'S_INDEX_PROGRESS'		=> true,
+								'INDEXING_TITLE'		=> $language->lang('INDEXING_IN_PROGRESS'),
+								'INDEXING_EXPLAIN'		=> $language->lang('INDEXING_IN_PROGRESS_EXPLAIN'),
+								'INDEXING_PROGRESS'		=> $language->lang('SEARCH_INDEX_CREATE_REDIRECT', $row_count, $post_counter),
+								'INDEXING_RATE'			=> $language->lang('SEARCH_INDEX_CREATE_REDIRECT_RATE', $rows_per_second),
+								'INDEXING_PROGRESS_BAR'	=> $this->get_post_index_progress($post_counter),
+							]);
+
+							$this->tpl_name = 'acp_search';
+							$this->page_title = 'ACP_SEARCH_INDEX';
+
+							return;
 						}
 					}
 
@@ -447,7 +498,7 @@ class acp_search
 					$this->save_state();
 
 					$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_SEARCH_INDEX_CREATED', false, array($name));
-					trigger_error($user->lang['SEARCH_INDEX_CREATED'] . adm_back_link($this->u_action) . $this->close_popup_js());
+					trigger_error($user->lang['SEARCH_INDEX_CREATED'] . adm_back_link($this->u_action));
 				break;
 			}
 		}
@@ -516,8 +567,6 @@ class acp_search
 		$template->assign_vars(array(
 			'S_INDEX'				=> true,
 			'U_ACTION'				=> $this->u_action . '&amp;hash=' . generate_link_hash('acp_search'),
-			'U_PROGRESS_BAR'		=> append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&amp;mode=$mode&amp;action=progress_bar"),
-			'UA_PROGRESS_BAR'		=> addslashes(append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&amp;mode=$mode&amp;action=progress_bar")),
 		));
 
 		if (isset($this->state[1]))
@@ -525,41 +574,11 @@ class acp_search
 			$template->assign_vars(array(
 				'S_CONTINUE_INDEXING'	=> $this->state[1],
 				'U_CONTINUE_INDEXING'	=> $this->u_action . '&amp;action=' . $this->state[1] . '&amp;hash=' . generate_link_hash('acp_search'),
-				'L_CONTINUE'			=> ($this->state[1] == 'create') ? $user->lang['CONTINUE_INDEXING'] : $user->lang['CONTINUE_DELETING_INDEX'],
-				'L_CONTINUE_EXPLAIN'	=> ($this->state[1] == 'create') ? $user->lang['CONTINUE_INDEXING_EXPLAIN'] : $user->lang['CONTINUE_DELETING_INDEX_EXPLAIN'])
-			);
+				'CONTINUE_PROGRESS'	=> (isset($this->state[2]) && $this->state[2] > 0) ? $this->get_post_index_progress($this->state[2]) : $this->get_post_index_progress(0)
+			));
 		}
 	}
 
-	function display_progress_bar($type)
-	{
-		global $template, $user;
-
-		$l_type = ($type == 'create') ? 'INDEXING_IN_PROGRESS' : 'DELETING_INDEX_IN_PROGRESS';
-
-		adm_page_header($user->lang[$l_type]);
-
-		$template->set_filenames(array(
-			'body'	=> 'progress_bar.html')
-		);
-
-		$template->assign_vars(array(
-			'L_PROGRESS'			=> $user->lang[$l_type],
-			'L_PROGRESS_EXPLAIN'	=> $user->lang[$l_type . '_EXPLAIN'])
-		);
-
-		adm_page_footer();
-	}
-
-	function close_popup_js()
-	{
-		return "<script type=\"text/javascript\">\n" .
-			"// <![CDATA[\n" .
-			"	close_waitscreen = 1;\n" .
-			"// ]]>\n" .
-			"</script>\n";
-	}
-
 	function get_search_types()
 	{
 		global $phpbb_extension_manager;
@@ -586,6 +605,41 @@ class acp_search
 		return $max_post_id;
 	}
 
+	/**
+	 * Get progress stats of search index with HTML progress bar.
+	 *
+	 * @param int		$post_counter	Post ID of last post indexed.
+	 * @return array	Returns array with progress bar data.
+	 */
+	function get_post_index_progress(int $post_counter)
+	{
+		global $db, $language;
+
+		$sql = 'SELECT COUNT(post_id) as done_count
+			FROM ' . POSTS_TABLE . '
+			WHERE post_id <= ' . (int) $post_counter;
+		$result = $db->sql_query($sql);
+		$done_count = (int) $db->sql_fetchfield('done_count');
+		$db->sql_freeresult($result);
+
+		$sql = 'SELECT COUNT(post_id) as remain_count
+			FROM ' . POSTS_TABLE . '
+			WHERE post_id > ' . (int) $post_counter;
+		$result = $db->sql_query($sql);
+		$remain_count = (int) $db->sql_fetchfield('remain_count');
+		$db->sql_freeresult($result);
+
+		$total_count = $done_count + $remain_count;
+		$percent = ($done_count / $total_count) * 100;
+
+		return [
+			'VALUE'			=> $done_count,
+			'TOTAL'			=> $total_count,
+			'PERCENTAGE'	=> $percent,
+			'REMAINING'		=> $remain_count,
+		];
+	}
+
 	function save_state($state = false)
 	{
 		global $config;

phpBB/includes/acp/acp_users.php

@@ -1128,7 +1128,7 @@ class acp_users
 				$db->sql_freeresult($result);
 
 				$template->assign_vars(array(
-					'L_NAME_CHARS_EXPLAIN'		=> $user->lang($config['allow_name_chars'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_name_chars']), $user->lang('CHARACTERS', (int) $config['max_name_chars'])),
+					'L_NAME_CHARS_EXPLAIN'		=> $user->lang($config['allow_name_chars'] . '_EXPLAIN', $user->lang('CHARACTERS_XY', (int) $config['min_name_chars']), $user->lang('CHARACTERS_XY', (int) $config['max_name_chars'])),
 					'L_CHANGE_PASSWORD_EXPLAIN'	=> $user->lang($config['pass_complex'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_pass_chars'])),
 					'L_POSTS_IN_QUEUE'			=> $user->lang('NUM_POSTS_IN_QUEUE', $user_row['posts_in_queue']),
 					'S_FOUNDER'					=> ($user->data['user_type'] == USER_FOUNDER) ? true : false,
@@ -2515,7 +2515,7 @@ class acp_users
 							'U_EDIT_GROUP'		=> append_sid("{$phpbb_admin_path}index.$phpEx", "i=groups&mode=manage&action=edit&u=$user_id&g={$data['group_id']}&back_link=acp_users_groups"),
 							'U_DEFAULT'			=> $this->u_action . "&action=default&u=$user_id&g=" . $data['group_id'] . '&hash=' . generate_link_hash('acp_users'),
 							'U_DEMOTE_PROMOTE'	=> $this->u_action . '&action=' . (($data['group_leader']) ? 'demote' : 'promote') . "&u=$user_id&g=" . $data['group_id'] . '&hash=' . generate_link_hash('acp_users'),
-							'U_DELETE'			=> $this->u_action . "&action=delete&u=$user_id&g=" . $data['group_id'],
+							'U_DELETE'			=> count($id_ary) > 1 ? $this->u_action . "&action=delete&u=$user_id&g=" . $data['group_id'] : '',
 							'U_APPROVE'			=> ($group_type == 'pending') ? $this->u_action . "&action=approve&u=$user_id&g=" . $data['group_id'] : '',
 
 							'GROUP_NAME'		=> $group_helper->get_name($data['group_name']),

phpBB/includes/constants.php

@@ -28,7 +28,7 @@ if (!defined('IN_PHPBB'))
 */
 
 // phpBB Version
-@define('PHPBB_VERSION', '3.3.8');
+@define('PHPBB_VERSION', '3.3.11');
 
 // QA-related
 // define('PHPBB_QA', 1);

phpBB/includes/functions.php

@@ -2918,7 +2918,7 @@ function get_censor_preg_expression($word)
 
 /**
 * Returns the first block of the specified IPv6 address and as many additional
-* ones as specified in the length paramater.
+* ones as specified in the length parameter.
 * If length is zero, then an empty string is returned.
 * If length is greater than 3 the complete IP will be returned
 */
@@ -2929,6 +2929,14 @@ function short_ipv6($ip, $length)
 		return '';
 	}
 
+	// Handle IPv4 embedded IPv6 addresses
+	if (preg_match('/(?:\d{1,3}\.){3}\d{1,3}$/i', $ip))
+	{
+		$binary_ip = inet_pton($ip);
+		$ip_v6 = $binary_ip ? inet_ntop($binary_ip) : $ip;
+		$ip = $ip_v6 ?: $ip;
+	}
+
 	// extend IPv6 addresses
 	$blocks = substr_count($ip, ':') + 1;
 	if ($blocks < 9)
@@ -3695,15 +3703,11 @@ function phpbb_get_avatar($row, $alt, $ignore_config = false, $lazy = false)
 	{
 		if ($lazy)
 		{
-			// Determine board url - we may need it later
-			$board_url = generate_board_url() . '/';
 			// This path is sent with the base template paths in the assign_vars()
 			// call below. We need to correct it in case we are accessing from a
 			// controller because the web paths will be incorrect otherwise.
 			$phpbb_path_helper = $phpbb_container->get('path_helper');
-			$corrected_path = $phpbb_path_helper->get_web_root_path();
-
-			$web_path = (defined('PHPBB_USE_BOARD_URL_PATH') && PHPBB_USE_BOARD_URL_PATH) ? $board_url : $corrected_path;
+			$web_path = $phpbb_path_helper->get_web_root_path();
 
 			$theme = "{$web_path}styles/" . rawurlencode($user->style['style_path']) . '/theme';
 
@@ -3891,15 +3895,12 @@ function page_header($page_title = '', $display_online_list = false, $item_id =
 		$db->sql_freeresult($result);
 	}
 
-	// Determine board url - we may need it later
-	$board_url = generate_board_url() . '/';
 	// This path is sent with the base template paths in the assign_vars()
 	// call below. We need to correct it in case we are accessing from a
 	// controller because the web paths will be incorrect otherwise.
 	/* @var $phpbb_path_helper \phpbb\path_helper */
 	$phpbb_path_helper = $phpbb_container->get('path_helper');
-	$corrected_path = $phpbb_path_helper->get_web_root_path();
-	$web_path = (defined('PHPBB_USE_BOARD_URL_PATH') && PHPBB_USE_BOARD_URL_PATH) ? $board_url : $corrected_path;
+	$web_path = $phpbb_path_helper->get_web_root_path();
 
 	// Send a proper content-language to the output
 	$user_lang = $user->lang['USER_LANG'];
@@ -4002,7 +4003,7 @@ function page_header($page_title = '', $display_online_list = false, $item_id =
 		'_SID'				=> $_SID,
 		'SESSION_ID'		=> $user->session_id,
 		'ROOT_PATH'			=> $web_path,
-		'BOARD_URL'			=> $board_url,
+		'BOARD_URL'			=> generate_board_url() . '/',
 
 		'L_LOGIN_LOGOUT'	=> $l_login_logout,
 		'L_INDEX'			=> ($config['board_index_text'] !== '') ? $config['board_index_text'] : $user->lang['FORUM_INDEX'],

phpBB/includes/functions_content.php

@@ -1088,7 +1088,7 @@ function smiley_text($text, $force_option = false)
 	}
 	else
 	{
-		$root_path = (defined('PHPBB_USE_BOARD_URL_PATH') && PHPBB_USE_BOARD_URL_PATH) ? generate_board_url() . '/' : $phpbb_path_helper->get_web_root_path();
+		$root_path = $phpbb_path_helper->get_web_root_path();
 
 		/**
 		* Event to override the root_path for smilies

phpBB/includes/functions_messenger.php

@@ -427,7 +427,7 @@ class messenger
 			$user->session_begin();
 		}
 
-		$calling_page = html_entity_decode($request->server('PHP_SELF'), ENT_COMPAT);
+		$calling_page = html_entity_decode($request->server('REQUEST_URI'), ENT_COMPAT);
 
 		switch ($type)
 		{
@@ -597,7 +597,7 @@ class messenger
 			$this->from = $board_contact;
 		}
 
-		$encode_eol = ($config['smtp_delivery']) ? "\r\n" : PHP_EOL;
+		$encode_eol = $config['smtp_delivery'] || PHP_VERSION_ID >= 80000 ? "\r\n" : PHP_EOL;
 
 		// Build to, cc and bcc strings
 		$to = $cc = $bcc = '';
@@ -629,7 +629,7 @@ class messenger
 			}
 			else
 			{
-				$result = phpbb_mail($mail_to, $this->subject, $this->msg, $headers, PHP_EOL, $err_msg);
+				$result = phpbb_mail($mail_to, $this->subject, $this->msg, $headers, $encode_eol, $err_msg);
 			}
 
 			if (!$result)
@@ -952,7 +952,8 @@ class queue
 							}
 							else
 							{
-								$result = phpbb_mail($to, $subject, $msg, $headers, PHP_EOL, $err_msg);
+								$encode_eol = $config['smtp_delivery'] || PHP_VERSION_ID >= 80000 ? "\r\n" : PHP_EOL;
+								$result = phpbb_mail($to, $subject, $msg, $headers, $encode_eol, $err_msg);
 							}
 
 							if (!$result)
@@ -1882,7 +1883,7 @@ function mail_encode($str, $eol = "\r\n")
 	{
 		$encoded_char = $is_quoted_printable
 			? $char = preg_replace_callback(
-				'/[=_\?\x20\x00-\x1F\x80-\xFF]/',
+				'/[()<>@,;:\\\\".\[\]=_?\x20\x00-\x1F\x80-\xFF]/',
 				function ($matches)
 				{
 					$hex = dechex(ord($matches[0]));

phpBB/includes/functions_posting.php

@@ -189,7 +189,7 @@ function generate_smilies($mode, $forum_id)
 
 	if (count($smilies))
 	{
-		$root_path = (defined('PHPBB_USE_BOARD_URL_PATH') && PHPBB_USE_BOARD_URL_PATH) ? generate_board_url() . '/' : $phpbb_path_helper->get_web_root_path();
+		$root_path = $phpbb_path_helper->get_web_root_path();
 
 		foreach ($smilies as $row)
 		{
@@ -420,7 +420,7 @@ function update_post_information($type, $ids, $return_update_sql = false)
 */
 function posting_gen_topic_icons($mode, $icon_id)
 {
-	global $phpbb_root_path, $config, $template, $cache;
+	global $phpbb_root_path, $phpbb_path_helper, $config, $template, $cache;
 
 	// Grab icons
 	$icons = $cache->obtain_icons();
@@ -432,7 +432,7 @@ function posting_gen_topic_icons($mode, $icon_id)
 
 	if (count($icons))
 	{
-		$root_path = (defined('PHPBB_USE_BOARD_URL_PATH') && PHPBB_USE_BOARD_URL_PATH) ? generate_board_url() . '/' : $phpbb_root_path;
+		$root_path = $phpbb_path_helper->get_web_root_path();
 
 		foreach ($icons as $id => $data)
 		{
@@ -834,7 +834,7 @@ function posting_gen_attachment_entry($attachment_data, &$filename_data, $show_a
 		'FILESIZE'						=> $config['max_filesize'],
 		'FILE_COMMENT'					=> (isset($filename_data['filecomment'])) ? $filename_data['filecomment'] : '',
 		'MAX_ATTACHMENT_FILESIZE'		=> $config['max_filesize'] > 0 ? $user->lang('MAX_ATTACHMENT_FILESIZE', get_formatted_filesize($config['max_filesize'])) : '',
-		'ALLOWED_ATTACHMENTS'			=> !empty($allowed_attachments) ? implode(',', $allowed_attachments) : '',
+		'ALLOWED_ATTACHMENTS'			=> !empty($allowed_attachments) ? '.' . implode(',.', $allowed_attachments) : '',
 	];
 
 	/**
@@ -1345,7 +1345,7 @@ function delete_post($forum_id, $topic_id, $post_id, &$data, $is_soft = false, $
 	{
 		$post_mode = 'delete_first_post';
 	}
-	else if ($data['topic_last_post_id'] == $post_id)
+	else if ($data['topic_last_post_id'] <= $post_id)
 	{
 		$post_mode = 'delete_last_post';
 	}
@@ -2872,7 +2872,14 @@ function phpbb_handle_post_delete($forum_id, $topic_id, $post_id, &$post_data, $
 					$delete_reason
 				));
 
-				$meta_info = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "p=$next_post_id") . "#p$next_post_id";
+				if ($next_post_id > 0)
+				{
+					$meta_info = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "p=$next_post_id") . "#p$next_post_id";
+				}
+				else
+				{
+					$meta_info = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "t=$topic_id");
+				}
 				$message = $user->lang['POST_DELETED'];
 
 				if (!$request->is_ajax())

phpBB/includes/functions_transfer.php

@@ -281,7 +281,7 @@ class ftp extends transfer
 		}
 
 		// Init some needed values
-		$this->transfer();
+		parent::__construct();
 
 		return;
 	}
@@ -341,6 +341,11 @@ class ftp extends transfer
 	*/
 	function _mkdir($dir)
 	{
+		if (!$this->connection)
+		{
+			return false;
+		}
+
 		return @ftp_mkdir($this->connection, $dir);
 	}
 
@@ -350,6 +355,11 @@ class ftp extends transfer
 	*/
 	function _rmdir($dir)
 	{
+		if (!$this->connection)
+		{
+			return false;
+		}
+
 		return @ftp_rmdir($this->connection, $dir);
 	}
 
@@ -359,6 +369,11 @@ class ftp extends transfer
 	*/
 	function _rename($old_handle, $new_handle)
 	{
+		if (!$this->connection)
+		{
+			return false;
+		}
+
 		return @ftp_rename($this->connection, $old_handle, $new_handle);
 	}
 
@@ -368,6 +383,11 @@ class ftp extends transfer
 	*/
 	function _chdir($dir = '')
 	{
+		if (!$this->connection)
+		{
+			return false;
+		}
+
 		if ($dir && $dir !== '/')
 		{
 			if (substr($dir, -1, 1) == '/')
@@ -385,6 +405,11 @@ class ftp extends transfer
 	*/
 	function _chmod($file, $perms)
 	{
+		if (!$this->connection)
+		{
+			return false;
+		}
+
 		if (function_exists('ftp_chmod'))
 		{
 			$err = @ftp_chmod($this->connection, $perms, $file);
@@ -406,6 +431,11 @@ class ftp extends transfer
 	*/
 	function _put($from_file, $to_file)
 	{
+		if (!$this->connection)
+		{
+			return false;
+		}
+
 		// We only use the BINARY file mode to cicumvent rewrite actions from ftp server (mostly linefeeds being replaced)
 		$mode = FTP_BINARY;
 
@@ -425,6 +455,11 @@ class ftp extends transfer
 	*/
 	function _delete($file)
 	{
+		if (!$this->connection)
+		{
+			return false;
+		}
+
 		return @ftp_delete($this->connection, $file);
 	}
 
@@ -449,6 +484,11 @@ class ftp extends transfer
 	*/
 	function _cwd()
 	{
+		if (!$this->connection)
+		{
+			return false;
+		}
+
 		return @ftp_pwd($this->connection);
 	}
 
@@ -458,6 +498,11 @@ class ftp extends transfer
 	*/
 	function _ls($dir = './')
 	{
+		if (!$this->connection)
+		{
+			return false;
+		}
+
 		$list = @ftp_nlist($this->connection, $dir);
 
 		// See bug #46295 - Some FTP daemons don't like './'
@@ -498,6 +543,11 @@ class ftp extends transfer
 	*/
 	function _site($command)
 	{
+		if (!$this->connection)
+		{
+			return false;
+		}
+
 		return @ftp_site($this->connection, $command);
 	}
 }
@@ -782,6 +832,11 @@ class ftp_fsock extends transfer
 	*/
 	function _send_command($command, $args = '', $check = true)
 	{
+		if (!$this->connection)
+		{
+			return false;
+		}
+
 		if (!empty($args))
 		{
 			$command = "$command $args";
@@ -871,6 +926,11 @@ class ftp_fsock extends transfer
 	*/
 	function _close_data_connection()
 	{
+		if (!$this->connection)
+		{
+			return false;
+		}
+
 		return @fclose($this->data_connection);
 	}
 
@@ -880,6 +940,11 @@ class ftp_fsock extends transfer
 	*/
 	function _check_command($return = false)
 	{
+		if (!$this->connection)
+		{
+			return false;
+		}
+
 		$response = '';
 
 		do

phpBB/includes/mcp/mcp_notes.php

@@ -98,7 +98,7 @@ class mcp_notes
 		$userrow = $db->sql_fetchrow($result);
 		$db->sql_freeresult($result);
 
-		if (!$userrow)
+		if (!$userrow || (int) $userrow['user_id'] === ANONYMOUS)
 		{
 			trigger_error('NO_USER');
 		}
@@ -162,16 +162,16 @@ class mcp_notes
 		{
 			if (check_form_key('mcp_notes'))
 			{
-				$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_FEEDBACK', false, array($userrow['username']));
-				$phpbb_log->add('mod', $user->data['user_id'], $user->ip, 'LOG_USER_FEEDBACK', false, array(
+				$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_FEEDBACK', false, [$userrow['username']]);
+				$phpbb_log->add('mod', $user->data['user_id'], $user->ip, 'LOG_USER_FEEDBACK', false, [
 					'forum_id' => 0,
 					'topic_id' => 0,
 					$userrow['username']
-				));
-				$phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_GENERAL', false, array(
+				]);
+				$phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_GENERAL', false, [
 					'reportee_id' => $user_id,
-					$usernote
-				));
+					utf8_encode_ucr($usernote)
+				]);
 
 				$msg = $user->lang['USER_FEEDBACK_ADDED'];
 			}

phpBB/includes/mcp/mcp_topic.php

@@ -383,7 +383,7 @@ function mcp_topic_view($id, $mode, $action)
 		'TOPIC_TITLE'		=> $topic_info['topic_title'],
 		'U_VIEW_TOPIC'		=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", 't=' . $topic_info['topic_id']),
 
-		'TO_TOPIC_ID'		=> $to_topic_id,
+		'TO_TOPIC_ID'		=> $to_topic_id ?: '',
 		'TO_TOPIC_INFO'		=> ($to_topic_id) ? sprintf($user->lang['YOU_SELECTED_TOPIC'], $to_topic_id, '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", 't=' . $to_topic_id) . '">' . $to_topic_info['topic_title'] . '</a>') : '',
 
 		'SPLIT_SUBJECT'		=> $subject,
@@ -638,9 +638,13 @@ function split_topic($action, $topic_id, $to_forum_id, $subject)
 			$topic_info['topic_title']
 		));
 
-		// Change topic title of first post
-		$sql = 'UPDATE ' . POSTS_TABLE . "
-			SET post_subject = '" . $db->sql_escape($subject) . "'
+		// Change topic title of first post and write icon_id to post
+		$sql_ary = [
+			'post_subject'		=> $subject,
+			'icon_id'			=> $icon_id,
+		];
+		$sql = 'UPDATE ' . POSTS_TABLE . '
+			SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
 			WHERE post_id = {$post_id_list[0]}";
 		$db->sql_query($sql);
 
@@ -732,6 +736,7 @@ function split_topic($action, $topic_id, $to_forum_id, $subject)
 
 		// Update forum statistics
 		$config->increment('num_topics', 1, false);
+		sync('forum', 'forum_id', [$to_forum_id], true, true);
 
 		// Link back to both topics
 		$return_link = sprintf($user->lang['RETURN_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", 't=' . $post_info['topic_id']) . '">', '</a>') . '<br /><br />' . sprintf($user->lang['RETURN_NEW_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", 't=' . $to_topic_id) . '">', '</a>');

phpBB/includes/mcp/mcp_warn.php

@@ -386,7 +386,7 @@ class mcp_warn
 		$user_row = $db->sql_fetchrow($result);
 		$db->sql_freeresult($result);
 
-		if (!$user_row)
+		if (!$user_row || (int) $user_row['user_id'] === ANONYMOUS)
 		{
 			trigger_error('NO_USER');
 		}
@@ -603,8 +603,8 @@ function add_warning($user_row, $warning, $send_pm = true, $post_id = 0)
 	$db->sql_freeresult($result);
 
 	$phpbb_log->add('mod', $user->data['user_id'], $user->ip, 'LOG_USER_WARNING', false, array(
-		'forum_id' => $row['forum_id'],
-		'topic_id' => $row['topic_id'],
+		'forum_id' => $row['forum_id'] ?? 0,
+		'topic_id' => $row['topic_id'] ?? 0,
 		'post_id'  => $post_id,
 		$user_row['username']
 	));

phpBB/includes/message_parser.php

@@ -1154,7 +1154,7 @@ class parse_message extends bbcode_firstpass
 		}
 
 		// Store message length...
-		$message_length = ($mode == 'post') ? utf8_strlen($this->message) : utf8_strlen(preg_replace('#\[\/?[a-z\*\+\-]+(=[\S]+)?\]#ius', ' ', $this->message));
+		$message_length = ($mode == 'post') ? utf8_strlen($this->message) : utf8_strlen(preg_replace('#\[\/?[a-z\*\+\-]+(?:=\S+?)?\]#ius', '', $this->message));
 
 		// Maximum message length check. 0 disables this check completely.
 		if ((int) $config['max_' . $mode . '_chars'] > 0 && $message_length > (int) $config['max_' . $mode . '_chars'])

phpBB/includes/startup.php

@@ -23,11 +23,11 @@ $level = E_ALL & ~E_NOTICE & ~E_DEPRECATED;
 error_reporting($level);
 
 /**
-* Minimum Requirement: PHP 7.1.3
+* Minimum Requirement: PHP 7.2.0
 */
-if (version_compare(PHP_VERSION, '7.1.3', '<'))
+if (version_compare(PHP_VERSION, '7.2.0', '<'))
 {
-	die('You are running an unsupported PHP version. Please upgrade to PHP 7.1.3 or higher before trying to install or update to phpBB 3.3');
+	die('You are running an unsupported PHP version (' . PHP_VERSION . '). Please upgrade to PHP 7.2.0 or higher before trying to install or update to phpBB 3.3');
 }
 // Register globals and magic quotes have been dropped in PHP 5.4 so no need for extra checks
 

phpBB/includes/ucp/ucp_attachments.php

@@ -41,7 +41,7 @@ class ucp_attachments
 		if ($delete && count($delete_ids))
 		{
 			// Validate $delete_ids...
-			$sql = 'SELECT a.attach_id, p.post_edit_locked, t.topic_status, f.forum_id, f.forum_status
+			$sql = 'SELECT a.attach_id, a.in_message, p.post_edit_locked, p.post_time, t.topic_status, f.forum_id, f.forum_status, pt.folder_id
 				FROM ' . ATTACHMENTS_TABLE . ' a
 				LEFT JOIN ' . POSTS_TABLE . ' p
 					ON (a.post_msg_id = p.post_id AND a.in_message = 0)
@@ -49,6 +49,10 @@ class ucp_attachments
 					ON (t.topic_id = p.topic_id AND a.in_message = 0)
 				LEFT JOIN ' . FORUMS_TABLE . ' f
 					ON (f.forum_id = t.forum_id AND a.in_message = 0)
+				LEFT JOIN ' . PRIVMSGS_TABLE . ' pr
+					ON (a.post_msg_id = pr.msg_id AND a.in_message = 1)
+				LEFT JOIN ' . PRIVMSGS_TO_TABLE . ' pt
+					ON (a.post_msg_id = pt.msg_id AND a.poster_id = pt.author_id AND a.poster_id = pt.user_id AND a.in_message = 1)
 				WHERE a.poster_id = ' . $user->data['user_id'] . '
 					AND a.is_orphan = 0
 					AND ' . $db->sql_in_set('a.attach_id', $delete_ids);
@@ -57,7 +61,7 @@ class ucp_attachments
 			$delete_ids = array();
 			while ($row = $db->sql_fetchrow($result))
 			{
-				if (!$auth->acl_get('m_edit', $row['forum_id']) && ($row['forum_status'] == ITEM_LOCKED || $row['topic_status'] == ITEM_LOCKED || $row['post_edit_locked']))
+				if (!$this->can_delete_file($row))
 				{
 					continue;
 				}
@@ -135,12 +139,13 @@ class ucp_attachments
 		$pagination = $phpbb_container->get('pagination');
 		$start = $pagination->validate_start($start, $config['topics_per_page'], $num_attachments);
 
-		$sql = 'SELECT a.*, t.topic_title, pr.message_subject as message_title, p.post_edit_locked, t.topic_status, f.forum_id, f.forum_status
+		$sql = 'SELECT a.*, t.topic_title, pr.message_subject as message_title, pr.message_time as message_time, pt.folder_id, p.post_edit_locked, p.post_time, t.topic_status, f.forum_id, f.forum_status
 			FROM ' . ATTACHMENTS_TABLE . ' a
 				LEFT JOIN ' . POSTS_TABLE . ' p ON (a.post_msg_id = p.post_id AND a.in_message = 0)
 				LEFT JOIN ' . TOPICS_TABLE . ' t ON (a.topic_id = t.topic_id AND a.in_message = 0)
 				LEFT JOIN ' . FORUMS_TABLE . ' f ON (f.forum_id = t.forum_id AND a.in_message = 0)
 				LEFT JOIN ' . PRIVMSGS_TABLE . ' pr ON (a.post_msg_id = pr.msg_id AND a.in_message = 1)
+				LEFT JOIN ' . PRIVMSGS_TO_TABLE . ' pt ON (a.post_msg_id = pt.msg_id AND a.poster_id = pt.author_id AND a.poster_id = pt.user_id AND a.in_message = 1)
 			WHERE a.poster_id = ' . $user->data['user_id'] . "
 				AND a.is_orphan = 0
 			ORDER BY $order_by";
@@ -177,7 +182,7 @@ class ucp_attachments
 					'TOPIC_ID'			=> $row['topic_id'],
 
 					'S_IN_MESSAGE'		=> $row['in_message'],
-					'S_LOCKED'			=> !$row['in_message'] && !$auth->acl_get('m_edit', $row['forum_id']) && ($row['forum_status'] == ITEM_LOCKED || $row['topic_status'] == ITEM_LOCKED || $row['post_edit_locked']),
+					'S_LOCKED'			=> !$this->can_delete_file($row),
 
 					'U_VIEW_ATTACHMENT'	=> append_sid("{$phpbb_root_path}download/file.$phpEx", 'id=' . $row['attach_id']),
 					'U_VIEW_TOPIC'		=> $view_topic)
@@ -216,4 +221,29 @@ class ucp_attachments
 		$this->tpl_name = 'ucp_attachments';
 		$this->page_title = 'UCP_ATTACHMENTS';
 	}
+
+	/**
+	 * Check if the user can delete the file
+	 *
+	 * @param array $row
+	 *
+	 * @return bool True if user can delete the file, false if not
+	 */
+	private function can_delete_file(array $row): bool
+	{
+		global $auth, $config;
+
+		if ($row['in_message'])
+		{
+			return ($row['message_time'] > (time() - ($config['pm_edit_time'] * 60)) || !$config['pm_edit_time']) && $row['folder_id'] == PRIVMSGS_OUTBOX && $auth->acl_get('u_pm_edit');
+		}
+		else
+		{
+			$can_edit_time = !$config['edit_time'] || $row['post_time'] > (time() - ($config['edit_time'] * 60));
+			$can_delete_time = !$config['delete_time'] || $row['post_time'] > (time() - ($config['delete_time'] * 60));
+			$item_locked = !$auth->acl_get('m_edit', $row['forum_id']) && ($row['forum_status'] == ITEM_LOCKED || $row['topic_status'] == ITEM_LOCKED || $row['post_edit_locked']);
+
+			return !$item_locked && $can_edit_time && $can_delete_time;
+		}
+	}
 }

phpBB/includes/ucp/ucp_main.php

@@ -35,8 +35,14 @@ class ucp_main
 
 	function main($id, $mode)
 	{
-		global $config, $db, $user, $auth, $template, $phpbb_root_path, $phpEx, $phpbb_dispatcher;
-		global $request;
+		global $config, $db, $user, $auth, $template, $phpbb_root_path, $phpEx, $phpbb_dispatcher, $cache;
+		global $request, $phpbb_container, $language;
+
+		/* @var $pagination \phpbb\pagination */
+		$pagination = $phpbb_container->get('pagination');
+
+		/* @var $phpbb_content_visibility \phpbb\content_visibility */
+		$phpbb_content_visibility = $phpbb_container->get('content.visibility');
 
 		switch ($mode)
 		{
@@ -44,8 +50,8 @@ class ucp_main
 
 				$user->add_lang('memberlist');
 
-				$sql_from = TOPICS_TABLE . ' t ';
-				$sql_select = '';
+				$sql_from = TOPICS_TABLE . ' t LEFT JOIN ' . FORUMS_TABLE . ' f ON (f.forum_id = t.forum_id) ';
+				$sql_select = ', f.enable_icons';
 
 				if ($config['load_db_track'])
 				{
@@ -137,6 +143,9 @@ class ucp_main
 				}
 				unset($topic_forum_list);
 
+				// Grab icons
+				$icons = $cache->obtain_icons();
+
 				foreach ($topic_list as $topic_id)
 				{
 					$row = &$rowset[$topic_id];
@@ -149,6 +158,9 @@ class ucp_main
 					$folder_img = ($unread_topic) ? $folder_new : $folder;
 					$folder_alt = ($unread_topic) ? 'UNREAD_POSTS' : (($row['topic_status'] == ITEM_LOCKED) ? 'TOPIC_LOCKED' : 'NO_UNREAD_POSTS');
 
+					// Replies
+					$replies = $phpbb_content_visibility->get_count('topic_posts', $row, $forum_id) - 1;
+
 					if ($row['topic_status'] == ITEM_LOCKED)
 					{
 						$folder_img .= '_locked';
@@ -176,10 +188,14 @@ class ucp_main
 						'TOPIC_TITLE'				=> censor_text($row['topic_title']),
 						'TOPIC_TYPE'				=> $topic_type,
 
+						'TOPIC_ICON_IMG'		=> !empty($icons[$row['icon_id']]) ? $icons[$row['icon_id']]['img'] : '',
+						'TOPIC_ICON_IMG_WIDTH'	=> !empty($icons[$row['icon_id']]) ? $icons[$row['icon_id']]['width'] : '',
+						'TOPIC_ICON_IMG_HEIGHT'	=> !empty($icons[$row['icon_id']]) ? $icons[$row['icon_id']]['height'] : '',
 						'TOPIC_IMG_STYLE'		=> $folder_img,
 						'TOPIC_FOLDER_IMG'		=> $user->img($folder_img, $folder_alt),
 						'ATTACH_ICON_IMG'		=> ($auth->acl_get('u_download') && $auth->acl_get('f_download', $forum_id) && $row['topic_attachment']) ? $user->img('icon_topic_attach', '') : '',
 
+						'S_TOPIC_ICONS'		=> $row['enable_icons'] ? true : false,
 						'S_USER_POSTED'		=> (!empty($row['topic_posted']) && $row['topic_posted']) ? true : false,
 						'S_UNREAD'			=> $unread_topic,
 
@@ -211,6 +227,8 @@ class ucp_main
 					extract($phpbb_dispatcher->trigger_event('core.ucp_main_front_modify_template_vars', compact($vars)));
 
 					$template->assign_block_vars('topicrow', $topicrow);
+
+					$pagination->generate_template_pagination(append_sid("{$phpbb_root_path}viewtopic.$phpEx", "t=$topic_id"), 'topicrow.pagination', 'start', $replies + 1, $config['posts_per_page'], 1, true, true);
 				}
 
 				if ($config['load_user_activity'])

phpBB/includes/ucp/ucp_pm_viewmessage.php

@@ -213,6 +213,8 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row)
 		$u_jabber = append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=contact&action=jabber&u=' . $author_id);
 	}
 
+	$can_edit_pm = ($message_row['message_time'] > time() - ($config['pm_edit_time'] * 60) || !$config['pm_edit_time']) && $folder_id == PRIVMSGS_OUTBOX && $auth->acl_get('u_pm_edit');
+
 	$msg_data = array(
 		'MESSAGE_AUTHOR_FULL'		=> get_username_string('full', $author_id, $user_info['username'], $user_info['user_colour'], $user_info['username']),
 		'MESSAGE_AUTHOR_COLOUR'		=> get_username_string('colour', $author_id, $user_info['username'], $user_info['user_colour'], $user_info['username']),
@@ -253,7 +255,7 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row)
 		'U_EMAIL'			=> $user_info['email'],
 		'U_REPORT'			=> ($config['allow_pm_report']) ? $phpbb_container->get('controller.helper')->route('phpbb_report_pm_controller', array('id' => $message_row['msg_id'])) : '',
 		'U_QUOTE'			=> ($auth->acl_get('u_sendpm') && $author_id != ANONYMOUS) ? "$url&mode=compose&action=quote&f=$folder_id&p=" . $message_row['msg_id'] : '',
-		'U_EDIT'			=> (($message_row['message_time'] > time() - ($config['pm_edit_time'] * 60) || !$config['pm_edit_time']) && $folder_id == PRIVMSGS_OUTBOX && $auth->acl_get('u_pm_edit')) ? "$url&mode=compose&action=edit&f=$folder_id&p=" . $message_row['msg_id'] : '',
+		'U_EDIT'			=> $can_edit_pm ? "$url&mode=compose&action=edit&f=$folder_id&p=" . $message_row['msg_id'] : '',
 		'U_POST_REPLY_PM'	=> ($auth->acl_get('u_sendpm') && $author_id != ANONYMOUS) ? "$url&mode=compose&action=reply&f=$folder_id&p=" . $message_row['msg_id'] : '',
 		'U_POST_REPLY_ALL'	=> ($auth->acl_get('u_sendpm') && $author_id != ANONYMOUS) ? "$url&mode=compose&action=reply&f=$folder_id&reply_to_all=1&p=" . $message_row['msg_id'] : '',
 		'U_PREVIOUS_PM'		=> "$url&f=$folder_id&p=" . $message_row['msg_id'] . "&view=previous",

phpBB/includes/ucp/ucp_profile.php

@@ -143,7 +143,7 @@ class ucp_profile
 							));
 						}
 
-						if ($auth->acl_get('u_chgpasswd') && $data['new_password'] && !$passwords_manager->check($data['new_password'], $user->data['user_password']))
+						if ($auth->acl_get('u_chgpasswd') && $data['new_password'])
 						{
 							$sql_ary['user_passchg'] = time();
 
@@ -265,7 +265,7 @@ class ucp_profile
 					'NEW_PASSWORD'		=> $data['new_password'],
 					'CUR_PASSWORD'		=> '',
 
-					'L_USERNAME_EXPLAIN'		=> $user->lang($config['allow_name_chars'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_name_chars']), $user->lang('CHARACTERS', (int) $config['max_name_chars'])),
+					'L_USERNAME_EXPLAIN'		=> $user->lang($config['allow_name_chars'] . '_EXPLAIN', $user->lang('CHARACTERS_XY', (int) $config['min_name_chars']), $user->lang('CHARACTERS_XY', (int) $config['max_name_chars'])),
 					'L_CHANGE_PASSWORD_EXPLAIN'	=> $user->lang($config['pass_complex'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_pass_chars'])),
 
 					'S_FORCE_PASSWORD'	=> ($auth->acl_get('u_chgpasswd') && $config['chg_passforce'] && $user->data['user_passchg'] < time() - ($config['chg_passforce'] * 86400)) ? true : false,

phpBB/includes/ucp/ucp_register.php

@@ -300,7 +300,7 @@ class ucp_register
 
 				if ($config['max_reg_attempts'] && $captcha->get_attempt_count() > $config['max_reg_attempts'])
 				{
-					$error[] = $user->lang['TOO_MANY_REGISTERS'];
+					trigger_error('TOO_MANY_REGISTERS');
 				}
 			}
 
@@ -644,8 +644,8 @@ class ucp_register
 			'EMAIL'				=> $data['email'],
 
 			'L_REG_COND'				=> $l_reg_cond,
-			'L_USERNAME_EXPLAIN'		=> $user->lang($config['allow_name_chars'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_name_chars']), $user->lang('CHARACTERS', (int) $config['max_name_chars'])),
-			'L_PASSWORD_EXPLAIN'		=> $user->lang($config['pass_complex'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_pass_chars'])),
+			'L_USERNAME_EXPLAIN'		=> $user->lang($config['allow_name_chars'] . '_EXPLAIN', $user->lang('CHARACTERS_XY', (int) $config['min_name_chars']), $user->lang('CHARACTERS_XY', (int) $config['max_name_chars'])),
+			'L_PASSWORD_EXPLAIN'		=> $user->lang($config['pass_complex'] . '_EXPLAIN', $user->lang('CHARACTERS_XY', (int) $config['min_pass_chars'])),
 
 			'S_LANG_OPTIONS'	=> (count($lang_row) > 1) ? language_select($data['lang'], $lang_row) : '',
 			'S_TZ_PRESELECT'	=> !$submit,

phpBB/index.php

@@ -227,6 +227,7 @@ $template->assign_vars(array(
 	'S_DISPLAY_BIRTHDAY_LIST'	=> $show_birthdays,
 	'S_INDEX'					=> true,
 
+	'U_CANONICAL'		=> generate_board_url() . '/',
 	'U_MARK_FORUMS'		=> ($user->data['is_registered'] || $config['load_anon_lastread']) ? append_sid("{$phpbb_root_path}index.$phpEx", 'hash=' . generate_link_hash('global') . '&mark=forums&mark_time=' . time()) : '',
 	'U_MCP'				=> ($auth->acl_get('m_') || $auth->acl_getf_global('m_')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=main&mode=front', true, $user->session_id) : '')
 );

phpBB/install/app.php

@@ -20,9 +20,9 @@ define('IN_INSTALL', true);
 $phpbb_root_path = '../';
 $phpEx = substr(strrchr(__FILE__, '.'), 1);
 
-if (version_compare(PHP_VERSION, '7.1.3', '<'))
+if (version_compare(PHP_VERSION, '7.2.0', '<'))
 {
-	die('You are running an unsupported PHP version. Please upgrade to PHP 7.1.3 or higher before trying to install or update to phpBB 3.3');
+	die('You are running an unsupported PHP version (' . PHP_VERSION . '). Please upgrade to PHP 7.2.0 or higher before trying to install or update to phpBB 3.3');
 }
 
 $startup_new_path = $phpbb_root_path . 'install/update/update/new/install/startup.' . $phpEx;

phpBB/install/convertors/convert_phpbb20.php

@@ -38,7 +38,7 @@ $dbms = $phpbb_config_php_file->convert_30_dbms_to_31($dbms);
 $convertor_data = array(
 	'forum_name'	=> 'phpBB 2.0.x',
 	'version'		=> '1.0.3',
-	'phpbb_version'	=> '3.3.8',
+	'phpbb_version'	=> '3.3.11',
 	'author'		=> '<a href="https://www.phpbb.com/">phpBB Limited</a>',
 	'dbms'			=> $dbms,
 	'dbhost'		=> $dbhost,

phpBB/install/phpbbcli.php

@@ -23,7 +23,7 @@ if (php_sapi_name() !== 'cli')
 define('IN_PHPBB', true);
 define('IN_INSTALL', true);
 define('PHPBB_ENVIRONMENT', 'production');
-define('PHPBB_VERSION', '3.3.8');
+define('PHPBB_VERSION', '3.3.11');
 $phpbb_root_path = __DIR__ . '/../';
 $phpEx = substr(strrchr(__FILE__, '.'), 1);
 

phpBB/install/schemas/schema_data.sql

@@ -316,7 +316,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('update_hashes_lock
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_icons_path', 'images/upload_icons');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_path', 'files');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('use_system_cron', '0');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.3.8');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.3.11');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_expire_days', '90');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_gc', '14400');
 
@@ -834,10 +834,10 @@ INSERT INTO phpbb_profile_fields (field_name, field_type, field_ident, field_len
 INSERT INTO phpbb_profile_fields (field_name, field_type, field_ident, field_length, field_minlen, field_maxlen, field_novalue, field_default_value, field_validation, field_required, field_show_novalue, field_show_on_reg, field_show_on_pm, field_show_on_vt, field_show_on_ml, field_show_profile, field_hide, field_no_view, field_active, field_order, field_is_contact, field_contact_desc, field_contact_url) VALUES ('phpbb_occupation', 'profilefields.type.text', 'phpbb_occupation', '3|30', '2', '500', '', '', '.*', 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 4, 0, '', '');
 INSERT INTO phpbb_profile_fields (field_name, field_type, field_ident, field_length, field_minlen, field_maxlen, field_novalue, field_default_value, field_validation, field_required, field_show_novalue, field_show_on_reg, field_show_on_pm, field_show_on_vt, field_show_on_ml, field_show_profile, field_hide, field_no_view, field_active, field_order, field_is_contact, field_contact_desc, field_contact_url) VALUES ('phpbb_icq', 'profilefields.type.string', 'phpbb_icq', '20', '3', '15', '', '', '[0-9]+', 0, 0, 0, 1, 1, 1, 1, 0, 0, 0, 6, 1, 'SEND_ICQ_MESSAGE', 'https://www.icq.com/people/%s/');
 INSERT INTO phpbb_profile_fields (field_name, field_type, field_ident, field_length, field_minlen, field_maxlen, field_novalue, field_default_value, field_validation, field_required, field_show_novalue, field_show_on_reg, field_show_on_pm, field_show_on_vt, field_show_on_ml, field_show_profile, field_hide, field_no_view, field_active, field_order, field_is_contact, field_contact_desc, field_contact_url) VALUES ('phpbb_yahoo', 'profilefields.type.string', 'phpbb_yahoo', '40', '5', '255', '', '', '.*', 0, 0, 0, 1, 1, 1, 1, 0, 0, 0, 8, 1, 'SEND_YIM_MESSAGE', 'ymsgr:sendim?%s');
-INSERT INTO phpbb_profile_fields (field_name, field_type, field_ident, field_length, field_minlen, field_maxlen, field_novalue, field_default_value, field_validation, field_required, field_show_novalue, field_show_on_reg, field_show_on_pm, field_show_on_vt, field_show_on_ml, field_show_profile, field_hide, field_no_view, field_active, field_order, field_is_contact, field_contact_desc, field_contact_url) VALUES ('phpbb_facebook', 'profilefields.type.string', 'phpbb_facebook', '20', '5', '50', '', '', '[\w.]+', 0, 0, 0, 1, 1, 1, 1, 0, 0, 1, 9, 1, 'VIEW_FACEBOOK_PROFILE', 'http://facebook.com/%s/');
-INSERT INTO phpbb_profile_fields (field_name, field_type, field_ident, field_length, field_minlen, field_maxlen, field_novalue, field_default_value, field_validation, field_required, field_show_novalue, field_show_on_reg, field_show_on_pm, field_show_on_vt, field_show_on_ml, field_show_profile, field_hide, field_no_view, field_active, field_order, field_is_contact, field_contact_desc, field_contact_url) VALUES ('phpbb_twitter', 'profilefields.type.string', 'phpbb_twitter', '20', '1', '15', '', '', '[\w_]+', 0, 0, 0, 1, 1, 1, 1, 0, 0, 1, 10, 1, 'VIEW_TWITTER_PROFILE', 'http://twitter.com/%s');
+INSERT INTO phpbb_profile_fields (field_name, field_type, field_ident, field_length, field_minlen, field_maxlen, field_novalue, field_default_value, field_validation, field_required, field_show_novalue, field_show_on_reg, field_show_on_pm, field_show_on_vt, field_show_on_ml, field_show_profile, field_hide, field_no_view, field_active, field_order, field_is_contact, field_contact_desc, field_contact_url) VALUES ('phpbb_facebook', 'profilefields.type.string', 'phpbb_facebook', '20', '5', '50', '', '', '[\w.]+', 0, 0, 0, 1, 1, 1, 1, 0, 0, 1, 9, 1, 'VIEW_FACEBOOK_PROFILE', 'https://facebook.com/%s/');
+INSERT INTO phpbb_profile_fields (field_name, field_type, field_ident, field_length, field_minlen, field_maxlen, field_novalue, field_default_value, field_validation, field_required, field_show_novalue, field_show_on_reg, field_show_on_pm, field_show_on_vt, field_show_on_ml, field_show_profile, field_hide, field_no_view, field_active, field_order, field_is_contact, field_contact_desc, field_contact_url) VALUES ('phpbb_twitter', 'profilefields.type.string', 'phpbb_twitter', '20', '1', '15', '', '', '[\w_]+', 0, 0, 0, 1, 1, 1, 1, 0, 0, 1, 10, 1, 'VIEW_TWITTER_PROFILE', 'https://twitter.com/%s');
 INSERT INTO phpbb_profile_fields (field_name, field_type, field_ident, field_length, field_minlen, field_maxlen, field_novalue, field_default_value, field_validation, field_required, field_show_novalue, field_show_on_reg, field_show_on_pm, field_show_on_vt, field_show_on_ml, field_show_profile, field_hide, field_no_view, field_active, field_order, field_is_contact, field_contact_desc, field_contact_url) VALUES ('phpbb_skype', 'profilefields.type.string', 'phpbb_skype', '20', '6', '32', '', '', '[a-zA-Z][\w\.,\-_]+', 0, 0, 0, 1, 1, 1, 1, 0, 0, 1, 11, 1, 'VIEW_SKYPE_PROFILE', 'skype:%s?userinfo');
-INSERT INTO phpbb_profile_fields (field_name, field_type, field_ident, field_length, field_minlen, field_maxlen, field_novalue, field_default_value, field_validation, field_required, field_show_novalue, field_show_on_reg, field_show_on_pm, field_show_on_vt, field_show_on_ml, field_show_profile, field_hide, field_no_view, field_active, field_order, field_is_contact, field_contact_desc, field_contact_url) VALUES ('phpbb_youtube', 'profilefields.type.string', 'phpbb_youtube', '20', '3', '60', '', '', '[a-zA-Z][\w\.,\-_]+', 0, 0, 0, 1, 1, 1, 1, 0, 0, 1, 12, 1, 'VIEW_YOUTUBE_CHANNEL', 'http://youtube.com/user/%s');
+INSERT INTO phpbb_profile_fields (field_name, field_type, field_ident, field_length, field_minlen, field_maxlen, field_novalue, field_default_value, field_validation, field_required, field_show_novalue, field_show_on_reg, field_show_on_pm, field_show_on_vt, field_show_on_ml, field_show_profile, field_hide, field_no_view, field_active, field_order, field_is_contact, field_contact_desc, field_contact_url) VALUES ('phpbb_youtube', 'profilefields.type.string', 'phpbb_youtube', '20', '3', '60', '', '', '(@[a-zA-Z0-9_.-]{3,30}|c/[a-zA-Z][\w\.,\-_]+|(channel|user)/[a-zA-Z][\w\.,\-_]+)', 0, 0, 0, 1, 1, 1, 1, 0, 0, 1, 12, 1, 'VIEW_YOUTUBE_PROFILE', 'https://youtube.com/%s');
 
 # User Notification Options (for first user)
 INSERT INTO phpbb_user_notifications (item_type, item_id, user_id, method) VALUES('notification.type.post', 0, 2, 'notification.method.board');

phpBB/install/startup.php

@@ -159,9 +159,9 @@ function installer_shutdown_function($display_errors)
 		installer_class_loader($phpbb_root_path, $phpEx);
 		$supported_error_levels = E_ALL & ~E_NOTICE & ~E_DEPRECATED & ~E_USER_DEPRECATED;
 
-		$cache = new \phpbb\cache\driver\file(__DIR__ . '/../cache/installer');
+		$cache = new \phpbb\cache\driver\file(__DIR__ . '/../cache/installer/');
 		$filesystem = new \phpbb\filesystem\filesystem();
-		if (strpos($error['file'], $filesystem->realpath($cache->cache_dir)) !== false)
+		if (strpos($error['file'], $filesystem->realpath($cache->cache_dir)) !== false && is_writable($cache->cache_dir))
 		{
 			$file_age = @filemtime($error['file']);
 

phpBB/language/en/acp/board.php

@@ -44,7 +44,7 @@ $lang = array_merge($lang, array(
 	'BOARD_STYLE'					=> 'Board style',
 	'CUSTOM_DATEFORMAT'				=> 'Custom…',
 	'DEFAULT_DATE_FORMAT'			=> 'Date format',
-	'DEFAULT_DATE_FORMAT_EXPLAIN'	=> 'The date format is the same as the PHP <code><a href="https://secure.php.net/manual/function.date.php">date()</a></code> function.',
+	'DEFAULT_DATE_FORMAT_EXPLAIN'	=> 'The syntax uses the same format as the PHP <a href="https://www.php.net/manual/datetime.format.php">date functions</a>.',
 	'DEFAULT_LANGUAGE'				=> 'Default language',
 	'DEFAULT_STYLE'					=> 'Default style',
 	'DEFAULT_STYLE_EXPLAIN'			=> 'The default style for new users.',
@@ -386,7 +386,7 @@ $lang = array_merge($lang, array(
 	'ACP_LOAD_SETTINGS_EXPLAIN'	=> 'Here you can enable and disable certain board functions to reduce the amount of processing required. On most servers there is no need to disable any functions. However on certain systems or in shared hosting environments it may be beneficial to disable capabilities you do not really need. You can also specify limits for system load and active sessions beyond which the board will go offline.',
 
 	'ALLOW_CDN'						=> 'Allow usage of third party content delivery networks',
-	'ALLOW_CDN_EXPLAIN'				=> 'If this setting is enabled, some files will be served from external third party servers instead of your server. This reduces the network bandwidth required by your server, but may present a privacy issue for some board administrators. In a default phpBB installation, this includes loading “jQuery” and the font “Open Sans” from Google’s content delivery network.',
+	'ALLOW_CDN_EXPLAIN'				=> 'If this setting is enabled, some files will be served from external third party servers instead of your server. This reduces the network bandwidth used by your server, but may present a privacy issue in some countries. In a default phpBB installation, this includes loading “jQuery” and the font “Open Sans” from Google’s content delivery network. This also applies to the “Font Awesome” font, which phpBB and some extensions use to render icons.',
 	'ALLOW_LIVE_SEARCHES'			=> 'Allow live searches',
 	'ALLOW_LIVE_SEARCHES_EXPLAIN'	=> 'If this setting is enabled, users are provided with keyword suggestions as they type in certain fields throughout the board.',
 	'CUSTOM_PROFILE_FIELDS'			=> 'Custom profile fields',
@@ -483,7 +483,7 @@ $lang = array_merge($lang, array(
 	'SCRIPT_PATH'				=> 'Script path',
 	'SCRIPT_PATH_EXPLAIN'		=> 'The path where phpBB is located relative to the domain name, e.g. <samp>/phpBB3</samp>.',
 	'SERVER_NAME'				=> 'Domain name',
-	'SERVER_NAME_EXPLAIN'		=> 'The domain name this board runs from (for example: <samp>www.example.com</samp>).',
+	'SERVER_NAME_EXPLAIN'		=> 'The domain name this board runs from (for example: <samp>example.com</samp>).',
 	'SERVER_PORT'				=> 'Server port',
 	'SERVER_PORT_EXPLAIN'		=> 'The port your server is running on, usually 80, only change if different.',
 	'SERVER_PROTOCOL'			=> 'Server protocol',

phpBB/language/en/acp/common.php

@@ -738,6 +738,10 @@ $lang = array_merge($lang, array(
 	'LOG_SEARCH_INDEX_CREATED'	=> '<strong>Created search index for</strong><br />» %s',
 	'LOG_SEARCH_INDEX_REMOVED'	=> '<strong>Removed search index for</strong><br />» %s',
 	'LOG_SPHINX_ERROR'			=> '<strong>Sphinx Error</strong><br />» %s',
+
+	'LOG_SPAMHAUS_OPEN_RESOLVER'		=> 'Spamhaus does not allow queries using an open resolver. Blacklist checking has been disabled. For more information, see https://www.spamhaus.com/product/help-for-spamhaus-public-mirror-users/.',
+	'LOG_SPAMHAUS_VOLUME_LIMIT'			=> 'Spamhaus query volume limit has been exceeded. Blacklist checking has been disabled. For more information, see https://www.spamhaus.com/product/help-for-spamhaus-public-mirror-users/.',
+
 	'LOG_STYLE_ADD'				=> '<strong>Added new style</strong><br />» %s',
 	'LOG_STYLE_DELETE'			=> '<strong>Deleted style</strong><br />» %s',
 	'LOG_STYLE_EDIT_DETAILS'	=> '<strong>Edited style</strong><br />» %s',

phpBB/language/en/acp/permissions.php

@@ -59,7 +59,7 @@ $lang = array_merge($lang, array(
 
 	'ACL_NEVER'				=> 'Never',
 	'ACL_SET'				=> 'Setting permissions',
-	'ACL_SET_EXPLAIN'		=> 'Permissions are based on a simple <strong>YES</strong>/<strong>NO</strong> system. Setting an option to <strong>NEVER</strong> for a user or usergroup overrides any other value assigned to it. If you do not wish to assign a value for an option for this user or group select <strong>NO</strong>. If values are assigned for this option elsewhere they will be used in preference, else <strong>NEVER</strong> is assumed. All objects marked (with the checkbox in front of them) will copy the permission set you defined.',
+	'ACL_SET_EXPLAIN'		=> 'Permissions are based on a simple <strong>YES</strong>/<strong>NO</strong> system. Setting an option to <strong>NEVER</strong> for a user or usergroup overrides any other value assigned to it. If you do not wish to assign a value for an option for this user or group select <strong>NO</strong>. If values are assigned for this option elsewhere they will be used in preference, else <strong>NEVER</strong> is assumed. All objects marked (with the checkbox in front of them) will copy the permission set you defined. Please note that setting administrative permissions for founder accounts does not have any effect as admin permissions are always set to <strong>YES</strong> for founders.',
 	'ACL_SETTING'			=> 'Setting',
 
 	'ACL_TYPE_A_'			=> 'Administrative permissions',

phpBB/language/en/acp/search.php

@@ -52,7 +52,7 @@ $lang = array_merge($lang, array(
 	'DEFAULT_SEARCH_RETURN_CHARS'			=> 'Default number of returned characters',
 	'DEFAULT_SEARCH_RETURN_CHARS_EXPLAIN'	=> 'The default number of characters that will be returned while searching. A value of 0 will return the entire post.',
 	'DELETE_INDEX'							=> 'Delete index',
-	'DELETING_INDEX_IN_PROGRESS'			=> 'Deleting the index in progress',
+	'DELETING_INDEX_IN_PROGRESS'			=> 'Deletion of index is in progress…',
 	'DELETING_INDEX_IN_PROGRESS_EXPLAIN'	=> 'The search backend is currently cleaning its index. This can take a few minutes.',
 
 	'FULLTEXT_MYSQL_INCOMPATIBLE_DATABASE'	=> 'The MySQL fulltext backend can only be used with MySQL4 and above.',
@@ -92,7 +92,7 @@ $lang = array_merge($lang, array(
 	'GO_TO_SEARCH_INDEX'					=> 'Go to search index page',
 
 	'INDEX_STATS'							=> 'Index statistics',
-	'INDEXING_IN_PROGRESS'					=> 'Indexing in progress',
+	'INDEXING_IN_PROGRESS'					=> 'Indexing in progress…',
 	'INDEXING_IN_PROGRESS_EXPLAIN'			=> 'The search backend is currently indexing all posts on the board. This can take from a few minutes to a few hours depending on your board’s size.',
 
 	'LIMIT_SEARCH_LOAD'						=> 'Search page system load limit',
@@ -112,18 +112,19 @@ $lang = array_merge($lang, array(
 	'SEARCH_GUEST_INTERVAL'					=> 'Guest search flood interval',
 	'SEARCH_GUEST_INTERVAL_EXPLAIN'			=> 'Number of seconds guests must wait between searches. If one guest searches all others have to wait until the time interval passed.',
 	'SEARCH_INDEX_CREATE_REDIRECT'			=> array(
-		2	=> 'All posts up to post id %2$d have now been indexed, of which %1$d posts were within this step.<br />',
+		2	=> 'All posts up to post id %2$d have now been indexed, of which %1$d posts were within this step.',
 	),
 	'SEARCH_INDEX_CREATE_REDIRECT_RATE'		=> array(
-		2	=> 'The current rate of indexing is approximately %1$.1f posts per second.<br />Indexing in progress…',
+		2	=> 'The current rate of indexing is approximately %1$.1f posts per second.',
 	),
 	'SEARCH_INDEX_DELETE_REDIRECT'			=> array(
-		2	=> 'All posts up to post id %2$d have been removed from the search index, of which %1$d posts were within this step.<br />',
+		2	=> 'All posts up to post id %2$d have been removed from the search index, of which %1$d posts were within this step.',
 	),
 	'SEARCH_INDEX_DELETE_REDIRECT_RATE'		=> array(
-		2	=> 'The current rate of deleting is approximately %1$.1f posts per second.<br />Deleting in progress…',
+		2	=> 'The current rate of deleting is approximately %1$.1f posts per second.',
 	),
 	'SEARCH_INDEX_CREATED'					=> 'Successfully indexed all posts in the board database.',
+	'SEARCH_INDEX_PROGRESS'					=> 'Done: %1$d | Pending: %2$d | Total: %3$d',
 	'SEARCH_INDEX_REMOVED'					=> 'Successfully deleted the search index for this backend.',
 	'SEARCH_INTERVAL'						=> 'User search flood interval',
 	'SEARCH_INTERVAL_EXPLAIN'				=> 'Number of seconds users must wait between searches. This interval is checked independently for each user.',

phpBB/language/en/common.php

@@ -169,6 +169,11 @@ $lang = array_merge($lang, array(
 		1	=> '%d character',
 		2	=> '%d characters',
 	),
+	// Special version to be used when describing ranges e.g. "min x characters and max y characters"
+	'CHARACTERS_XY'			=> array(
+		1	=> '%d character',
+		2	=> '%d characters',
+	),
 	'COLLAPSE_VIEW'			=> 'Collapse view',
 	'CLOSE_WINDOW'			=> 'Close window',
 	'CODE'					=> 'Code',
@@ -678,6 +683,10 @@ $lang = array_merge($lang, array(
 	'RETURN_TOPIC'				=> '%sReturn to the topic last visited%s',
 	'RETURN_TO'					=> 'Return to “%s”',
 	'RETURN_TO_INDEX'			=> 'Return to Board Index',
+
+	'ROUTE_NOT_FOUND'				=> 'The requested route “%s” could not be found.',
+	'ROUTE_INVALID_MISSING_PARAMS'	=> 'Invalid or missing parameters passed for route “%s”.',
+
 	'FEED'						=> 'Feed',
 	'FEED_NEWS'					=> 'News',
 	'FEED_TOPICS_ACTIVE'		=> 'Active Topics',

phpBB/language/en/install.php

@@ -45,7 +45,7 @@ $lang = array_merge($lang, array(
 
 	// Introduction page
 	'INTRODUCTION_TITLE'	=> 'Introduction',
-	'INTRODUCTION_BODY'		=> 'Welcome to phpBB3!<br /><br />phpBB® is the most widely used open source bulletin board solution in the world. phpBB3 is the latest installment in a package line started in 2000. Like its predecessors, phpBB3 is feature-rich, user-friendly, and fully supported by the phpBB Team. phpBB3 greatly improves on what made phpBB2 popular, and adds commonly requested features that were not present in previous versions. We hope it exceeds your expectations.<br /><br />This installation system will guide you through installing phpBB3, updating to the latest version of phpBB3 from past releases, as well as converting to phpBB3 from a different discussion board system (including phpBB2). For more information, we encourage you to read <a href="../docs/INSTALL.html">the installation guide</a>.<br /><br />To read the phpBB3 license or learn about obtaining support and our stance on it, please select the respective options from the side menu. To continue, please select the appropriate tab above.',
+	'INTRODUCTION_BODY'		=> 'Welcome to phpBB3!<br /><br />phpBB® is the most widely used open source bulletin board solution in the world. phpBB3 is the latest installment in a package line started in 2000. Like its predecessors, phpBB3 is feature-rich, user-friendly, and fully supported by the phpBB Team. phpBB3 greatly improves on what made phpBB2 popular, and adds commonly requested features that were not present in previous versions. We hope it exceeds your expectations.<br /><br />This installation system will guide you through installing phpBB3, updating to the latest version of phpBB3 from past releases, as well as converting to phpBB3 from a different discussion board system (including phpBB2). For more information, we encourage you to read <a href="%1$s">the installation guide</a>.<br /><br />To read the phpBB3 license or learn about obtaining support and our stance on it, please select the respective options from the side menu. To continue, please select the appropriate tab above.',
 
 	// Support page
 	'SUPPORT_TITLE'		=> 'Support',
@@ -105,7 +105,7 @@ $lang = array_merge($lang, array(
 
 	// Server requirements
 	'PHP_VERSION_REQD'					=> 'PHP version',
-	'PHP_VERSION_REQD_EXPLAIN'			=> 'phpBB requires PHP version 7.1.3 or higher.',
+	'PHP_VERSION_REQD_EXPLAIN'			=> 'phpBB requires PHP version 7.2.0 or higher.',
 	'PHP_GETIMAGESIZE_SUPPORT'			=> 'PHP getimagesize() function is required',
 	'PHP_GETIMAGESIZE_SUPPORT_EXPLAIN'	=> 'In order for phpBB to function correctly, the getimagesize function needs to be available.',
 	'PCRE_UTF_SUPPORT'					=> 'PCRE UTF-8 support',
@@ -508,10 +508,12 @@ $lang = array_merge($lang, array(
 	'CHECK_TABLE_PREFIX'		=> 'Please check your table prefix and try again.',
 
 	// Conversion in progress
+	'CATEGORY'					=> 'Category',
 	'CONTINUE_CONVERT'			=> 'Continue conversion',
 	'CONTINUE_CONVERT_BODY'		=> 'A previous conversion attempt has been determined. You are now able to choose between starting a new conversion or continuing the conversion.',
 	'CONVERT_NEW_CONVERSION'	=> 'New conversion',
 	'CONTINUE_OLD_CONVERSION'	=> 'Continue previously started conversion',
+	'POST_ID'					=> 'Post ID',
 
 	// Start conversion
 	'SUB_INTRO'					=> 'Introduction',
@@ -568,6 +570,10 @@ $lang = array_merge($lang, array(
 	'CONVERT_COMPLETE'			=> 'Conversion completed',
 	'CONVERT_COMPLETE_EXPLAIN'	=> 'You have now successfully converted your board to phpBB 3.3. You can now login and <a href="../">access your board</a>. Please ensure that the settings were transferred correctly before enabling your board by deleting the install directory. Remember that help on using phpBB is available online via the <a href="https://www.phpbb.com/support/docs/en/3.3/ug/">Documentation</a> and the <a href="https://www.phpbb.com/community/viewforum.php?f=661">support forums</a>.',
 
+	'COLLIDING_CLEAN_USERNAME'			=> '<strong>%s</strong> is the clean username for:',
+	'COLLIDING_USER'					=> '» user id: <strong>%d</strong> username: <strong>%s</strong> (%d posts)',
+	'COLLIDING_USERNAMES_FOUND'			=> 'Colliding usernames were found on your old board. In order to complete the conversion please delete or rename these users so that there is only one user on your old board for each clean username.',
+	'CONV_ERR_FATAL'					=> 'Fatal conversion error',
 	'CONV_ERROR_ATTACH_FTP_DIR'			=> 'FTP upload for attachments is enabled at the old board. Please disable the FTP upload option and make sure a valid upload directory is specified, then copy all attachment files to this new web accessible directory. Once you have done this, restart the convertor.',
 	'CONV_ERROR_CONFIG_EMPTY'			=> 'There is no configuration information available for the conversion.',
 	'CONV_ERROR_FORUM_ACCESS'			=> 'Unable to get forum access information.',

phpBB/language/en/memberlist.php

@@ -149,5 +149,5 @@ $lang = array_merge($lang, array(
 	'VIEW_FACEBOOK_PROFILE'	=> 'View Facebook Profile',
 	'VIEW_SKYPE_PROFILE'	=> 'View Skype Profile',
 	'VIEW_TWITTER_PROFILE'	=> 'View Twitter Profile',
-	'VIEW_YOUTUBE_CHANNEL'	=> 'View YouTube Channel',
+	'VIEW_YOUTUBE_PROFILE'	=> 'View YouTube Profile',
 ));

phpBB/language/en/ucp.php

@@ -116,7 +116,7 @@ $lang = array_merge($lang, array(
 	'BIRTHDAY'					=> 'Birthday',
 	'BIRTHDAY_EXPLAIN'			=> 'Setting a year will list your age when it is your birthday.',
 	'BOARD_DATE_FORMAT'			=> 'My date format',
-	'BOARD_DATE_FORMAT_EXPLAIN'	=> 'The syntax used is identical to the PHP <a href="https://secure.php.net/manual/function.date.php">date()</a> function.',
+	'BOARD_DATE_FORMAT_EXPLAIN'	=> 'The syntax uses the same format as the PHP <a href="https://www.php.net/manual/datetime.format.php">date functions</a>.',
 	'BOARD_LANGUAGE'			=> 'My language',
 	'BOARD_STYLE'				=> 'My board style',
 	'BOARD_TIMEZONE'			=> 'My timezone',

phpBB/memberlist.php

@@ -1634,17 +1634,20 @@ switch ($mode)
 		if (count($user_list))
 		{
 			// Session time?! Session time...
-			$sql = 'SELECT session_user_id, MAX(session_time) AS session_time
+			$sql = 'SELECT session_user_id, MAX(session_time) AS session_time, MIN(session_viewonline) AS session_viewonline
 				FROM ' . SESSIONS_TABLE . '
 				WHERE session_time >= ' . (time() - $config['session_length']) . '
 					AND ' . $db->sql_in_set('session_user_id', $user_list) . '
 				GROUP BY session_user_id';
 			$result = $db->sql_query($sql);
 
-			$session_times = array();
+			$session_ary = [];
 			while ($row = $db->sql_fetchrow($result))
 			{
-				$session_times[$row['session_user_id']] = $row['session_time'];
+				$session_ary[$row['session_user_id']] = [
+					'session_time' => $row['session_time'],
+					'session_viewonline' => $row['session_viewonline'],
+				];
 			}
 			$db->sql_freeresult($result);
 
@@ -1708,7 +1711,8 @@ switch ($mode)
 			$id_cache = array();
 			while ($row = $db->sql_fetchrow($result))
 			{
-				$row['session_time'] = (!empty($session_times[$row['user_id']])) ? $session_times[$row['user_id']] : 0;
+				$row['session_time'] = $session_ary[$row['user_id']]['session_time'] ?? 0;
+				$row['session_viewonline'] = $session_ary[$row['user_id']]['session_viewonline'] ?? 0;
 				$row['last_visit'] = (!empty($row['session_time'])) ? $row['session_time'] : $row['user_lastvisit'];
 
 				$id_cache[$row['user_id']] = $row;

phpBB/phpbb/attachment/upload.php

@@ -48,6 +48,9 @@ class upload
 	/** @var dispatcher */
 	protected $phpbb_dispatcher;
 
+	/** @var string */
+	protected $phpbb_root_path;
+
 	/** @var plupload Plupload */
 	protected $plupload;
 

phpBB/phpbb/auth/auth.php

@@ -524,19 +524,19 @@ class auth
 			ORDER BY role_id ASC';
 		$result = $db->sql_query($sql);
 
-		$this->role_cache = array();
+		$role_cache = array();
 		while ($row = $db->sql_fetchrow($result))
 		{
-			$this->role_cache[$row['role_id']][$row['auth_option_id']] = (int) $row['auth_setting'];
+			$role_cache[$row['role_id']][$row['auth_option_id']] = (int) $row['auth_setting'];
 		}
 		$db->sql_freeresult($result);
 
-		foreach ($this->role_cache as $role_id => $role_options)
+		foreach ($role_cache as $role_id => $role_options)
 		{
-			$this->role_cache[$role_id] = serialize($role_options);
+			$role_cache[$role_id] = serialize($role_options);
 		}
 
-		$cache->put('_role_cache', $this->role_cache);
+		$cache->put('_role_cache', $role_cache);
 
 		// Now empty user permissions
 		$where_sql = '';
@@ -828,9 +828,9 @@ class auth
 		global $db, $cache;
 
 		// Check if the role-cache is there
-		if (($this->role_cache = $cache->get('_role_cache')) === false)
+		if (($role_cache = $cache->get('_role_cache')) === false)
 		{
-			$this->role_cache = array();
+			$role_cache = array();
 
 			// We pre-fetch roles
 			$sql = 'SELECT *
@@ -840,16 +840,16 @@ class auth
 
 			while ($row = $db->sql_fetchrow($result))
 			{
-				$this->role_cache[$row['role_id']][$row['auth_option_id']] = (int) $row['auth_setting'];
+				$role_cache[$row['role_id']][$row['auth_option_id']] = (int) $row['auth_setting'];
 			}
 			$db->sql_freeresult($result);
 
-			foreach ($this->role_cache as $role_id => $role_options)
+			foreach ($role_cache as $role_id => $role_options)
 			{
-				$this->role_cache[$role_id] = serialize($role_options);
+				$role_cache[$role_id] = serialize($role_options);
 			}
 
-			$cache->put('_role_cache', $this->role_cache);
+			$cache->put('_role_cache', $role_cache);
 		}
 
 		$hold_ary = array();
@@ -865,7 +865,7 @@ class auth
 			// If a role is assigned, assign all options included within this role. Else, only set this one option.
 			if ($row['auth_role_id'])
 			{
-				$hold_ary[$row['forum_id']] = (empty($hold_ary[$row['forum_id']])) ? unserialize($this->role_cache[$row['auth_role_id']]) : $hold_ary[$row['forum_id']] + unserialize($this->role_cache[$row['auth_role_id']]);
+				$hold_ary[$row['forum_id']] = (empty($hold_ary[$row['forum_id']])) ? unserialize($role_cache[$row['auth_role_id']]) : $hold_ary[$row['forum_id']] + unserialize($role_cache[$row['auth_role_id']]);
 			}
 			else
 			{
@@ -890,9 +890,9 @@ class auth
 			{
 				$this->_set_group_hold_ary($hold_ary[$row['forum_id']], $row['auth_option_id'], $row['auth_setting']);
 			}
-			else if (!empty($this->role_cache[$row['auth_role_id']]))
+			else if (!empty($role_cache[$row['auth_role_id']]))
 			{
-				foreach (unserialize($this->role_cache[$row['auth_role_id']]) as $option_id => $setting)
+				foreach (unserialize($role_cache[$row['auth_role_id']]) as $option_id => $setting)
 				{
 					$this->_set_group_hold_ary($hold_ary[$row['forum_id']], $option_id, $setting);
 				}

phpBB/phpbb/avatar/driver/local.php

@@ -23,7 +23,7 @@ class local extends \phpbb\avatar\driver\driver
 	*/
 	public function get_data($row)
 	{
-		$root_path = (defined('PHPBB_USE_BOARD_URL_PATH') && PHPBB_USE_BOARD_URL_PATH) ? generate_board_url() . '/' : $this->path_helper->get_web_root_path();
+		$root_path = $this->path_helper->get_web_root_path();
 
 		return array(
 			'src' => $root_path . $this->config['avatar_gallery_path'] . '/' . $row['avatar'],

phpBB/phpbb/avatar/driver/remote.php

@@ -62,7 +62,7 @@ class remote extends \phpbb\avatar\driver\driver
 
 		if (!preg_match('#^(http|https|ftp)://#i', $url))
 		{
-			$url = 'http://' . $url;
+			$url = 'https://' . $url;
 		}
 
 		if (!function_exists('validate_data'))

phpBB/phpbb/avatar/driver/upload.php

@@ -62,7 +62,7 @@ class upload extends \phpbb\avatar\driver\driver
 	*/
 	public function get_data($row)
 	{
-		$root_path = (defined('PHPBB_USE_BOARD_URL_PATH') && PHPBB_USE_BOARD_URL_PATH) ? generate_board_url() . '/' : $this->path_helper->get_web_root_path();
+		$root_path = $this->path_helper->get_web_root_path();
 
 		return array(
 			'src' => $root_path . 'download/file.' . $this->php_ext . '?avatar=' . $row['avatar'],

phpBB/phpbb/cache/driver/base.php

@@ -115,6 +115,7 @@ abstract class base implements \phpbb\cache\driver\driver_interface
 	*/
 	function sql_exists($query_id)
 	{
+		$query_id = $this->clean_query_id($query_id);
 		return isset($this->sql_rowset[$query_id]);
 	}
 
@@ -123,6 +124,7 @@ abstract class base implements \phpbb\cache\driver\driver_interface
 	*/
 	function sql_fetchrow($query_id)
 	{
+		$query_id = $this->clean_query_id($query_id);
 		if ($this->sql_row_pointer[$query_id] < count($this->sql_rowset[$query_id]))
 		{
 			return $this->sql_rowset[$query_id][$this->sql_row_pointer[$query_id]++];
@@ -136,6 +138,7 @@ abstract class base implements \phpbb\cache\driver\driver_interface
 	*/
 	function sql_fetchfield($query_id, $field)
 	{
+		$query_id = $this->clean_query_id($query_id);
 		if ($this->sql_row_pointer[$query_id] < count($this->sql_rowset[$query_id]))
 		{
 			return (isset($this->sql_rowset[$query_id][$this->sql_row_pointer[$query_id]][$field])) ? $this->sql_rowset[$query_id][$this->sql_row_pointer[$query_id]++][$field] : false;
@@ -149,6 +152,7 @@ abstract class base implements \phpbb\cache\driver\driver_interface
 	*/
 	function sql_rowseek($rownum, $query_id)
 	{
+		$query_id = $this->clean_query_id($query_id);
 		if ($rownum >= count($this->sql_rowset[$query_id]))
 		{
 			return false;
@@ -163,6 +167,7 @@ abstract class base implements \phpbb\cache\driver\driver_interface
 	*/
 	function sql_freeresult($query_id)
 	{
+		$query_id = $this->clean_query_id($query_id);
 		if (!isset($this->sql_rowset[$query_id]))
 		{
 			return false;
@@ -231,4 +236,21 @@ abstract class base implements \phpbb\cache\driver\driver_interface
 
 		@rmdir($dir);
 	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public function clean_query_id($query_id)
+	{
+		// Some DBMS functions accept/return objects and/or resources instead of integer identifier
+		// Attempting to cast object to int will throw error, hence correctly handle all cases
+		if (is_resource($query_id))
+		{
+			return function_exists('get_resource_id') ? get_resource_id($query_id) : (int) $query_id;
+		}
+		else
+		{
+			return is_object($query_id) ? spl_object_id($query_id) : $query_id;
+		}
+	}
 }

phpBB/phpbb/cache/driver/driver_interface.php

@@ -164,4 +164,13 @@ interface driver_interface
 	* @return bool
 	*/
 	public function sql_freeresult($query_id);
+
+	/**
+	 * Ensure query ID can be used by cache
+	 *
+	 * @param object|resource|int|string $query_id Mixed type query id
+	 *
+	 * @return int|string Query id in string or integer format
+	 */
+	public function clean_query_id($query_id);
 }

phpBB/phpbb/cache/driver/file.php

@@ -37,9 +37,9 @@ class file extends \phpbb\cache\driver\base
 		$this->cache_dir = !is_null($cache_dir) ? $cache_dir : $phpbb_container->getParameter('core.cache_dir');
 		$this->filesystem = new \phpbb\filesystem\filesystem();
 
-		if (!is_dir($this->cache_dir))
+		if ($this->filesystem->is_writable(dirname($this->cache_dir)) && !is_dir($this->cache_dir))
 		{
-			@mkdir($this->cache_dir, 0777, true);
+			mkdir($this->cache_dir, 0777, true);
 		}
 	}
 

phpBB/phpbb/captcha/plugins/recaptcha.php

@@ -15,18 +15,13 @@ namespace phpbb\captcha\plugins;
 
 class recaptcha extends captcha_abstract
 {
-	var $recaptcha_server = 'http://www.google.com/recaptcha/api';
-	var $recaptcha_server_secure = 'https://www.google.com/recaptcha/api'; // class constants :(
-
-	var $response;
+	private $response;
 
 	/**
 	* Constructor
 	*/
 	public function __construct()
 	{
-		global $request;
-		$this->recaptcha_server = $request->is_secure() ? $this->recaptcha_server_secure : $this->recaptcha_server;
 	}
 
 	function init($type)
@@ -94,6 +89,12 @@ class recaptcha extends captcha_abstract
 				}
 			}
 
+			$recaptcha_domain = $request->variable('recaptcha_v2_domain', '', true);
+			if (in_array($recaptcha_domain, recaptcha_v3::$supported_domains))
+			{
+				$config->set('recaptcha_v2_domain', $recaptcha_domain);
+			}
+
 			$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_CONFIG_VISUAL');
 			trigger_error($user->lang['CONFIG_UPDATED'] . adm_back_link($module->u_action));
 		}
@@ -110,9 +111,11 @@ class recaptcha extends captcha_abstract
 			}
 
 			$template->assign_vars(array(
-				'CAPTCHA_PREVIEW'	=> $this->get_demo_template($id),
-				'CAPTCHA_NAME'		=> $this->get_service_name(),
-				'U_ACTION'			=> $module->u_action,
+				'CAPTCHA_PREVIEW'		=> $this->get_demo_template($id),
+				'CAPTCHA_NAME'			=> $this->get_service_name(),
+				'RECAPTCHA_V2_DOMAIN'	=> $config['recaptcha_v2_domain'] ?? recaptcha_v3::GOOGLE,
+				'RECAPTCHA_V2_DOMAINS'	=> recaptcha_v3::$supported_domains,
+				'U_ACTION'				=> $module->u_action,
 			));
 
 		}
@@ -140,9 +143,10 @@ class recaptcha extends captcha_abstract
 		{
 			$contact_link = phpbb_get_board_contact_link($config, $phpbb_root_path, $phpEx);
 			$explain = $user->lang(($this->type != CONFIRM_POST) ? 'CONFIRM_EXPLAIN' : 'POST_CONFIRM_EXPLAIN', '<a href="' . $contact_link . '">', '</a>');
+			$domain = $config['recaptcha_v2_domain'] ?? recaptcha_v3::GOOGLE;
 
 			$template->assign_vars(array(
-				'RECAPTCHA_SERVER'			=> $this->recaptcha_server,
+				'RECAPTCHA_SERVER'			=> sprintf('//%1$s/recaptcha/api', $domain),
 				'RECAPTCHA_PUBKEY'			=> isset($config['recaptcha_pubkey']) ? $config['recaptcha_pubkey'] : '',
 				'S_RECAPTCHA_AVAILABLE'		=> self::is_available(),
 				'S_CONFIRM_CODE'			=> true,

phpBB/phpbb/captcha/plugins/recaptcha_v3.php

@@ -30,6 +30,14 @@ class recaptcha_v3 extends captcha_abstract
 	 */
 	const GOOGLE		= 'google.com';
 	const RECAPTCHA		= 'recaptcha.net';
+	const RECAPTCHA_CN	= 'recaptcha.google.cn';
+
+	/** @var string[] List of supported domains */
+	static public $supported_domains = [
+		self::GOOGLE,
+		self::RECAPTCHA,
+		self::RECAPTCHA_CN
+	];
 
 	/** @var array CAPTCHA types mapped to their action */
 	static protected $actions = [
@@ -180,9 +188,14 @@ class recaptcha_v3 extends captcha_abstract
 				trigger_error($language->lang('EMPTY_RECAPTCHA_V3_REQUEST_METHOD') . adm_back_link($module->u_action), E_USER_WARNING);
 			}
 
+			$recaptcha_domain = $request->variable('recaptcha_v3_domain', '', true);
+			if (in_array($recaptcha_domain, self::$supported_domains))
+			{
+				$config->set('recaptcha_v3_domain', $recaptcha_domain);
+			}
+
 			$config->set('recaptcha_v3_key', $request->variable('recaptcha_v3_key', '', true));
 			$config->set('recaptcha_v3_secret', $request->variable('recaptcha_v3_secret', '', true));
-			$config->set('recaptcha_v3_domain', $request->variable('recaptcha_v3_domain', '', true));
 			$config->set('recaptcha_v3_method', $recaptcha_v3_method);
 
 			foreach (self::$actions as $action)
@@ -211,7 +224,7 @@ class recaptcha_v3 extends captcha_abstract
 			'RECAPTCHA_V3_SECRET'		=> $config['recaptcha_v3_secret'] ?? '',
 
 			'RECAPTCHA_V3_DOMAIN'		=> $config['recaptcha_v3_domain'] ?? self::GOOGLE,
-			'RECAPTCHA_V3_DOMAINS'		=> [self::GOOGLE, self::RECAPTCHA],
+			'RECAPTCHA_V3_DOMAINS'		=> self::$supported_domains,
 
 			'RECAPTCHA_V3_METHOD'		=> $config['recaptcha_v3_method'] ?? '',
 			'RECAPTCHA_V3_METHODS'		=> [

phpBB/phpbb/config/config.php

@@ -50,6 +50,7 @@ class config implements \ArrayAccess, \IteratorAggregate, \Countable
 	* @param  string $key The configuration option's name.
 	* @return bool        Whether the configuration option exists.
 	*/
+	#[\ReturnTypeWillChange]
 	public function offsetExists($key)
 	{
 		return isset($this->config[$key]);
@@ -61,6 +62,7 @@ class config implements \ArrayAccess, \IteratorAggregate, \Countable
 	* @param  string $key The configuration option's name.
 	* @return string      The configuration value
 	*/
+	#[\ReturnTypeWillChange]
 	public function offsetGet($key)
 	{
 		return (isset($this->config[$key])) ? $this->config[$key] : '';
@@ -75,6 +77,7 @@ class config implements \ArrayAccess, \IteratorAggregate, \Countable
 	* @param string $key   The configuration option's name.
 	* @param string $value The temporary value.
 	*/
+	#[\ReturnTypeWillChange]
 	public function offsetSet($key, $value)
 	{
 		$this->config[$key] = $value;
@@ -85,6 +88,7 @@ class config implements \ArrayAccess, \IteratorAggregate, \Countable
 	*
 	* @param string $key The configuration option's name.
 	*/
+	#[\ReturnTypeWillChange]
 	public function offsetUnset($key)
 	{
 		trigger_error('Config values have to be deleted explicitly with the \phpbb\config\config::delete($key) method.', E_USER_ERROR);

phpBB/phpbb/content_visibility.php

@@ -501,11 +501,15 @@ class content_visibility
 			$postcounts[$num_posts][] = $poster_id;
 		}
 
+		$postcount_change = 0;
+
 		// Update users postcounts
 		foreach ($postcounts as $num_posts => $poster_ids)
 		{
 			if (in_array($visibility, array(ITEM_REAPPROVE, ITEM_DELETED)))
 			{
+				$postcount_change -= $num_posts;
+
 				$sql = 'UPDATE ' . $this->users_table . '
 					SET user_posts = 0
 					WHERE ' . $this->db->sql_in_set('user_id', $poster_ids) . '
@@ -520,6 +524,8 @@ class content_visibility
 			}
 			else
 			{
+				$postcount_change += $num_posts;
+
 				$sql = 'UPDATE ' . $this->users_table . '
 					SET user_posts = user_posts + ' . $num_posts . '
 					WHERE ' . $this->db->sql_in_set('user_id', $poster_ids);
@@ -527,6 +533,11 @@ class content_visibility
 			}
 		}
 
+		if ($postcount_change != 0)
+		{
+			$this->config->increment('num_posts', $postcount_change, false);
+		}
+
 		$update_topic_postcount = true;
 
 		// Sync the first/last topic information if needed

phpBB/phpbb/datetime.php

@@ -57,6 +57,7 @@ class datetime extends \DateTime
 	* @param boolean $force_absolute Force output of a non relative date
 	* @return string Formatted date time
 	*/
+	#[\ReturnTypeWillChange]
 	public function format($format = '', $force_absolute = false)
 	{
 		$format		= $format ? $format : $this->user->date_format;

phpBB/phpbb/db/driver/driver.php

@@ -634,6 +634,14 @@ abstract class driver implements driver_interface
 		return $expression;
 	}
 
+	/**
+	 * {@inheritDoc}
+	 */
+	public function sql_nextid()
+	{
+		return $this->sql_last_inserted_id();
+	}
+
 	/**
 	* {@inheritDoc}
 	*/
@@ -1237,4 +1245,21 @@ abstract class driver implements driver_interface
 
 		return $rows_total;
 	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public function clean_query_id($query_id)
+	{
+		// Some DBMS functions accept/return objects and/or resources instead if identifiers
+		// Attempting to use objects/resources as array keys will throw error, hence correctly handle all cases
+		if (is_resource($query_id))
+		{
+			return function_exists('get_resource_id') ? get_resource_id($query_id) : (int) $query_id;
+		}
+		else
+		{
+			return is_object($query_id) ? spl_object_id($query_id) : $query_id;
+		}
+	}
 }

phpBB/phpbb/db/driver/driver_interface.php

@@ -289,12 +289,34 @@ interface driver_interface
 	public function cast_expr_to_bigint($expression);
 
 	/**
-	* Get last inserted id after insert statement
-	*
-	* @return	string		Autoincrement value of the last inserted row
-	*/
+	 * Gets the ID of the **last** inserted row immediately after an INSERT
+	 * statement.
+	 *
+	 * **Note**: Despite the name, the returned ID refers to the row that has
+	 * just been inserted, rather than the hypothetical ID of the next row if a
+	 * new one was to be inserted.
+	 *
+	 * The returned value can be used for selecting the item that has just been
+	 * inserted or for updating another table with an ID pointing to that item.
+	 *
+	 * Alias of `sql_last_inserted_id`.
+	 *
+	 * @deprecated 3.3.11-RC1 Replaced by sql_last_inserted_id(), to be removed in 4.1.0-a1
+	 *
+	 * @return	string|false	Auto-incremented value of the last inserted row
+	 */
 	public function sql_nextid();
 
+	/**
+	 * Gets the ID of the last inserted row immediately after an INSERT
+	 * statement. The returned value can be used for selecting the item that has
+	 * just been inserted or for updating another table with an ID pointing to
+	 * that item.
+	 *
+	 * @return	string|false	Auto-incremented value of the last inserted row
+	 */
+	public function sql_last_inserted_id();
+
 	/**
 	* Add to query count
 	*
@@ -472,4 +494,13 @@ interface driver_interface
 	* @return	string		Quoted version of $msg
 	*/
 	public function sql_quote($msg);
+
+	/**
+	 * Ensure query ID can be used by cache
+	 *
+	 * @param resource|int|string $query_id Mixed type query id
+	 *
+	 * @return int|string Query id in string or integer format
+	 */
+	public function clean_query_id($query_id);
 }

phpBB/phpbb/db/driver/factory.php

@@ -314,11 +314,19 @@ class factory implements driver_interface
 	}
 
 	/**
-	* {@inheritdoc}
-	*/
+	 * {@inheritdoc}
+	 */
 	public function sql_nextid()
 	{
-		return $this->get_driver()->sql_nextid();
+		return $this->get_driver()->sql_last_inserted_id();
+	}
+
+	/**
+	 * {@inheritdoc}
+	 */
+	public function sql_last_inserted_id()
+	{
+		return $this->get_driver()->sql_last_inserted_id();
 	}
 
 	/**
@@ -464,4 +472,12 @@ class factory implements driver_interface
 	{
 		return $this->get_driver()->sql_quote($msg);
 	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public function clean_query_id($query_id)
+	{
+		return $this->get_driver()->clean_query_id($query_id);
+	}
 }

phpBB/phpbb/db/driver/mssql_odbc.php

@@ -185,14 +185,16 @@ class mssql_odbc extends \phpbb\db\driver\mssql_base
 					return false;
 				}
 
+				$safe_query_id = $this->clean_query_id($this->query_result);
+
 				if ($cache && $cache_ttl)
 				{
-					$this->open_queries[(int) $this->query_result] = $this->query_result;
+					$this->open_queries[$safe_query_id] = $this->query_result;
 					$this->query_result = $cache->sql_save($this, $query, $this->query_result, $cache_ttl);
 				}
 				else if (strpos($query, 'SELECT') === 0)
 				{
-					$this->open_queries[(int) $this->query_result] = $this->query_result;
+					$this->open_queries[$safe_query_id] = $this->query_result;
 				}
 			}
 			else if ($this->debug_sql_explain)
@@ -260,18 +262,19 @@ class mssql_odbc extends \phpbb\db\driver\mssql_base
 			$query_id = $this->query_result;
 		}
 
-		if ($cache && $cache->sql_exists($query_id))
+		$safe_query_id = $this->clean_query_id($query_id);
+		if ($cache && $cache->sql_exists($safe_query_id))
 		{
-			return $cache->sql_fetchrow($query_id);
+			return $cache->sql_fetchrow($safe_query_id);
 		}
 
 		return ($query_id) ? odbc_fetch_array($query_id) : false;
 	}
 
 	/**
-	* {@inheritDoc}
-	*/
-	function sql_nextid()
+	 * {@inheritdoc}
+	 */
+	public function sql_last_inserted_id()
 	{
 		$result_id = @odbc_exec($this->db_connect_id, 'SELECT @@IDENTITY');
 
@@ -301,14 +304,15 @@ class mssql_odbc extends \phpbb\db\driver\mssql_base
 			$query_id = $this->query_result;
 		}
 
-		if ($cache && !is_object($query_id) && $cache->sql_exists($query_id))
+		$safe_query_id = $this->clean_query_id($query_id);
+		if ($cache && $cache->sql_exists($safe_query_id))
 		{
-			return $cache->sql_freeresult($query_id);
+			return $cache->sql_freeresult($safe_query_id);
 		}
 
-		if (isset($this->open_queries[(int) $query_id]))
+		if (isset($this->open_queries[$safe_query_id]))
 		{
-			unset($this->open_queries[(int) $query_id]);
+			unset($this->open_queries[$safe_query_id]);
 			return odbc_free_result($query_id);
 		}
 

phpBB/phpbb/db/driver/mssqlnative.php

@@ -159,14 +159,16 @@ class mssqlnative extends \phpbb\db\driver\mssql_base
 					return false;
 				}
 
+				$safe_query_id = $this->clean_query_id($this->query_result);
+
 				if ($cache && $cache_ttl)
 				{
-					$this->open_queries[(int) $this->query_result] = $this->query_result;
+					$this->open_queries[$safe_query_id] = $this->query_result;
 					$this->query_result = $cache->sql_save($this, $query, $this->query_result, $cache_ttl);
 				}
 				else if (strpos($query, 'SELECT') === 0)
 				{
-					$this->open_queries[(int) $this->query_result] = $this->query_result;
+					$this->open_queries[$safe_query_id] = $this->query_result;
 				}
 			}
 			else if ($this->debug_sql_explain)
@@ -242,9 +244,10 @@ class mssqlnative extends \phpbb\db\driver\mssql_base
 			$query_id = $this->query_result;
 		}
 
-		if ($cache && $cache->sql_exists($query_id))
+		$safe_query_id = $this->clean_query_id($query_id);
+		if ($cache && $cache->sql_exists($safe_query_id))
 		{
-			return $cache->sql_fetchrow($query_id);
+			return $cache->sql_fetchrow($safe_query_id);
 		}
 
 		if (!$query_id)
@@ -271,9 +274,9 @@ class mssqlnative extends \phpbb\db\driver\mssql_base
 	}
 
 	/**
-	* {@inheritDoc}
-	*/
-	function sql_nextid()
+	 * {@inheritdoc}
+	 */
+	public function sql_last_inserted_id()
 	{
 		$result_id = @sqlsrv_query($this->db_connect_id, 'SELECT @@IDENTITY');
 
@@ -302,14 +305,15 @@ class mssqlnative extends \phpbb\db\driver\mssql_base
 			$query_id = $this->query_result;
 		}
 
-		if ($cache && !is_object($query_id) && $cache->sql_exists($query_id))
+		$safe_query_id = $this->clean_query_id($query_id);
+		if ($cache && $cache->sql_exists($safe_query_id))
 		{
-			return $cache->sql_freeresult($query_id);
+			return $cache->sql_freeresult($safe_query_id);
 		}
 
-		if (isset($this->open_queries[(int) $query_id]))
+		if (isset($this->open_queries[$safe_query_id]))
 		{
-			unset($this->open_queries[(int) $query_id]);
+			unset($this->open_queries[$safe_query_id]);
 			return sqlsrv_free_stmt($query_id);
 		}
 

phpBB/phpbb/db/driver/mysqli.php

@@ -254,9 +254,10 @@ class mysqli extends \phpbb\db\driver\mysql_base
 			$query_id = $this->query_result;
 		}
 
-		if ($cache && !is_object($query_id) && $cache->sql_exists($query_id))
+		$safe_query_id = $this->clean_query_id($query_id);
+		if ($cache && $cache->sql_exists($safe_query_id))
 		{
-			return $cache->sql_fetchrow($query_id);
+			return $cache->sql_fetchrow($safe_query_id);
 		}
 
 		if ($query_id)
@@ -280,18 +281,19 @@ class mysqli extends \phpbb\db\driver\mysql_base
 			$query_id = $this->query_result;
 		}
 
-		if ($cache && !is_object($query_id) && $cache->sql_exists($query_id))
+		$safe_query_id = $this->clean_query_id($query_id);
+		if ($cache && $cache->sql_exists($safe_query_id))
 		{
-			return $cache->sql_rowseek($rownum, $query_id);
+			return $cache->sql_rowseek($rownum, $safe_query_id);
 		}
 
 		return ($query_id) ? @mysqli_data_seek($query_id, $rownum) : false;
 	}
 
 	/**
-	* {@inheritDoc}
-	*/
-	function sql_nextid()
+	 * {@inheritdoc}
+	 */
+	public function sql_last_inserted_id()
 	{
 		return ($this->db_connect_id) ? @mysqli_insert_id($this->db_connect_id) : false;
 	}
@@ -308,9 +310,10 @@ class mysqli extends \phpbb\db\driver\mysql_base
 			$query_id = $this->query_result;
 		}
 
-		if ($cache && !is_object($query_id) && $cache->sql_exists($query_id))
+		$safe_query_id = $this->clean_query_id($query_id);
+		if ($cache && $cache->sql_exists($safe_query_id))
 		{
-			return $cache->sql_freeresult($query_id);
+			return $cache->sql_freeresult($safe_query_id);
 		}
 
 		if (!$query_id)

phpBB/phpbb/db/driver/oracle.php

@@ -441,14 +441,16 @@ class oracle extends \phpbb\db\driver\driver
 					return false;
 				}
 
+				$safe_query_id = $this->clean_query_id($this->query_result);
+
 				if ($cache && $cache_ttl)
 				{
-					$this->open_queries[(int) $this->query_result] = $this->query_result;
+					$this->open_queries[$safe_query_id] = $this->query_result;
 					$this->query_result = $cache->sql_save($this, $query, $this->query_result, $cache_ttl);
 				}
 				else if (strpos($query, 'SELECT') === 0)
 				{
-					$this->open_queries[(int) $this->query_result] = $this->query_result;
+					$this->open_queries[$safe_query_id] = $this->query_result;
 				}
 			}
 			else if ($this->debug_sql_explain)
@@ -496,9 +498,10 @@ class oracle extends \phpbb\db\driver\driver
 			$query_id = $this->query_result;
 		}
 
-		if ($cache && $cache->sql_exists($query_id))
+		$safe_query_id = $this->clean_query_id($query_id);
+		if ($cache && $cache->sql_exists($safe_query_id))
 		{
-			return $cache->sql_fetchrow($query_id);
+			return $cache->sql_fetchrow($safe_query_id);
 		}
 
 		if ($query_id)
@@ -544,9 +547,10 @@ class oracle extends \phpbb\db\driver\driver
 			$query_id = $this->query_result;
 		}
 
-		if ($cache && $cache->sql_exists($query_id))
+		$safe_query_id = $this->clean_query_id($query_id);
+		if ($cache && $cache->sql_exists($safe_query_id))
 		{
-			return $cache->sql_rowseek($rownum, $query_id);
+			return $cache->sql_rowseek($rownum, $safe_query_id);
 		}
 
 		if (!$query_id)
@@ -570,9 +574,9 @@ class oracle extends \phpbb\db\driver\driver
 	}
 
 	/**
-	* {@inheritDoc}
-	*/
-	function sql_nextid()
+	 * {@inheritdoc}
+	 */
+	public function sql_last_inserted_id()
 	{
 		$query_id = $this->query_result;
 
@@ -619,14 +623,15 @@ class oracle extends \phpbb\db\driver\driver
 			$query_id = $this->query_result;
 		}
 
-		if ($cache && !is_object($query_id) && $cache->sql_exists($query_id))
+		$safe_query_id = $this->clean_query_id($query_id);
+		if ($cache && $cache->sql_exists($safe_query_id))
 		{
-			return $cache->sql_freeresult($query_id);
+			return $cache->sql_freeresult($safe_query_id);
 		}
 
-		if (isset($this->open_queries[(int) $query_id]))
+		if (isset($this->open_queries[$safe_query_id]))
 		{
-			unset($this->open_queries[(int) $query_id]);
+			unset($this->open_queries[$safe_query_id]);
 			return oci_free_statement($query_id);
 		}
 

phpBB/phpbb/db/driver/postgres.php

@@ -342,9 +342,9 @@ class postgres extends \phpbb\db\driver\driver
 	}
 
 	/**
-	* {@inheritDoc}
-	*/
-	function sql_nextid()
+	 * {@inheritdoc}
+	 */
+	public function sql_last_inserted_id()
 	{
 		$query_id = $this->query_result;
 
@@ -547,25 +547,4 @@ class postgres extends \phpbb\db\driver\driver
 	{
 		return '"' . $msg . '"';
 	}
-
-	/**
-	 * Ensure query ID can be used by cache
-	 *
-	 * @param resource|int|string $query_id Mixed type query id
-	 *
-	 * @return int|string Query id in string or integer format
-	 */
-	private function clean_query_id($query_id)
-	{
-		// As of PHP 8.1 PgSQL functions accept/return \PgSQL\* objects instead of "pgsql *" resources
-		// Attempting to cast object to int will throw error, hence correctly handle all cases
-		if (is_resource($query_id))
-		{
-			return function_exists('get_resource_id') ? get_resource_id($query_id) : (int) $query_id;
-		}
-		else
-		{
-			return is_object($query_id) ? spl_object_id($query_id) : $query_id;
-		}
-	}
 }

phpBB/phpbb/db/driver/sqlite3.php

@@ -233,18 +233,19 @@ class sqlite3 extends \phpbb\db\driver\driver
 			$query_id = $this->query_result;
 		}
 
-		if ($cache && !is_object($query_id) && $cache->sql_exists($query_id))
+		$safe_query_id = $this->clean_query_id($query_id);
+		if ($cache && $cache->sql_exists($safe_query_id))
 		{
-			return $cache->sql_fetchrow($query_id);
+			return $cache->sql_fetchrow($safe_query_id);
 		}
 
 		return is_object($query_id) ? @$query_id->fetchArray(SQLITE3_ASSOC) : false;
 	}
 
 	/**
-	* {@inheritDoc}
-	*/
-	public function sql_nextid()
+	 * {@inheritdoc}
+	 */
+	public function sql_last_inserted_id()
 	{
 		return ($this->db_connect_id) ? $this->dbo->lastInsertRowID() : false;
 	}
@@ -261,9 +262,10 @@ class sqlite3 extends \phpbb\db\driver\driver
 			$query_id = $this->query_result;
 		}
 
-		if ($cache && !is_object($query_id) && $cache->sql_exists($query_id))
+		$safe_query_id = $this->clean_query_id($query_id);
+		if ($cache && $cache->sql_exists($safe_query_id))
 		{
-			return $cache->sql_freeresult($query_id);
+			return $cache->sql_freeresult($safe_query_id);
 		}
 
 		if ($query_id)

phpBB/phpbb/db/migration/data/v30x/local_url_bbcode.php

@@ -46,7 +46,7 @@ class local_url_bbcode extends \phpbb\db\migration\migration
 			{
 				if (function_exists('phpbb_require_updated'))
 				{
-					phpbb_require_updated('includes/acp/acp_bbcodes.' . $this->php_ext);
+					phpbb_require_updated('includes/acp/acp_bbcodes.' . $this->php_ext, $this->phpbb_root_path);
 				}
 				else
 				{

phpBB/phpbb/db/migration/data/v33x/profilefield_youtube_update.php

@@ -15,7 +15,7 @@ namespace phpbb\db\migration\data\v33x;
 
 class profilefield_youtube_update extends \phpbb\db\migration\migration
 {
-	protected $youtube_url_matcher = 'https:\\/\\/(www\\.)?youtube\\.com\\/.+';
+	public static $youtube_url_matcher = 'https:\\/\\/(www\\.)?youtube\\.com\\/.+';
 
 	public function effectively_installed()
 	{
@@ -30,7 +30,7 @@ class profilefield_youtube_update extends \phpbb\db\migration\migration
 		$row = $this->db->sql_fetchrow($result);
 		$this->db->sql_freeresult($result);
 
-		return $row['field_validation'] === $this->youtube_url_matcher;
+		return !$row || $row['field_validation'] === self::$youtube_url_matcher;
 	}
 
 	public static function depends_on()
@@ -48,19 +48,18 @@ class profilefield_youtube_update extends \phpbb\db\migration\migration
 		$profile_fields = $this->table_prefix . 'profile_fields';
 		$profile_fields_data = $this->table_prefix . 'profile_fields_data';
 
-		$field_validation = $this->db->sql_escape($this->youtube_url_matcher);
+		$field_data = [
+			'field_length'		=> 40,
+			'field_minlen'		=> strlen('https://youtube.com/c/') + 1,
+			'field_maxlen'		=> 255,
+			'field_validation'	=> self::$youtube_url_matcher,
+			'field_contact_url'	=> '%s'
+		];
 
-		$min_length = strlen('https://youtube.com/c/') + 1;
-
-		$this->db->sql_query(
-			"UPDATE $profile_fields SET
-				field_length = '40',
-				field_minlen = '$min_length',
-				field_maxlen = '255',
-				field_validation = '$field_validation',
-				field_contact_url = '%s'
-				WHERE field_name = 'phpbb_youtube'"
-		);
+		$sql = 'UPDATE ' . $profile_fields . '
+			SET ' . $this->db->sql_build_array('UPDATE', $field_data) . "
+			WHERE field_name = 'phpbb_youtube'";
+		$this->db->sql_query($sql);
 
 		$yt_profile_field = 'pf_phpbb_youtube';
 		$prepend_legacy_youtube_url = $this->db->sql_concatenate(

phpBB/phpbb/db/migration/data/v33x/profilefields_update.php

@@ -0,0 +1,194 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+namespace phpbb\db\migration\data\v33x;
+
+class profilefields_update extends \phpbb\db\migration\migration
+{
+	/** @var string YouTube URLs matcher: handle or custom URL or channel URL */
+	protected $youtube_url_matcher = '(@[a-zA-Z0-9_.-]{3,30}|c/[a-zA-Z][\w\.,\-_]+|(channel|user)/[a-zA-Z][\w\.,\-_]+)';
+
+	public static function depends_on(): array
+	{
+		return [
+			'\phpbb\db\migration\data\v33x\v3310',
+			'\phpbb\db\migration\data\v33x\profilefield_youtube_update',
+		];
+	}
+
+	public function update_schema(): array
+	{
+		return [
+			'change_columns'	=> [
+				$this->table_prefix . 'profile_fields'			=> [
+					'field_validation'		=> ['VCHAR_UNI:128', ''],
+				],
+			]
+		];
+	}
+
+	public function revert_schema(): array
+	{
+		return [
+			'change_columns'	=> [
+				$this->table_prefix . 'profile_fields'			=> [
+					'field_validation'		=> ['VCHAR_UNI:64', ''],
+				],
+			]
+		];
+	}
+
+	public function update_data(): array
+	{
+		return [
+			['custom', [[$this, 'update_youtube_profile_field']]],
+			['custom', [[$this, 'update_other_profile_fields']]],
+		];
+	}
+
+	public function revert_data(): array
+	{
+		return [
+			['custom', [[$this, 'revert_youtube_profile_field']]],
+			['custom', [[$this, 'revert_other_profile_fields']]],
+		];
+	}
+
+	public function update_youtube_profile_field(): bool
+	{
+		$profile_fields = $this->table_prefix . 'profile_fields';
+		$profile_fields_data = $this->table_prefix . 'profile_fields_data';
+		$end_time = time() + 5; // allow up to 5 seconds for migration to run
+
+		$field_data = [
+			'field_length'			=> 20,
+			'field_minlen'			=> 3,
+			'field_maxlen'			=> 60,
+			'field_validation'		=> $this->youtube_url_matcher,
+			'field_contact_url'		=> 'https://youtube.com/%s',
+			'field_contact_desc'	=> 'VIEW_YOUTUBE_PROFILE',
+		];
+
+		$sql = 'UPDATE ' . $profile_fields . '
+			SET ' . $this->db->sql_build_array('UPDATE', $field_data) . "
+			WHERE field_name = 'phpbb_youtube'";
+		$this->db->sql_query($sql);
+
+		$yt_profile_field = 'pf_phpbb_youtube';
+		$has_youtube_url = $this->db->sql_like_expression($this->db->get_any_char() . 'youtube.com/' . $this->db->get_any_char());
+
+		$update_aborted = false;
+
+		$sql = 'SELECT user_id, pf_phpbb_youtube
+			FROM ' . $profile_fields_data . "
+			WHERE $yt_profile_field <> ''
+				AND $yt_profile_field $has_youtube_url";
+		$result = $this->db->sql_query($sql);
+		while ($row = $this->db->sql_fetchrow($result))
+		{
+			$updated_youtube_url_part = $this->get_youtube_url_part($row['pf_phpbb_youtube']);
+			if ($updated_youtube_url_part != $row['pf_phpbb_youtube'])
+			{
+				$this->db->sql_query(
+					"UPDATE $profile_fields_data
+					SET $yt_profile_field = '$updated_youtube_url_part'
+					WHERE user_id = {$row['user_id']}"
+				);
+			}
+
+			if (time() > $end_time)
+			{
+				$update_aborted = true;
+				break;
+			}
+		}
+		$this->db->sql_freeresult($result);
+
+		return $update_aborted != true;
+	}
+
+	public function update_other_profile_fields(): void
+	{
+		$profile_fields = $this->table_prefix . 'profile_fields';
+
+		$this->db->sql_query(
+			"UPDATE $profile_fields
+				SET field_contact_url = 'https://facebook.com/%s/'
+				WHERE field_name = 'phpbb_facebook'"
+		);
+
+		$this->db->sql_query(
+			"UPDATE $profile_fields
+				SET field_contact_url = 'https://twitter.com/%s'
+				WHERE field_name = 'phpbb_twitter'"
+		);
+	}
+
+	public function revert_youtube_profile_field(): void
+	{
+		$profile_fields = $this->table_prefix . 'profile_fields';
+		$profile_fields_data = $this->table_prefix . 'profile_fields_data';
+
+		$field_data = [
+			'field_length'		=> 40,
+			'field_minlen'		=> strlen('https://youtube.com/c/') + 1,
+			'field_maxlen'		=> 255,
+			'field_validation'	=> profilefield_youtube_update::$youtube_url_matcher,
+			'field_contact_url'	=> '%s'
+		];
+
+		$sql = 'UPDATE ' . $profile_fields . '
+			SET ' . $this->db->sql_build_array('UPDATE', $field_data) . "
+			WHERE field_name = 'phpbb_youtube'";
+		$this->db->sql_query($sql);
+
+		$yt_profile_field = 'pf_phpbb_youtube';
+		$prepend_legacy_youtube_url = $this->db->sql_concatenate(
+			"'https://youtube.com/'", $yt_profile_field
+		);
+		$is_not_already_youtube_url = $this->db->sql_not_like_expression(
+			$this->db->get_any_char()
+			. 'youtube.com/'
+			. $this->db->get_any_char()
+		);
+
+		$this->db->sql_query(
+			"UPDATE $profile_fields_data SET
+				$yt_profile_field = $prepend_legacy_youtube_url
+				WHERE $yt_profile_field <> ''
+				AND $yt_profile_field $is_not_already_youtube_url"
+		);
+	}
+
+	public function revert_other_profile_fields(): void
+	{
+		$profile_fields = $this->table_prefix . 'profile_fields';
+
+		$this->db->sql_query(
+			"UPDATE $profile_fields
+				SET field_contact_url = 'http://facebook.com/%s/'
+				WHERE field_name = 'phpbb_facebook'"
+		);
+
+		$this->db->sql_query(
+			"UPDATE $profile_fields
+				SET field_contact_url = 'http://twitter.com/%s'
+				WHERE field_name = 'phpbb_twitter'"
+		);
+	}
+
+	protected function get_youtube_url_part(string $profile_field_string): string
+	{
+		return preg_replace('#^https://(?:www\.)?youtube\.com/(.+)$#iu', '$1', $profile_field_string);
+	}
+}

phpBB/phpbb/db/migration/data/v33x/v3310.php

@@ -0,0 +1,36 @@
+<?php
+/**
+ *
+ * This file is part of the phpBB Forum Software package.
+ *
+ * @copyright (c) phpBB Limited <https://www.phpbb.com>
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
+
+namespace phpbb\db\migration\data\v33x;
+
+class v3310 extends \phpbb\db\migration\migration
+{
+	public function effectively_installed()
+	{
+		return version_compare($this->config['version'], '3.3.10', '>=');
+	}
+
+	public static function depends_on()
+	{
+		return [
+			'\phpbb\db\migration\data\v33x\v3310rc1',
+		];
+	}
+
+	public function update_data()
+	{
+		return [
+			['config.update', ['version', '3.3.10']],
+		];
+	}
+}

phpBB/phpbb/db/migration/data/v33x/v3310rc1.php

@@ -0,0 +1,36 @@
+<?php
+/**
+ *
+ * This file is part of the phpBB Forum Software package.
+ *
+ * @copyright (c) phpBB Limited <https://www.phpbb.com>
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
+
+namespace phpbb\db\migration\data\v33x;
+
+class v3310rc1 extends \phpbb\db\migration\migration
+{
+	public function effectively_installed()
+	{
+		return version_compare($this->config['version'], '3.3.10-RC1', '>=');
+	}
+
+	public static function depends_on()
+	{
+		return [
+			'\phpbb\db\migration\data\v33x\v339',
+		];
+	}
+
+	public function update_data()
+	{
+		return [
+			['config.update', ['version', '3.3.10-RC1']],
+		];
+	}
+}

phpBB/phpbb/db/migration/data/v33x/v3311.php

@@ -0,0 +1,36 @@
+<?php
+/**
+ *
+ * This file is part of the phpBB Forum Software package.
+ *
+ * @copyright (c) phpBB Limited <https://www.phpbb.com>
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
+
+namespace phpbb\db\migration\data\v33x;
+
+class v3311 extends \phpbb\db\migration\migration
+{
+	public function effectively_installed()
+	{
+		return version_compare($this->config['version'], '3.3.11', '>=');
+	}
+
+	public static function depends_on()
+	{
+		return [
+			'\phpbb\db\migration\data\v33x\profilefields_update',
+		];
+	}
+
+	public function update_data()
+	{
+		return [
+			['config.update', ['version', '3.3.11']],
+		];
+	}
+}

phpBB/phpbb/db/migration/data/v33x/v339.php

@@ -0,0 +1,36 @@
+<?php
+/**
+ *
+ * This file is part of the phpBB Forum Software package.
+ *
+ * @copyright (c) phpBB Limited <https://www.phpbb.com>
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
+
+namespace phpbb\db\migration\data\v33x;
+
+class v339 extends \phpbb\db\migration\migration
+{
+	public function effectively_installed()
+	{
+		return version_compare($this->config['version'], '3.3.9', '>=');
+	}
+
+	public static function depends_on()
+	{
+		return [
+			'\phpbb\db\migration\data\v33x\v339rc1',
+		];
+	}
+
+	public function update_data()
+	{
+		return [
+			['config.update', ['version', '3.3.9']],
+		];
+	}
+}

phpBB/phpbb/db/migration/data/v33x/v339rc1.php

@@ -0,0 +1,36 @@
+<?php
+/**
+ *
+ * This file is part of the phpBB Forum Software package.
+ *
+ * @copyright (c) phpBB Limited <https://www.phpbb.com>
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
+
+namespace phpbb\db\migration\data\v33x;
+
+class v339rc1 extends \phpbb\db\migration\migration
+{
+	public function effectively_installed()
+	{
+		return version_compare($this->config['version'], '3.3.9-RC1', '>=');
+	}
+
+	public static function depends_on()
+	{
+		return [
+			'\phpbb\db\migration\data\v33x\v338',
+		];
+	}
+
+	public function update_data()
+	{
+		return [
+			['config.update', ['version', '3.3.9-RC1']],
+		];
+	}
+}

phpBB/phpbb/db/migration/profilefield_base_migration.php

@@ -40,6 +40,8 @@ abstract class profilefield_base_migration extends container_aware_migration
 
 	protected $user_column_name;
 
+	private $profile_row;
+
 	public function effectively_installed()
 	{
 		return $this->db_tools->sql_column_exists($this->table_prefix . 'profile_fields_data', 'pf_' . $this->profilefield_name);
@@ -234,15 +236,13 @@ abstract class profilefield_base_migration extends container_aware_migration
 
 	protected function get_insert_sql_array()
 	{
-		static $profile_row;
-
-		if ($profile_row === null)
+		if ($this->profile_row === null)
 		{
 			/* @var $manager \phpbb\profilefields\manager */
 			$manager = $this->container->get('profilefields.manager');
-			$profile_row = $manager->build_insert_sql_array(array());
+			$this->profile_row = $manager->build_insert_sql_array(array());
 		}
 
-		return $profile_row;
+		return $this->profile_row;
 	}
 }

phpBB/phpbb/db/tools/mssql.php

@@ -182,7 +182,7 @@ class mssql extends tools
 
 			if (isset($prepared_column['auto_increment']) && $prepared_column['auto_increment'] && strlen($column_name) > 26) // "${column_name}_gen"
 			{
-				trigger_error("Index name '${column_name}_gen' on table '$table_name' is too long. The maximum auto increment column length is 26 characters.", E_USER_ERROR);
+				trigger_error("Index name '{$column_name}_gen' on table '$table_name' is too long. The maximum auto increment column length is 26 characters.", E_USER_ERROR);
 			}
 
 			// here we add the definition of the new column to the list of columns

phpBB/phpbb/db/tools/postgres.php

@@ -102,7 +102,7 @@ class postgres extends tools
 	function sql_table_exists($table_name)
 	{
 		$sql = "SELECT CAST(EXISTS(
-			SELECT FROM information_schema.tables
+			SELECT * FROM information_schema.tables
 				WHERE table_schema = 'public'
 					AND table_name   = '" . $this->db->sql_escape($table_name) . "'
 			) AS INTEGER)";
@@ -147,7 +147,7 @@ class postgres extends tools
 
 			if (isset($prepared_column['auto_increment']) && $prepared_column['auto_increment'] && strlen($column_name) > 26) // "${column_name}_gen"
 			{
-				trigger_error("Index name '${column_name}_gen' on table '$table_name' is too long. The maximum auto increment column length is 26 characters.", E_USER_ERROR);
+				trigger_error("Index name '{$column_name}_gen' on table '$table_name' is too long. The maximum auto increment column length is 26 characters.", E_USER_ERROR);
 			}
 
 			// here we add the definition of the new column to the list of columns