[prep-release-3.3.1] Update changelog for 3.3.10

[ticket/17092] Check for Spamhaus error codes

.github/setup-phpbb.sh

@@ -31,6 +31,6 @@ php ../composer.phar install --dev --no-interaction
 if [[ "$PHP_VERSION" =~ ^nightly$ || "$PHP_VERSION" =~ ^8 ]]
 then
 	php ../composer.phar remove phpunit/dbunit --dev --update-with-dependencies \
-	&& php ../composer.phar require symfony/yaml:~4.4 misantron/dbunit:~5.0 phpunit/phpunit:^9.3 --dev --update-with-all-dependencies --ignore-platform-reqs
+	&& php ../composer.phar require symfony/yaml:~4.4 misantron/dbunit:~5.0 phpunit/phpunit:^9.3 doctrine/instantiator:^1.4 --dev --update-with-all-dependencies --ignore-platform-reqs
 fi
 cd ..

.github/workflows/tests.yml

@@ -17,7 +17,7 @@ on:
 jobs:
     # Basic checks, e.g. parse errors, commit messages, etc.
     basic-checks:
-        runs-on: ubuntu-18.04
+        runs-on: ubuntu-20.04
         strategy:
             matrix:
                 include:
@@ -29,7 +29,7 @@ jobs:
 
         steps:
             - name: Checkout repository
-              uses: actions/checkout@v2
+              uses: actions/checkout@v3
               with:
                   fetch-depth: 100
 
@@ -46,12 +46,12 @@ jobs:
                   PHP_VERSION: ${{ matrix.php }}
               run: |
                   cd phpBB
-                  echo "::set-output name=dir::$(composer config cache-files-dir)"
-                  echo "::set-output name=version::${PHP_VERSION%.*}"
+                  echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
+                  echo "version=${PHP_VERSION%.*}" >> $GITHUB_OUTPUT
                   cd ..
 
             - name: Cache Composer dependencies
-              uses: actions/cache@v2
+              uses: actions/cache@v3
               with:
                   path: ${{ steps.composer-cache.outputs.dir }}
                   key: composer-${{ steps.composer-cache.outputs.version }}-${{ hashFiles('phpBB/composer.lock') }}
@@ -88,7 +88,7 @@ jobs:
 
     # Tests for MySQL and MariaDB
     mysql-tests:
-        runs-on: ubuntu-18.04
+        runs-on: ubuntu-20.04
         strategy:
             matrix:
                 include:
@@ -157,14 +157,14 @@ jobs:
 
         steps:
             - name: Checkout repository
-              uses: actions/checkout@v2
+              uses: actions/checkout@v3
 
             - id: database-type
               env:
                   MATRIX_DB: ${{ matrix.db }}
               run: |
                   db=$(echo "${MATRIX_DB%%:*}")
-                  echo "::set-output name=db::$db"
+                  echo "db=$db" >> $GITHUB_OUTPUT
 
             - name: Setup PHP
               uses: shivammathur/setup-php@v2
@@ -179,12 +179,12 @@ jobs:
                   PHP_VERSION: ${{ matrix.php }}
               run: |
                   cd phpBB
-                  echo "::set-output name=dir::$(composer config cache-files-dir)"
-                  echo "::set-output name=version::${PHP_VERSION%.*}"
+                  echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
+                  echo "version=${PHP_VERSION%.*}" >> $GITHUB_OUTPUT
                   cd ..
 
             - name: Cache Composer dependencies
-              uses: actions/cache@v2
+              uses: actions/cache@v3
               with:
                   path: ${{ steps.composer-cache.outputs.dir }}
                   key: composer-${{ steps.composer-cache.outputs.version }}-${{ hashFiles('phpBB/composer.lock') }}
@@ -229,7 +229,7 @@ jobs:
 
     # Tests for PostgreSQL
     postgres-tests:
-        runs-on: ubuntu-18.04
+        runs-on: ubuntu-20.04
         strategy:
             matrix:
                 include:
@@ -290,14 +290,14 @@ jobs:
 
         steps:
             - name: Checkout repository
-              uses: actions/checkout@v2
+              uses: actions/checkout@v3
 
             - id: database-type
               env:
                   MATRIX_DB: ${{ matrix.db }}
               run: |
                   db=$(echo "${MATRIX_DB%%:*}")
-                  echo "::set-output name=db::$db"
+                  echo "db=$db" >> $GITHUB_OUTPUT
 
             - name: Setup PHP
               uses: shivammathur/setup-php@v2
@@ -312,12 +312,12 @@ jobs:
                   PHP_VERSION: ${{ matrix.php }}
               run: |
                   cd phpBB
-                  echo "::set-output name=dir::$(composer config cache-files-dir)"
-                  echo "::set-output name=version::${PHP_VERSION%.*}"
+                  echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
+                  echo "version=${PHP_VERSION%.*}" >> $GITHUB_OUTPUT
                   cd ..
 
             - name: Cache Composer dependencies
-              uses: actions/cache@v2
+              uses: actions/cache@v3
               with:
                   path: ${{ steps.composer-cache.outputs.dir }}
                   key: composer-${{ steps.composer-cache.outputs.version }}-${{ hashFiles('phpBB/composer.lock') }}
@@ -345,7 +345,7 @@ jobs:
 
     # Other database types, namely sqlite3 and mssql
     other-tests:
-        runs-on: ubuntu-18.04
+        runs-on: ubuntu-20.04
         strategy:
             matrix:
                 include:
@@ -388,7 +388,7 @@ jobs:
 
         steps:
             - name: Checkout repository
-              uses: actions/checkout@v2
+              uses: actions/checkout@v3
 
             - id: database-type
               env:
@@ -400,7 +400,7 @@ jobs:
                   else
                       db=$(echo "${MATRIX_DB%%:*}")
                   fi
-                  echo "::set-output name=db::$db"
+                  echo "db=$db" >> $GITHUB_OUTPUT
 
             - name: Setup PHP
               uses: shivammathur/setup-php@v2
@@ -415,12 +415,12 @@ jobs:
                   PHP_VERSION: ${{ matrix.php }}
               run: |
                   cd phpBB
-                  echo "::set-output name=dir::$(composer config cache-files-dir)"
-                  echo "::set-output name=version::${PHP_VERSION%.*}"
+                  echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
+                  echo "version=${PHP_VERSION%.*}" >> $GITHUB_OUTPUT
                   cd ..
 
             - name: Cache Composer dependencies
-              uses: actions/cache@v2
+              uses: actions/cache@v3
               with:
                   path: ${{ steps.composer-cache.outputs.dir }}
                   key: composer-${{ steps.composer-cache.outputs.version }}-${{ hashFiles('phpBB/composer.lock') }}
@@ -485,7 +485,7 @@ jobs:
                   git config --system core.autocrlf false
                   git config --system core.eol lf
             - name: Checkout repository
-              uses: actions/checkout@v2
+              uses: actions/checkout@v3
 
             - name: Setup PHP
               uses: shivammathur/setup-php@v2
@@ -499,13 +499,13 @@ jobs:
               id: composer-cache
               run: |
                   cd phpBB
-                  echo "::set-output name=dir::$(composer config cache-files-dir)"
+                  echo "dir=$(composer config cache-files-dir)" >> $env:GITHUB_OUTPUT
                   $major_version="${{ matrix.php }}".substring(0,1)
-                  echo "::set-output name=version::$major_version"
+                  echo "version=$major_version" >> $env:GITHUB_OUTPUT
                   cd ..
 
             - name: Cache Composer dependencies
-              uses: actions/cache@v2
+              uses: actions/cache@v3
               with:
                   path: ${{ steps.composer-cache.outputs.dir }}
                   key: composer-${{ steps.composer-cache.outputs.version }}-${{ hashFiles('phpBB/composer.lock') }}
@@ -548,7 +548,7 @@ jobs:
                   cd ${env:GITHUB_WORKSPACE}\phpBB
                   php ..\composer.phar install
                   php ..\composer.phar remove phpunit/dbunit --dev --update-with-dependencies
-                  php ..\composer.phar require symfony/yaml:~4.4 misantron/dbunit:~5.0 phpunit/phpunit:^9.3 --dev --update-with-all-dependencies --ignore-platform-reqs
+                  php ..\composer.phar require symfony/yaml:~4.4 misantron/dbunit:~5.0 phpunit/phpunit:^9.3 doctrine/instantiator:^1.4 --dev --update-with-all-dependencies --ignore-platform-reqs
                   cd ..
             - name: Setup database
               run: |

build/build.xml

@@ -2,9 +2,9 @@
 
 <project name="phpBB" description="The phpBB forum software" default="all" basedir="../">
 	<!-- a few settings for the build -->
-	<property name="newversion" value="3.3.9" />
-	<property name="prevversion" value="3.3.8" />
-	<property name="olderversions" value="3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.7-pl1, 3.1.8, 3.1.9, 3.1.10, 3.1.11, 3.1.12, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.2.6, 3.2.7, 3.2.8, 3.2.9, 3.2.10, 3.2.11, 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.3.4, 3.3.5, 3.3.6, 3.3.7, 3.3.9-RC1" />
+	<property name="newversion" value="3.3.10" />
+	<property name="prevversion" value="3.3.9" />
+	<property name="olderversions" value="3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.7-pl1, 3.1.8, 3.1.9, 3.1.10, 3.1.11, 3.1.12, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.2.6, 3.2.7, 3.2.8, 3.2.9, 3.2.10, 3.2.11, 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.3.4, 3.3.5, 3.3.6, 3.3.7, 3.3.8, 3.3.10-RC1" />
 	<!-- no configuration should be needed beyond this point -->
 
 	<property name="oldversions" value="${olderversions}, ${prevversion}" />

phpBB/adm/style/acp_users_warnings.html

@@ -14,7 +14,7 @@
 	<!-- BEGIN warn -->
 		<tr>
 			<td>{warn.USERNAME}</td>
-			<td style="text-align: center; nowrap: nowrap;">{warn.DATE}</td>
+			<td style="text-align: center; white-space: nowrap;">{warn.DATE}</td>
 			<td>{warn.ACTION}</td>
 			<td style="text-align: center;"><input type="checkbox" class="radio" name="mark[]" value="{warn.ID}" /></td>
 		</tr>

phpBB/adm/style/captcha_recaptcha_acp.html

@@ -21,6 +21,20 @@
 	<dd><input id="recaptcha_privkey" name="recaptcha_privkey" value="{RECAPTCHA_PRIVKEY}" size="50" type="text" /></dd>
 </dl>
 
+<dl>
+	<dt>
+		<label>{{ lang('RECAPTCHA_V3_DOMAIN') ~ lang('COLON') }}</label>
+		<br><span>{{ lang('RECAPTCHA_V3_DOMAIN_EXPLAIN') }}</span>
+	</dt>
+	<dd>
+		{% for domain in RECAPTCHA_V2_DOMAINS %}
+		<label>
+			<input class="radio" name="recaptcha_v2_domain" type="radio" value="{{ domain }}"{{ domain == RECAPTCHA_V2_DOMAIN ? ' checked' }}>
+			<span>{{ domain }}</span>
+		</label>
+		{% endfor %}
+	</dd>
+</dl>
 
 </fieldset>
 <fieldset>

phpBB/adm/style/overall_footer.html

@@ -42,5 +42,7 @@
 <!-- EVENT acp_overall_footer_after -->
 {$SCRIPTS}
 
+{% EVENT acp_overall_footer_body_after %}
+
 </body>
 </html>

phpBB/adm/style/simple_footer.html

@@ -23,5 +23,7 @@
 <!-- EVENT acp_simple_footer_after -->
 {$SCRIPTS}
 
+{% EVENT acp_simple_footer_body_after %}
+
 </body>
 </html>

phpBB/cron.php

@@ -12,6 +12,9 @@
 */
 
 use Symfony\Component\HttpFoundation\RedirectResponse;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Routing\Exception\ExceptionInterface;
+use Symfony\Component\Routing\Exception\RouteNotFoundException;
 
 /**
 */
@@ -28,10 +31,49 @@ $cron_type = $request->variable('cron_type', '');
 
 $get_params_array = $request->get_super_global(\phpbb\request\request_interface::GET);
 
+/* @var $http_kernel \Symfony\Component\HttpKernel\HttpKernel */
+$http_kernel = $phpbb_container->get('http_kernel');
+
+/* @var $symfony_request \phpbb\symfony_request */
+$symfony_request = $phpbb_container->get('symfony_request');
+
 /** @var \phpbb\controller\helper $controller_helper */
 $controller_helper = $phpbb_container->get('controller.helper');
-$response = new RedirectResponse(
-	$controller_helper->route('phpbb_cron_run', $get_params_array, false),
-	301
+$cron_route = 'phpbb_cron_run';
+
+try
+{
+	$response = new RedirectResponse(
+		$controller_helper->route($cron_route, $get_params_array, false),
+		Response::HTTP_MOVED_PERMANENTLY
+	);
+	$response->send();
+	$http_kernel->terminate($symfony_request, $response);
+	exit();
+}
+catch (RouteNotFoundException $exception)
+{
+	$error = 'ROUTE_NOT_FOUND';
+	$error_parameters = $cron_route;
+	$error_code = Response::HTTP_NOT_FOUND;
+}
+catch (ExceptionInterface $exception)
+{
+	$error = 'ROUTE_INVALID_MISSING_PARAMS';
+	$error_parameters = $cron_route;
+	$error_code = Response::HTTP_BAD_REQUEST;
+}
+catch (Throwable $exception)
+{
+	$error = $exception->getMessage();
+	$error_parameters = [];
+	$error_code = Response::HTTP_INTERNAL_SERVER_ERROR;
+}
+
+$language = $phpbb_container->get('language');
+$response = new Response(
+	$language->lang($error, $error_parameters),
+	$error_code
 );
 $response->send();
+$http_kernel->terminate($symfony_request, $response);

phpBB/docs/CHANGELOG.html

@@ -50,6 +50,8 @@
 <ol>
 	<li><a href="#changelog">Changelog</a>
 	<ul>
+		<li><a href="#v3310rc1">Changes since 3.3.10-RC1</a></li>
+		<li><a href="#v339">Changes since 3.3.9</a></li>
 		<li><a href="#v339rc1">Changes since 3.3.9-RC1</a></li>
 		<li><a href="#v338">Changes since 3.3.8</a></li>
 		<li><a href="#v337">Changes since 3.3.7</a></li>
@@ -164,6 +166,41 @@
 		<div class="inner">
 
 		<div class="content">
+			<a name="v3310rc1"></a><h3>Changes since 3.3.10-RC1</h3>
+			<h4>Bug</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17091">PHPBB3-17091</a>] - PHP 8.0 builds fail due to incompatible doctrine/instantiator</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17092">PHPBB3-17092</a>] - Check for error codes when querying Spamhaus</li>
+			</ul>
+
+			<a name="v339"></a><h3>Changes since 3.3.9</h3>
+			<h4>Bug</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16938">PHPBB3-16938</a>] - Unexistent css property in inline style</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17039">PHPBB3-17039</a>] - Group name not colored in manage groups due to typo</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17056">PHPBB3-17056</a>] - PHP 8.2 Deprecation warning about ${var} syntax</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17065">PHPBB3-17065</a>] - Emoji characters in MCP add feedback cause SQL error</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17074">PHPBB3-17074</a>] - Condition to avoid creation of roles with same name is broken</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17081">PHPBB3-17081</a>] - Invalid accept attribute in the post editor</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17082">PHPBB3-17082</a>] - Ability to warn Anonymous</li>
+			</ul>
+			<h4>Improvement</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-13291">PHPBB3-13291</a>] - Close notification drop down after clicking &quot;mark all read&quot;</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16105">PHPBB3-16105</a>] - Use &quot;global&quot; reCAPTCHA domain to circumvent blocking in some countries</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17068">PHPBB3-17068</a>] - ALLOW_CDN_EXPLAIN: Incomplete and imprecise description</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17075">PHPBB3-17075</a>] - Add template events to ACP footer after SCRIPTS</li>
+			</ul>
+			<h4>Task</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17066">PHPBB3-17066</a>] - Update GitHub Actions configuration to resolve deprecations</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17071">PHPBB3-17071</a>] - Update the emoji CDN</li>
+			</ul>
+			<h4>Hardening</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/SECURITY-275">SECURITY-275</a>] - Improve handling of exceptions in cron redirect</li>
+			</ul>
+
 			<a name="v339rc1"></a><h3>Changes since 3.3.9-RC1</h3>
 			<h4>Bug</h4>
 			<ul>

phpBB/docs/events.md

@@ -274,6 +274,12 @@ acp_overall_footer_after
 * Since: 3.1.0-a1
 * Purpose: Add content below the footer in the ACP
 
+acp_overall_footer_body_after
+===
+* Location: adm/style/overall_footer.html
+* Since: 3.3.10-RC1
+* Purpose: Add content before the `</body>` tag but after the $SCRIPTS var, i.e. after the js scripts have been loaded
+
 acp_overall_header_body_before
 ===
 * Location: adm/style/overall_header.html
@@ -558,6 +564,12 @@ acp_simple_footer_after
 * Since: 3.1.0-a1
 * Purpose: Add content below the simple footer in the ACP
 
+acp_simple_footer_body_after
+===
+* Location: adm/style/simple_footer.html
+* Since: 3.3.10-RC1
+* Purpose: Add content before the `</body>` tag but after the $SCRIPTS var, i.e. after the js scripts have been loaded
+
 acp_simple_header_body_before
 ===
 * Location: adm/style/simple_header.html

phpBB/includes/acp/acp_permission_roles.php

@@ -179,7 +179,7 @@ class acp_permission_roles
 					$db->sql_freeresult($result);
 
 					// Make sure we only print out the error if we add the role or change it's name
-					if ($row && ($mode == 'add' || ($mode == 'edit' && $role_row['role_name'] != $role_name)))
+					if ($row && ($action == 'add' || ($action == 'edit' && $role_row['role_name'] != $role_name)))
 					{
 						trigger_error(sprintf($user->lang['ROLE_NAME_ALREADY_EXIST'], $role_name) . adm_back_link($this->u_action), E_USER_WARNING);
 					}

phpBB/includes/constants.php

@@ -28,7 +28,7 @@ if (!defined('IN_PHPBB'))
 */
 
 // phpBB Version
-@define('PHPBB_VERSION', '3.3.9');
+@define('PHPBB_VERSION', '3.3.10');
 
 // QA-related
 // define('PHPBB_QA', 1);

phpBB/includes/functions_posting.php

@@ -834,7 +834,7 @@ function posting_gen_attachment_entry($attachment_data, &$filename_data, $show_a
 		'FILESIZE'						=> $config['max_filesize'],
 		'FILE_COMMENT'					=> (isset($filename_data['filecomment'])) ? $filename_data['filecomment'] : '',
 		'MAX_ATTACHMENT_FILESIZE'		=> $config['max_filesize'] > 0 ? $user->lang('MAX_ATTACHMENT_FILESIZE', get_formatted_filesize($config['max_filesize'])) : '',
-		'ALLOWED_ATTACHMENTS'			=> !empty($allowed_attachments) ? implode(',', $allowed_attachments) : '',
+		'ALLOWED_ATTACHMENTS'			=> !empty($allowed_attachments) ? '.' . implode(',.', $allowed_attachments) : '',
 	];
 
 	/**

phpBB/includes/mcp/mcp_notes.php

@@ -98,7 +98,7 @@ class mcp_notes
 		$userrow = $db->sql_fetchrow($result);
 		$db->sql_freeresult($result);
 
-		if (!$userrow)
+		if (!$userrow || (int) $userrow['user_id'] === ANONYMOUS)
 		{
 			trigger_error('NO_USER');
 		}
@@ -162,16 +162,16 @@ class mcp_notes
 		{
 			if (check_form_key('mcp_notes'))
 			{
-				$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_FEEDBACK', false, array($userrow['username']));
-				$phpbb_log->add('mod', $user->data['user_id'], $user->ip, 'LOG_USER_FEEDBACK', false, array(
+				$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_FEEDBACK', false, [$userrow['username']]);
+				$phpbb_log->add('mod', $user->data['user_id'], $user->ip, 'LOG_USER_FEEDBACK', false, [
 					'forum_id' => 0,
 					'topic_id' => 0,
 					$userrow['username']
-				));
-				$phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_GENERAL', false, array(
+				]);
+				$phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_GENERAL', false, [
 					'reportee_id' => $user_id,
-					$usernote
-				));
+					utf8_encode_ucr($usernote)
+				]);
 
 				$msg = $user->lang['USER_FEEDBACK_ADDED'];
 			}

phpBB/includes/mcp/mcp_warn.php

@@ -386,7 +386,7 @@ class mcp_warn
 		$user_row = $db->sql_fetchrow($result);
 		$db->sql_freeresult($result);
 
-		if (!$user_row)
+		if (!$user_row || (int) $user_row['user_id'] === ANONYMOUS)
 		{
 			trigger_error('NO_USER');
 		}

phpBB/install/convertors/convert_phpbb20.php

@@ -38,7 +38,7 @@ $dbms = $phpbb_config_php_file->convert_30_dbms_to_31($dbms);
 $convertor_data = array(
 	'forum_name'	=> 'phpBB 2.0.x',
 	'version'		=> '1.0.3',
-	'phpbb_version'	=> '3.3.9',
+	'phpbb_version'	=> '3.3.10',
 	'author'		=> '<a href="https://www.phpbb.com/">phpBB Limited</a>',
 	'dbms'			=> $dbms,
 	'dbhost'		=> $dbhost,

phpBB/install/phpbbcli.php

@@ -23,7 +23,7 @@ if (php_sapi_name() !== 'cli')
 define('IN_PHPBB', true);
 define('IN_INSTALL', true);
 define('PHPBB_ENVIRONMENT', 'production');
-define('PHPBB_VERSION', '3.3.9');
+define('PHPBB_VERSION', '3.3.10');
 $phpbb_root_path = __DIR__ . '/../';
 $phpEx = substr(strrchr(__FILE__, '.'), 1);
 

phpBB/install/schemas/schema_data.sql

@@ -316,7 +316,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('update_hashes_lock
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_icons_path', 'images/upload_icons');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_path', 'files');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('use_system_cron', '0');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.3.9');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.3.10');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_expire_days', '90');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_gc', '14400');
 

phpBB/language/en/acp/board.php

@@ -386,7 +386,7 @@ $lang = array_merge($lang, array(
 	'ACP_LOAD_SETTINGS_EXPLAIN'	=> 'Here you can enable and disable certain board functions to reduce the amount of processing required. On most servers there is no need to disable any functions. However on certain systems or in shared hosting environments it may be beneficial to disable capabilities you do not really need. You can also specify limits for system load and active sessions beyond which the board will go offline.',
 
 	'ALLOW_CDN'						=> 'Allow usage of third party content delivery networks',
-	'ALLOW_CDN_EXPLAIN'				=> 'If this setting is enabled, some files will be served from external third party servers instead of your server. This reduces the network bandwidth required by your server, but may present a privacy issue for some board administrators. In a default phpBB installation, this includes loading “jQuery” and the font “Open Sans” from Google’s content delivery network.',
+	'ALLOW_CDN_EXPLAIN'				=> 'If this setting is enabled, some files will be served from external third party servers instead of your server. This reduces the network bandwidth used by your server, but may present a privacy issue in some countries. In a default phpBB installation, this includes loading “jQuery” and the font “Open Sans” from Google’s content delivery network. This also applies to the “Font Awesome” font, which phpBB and some extensions use to render icons.',
 	'ALLOW_LIVE_SEARCHES'			=> 'Allow live searches',
 	'ALLOW_LIVE_SEARCHES_EXPLAIN'	=> 'If this setting is enabled, users are provided with keyword suggestions as they type in certain fields throughout the board.',
 	'CUSTOM_PROFILE_FIELDS'			=> 'Custom profile fields',

phpBB/language/en/acp/common.php

@@ -738,6 +738,10 @@ $lang = array_merge($lang, array(
 	'LOG_SEARCH_INDEX_CREATED'	=> '<strong>Created search index for</strong><br />» %s',
 	'LOG_SEARCH_INDEX_REMOVED'	=> '<strong>Removed search index for</strong><br />» %s',
 	'LOG_SPHINX_ERROR'			=> '<strong>Sphinx Error</strong><br />» %s',
+
+	'LOG_SPAMHAUS_OPEN_RESOLVER'		=> 'Spamhaus does not allow queries using an open resolver. Blacklist checking has been disabled. For more information, see https://www.spamhaus.com/product/help-for-spamhaus-public-mirror-users/.',
+	'LOG_SPAMHAUS_VOLUME_LIMIT'			=> 'Spamhaus query volume limit has been exceeded. Blacklist checking has been disabled. For more information, see https://www.spamhaus.com/product/help-for-spamhaus-public-mirror-users/.',
+
 	'LOG_STYLE_ADD'				=> '<strong>Added new style</strong><br />» %s',
 	'LOG_STYLE_DELETE'			=> '<strong>Deleted style</strong><br />» %s',
 	'LOG_STYLE_EDIT_DETAILS'	=> '<strong>Edited style</strong><br />» %s',

phpBB/language/en/common.php

@@ -678,6 +678,10 @@ $lang = array_merge($lang, array(
 	'RETURN_TOPIC'				=> '%sReturn to the topic last visited%s',
 	'RETURN_TO'					=> 'Return to “%s”',
 	'RETURN_TO_INDEX'			=> 'Return to Board Index',
+
+	'ROUTE_NOT_FOUND'				=> 'The requested route “%s” could not be found.',
+	'ROUTE_INVALID_MISSING_PARAMS'	=> 'Invalid or missing parameters passed for route “%s”.',
+
 	'FEED'						=> 'Feed',
 	'FEED_NEWS'					=> 'News',
 	'FEED_TOPICS_ACTIVE'		=> 'Active Topics',

phpBB/phpbb/captcha/plugins/recaptcha.php

@@ -15,18 +15,13 @@ namespace phpbb\captcha\plugins;
 
 class recaptcha extends captcha_abstract
 {
-	var $recaptcha_server = 'http://www.google.com/recaptcha/api';
-	var $recaptcha_server_secure = 'https://www.google.com/recaptcha/api'; // class constants :(
-
-	var $response;
+	private $response;
 
 	/**
 	* Constructor
 	*/
 	public function __construct()
 	{
-		global $request;
-		$this->recaptcha_server = $request->is_secure() ? $this->recaptcha_server_secure : $this->recaptcha_server;
 	}
 
 	function init($type)
@@ -94,6 +89,12 @@ class recaptcha extends captcha_abstract
 				}
 			}
 
+			$recaptcha_domain = $request->variable('recaptcha_v2_domain', '', true);
+			if (in_array($recaptcha_domain, recaptcha_v3::$supported_domains))
+			{
+				$config->set('recaptcha_v2_domain', $recaptcha_domain);
+			}
+
 			$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_CONFIG_VISUAL');
 			trigger_error($user->lang['CONFIG_UPDATED'] . adm_back_link($module->u_action));
 		}
@@ -110,9 +111,11 @@ class recaptcha extends captcha_abstract
 			}
 
 			$template->assign_vars(array(
-				'CAPTCHA_PREVIEW'	=> $this->get_demo_template($id),
-				'CAPTCHA_NAME'		=> $this->get_service_name(),
-				'U_ACTION'			=> $module->u_action,
+				'CAPTCHA_PREVIEW'		=> $this->get_demo_template($id),
+				'CAPTCHA_NAME'			=> $this->get_service_name(),
+				'RECAPTCHA_V2_DOMAIN'	=> $config['recaptcha_v2_domain'] ?? recaptcha_v3::GOOGLE,
+				'RECAPTCHA_V2_DOMAINS'	=> recaptcha_v3::$supported_domains,
+				'U_ACTION'				=> $module->u_action,
 			));
 
 		}
@@ -140,9 +143,10 @@ class recaptcha extends captcha_abstract
 		{
 			$contact_link = phpbb_get_board_contact_link($config, $phpbb_root_path, $phpEx);
 			$explain = $user->lang(($this->type != CONFIRM_POST) ? 'CONFIRM_EXPLAIN' : 'POST_CONFIRM_EXPLAIN', '<a href="' . $contact_link . '">', '</a>');
+			$domain = $config['recaptcha_v2_domain'] ?? recaptcha_v3::GOOGLE;
 
 			$template->assign_vars(array(
-				'RECAPTCHA_SERVER'			=> $this->recaptcha_server,
+				'RECAPTCHA_SERVER'			=> sprintf('//%1$s/recaptcha/api', $domain),
 				'RECAPTCHA_PUBKEY'			=> isset($config['recaptcha_pubkey']) ? $config['recaptcha_pubkey'] : '',
 				'S_RECAPTCHA_AVAILABLE'		=> self::is_available(),
 				'S_CONFIRM_CODE'			=> true,

phpBB/phpbb/captcha/plugins/recaptcha_v3.php

@@ -30,6 +30,14 @@ class recaptcha_v3 extends captcha_abstract
 	 */
 	const GOOGLE		= 'google.com';
 	const RECAPTCHA		= 'recaptcha.net';
+	const RECAPTCHA_CN	= 'recaptcha.google.cn';
+
+	/** @var string[] List of supported domains */
+	static public $supported_domains = [
+		self::GOOGLE,
+		self::RECAPTCHA,
+		self::RECAPTCHA_CN
+	];
 
 	/** @var array CAPTCHA types mapped to their action */
 	static protected $actions = [
@@ -180,9 +188,14 @@ class recaptcha_v3 extends captcha_abstract
 				trigger_error($language->lang('EMPTY_RECAPTCHA_V3_REQUEST_METHOD') . adm_back_link($module->u_action), E_USER_WARNING);
 			}
 
+			$recaptcha_domain = $request->variable('recaptcha_v3_domain', '', true);
+			if (in_array($recaptcha_domain, self::$supported_domains))
+			{
+				$config->set('recaptcha_v3_domain', $recaptcha_domain);
+			}
+
 			$config->set('recaptcha_v3_key', $request->variable('recaptcha_v3_key', '', true));
 			$config->set('recaptcha_v3_secret', $request->variable('recaptcha_v3_secret', '', true));
-			$config->set('recaptcha_v3_domain', $request->variable('recaptcha_v3_domain', '', true));
 			$config->set('recaptcha_v3_method', $recaptcha_v3_method);
 
 			foreach (self::$actions as $action)
@@ -211,7 +224,7 @@ class recaptcha_v3 extends captcha_abstract
 			'RECAPTCHA_V3_SECRET'		=> $config['recaptcha_v3_secret'] ?? '',
 
 			'RECAPTCHA_V3_DOMAIN'		=> $config['recaptcha_v3_domain'] ?? self::GOOGLE,
-			'RECAPTCHA_V3_DOMAINS'		=> [self::GOOGLE, self::RECAPTCHA],
+			'RECAPTCHA_V3_DOMAINS'		=> self::$supported_domains,
 
 			'RECAPTCHA_V3_METHOD'		=> $config['recaptcha_v3_method'] ?? '',
 			'RECAPTCHA_V3_METHODS'		=> [

phpBB/phpbb/db/migration/data/v33x/v3310.php

@@ -0,0 +1,36 @@
+<?php
+/**
+ *
+ * This file is part of the phpBB Forum Software package.
+ *
+ * @copyright (c) phpBB Limited <https://www.phpbb.com>
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
+
+namespace phpbb\db\migration\data\v33x;
+
+class v3310 extends \phpbb\db\migration\migration
+{
+	public function effectively_installed()
+	{
+		return version_compare($this->config['version'], '3.3.10', '>=');
+	}
+
+	public static function depends_on()
+	{
+		return [
+			'\phpbb\db\migration\data\v33x\v3310rc1',
+		];
+	}
+
+	public function update_data()
+	{
+		return [
+			['config.update', ['version', '3.3.10']],
+		];
+	}
+}

phpBB/phpbb/db/migration/data/v33x/v3310rc1.php

@@ -0,0 +1,36 @@
+<?php
+/**
+ *
+ * This file is part of the phpBB Forum Software package.
+ *
+ * @copyright (c) phpBB Limited <https://www.phpbb.com>
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
+
+namespace phpbb\db\migration\data\v33x;
+
+class v3310rc1 extends \phpbb\db\migration\migration
+{
+	public function effectively_installed()
+	{
+		return version_compare($this->config['version'], '3.3.10-RC1', '>=');
+	}
+
+	public static function depends_on()
+	{
+		return [
+			'\phpbb\db\migration\data\v33x\v339',
+		];
+	}
+
+	public function update_data()
+	{
+		return [
+			['config.update', ['version', '3.3.10-RC1']],
+		];
+	}
+}

phpBB/phpbb/db/tools/mssql.php

@@ -182,7 +182,7 @@ class mssql extends tools
 
 			if (isset($prepared_column['auto_increment']) && $prepared_column['auto_increment'] && strlen($column_name) > 26) // "${column_name}_gen"
 			{
-				trigger_error("Index name '${column_name}_gen' on table '$table_name' is too long. The maximum auto increment column length is 26 characters.", E_USER_ERROR);
+				trigger_error("Index name '{$column_name}_gen' on table '$table_name' is too long. The maximum auto increment column length is 26 characters.", E_USER_ERROR);
 			}
 
 			// here we add the definition of the new column to the list of columns

phpBB/phpbb/db/tools/postgres.php

@@ -147,7 +147,7 @@ class postgres extends tools
 
 			if (isset($prepared_column['auto_increment']) && $prepared_column['auto_increment'] && strlen($column_name) > 26) // "${column_name}_gen"
 			{
-				trigger_error("Index name '${column_name}_gen' on table '$table_name' is too long. The maximum auto increment column length is 26 characters.", E_USER_ERROR);
+				trigger_error("Index name '{$column_name}_gen' on table '$table_name' is too long. The maximum auto increment column length is 26 characters.", E_USER_ERROR);
 			}
 
 			// here we add the definition of the new column to the list of columns

phpBB/phpbb/db/tools/tools.php

@@ -275,7 +275,7 @@ class tools implements tools_interface
 
 			if (isset($prepared_column['auto_increment']) && $prepared_column['auto_increment'] && strlen($column_name) > 26) // "${column_name}_gen"
 			{
-				trigger_error("Index name '${column_name}_gen' on table '$table_name' is too long. The maximum auto increment column length is 26 characters.", E_USER_ERROR);
+				trigger_error("Index name '{$column_name}_gen' on table '$table_name' is too long. The maximum auto increment column length is 26 characters.", E_USER_ERROR);
 			}
 
 			// here we add the definition of the new column to the list of columns

phpBB/phpbb/session.php

@@ -420,7 +420,7 @@ class session
 						// Else check the autologin length... and also removing those having autologin enabled but no longer allowed board-wide.
 						if (!$this->data['session_autologin'])
 						{
-							if ($this->data['session_time'] < $this->time_now - ($config['session_length'] + 60))
+							if ($this->data['session_time'] < $this->time_now - ((int) $config['session_length'] + 60))
 							{
 								$session_expired = true;
 							}
@@ -1346,6 +1346,109 @@ class session
 		}
 	}
 
+	/**
+	* Check if ip is blacklisted by Spamhaus SBL
+	*
+	* Disables DNSBL setting if errors are returned by Spamhaus due to a policy violation.
+	* https://www.spamhaus.com/product/help-for-spamhaus-public-mirror-users/
+	*
+	* @param string 		$dnsbl	the blacklist to check against
+	* @param string|false	$ip		the IPv4 address to check
+	*
+	* @return bool true if listed in spamhaus database, false if not
+	*/
+	function check_dnsbl_spamhaus($dnsbl, $ip = false)
+	{
+		global $config, $phpbb_log;
+
+		if ($ip === false)
+		{
+			$ip = $this->ip;
+		}
+
+		// Spamhaus does not support IPv6 addresses.
+		if (strpos($ip, ':') !== false)
+		{
+			return false;
+		}
+
+		if ($ip)
+		{
+			$quads = explode('.', $ip);
+			$reverse_ip = $quads[3] . '.' . $quads[2] . '.' . $quads[1] . '.' . $quads[0];
+
+			$records = dns_get_record($reverse_ip . '.' . $dnsbl . '.', DNS_A);
+			if (empty($records))
+			{
+				return false;
+			}
+			else
+			{
+				$error = false;
+				foreach ($records as $record)
+				{
+					if ($record['ip'] == '127.255.255.254')
+					{
+						$error = 'LOG_SPAMHAUS_OPEN_RESOLVER';
+						break;
+					}
+					else if ($record['ip'] == '127.255.255.255')
+					{
+						$error = 'LOG_SPAMHAUS_VOLUME_LIMIT';
+						break;
+					}
+				}
+
+				if ($error !== false)
+				{
+					$config->set('check_dnsbl', 0);
+					$phpbb_log->add('critical', $this->data['user_id'], $ip, $error);
+				}
+				else
+				{
+					// The existence of a non-error A record means it's a hit
+					return true;
+				}
+			}
+		}
+
+		return false;
+	}
+
+	/**
+	* Checks if an IPv4 address is in a specified DNS blacklist
+	*
+	* Only checks if a record is returned or not.
+	*
+	* @param string 		$dnsbl	the blacklist to check against
+	* @param string|false	$ip		the IPv4 address to check
+	*
+	* @return bool true if record is returned, false if not
+	*/
+	function check_dnsbl_ipv4_generic($dnsbl, $ip = false)
+	{
+		if ($ip === false)
+		{
+			$ip = $this->ip;
+		}
+
+		// This function does not support IPv6 addresses.
+		if (strpos($ip, ':') !== false)
+		{
+			return false;
+		}
+
+		$quads = explode('.', $ip);
+		$reverse_ip = $quads[3] . '.' . $quads[2] . '.' . $quads[1] . '.' . $quads[0];
+
+		if (checkdnsrr($reverse_ip . '.' . $dnsbl . '.', 'A') === true)
+		{
+			return true;
+		}
+
+		return false;
+	}
+
 	/**
 	* Check if ip is blacklisted
 	* This should be called only where absolutely necessary
@@ -1372,28 +1475,25 @@ class session
 		}
 
 		$dnsbl_check = array(
-			'sbl.spamhaus.org'	=> 'http://www.spamhaus.org/query/bl?ip=',
+			'sbl.spamhaus.org'	=> ['http://www.spamhaus.org/query/bl?ip=', 'check_dnsbl_spamhaus'],
 		);
 
 		if ($mode == 'register')
 		{
-			$dnsbl_check['bl.spamcop.net'] = 'http://spamcop.net/bl.shtml?';
+			$dnsbl_check['bl.spamcop.net'] = ['http://spamcop.net/bl.shtml?', 'check_dnsbl_ipv4_generic'];
 		}
 
 		if ($ip)
 		{
-			$quads = explode('.', $ip);
-			$reverse_ip = $quads[3] . '.' . $quads[2] . '.' . $quads[1] . '.' . $quads[0];
-
 			// Need to be listed on all servers...
 			$listed = true;
 			$info = array();
 
 			foreach ($dnsbl_check as $dnsbl => $lookup)
 			{
-				if (checkdnsrr($reverse_ip . '.' . $dnsbl . '.', 'A') === true)
+				if (call_user_func(array($this, $lookup[1]), $dnsbl, $ip) === true)
 				{
-					$info = array($dnsbl, $lookup . $ip);
+					$info = array($dnsbl, $lookup[0] . $ip);
 				}
 				else
 				{

phpBB/phpbb/textformatter/s9e/factory.php

@@ -356,10 +356,10 @@ class factory implements \phpbb\textformatter\cache_interface
 		$tag = $configurator->Emoji->getTag();
 		$tag->template = '<xsl:choose>
 			<xsl:when test="@tseq">
-				<img alt="{.}" class="emoji" draggable="false" src="//twemoji.maxcdn.com/2/svg/{@tseq}.svg"/>
+				<img alt="{.}" class="emoji" draggable="false" src="//cdn.jsdelivr.net/gh/twitter/twemoji@latest/assets/svg/{@tseq}.svg"/>
 			</xsl:when>
 			<xsl:otherwise>
-				<img alt="{.}" class="emoji" draggable="false" src="https://cdn.jsdelivr.net/gh/s9e/emoji-assets-twemoji@11.2/dist/svgz/{@seq}.svgz"/>
+				<img alt="{.}" class="emoji" draggable="false" src="//cdn.jsdelivr.net/gh/twitter/twemoji@latest/assets/svg/{@seq}.svg"/>
 			</xsl:otherwise>
 		</xsl:choose>';
 		$tag->template = '<xsl:choose><xsl:when test="$S_VIEWSMILIES">' . str_replace('class="emoji"', 'class="emoji smilies"', $tag->template) . '</xsl:when><xsl:otherwise><xsl:value-of select="."/></xsl:otherwise></xsl:choose>';

phpBB/styles/prosilver/style.cfg

@@ -21,8 +21,8 @@
 # General Information about this style
 name = prosilver
 copyright = © phpBB Limited, 2007
-style_version = 3.3.9
-phpbb_version = 3.3.9
+style_version = 3.3.10
+phpbb_version = 3.3.10
 
 # Defining a different template bitfield
 # template_bitfield = //g=

phpBB/styles/prosilver/template/ajax.js

@@ -101,6 +101,7 @@ phpbb.addAjaxCallback('mark_topics_read', function(res, updateTopicLinks) {
 phpbb.addAjaxCallback('notification.mark_all_read', function(res) {
 	if (typeof res.success !== 'undefined') {
 		phpbb.markNotifications($('#notification_list li.bg2'), 0);
+		phpbb.toggleDropdown.call($('#notification_list_button'));
 		phpbb.closeDarkenWrapper(3000);
 	}
 });

phpBB/styles/prosilver/template/ucp_groups_manage.html

@@ -1,6 +1,6 @@
 <!-- INCLUDE ucp_header.html -->
 
-<h2<!-- IF GROUP_COLOR --> style="color:#{GROUP_COLOR};"<!-- ENDIF -->>{L_USERGROUPS}<!-- IF GROUP_NAME --> :: {GROUP_NAME}<!-- ENDIF --></h2>
+<h2<!-- IF GROUP_COLOUR --> style="color:#{GROUP_COLOUR};"<!-- ENDIF -->>{L_USERGROUPS}<!-- IF GROUP_NAME --> :: {GROUP_NAME}<!-- ENDIF --></h2>
 
 <form id="ucp" method="post" action="{S_UCP_ACTION}"{S_FORM_ENCTYPE}>
 

tests/functional/acp_permissions_test.php

@@ -92,7 +92,7 @@ class phpbb_functional_acp_permissions_test extends phpbb_functional_test_case
 	public function test_change_permission($description, $permission_type, $permission, $mode, $object_name, $object_id)
 	{
 		// Get the form
-		$crawler = self::request('GET', "adm/index.php?i=acp_permissions&icat=16&mode=$mode&${object_name}[0]=$object_id&type=$permission_type&sid=" . $this->sid);
+		$crawler = self::request('GET', "adm/index.php?i=acp_permissions&icat=16&mode=$mode&{$object_name}[0]=$object_id&type=$permission_type&sid=" . $this->sid);
 		$this->assertStringContainsString($this->lang('ACL_SET'), $crawler->filter('h1')->eq(1)->text());
 
 		// XXX globals for \phpbb\auth\auth, refactor it later

tests/text_formatter/s9e/default_formatting_test.php

@@ -310,7 +310,7 @@ class phpbb_textformatter_s9e_default_formatting_test extends phpbb_test_case
 			),
 			array(
 				"Emoji: \xF0\x9F\x98\x80",
-				'Emoji: <img alt="' . "\xF0\x9F\x98\x80" . '" class="emoji smilies" draggable="false" src="//twemoji.maxcdn.com/2/svg/1f600.svg">'
+				'Emoji: <img alt="' . "\xF0\x9F\x98\x80" . '" class="emoji smilies" draggable="false" src="//cdn.jsdelivr.net/gh/twitter/twemoji@latest/assets/svg/1f600.svg">'
 			),
 			array(
 				"Emoji: \xF0\x9F\x98\x80",

tests/text_processing/tickets_data/PHPBB3-15348.html

@@ -1 +1 @@
-<img class="smilies" src="phpBB/images/smilies/icon_e_surprised.gif" width="15" height="17" alt=":o" title="First half of :ok:"> <img class="smilies" src="phpBB/images/smilies/icon_lol.gif" width="15" height="17" alt="k:" title="Second half of :ok:"> <img alt=":ok:" class="emoji smilies" draggable="false" src="//twemoji.maxcdn.com/2/svg/1f197.svg">
+<img class="smilies" src="phpBB/images/smilies/icon_e_surprised.gif" width="15" height="17" alt=":o" title="First half of :ok:"> <img class="smilies" src="phpBB/images/smilies/icon_lol.gif" width="15" height="17" alt="k:" title="Second half of :ok:"> <img alt=":ok:" class="emoji smilies" draggable="false" src="//cdn.jsdelivr.net/gh/twitter/twemoji@latest/assets/svg/1f197.svg">

tests/text_processing/tickets_data/PHPBB3-16074.html

@@ -1 +1 @@
-<img alt=":man_judge:" class="emoji smilies" draggable="false" src="//twemoji.maxcdn.com/2/svg/1f468-200d-2696-fe0f.svg"> <img alt="👨‍⚖️" class="emoji smilies" draggable="false" src="//twemoji.maxcdn.com/2/svg/1f468-200d-2696-fe0f.svg">
+<img alt=":man_judge:" class="emoji smilies" draggable="false" src="//cdn.jsdelivr.net/gh/twitter/twemoji@latest/assets/svg/1f468-200d-2696-fe0f.svg"> <img alt="👨‍⚖️" class="emoji smilies" draggable="false" src="//cdn.jsdelivr.net/gh/twitter/twemoji@latest/assets/svg/1f468-200d-2696-fe0f.svg">