Tentative de régler le bordel

.htaccess

@@ -36,6 +36,13 @@ RewriteRule ^(.*)$ app.php [QSA,L]
 #Options +FollowSymLinks
 </IfModule>
 
+# Apache content negotation tries to interpret non-existent paths as files if
+# MultiViews is enabled. This will however cause issues with paths containg
+# dots, e.g. for the cron tasks
+<IfModule mod_negotiation.c>
+	Options -MultiViews
+</IfModule>
+
 # With Apache 2.4 the "Order, Deny" syntax has been deprecated and moved from
 # module mod_authz_host to a new module called mod_access_compat (which may be
 # disabled) and a new "Require" syntax has been introduced to mod_authz_host.

adm/index.php

@@ -49,7 +49,6 @@ if (!$auth->acl_get('a_'))
 define('IN_ADMIN', true);
 
 // Some oft used variables
-$safe_mode		= (@ini_get('safe_mode') == '1' || strtolower(@ini_get('safe_mode')) === 'on') ? true : false;
 $file_uploads	= (@ini_get('file_uploads') == '1' || strtolower(@ini_get('file_uploads')) === 'on') ? true : false;
 $module_id		= $request->variable('i', '');
 $mode			= $request->variable('mode', '');

adm/style/acp_attachments.html

@@ -110,7 +110,7 @@
 <!-- ELSEIF S_EXTENSION_GROUPS -->
 
 	<!-- IF S_EDIT_GROUP -->
-		<script type="text/javascript" defer="defer">
+		<script>
 		// <![CDATA[
 			function update_image(newimage)
 			{
@@ -421,17 +421,25 @@
 	</tr>
 	</thead>
 	<tbody>
-	<!-- BEGIN attachments -->
+	{% for attachments in attachments %}
 		<tr>
 			<td>
-				<!-- IF attachments.S_IN_MESSAGE -->{L_EXTENSION_GROUP}{L_COLON} <strong><!-- IF attachments.EXT_GROUP_NAME -->{attachments.EXT_GROUP_NAME}<!-- ELSE -->{L_NO_EXT_GROUP}<!-- ENDIF --></strong><br />{attachments.L_DOWNLOAD_COUNT}<br />{L_IN} {L_PRIVATE_MESSAGE}
+				{{ lang('EXTENSION_GROUP') ~ lang('COLON') }} <strong>{{ attachments.EXT_GROUP_NAME }}</strong>
-				<!-- ELSE --><a href="{attachments.U_FILE}" style="font-weight: bold;">{attachments.REAL_FILENAME}</a><br /><!-- IF attachments.COMMENT -->{attachments.COMMENT}<br /><!-- ENDIF -->{attachments.L_DOWNLOAD_COUNT}<br />{L_TOPIC}{L_COLON} <a href="{attachments.U_VIEW_TOPIC}">{attachments.TOPIC_TITLE}</a><!-- ENDIF -->
+				{% if attachments.S_IN_MESSAGE %}
+					<br>{{ attachments.L_DOWNLOAD_COUNT }}
+					<br>{{ lang('IN') }} {{ lang('PRIVATE_MESSAGE') }}
+				{% else %}
+					<br><a href="{{ attachments.U_FILE }}"><strong>{{ attachments.REAL_FILENAME }}</strong></a>
+					{% if attachments.COMMENT %}<br>{{ attachments.COMMENT }}{% endif %}
+					<br>{{ attachments.L_DOWNLOAD_COUNT }}
+					<br>{{ lang('TOPIC') ~ lang('COLON') }} <a href="{{ attachments.U_VIEW_TOPIC }}">{{ attachments.TOPIC_TITLE }}</a>
+				{% endif %}
 			</td>
-			<td>{attachments.FILETIME}<br />{L_POST_BY_AUTHOR} {attachments.ATTACHMENT_POSTER}</td>
+			<td>{{ attachments.FILETIME }}<br>{{ lang('POST_BY_AUTHOR') }} {{ attachments.ATTACHMENT_POSTER }}</td>
-			<td class="centered-text">{attachments.FILESIZE}</td>
+			<td class="centered-text">{{ attachments.FILESIZE }}</td>
-			<td class="centered-text"><input type="checkbox" class="radio" name="delete[{attachments.ATTACH_ID}]" /></td>
+			<td class="centered-text"><input type="checkbox" class="radio" name="delete[{{ attachments.ATTACH_ID }}]" /></td>
 		</tr>
-	<!-- END attachments -->
+	{% endfor %}
 	</tbody>
 	</table>
 <!-- ELSE -->

adm/style/acp_avatar_options_upload.html

@@ -1,6 +1,6 @@
 <dl>
 	<dt><label for="avatar_upload_file">{L_UPLOAD_AVATAR_FILE}{L_COLON}</label></dt>
-	<dd><input type="hidden" name="MAX_FILE_SIZE" value="{AVATAR_UPLOAD_SIZE}" /><input type="file" name="avatar_upload_file" id="avatar_upload_file" class="inputbox autowidth" /></dd>
+	<dd><input type="hidden" name="MAX_FILE_SIZE" value="{AVATAR_UPLOAD_SIZE}" /><input type="file" name="avatar_upload_file" id="avatar_upload_file" class="inputbox autowidth" accept="{{ AVATAR_ALLOWED_EXTENSIONS }}" /></dd>
 </dl>
 
 <!-- IF S_UPLOAD_AVATAR_URL -->

adm/style/acp_ban.html

@@ -8,7 +8,7 @@
 
 <p>{L_EXPLAIN}</p>
 
-<script type="text/javascript">
+<script>
 // <![CDATA[
 
 	var ban_length = new Array();

adm/style/acp_contact.html

@@ -1,6 +1,6 @@
 <!-- INCLUDE overall_header.html -->
 
-<script type="text/javascript">
+<script>
 // <![CDATA[
 
 	var form_name = 'acp_contact';
@@ -44,7 +44,7 @@
 		<!-- INCLUDE acp_posting_buttons.html -->
 
 		<dl class="responsive-columns">
-			<dt style="width: 90px;" id="color_palette_placeholder" data-orientation="v" data-height="12" data-width="15" data-bbcode="true">
+			<dt style="width: 90px;" id="color_palette_placeholder" data-color-palette="v" data-height="12" data-width="15" data-bbcode="true">
 			</dt>
 
 			<dd style="margin-{S_CONTENT_FLOW_BEGIN}: 90px;">

adm/style/acp_database.html

@@ -35,7 +35,7 @@
 
 	<p>{L_ACP_BACKUP_EXPLAIN}</p>
 
-	<script type="text/javascript">
+	<script>
 	// <![CDATA[
 
 		function selector(bool)
@@ -67,12 +67,6 @@
 		<label><input name="method"<!-- IF methods.S_FIRST_ROW --> id="method" checked="checked"<!-- ENDIF --> type="radio" class="radio" value="{methods.TYPE}" /> {methods.TYPE}</label>
 		<!-- END methods --></dd>
 	</dl>
-	<dl>
-		<dt><label for="where">{L_ACTION}{L_COLON}</label></dt>
-		<dd>
-			<label><input id="where" type="radio" class="radio" name="where" value="store" checked="checked" /> {L_STORE_LOCAL}</label>
-		</dd>
-	</dl>
 	<dl>
 		<dt><label for="table">{L_TABLE_SELECT}{L_COLON}</label></dt>
 		<dd><select id="table" name="table[]" size="10" multiple="multiple">

adm/style/acp_ext_actions.html

@@ -0,0 +1,7 @@
+{% for action in enabled.actions %}
+	<a href="{{ action.U_ACTION }}"{% if action.L_ACTION_EXPLAIN %} title="{{ action.L_ACTION_EXPLAIN }}"{% endif %}{% if action.COLOR %} style="color: {{ action.COLOR }};"{% endif %} data-ajax="{{ action.ACTION_AJAX }}" data-refresh="true">{{ action.L_ACTION }}</a>{% if not action.S_LAST_ROW %}&nbsp;|&nbsp;{% endif %}
+{% endfor %}
+
+{% for action in disabled.actions %}
+	<a href="{{ action.U_ACTION }}"{% if action.L_ACTION_EXPLAIN %} title="{{ action.L_ACTION_EXPLAIN }}"{% endif %}{% if action.COLOR %} style="color: {{ action.COLOR }};"{% endif %} data-ajax="{{ action.ACTION_AJAX }}" data-refresh="true">{{ action.L_ACTION }}</a>{% if not action.S_LAST_ROW %}&nbsp;|&nbsp;{% endif %}
+{% endfor %}

adm/style/acp_ext_list.html

@@ -7,7 +7,7 @@
 	<p>{L_EXTENSIONS_EXPLAIN}</p>
 
 	<fieldset class="quick">
-		<span class="small"><a href="https://www.phpbb.com/go/customise/extensions/3.2" target="_blank">{L_BROWSE_EXTENSIONS_DATABASE}</a> &bull; <a href="{U_VERSIONCHECK_FORCE}">{L_VERSIONCHECK_FORCE_UPDATE_ALL}</a> &bull; <a href="javascript:phpbb.toggleDisplay('version_check_settings');">{L_SETTINGS}</a></span>
+		<span class="small"><a href="https://www.phpbb.com/go/customise/extensions/3.3" target="_blank">{L_BROWSE_EXTENSIONS_DATABASE}</a> &bull; <a href="{U_VERSIONCHECK_FORCE}">{L_VERSIONCHECK_FORCE_UPDATE_ALL}</a> &bull; <a href="javascript:phpbb.toggleDisplay('version_check_settings');">{L_SETTINGS}</a></span>
 	</fieldset>
 
 	<form id="version_check_settings" method="post" action="{U_ACTION}" style="display:none">
@@ -42,8 +42,8 @@
 		</tr>
 	</thead>
 	<tbody>
-		<!-- IF .enabled -->
+
-		<tr>
+		<tr id="ext_enabled_header"<!-- IF not .enabled --> class="hidden"<!-- ENDIF -->>
 			<td class="row3" colspan="4"><strong>{L_EXTENSIONS_ENABLED}</strong><!-- EVENT acp_ext_list_enabled_title_after --></td>
 		</tr>
 		<!-- BEGIN enabled -->
@@ -59,17 +59,12 @@
 			</td>
 			<td style="text-align: center;"><a href="{enabled.U_DETAILS}">{L_DETAILS}</a></td>
 			<td style="text-align: center;">
-				<!-- BEGIN actions -->
+				<!-- INCLUDE acp_ext_actions.html -->
-					<a href="{enabled.actions.U_ACTION}"<!-- IF enabled.actions.L_ACTION_EXPLAIN --> title="{enabled.actions.L_ACTION_EXPLAIN}"<!-- ENDIF -->>{enabled.actions.L_ACTION}</a>
-					<!-- IF not enabled.actions.S_LAST_ROW -->&nbsp;|&nbsp;<!-- ENDIF -->
-				<!-- END actions -->
 			</td>
 		</tr>
 		<!-- END enabled -->
-		<!-- ENDIF -->
 
-		<!-- IF .disabled -->
+		<tr id="ext_disabled_header"<!-- IF not .disabled --> class="hidden"<!-- ENDIF -->>
-		<tr>
 			<td class="row3" colspan="4"><strong>{L_EXTENSIONS_DISABLED}</strong><!-- EVENT acp_ext_list_disabled_title_after --></td>
 		</tr>
 		<!-- BEGIN disabled -->
@@ -87,14 +82,10 @@
 				<!-- IF disabled.U_DETAILS --><a href="{disabled.U_DETAILS}">{L_DETAILS}</a><!-- ENDIF -->
 			</td>
 			<td style="text-align: center;">
-				<!-- BEGIN actions -->
+				<!-- INCLUDE acp_ext_actions.html -->
-					<a href="{disabled.actions.U_ACTION}"<!-- IF disabled.actions.L_ACTION_EXPLAIN --> title="{disabled.actions.L_ACTION_EXPLAIN}"<!-- ENDIF -->>{disabled.actions.L_ACTION}</a>
-					<!-- IF not disabled.actions.S_LAST_ROW -->&nbsp;|&nbsp;<!-- ENDIF -->
-				<!-- END actions -->
 			</td>
 		</tr>
 		<!-- END disabled -->
-		<!-- ENDIF -->
 	</tbody>
 	</table>
 

adm/style/acp_forums.html

@@ -4,7 +4,7 @@
 
 <!-- IF S_EDIT_FORUM -->
 
-	<script type="text/javascript">
+	<script>
 	// <![CDATA[
 		/**
 		* Handle displaying/hiding several options based on the forum type
@@ -210,6 +210,11 @@
 			<dd><label><input type="radio" class="radio" name="display_subforum_list" value="1"<!-- IF S_DISPLAY_SUBFORUM_LIST --> id="display_subforum_list" checked="checked"<!-- ENDIF --> /> {L_YES}</label>
 				<label><input type="radio" class="radio" name="display_subforum_list" value="0"<!-- IF not S_DISPLAY_SUBFORUM_LIST --> id="display_subforum_list" checked="checked"<!-- ENDIF --> /> {L_NO}</label></dd>
 		</dl>
+		<dl>
+			<dt><label for="display_subforum_limit">{L_LIMIT_SUBFORUMS}{L_COLON}</label><br /><span>{L_LIMIT_SUBFORUMS_EXPLAIN}</span></dt>
+			<dd><label><input type="radio" class="radio" name="display_subforum_limit" value="1"<!-- IF S_DISPLAY_SUBFORUM_LIMIT --> id="display_subforum_limit" checked="checked"<!-- ENDIF --> /> {L_YES}</label>
+				<label><input type="radio" class="radio" name="display_subforum_limit" value="0"<!-- IF not S_DISPLAY_SUBFORUM_LIMIT --> id="display_subforum_limit" checked="checked"<!-- ENDIF --> /> {L_NO}</label></dd>
+		</dl>
 		<dl>
 			<dt><label for="display_on_index">{L_LIST_INDEX}{L_COLON}</label><br /><span>{L_LIST_INDEX_EXPLAIN}</span></dt>
 			<dd><label><input type="radio" class="radio" name="display_on_index" value="1"<!-- IF S_DISPLAY_ON_INDEX --> id="display_on_index" checked="checked"<!-- ENDIF --> /> {L_YES}</label>
@@ -405,7 +410,7 @@
 
 <!-- ELSEIF S_CONTINUE_SYNC -->
 
-	<script type="text/javascript">
+	<script>
 	// <![CDATA[
 		var close_waitscreen = 0;
 		// no scrollbars...
@@ -421,7 +426,7 @@
 
 <!-- ELSE -->
 
-	<script type="text/javascript">
+	<script>
 	// <![CDATA[
 		/**
 		* Popup search progress bar
@@ -447,7 +452,7 @@
 	<!-- ENDIF -->
 
 	<!-- IF S_RESYNCED -->
-		<script type="text/javascript">
+		<script>
 		// <![CDATA[
 			var close_waitscreen = 1;
 		// ]]>

adm/style/acp_groups.html

@@ -36,10 +36,12 @@
 		<dl>
 			<dt><label for="group_type">{L_GROUP_TYPE}{L_COLON}</label><br /><span>{L_GROUP_TYPE_EXPLAIN}</span></dt>
 			<dd>
+				{% EVENT acp_group_types_prepend %}
 				<label><input name="group_type" type="radio" class="radio" id="group_type" value="{GROUP_TYPE_FREE}"{GROUP_FREE} /> {L_GROUP_OPEN}</label>
 				<label><input name="group_type" type="radio" class="radio" value="{GROUP_TYPE_OPEN}"{GROUP_OPEN} /> {L_GROUP_REQUEST}</label>
 				<label><input name="group_type" type="radio" class="radio" value="{GROUP_TYPE_CLOSED}"{GROUP_CLOSED} /> {L_GROUP_CLOSED}</label>
 				<label><input name="group_type" type="radio" class="radio" value="{GROUP_TYPE_HIDDEN}"{GROUP_HIDDEN} /> {L_GROUP_HIDDEN}</label>
+				{% EVENT acp_group_types_append %}
 			</dd>
 		</dl>
 	<!-- ELSE -->
@@ -98,7 +100,7 @@
 			<input name="group_colour" type="text" id="group_colour" value="{GROUP_COLOUR}" size="6" maxlength="6" />
 			<!-- IF GROUP_COLOUR -->&nbsp;<span style="background-color: #{GROUP_COLOUR}">&nbsp; &nbsp;</span><!-- ENDIF -->&nbsp;&nbsp;<span>
 			[ <a href="#" id="color_palette_toggle">{L_COLOUR_SWATCH}</a> ]</span>
-			<div id="color_palette_placeholder" style="display: none;" data-orientation="h" data-height="12" data-width="15" data-target="#group_colour"></div>
+			<div id="color_palette_placeholder" style="display: none;" data-color-palette="h" data-height="12" data-width="15" data-target="#group_colour"></div>
 		</dd>
 	</dl>
 	<dl>

adm/style/acp_help_phpbb.html

@@ -38,10 +38,12 @@
 			<dd>{L_SEND_STATISTICS_LONG}</dd>
 		</dl>
 	</div>
+	<script>
+		var statsData = {{ S_STATS_DATA }};
+	</script>
 	<!-- EVENT acp_help_phpbb_stats_after -->
 	<fieldset>
 		<p class="submit-buttons">
-			<input type="hidden" name="systemdata" value="{RAW_DATA}" />
 			<input type="hidden" name="help_send_statistics_time" value="{COLLECT_STATS_TIME}" />
 			<input class="button1" type="submit" id="submit" name="submit" value="{L_SUBMIT}" />
 		</p>
@@ -52,7 +54,11 @@
 <form action="{U_COLLECT_STATS}" method="post" target="questionaire_result" id="questionnaire-form">
 	<fieldset>
 		<p class="submit-buttons">
-			<input type="hidden" name="systemdata" value="{RAW_DATA}" />
+			{% for providers in providers %}
+				{% for values in providers.values %}
+					<input type="hidden" name="{{ providers.NAME }}[{{ values.KEY }}]" value="{{ values.VALUE }}" />
+				{% endfor %}
+			{% endfor %}
 			<input class="button1" type="submit" id="submit_stats" name="submit" value="{L_SEND_STATISTICS}" />
 		</p>
 	</fieldset>

adm/style/acp_icons.html

@@ -4,7 +4,7 @@
 
 <!-- IF S_EDIT -->
 
-	<script type="text/javascript" defer="defer">
+	<script>
 	// <![CDATA[
 	<!-- IF S_ADD_CODE -->
 

adm/style/acp_language.html

@@ -69,7 +69,7 @@
 	<p>{L_ACP_LANGUAGE_PACKS_EXPLAIN}</p>
 
 	<fieldset class="quick">
-		<span class="small"><a href="https://www.phpbb.com/go/customise/language-packs/3.2" target="_blank">{L_BROWSE_LANGUAGE_PACKS_DATABASE}</a></span>
+		<span class="small"><a href="https://www.phpbb.com/go/customise/language-packs/3.3" target="_blank">{L_BROWSE_LANGUAGE_PACKS_DATABASE}</a></span>
 	</fieldset>
 
 	<table class="table1 zebra-table">

adm/style/acp_main.html

@@ -94,89 +94,116 @@
 
 	<!-- EVENT acp_main_notice_after -->
 
-	<table class="table1 two-columns no-header" data-no-responsive-header="true">
+		<div class="lside">
-		<caption>{L_FORUM_STATS}</caption>
+			<table class="table2 zebra-table no-header" data-no-responsive-header="true">
-		<col class="col1" /><col class="col2" /><col class="col1" /><col class="col2" />
+				<thead>
-	<thead>
+					<tr>
-	<tr>
+						<th>{{ lang('STATISTIC') }}</th>
-		<th>{L_STATISTIC}</th>
+						<th>{{ lang('VALUE') }}</th>
-		<th>{L_VALUE}</th>
+					</tr>
-		<th>{L_STATISTIC}</th>
+				</thead>
-		<th>{L_VALUE}</th>
+
-	</tr>
+				<tbody>
-	</thead>
+					<tr>
-	<tbody>
+						<td class="tabled">{{ lang('BOARD_STARTED') ~ lang('COLON') }}</td>
-	<tr>
+						<td class="tabled"><strong>{{ START_DATE }}</strong></td>
-		<td>{L_NUMBER_POSTS}{L_COLON} </td>
+					</tr>
-		<td><strong>{TOTAL_POSTS}</strong></td>
+					<tr>
-		<td>{L_POSTS_PER_DAY}{L_COLON} </td>
+						<td class="tabled">{{ lang('AVATAR_DIR_SIZE') ~ lang('COLON') }}</td>
-		<td><strong>{POSTS_PER_DAY}</strong></td>
+						<td class="tabled"><strong>{{ AVATAR_DIR_SIZE }}</strong></td>
-	</tr>
+					</tr>
-	<tr>
+					<tr>
-		<td>{L_NUMBER_TOPICS}{L_COLON} </td>
+						<td class="tabled">{{ lang('DATABASE_SIZE') ~ lang('COLON') }}</td>
-		<td><strong>{TOTAL_TOPICS}</strong></td>
+						<td class="tabled"><strong>{{ DBSIZE }}</strong></td>
-		<td>{L_TOPICS_PER_DAY}{L_COLON} </td>
+					</tr>
-		<td><strong>{TOPICS_PER_DAY}</strong></td>
+					<tr>
-	</tr>
+						<td class="tabled">{{ lang('UPLOAD_DIR_SIZE') ~ lang('COLON') }}</td>
-	<tr>
+						<td class="tabled"><strong>{{ UPLOAD_DIR_SIZE }}</strong></td>
-		<td>{L_NUMBER_USERS}{L_COLON} </td>
+					</tr>
-		<td><strong>{TOTAL_USERS}</strong></td>
+					<tr>
-		<td>{L_USERS_PER_DAY}{L_COLON} </td>
+						<td class="tabled">{{ lang('DATABASE_SERVER_INFO') ~ lang('COLON') }}</td>
-		<td><strong>{USERS_PER_DAY}</strong></td>
+						<td class="tabled"><strong>{{ DATABASE_INFO }}</strong></td>
-	</tr>
+					</tr>
-	<tr>
+					<tr>
-		<td>{L_NUMBER_FILES}{L_COLON} </td>
+						<td class="tabled">{{ lang('GZIP_COMPRESSION') ~ lang('COLON') }}</td>
-		<td><strong>{TOTAL_FILES}</strong></td>
+						<td class="tabled"><strong>{{ GZIP_COMPRESSION }}</strong></td>
-		<td>{L_FILES_PER_DAY}{L_COLON} </td>
+					</tr>
-		<td><strong>{FILES_PER_DAY}</strong></td>
+					<tr>
-	</tr>
+						<td class="tabled">{{ lang('PHP_VERSION') ~ lang('COLON') }}</td>
-	<tr>
+						<td class="tabled"><strong>{{ PHP_VERSION_INFO }}</strong></td>
-		<td>{L_BOARD_STARTED}{L_COLON} </td>
+					</tr>
-		<td><strong>{START_DATE}</strong></td>
+					<tr>
-		<td>{L_AVATAR_DIR_SIZE}{L_COLON} </td>
+					{% if S_TOTAL_ORPHAN %}
-		<td><strong>{AVATAR_DIR_SIZE}</strong></td>
+						<td class="tabled">{{ lang('NUMBER_ORPHAN') ~ lang('COLON') }}</td>
-	</tr>
+						<td class="tabled">
-	<tr>
+						{% if TOTAL_ORPHAN > 0 %}
-		<td>{L_DATABASE_SIZE}{L_COLON} </td>
+							<a href="{{ U_ATTACH_ORPHAN }}" title="{{ lang('MORE_INFORMATION') }}"><strong>{{ TOTAL_ORPHAN }}</strong></a>
-		<td><strong>{DBSIZE}</strong></td>
+						{% else %}
-		<td>{L_UPLOAD_DIR_SIZE}{L_COLON} </td>
+							<strong>{{ TOTAL_ORPHAN }}</strong>
-		<td><strong>{UPLOAD_DIR_SIZE}</strong></td>
+						{% endif %}
-	</tr>
+						</td>
-	<tr>
+						{% else %}
-		<td>{L_DATABASE_SERVER_INFO}{L_COLON} </td>
+					{% endif %}
-		<td><strong>{DATABASE_INFO}</strong></td>
+					</tr>
-		<td>{L_GZIP_COMPRESSION}{L_COLON} </td>
+					{% if S_VERSIONCHECK %}
-		<td><strong>{GZIP_COMPRESSION}</strong></td>
+					<tr>
-	</tr>
+						<td class="tabled">{{ lang('BOARD_VERSION') ~ lang('COLON') }}</td>
-	<tr>
+						<td class="tabled">
-		<td>{L_PHP_VERSION}{L_COLON} </td>
+							<strong><a href="{{ U_VERSIONCHECK }}" {% if S_VERSION_UP_TO_DATE %}style="color: #228822;" {% elseif not S_VERSIONCHECK_FAIL %}style="color: #BC2A4D;" {% endif %}title="{{ lang('MORE_INFORMATION') }}">{{ BOARD_VERSION }}</a></strong> [&nbsp;<a href="{{ U_VERSIONCHECK_FORCE }}">{{ lang('VERSIONCHECK_FORCE_UPDATE') }}</a>&nbsp;]
-		<td><strong>{PHP_VERSION_INFO}</strong></td>
+						</td>
-	<!-- IF S_TOTAL_ORPHAN -->
+					</tr>
-		<td>{L_NUMBER_ORPHAN}{L_COLON} </td>
+					{% endif %}
-		<td>
+				</tbody>
-		<!-- IF TOTAL_ORPHAN > 0 -->
+			</table>
-			<a href="{U_ATTACH_ORPHAN}" title="{L_MORE_INFORMATION}"><strong>{TOTAL_ORPHAN}</strong></a>
+
-		<!-- ELSE -->
+			<table class="table2 zebra-table no-header" data-no-responsive-header="true">
-			<strong>{TOTAL_ORPHAN}</strong>
+				<thead>
-		<!-- ENDIF -->
+					<tr>
-		</td>
+						<th>{{ lang('STATISTIC') }}</th>
-		<!-- ELSE -->
+						<th>{{ lang('VALUE') }}</th>
-		<td>&nbsp;</td>
+					</tr>
-		<td>&nbsp;</td>
+				</thead>
-	<!-- ENDIF -->
+
-	</tr>
+				<tbody>
-	<!-- IF S_VERSIONCHECK -->
+					<tr>
-	<tr>
+						<td class="tabled">{{ lang('NUMBER_POSTS') ~ lang('COLON') }}</td>
-		<td>{L_BOARD_VERSION}{L_COLON} </td>
+						<td class="tabled"><strong>{{ TOTAL_POSTS }}</strong></td>
-		<td>
+					</tr>
-			<strong><a href="{U_VERSIONCHECK}" <!-- IF S_VERSION_UP_TO_DATE -->style="color: #228822;" <!-- ELSEIF not S_VERSIONCHECK_FAIL -->style="color: #BC2A4D;" <!-- ENDIF -->title="{L_MORE_INFORMATION}">{BOARD_VERSION}</a></strong> [&nbsp;<a href="{U_VERSIONCHECK_FORCE}">{L_VERSIONCHECK_FORCE_UPDATE}</a>&nbsp;]
+					<tr>
-		</td>
+						<td class="tabled">{{ lang('POSTS_PER_DAY') ~ lang('COLON') }}</td>
-		<td>&nbsp;</td>
+						<td class="tabled"><strong>{{ POSTS_PER_DAY }}</strong></td>
-		<td>&nbsp;</td>
+					</tr>
-	</tr>
+					<tr>
-	<!-- ENDIF -->
+						<td class="tabled">{{ lang('NUMBER_TOPICS') ~ lang('COLON') }}</td>
-	</tbody>
+						<td class="tabled"><strong>{{ TOTAL_TOPICS }}</strong></td>
-	</table>
+					</tr>
+					<tr>
+						<td class="tabled">{{ lang('TOPICS_PER_DAY') ~ lang('COLON') }}</td>
+						<td class="tabled"><strong>{{ TOPICS_PER_DAY }}</strong></td>
+					</tr>
+					<tr>
+						<td class="tabled">{{ lang('NUMBER_USERS') ~ lang('COLON') }}</td>
+						<td class="tabled"><strong>{{ TOTAL_USERS }}</strong></td>
+					</tr>
+					<tr>
+						<td class="tabled">{{ lang('USERS_PER_DAY') ~ lang('COLON') }}</td>
+						<td class="tabled"><strong>{{ USERS_PER_DAY }}</strong></td>
+					</tr>
+					<tr>
+						<td class="tabled">{{ lang('NUMBER_FILES') ~ lang('COLON') }}</td>
+						<td class="tabled"><strong>{{ TOTAL_FILES }}</strong></td>
+					</tr>
+					<tr>
+						<td class="tabled">{{ lang('FILES_PER_DAY') ~ lang('COLON') }}</td>
+						<td class="tabled"><strong>{{ FILES_PER_DAY }}</strong></td>
+					</tr>
+					<tr>
+						<td class="tabled">&nbsp;</td>
+						<td class="tabled">&nbsp;</td>
+					</tr>
+				</tbody>
+			</table>
+		</div>
 
 	<!-- IF S_ACTION_OPTIONS -->
 		<fieldset>

adm/style/acp_modules.html

@@ -4,7 +4,7 @@
 
 <!-- IF S_EDIT_MODULE -->
 
-	<script type="text/javascript">
+	<script>
 	// <![CDATA[
 		function display_options(value)
 		{

adm/style/acp_permission_roles.html

@@ -4,7 +4,7 @@
 
 <!-- IF S_EDIT -->
 
-	<script type="text/javascript">
+	<script>
 	// <![CDATA[
 		var active_pmask = '0';
 		var active_fmask = '0';
@@ -20,7 +20,7 @@
 	// ]]>
 	</script>
 
-	<script type="text/javascript" src="style/permissions.js"></script>
+	<script src="style/permissions.js"></script>
 
 	<a href="{U_BACK}" style="float: {S_CONTENT_FLOW_END};">&laquo; {L_BACK}</a>
 

adm/style/acp_posting_buttons.html

@@ -1,31 +1,10 @@
-<script type="text/javascript">
+<script>
 // <![CDATA[
 
 	// Define the bbCode tags
 	var bbcode = new Array();
 	var bbtags = new Array('[b]','[/b]','[i]','[/i]','[u]','[/u]','[quote]','[/quote]','[code]','[/code]','[list]','[/list]','[list=]','[/list]','[img]','[/img]','[url]','[/url]','[flash=]', '[/flash]','[size=]','[/size]'<!-- BEGIN custom_tags -->, {custom_tags.BBCODE_NAME}<!-- END custom_tags -->);
 
-	// Helpline messages
-	var help_line = {
-		b: '{LA_BBCODE_B_HELP}',
-		i: '{LA_BBCODE_I_HELP}',
-		u: '{LA_BBCODE_U_HELP}',
-		q: '{LA_BBCODE_Q_HELP}',
-		c: '{LA_BBCODE_C_HELP}',
-		l: '{LA_BBCODE_L_HELP}',
-		o: '{LA_BBCODE_O_HELP}',
-		p: '{LA_BBCODE_P_HELP}',
-		w: '{LA_BBCODE_W_HELP}',
-		a: '{LA_BBCODE_A_HELP}',
-		s: '{LA_BBCODE_S_HELP}',
-		f: '{LA_BBCODE_F_HELP}',
-		y: '{LA_BBCODE_Y_HELP}',
-		d: '{LA_BBCODE_D_HELP}'
-		<!-- BEGIN custom_tags -->
-			,cb_{custom_tags.BBCODE_ID}{L_COLON} '{custom_tags.A_BBCODE_HELPLINE}'
-		<!-- END custom_tags -->
-	}
-
 // ]]>
 </script>
 
@@ -65,7 +44,7 @@
 	</select>
 	<!-- EVENT acp_posting_buttons_custom_tags_before -->
 	<!-- BEGIN custom_tags -->
-	<input type="button" class="button2" name="addbbcode{custom_tags.BBCODE_ID}" value="{custom_tags.BBCODE_TAG}" onclick="bbstyle({custom_tags.BBCODE_ID})" title="{custom_tags.BBCODE_HELPLINE}" />
+	<input type="button" class="button2" name="addbbcode{custom_tags.BBCODE_ID}" value="{custom_tags.BBCODE_TAG}" onclick="bbstyle({custom_tags.BBCODE_ID})" title="{{ custom_tags.BBCODE_HELPLINE|e('html_attr') }}" />
 	<!-- END custom_tags -->
 </div>
 <!-- EVENT acp_posting_buttons_after -->

adm/style/acp_ranks.html

@@ -6,7 +6,7 @@
 
 	<a href="{U_BACK}" style="float: {S_CONTENT_FLOW_END};">&laquo; {L_BACK}</a>
 
-	<script type="text/javascript">
+	<script>
 	// <![CDATA[
 		function update_image(newimage)
 		{

adm/style/acp_search.html

@@ -69,7 +69,7 @@
 
 <!-- ELSEIF S_INDEX -->
 
-	<script type="text/javascript">
+	<script>
 	// <![CDATA[
 		/**
 		* Popup search progress bar

adm/style/acp_styles.html

@@ -33,7 +33,7 @@
 <!-- IF L_EXPLAIN --><p>{L_EXPLAIN}</p><!-- ENDIF -->
 
 <fieldset class="quick">
-	<span class="small"><a href="https://www.phpbb.com/go/customise/styles/3.2" target="_blank">{L_BROWSE_STYLES_DATABASE}</a></span>
+	<span class="small"><a href="https://www.phpbb.com/go/customise/styles/3.3" target="_blank">{L_BROWSE_STYLES_DATABASE}</a></span>
 </fieldset>
 
 <form id="acp_styles" method="post" action="{U_ACTION}">
@@ -146,7 +146,9 @@
 		{styles_list.EXTRA}
 		<td class="{$ROW_CLASS} mark" width="20">
 			<!-- IF styles_list.STYLE_ID -->
-				<input class="checkbox" type="checkbox" name="ids[]" value="{styles_list.STYLE_ID}" />
+				{% if styles_list.STYLE_NAME !== 'prosilver' %}
+					<input class="checkbox" type="checkbox" name="ids[]" value="{styles_list.STYLE_ID}" />
+				{% endif %}
 			<!-- ELSE -->
 				<!-- IF styles_list.COMMENT != '' -->
 					&nbsp;

adm/style/acp_users_overview.html

@@ -79,7 +79,7 @@
 
 <!-- IF not S_USER_FOUNDER or S_FOUNDER -->
 
-	<script type="text/javascript">
+	<script>
 	// <![CDATA[
 
 		function display_reason(option)

adm/style/acp_users_prefs.html

@@ -1,4 +1,4 @@
-<script type="text/javascript">
+<script>
 // <![CDATA[
 	var default_dateformat = '{A_DEFAULT_DATEFORMAT}';
 // ]]>

adm/style/acp_users_signature.html

@@ -1,4 +1,4 @@
-<script type="text/javascript">
+<script>
 // <![CDATA[
 
 	var form_name = 'user_signature';
@@ -26,7 +26,7 @@
 		<!-- INCLUDE acp_posting_buttons.html -->
 
 		<dl class="responsive-columns">
-			<dt style="width: 90px;" id="color_palette_placeholder" data-orientation="v" data-height="12" data-width="15" data-bbcode="true">
+			<dt style="width: 90px;" id="color_palette_placeholder" data-color-palette="v" data-height="12" data-width="15" data-bbcode="true">
 			</dt>
 			<dd style="margin-{S_CONTENT_FLOW_BEGIN}: 90px;"><textarea name="signature" rows="10" cols="60" style="width: 95%;" onselect="storeCaret(this);" onclick="storeCaret(this);" onkeyup="storeCaret(this);" onfocus="initInsertions();" data-bbcode="true">{SIGNATURE}</textarea></dd>
 			<dd style="margin-{S_CONTENT_FLOW_BEGIN}: 90px; margin-top: 5px;">

adm/style/admin.css

@@ -1,4 +1,4 @@
-/*  phpBB 3.2 Admin Style Sheet
+/*  phpBB 3.3 Admin Style Sheet
 	------------------------------------------------------------------------
 	Original author:	subBlue ( http://www.subblue.com/ )
 	Copyright (c) phpBB Limited <https://www.phpbb.com>
@@ -191,7 +191,7 @@ li {
 
 #page-header {
 	text-align: right;
-	background: url("../images/phpbb_logo.png") top left no-repeat;
+	background: url("../images/phpbb_logo.svg") top left no-repeat;
 	height: 54px;
 	font-size: 0.85em;
 	margin-bottom: 10px;
@@ -199,7 +199,7 @@ li {
 
 .rtl #page-header {
 	text-align: left;
-	background: url("../images/phpbb_logo.png") top right no-repeat;
+	background: url("../images/phpbb_logo.svg") top right no-repeat;
 }
 
 #page-header h1 {
@@ -723,9 +723,25 @@ td {
 }
 
 .table1 {
-	border-collapse: separate;
-	border-spacing: 1px;
 	clear: both;
+	border-spacing: 1px;
+	border-collapse: separate;
+}
+
+.table2 {
+	display: inline-block;
+	border-spacing: 1px;
+	border-collapse: separate;
+}
+
+.lside {
+	display: flex;
+	align-items: stretch;
+	width: 100%;
+}
+
+.tabled {
+	width: 1%;
 }
 
 dt#color_palette_placeholder table {

adm/style/admin.js

@@ -228,6 +228,64 @@ function parse_document(container)
 	});
 }
 
+/**
+ * Extension actions helper functions
+ */
+function move_to_enabled(element)
+{
+	var disabled_header = document.querySelector('#ext_disabled_header');
+	disabled_header.parentNode.insertBefore(element, disabled_header);
+	element.classList.remove('ext_disabled');
+	element.classList.add('ext_enabled');
+}
+function move_to_disabled(element)
+{
+	var table_body = document.querySelector('#ext_disabled_header').parentNode;
+	table_body.appendChild(element);
+	element.classList.remove('ext_enabled');
+	element.classList.add('ext_disabled');
+}
+function set_actions(container, actions) {
+	container.innerHTML = '';
+	for (var i = 0; i < actions.length; i++) {
+		var a = document.createElement('a');
+		a.href = actions[i].U_ACTION.split('&amp;').join('&'); // replace all occurances
+		a.title = actions[i].L_ACTION_EXPLAIN;
+		if (actions[i].COLOR) {
+			a.style = actions[i].COLOR;
+		}
+		a.innerHTML = actions[i].L_ACTION;
+		// ajaxify this action as well
+		phpbb.ajaxify({
+			selector: a,
+			refresh: true,
+			callback: actions[i].ACTION_AJAX
+		});
+
+		container.appendChild(a);
+
+		if (i < actions.length - 1) {
+			container.innerHTML += '&nbsp;|&nbsp;';
+		}
+	}
+}
+function show_enabled_header() {
+	document.querySelector('#ext_enabled_header').classList.remove('hidden');
+}
+function show_disabled_header() {
+	document.querySelector('#ext_disabled_header').classList.remove('hidden');
+}
+function hide_disabled_header_if_empty() {
+	if (!document.querySelector('.ext_disabled')) {
+		document.querySelector('#ext_disabled_header').classList.add('hidden');
+	}
+}
+function hide_enabled_header_if_empty() {
+	if (!document.querySelector('.ext_enabled')) {
+		document.querySelector('#ext_enabled_header').classList.add('hidden');
+	}
+}
+
 /**
 * Run onload functions
 */

adm/style/ajax.js

@@ -1,4 +1,4 @@
-/* global phpbb */
+/* global phpbb, statsData */
 
 (function($) {  // Avoid conflicts with other libraries
 
@@ -74,7 +74,7 @@ phpbb.prepareSendStats = function () {
 			var $sendStatisticsSuccess = $('<input />', {
 				type: 'hidden',
 				name: 'send_statistics_response',
-				value: res
+				value: JSON.stringify(res)
 			});
 			$sendStatisticsSuccess.appendTo('p.submit-buttons');
 
@@ -87,7 +87,7 @@ phpbb.prepareSendStats = function () {
 		$.ajax({
 			url: $this.attr('data-ajax-action').replace('&amp;', '&'),
 			type: 'POST',
-			data: 'systemdata=' + encodeURIComponent($this.find('input[name=systemdata]').val()),
+			data: statsData,
 			success: returnHandler,
 			error: errorHandler,
 			cache: false
@@ -157,6 +157,34 @@ phpbb.addAjaxCallback('row_delete', function(res) {
 	}
 });
 
+/**
+ * Callbacks for extension actions
+ */
+phpbb.addAjaxCallback('ext_enable', function(res) {
+	if (res.EXT_ENABLE_SUCCESS) {
+		move_to_enabled(this.parentNode.parentNode);
+		set_actions(this.parentNode, res.ACTIONS);
+		show_enabled_header();
+		hide_disabled_header_if_empty();
+	}
+});
+phpbb.addAjaxCallback('ext_delete_data', function(res) {
+	if (res.EXT_DELETE_DATA_SUCCESS) {
+		move_to_disabled(this.parentNode.parentNode);
+		set_actions(this.parentNode, res.ACTIONS);
+		show_disabled_header();
+		hide_enabled_header_if_empty();
+	}
+});
+phpbb.addAjaxCallback('ext_disable', function(res) {
+	if (res.EXT_DISABLE_SUCCESS) {
+		move_to_disabled(this.parentNode.parentNode);
+		set_actions(this.parentNode, res.ACTIONS);
+		show_disabled_header();
+		hide_enabled_header_if_empty();
+	}
+});
+
 /**
  * Handler for submitting permissions form in chunks
  * This call will submit permissions forms in chunks of 5 fieldsets.

adm/style/captcha_recaptcha.html

@@ -5,8 +5,9 @@
 		<div>{L_RECAPTCHA_NOSCRIPT}</div>
 	</noscript>
 
+		{L_RECAPTCHA_INVISIBLE}
 		<script src="{RECAPTCHA_SERVER}.js?hl={LA_RECAPTCHA_LANG}" async defer></script>
-		<div class="g-recaptcha" data-sitekey="{RECAPTCHA_PUBKEY}"></div>
+		<div class="g-recaptcha" data-sitekey="{RECAPTCHA_PUBKEY}" data-size="invisible"></div>
 	</dd>
 	</dl>
 <!-- ELSE -->

adm/style/installer_footer.html

@@ -6,12 +6,14 @@
 
 	<div id="page-footer">
 		<div class="copyright">
-			Powered by <a href="https://www.phpbb.com/">phpBB</a>&reg; Forum Software &copy; phpBB Limited
+			{% if S_COPYRIGHT_HTML %}
+				{{ CREDIT_LINE }}
+			{% endif %}
 		</div>
 	</div>
 </div>
 
-<script type="text/javascript">
+<script>
 <!--
 installLang = {
 	title: '{LA_TIMEOUT_DETECTED_TITLE}',
@@ -20,9 +22,9 @@ installLang = {
 //-->
 </script>
 
-<script type="text/javascript" src="{T_JQUERY_LINK}"></script>
+<script src="{T_JQUERY_LINK}"></script>
-<!-- IF S_ALLOW_CDN --><script type="text/javascript">window.jQuery || document.write('\x3Cscript src="{T_ASSETS_PATH}/javascript/jquery.min.js">\x3C/script>');</script><!-- ENDIF -->
+<!-- IF S_ALLOW_CDN --><script>window.jQuery || document.write('\x3Cscript src="{T_ASSETS_PATH}/javascript/jquery-3.4.1.min.js">\x3C/script>');</script><!-- ENDIF -->
-<script type="text/javascript" src="{T_ASSETS_PATH}/javascript/core.js?assets_version={T_ASSETS_VERSION}"></script>
+<script src="{T_ASSETS_PATH}/javascript/core.js?assets_version={T_ASSETS_VERSION}"></script>
 <!-- INCLUDEJS admin.js -->
 {$SCRIPTS}
 

adm/style/overall_footer.html

@@ -33,9 +33,9 @@
 	</div>
 </div>
 
-<script type="text/javascript" src="{T_JQUERY_LINK}"></script>
+<script src="{T_JQUERY_LINK}"></script>
-<!-- IF S_ALLOW_CDN --><script type="text/javascript">window.jQuery || document.write('\x3Cscript src="{T_ASSETS_PATH}/javascript/jquery.min.js?assets_version={T_ASSETS_VERSION}">\x3C/script>');</script><!-- ENDIF -->
+<!-- IF S_ALLOW_CDN --><script>window.jQuery || document.write('\x3Cscript src="{T_ASSETS_PATH}/javascript/jquery-3.4.1.min.js?assets_version={T_ASSETS_VERSION}">\x3C/script>');</script><!-- ENDIF -->
-<script type="text/javascript" src="{T_ASSETS_PATH}/javascript/core.js?assets_version={T_ASSETS_VERSION}"></script>
+<script src="{T_ASSETS_PATH}/javascript/core.js?assets_version={T_ASSETS_VERSION}"></script>
 <!-- INCLUDEJS ajax.js -->
 <!-- INCLUDEJS admin.js -->
 

adm/style/overall_header.html

@@ -10,7 +10,7 @@
 <link href="{T_FONT_AWESOME_LINK}" rel="stylesheet">
 <link href="style/admin.css?assets_version={T_ASSETS_VERSION}" rel="stylesheet" type="text/css" media="screen" />
 
-<script type="text/javascript">
+<script>
 // <![CDATA[
 var jump_page = '{LA_JUMP_PAGE}{L_COLON}';
 var on_page = '{CURRENT_PAGE}';

adm/style/permission_forum_copy.html

@@ -4,7 +4,7 @@
 
 	<h1>{L_ACP_FORUM_PERMISSIONS_COPY}</h1>
 
-	{L_ACP_FORUM_PERMISSIONS_COPY_EXPLAIN}
+	<p>{L_ACP_FORUM_PERMISSIONS_COPY_EXPLAIN}</p>
 
 	<form id="forum_perm_copy" method="post" action="{U_ACTION}">
 

adm/style/permission_mask.html

@@ -1,5 +1,5 @@
 
-<script type="text/javascript">
+<script>
 // <![CDATA[
 	var active_pmask = '0';
 	var active_fmask = '0';
@@ -9,12 +9,14 @@
 
 	var role_options = new Array();
 
+	var no_role_assigned = "{LA_NO_ROLE_ASSIGNED}";
+
 	<!-- IF S_ROLE_JS_ARRAY -->
 		{S_ROLE_JS_ARRAY}
 	<!-- ENDIF -->
 // ]]>
 </script>
-<script type="text/javascript" src="style/permissions.js"></script>
+<script src="style/permissions.js"></script>
 
 <!-- BEGIN p_mask -->
 <div class="clearfix"></div>

adm/style/permissions.js

@@ -279,6 +279,10 @@ function reset_role(id) {
 	}
 
 	t.options[0].selected = true;
+
+	var parent = t.parentNode;
+	parent.querySelector('span.dropdown-trigger').innerText = no_role_assigned;
+	parent.querySelector('input[data-name^=role]').value = '0';
 }
 
 /**

adm/style/progress_bar.html

@@ -1,6 +1,6 @@
 <!-- INCLUDE simple_header.html -->
 
-<script type="text/javascript">
+<script>
 // <![CDATA[
 	/**
 	* Close previously opened popup
@@ -31,7 +31,7 @@
 	<p>{L_PROGRESS_EXPLAIN}</p>
 </div>
 
-<script type="text/javascript">
+<script>
 // <![CDATA[
 	close_popup();
 // ]]>

adm/style/simple_footer.html

@@ -16,9 +16,9 @@
 
 </div>
 
-<script type="text/javascript" src="{T_JQUERY_LINK}"></script>
+<script src="{T_JQUERY_LINK}"></script>
-<!-- IF S_ALLOW_CDN --><script type="text/javascript">window.jQuery || document.write('\x3Cscript src="{T_ASSETS_PATH}/javascript/jquery.min.js?assets_version={T_ASSETS_VERSION}">\x3C/script>');</script><!-- ENDIF -->
+<!-- IF S_ALLOW_CDN --><script>window.jQuery || document.write('\x3Cscript src="{T_ASSETS_PATH}/javascript/jquery-3.4.1.min.js?assets_version={T_ASSETS_VERSION}">\x3C/script>');</script><!-- ENDIF -->
-<script type="text/javascript" src="{T_ASSETS_PATH}/javascript/core.js?assets_version={T_ASSETS_VERSION}"></script>
+<script src="{T_ASSETS_PATH}/javascript/core.js?assets_version={T_ASSETS_VERSION}"></script>
 
 <!-- EVENT acp_simple_footer_after -->
 {$SCRIPTS}

adm/style/simple_header.html

@@ -9,7 +9,7 @@
 
 <link href="style/admin.css?assets_version={T_ASSETS_VERSION}" rel="stylesheet" type="text/css" media="screen" />
 
-<script type="text/javascript">
+<script>
 // <![CDATA[
 var jump_page = '{LA_JUMP_PAGE}{L_COLON}';
 var on_page = '{CURRENT_PAGE}';

assets/cookieconsent/cookieconsent.min.css

@@ -1,6 +1,6 @@
-.cc-window{opacity:1;transition:opacity 1s ease}.cc-window.cc-invisible{opacity:0}.cc-animate.cc-revoke{transition:transform 1s ease}.cc-animate.cc-revoke.cc-top{transform:translateY(-2em)}.cc-animate.cc-revoke.cc-bottom{transform:translateY(2em)}.cc-animate.cc-revoke.cc-active.cc-bottom,.cc-animate.cc-revoke.cc-active.cc-top,.cc-revoke:hover{transform:translateY(0)}.cc-grower{max-height:0;overflow:hidden;transition:max-height 1s}
+.cc-window{opacity:1;-webkit-transition:opacity 1s ease;transition:opacity 1s ease}.cc-window.cc-invisible{opacity:0}.cc-animate.cc-revoke{-webkit-transition:transform 1s ease;-webkit-transition:-webkit-transform 1s ease;transition:-webkit-transform 1s ease;transition:transform 1s ease;transition:transform 1s ease,-webkit-transform 1s ease}.cc-animate.cc-revoke.cc-top{-webkit-transform:translateY(-2em);transform:translateY(-2em)}.cc-animate.cc-revoke.cc-bottom{-webkit-transform:translateY(2em);transform:translateY(2em)}.cc-animate.cc-revoke.cc-active.cc-top{-webkit-transform:translateY(0);transform:translateY(0)}.cc-animate.cc-revoke.cc-active.cc-bottom{-webkit-transform:translateY(0);transform:translateY(0)}.cc-revoke:hover{-webkit-transform:translateY(0);transform:translateY(0)}.cc-grower{max-height:0;overflow:hidden;-webkit-transition:max-height 1s;transition:max-height 1s}
-.cc-link,.cc-revoke:hover{text-decoration:underline}.cc-revoke,.cc-window{position:fixed;overflow:hidden;box-sizing:border-box;font-family:Helvetica,Calibri,Arial,sans-serif;font-size:16px;line-height:1.5em;display:-ms-flexbox;display:flex;-ms-flex-wrap:nowrap;flex-wrap:nowrap;z-index:9999}.cc-window.cc-static{position:static}.cc-window.cc-floating{padding:2em;max-width:24em;-ms-flex-direction:column;flex-direction:column}.cc-window.cc-banner{padding:1em 1.8em;width:100%;-ms-flex-direction:row;flex-direction:row}.cc-revoke{padding:.5em}.cc-header{font-size:18px;font-weight:700}.cc-btn,.cc-close,.cc-link,.cc-revoke{cursor:pointer}.cc-link{opacity:.8;display:inline-block;padding:.2em}.cc-link:hover{opacity:1}.cc-link:active,.cc-link:visited{color:initial}.cc-btn{display:block;padding:.4em .8em;font-size:.9em;font-weight:700;border-width:2px;border-style:solid;text-align:center;white-space:nowrap}.cc-banner .cc-btn:last-child{min-width:140px}.cc-highlight .cc-btn:first-child{background-color:transparent;border-color:transparent}.cc-highlight .cc-btn:first-child:focus,.cc-highlight .cc-btn:first-child:hover{background-color:transparent;text-decoration:underline}.cc-close{display:block;position:absolute;top:.5em;right:.5em;font-size:1.6em;opacity:.9;line-height:.75}.cc-close:focus,.cc-close:hover{opacity:1}
+.cc-revoke,.cc-window{position:fixed;overflow:hidden;-webkit-box-sizing:border-box;box-sizing:border-box;font-family:Helvetica,Calibri,Arial,sans-serif;font-size:16px;line-height:1.5em;display:-webkit-box;display:-ms-flexbox;display:flex;-ms-flex-wrap:nowrap;flex-wrap:nowrap;z-index:9999}.cc-window.cc-static{position:static}.cc-window.cc-floating{padding:2em;max-width:24em;-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column}.cc-window.cc-banner{padding:1em 1.8em;width:100%;-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-direction:row;flex-direction:row}.cc-revoke{padding:.5em}.cc-revoke:hover{text-decoration:underline}.cc-header{font-size:18px;font-weight:700}.cc-btn,.cc-close,.cc-link,.cc-revoke{cursor:pointer}.cc-link{opacity:.8;display:inline-block;padding:.2em;text-decoration:underline}.cc-link:hover{opacity:1}.cc-link:active,.cc-link:visited{color:initial}.cc-btn{display:block;padding:.4em .8em;font-size:.9em;font-weight:700;border-width:2px;border-style:solid;text-align:center;white-space:nowrap}.cc-highlight .cc-btn:first-child{background-color:transparent;border-color:transparent}.cc-highlight .cc-btn:first-child:focus,.cc-highlight .cc-btn:first-child:hover{background-color:transparent;text-decoration:underline}.cc-close{display:block;position:absolute;top:.5em;right:.5em;font-size:1.6em;opacity:.9;line-height:.75}.cc-close:focus,.cc-close:hover{opacity:1}
-.cc-revoke.cc-top{top:0;left:3em;border-bottom-left-radius:.5em;border-bottom-right-radius:.5em}.cc-revoke.cc-bottom{bottom:0;left:3em;border-top-left-radius:.5em;border-top-right-radius:.5em}.cc-revoke.cc-left{left:3em;right:unset}.cc-revoke.cc-right{right:3em;left:unset}.cc-top{top:1em}.cc-left{left:1em}.cc-right{right:1em}.cc-bottom{bottom:1em}.cc-floating>.cc-link{margin-bottom:1em}.cc-floating .cc-message{display:block;margin-bottom:1em}.cc-window.cc-floating .cc-compliance{-ms-flex:1;flex:1}.cc-window.cc-banner{-ms-flex-align:center;align-items:center}.cc-banner.cc-top{left:0;right:0;top:0}.cc-banner.cc-bottom{left:0;right:0;bottom:0}.cc-banner .cc-message{-ms-flex:1;flex:1}.cc-compliance{display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-line-pack:justify;align-content:space-between}.cc-compliance>.cc-btn{-ms-flex:1;flex:1}.cc-btn+.cc-btn{margin-left:.5em}
+.cc-revoke.cc-top{top:0;left:3em;border-bottom-left-radius:.5em;border-bottom-right-radius:.5em}.cc-revoke.cc-bottom{bottom:0;left:3em;border-top-left-radius:.5em;border-top-right-radius:.5em}.cc-revoke.cc-left{left:3em;right:unset}.cc-revoke.cc-right{right:3em;left:unset}.cc-top{top:1em}.cc-left{left:1em}.cc-right{right:1em}.cc-bottom{bottom:1em}.cc-floating>.cc-link{margin-bottom:1em}.cc-floating .cc-message{display:block;margin-bottom:1em}.cc-window.cc-floating .cc-compliance{-webkit-box-flex:1;-ms-flex:1 0 auto;flex:1 0 auto}.cc-window.cc-banner{-webkit-box-align:center;-ms-flex-align:center;align-items:center}.cc-banner.cc-top{left:0;right:0;top:0}.cc-banner.cc-bottom{left:0;right:0;bottom:0}.cc-banner .cc-message{display:block;-webkit-box-flex:1;-ms-flex:1 1 auto;flex:1 1 auto;max-width:100%;margin-right:1em}.cc-compliance{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-ms-flex-line-pack:justify;align-content:space-between}.cc-floating .cc-compliance>.cc-btn{-webkit-box-flex:1;-ms-flex:1;flex:1}.cc-btn+.cc-btn{margin-left:.5em}
-@media print{.cc-revoke,.cc-window{display:none}}@media screen and (max-width:900px){.cc-btn{white-space:normal}}@media screen and (max-width:414px) and (orientation:portrait),screen and (max-width:736px) and (orientation:landscape){.cc-window.cc-top{top:0}.cc-window.cc-bottom{bottom:0}.cc-window.cc-banner,.cc-window.cc-left,.cc-window.cc-right{left:0;right:0}.cc-window.cc-banner{-ms-flex-direction:column;flex-direction:column}.cc-window.cc-banner .cc-compliance{-ms-flex:1;flex:1}.cc-window.cc-floating{max-width:none}.cc-window .cc-message{margin-bottom:1em}.cc-window.cc-banner{-ms-flex-align:unset;align-items:unset}}
+@media print{.cc-revoke,.cc-window{display:none}}@media screen and (max-width:900px){.cc-btn{white-space:normal}}@media screen and (max-width:414px) and (orientation:portrait),screen and (max-width:736px) and (orientation:landscape){.cc-window.cc-top{top:0}.cc-window.cc-bottom{bottom:0}.cc-window.cc-banner,.cc-window.cc-floating,.cc-window.cc-left,.cc-window.cc-right{left:0;right:0}.cc-window.cc-banner{-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column}.cc-window.cc-banner .cc-compliance{-webkit-box-flex:1;-ms-flex:1 1 auto;flex:1 1 auto}.cc-window.cc-floating{max-width:none}.cc-window .cc-message{margin-bottom:1em}.cc-window.cc-banner{-webkit-box-align:unset;-ms-flex-align:unset;align-items:unset}.cc-window.cc-banner .cc-message{margin-right:0}}
-.cc-floating.cc-theme-classic{padding:1.2em;border-radius:5px}.cc-floating.cc-type-info.cc-theme-classic .cc-compliance{text-align:center;display:inline;-ms-flex:none;flex:none}.cc-theme-classic .cc-btn{border-radius:5px}.cc-theme-classic .cc-btn:last-child{min-width:140px}.cc-floating.cc-type-info.cc-theme-classic .cc-btn{display:inline-block}
+.cc-floating.cc-theme-classic{padding:1.2em;border-radius:5px}.cc-floating.cc-type-info.cc-theme-classic .cc-compliance{text-align:center;display:inline;-webkit-box-flex:0;-ms-flex:none;flex:none}.cc-theme-classic .cc-btn{border-radius:5px}.cc-theme-classic .cc-btn:last-child{min-width:140px}.cc-floating.cc-type-info.cc-theme-classic .cc-btn{display:inline-block}
-.cc-theme-edgeless.cc-window{padding:0}.cc-floating.cc-theme-edgeless .cc-message{margin:2em 2em 1.5em}.cc-banner.cc-theme-edgeless .cc-btn{margin:0;padding:.8em 1.8em;height:100%}.cc-banner.cc-theme-edgeless .cc-message{margin-left:1em}.cc-floating.cc-theme-edgeless .cc-btn+.cc-btn{margin-left:0}
+.cc-theme-edgeless.cc-window{padding:0}.cc-floating.cc-theme-edgeless .cc-message{margin:2em;margin-bottom:1.5em}.cc-banner.cc-theme-edgeless .cc-btn{margin:0;padding:.8em 1.8em;height:100%}.cc-banner.cc-theme-edgeless .cc-message{margin-left:1em}.cc-floating.cc-theme-edgeless .cc-btn+.cc-btn{margin-left:0}

assets/javascript/core.js

@@ -11,7 +11,9 @@ phpbb.alertTime = 100;
 var keymap = {
 	TAB: 9,
 	ENTER: 13,
-	ESC: 27
+	ESC: 27,
+	ARROW_UP: 38,
+	ARROW_DOWN: 40
 };
 
 var $dark = $('#darkenwrapper');
@@ -561,7 +563,7 @@ phpbb.search.setValue = function($input, value, multiline) {
 phpbb.search.setValueOnClick = function($input, value, $row, $container) {
 	$row.click(function() {
 		phpbb.search.setValue($input, value.result, $input.attr('data-multiline'));
-		$container.hide();
+		phpbb.search.closeResults($input, $container);
 	});
 };
 
@@ -575,7 +577,7 @@ phpbb.search.setValueOnClick = function($input, value, $row, $container) {
  * @param {object} event			Onkeyup event object.
  * @param {function} sendRequest	Function to execute AJAX request.
  *
- * @returns {bool} Returns false.
+ * @returns {boolean} Returns false.
  */
 phpbb.search.filter = function(data, event, sendRequest) {
 	var $this = $(this),
@@ -584,9 +586,16 @@ phpbb.search.filter = function(data, event, sendRequest) {
 		searchID = $this.attr('data-results'),
 		keyword = phpbb.search.getKeyword($this, data[dataName], $this.attr('data-multiline')),
 		cache = phpbb.search.cache.get(searchID),
+		key = event.keyCode || event.which,
 		proceed = true;
 	data[dataName] = keyword;
 
+	// No need to search if enter was pressed
+	// for selecting a value from the results.
+	if (key === keymap.ENTER) {
+		return false;
+	}
+
 	if (cache.timeout) {
 		clearTimeout(cache.timeout);
 	}
@@ -697,22 +706,108 @@ phpbb.search.showResults = function(results, $input, $container, callback) {
 		row.appendTo($resultContainer).show();
 	});
 	$container.show();
+
+	phpbb.search.navigateResults($input, $container, $resultContainer);
 };
 
 /**
  * Clear search results.
  *
- * @param {jQuery} $container Search results container.
+ * @param {jQuery} $container		Search results container.
  */
 phpbb.search.clearResults = function($container) {
 	$container.children(':not(.search-result-tpl)').remove();
 };
 
+/**
+ * Close search results.
+ *
+ * @param {jQuery} $input			Search input|textarea.
+ * @param {jQuery} $container		Search results container.
+ */
+phpbb.search.closeResults = function($input, $container) {
+	$input.off('.phpbb.search');
+	$container.hide();
+};
+
+/**
+ * Navigate search results.
+ *
+ * @param {jQuery} $input			Search input|textarea.
+ * @param {jQuery} $container		Search results container.
+ * @param {jQuery} $resultContainer	Search results list container.
+ */
+phpbb.search.navigateResults = function($input, $container, $resultContainer) {
+	// Add a namespace to the event (.phpbb.search),
+	// so it can be unbound specifically later on.
+	// Rebind it, to ensure the event is 'dynamic'.
+	$input.off('.phpbb.search');
+	$input.on('keydown.phpbb.search', function(event) {
+		var key = event.keyCode || event.which,
+			$active = $resultContainer.children('.active');
+
+		switch (key) {
+			// Close the results
+			case keymap.ESC:
+				phpbb.search.closeResults($input, $container);
+			break;
+
+			// Set the value for the selected result
+			case keymap.ENTER:
+				if ($active.length) {
+					var value = $active.find('.search-result > span').text();
+
+					phpbb.search.setValue($input, value, $input.attr('data-multiline'));
+				}
+
+				phpbb.search.closeResults($input, $container);
+
+				// Do not submit the form
+				event.preventDefault();
+			break;
+
+			// Navigate the results
+			case keymap.ARROW_DOWN:
+			case keymap.ARROW_UP:
+				var up = key === keymap.ARROW_UP,
+					$children = $resultContainer.children();
+
+				if (!$active.length) {
+					if (up) {
+						$children.last().addClass('active');
+					} else {
+						$children.first().addClass('active');
+					}
+				} else if ($children.length > 1) {
+					if (up) {
+						if ($active.is(':first-child')) {
+							$children.last().addClass('active');
+						} else {
+							$active.prev().addClass('active');
+						}
+					} else {
+						if ($active.is(':last-child')) {
+							$children.first().addClass('active');
+						} else {
+							$active.next().addClass('active');
+						}
+					}
+
+					$active.removeClass('active');
+				}
+
+				// Do not change cursor position in the input element
+				event.preventDefault();
+			break;
+		}
+	});
+};
+
 $('#phpbb').click(function() {
 	var $this = $(this);
 
 	if (!$this.is('.live-search') && !$this.parents().is('.live-search')) {
-		$('.live-search').hide();
+		phpbb.search.closeResults($('input, textarea'), $('.live-search'));
 	}
 });
 
@@ -1492,7 +1587,7 @@ phpbb.colorPalette = function(dir, width, height) {
 * @param {jQuery} el jQuery object for the palette container.
 */
 phpbb.registerPalette = function(el) {
-	var	orientation	= el.attr('data-orientation'),
+	var	orientation	= el.attr('data-color-palette') || el.attr('data-orientation'), // data-orientation kept for backwards compat.
 		height		= el.attr('data-height'),
 		width		= el.attr('data-width'),
 		target		= el.attr('data-target'),
@@ -1650,6 +1745,50 @@ phpbb.lazyLoadAvatars = function loadAvatars() {
 	});
 };
 
+var recaptchaForm = $('.g-recaptcha').parents('form');
+var submitButton = null;
+var programaticallySubmitted = false;
+
+phpbb.recaptchaOnLoad = function () {
+	// Listen to submit buttons in order to know which one was pressed
+	$('input[type="submit"]').each(function () {
+		$(this).on('click', function () {
+			submitButton = this;
+		});
+	});
+
+	recaptchaForm.on('submit', function (e) {
+		if (!programaticallySubmitted) {
+			grecaptcha.execute();
+			e.preventDefault();
+		}
+	});
+}
+
+phpbb.recaptchaOnSubmit = function () {
+	programaticallySubmitted = true;
+	// If concrete button was clicked (e.g. preview instead of submit),
+	// let's trigger the same action
+	if (submitButton) {
+		submitButton.click();
+	} else {
+		// Rename input[name="submit"] so that we can submit the form
+		if (typeof recaptchaForm.submit !== 'function') {
+			recaptchaForm.submit.name = 'submit_btn';
+		}
+		recaptchaForm.submit();
+	}
+}
+
+// reCAPTCHA doesn't accept callback functions nested inside objects
+// so we need to make this helper functions here
+window.phpbbRecaptchaOnLoad = function() {
+	phpbb.recaptchaOnLoad();
+}
+window.phpbbRecaptchaOnSubmit = function() {
+	phpbb.recaptchaOnSubmit();
+}
+
 $(window).on('load', phpbb.lazyLoadAvatars);
 
 /**
@@ -1662,7 +1801,7 @@ $(function() {
 
 	phpbb.registerPageDropdowns();
 
-	$('[data-orientation]').each(function() {
+	$('[data-color-palette], [data-orientation]').each(function() {
 		phpbb.registerPalette($(this));
 	});
 

assets/javascript/editor.js

@@ -17,13 +17,6 @@ var is_ie = ((clientPC.indexOf('msie') !== -1) && (clientPC.indexOf('opera') ===
 var is_win = ((clientPC.indexOf('win') !== -1) || (clientPC.indexOf('16bit') !== -1));
 var baseHeight;
 
-/**
-* Shows the help messages in the helpline window
-*/
-function helpline(help) {
-	document.forms[form_name].helpbox.value = help_line[help];
-}
-
 /**
 * Fix a bug involving the TextRange object. From
 * http://www.frostjedi.com/terra/scripts/demo/caretBug.html

assets/javascript/plupload.js

@@ -21,7 +21,9 @@ phpbb.plupload.initialize = function() {
 	// Only execute if Plupload initialized successfully.
 	phpbb.plupload.uploader.bind('Init', function() {
 		phpbb.plupload.form = $(phpbb.plupload.config.form_hook)[0];
-		phpbb.plupload.rowTpl = $('#attach-row-tpl')[0].outerHTML;
+		let $attachRowTemplate = $('#attach-row-tpl');
+		$attachRowTemplate.removeClass('attach-row-tpl');
+		phpbb.plupload.rowTpl = $attachRowTemplate[0].outerHTML;
 
 		// Hide the basic upload panel and remove the attach row template.
 		$('#attach-row-tpl, #attach-panel-basic').remove();
@@ -88,6 +90,12 @@ phpbb.plupload.getSerializedData = function() {
 			obj['attachment_data[' + i + '][' + key + ']'] = datum[key];
 		}
 	}
+
+	// Insert form data
+	var $pluploadForm = $(phpbb.plupload.config.form_hook).first();
+	obj.creation_time = $pluploadForm.find('input[type=hidden][name="creation_time"]').val();
+	obj.form_token = $pluploadForm.find('input[type=hidden][name="form_token"]').val();
+
 	return obj;
 };
 
@@ -262,6 +270,17 @@ phpbb.plupload.deleteFile = function(row, attachId) {
 
 			return;
 		}
+
+		// Handle errors while deleting file
+		if (typeof response.error !== 'undefined') {
+			phpbb.alert(phpbb.plupload.lang.ERROR, response.error.message);
+
+			// We will have to assume that the deletion failed. So leave the file status as uploaded.
+			row.find('.file-status').toggleClass('file-uploaded');
+
+			return;
+		}
+
 		phpbb.plupload.update(response, 'removal', index);
 		// Check if the user can upload files now if he had reached the max files limit.
 		phpbb.plupload.handleMaxFilesReached();
@@ -444,6 +463,44 @@ phpbb.plupload.fileError = function(file, error) {
 phpbb.plupload.uploader = new plupload.Uploader(phpbb.plupload.config);
 phpbb.plupload.initialize();
 
+/**
+ * Add a file filter to check for max file sizes per mime type.
+ */
+plupload.addFileFilter('mime_types_max_file_size', function(types, file, callback) {
+	if (file.size !== 'undefined') {
+		$(types).each(function(i, type) {
+			let extensions = [],
+				extsArray = type.extensions.split(',');
+
+			$(extsArray).each(function(i, extension) {
+				/^\s*\*\s*$/.test(extension) ? extensions.push("\\.*") : extensions.push("\\." + extension.replace(new RegExp("[" + "/^$.*+?|()[]{}\\".replace(/./g, "\\$&") + "]", "g"), "\\$&"));
+			});
+
+			let regex = new RegExp("(" + extensions.join("|") + ")$", "i");
+
+			if (regex.test(file.name)) {
+				if (type.max_file_size !== 'undefined' && type.max_file_size) {
+					if (file.size > type.max_file_size) {
+						phpbb.plupload.uploader.trigger('Error', {
+							code: plupload.FILE_SIZE_ERROR,
+							message: plupload.translate('File size error.'),
+							file: file
+						});
+
+						callback(false);
+					} else {
+						callback(true);
+					}
+				} else {
+					callback(true);
+				}
+
+				return false;
+			}
+		});
+	}
+});
+
 var $fileList = $('#file-list');
 
 /**

common.php

@@ -12,7 +12,7 @@
 */
 
 /**
-* Minimum Requirement: PHP 5.4.0
+* Minimum Requirement: PHP 7.1.3
 */
 
 if (!defined('IN_PHPBB'))
@@ -132,6 +132,8 @@ catch (InvalidArgumentException $e)
 $phpbb_class_loader->set_cache($phpbb_container->get('cache.driver'));
 $phpbb_class_loader_ext->set_cache($phpbb_container->get('cache.driver'));
 
+$phpbb_container->get('dbal.conn')->set_debug_sql_explain($phpbb_container->getParameter('debug.sql_explain'));
+$phpbb_container->get('dbal.conn')->set_debug_load_time($phpbb_container->getParameter('debug.load_time'));
 require($phpbb_root_path . 'includes/compatibility_globals.' . $phpEx);
 
 register_compatibility_globals();

composer.json

@@ -25,51 +25,52 @@
 		"phpbb/phpbb-core": "self.version"
 	},
 	"require": {
-		"php": ">=5.4",
+		"php": "^7.1.3",
-		"bantu/ini-get-wrapper": "1.0.*",
+		"ext-json": "*",
+		"bantu/ini-get-wrapper": "~1.0",
 		"google/recaptcha": "~1.1",
-		"guzzlehttp/guzzle": "~5.3",
+		"guzzlehttp/guzzle": "~6.3",
 		"lusitanian/oauth": "^0.8.1",
 		"marc1706/fast-image-size": "^1.1",
-		"paragonie/random_compat": "^1.4",
 		"patchwork/utf8": "^1.1",
-		"s9e/text-formatter": "^1.3",
+		"s9e/text-formatter": "^2.0",
-		"symfony/config": "^2.8",
+		"symfony/config": "~3.4",
-		"symfony/console": "^2.8",
+		"symfony/console": "~3.4",
-		"symfony/debug": "^2.8",
+		"symfony/debug": "~3.4",
-		"symfony/dependency-injection": "^2.8",
+		"symfony/dependency-injection": "~3.4",
-		"symfony/event-dispatcher": "^2.8",
+		"symfony/event-dispatcher": "~3.4",
-		"symfony/filesystem": "^2.8",
+		"symfony/filesystem": "~3.4",
-		"symfony/finder": "^2.8",
+		"symfony/finder": "~3.4",
-		"symfony/http-foundation": "^2.8",
+		"symfony/http-foundation": "~3.4",
-		"symfony/http-kernel": "^2.8",
+		"symfony/http-kernel": "~3.4",
-		"symfony/proxy-manager-bridge": "^2.8",
+		"symfony/process": "^3.4",
-		"symfony/routing": "^2.8",
+		"symfony/proxy-manager-bridge": "~3.4",
-		"symfony/twig-bridge": "^2.8",
+		"symfony/routing": "~3.4",
-		"symfony/yaml": "^2.8",
+		"symfony/twig-bridge": "~3.4",
-		"twig/twig": "^1.0"
+		"symfony/yaml": "~3.4",
+		"twig/twig": "^1.0 || ^2.0"
 	},
 	"require-dev": {
-		"fabpot/goutte": "~2.0",
+		"fabpot/goutte": "~3.2",
-		"facebook/webdriver": "~1.1",
+		"facebook/webdriver": "~1.6",
-		"laravel/homestead": "~2.2",
+		"laravel/homestead": "~7.0",
-		"phing/phing": "2.4.*",
+		"phing/phing": "~2.4",
-		"phpunit/dbunit": "1.3.*",
+		"phpunit/dbunit": "~4.0",
-		"phpunit/phpunit": "^4.1",
+		"phpunit/phpunit": "^7.0",
-		"sami/sami": "1.*",
+		"squizlabs/php_codesniffer": "~3.4",
-		"squizlabs/php_codesniffer": "2.*",
+		"symfony/browser-kit": "~3.4",
-		"symfony/browser-kit": "^2.8",
+		"symfony/css-selector": "~3.4",
-		"symfony/css-selector": "^2.8",
+		"symfony/dom-crawler": "~3.4",
-		"symfony/dom-crawler": "^2.8"
+		"sami/sami": "^4.1"
 	},
 	"extra": {
 		"branch-alias": {
-			"dev-master": "3.2.x-dev"
+			"dev-master": "3.3.x-dev"
 		}
 	},
 	"config": {
 		"platform": {
-			"php": "5.4.7"
+			"php": "7.1.3"
 		}
 	}
 }

config/default/container/parameters.yml

@@ -14,6 +14,8 @@ parameters:
 
     # List of default password driver types
     passwords.algorithms:
+        - passwords.driver.argon2id
+        - passwords.driver.argon2i
         - passwords.driver.bcrypt_2y
         - passwords.driver.bcrypt
         - passwords.driver.salted_md5

config/default/container/services.yml

@@ -27,6 +27,7 @@ imports:
     - { resource: services_text_formatter.yml }
     - { resource: services_text_reparser.yml }
     - { resource: services_twig.yml }
+    - { resource: services_ucp.yml }
     - { resource: services_user.yml }
 
     - { resource: tables.yml }
@@ -122,7 +123,13 @@ services:
     group_helper:
         class: phpbb\group\helper
         arguments:
+            - '@auth'
+            - '@cache'
+            - '@config'
             - '@language'
+            - '@dispatcher'
+            - '@path_helper'
+            - '@user'
 
     log:
         class: phpbb\log\log

config/default/container/services_auth.yml

@@ -15,12 +15,12 @@ services:
     auth.provider.db:
         class: phpbb\auth\provider\db
         arguments:
-            - '@dbal.conn'
+            - '@captcha.factory'
             - '@config'
+            - '@dbal.conn'
             - '@passwords.manager'
             - '@request'
             - '@user'
-            - '@service_container'
             - '%core.root_path%'
             - '%core.php_ext%'
         tags:
@@ -29,9 +29,9 @@ services:
     auth.provider.apache:
         class: phpbb\auth\provider\apache
         arguments:
-            - '@dbal.conn'
             - '@config'
-            - '@passwords.manager'
+            - '@dbal.conn'
+            - '@language'
             - '@request'
             - '@user'
             - '%core.root_path%'
@@ -42,9 +42,9 @@ services:
     auth.provider.ldap:
         class: phpbb\auth\provider\ldap
         arguments:
-            - '@dbal.conn'
             - '@config'
-            - '@passwords.manager'
+            - '@dbal.conn'
+            - '@language'
             - '@user'
         tags:
             - { name: auth.provider }
@@ -52,18 +52,18 @@ services:
     auth.provider.oauth:
         class: phpbb\auth\provider\oauth\oauth
         arguments:
-            - '@dbal.conn'
             - '@config'
-            - '@passwords.manager'
+            - '@dbal.conn'
+            - '@auth.provider.db'
+            - '@dispatcher'
+            - '@language'
             - '@request'
+            - '@auth.provider.oauth.service_collection'
             - '@user'
             - '%tables.auth_provider_oauth_token_storage%'
             - '%tables.auth_provider_oauth_states%'
             - '%tables.auth_provider_oauth_account_assoc%'
-            - '@auth.provider.oauth.service_collection'
             - '%tables.users%'
-            - '@service_container'
-            - '@dispatcher'
             - '%core.root_path%'
             - '%core.php_ext%'
         tags:

config/default/container/services_console.yml

@@ -158,14 +158,6 @@ services:
         tags:
             - { name: console.command }
 
-    console.command.fixup.recalculate_email_hash:
-        class: phpbb\console\command\fixup\recalculate_email_hash
-        arguments:
-            - '@user'
-            - '@dbal.conn'
-        tags:
-            - { name: console.command }
-
     console.command.fixup.update_hashes:
         class: phpbb\console\command\fixup\update_hashes
         arguments:

config/default/container/services_cron.yml

@@ -3,6 +3,7 @@ services:
         class: phpbb\cron\manager
         arguments:
             - '@cron.task_collection'
+            - '@routing.helper'
             - '%core.root_path%'
             - '%core.php_ext%'
 
@@ -13,6 +14,18 @@ services:
             - '@config'
             - '@dbal.conn'
 
+    cron.controller:
+        class: phpbb\cron\controller\cron
+
+    cron.event_listener:
+        class: phpbb\cron\event\cron_runner_listener
+        arguments:
+            - '@cron.lock_db'
+            - '@cron.manager'
+            - '@request'
+        tags:
+            - { name: kernel.event_subscriber }
+
 # ----- Cron tasks -----
     cron.task_collection:
         class: phpbb\di\service_collection

config/default/container/services_password.yml

@@ -1,4 +1,7 @@
 parameters:
+    passwords.driver.argon2_memory_cost: 1024
+    passwords.driver.argon2_threads: 2
+    passwords.driver.argon2_time_cost: 2
     passwords.driver.bcrypt_cost: 10
 
 services:
@@ -27,6 +30,23 @@ services:
         tags:
             - { name: service_collection, tag: passwords.driver }
 
+    passwords.driver.argon2i:
+        class: phpbb\passwords\driver\argon2i
+        arguments:
+            - '@config'
+            - '@passwords.driver_helper'
+            - '%passwords.driver.argon2_memory_cost%'
+            - '%passwords.driver.argon2_threads%'
+            - '%passwords.driver.argon2_time_cost%'
+        tags:
+            - { name: passwords.driver }
+
+    passwords.driver.argon2id:
+        class: phpbb\passwords\driver\argon2id
+        parent: passwords.driver.argon2i
+        tags:
+            - { name: passwords.driver }
+
     passwords.driver.bcrypt:
         class: phpbb\passwords\driver\bcrypt
         arguments:

config/default/container/services_routing.yml

@@ -12,8 +12,6 @@ services:
         class: Symfony\Component\HttpKernel\EventListener\RouterListener
         arguments:
             - '@router'
-            - null
-            - null
             - '@request_stack'
         tags:
             - { name: kernel.event_subscriber }

config/default/container/services_text_formatter.yml

@@ -4,6 +4,11 @@ parameters:
     text_formatter.cache.renderer.key: _text_formatter_renderer
 
 services:
+    text_formatter.acp_utils:
+        class: phpbb\textformatter\s9e\acp_utils
+        arguments:
+            - '@text_formatter.s9e.factory'
+
     text_formatter.cache:
         alias: text_formatter.s9e.factory
 

config/default/container/services_twig.yml

@@ -38,10 +38,23 @@ services:
         class: phpbb\template\twig\extension
         arguments:
             - '@template_context'
+            - '@template.twig.environment'
             - '@language'
         tags:
             - { name: twig.extension }
 
+    template.twig.extensions.avatar:
+        class: phpbb\template\twig\extension\avatar
+        tags:
+            - { name: twig.extension }
+
+    template.twig.extensions.config:
+        class: phpbb\template\twig\extension\config
+        arguments:
+            - '@config'
+        tags:
+            - { name: twig.extension }
+
     template.twig.extensions.routing:
         class: phpbb\template\twig\extension\routing
         arguments:
@@ -49,6 +62,11 @@ services:
         tags:
             - { name: twig.extension }
 
+    template.twig.extensions.username:
+        class: phpbb\template\twig\extension\username
+        tags:
+            - { name: twig.extension }
+
     template.twig.extensions.debug:
         class: Twig_Extension_Debug
 

config/default/container/services_ucp.yml

@@ -0,0 +1,17 @@
+services:
+    phpbb.ucp.controller.reset_password:
+        class: phpbb\ucp\controller\reset_password
+        arguments:
+            - '@config'
+            - '@dbal.conn'
+            - '@dispatcher'
+            - '@controller.helper'
+            - '@language'
+            - '@log'
+            - '@passwords.manager'
+            - '@request'
+            - '@template'
+            - '@user'
+            - '%tables.users%'
+            - '%core.root_path%'
+            - '%core.php_ext%'

config/default/routing/cron.yml

@@ -0,0 +1,3 @@
+phpbb_cron_run:
+    path: /{cron_type}
+    defaults: { _controller: cron.controller:handle }

config/default/routing/routing.yml

@@ -8,6 +8,10 @@
 # instantiate the 'foo_service' service and call the 'method' method.
 #
 
+phpbb_cron_routing:
+    resource: cron.yml
+    prefix: /cron
+
 phpbb_feed_routing:
     resource: feed.yml
     prefix: /feed
@@ -22,3 +26,7 @@ phpbb_help_routing:
 
 phpbb_report_routing:
     resource: report.yml
+
+phpbb_ucp_routing:
+    resource: ucp.yml
+    prefix: /user

config/default/routing/ucp.yml

@@ -0,0 +1,7 @@
+phpbb_ucp_reset_password_controller:
+    path: /reset_password
+    defaults: { _controller: phpbb.ucp.controller.reset_password:reset }
+
+phpbb_ucp_forgot_password_controller:
+    path: /forgot_password
+    defaults: { _controller: phpbb.ucp.controller.reset_password:request }

cron.php

@@ -11,10 +11,11 @@
 *
 */
 
+use Symfony\Component\HttpFoundation\RedirectResponse;
+
 /**
 */
 define('IN_PHPBB', true);
-define('IN_CRON', true);
 $phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './';
 $phpEx = substr(strrchr(__FILE__, '.'), 1);
 include($phpbb_root_path . 'common.' . $phpEx);
@@ -23,62 +24,14 @@ include($phpbb_root_path . 'common.' . $phpEx);
 $user->session_begin(false);
 $auth->acl($user->data);
 
-function output_image()
-{
-	// Output transparent gif
-	header('Cache-Control: no-cache');
-	header('Content-type: image/gif');
-	header('Content-length: 43');
-
-	echo base64_decode('R0lGODlhAQABAIAAAP///wAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw==');
-
-	// Flush here to prevent browser from showing the page as loading while
-	// running cron.
-	flush();
-}
-
-// Thanks to various fatal errors and lack of try/finally, it is quite easy to leave
-// the cron lock locked, especially when working on cron-related code.
-//
-// Attempt to alleviate the problem by doing setup outside of the lock as much as possible.
-
 $cron_type = $request->variable('cron_type', '');
 
-// Comment this line out for debugging so the page does not return an image.
+$get_params_array = $request->get_super_global(\phpbb\request\request_interface::GET);
-output_image();
 
-/* @var $cron_lock \phpbb\lock\db */
+/** @var \phpbb\controller\helper $controller_helper */
-$cron_lock = $phpbb_container->get('cron.lock_db');
+$controller_helper = $phpbb_container->get('controller.helper');
-if ($cron_lock->acquire())
+$response = new RedirectResponse(
-{
+	$controller_helper->route('phpbb_cron_run', $get_params_array, false),
-	/* @var $cron \phpbb\cron\manager */
+	301
-	$cron = $phpbb_container->get('cron.manager');
+);
-
+$response->send();
-	$task = $cron->find_task($cron_type);
-	if ($task)
-	{
-		/**
-		 * This event enables you to catch the task before it runs
-		 *
-		 * @event core.cron_run_before
-		 * @var	\phpbb\cron\task\wrapper	task	Current Cron task
-		 * @since 3.1.8-RC1
-		 */
-		$vars = array(
-			'task',
-		);
-		extract($phpbb_dispatcher->trigger_event('core.cron_run_before', compact($vars)));
-
-		if ($task->is_parametrized())
-		{
-			$task->parse_parameters($request);
-		}
-		if ($task->is_ready())
-		{
-			$task->run();
-		}
-	}
-	$cron_lock->release();
-}
-
-garbage_collection();

download/file.php

@@ -257,11 +257,6 @@ else
 		$display_cat = ATTACHMENT_CATEGORY_NONE;
 	}
 
-	if ($display_cat == ATTACHMENT_CATEGORY_FLASH && !$user->optionget('viewflash'))
-	{
-		$display_cat = ATTACHMENT_CATEGORY_NONE;
-	}
-
 	/**
 	* Event to modify data before sending file to browser
 	*

ext/phpbb/viglink/acp/viglink_helper.php

@@ -76,7 +76,8 @@ class viglink_helper
 		{
 			throw new \RuntimeException($this->language->lang('VERSIONCHECK_FAIL'));
 		}
-		else if ($info === false || $force_update)
+
+		if ($info === false || $force_update)
 		{
 			try
 			{

ext/phpbb/viglink/composer.json

@@ -3,7 +3,7 @@
 	"type": "phpbb-extension",
 	"description": "The VigLink extension for phpBB makes it possible to earn revenue, without any change to the user experience, when users post and follow links to commercial sites.",
 	"homepage": "https://www.phpbb.com",
-	"version": "1.0.4",
+	"version": "1.0.5",
 	"keywords": ["phpbb", "extension", "viglink"],
 	"license": "GPL-2.0-only",
 	"authors": [
@@ -15,13 +15,13 @@
 	],
 	"require": {
 		"php": ">=5.4",
-		"phpbb/phpbb": ">=3.2.0-b1",
+		"phpbb/phpbb": ">=3.2.0",
 		"composer/installers": "~1.0"
 	},
 	"extra": {
 		"display-name": "VigLink",
 		"soft-require": {
-			"phpbb/phpbb": ">=3.2.0-b1,<3.3"
+			"phpbb/phpbb": ">=3.2.0-b1,<4.0.0@dev"
 		}
 	}
 }

ext/phpbb/viglink/styles/all/theme/viglink.css

@@ -8,7 +8,7 @@
 */
 
 .viglink-header {
-	background: url('images/VigLink_logo.png') no-repeat 0 0;
+	background: url("images/VigLink_logo.png") no-repeat 0 0;
 	padding-bottom: 18px;
 	padding-left: 142px;
 }

feed.php

@@ -36,17 +36,17 @@ $mode	= $request->variable('mode', '');
 
 if ($forum_id !== 0)
 {
-	$url = $controller_helper->route('phpbb_feed_forum', array('forum_id' => $forum_id));
+	$url = $controller_helper->route('phpbb_feed_forum', array('forum_id' => $forum_id), false);
 }
 else if ($topic_id !== 0)
 {
-	$url = $controller_helper->route('phpbb_feed_topic', array('topic_id' => $topic_id));
+	$url = $controller_helper->route('phpbb_feed_topic', array('topic_id' => $topic_id), false);
 }
 else
 {
 	try
 	{
-		$url = $controller_helper->route('phpbb_feed_overall', array('mode' => $mode));
+		$url = $controller_helper->route('phpbb_feed_overall', array('mode' => $mode), false);
 	}
 	catch (InvalidParameterException $e)
 	{

includes/acp/acp_attachments.php

@@ -27,6 +27,9 @@ class acp_attachments
 	/** @var \phpbb\config\config */
 	protected $config;
 
+	/** @var \phpbb\language\language */
+	protected $language;
+
 	/** @var ContainerBuilder */
 	protected $phpbb_container;
 
@@ -54,6 +57,7 @@ class acp_attachments
 		$this->id = $id;
 		$this->db = $db;
 		$this->config = $config;
+		$this->language = $phpbb_container->get('language');
 		$this->template = $template;
 		$this->user = $user;
 		$this->phpbb_container = $phpbb_container;
@@ -128,7 +132,7 @@ class acp_attachments
 				$s_assigned_groups = array();
 				while ($row = $db->sql_fetchrow($result))
 				{
-					$row['group_name'] = (isset($user->lang['EXT_GROUP_' . $row['group_name']])) ? $user->lang['EXT_GROUP_' . $row['group_name']] : $row['group_name'];
+					$row['group_name'] = $this->language->is_set('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) ? $this->language->lang('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) : $row['group_name'];
 					$s_assigned_groups[$row['cat_id']][] = $row['group_name'];
 				}
 				$db->sql_freeresult($result);
@@ -573,7 +577,7 @@ class acp_attachments
 							$group_id = $db->sql_nextid();
 						}
 
-						$group_name = (isset($user->lang['EXT_GROUP_' . $group_name])) ? $user->lang['EXT_GROUP_' . $group_name] : $group_name;
+						$group_name = $this->language->is_set('EXT_GROUP_' . utf8_strtoupper($group_name)) ? $this->language->lang('EXT_GROUP_' . utf8_strtoupper($group_name)) : $group_name;
 						$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ATTACH_EXTGROUP_' . strtoupper($action), false, array($group_name));
 					}
 
@@ -606,7 +610,6 @@ class acp_attachments
 				$cat_lang = array(
 					ATTACHMENT_CATEGORY_NONE		=> $user->lang['NO_FILE_CAT'],
 					ATTACHMENT_CATEGORY_IMAGE		=> $user->lang['CAT_IMAGES'],
-					ATTACHMENT_CATEGORY_FLASH		=> $user->lang['CAT_FLASH_FILES'],
 				);
 
 				$group_id = $request->variable('g', 0);
@@ -875,7 +878,7 @@ class acp_attachments
 						'U_EDIT'		=> $this->u_action . "&action=edit&g={$row['group_id']}",
 						'U_DELETE'		=> $this->u_action . "&action=delete&g={$row['group_id']}",
 
-						'GROUP_NAME'	=> (isset($user->lang['EXT_GROUP_' . $row['group_name']])) ? $user->lang['EXT_GROUP_' . $row['group_name']] : $row['group_name'],
+						'GROUP_NAME'	=> $this->language->is_set('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) ? $this->language->lang('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) : $row['group_name'],
 						'CATEGORY'		=> $cat_lang[$row['cat_id']],
 						)
 					);
@@ -1244,15 +1247,11 @@ class acp_attachments
 						'ATTACHMENT_POSTER'	=> get_username_string('full', (int) $row['poster_id'], (string) $row['username'], (string) $row['user_colour'], (string) $row['username']),
 						'FILESIZE'			=> get_formatted_filesize((int) $row['filesize']),
 						'FILETIME'			=> $user->format_date((int) $row['filetime']),
-						'REAL_FILENAME'		=> (!$row['in_message']) ? utf8_basename((string) $row['real_filename']) : '',
+						'REAL_FILENAME'		=> utf8_basename((string) $row['real_filename']),
-						'PHYSICAL_FILENAME'	=> utf8_basename((string) $row['physical_filename']),
+						'EXT_GROUP_NAME'	=> $this->language->is_set('EXT_GROUP_' . utf8_strtoupper($extensions[$row['extension']]['group_name'])) ?  $this->language->lang('EXT_GROUP_' . utf8_strtoupper($extensions[$row['extension']]['group_name'])) : $extensions[$row['extension']]['group_name'],
-						'EXT_GROUP_NAME'	=> (!empty($extensions[$row['extension']]['group_name'])) ? $user->lang['EXT_GROUP_' . $extensions[$row['extension']]['group_name']] : '',
 						'COMMENT'			=> $comment,
 						'TOPIC_TITLE'		=> (!$row['in_message']) ? (string) $row['topic_title'] : '',
 						'ATTACH_ID'			=> (int) $row['attach_id'],
-						'POST_ID'			=> (int) $row['post_msg_id'],
-						'TOPIC_ID'			=> (int) $row['topic_id'],
-						'POST_IDS'			=> (!empty($post_ids[$row['attach_id']])) ? (int) $post_ids[$row['attach_id']] : '',
 
 						'L_DOWNLOAD_COUNT'	=> $user->lang($l_downloaded_viewed, (int) $row['download_count']),
 
@@ -1385,7 +1384,6 @@ class acp_attachments
 		$types = array(
 			ATTACHMENT_CATEGORY_NONE		=> $user->lang['NO_FILE_CAT'],
 			ATTACHMENT_CATEGORY_IMAGE		=> $user->lang['CAT_IMAGES'],
-			ATTACHMENT_CATEGORY_FLASH		=> $user->lang['CAT_FLASH_FILES'],
 		);
 
 		if ($group_id)
@@ -1434,7 +1432,7 @@ class acp_attachments
 		$group_name = array();
 		while ($row = $db->sql_fetchrow($result))
 		{
-			$row['group_name'] = (isset($user->lang['EXT_GROUP_' . $row['group_name']])) ? $user->lang['EXT_GROUP_' . $row['group_name']] : $row['group_name'];
+			$row['group_name'] = $this->language->is_set('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) ? $this->language->lang('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) : $row['group_name'];
 			$group_name[] = $row;
 		}
 		$db->sql_freeresult($result);

includes/acp/acp_bbcodes.php

@@ -33,7 +33,6 @@ class acp_bbcodes
 		// Set up general vars
 		$action	= $request->variable('action', '');
 		$bbcode_id = $request->variable('bbcode', 0);
-		$submit = $request->is_set_post('submit');
 
 		$this->tpl_name = 'acp_bbcodes';
 		$this->page_title = 'ACP_BBCODES';
@@ -41,11 +40,6 @@ class acp_bbcodes
 
 		add_form_key($form_key);
 
-		if ($submit && !check_form_key($form_key))
-		{
-			trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
-		}
-
 		// Set up mode-specific vars
 		switch ($action)
 		{
@@ -163,7 +157,7 @@ class acp_bbcodes
 				* @var	string	bbcode_tpl			The bbcode HTML replacement string
 				* @var	string	bbcode_helpline		The bbcode help line string
 				* @var	array	hidden_fields		Array of hidden fields for use when
-				*									submitting form when $warn_text is true
+				*									submitting form when $warn_unsafe is true
 				* @since 3.1.0-a3
 				*/
 				$vars = array(
@@ -178,8 +172,25 @@ class acp_bbcodes
 				);
 				extract($phpbb_dispatcher->trigger_event('core.acp_bbcodes_modify_create', compact($vars)));
 
-				$warn_text = preg_match('%<[^>]*\{text[\d]*\}[^>]*>%i', $bbcode_tpl);
+				$acp_utils   = $phpbb_container->get('text_formatter.acp_utils');
-				if (!$warn_text || confirm_box(true))
+				$bbcode_info = $acp_utils->analyse_bbcode($bbcode_match, $bbcode_tpl);
+				$warn_unsafe = ($bbcode_info['status'] === $acp_utils::BBCODE_STATUS_UNSAFE);
+
+				if ($bbcode_info['status'] === $acp_utils::BBCODE_STATUS_INVALID_TEMPLATE)
+				{
+					trigger_error($user->lang['BBCODE_INVALID_TEMPLATE'] . adm_back_link($this->u_action), E_USER_WARNING);
+				}
+				if ($bbcode_info['status'] === $acp_utils::BBCODE_STATUS_INVALID_DEFINITION)
+				{
+					trigger_error($user->lang['BBCODE_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+				}
+
+				if (!$warn_unsafe && !check_form_key($form_key))
+				{
+					trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+				}
+
+				if (!$warn_unsafe || confirm_box(true))
 				{
 					$data = $this->build_regexp($bbcode_match, $bbcode_tpl);
 
@@ -196,7 +207,10 @@ class acp_bbcodes
 						$db->sql_freeresult($result);
 
 						// Grab the end, interrogate the last closing tag
-						if ($info['test'] === '1' || in_array(strtolower($data['bbcode_tag']), $hard_coded) || (preg_match('#\[/([^[]*)]$#', $bbcode_match, $regs) && in_array(strtolower($regs[1]), $hard_coded)))
+						if (isset($info['test']) && $info['test'] === '1'
+							|| in_array(strtolower($data['bbcode_tag']), $hard_coded)
+							|| (preg_match('#\[/([^[]*)]$#', $bbcode_match, $regs) && in_array(strtolower($regs[1]), $hard_coded))
+						)
 						{
 							trigger_error($user->lang['BBCODE_INVALID_TAG_NAME'] . adm_back_link($this->u_action), E_USER_WARNING);
 						}
@@ -211,11 +225,6 @@ class acp_bbcodes
 						$test = $data['bbcode_tag'];
 					}
 
-					if (!preg_match('%\\[' . $test . '[^]]*].*?\\[/' . $test . ']%s', $bbcode_match))
-					{
-						trigger_error($user->lang['BBCODE_OPEN_ENDED_TAG'] . adm_back_link($this->u_action), E_USER_WARNING);
-					}
-
 					if (strlen($data['bbcode_tag']) > 16)
 					{
 						trigger_error($user->lang['BBCODE_TAG_TOO_LONG'] . adm_back_link($this->u_action), E_USER_WARNING);
@@ -451,144 +460,7 @@ class acp_bbcodes
 	function build_regexp(&$bbcode_match, &$bbcode_tpl)
 	{
 		$bbcode_match = trim($bbcode_match);
-		$bbcode_tpl = trim($bbcode_tpl);
-
-		// Allow unicode characters for URL|LOCAL_URL|RELATIVE_URL|INTTEXT tokens
-		$utf8 = preg_match('/(URL|LOCAL_URL|RELATIVE_URL|INTTEXT)/', $bbcode_match);
-
-		$fp_match = preg_quote($bbcode_match, '!');
-		$fp_replace = preg_replace('#^\[(.*?)\]#', '[$1:$uid]', $bbcode_match);
-		$fp_replace = preg_replace('#\[/(.*?)\]$#', '[/$1:$uid]', $fp_replace);
-
-		$sp_match = preg_quote($bbcode_match, '!');
-		$sp_match = preg_replace('#^\\\\\[(.*?)\\\\\]#', '\[$1:$uid\]', $sp_match);
-		$sp_match = preg_replace('#\\\\\[/(.*?)\\\\\]$#', '\[/$1:$uid\]', $sp_match);
-		$sp_replace = $bbcode_tpl;
-
-		// @todo Make sure to change this too if something changed in message parsing
-		$tokens = array(
-			'URL'	 => array(
-				'!(?:(' . str_replace(array('!', '\#'), array('\!', '#'), get_preg_expression('url')) . ')|(' . str_replace(array('!', '\#'), array('\!', '#'), get_preg_expression('www_url')) . '))!ie'	=>	"\$this->bbcode_specialchars(('\$1') ? '\$1' : 'http://\$2')"
-			),
-			'LOCAL_URL'	 => array(
-				'!(' . str_replace(array('!', '\#'), array('\!', '#'), get_preg_expression('relative_url')) . ')!e'	=>	"\$this->bbcode_specialchars('$1')"
-			),
-			'RELATIVE_URL'	=> array(
-				'!(' . str_replace(array('!', '\#'), array('\!', '#'), get_preg_expression('relative_url')) . ')!e'	=>	"\$this->bbcode_specialchars('$1')"
-			),
-			'EMAIL' => array(
-				'!(' . get_preg_expression('email') . ')!ie'	=>	"\$this->bbcode_specialchars('$1')"
-			),
-			'TEXT' => array(
-				'!(.*?)!es'	 =>	"str_replace(array(\"\\r\\n\", '\\\"', '\\'', '(', ')'), array(\"\\n\", '\"', '&#39;', '&#40;', '&#41;'), trim('\$1'))"
-			),
-			'SIMPLETEXT' => array(
-				'!([a-zA-Z0-9-+.,_ ]+)!'	 =>	"$1"
-			),
-			'INTTEXT' => array(
-				'!([\p{L}\p{N}\-+,_. ]+)!u'	 =>	"$1"
-			),
-			'IDENTIFIER' => array(
-				'!([a-zA-Z0-9-_]+)!'	 =>	"$1"
-			),
-			'COLOR' => array(
-				'!([a-z]+|#[0-9abcdef]+)!i'	=>	'$1'
-			),
-			'NUMBER' => array(
-				'!([0-9]+)!'	=>	'$1'
-			)
-		);
-
-		$sp_tokens = array(
-			'URL'	 => '(?i)((?:' . str_replace(array('!', '\#'), array('\!', '#'), get_preg_expression('url')) . ')|(?:' . str_replace(array('!', '\#'), array('\!', '#'), get_preg_expression('www_url')) . '))(?-i)',
-			'LOCAL_URL'	 => '(?i)(' . str_replace(array('!', '\#'), array('\!', '#'), get_preg_expression('relative_url')) . ')(?-i)',
-			'RELATIVE_URL'	 => '(?i)(' . str_replace(array('!', '\#'), array('\!', '#'), get_preg_expression('relative_url')) . ')(?-i)',
-			'EMAIL' => '(' . get_preg_expression('email') . ')',
-			'TEXT' => '(.*?)',
-			'SIMPLETEXT' => '([a-zA-Z0-9-+.,_ ]+)',
-			'INTTEXT' => '([\p{L}\p{N}\-+,_. ]+)',
-			'IDENTIFIER' => '([a-zA-Z0-9-_]+)',
-			'COLOR' => '([a-zA-Z]+|#[0-9abcdefABCDEF]+)',
-			'NUMBER' => '([0-9]+)',
-		);
-
-		$pad = 0;
-		$modifiers = 'i';
-		$modifiers .= ($utf8) ? 'u' : '';
-
-		if (preg_match_all('/\{(' . implode('|', array_keys($tokens)) . ')[0-9]*\}/i', $bbcode_match, $m))
-		{
-			foreach ($m[0] as $n => $token)
-			{
-				$token_type = $m[1][$n];
-
-				reset($tokens[strtoupper($token_type)]);
-				list($match, $replace) = each($tokens[strtoupper($token_type)]);
-
-				// Pad backreference numbers from tokens
-				if (preg_match_all('/(?<!\\\\)\$([0-9]+)/', $replace, $repad))
-				{
-					$repad = $pad + count(array_unique($repad[0]));
-					$replace = preg_replace_callback('/(?<!\\\\)\$([0-9]+)/', function ($match) use ($pad) {
-						return '${' . ($match[1] + $pad) . '}';
-					}, $replace);
-					$pad = $repad;
-				}
-
-				// Obtain pattern modifiers to use and alter the regex accordingly
-				$regex = preg_replace('/!(.*)!([a-z]*)/', '$1', $match);
-				$regex_modifiers = preg_replace('/!(.*)!([a-z]*)/', '$2', $match);
-
-				for ($i = 0, $size = strlen($regex_modifiers); $i < $size; ++$i)
-				{
-					if (strpos($modifiers, $regex_modifiers[$i]) === false)
-					{
-						$modifiers .= $regex_modifiers[$i];
-
-						if ($regex_modifiers[$i] == 'e')
-						{
-							$fp_replace = "'" . str_replace("'", "\\'", $fp_replace) . "'";
-						}
-					}
-
-					if ($regex_modifiers[$i] == 'e')
-					{
-						$replace = "'.$replace.'";
-					}
-				}
-
-				$fp_match = str_replace(preg_quote($token, '!'), $regex, $fp_match);
-				$fp_replace = str_replace($token, $replace, $fp_replace);
-
-				$sp_match = str_replace(preg_quote($token, '!'), $sp_tokens[$token_type], $sp_match);
-
-				// Prepend the board url to local relative links
-				$replace_prepend = ($token_type === 'LOCAL_URL') ? generate_board_url() . '/' : '';
-
-				$sp_replace = str_replace($token, $replace_prepend . '${' . ($n + 1) . '}', $sp_replace);
-			}
-
-			$fp_match = '!' . $fp_match . '!' . $modifiers;
-			$sp_match = '!' . $sp_match . '!s' . (($utf8) ? 'u' : '');
-
-			if (strpos($fp_match, 'e') !== false)
-			{
-				$fp_replace = str_replace("'.'", '', $fp_replace);
-				$fp_replace = str_replace(".''.", '.', $fp_replace);
-			}
-		}
-		else
-		{
-			// No replacement is present, no need for a second-pass pattern replacement
-			// A simple str_replace will suffice
-			$fp_match = '!' . $fp_match . '!' . $modifiers;
-			$sp_match = $fp_replace;
-			$sp_replace = '';
-		}
-
-		// Lowercase tags
 		$bbcode_tag = preg_replace('/.*?\[([a-z0-9_-]+).*/i', '$1', $bbcode_match);
-		$bbcode_search = preg_replace('/.*?\[([a-z0-9_-]+).*/i', '$1', $bbcode_match);
 
 		if (!preg_match('/^[a-zA-Z0-9_-]+$/', $bbcode_tag))
 		{
@@ -596,25 +468,13 @@ class acp_bbcodes
 			trigger_error($user->lang['BBCODE_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
 		}
 
-		$fp_match = preg_replace_callback('#\[/?' . $bbcode_search . '#i', function ($match) {
-			return strtolower($match[0]);
-		}, $fp_match);
-		$fp_replace = preg_replace_callback('#\[/?' . $bbcode_search . '#i', function ($match) {
-			return strtolower($match[0]);
-		}, $fp_replace);
-		$sp_match = preg_replace_callback('#\[/?' . $bbcode_search . '#i', function ($match) {
-			return strtolower($match[0]);
-		}, $sp_match);
-		$sp_replace = preg_replace_callback('#\[/?' . $bbcode_search . '#i', function ($match) {
-			return strtolower($match[0]);
-		}, $sp_replace);
-
 		return array(
 			'bbcode_tag'				=> $bbcode_tag,
-			'first_pass_match'			=> $fp_match,
+			'first_pass_match'			=> '/(?!)/',
-			'first_pass_replace'		=> $fp_replace,
+			'first_pass_replace'		=> '',
-			'second_pass_match'			=> $sp_match,
+			// Use a non-matching, valid regexp to effectively disable this BBCode
-			'second_pass_replace'		=> $sp_replace
+			'second_pass_match'			=> '/(?!)/',
+			'second_pass_replace'		=> ''
 		);
 	}
 }

includes/acp/acp_board.php

@@ -85,34 +85,26 @@ class acp_board
 				$display_vars = array(
 					'title'	=> 'ACP_BOARD_FEATURES',
 					'vars'	=> array(
-						'legend1'				=> 'ACP_BOARD_FEATURES',
+						'legend1'						=> 'ACP_BOARD_FEATURES',
-						'allow_privmsg'			=> array('lang' => 'BOARD_PM',				'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
+						'allow_privmsg'					=> array('lang' => 'BOARD_PM',						'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
-						'allow_topic_notify'	=> array('lang' => 'ALLOW_TOPIC_NOTIFY',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
+						'allow_topic_notify'			=> array('lang' => 'ALLOW_TOPIC_NOTIFY',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
-						'allow_forum_notify'	=> array('lang' => 'ALLOW_FORUM_NOTIFY',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
+						'allow_forum_notify'			=> array('lang' => 'ALLOW_FORUM_NOTIFY',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
-						'allow_namechange'		=> array('lang' => 'ALLOW_NAME_CHANGE',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
+						'allow_namechange'				=> array('lang' => 'ALLOW_NAME_CHANGE',				'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
-						'allow_attachments'		=> array('lang' => 'ALLOW_ATTACHMENTS',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
+						'allow_attachments'				=> array('lang' => 'ALLOW_ATTACHMENTS',				'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
-						'allow_pm_attach'		=> array('lang' => 'ALLOW_PM_ATTACHMENTS',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
+						'allow_pm_attach'				=> array('lang' => 'ALLOW_PM_ATTACHMENTS',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
-						'allow_pm_report'		=> array('lang' => 'ALLOW_PM_REPORT',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
+						'allow_pm_report'				=> array('lang' => 'ALLOW_PM_REPORT',				'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
-						'allow_bbcode'			=> array('lang' => 'ALLOW_BBCODE',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
+						'allow_bbcode'					=> array('lang' => 'ALLOW_BBCODE',					'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
-						'allow_smilies'			=> array('lang' => 'ALLOW_SMILIES',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
+						'allow_smilies'					=> array('lang' => 'ALLOW_SMILIES',					'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
-						'allow_sig'				=> array('lang' => 'ALLOW_SIG',				'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
+						'allow_sig'						=> array('lang' => 'ALLOW_SIG',						'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
 						'allow_board_notifications'		=> array('lang' => 'ALLOW_BOARD_NOTIFICATIONS',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
-						'allow_nocensors'		=> array('lang' => 'ALLOW_NO_CENSORS',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
+						'allow_nocensors'				=> array('lang' => 'ALLOW_NO_CENSORS',				'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
-						'allow_bookmarks'		=> array('lang' => 'ALLOW_BOOKMARKS',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
+						'allow_bookmarks'				=> array('lang' => 'ALLOW_BOOKMARKS',				'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
-						'allow_birthdays'		=> array('lang' => 'ALLOW_BIRTHDAYS',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
+						'allow_birthdays'				=> array('lang' => 'ALLOW_BIRTHDAYS',				'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
-						'display_last_subject'	=> array('lang' => 'DISPLAY_LAST_SUBJECT',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
+						'display_last_subject'			=> array('lang' => 'DISPLAY_LAST_SUBJECT',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
-						'allow_quick_reply'		=> array('lang' => 'ALLOW_QUICK_REPLY',		'validate' => 'bool',	'type' => 'custom', 'method' => 'quick_reply', 'explain' => true),
+						'display_unapproved_posts'		=> array('lang' => 'DISPLAY_UNAPPROVED_POSTS',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
+						'allow_quick_reply'				=> array('lang' => 'ALLOW_QUICK_REPLY',				'validate' => 'bool',	'type' => 'custom', 'method' => 'quick_reply', 'explain' => true),
 
-						'legend2'				=> 'ACP_LOAD_SETTINGS',
+						'legend2'							=> 'ACP_SUBMIT_CHANGES',
-						'load_birthdays'		=> array('lang' => 'YES_BIRTHDAYS',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
-						'load_moderators'		=> array('lang' => 'YES_MODERATORS',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
-						'load_jumpbox'			=> array('lang' => 'YES_JUMPBOX',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
-						'load_cpf_memberlist'	=> array('lang' => 'LOAD_CPF_MEMBERLIST',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
-						'load_cpf_pm'			=> array('lang' => 'LOAD_CPF_PM',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain'	=> false),
-						'load_cpf_viewprofile'	=> array('lang' => 'LOAD_CPF_VIEWPROFILE',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
-						'load_cpf_viewtopic'	=> array('lang' => 'LOAD_CPF_VIEWTOPIC',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
-
-						'legend3'					=> 'ACP_SUBMIT_CHANGES',
 					)
 				);
 			break;
@@ -263,7 +255,6 @@ class acp_board
 					'vars'	=> array(
 						'legend1'				=> 'GENERAL_SETTINGS',
 						'max_name_chars'		=> array('lang' => 'USERNAME_LENGTH', 'validate' => 'int:8:180', 'type' => false, 'method' => false, 'explain' => false,),
-						'max_pass_chars'		=> array('lang' => 'PASSWORD_LENGTH', 'validate' => 'int:8:255', 'type' => false, 'method' => false, 'explain' => false,),
 
 						'require_activation'	=> array('lang' => 'ACC_ACTIVATION',	'validate' => 'int',	'type' => 'select', 'method' => 'select_acc_activation', 'explain' => true),
 						'new_member_post_limit'	=> array('lang' => 'NEW_MEMBER_POST_LIMIT', 'validate' => 'int:0:255', 'type' => 'number:0:255', 'explain' => true, 'append' => ' ' . $user->lang['POSTS']),
@@ -426,7 +417,6 @@ class acp_board
 						'remote_upload_verify'	=> array('lang' => 'UPLOAD_CERT_VALID',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'check_dnsbl'			=> array('lang' => 'CHECK_DNSBL',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'email_check_mx'		=> array('lang' => 'EMAIL_CHECK_MX',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
-						'max_pass_chars'		=> array('lang' => 'PASSWORD_LENGTH', 'validate' => 'int:8:255', 'type' => false, 'method' => false, 'explain' => false,),
 						'min_pass_chars'		=> array('lang' => 'PASSWORD_LENGTH',	'validate' => 'int:1',	'type' => 'custom', 'method' => 'password_length', 'explain' => true),
 						'pass_complex'			=> array('lang' => 'PASSWORD_TYPE',			'validate' => 'string',	'type' => 'select', 'method' => 'select_password_chars', 'explain' => true),
 						'chg_passforce'			=> array('lang' => 'FORCE_PASS_CHANGE',		'validate' => 'int:0:999',	'type' => 'number:0:999', 'explain' => true, 'append' => ' ' . $user->lang['DAYS']),
@@ -450,6 +440,7 @@ class acp_board
 						'email_enable'			=> array('lang' => 'ENABLE_EMAIL',			'validate' => 'bool',	'type' => 'radio:enabled_disabled', 'explain' => true),
 						'board_email_form'		=> array('lang' => 'BOARD_EMAIL_FORM',		'validate' => 'bool',	'type' => 'radio:enabled_disabled', 'explain' => true),
 						'email_package_size'	=> array('lang' => 'EMAIL_PACKAGE_SIZE',	'validate' => 'int:0',	'type' => 'number:0:99999', 'explain' => true),
+						'email_max_chunk_size'	=> array('lang' => 'EMAIL_MAX_CHUNK_SIZE',	'validate' => 'int:1:99999',	'type' => 'number:1:99999', 'explain' => true),
 						'board_contact'			=> array('lang' => 'CONTACT_EMAIL',			'validate' => 'email',	'type' => 'email:25:100', 'explain' => true),
 						'board_contact_name'	=> array('lang' => 'CONTACT_EMAIL_NAME',	'validate' => 'string',	'type' => 'text:25:50', 'explain' => true),
 						'board_email'			=> array('lang' => 'ADMIN_EMAIL',			'validate' => 'email',	'type' => 'email:25:100', 'explain' => true),
@@ -539,13 +530,16 @@ class acp_board
 
 			if ($submit)
 			{
-				if (strpos($data['type'], 'password') === 0 && $config_value === '********')
+				if (isset($data['type']) && strpos($data['type'], 'password') === 0 && $config_value === '********')
 				{
-					// Do not update password fields if the content is ********,
+					/**
-					// because that is the password replacement we use to not
+					 * Do not update password fields if the content is ********,
-					// send the password to the output
+					 * because that is the password replacement we use to not
+					 * send the password to the output
+					 */
 					continue;
 				}
+
 				$config->set($config_name, $config_value);
 
 				if ($config_name == 'allow_quick_reply' && isset($_POST['allow_quick_reply_enable']))
@@ -903,13 +897,13 @@ class acp_board
 	}
 
 	/**
-	* Maximum/Minimum password length
+	* Minimum password length
 	*/
 	function password_length($value, $key)
 	{
 		global $user;
 
-		return '<input id="' . $key . '" type="number" min="1" max="999" name="config[min_pass_chars]" value="' . $value . '" /> ' . $user->lang['MIN_CHARS'] . '&nbsp;&nbsp;<input type="number" min="8" max="255" name="config[max_pass_chars]" value="' . $this->new_config['max_pass_chars'] . '" /> ' . $user->lang['MAX_CHARS'];
+		return '<input id="' . $key . '" type="number" min="1" max="999" name="config[min_pass_chars]" value="' . $value . '" /> ' . $user->lang['MIN_CHARS'];
 	}
 
 	/**

includes/acp/acp_database.php

@@ -58,7 +58,6 @@ class acp_database
 						$type	= $request->variable('type', '');
 						$table	= array_intersect($this->db_tools->sql_list_tables(), $request->variable('table', array('')));
 						$format	= $request->variable('method', '');
-						$where	= $request->variable('where', '');
 
 						if (!count($table))
 						{
@@ -70,12 +69,9 @@ class acp_database
 							trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
 						}
 
-						$store = $structure = $schema_data = false;
+						$store = true;
-
+						$structure = false;
-						if ($where == 'store')
+						$schema_data = false;
-						{
-							$store = true;
-						}
 
 						if ($type == 'full' || $type == 'structure')
 						{
@@ -216,7 +212,7 @@ class acp_database
 						}
 						else if (confirm_box(true))
 						{
-							switch ($backup_info['extensions'])
+							switch ($backup_info['extension'])
 							{
 								case 'sql':
 									$fp = fopen($backup_info['file_name'], 'rb');
@@ -252,8 +248,6 @@ class acp_database
 
 							switch ($db->get_sql_layer())
 							{
-								case 'mysql':
-								case 'mysql4':
 								case 'mysqli':
 								case 'sqlite3':
 									while (($sql = $fgetd($fp, ";\n", $read, $seek, $eof)) !== false)

includes/acp/acp_extensions.php

@@ -38,7 +38,7 @@ class acp_extensions
 	private $phpbb_container;
 	private $php_ini;
 
-	function main()
+	function main($id, $mode)
 	{
 		// Start the page
 		global $config, $user, $template, $request, $phpbb_extension_manager, $phpbb_root_path, $phpbb_log, $phpbb_dispatcher, $phpbb_container;
@@ -172,23 +172,27 @@ class acp_extensions
 				}
 
 				$extension = $this->ext_manager->get_extension($ext_name);
-				if (!$extension->is_enableable())
+
-				{
+				$this->check_is_enableable($extension);
-					trigger_error($this->user->lang['EXTENSION_NOT_ENABLEABLE'] . adm_back_link($this->u_action), E_USER_WARNING);
-				}
 
 				if ($this->ext_manager->is_enabled($ext_name))
 				{
 					redirect($this->u_action);
 				}
 
-				$this->tpl_name = 'acp_ext_enable';
+				if (confirm_box(true))
-
+				{
-				$this->template->assign_vars(array(
+					redirect($this->u_action . '&action=enable&ext_name=' . urlencode($ext_name) . '&hash=' . generate_link_hash('enable.' . $ext_name));
-					'PRE'				=> true,
+				}
-					'L_CONFIRM_MESSAGE'	=> $this->user->lang('EXTENSION_ENABLE_CONFIRM', $md_manager->get_metadata('display-name')),
+				else
-					'U_ENABLE'			=> $this->u_action . '&action=enable&ext_name=' . urlencode($ext_name) . '&hash=' . generate_link_hash('enable.' . $ext_name),
+				{
-				));
+					confirm_box(false, $this->user->lang('EXTENSION_ENABLE_CONFIRM', $md_manager->get_metadata('display-name')), build_hidden_fields(array(
+						'i'			=> $id,
+						'mode'		=> $mode,
+						'action'	=> 'enable_pre',
+						'ext_name'	=> $ext_name,
+					)));
+				}
 			break;
 
 			case 'enable':
@@ -203,10 +207,8 @@ class acp_extensions
 				}
 
 				$extension = $this->ext_manager->get_extension($ext_name);
-				if (!$extension->is_enableable())
+
-				{
+				$this->check_is_enableable($extension);
-					trigger_error($this->user->lang['EXTENSION_NOT_ENABLEABLE'] . adm_back_link($this->u_action), E_USER_WARNING);
-				}
 
 				try
 				{
@@ -215,9 +217,8 @@ class acp_extensions
 						// Are we approaching the time limit? If so we want to pause the update and continue after refreshing
 						if ((time() - $start_time) >= $safe_time_limit)
 						{
-							$this->template->assign_var('S_NEXT_STEP', true);
-
 							meta_refresh(0, $this->u_action . '&action=enable&ext_name=' . urlencode($ext_name) . '&hash=' . generate_link_hash('enable.' . $ext_name));
+							trigger_error('EXTENSION_ENABLE_IN_PROGRESS', E_USER_NOTICE);
 						}
 					}
 
@@ -233,14 +234,29 @@ class acp_extensions
 				}
 				catch (\phpbb\db\migration\exception $e)
 				{
-					$this->template->assign_var('MIGRATOR_ERROR', $e->getLocalisedMessage($this->user));
+					trigger_error($this->user->lang('MIGRATION_EXCEPTION_ERROR', $e->getLocalisedMessage($this->user)), E_USER_WARNING);
 				}
 
-				$this->tpl_name = 'acp_ext_enable';
+				if ($this->request->is_ajax())
+				{
+					$actions = $this->output_actions('enabled', [
+						'DISABLE'	=> $this->u_action . '&action=disable_pre&ext_name=' . urlencode($ext_name),
+					]);
 
-				$this->template->assign_vars(array(
+					$data = [
-					'U_RETURN'		=> $this->u_action . '&action=list',
+						'EXT_ENABLE_SUCCESS'	=> true,
-				));
+						'ACTIONS'				=> $actions,
+						'REFRESH_DATA'			=> [
+							'url'	=> '',
+							'time'	=> 0,
+						],
+					];
+
+					$json_response = new \phpbb\json_response;
+					$json_response->send($data);
+				}
+
+				trigger_error($this->user->lang('EXTENSION_ENABLE_SUCCESS') . adm_back_link($this->u_action), E_USER_NOTICE);
 			break;
 
 			case 'disable_pre':
@@ -249,13 +265,19 @@ class acp_extensions
 					redirect($this->u_action);
 				}
 
-				$this->tpl_name = 'acp_ext_disable';
+				if (confirm_box(true))
-
+				{
-				$this->template->assign_vars(array(
+					redirect($this->u_action . '&action=disable&ext_name=' . urlencode($ext_name) . '&hash=' . generate_link_hash('disable.' . $ext_name));
-					'PRE'				=> true,
+				}
-					'L_CONFIRM_MESSAGE'	=> $this->user->lang('EXTENSION_DISABLE_CONFIRM', $md_manager->get_metadata('display-name')),
+				else
-					'U_DISABLE'			=> $this->u_action . '&action=disable&ext_name=' . urlencode($ext_name) . '&hash=' . generate_link_hash('disable.' . $ext_name),
+				{
-				));
+					confirm_box(false, $this->user->lang('EXTENSION_DISABLE_CONFIRM', $md_manager->get_metadata('display-name')), build_hidden_fields(array(
+						'i'			=> $id,
+						'mode'		=> $mode,
+						'action'	=> 'disable_pre',
+						'ext_name'	=> $ext_name,
+					)));
+				}
 			break;
 
 			case 'disable':
@@ -272,15 +294,32 @@ class acp_extensions
 						$this->template->assign_var('S_NEXT_STEP', true);
 
 						meta_refresh(0, $this->u_action . '&action=disable&ext_name=' . urlencode($ext_name) . '&hash=' . generate_link_hash('disable.' . $ext_name));
+						trigger_error('EXTENSION_DISABLE_IN_PROGRESS', E_USER_NOTICE);
 					}
 				}
 				$this->log->add('admin', $this->user->data['user_id'], $this->user->ip, 'LOG_EXT_DISABLE', time(), array($ext_name));
 
-				$this->tpl_name = 'acp_ext_disable';
+				if ($this->request->is_ajax())
+				{
+					$actions = $this->output_actions('disabled', [
+						'ENABLE'		=> $this->u_action . '&action=enable_pre&ext_name=' . urlencode($ext_name),
+						'DELETE_DATA'	=> $this->u_action . '&action=delete_data_pre&ext_name=' . urlencode($ext_name),
+					]);
 
-				$this->template->assign_vars(array(
+					$data = [
-					'U_RETURN'	=> $this->u_action . '&action=list',
+						'EXT_DISABLE_SUCCESS'	=> true,
-				));
+						'ACTIONS'				=> $actions,
+						'REFRESH_DATA'			=> [
+							'url'	=> '',
+							'time'	=> 0,
+						],
+					];
+
+					$json_response = new \phpbb\json_response;
+					$json_response->send($data);
+				}
+
+				trigger_error($this->user->lang('EXTENSION_DISABLE_SUCCESS') . adm_back_link($this->u_action), E_USER_NOTICE);
 			break;
 
 			case 'delete_data_pre':
@@ -288,13 +327,20 @@ class acp_extensions
 				{
 					redirect($this->u_action);
 				}
-				$this->tpl_name = 'acp_ext_delete_data';
 
-				$this->template->assign_vars(array(
+				if (confirm_box(true))
-					'PRE'				=> true,
+				{
-					'L_CONFIRM_MESSAGE'	=> $this->user->lang('EXTENSION_DELETE_DATA_CONFIRM', $md_manager->get_metadata('display-name')),
+					redirect($this->u_action . '&action=delete_data&ext_name=' . urlencode($ext_name) . '&hash=' . generate_link_hash('delete_data.' . $ext_name));
-					'U_PURGE'			=> $this->u_action . '&action=delete_data&ext_name=' . urlencode($ext_name) . '&hash=' . generate_link_hash('delete_data.' . $ext_name),
+				}
-				));
+				else
+				{
+					confirm_box(false, $this->user->lang('EXTENSION_DELETE_DATA_CONFIRM', $md_manager->get_metadata('display-name')), build_hidden_fields(array(
+						'i'			=> $id,
+						'mode'		=> $mode,
+						'action'	=> 'delete_data_pre',
+						'ext_name'	=> $ext_name,
+					)));
+				}
 			break;
 
 			case 'delete_data':
@@ -313,20 +359,36 @@ class acp_extensions
 							$this->template->assign_var('S_NEXT_STEP', true);
 
 							meta_refresh(0, $this->u_action . '&action=delete_data&ext_name=' . urlencode($ext_name) . '&hash=' . generate_link_hash('delete_data.' . $ext_name));
+							trigger_error('EXTENSION_DELETE_DATA_IN_PROGRESS', E_USER_NOTICE);
 						}
 					}
 					$this->log->add('admin', $this->user->data['user_id'], $this->user->ip, 'LOG_EXT_PURGE', time(), array($ext_name));
 				}
 				catch (\phpbb\db\migration\exception $e)
 				{
-					$this->template->assign_var('MIGRATOR_ERROR', $e->getLocalisedMessage($this->user));
+					trigger_error($this->user->lang('MIGRATION_EXCEPTION_ERROR', $e->getLocalisedMessage($this->user)), E_USER_WARNING);
 				}
 
-				$this->tpl_name = 'acp_ext_delete_data';
+				if ($this->request->is_ajax())
+				{
+					$actions = $this->output_actions('disabled', [
+						'ENABLE'		=> $this->u_action . '&action=enable_pre&ext_name=' . urlencode($ext_name),
+					]);
 
-				$this->template->assign_vars(array(
+					$data = [
-					'U_RETURN'	=> $this->u_action . '&action=list',
+						'EXT_DELETE_DATA_SUCCESS'	=> true,
-				));
+						'ACTIONS'					=> $actions,
+						'REFRESH_DATA'				=> [
+							'url'	=> '',
+							'time'	=> 0,
+						],
+					];
+
+					$json_response = new \phpbb\json_response;
+					$json_response->send($data);
+				}
+
+				trigger_error($this->user->lang('EXTENSION_DELETE_DATA_SUCCESS') . adm_back_link($this->u_action), E_USER_NOTICE);
 			break;
 
 			case 'details':
@@ -605,17 +667,37 @@ class acp_extensions
 	*
 	* @param string $block
 	* @param array $actions
+	* @return array List of actions to be performed on the extension
 	*/
 	private function output_actions($block, $actions)
 	{
-		foreach ($actions as $lang => $url)
+		$vars_ary = array();
+		foreach ($actions as $lang => $options)
 		{
-			$this->template->assign_block_vars($block . '.actions', array(
+			$url = $options;
+			if (is_array($options))
+			{
+				$url = $options['url'];
+			}
+
+			$vars = array(
 				'L_ACTION'			=> $this->user->lang('EXTENSION_' . $lang),
 				'L_ACTION_EXPLAIN'	=> (isset($this->user->lang['EXTENSION_' . $lang . '_EXPLAIN'])) ? $this->user->lang('EXTENSION_' . $lang . '_EXPLAIN') : '',
 				'U_ACTION'			=> $url,
-			));
+				'ACTION_AJAX'		=> 'ext_' . strtolower($lang),
+			);
+
+			if (isset($options['color']))
+			{
+				$vars['COLOR'] = $options['color'];
+			}
+
+			$this->template->assign_block_vars($block . '.actions', $vars);
+
+			$vars_ary[] = $vars;
 		}
+
+		return $vars_ary;
 	}
 
 	/**
@@ -662,4 +744,28 @@ class acp_extensions
 			));
 		}
 	}
+
+	/**
+	* Checks whether the extension can be enabled. Triggers error if not.
+	* Error message can be set by the extension.
+	*
+	* @param \phpbb\extension\extension_interface $extension Extension to check
+	*/
+	protected function check_is_enableable(\phpbb\extension\extension_interface $extension)
+	{
+		$message = $extension->is_enableable();
+		if ($message !== true)
+		{
+			if (empty($message))
+			{
+				$message = $this->user->lang('EXTENSION_NOT_ENABLEABLE');
+			}
+			else if (is_array($message))
+			{
+				$message = implode('<br>', $message);
+			}
+
+			trigger_error($message . adm_back_link($this->u_action), E_USER_WARNING);
+		}
+	}
 }

includes/acp/acp_forums.php

@@ -131,11 +131,12 @@ class acp_forums
 						'forum_rules_link'		=> $request->variable('forum_rules_link', ''),
 						'forum_image'			=> $request->variable('forum_image', ''),
 						'forum_style'			=> $request->variable('forum_style', 0),
-						'display_subforum_list'	=> $request->variable('display_subforum_list', false),
+						'display_subforum_list'	=> $request->variable('display_subforum_list', true),
-						'display_on_index'		=> $request->variable('display_on_index', false),
+						'display_subforum_limit'=> $request->variable('display_subforum_limit', false),
+						'display_on_index'		=> $request->variable('display_on_index', true),
 						'forum_topics_per_page'	=> $request->variable('topics_per_page', 0),
 						'enable_indexing'		=> $request->variable('enable_indexing', true),
-						'enable_icons'			=> $request->variable('enable_icons', false),
+						'enable_icons'			=> $request->variable('enable_icons', true),
 						'enable_prune'			=> $request->variable('enable_prune', false),
 						'enable_post_review'	=> $request->variable('enable_post_review', true),
 						'enable_quick_reply'	=> $request->variable('enable_quick_reply', false),
@@ -454,10 +455,11 @@ class acp_forums
 							'forum_image'			=> '',
 							'forum_style'			=> 0,
 							'display_subforum_list'	=> true,
-							'display_on_index'		=> false,
+							'display_subforum_limit'	=> false,
+							'display_on_index'		=> true,
 							'forum_topics_per_page'	=> 0,
 							'enable_indexing'		=> true,
-							'enable_icons'			=> false,
+							'enable_icons'			=> true,
 							'enable_prune'			=> false,
 							'prune_days'			=> 7,
 							'prune_viewed'			=> 7,
@@ -676,6 +678,7 @@ class acp_forums
 					'S_ENABLE_INDEXING'			=> ($forum_data['enable_indexing']) ? true : false,
 					'S_TOPIC_ICONS'				=> ($forum_data['enable_icons']) ? true : false,
 					'S_DISPLAY_SUBFORUM_LIST'	=> ($forum_data['display_subforum_list']) ? true : false,
+					'S_DISPLAY_SUBFORUM_LIMIT'	=> ($forum_data['display_subforum_limit']) ? true : false,
 					'S_DISPLAY_ON_INDEX'		=> ($forum_data['display_on_index']) ? true : false,
 					'S_PRUNE_ENABLE'			=> ($forum_data['enable_prune']) ? true : false,
 					'S_PRUNE_SHADOW_ENABLE'			=> ($forum_data['enable_shadow_prune']) ? true : false,
@@ -986,6 +989,23 @@ class acp_forums
 			$errors[] = $user->lang['FORUM_NAME_EMPTY'];
 		}
 
+		/**
+		 * Replace Emojis and other 4bit UTF-8 chars not allowed by MySql to UCR / NCR.
+		 * Using their Numeric Character Reference's Hexadecimal notation.
+		 */
+		$forum_data_ary['forum_name'] = utf8_encode_ucr($forum_data_ary['forum_name']);
+
+		/**
+		 * This should never happen again.
+		 * Leaving the fallback here just in case there will be the need of it.
+		 */
+		if (preg_match_all('/[\x{10000}-\x{10FFFF}]/u', $forum_data_ary['forum_name'], $matches))
+		{
+			$character_list = implode('<br>', $matches[0]);
+
+			$errors[] = $user->lang('FORUM_NAME_EMOJI', $character_list);
+		}
+
 		if (utf8_strlen($forum_data_ary['forum_desc']) > 4000)
 		{
 			$errors[] = $user->lang['FORUM_DESC_TOO_LONG'];
@@ -1416,8 +1436,8 @@ class acp_forums
 		* This event may be triggered, when a forum is deleted
 		*
 		* @event core.acp_manage_forums_move_children
-		* @var	int		from_id		If of the current parent forum
+		* @var	int		from_id		Id of the current parent forum
-		* @var	int		to_id		If of the new parent forum
+		* @var	int		to_id		Id of the new parent forum
 		* @var	array	errors		Array of errors, should be strings and not
 		*							language key.
 		* @since 3.1.0-a1
@@ -1522,8 +1542,8 @@ class acp_forums
 		* Event when we move content from one forum to another
 		*
 		* @event core.acp_manage_forums_move_content
-		* @var	int		from_id		If of the current parent forum
+		* @var	int		from_id		Id of the current parent forum
-		* @var	int		to_id		If of the new parent forum
+		* @var	int		to_id		Id of the new parent forum
 		* @var	bool	sync		Shall we sync the "to"-forum's data
 		* @var	array	errors		Array of errors, should be strings and not
 		*							language key. If this array is not empty,
@@ -1569,6 +1589,19 @@ class acp_forums
 			$db->sql_query($sql);
 		}
 
+		/**
+		 * Event when content has been moved from one forum to another
+		 *
+		 * @event core.acp_manage_forums_move_content_after
+		 * @var	int		from_id		Id of the current parent forum
+		 * @var	int		to_id		Id of the new parent forum
+		 * @var	bool	sync		Shall we sync the "to"-forum's data
+		 *
+		 * @since 3.2.9-RC1
+		 */
+		$vars = array('from_id', 'to_id', 'sync');
+		extract($phpbb_dispatcher->trigger_event('core.acp_manage_forums_move_content_after', compact($vars)));
+
 		if ($sync)
 		{
 			// Delete ghost topics that link back to the same forum then resync counters
@@ -1871,7 +1904,6 @@ class acp_forums
 
 		switch ($db->get_sql_layer())
 		{
-			case 'mysql4':
 			case 'mysqli':
 
 				// Delete everything else and thank MySQL for offering multi-table deletion

includes/acp/acp_help_phpbb.php

@@ -32,7 +32,7 @@ class acp_help_phpbb
 			include($phpbb_root_path . 'includes/questionnaire/questionnaire.' . $phpEx);
 		}
 
-		$collect_url = "https://www.phpbb.com/stats/receive_stats.php";
+		$collect_url = "https://www.phpbb.com/statistics/send";
 
 		$this->tpl_name = 'acp_help_phpbb';
 		$this->page_title = 'ACP_HELP_PHPBB';
@@ -90,13 +90,15 @@ class acp_help_phpbb
 
 			if (!empty($response))
 			{
-				if ((strpos($response, 'Thank you') !== false || strpos($response, 'Flood protection') !== false))
+				$decoded_response = json_decode(htmlspecialchars_decode($response), true);
+
+				if ($decoded_response && isset($decoded_response['status']) && $decoded_response['status'] == 'ok')
 				{
 					trigger_error($user->lang('THANKS_SEND_STATISTICS') . adm_back_link($this->u_action));
 				}
 				else
 				{
-					trigger_error($user->lang('FAIL_SEND_STATISTICS') . adm_back_link($this->u_action));
+					trigger_error($user->lang('FAIL_SEND_STATISTICS') . adm_back_link($this->u_action), E_USER_WARNING);
 				}
 			}
 
@@ -106,7 +108,8 @@ class acp_help_phpbb
 		$template->assign_vars(array(
 			'U_COLLECT_STATS'		=> $collect_url,
 			'S_COLLECT_STATS'		=> (!empty($config['help_send_statistics'])) ? true : false,
-			'RAW_DATA'				=> $collector->get_data_for_form(),
+			'S_STATS'				=> $collector->get_data_raw(),
+			'S_STATS_DATA'			=> json_encode($collector->get_data_raw()),
 			'U_ACP_MAIN'			=> append_sid("{$phpbb_admin_path}index.$phpEx"),
 			'U_ACTION'				=> $this->u_action,
 			// Pass earliest time we should try to send stats again

includes/acp/acp_main.php

@@ -657,7 +657,7 @@ class acp_main
 		}
 
 		// Warn if install is still present
-		if (file_exists($phpbb_root_path . 'install') && !is_file($phpbb_root_path . 'install'))
+		if (!defined('IN_INSTALL') && !$phpbb_container->getParameter('allow_install_dir') && file_exists($phpbb_root_path . 'install') && !is_file($phpbb_root_path . 'install'))
 		{
 			$template->assign_var('S_REMOVE_INSTALL', true);
 		}

includes/acp/acp_permissions.php

@@ -694,8 +694,8 @@ class acp_permissions
 		}
 
 		// We loop through the auth settings defined in our submit
-		list($ug_id, ) = each($psubmit);
+		$ug_id = key($psubmit);
-		list($forum_id, ) = each($psubmit[$ug_id]);
+		$forum_id = key($psubmit[$ug_id]);
 
 		$settings = $request->variable('setting', array(0 => array(0 => array('' => 0))), false, \phpbb\request\request_interface::POST);
 		if (empty($settings) || empty($settings[$ug_id]) || empty($settings[$ug_id][$forum_id]))

includes/acp/acp_prune.php

@@ -537,6 +537,7 @@ class acp_prune
 					AND ug.user_id <> ' . ANONYMOUS . '
 					AND u.user_type <> ' . USER_FOUNDER . '
 					AND ug.user_pending = 0
+					AND ug.group_leader = 0
 					AND u.user_id = ug.user_id
 					' . (!empty($user_ids) ? ' AND ' . $db->sql_in_set('ug.user_id', $user_ids) : '');
 			$result = $db->sql_query($sql);

includes/acp/acp_reasons.php

@@ -222,8 +222,6 @@ class acp_reasons
 					{
 						// The ugly one!
 						case 'mysqli':
-						case 'mysql4':
-						case 'mysql':
 							// Change the reports using this reason to 'other'
 							$sql = 'UPDATE ' . REPORTS_TABLE . '
 								SET reason_id = ' . $other_reason_id . ", report_text = CONCAT('" . $db->sql_escape($reason_row['reason_description']) . "\n\n', report_text)

includes/acp/acp_styles.php

@@ -259,6 +259,19 @@ class acp_styles
 		// Get list of styles to uninstall
 		$ids = $this->request_vars('id', 0, true);
 
+		// Don't remove prosilver, you can still deactivate it.
+		$sql = 'SELECT style_id
+			FROM ' . STYLES_TABLE . "
+			WHERE style_name = '" . $this->db->sql_escape('prosilver') . "'";
+		$result = $this->db->sql_query($sql);
+		$prosilver_id = (int) $this->db->sql_fetchfield('style_id');
+		$this->db->sql_freeresult($result);
+
+		if ($prosilver_id && in_array($prosilver_id, $ids))
+		{
+			trigger_error($this->user->lang('UNINSTALL_PROSILVER') . adm_back_link($this->u_action), E_USER_WARNING);
+		}
+
 		// Check if confirmation box was submitted
 		if (confirm_box(true))
 		{
@@ -998,11 +1011,14 @@ class acp_styles
 				'L_ACTION'	=> $this->user->lang['EXPORT']
 			); */
 
-			// Uninstall
+			if ($style['style_name'] !== 'prosilver')
-			$actions[] = array(
+			{
-				'U_ACTION'	=> $this->u_action . '&action=uninstall&hash=' . generate_link_hash('uninstall') . '&id=' . $style['style_id'],
+				// Uninstall
-				'L_ACTION'	=> $this->user->lang['STYLE_UNINSTALL']
+				$actions[] = array(
-			);
+					'U_ACTION'	=> $this->u_action . '&action=uninstall&hash=' . generate_link_hash('uninstall') . '&id=' . $style['style_id'],
+					'L_ACTION'	=> $this->user->lang['STYLE_UNINSTALL']
+				);
+			}
 
 			// Preview
 			$actions[] = array(
@@ -1123,7 +1139,14 @@ class acp_styles
 	*/
 	protected function read_style_cfg($dir)
 	{
+		// This should never happen, we give them a red warning because of its relevance.
+		if (!file_exists($this->styles_path . $dir . '/style.cfg'))
+		{
+			trigger_error($this->user->lang('NO_STYLE_CFG', $dir), E_USER_WARNING);
+		}
+
 		static $required = array('name', 'phpbb_version', 'copyright');
+
 		$cfg = parse_cfg_file($this->styles_path . $dir . '/style.cfg');
 
 		// Check if it is a valid file

includes/acp/acp_update.php

@@ -59,17 +59,19 @@ class acp_update
 
 		$update_link = $phpbb_root_path . 'install/app.' . $phpEx;
 
-		$template->assign_vars(array(
+		$template_ary = [
-			'S_UP_TO_DATE'			=> empty($updates_available),
+			'S_UP_TO_DATE'				=> empty($updates_available),
-			'U_ACTION'				=> $this->u_action,
+			'U_ACTION'					=> $this->u_action,
-			'U_VERSIONCHECK_FORCE'	=> append_sid($this->u_action . '&versioncheck_force=1'),
+			'U_VERSIONCHECK_FORCE'		=> append_sid($this->u_action . '&versioncheck_force=1'),
 
-			'CURRENT_VERSION'		=> $config['version'],
+			'CURRENT_VERSION'			=> $config['version'],
 
-			'UPDATE_INSTRUCTIONS'	=> sprintf($user->lang['UPDATE_INSTRUCTIONS'], $update_link),
+			'UPDATE_INSTRUCTIONS'		=> $user->lang('UPDATE_INSTRUCTIONS', $update_link),
 			'S_VERSION_UPGRADEABLE'		=> !empty($upgrades_available),
 			'UPGRADE_INSTRUCTIONS'		=> !empty($upgrades_available) ? $user->lang('UPGRADE_INSTRUCTIONS', $upgrades_available['current'], $upgrades_available['announcement']) : false,
-		));
+		];
+
+		$template->assign_vars($template_ary);
 
 		// Incomplete update?
 		if (phpbb_version_compare($config['version'], PHPBB_VERSION, '<'))

includes/acp/acp_users.php

@@ -844,9 +844,9 @@ class acp_users
 					// Validation data - we do not check the password complexity setting here
 					$check_ary = array(
 						'new_password'		=> array(
-							array('string', true, $config['min_pass_chars'], $config['max_pass_chars']),
+							array('string', true, $config['min_pass_chars'], 0),
 							array('password')),
-						'password_confirm'	=> array('string', true, $config['min_pass_chars'], $config['max_pass_chars']),
+						'password_confirm'	=> array('string', true, $config['min_pass_chars'], 0),
 					);
 
 					// Check username if altered
@@ -855,7 +855,7 @@ class acp_users
 						$check_ary += array(
 							'username'			=> array(
 								array('string', false, $config['min_name_chars'], $config['max_name_chars']),
-								array('username', $user_row['username'])
+								array('username', $user_row['username'], true)
 							),
 						);
 					}
@@ -966,10 +966,7 @@ class acp_users
 
 						if ($update_email !== false)
 						{
-							$sql_ary += array(
+							$sql_ary += ['user_email'		=> $update_email];
-								'user_email'		=> $update_email,
-								'user_email_hash'	=> phpbb_email_hash($update_email),
-							);
 
 							$phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_UPDATE_EMAIL', false, array(
 								'reportee_id' => $user_id,
@@ -1130,7 +1127,7 @@ class acp_users
 
 				$template->assign_vars(array(
 					'L_NAME_CHARS_EXPLAIN'		=> $user->lang($config['allow_name_chars'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_name_chars']), $user->lang('CHARACTERS', (int) $config['max_name_chars'])),
-					'L_CHANGE_PASSWORD_EXPLAIN'	=> $user->lang($config['pass_complex'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_pass_chars']), $user->lang('CHARACTERS', (int) $config['max_pass_chars'])),
+					'L_CHANGE_PASSWORD_EXPLAIN'	=> $user->lang($config['pass_complex'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_pass_chars'])),
 					'L_POSTS_IN_QUEUE'			=> $user->lang('NUM_POSTS_IN_QUEUE', $user_row['posts_in_queue']),
 					'S_FOUNDER'					=> ($user->data['user_type'] == USER_FOUNDER) ? true : false,
 

includes/acp/auth.php

@@ -460,8 +460,7 @@ class auth_admin extends \phpbb\auth\auth
 					'S_GROUP_MODE'	=> ($user_mode == 'group') ? true : false)
 				);
 
-				@reset($content_array);
+				foreach ($content_array as $ug_id => $ug_array)
-				while (list($ug_id, $ug_array) = each($content_array))
 				{
 					// Build role dropdown options
 					$current_role_id = (isset($cur_roles[$ug_id][$forum_id])) ? $cur_roles[$ug_id][$forum_id] : 0;
@@ -471,8 +470,7 @@ class auth_admin extends \phpbb\auth\auth
 					$s_role_options = '';
 					$current_role_id = (isset($cur_roles[$ug_id][$forum_id])) ? $cur_roles[$ug_id][$forum_id] : 0;
 
-					@reset($roles);
+					foreach ($roles as $role_id => $role_row)
-					while (list($role_id, $role_row) = each($roles))
 					{
 						$role_description = (!empty($user->lang[$role_row['role_description']])) ? $user->lang[$role_row['role_description']] : nl2br($role_row['role_description']);
 						$role_name = (!empty($user->lang[$role_row['role_name']])) ? $user->lang[$role_row['role_name']] : $role_row['role_name'];
@@ -559,8 +557,7 @@ class auth_admin extends \phpbb\auth\auth
 					'S_GROUP_MODE'	=> ($user_mode == 'group') ? true : false)
 				);
 
-				@reset($content_array);
+				foreach ($content_array as $forum_id => $forum_array)
-				while (list($forum_id, $forum_array) = each($content_array))
 				{
 					// Build role dropdown options
 					$current_role_id = (isset($cur_roles[$ug_id][$forum_id])) ? $cur_roles[$ug_id][$forum_id] : 0;
@@ -570,8 +567,7 @@ class auth_admin extends \phpbb\auth\auth
 					$current_role_id = (isset($cur_roles[$ug_id][$forum_id])) ? $cur_roles[$ug_id][$forum_id] : 0;
 					$s_role_options = '';
 
-					@reset($roles);
+					foreach ($roles as $role_id => $role_row)
-					while (list($role_id, $role_row) = each($roles))
 					{
 						$role_description = (!empty($user->lang[$role_row['role_description']])) ? $user->lang[$role_row['role_description']] : nl2br($role_row['role_description']);
 						$role_name = (!empty($user->lang[$role_row['role_name']])) ? $user->lang[$role_row['role_name']] : $role_row['role_name'];
@@ -1138,8 +1134,7 @@ class auth_admin extends \phpbb\auth\auth
 		/* @var $phpbb_permissions \phpbb\permissions */
 		$phpbb_permissions = $phpbb_container->get('acl.permissions');
 
-		@reset($category_array);
+		foreach ($category_array as $cat => $cat_array)
-		while (list($cat, $cat_array) = each($category_array))
 		{
 			if (!$phpbb_permissions->category_defined($cat))
 			{
@@ -1169,8 +1164,7 @@ class auth_admin extends \phpbb\auth\auth
 			}
 			unset($key_array, $values_array);
 */
-			@reset($cat_array['permissions']);
+			foreach ($cat_array['permissions'] as $permission => $allowed)
-			while (list($permission, $allowed) = each($cat_array['permissions']))
 			{
 				if (!$phpbb_permissions->permission_defined($permission))
 				{
@@ -1237,8 +1231,7 @@ class auth_admin extends \phpbb\auth\auth
 			$permissions = $permission_row[$forum_id];
 			ksort($permissions);
 
-			@reset($permissions);
+			foreach ($permissions as $permission => $auth_setting)
-			while (list($permission, $auth_setting) = each($permissions))
 			{
 				$cat = $phpbb_permissions->get_permission_category($permission);
 

includes/bbcode.php

@@ -44,7 +44,7 @@ class bbcode
 	/**
 	* Init bbcode cache entries if bitfield is specified
 	*
-	* @param	string	$bbcode_bitfield	The bbcode bitfield
+	* @param	string	$bitfield	The bbcode bitfield
 	*/
 	function bbcode_set_bitfield($bitfield = '')
 	{

includes/compatibility_globals.php

@@ -18,6 +18,14 @@ if (!defined('IN_PHPBB'))
 	exit;
 }
 
+//
+// Deprecated globals
+//
+define('ATTACHMENT_CATEGORY_WM', 2); // Windows Media Files - Streaming - @deprecated 3.2
+define('ATTACHMENT_CATEGORY_RM', 3); // Real Media Files - Streaming - @deprecated 3.2
+define('ATTACHMENT_CATEGORY_QUICKTIME', 6); // Quicktime/Mov files - @deprecated 3.2
+define('ATTACHMENT_CATEGORY_FLASH', 5); // Flash/SWF files - @deprecated 3.3
+
 /**
  * Sets compatibility globals in the global scope
  *

includes/constants.php

@@ -28,7 +28,7 @@ if (!defined('IN_PHPBB'))
 */
 
 // phpBB Version
-@define('PHPBB_VERSION', '3.2.7');
+@define('PHPBB_VERSION', '3.3.0');
 
 // QA-related
 // define('PHPBB_QA', 1);
@@ -171,11 +171,7 @@ define('CONFIRM_REPORT', 4);
 // Categories - Attachments
 define('ATTACHMENT_CATEGORY_NONE', 0);
 define('ATTACHMENT_CATEGORY_IMAGE', 1); // Inline Images
-define('ATTACHMENT_CATEGORY_WM', 2); // Windows Media Files - Streaming - @deprecated 3.2
-define('ATTACHMENT_CATEGORY_RM', 3); // Real Media Files - Streaming - @deprecated 3.2
 define('ATTACHMENT_CATEGORY_THUMB', 4); // Not used within the database, only while displaying posts
-define('ATTACHMENT_CATEGORY_FLASH', 5); // Flash/SWF files
-define('ATTACHMENT_CATEGORY_QUICKTIME', 6); // Quicktime/Mov files - @deprecated 3.2
 
 // BBCode UID length
 define('BBCODE_UID_LEN', 8);

includes/diff/engine.php

@@ -285,8 +285,9 @@ class diff_engine
 				$matches = $ymatches[$line];
 
 				reset($matches);
-				while (list(, $y) = each($matches))
+				while ($y = current($matches))
 				{
+					next($matches);
 					if (empty($this->in_seq[$y]))
 					{
 						$k = $this->_lcs_pos($y);
@@ -296,8 +297,9 @@ class diff_engine
 				}
 
 				// no reset() here
-				while (list(, $y) = each($matches))
+				while ($y = current($matches))
 				{
+					next($matches);
 					if ($y > $this->seq[$k - 1])
 					{
 						// Optimization: this is a common case: next match is just replacing previous match.

includes/functions_acp.php

@@ -112,12 +112,13 @@ function adm_page_header($page_title)
 		'CONTAINER_EXCEPTION'	=> $phpbb_container->hasParameter('container_exception') ? $phpbb_container->getParameter('container_exception') : false,
 	));
 
-	// An array of http headers that phpbb will set. The following event may override these.
+	// An array of http headers that phpBB will set. The following event may override these.
 	$http_headers = array(
 		// application/xhtml+xml not used because of IE
 		'Content-type' => 'text/html; charset=UTF-8',
 		'Cache-Control' => 'private, no-cache="set-cookie"',
 		'Expires' => gmdate('D, d M Y H:i:s', time()) . ' GMT',
+		'Referrer-Policy' => 'strict-origin-when-cross-origin',
 	);
 
 	/**
@@ -176,7 +177,7 @@ function adm_page_footer($copyright_html = true)
 		'TRANSLATION_INFO'	=> (!empty($user->lang['TRANSLATION_INFO'])) ? $user->lang['TRANSLATION_INFO'] : '',
 		'S_COPYRIGHT_HTML'	=> $copyright_html,
 		'CREDIT_LINE'		=> $user->lang('POWERED_BY', '<a href="https://www.phpbb.com/">phpBB</a>&reg; Forum Software &copy; phpBB Limited'),
-		'T_JQUERY_LINK'		=> !empty($config['allow_cdn']) && !empty($config['load_jquery_url']) ? $config['load_jquery_url'] : "{$phpbb_root_path}assets/javascript/jquery.min.js",
+		'T_JQUERY_LINK'		=> !empty($config['allow_cdn']) && !empty($config['load_jquery_url']) ? $config['load_jquery_url'] : "{$phpbb_root_path}assets/javascript/jquery-3.4.1.min.js",
 		'S_ALLOW_CDN'		=> !empty($config['allow_cdn']),
 		'VERSION'			=> $config['version'])
 	);

includes/functions_admin.php

@@ -543,6 +543,20 @@ function move_topics($topic_ids, $forum_id, $auto_sync = true)
 		$topic_ids = array($topic_ids);
 	}
 
+	/**
+	 * Perform additional actions before topics move
+	 *
+	 * @event core.move_topics_before
+	 * @var	array	topic_ids	Array of the moved topic ids
+	 * @var	string	forum_id	The forum id from where the topics are moved
+	 * @since 3.2.9-RC1
+	 */
+	$vars = array(
+		'topic_ids',
+		'forum_id',
+	);
+	extract($phpbb_dispatcher->trigger_event('core.move_topics_before', compact($vars)));
+
 	$sql = 'DELETE FROM ' . TOPICS_TABLE . '
 		WHERE ' . $db->sql_in_set('topic_moved_id', $topic_ids) . '
 			AND forum_id = ' . $forum_id;
@@ -593,6 +607,22 @@ function move_topics($topic_ids, $forum_id, $auto_sync = true)
 	}
 	unset($table_ary);
 
+	/**
+	 * Perform additional actions after topics move
+	 *
+	 * @event core.move_topics_after
+	 * @var	array	topic_ids	Array of the moved topic ids
+	 * @var	string	forum_id	The forum id from where the topics were moved
+	 * @var	array	forum_ids	Array of the forums where the topics were moved (includes also forum_id)
+	 * @since 3.2.9-RC1
+	 */
+	$vars = array(
+		'topic_ids',
+		'forum_id',
+		'forum_ids',
+	);
+	extract($phpbb_dispatcher->trigger_event('core.move_topics_after', compact($vars)));
+
 	if ($auto_sync)
 	{
 		sync('forum', 'forum_id', $forum_ids, true, true);
@@ -1160,28 +1190,6 @@ function delete_posts($where_type, $where_ids, $auto_sync = true, $posted_sync =
 	return count($post_ids);
 }
 
-/**
-* Delete Attachments
-*
-* @deprecated 3.2.0-a1 (To be removed: 3.4.0)
-*
-* @param string $mode can be: post|message|topic|attach|user
-* @param mixed $ids can be: post_ids, message_ids, topic_ids, attach_ids, user_ids
-* @param bool $resync set this to false if you are deleting posts or topics
-*/
-function delete_attachments($mode, $ids, $resync = true)
-{
-	global $phpbb_container;
-
-	/** @var \phpbb\attachment\manager $attachment_manager */
-	$attachment_manager = $phpbb_container->get('attachment.manager');
-	$num_deleted = $attachment_manager->delete($mode, $ids, $resync);
-
-	unset($attachment_manager);
-
-	return $num_deleted;
-}
-
 /**
 * Deletes shadow topics pointing to a specified forum.
 *
@@ -1293,23 +1301,6 @@ function update_posted_info(&$topic_ids)
 	$db->sql_multi_insert(TOPICS_POSTED_TABLE, $sql_ary);
 }
 
-/**
-* Delete attached file
-*
-* @deprecated 3.2.0-a1 (To be removed: 3.4.0)
-*/
-function phpbb_unlink($filename, $mode = 'file', $entry_removed = false)
-{
-	global $phpbb_container;
-
-	/** @var \phpbb\attachment\manager $attachment_manager */
-	$attachment_manager = $phpbb_container->get('attachment.manager');
-	$unlink = $attachment_manager->unlink($filename, $mode, $entry_removed);
-	unset($attachment_manager);
-
-	return $unlink;
-}
-
 /**
 * All-encompasing sync function
 *
@@ -1393,7 +1384,6 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 			$db->sql_transaction('begin');
 			switch ($db->get_sql_layer())
 			{
-				case 'mysql4':
 				case 'mysqli':
 					$sql = 'DELETE FROM ' . TOPICS_TABLE . '
 						USING ' . TOPICS_TABLE . ' t1, ' . TOPICS_TABLE . " t2
@@ -2692,8 +2682,7 @@ function phpbb_update_foes($db, $auth, $group_id = false, $user_id = false)
 		switch ($db->get_sql_layer())
 		{
 			case 'mysqli':
-			case 'mysql4':
+				$sql = 'DELETE z.*
-				$sql = 'DELETE ' . (($db->get_sql_layer() === 'mysqli' || version_compare($db->sql_server_info(true), '4.1', '>=')) ? 'z.*' : ZEBRA_TABLE) . '
 					FROM ' . ZEBRA_TABLE . ' z, ' . USER_GROUP_TABLE . ' ug
 					WHERE z.zebra_id = ug.user_id
 						AND z.foe = 1
@@ -2849,8 +2838,6 @@ function get_database_size()
 	// This code is heavily influenced by a similar routine in phpMyAdmin 2.2.0
 	switch ($db->get_sql_layer())
 	{
-		case 'mysql':
-		case 'mysql4':
 		case 'mysqli':
 			$sql = 'SELECT VERSION() AS mysql_version';
 			$result = $db->sql_query($sql);

includes/functions_compatibility.php

@@ -22,7 +22,7 @@ if (!defined('IN_PHPBB'))
 /**
 * Get user avatar
 *
-* @deprecated 3.1.0-a1 (To be removed: 3.3.0)
+* @deprecated 3.1.0-a1 (To be removed: 4.0.0)
 *
 * @param string $avatar Users assigned avatar name
 * @param int $avatar_type Type of avatar
@@ -50,7 +50,7 @@ function get_user_avatar($avatar, $avatar_type, $avatar_width, $avatar_height, $
 /**
 * Hash the password
 *
-* @deprecated 3.1.0-a2 (To be removed: 3.3.0)
+* @deprecated 3.1.0-a2 (To be removed: 4.0.0)
 *
 * @param string $password Password to be hashed
 *
@@ -68,7 +68,7 @@ function phpbb_hash($password)
 /**
 * Check for correct password
 *
-* @deprecated 3.1.0-a2 (To be removed: 3.3.0)
+* @deprecated 3.1.0-a2 (To be removed: 4.0.0)
 *
 * @param string $password The password in plain text
 * @param string $hash The stored password hash
@@ -92,7 +92,7 @@ function phpbb_check_hash($password, $hash)
 * @param string $path Path to clean
 * @return string Cleaned path
 *
-* @deprecated 3.1.0 (To be removed: 3.3.0)
+* @deprecated 3.1.0 (To be removed: 4.0.0)
 */
 function phpbb_clean_path($path)
 {
@@ -136,7 +136,7 @@ function phpbb_clean_path($path)
 *
 * @return		string		Returns the options for timezone selector only
 *
-* @deprecated 3.1.0 (To be removed: 3.3.0)
+* @deprecated 3.1.0 (To be removed: 4.0.0)
 */
 function tz_select($default = '', $truncate = false)
 {
@@ -150,7 +150,7 @@ function tz_select($default = '', $truncate = false)
 * via admin_permissions. Changes of usernames and group names
 * must be carried through for the moderators table.
 *
-* @deprecated 3.1.0 (To be removed: 3.3.0)
+* @deprecated 3.1.0 (To be removed: 4.0.0)
 * @return null
 */
 function cache_moderators()
@@ -162,7 +162,7 @@ function cache_moderators()
 /**
 * Removes moderators and administrators from foe lists.
 *
-* @deprecated 3.1.0 (To be removed: 3.3.0)
+* @deprecated 3.1.0 (To be removed: 4.0.0)
 * @param array|bool $group_id If an array, remove all members of this group from foe lists, or false to ignore
 * @param array|bool $user_id If an array, remove this user from foe lists, or false to ignore
 * @return null
@@ -182,7 +182,7 @@ function update_foes($group_id = false, $user_id = false)
 * @param string &$rank_img the rank image as full img tag is stored here after execution
 * @param string &$rank_img_src the rank image source is stored here after execution
 *
-* @deprecated 3.1.0-RC5 (To be removed: 3.3.0)
+* @deprecated 3.1.0-RC5 (To be removed: 4.0.0)
 *
 * Note: since we do not want to break backwards-compatibility, this function will only properly assign ranks to guests if you call it for them with user_posts == false
 */
@@ -232,7 +232,7 @@ function get_remote_file($host, $directory, $filename, &$errstr, &$errno, $port
  *
  * @return	int|bool		Returns the log_id, if the entry was added to the database, false otherwise.
  *
- * @deprecated	3.1.0 (To be removed: 3.3.0)
+ * @deprecated	3.1.0 (To be removed: 4.0.0)
  */
 function add_log()
 {
@@ -280,7 +280,7 @@ function add_log()
  *
  * @return null
  *
- * @deprecated 3.1.0 (To be removed: 3.3.0)
+ * @deprecated 3.1.0 (To be removed: 4.0.0)
  */
 function set_config($config_name, $config_value, $is_dynamic = false, \phpbb\config\config $set_config = null)
 {
@@ -310,7 +310,7 @@ function set_config($config_name, $config_value, $is_dynamic = false, \phpbb\con
  *
  * @return null
  *
- * @deprecated 3.1.0 (To be removed: 3.3.0)
+ * @deprecated 3.1.0 (To be removed: 4.0.0)
  */
 function set_config_count($config_name, $increment, $is_dynamic = false, \phpbb\config\config $set_config = null)
 {
@@ -331,7 +331,7 @@ function set_config_count($config_name, $increment, $is_dynamic = false, \phpbb\
  * See {@link \phpbb\request\request_interface::variable \phpbb\request\request_interface::variable} for
  * documentation of this function's use.
  *
- * @deprecated 3.1.0 (To be removed: 3.3.0)
+ * @deprecated 3.1.0 (To be removed: 4.0.0)
  * @param	mixed			$var_name	The form variable's name from which data shall be retrieved.
  * 										If the value is an array this may be an array of indizes which will give
  * 										direct access to a value at any depth. E.g. if the value of "var" is array(1 => "a")
@@ -389,7 +389,7 @@ function request_var($var_name, $default, $multibyte = false, $cookie = false, $
 /**
  * Get tables of a database
  *
- * @deprecated 3.1.0 (To be removed: 3.3.0)
+ * @deprecated 3.1.0 (To be removed: 4.0.0)
  */
 function get_tables($db)
 {
@@ -492,7 +492,7 @@ function phpbb_realpath($path)
  * @param $number	int|float	The number we want to get the plural case for. Float numbers are floored.
  * @return	int		The plural-case we need to use for the number plural-rule combination
  *
- * @deprecated 3.2.0-dev (To be removed: 3.3.0)
+ * @deprecated 3.2.0-dev (To be removed: 4.0.0)
  */
 function phpbb_get_plural_form($rule, $number)
 {
@@ -511,3 +511,165 @@ function phpbb_pcre_utf8_support()
 {
 	return true;
 }
+
+/**
+ * Casts a variable to the given type.
+ *
+ * @deprecated 3.1 (To be removed 4.0.0)
+ */
+function set_var(&$result, $var, $type, $multibyte = false)
+{
+	// no need for dependency injection here, if you have the object, call the method yourself!
+	$type_cast_helper = new \phpbb\request\type_cast_helper();
+	$type_cast_helper->set_var($result, $var, $type, $multibyte);
+}
+
+/**
+ * Delete Attachments
+ *
+ * @deprecated 3.2.0-a1 (To be removed: 4.0.0)
+ *
+ * @param string $mode can be: post|message|topic|attach|user
+ * @param mixed $ids can be: post_ids, message_ids, topic_ids, attach_ids, user_ids
+ * @param bool $resync set this to false if you are deleting posts or topics
+ */
+function delete_attachments($mode, $ids, $resync = true)
+{
+	global $phpbb_container;
+
+	/** @var \phpbb\attachment\manager $attachment_manager */
+	$attachment_manager = $phpbb_container->get('attachment.manager');
+	$num_deleted = $attachment_manager->delete($mode, $ids, $resync);
+
+	unset($attachment_manager);
+
+	return $num_deleted;
+}
+
+/**
+ * Delete attached file
+ *
+ * @deprecated 3.2.0-a1 (To be removed: 4.0.0)
+ */
+function phpbb_unlink($filename, $mode = 'file', $entry_removed = false)
+{
+	global $phpbb_container;
+
+	/** @var \phpbb\attachment\manager $attachment_manager */
+	$attachment_manager = $phpbb_container->get('attachment.manager');
+	$unlink = $attachment_manager->unlink($filename, $mode, $entry_removed);
+	unset($attachment_manager);
+
+	return $unlink;
+}
+
+/**
+ * Display reasons
+ *
+ * @deprecated 3.2.0-dev (To be removed: 4.0.0)
+ */
+function display_reasons($reason_id = 0)
+{
+	global $phpbb_container;
+
+	$phpbb_container->get('phpbb.report.report_reason_list_provider')->display_reasons($reason_id);
+}
+
+/**
+ * Upload Attachment - filedata is generated here
+ * Uses upload class
+ *
+ * @deprecated 3.2.0-a1 (To be removed: 4.0.0)
+ *
+ * @param string			$form_name		The form name of the file upload input
+ * @param int			$forum_id		The id of the forum
+ * @param bool			$local			Whether the file is local or not
+ * @param string			$local_storage	The path to the local file
+ * @param bool			$is_message		Whether it is a PM or not
+ * @param array			$local_filedata	A filespec object created for the local file
+ *
+ * @return array File data array
+ */
+function upload_attachment($form_name, $forum_id, $local = false, $local_storage = '', $is_message = false, $local_filedata = false)
+{
+	global $phpbb_container;
+
+	/** @var \phpbb\attachment\manager $attachment_manager */
+	$attachment_manager = $phpbb_container->get('attachment.manager');
+	$file = $attachment_manager->upload($form_name, $forum_id, $local, $local_storage, $is_message, $local_filedata);
+	unset($attachment_manager);
+
+	return $file;
+}
+
+/**
+* Wrapper for php's checkdnsrr function.
+*
+* @param string $host	Fully-Qualified Domain Name
+* @param string $type	Resource record type to lookup
+*						Supported types are: MX (default), A, AAAA, NS, TXT, CNAME
+*						Other types may work or may not work
+*
+* @return mixed		true if entry found,
+*					false if entry not found,
+*					null if this function is not supported by this environment
+*
+* Since null can also be returned, you probably want to compare the result
+* with === true or === false,
+*
+* @deprecated 3.3.0-b2 (To be removed: 4.0.0)
+*/
+function phpbb_checkdnsrr($host, $type = 'MX')
+{
+	return checkdnsrr($host, $type);
+}
+
+/*
+ * Wrapper for inet_ntop()
+ *
+ * Converts a packed internet address to a human readable representation
+ * inet_ntop() is supported by PHP since 5.1.0, since 5.3.0 also on Windows.
+ *
+ * @param string $in_addr	A 32bit IPv4, or 128bit IPv6 address.
+ *
+ * @return mixed		false on failure,
+ *					string otherwise
+  *
+ * @deprecated 3.3.0-b2 (To be removed: 4.0.0)
+ */
+function phpbb_inet_ntop($in_addr)
+{
+	return inet_ntop($in_addr);
+}
+
+/**
+ * Wrapper for inet_pton()
+ *
+ * Converts a human readable IP address to its packed in_addr representation
+ * inet_pton() is supported by PHP since 5.1.0, since 5.3.0 also on Windows.
+ *
+ * @param string $address	A human readable IPv4 or IPv6 address.
+ *
+ * @return mixed		false if address is invalid,
+ *					in_addr representation of the given address otherwise (string)
+ *
+ * @deprecated 3.3.0-b2 (To be removed: 4.0.0)
+ */
+function phpbb_inet_pton($address)
+{
+	return inet_pton($address);
+}
+
+/**
+ * Hashes an email address to a big integer
+ *
+ * @param string $email		Email address
+ *
+ * @return string			Unsigned Big Integer
+ *
+ * @deprecated 3.3.0-b2 (To be removed: 4.0.0)
+ */
+function phpbb_email_hash($email)
+{
+	return sprintf('%u', crc32(strtolower($email))) . strlen($email);
+}

includes/functions_compress.php

@@ -305,8 +305,8 @@ class compress_zip extends compress
 								}
 							}
 						}
-						// This is a directory, we are not writting files
+						// This is a directory, we are not writing files
-						continue;
+						continue 2;
 					}
 					else
 					{

includes/functions_content.php

@@ -1245,11 +1245,6 @@ function parse_attachments($forum_id, &$message, &$attachments, &$update_count_a
 				$display_cat = ATTACHMENT_CATEGORY_NONE;
 			}
 
-			if ($display_cat == ATTACHMENT_CATEGORY_FLASH && !$user->optionget('viewflash'))
-			{
-				$display_cat = ATTACHMENT_CATEGORY_NONE;
-			}
-
 			$download_link = append_sid("{$phpbb_root_path}download/file.$phpEx", 'id=' . $attachment['attach_id']);
 			$l_downloaded_viewed = 'VIEWED_COUNTS';
 
@@ -1281,21 +1276,6 @@ function parse_attachments($forum_id, &$message, &$attachments, &$update_count_a
 					$update_count_ary[] = $attachment['attach_id'];
 				break;
 
-				// Macromedia Flash Files
-				case ATTACHMENT_CATEGORY_FLASH:
-					list($width, $height) = @getimagesize($filename);
-
-					$block_array += array(
-						'S_FLASH_FILE'	=> true,
-						'WIDTH'			=> $width,
-						'HEIGHT'		=> $height,
-						'U_VIEW_LINK'	=> $download_link . '&view=1',
-					);
-
-					// Viewed/Heared File ... update the download count
-					$update_count_ary[] = $attachment['attach_id'];
-				break;
-
 				default:
 					$l_downloaded_viewed = 'DOWNLOAD_COUNTS';
 
@@ -1482,6 +1462,8 @@ function truncate_string($string, $max_length = 60, $max_store_length = 255, $al
 * Get username details for placing into templates.
 * This function caches all modes on first call, except for no_profile and anonymous user - determined by $user_id.
 *
+* @html Username spans and links
+*
 * @param string $mode Can be profile (for getting an url to the profile), username (for obtaining the username), colour (for obtaining the user colour), full (for obtaining a html string representing a coloured link to the users profile) or no_profile (the same as full but forcing no profile link)
 * @param int $user_id The users id
 * @param string $username The users name
@@ -1501,6 +1483,7 @@ function get_username_string($mode, $user_id, $username, $username_colour = '',
 	{
 		global $phpbb_root_path, $phpEx;
 
+		/** @html Username spans and links for usage in the template */
 		$_profile_cache['base_url'] = append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u={USER_ID}');
 		$_profile_cache['tpl_noprofile'] = '<span class="username">{USERNAME}</span>';
 		$_profile_cache['tpl_noprofile_colour'] = '<span style="color: {USERNAME_COLOUR};" class="username-coloured">{USERNAME}</span>';

includes/functions_convert.php

@@ -206,16 +206,6 @@ function get_group_id($group_name)
 	return $group_mapping['REGISTERED'];
 }
 
-/**
-* Generate the email hash stored in the users table
-*
-* Note: Deprecated, calls should directly go to phpbb_email_hash()
-*/
-function gen_email_hash($email)
-{
-	return phpbb_email_hash($email);
-}
-
 /**
 * Convert a boolean into the appropriate phpBB constant indicating whether the topic is locked
 */
@@ -1219,7 +1209,8 @@ function get_config()
 	if (is_array($convert->config_schema['table_format']))
 	{
 		$convert_config = array();
-		list($key, $val) = each($convert->config_schema['table_format']);
+		$key = key($convert->config_schema['table_format']);
+		$val = current($convert->config_schema['table_format']);
 
 		do
 		{
@@ -1647,11 +1638,6 @@ function mass_auth($ug_type, $forum_id, $ug_id, $acl_list, $setting = ACL_NO)
 			case 'insert':
 				switch ($db->get_sql_layer())
 				{
-					case 'mysql':
-					case 'mysql4':
-						$sql = 'VALUES ' . implode(', ', preg_replace('#^(.*?)$#', '(\1)', $sql_subary));
-					break;
-
 					case 'sqlite3':
 					case 'mssqlnative':
 						$sql = implode(' UNION ALL ', preg_replace('#^(.*?)$#', 'SELECT \1', $sql_subary));

includes/functions_display.php

@@ -30,6 +30,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 
 	$forum_rows = $subforums = $forum_ids = $forum_ids_moderator = $forum_moderators = $active_forum_ary = array();
 	$parent_id = $visible_forums = 0;
+	$parent_subforum_limit = false;
 
 	// Mark forums read?
 	$mark_read = $request->variable('mark', '');
@@ -70,7 +71,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 				$data = array(
 					'NO_UNREAD_POSTS'	=> $user->lang['NO_UNREAD_POSTS'],
 					'UNREAD_POSTS'		=> $user->lang['UNREAD_POSTS'],
-					'U_MARK_FORUMS'		=> ($user->data['is_registered'] || $config['load_anon_lastread']) ? append_sid("{$phpbb_root_path}index.$phpEx", 'hash=' . generate_link_hash('global') . '&mark=forums&mark_time=' . time()) : '',
+					'U_MARK_FORUMS'		=> ($user->data['is_registered'] || $config['load_anon_lastread']) ? append_sid("{$phpbb_root_path}index.$phpEx", 'hash=' . generate_link_hash('global') . '&mark=forums&mark_time=' . time(), false) : '',
 					'MESSAGE_TITLE'		=> $user->lang['INFORMATION'],
 					'MESSAGE_TEXT'		=> $user->lang['FORUMS_MARKED']
 				);
@@ -266,6 +267,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 
 			// Direct child of current branch
 			$parent_id = $forum_id;
+			$parent_subforum_limit = $row['display_subforum_limit'];
 			$forum_rows[$forum_id] = $row;
 
 			if ($row['forum_type'] == FORUM_CAT && $row['parent_id'] == $root_data['forum_id'])
@@ -278,7 +280,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 		}
 		else if ($row['forum_type'] != FORUM_CAT)
 		{
-			$subforums[$parent_id][$forum_id]['display'] = ($row['display_on_index']) ? true : false;
+			$subforums[$parent_id][$forum_id]['display'] = ($row['display_on_index'] && (!$parent_subforum_limit || $parent_id == $row['parent_id']));
 			$subforums[$parent_id][$forum_id]['name'] = $row['forum_name'];
 			$subforums[$parent_id][$forum_id]['orig_forum_last_post_time'] = $row['forum_last_post_time'];
 			$subforums[$parent_id][$forum_id]['children'] = array();
@@ -355,7 +357,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 				$data = array(
 					'NO_UNREAD_POSTS'	=> $user->lang['NO_UNREAD_POSTS'],
 					'UNREAD_POSTS'		=> $user->lang['UNREAD_POSTS'],
-					'U_MARK_FORUMS'		=> ($user->data['is_registered'] || $config['load_anon_lastread']) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'hash=' . generate_link_hash('global') . '&f=' . $root_data['forum_id'] . '&mark=forums&mark_time=' . time()) : '',
+					'U_MARK_FORUMS'		=> ($user->data['is_registered'] || $config['load_anon_lastread']) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'hash=' . generate_link_hash('global') . '&f=' . $root_data['forum_id'] . '&mark=forums&mark_time=' . time(), false) : '',
 					'MESSAGE_TITLE'		=> $user->lang['INFORMATION'],
 					'MESSAGE_TEXT'		=> $user->lang['FORUMS_MARKED']
 				);
@@ -539,7 +541,8 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 		{
 			if ($row['forum_password_last_post'] === '' && $auth->acl_gets('f_read', 'f_list_topics', $row['forum_id_last_post']))
 			{
-				$last_post_subject = censor_text($row['forum_last_post_subject']);
+				$last_post_subject = utf8_decode_ncr(censor_text($row['forum_last_post_subject']));
+
 				$last_post_subject_truncated = truncate_string($last_post_subject, 30, 255, false, $user->lang['ELLIPSIS']);
 			}
 			else
@@ -547,11 +550,12 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 				$last_post_subject = $last_post_subject_truncated = '';
 			}
 			$last_post_time = $user->format_date($row['forum_last_post_time']);
+			$last_post_time_rfc3339 = gmdate(DATE_RFC3339, $row['forum_last_post_time']);
 			$last_post_url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $row['forum_id_last_post'] . '&p=' . $row['forum_last_post_id']) . '#p' . $row['forum_last_post_id'];
 		}
 		else
 		{
-			$last_post_subject = $last_post_time = $last_post_url = $last_post_subject_truncated = '';
+			$last_post_subject = $last_post_time = $last_post_time_rfc3339 = $last_post_url = $last_post_subject_truncated = '';
 		}
 
 		// Output moderator listing ... if applicable
@@ -622,6 +626,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 			'LAST_POST_SUBJECT'		=> $last_post_subject,
 			'LAST_POST_SUBJECT_TRUNCATED'	=> $last_post_subject_truncated,
 			'LAST_POST_TIME'		=> $last_post_time,
+			'LAST_POST_TIME_RFC3339'=> $last_post_time_rfc3339,
 			'LAST_POSTER'			=> get_username_string('username', $row['forum_last_poster_id'], $row['forum_last_poster_name'], $row['forum_last_poster_colour']),
 			'LAST_POSTER_COLOUR'	=> get_username_string('colour', $row['forum_last_poster_id'], $row['forum_last_poster_name'], $row['forum_last_poster_colour']),
 			'LAST_POSTER_FULL'		=> get_username_string('full', $row['forum_last_poster_id'], $row['forum_last_poster_name'], $row['forum_last_poster_colour']),
@@ -783,25 +788,25 @@ function generate_forum_nav(&$forum_data_ary)
 			}
 
 			$navlinks_parents[] = array(
-				'S_IS_CAT'		=> ($parent_type == FORUM_CAT) ? true : false,
+				'S_IS_CAT'			=> ($parent_type == FORUM_CAT) ? true : false,
-				'S_IS_LINK'		=> ($parent_type == FORUM_LINK) ? true : false,
+				'S_IS_LINK'			=> ($parent_type == FORUM_LINK) ? true : false,
-				'S_IS_POST'		=> ($parent_type == FORUM_POST) ? true : false,
+				'S_IS_POST'			=> ($parent_type == FORUM_POST) ? true : false,
-				'FORUM_NAME'	=> $parent_name,
+				'BREADCRUMB_NAME'	=> $parent_name,
-				'FORUM_ID'		=> $parent_forum_id,
+				'FORUM_ID'			=> $parent_forum_id,
-				'MICRODATA'		=> $microdata_attr . '="' . $parent_forum_id . '"',
+				'MICRODATA'			=> $microdata_attr . '="' . $parent_forum_id . '"',
-				'U_VIEW_FORUM'	=> append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $parent_forum_id),
+				'U_BREADCRUMB'		=> append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $parent_forum_id),
 			);
 		}
 	}
 
 	$navlinks = array(
-		'S_IS_CAT'		=> ($forum_data_ary['forum_type'] == FORUM_CAT) ? true : false,
+		'S_IS_CAT'			=> ($forum_data_ary['forum_type'] == FORUM_CAT) ? true : false,
-		'S_IS_LINK'		=> ($forum_data_ary['forum_type'] == FORUM_LINK) ? true : false,
+		'S_IS_LINK'			=> ($forum_data_ary['forum_type'] == FORUM_LINK) ? true : false,
-		'S_IS_POST'		=> ($forum_data_ary['forum_type'] == FORUM_POST) ? true : false,
+		'S_IS_POST'			=> ($forum_data_ary['forum_type'] == FORUM_POST) ? true : false,
-		'FORUM_NAME'	=> $forum_data_ary['forum_name'],
+		'BREADCRUMB_NAME'	=> $forum_data_ary['forum_name'],
-		'FORUM_ID'		=> $forum_data_ary['forum_id'],
+		'FORUM_ID'			=> $forum_data_ary['forum_id'],
-		'MICRODATA'		=> $microdata_attr . '="' . $forum_data_ary['forum_id'] . '"',
+		'MICRODATA'			=> $microdata_attr . '="' . $forum_data_ary['forum_id'] . '"',
-		'U_VIEW_FORUM'	=> append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_data_ary['forum_id']),
+		'U_BREADCRUMB'		=> append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_data_ary['forum_id']),
 	);
 
 	$forum_template_data = array(
@@ -1117,7 +1122,6 @@ function display_custom_bbcodes()
 			'BBCODE_TAG'		=> $row['bbcode_tag'],
 			'BBCODE_TAG_CLEAN'	=> str_replace('=', '-', $row['bbcode_tag']),
 			'BBCODE_HELPLINE'	=> $row['bbcode_helpline'],
-			'A_BBCODE_HELPLINE'	=> str_replace(array('&amp;', '&quot;', "'", '&lt;', '&gt;'), array('&', '"', "\'", '<', '>'), $row['bbcode_helpline']),
 		);
 
 		/**
@@ -1148,18 +1152,6 @@ function display_custom_bbcodes()
 	$phpbb_dispatcher->dispatch('core.display_custom_bbcodes');
 }
 
-/**
-* Display reasons
-*
-* @deprecated 3.2.0-dev
-*/
-function display_reasons($reason_id = 0)
-{
-	global $phpbb_container;
-
-	$phpbb_container->get('phpbb.report.report_reason_list_provider')->display_reasons($reason_id);
-}
-
 /**
 * Display user activity (action forum/topic)
 */

includes/functions_download.php

@@ -196,7 +196,7 @@ function send_file_to_browser($attachment, $upload_dir, $category)
 	}
 
 	// Now the tricky part... let's dance
-	header('Cache-Control: public');
+	header('Cache-Control: private');
 
 	// Send out the Headers. Do not set Content-Disposition to inline please, it is a security measure for users using the Internet Explorer.
 	header('Content-Type: ' . $attachment['mimetype']);
@@ -206,28 +206,20 @@ function send_file_to_browser($attachment, $upload_dir, $category)
 		header('X-Content-Type-Options: nosniff');
 	}
 
-	if ($category == ATTACHMENT_CATEGORY_FLASH && $request->variable('view', 0) === 1)
+	if (empty($user->browser) || ((strpos(strtolower($user->browser), 'msie') !== false) && !phpbb_is_greater_ie_version($user->browser, 7)))
 	{
-		// We use content-disposition: inline for flash files and view=1 to let it correctly play with flash player 10 - any other disposition will fail to play inline
+		header('Content-Disposition: attachment; ' . header_filename(htmlspecialchars_decode($attachment['real_filename'])));
-		header('Content-Disposition: inline');
+		if (empty($user->browser) || (strpos(strtolower($user->browser), 'msie 6.0') !== false))
+		{
+			header('Expires: ' . gmdate('D, d M Y H:i:s', time()) . ' GMT');
+		}
 	}
 	else
 	{
-		if (empty($user->browser) || ((strpos(strtolower($user->browser), 'msie') !== false) && !phpbb_is_greater_ie_version($user->browser, 7)))
+		header('Content-Disposition: ' . ((strpos($attachment['mimetype'], 'image') === 0) ? 'inline' : 'attachment') . '; ' . header_filename(htmlspecialchars_decode($attachment['real_filename'])));
+		if (phpbb_is_greater_ie_version($user->browser, 7) && (strpos($attachment['mimetype'], 'image') !== 0))
 		{
-			header('Content-Disposition: attachment; ' . header_filename(htmlspecialchars_decode($attachment['real_filename'])));
+			header('X-Download-Options: noopen');
-			if (empty($user->browser) || (strpos(strtolower($user->browser), 'msie 6.0') !== false))
-			{
-				header('Expires: ' . gmdate('D, d M Y H:i:s', time()) . ' GMT');
-			}
-		}
-		else
-		{
-			header('Content-Disposition: ' . ((strpos($attachment['mimetype'], 'image') === 0) ? 'inline' : 'attachment') . '; ' . header_filename(htmlspecialchars_decode($attachment['real_filename'])));
-			if (phpbb_is_greater_ie_version($user->browser, 7) && (strpos($attachment['mimetype'], 'image') !== 0))
-			{
-				header('X-Download-Options: noopen');
-			}
 		}
 	}
 
@@ -451,7 +443,7 @@ function set_modified_headers($stamp, $browser)
 		{
 			send_status_line(304, 'Not Modified');
 			// seems that we need those too ... browsers
-			header('Cache-Control: public');
+			header('Cache-Control: private');
 			header('Expires: ' . gmdate('D, d M Y H:i:s', time() + 31536000) . ' GMT');
 			return true;
 		}

includes/functions_messenger.php

@@ -181,10 +181,9 @@ class messenger
 	/**
 	* Adds X-AntiAbuse headers
 	*
-	* @param array $config		Configuration array
+	* @param \phpbb\config\config	$config		Config object
-	* @param user $user			A user object
+	* @param \phpbb\user			$user		User object
-	*
+	* @return void
-	* @return null
 	*/
 	function anti_abuse_headers($config, $user)
 	{
@@ -1582,6 +1581,14 @@ class smtp_class
 	*/
 	protected function starttls()
 	{
+		global $config;
+
+		// allow SMTPS (what was used by phpBB 3.0) if hostname is prefixed with tls:// or ssl://
+		if (strpos($config['smtp_host'], 'tls://') === 0 || strpos($config['smtp_host'], 'ssl://') === 0)
+		{
+			return true;
+		}
+
 		if (!function_exists('stream_socket_enable_crypto'))
 		{
 			return false;
@@ -1604,7 +1611,9 @@ class smtp_class
 
 		if (socket_set_blocking($this->socket, 1))
 		{
-			$result = stream_socket_enable_crypto($this->socket, true, STREAM_CRYPTO_METHOD_TLS_CLIENT);
+			// https://secure.php.net/manual/en/function.stream-socket-enable-crypto.php#119122
+			$crypto = (phpbb_version_compare(PHP_VERSION, '5.6.7', '<')) ? STREAM_CRYPTO_METHOD_TLS_CLIENT : STREAM_CRYPTO_METHOD_SSLv23_CLIENT;
+			$result = stream_socket_enable_crypto($this->socket, true, $crypto);
 			socket_set_blocking($this->socket, (int) $stream_meta['blocked']);
 		}
 
@@ -1884,14 +1893,21 @@ function mail_encode($str, $eol = "\r\n")
 }
 
 /**
-* Wrapper for sending out emails with the PHP's mail function
+ * Wrapper for sending out emails with the PHP's mail function
-*/
+ */
 function phpbb_mail($to, $subject, $msg, $headers, $eol, &$err_msg)
 {
 	global $config, $phpbb_root_path, $phpEx;
 
-	// We use the EOL character for the OS here because the PHP mail function does not correctly transform line endings. On Windows SMTP is used (SMTP is \r\n), on UNIX a command is used...
+	// Convert Numeric Character References to UTF-8 chars (ie. Emojis)
-	// Reference: http://bugs.php.net/bug.php?id=15841
+	$subject = utf8_decode_ncr($subject);
+	$msg = utf8_decode_ncr($msg);
+
+	/**
+	 * We use the EOL character for the OS here because the PHP mail function does not correctly transform line endings.
+	 * On Windows SMTP is used (SMTP is \r\n), on UNIX a command is used...
+	 * Reference: http://bugs.php.net/bug.php?id=15841
+	 */
 	$headers = implode($eol, $headers);
 
 	if (!class_exists('\phpbb\error_collector'))
@@ -1902,10 +1918,14 @@ function phpbb_mail($to, $subject, $msg, $headers, $eol, &$err_msg)
 	$collector = new \phpbb\error_collector;
 	$collector->install();
 
-	// On some PHP Versions mail() *may* fail if there are newlines within the subject.
+	/**
-	// Newlines are used as a delimiter for lines in mail_encode() according to RFC 2045 section 6.8.
+	 * On some PHP Versions mail() *may* fail if there are newlines within the subject.
-	// Because PHP can't decide what is wanted we revert back to the non-RFC-compliant way of separating by one space (Use '' as parameter to mail_encode() results in SPACE used)
+	 * Newlines are used as a delimiter for lines in mail_encode() according to RFC 2045 section 6.8.
+	 * Because PHP can't decide what is wanted we revert back to the non-RFC-compliant way of separating by one space
+	 * (Use '' as parameter to mail_encode() results in SPACE used)
+	 */
 	$additional_parameters = $config['email_force_sender'] ? '-f' . $config['board_email'] : '';
+
 	$result = mail($to, mail_encode($subject, ''), wordwrap(utf8_wordwrap($msg), 997, "\n", true), $headers, $additional_parameters);
 
 	$collector->uninstall();

includes/functions_module.php

@@ -123,7 +123,7 @@ class p_master
 
 		// We "could" build a true tree with this function - maybe mod authors want to use this...
 		// Functions for traversing and manipulating the tree are not available though
-		// We might re-structure the module system to use true trees in 3.2.x...
+		// We might re-structure the module system to use true trees in 4.0
 		// $tree = $this->build_tree($this->module_cache['modules'], $this->module_cache['parents']);
 
 		// Clean up module cache array to only let survive modules the user can access
@@ -445,7 +445,7 @@ class p_master
 				break;
 
 				default:
-					if (!preg_match('#(?:' . implode(array_keys($valid_tokens), ')|(?:') . ')#', $token))
+					if (!preg_match('#(?:' . implode(')|(?:', array_keys($valid_tokens)) . ')#', $token))
 					{
 						$token = '';
 					}
@@ -933,6 +933,14 @@ class p_master
 					'U_TITLE'		=> $u_title
 				);
 
+				if (isset($this->module_cache['parents'][$item_ary['id']]) || $item_ary['id'] == $this->p_id)
+				{
+					$template->assign_block_vars('navlinks', array(
+						'BREADCRUMB_NAME'	=> $item_ary['lang'],
+						'U_BREADCRUMB'		=> $u_title,
+					));
+				}
+
 				$template->assign_block_vars($use_tabular_offset, array_merge($tpl_ary, array_change_key_case($item_ary, CASE_UPPER)));
 			}
 

includes/functions_posting.php

@@ -52,9 +52,29 @@ function generate_smilies($mode, $forum_id)
 
 		page_header($user->lang['SMILIES']);
 
-		$sql = 'SELECT COUNT(smiley_id) AS item_count
+		$sql_ary = [
-			FROM ' . SMILIES_TABLE . '
+			'SELECT'	=> 'COUNT(s.smiley_id) AS item_count',
-			GROUP BY smiley_url';
+			'FROM'		=> [
+				SMILIES_TABLE => 's',
+			],
+			'GROUP_BY'	=> 's.smiley_url',
+		];
+
+		/**
+		* Modify SQL query that fetches the total number of smilies in window mode
+		*
+		* @event core.generate_smilies_count_sql_before
+		* @var int		forum_id	Forum where smilies are generated
+		* @var array	sql_ary		Array with the SQL query
+		* @since 3.2.9-RC1
+		*/
+		$vars = [
+			'forum_id',
+			'sql_ary',
+		];
+		extract($phpbb_dispatcher->trigger_event('core.generate_smilies_count_sql_before', compact($vars)));
+
+		$sql = $db->sql_build_query('SELECT', $sql_ary);
 		$result = $db->sql_query($sql, 3600);
 
 		$smiley_count = 0;
@@ -114,6 +134,22 @@ function generate_smilies($mode, $forum_id)
 	}
 	$db->sql_freeresult($result);
 
+	/**
+	* Modify smilies before they are assigned to the template
+	*
+	* @event core.generate_smilies_modify_rowset
+	* @var string	mode		Smiley mode, either window or inline
+	* @var int		forum_id	Forum where smilies are generated
+	* @var array	smilies		Smiley rows fetched from the database
+	* @since 3.2.9-RC1
+	*/
+	$vars = [
+		'mode',
+		'forum_id',
+		'smilies',
+	];
+	extract($phpbb_dispatcher->trigger_event('core.generate_smilies_modify_rowset', compact($vars)));
+
 	if (count($smilies))
 	{
 		$root_path = (defined('PHPBB_USE_BOARD_URL_PATH') && PHPBB_USE_BOARD_URL_PATH) ? generate_board_url() . '/' : $phpbb_path_helper->get_web_root_path();
@@ -397,34 +433,6 @@ function posting_gen_topic_types($forum_id, $cur_topic_type = POST_NORMAL)
 //
 // Attachment related functions
 //
-
-/**
-* Upload Attachment - filedata is generated here
-* Uses upload class
-*
-* @deprecated 3.2.0-a1 (To be removed: 3.4.0)
-*
-* @param string			$form_name		The form name of the file upload input
-* @param int			$forum_id		The id of the forum
-* @param bool			$local			Whether the file is local or not
-* @param string			$local_storage	The path to the local file
-* @param bool			$is_message		Whether it is a PM or not
-* @param array			$local_filedata	A filespec object created for the local file
-*
-* @return array File data array
-*/
-function upload_attachment($form_name, $forum_id, $local = false, $local_storage = '', $is_message = false, $local_filedata = false)
-{
-	global $phpbb_container;
-
-	/** @var \phpbb\attachment\manager $attachment_manager */
-	$attachment_manager = $phpbb_container->get('attachment.manager');
-	$file = $attachment_manager->upload($form_name, $forum_id, $local, $local_storage, $is_message, $local_filedata);
-	unset($attachment_manager);
-
-	return $file;
-}
-
 /**
 * Calculate the needed size for Thumbnail
 */
@@ -641,12 +649,6 @@ function create_thumbnail($source, $destination, $mimetype)
 				imagecopyresampled($new_image, $image, 0, 0, 0, 0, $new_width, $new_height, $width, $height);
 			}
 
-			// If we are in safe mode create the destination file prior to using the gd functions to circumvent a PHP bug
-			if (@ini_get('safe_mode') || @strtolower(ini_get('safe_mode')) == 'on')
-			{
-				@touch($destination);
-			}
-
 			switch ($type['format'])
 			{
 				case IMG_GIF:
@@ -978,6 +980,30 @@ function topic_review($topic_id, $forum_id, $mode = 'topic_review', $cur_post_id
 			AND u.user_id = p.poster_id',
 	);
 
+	/**
+	* Event to modify the SQL query for topic reviews
+	*
+	* @event core.topic_review_modify_sql_ary
+	* @var	int		topic_id			The topic ID that is being reviewed
+	* @var	int		forum_id			The topic's forum ID
+	* @var	string	mode				The topic review mode
+	* @var	int		cur_post_id			Post offset ID
+	* @var	bool	show_quote_button	Flag indicating if the quote button should be displayed
+	* @var	array	post_list			Array with the post IDs
+	* @var	array	sql_ary				Array with the SQL query
+	* @since 3.2.8-RC1
+	*/
+	$vars = array(
+		'topic_id',
+		'forum_id',
+		'mode',
+		'cur_post_id',
+		'show_quote_button',
+		'post_list',
+		'sql_ary',
+	);
+	extract($phpbb_dispatcher->trigger_event('core.topic_review_modify_sql_ary', compact($vars)));
+
 	$sql = $db->sql_build_query('SELECT', $sql_ary);
 	$result = $db->sql_query($sql);
 
@@ -1284,6 +1310,7 @@ function delete_post($forum_id, $topic_id, $post_id, &$data, $is_soft = false, $
 				delete_topics('topic_id', array($topic_id), false);
 
 				$phpbb_content_visibility->remove_topic_from_statistic($data, $sql_data);
+				$config->increment('num_posts', -1, false);
 
 				$update_sql = update_post_information('forum', $forum_id, true);
 				if (count($update_sql))
@@ -2054,6 +2081,11 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll_ary, &$data
 				continue;
 			}
 
+			if (preg_match('/[\x{10000}-\x{10FFFF}]/u', $attach_row['attach_comment']))
+			{
+				trigger_error('ATTACH_COMMENT_NO_EMOJIS');
+			}
+
 			if (!$attach_row['is_orphan'])
 			{
 				// update entry in db if attachment already stored in db and filespace

includes/functions_privmsgs.php

@@ -490,7 +490,7 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false)
 				'bcc'				=> explode(':', $row['bcc_address']),
 				'friend'			=> (isset($zebra[$row['author_id']])) ? $zebra[$row['author_id']]['friend'] : 0,
 				'foe'				=> (isset($zebra[$row['author_id']])) ? $zebra[$row['author_id']]['foe'] : 0,
-				'user_in_group'		=> array($user->data['group_id']),
+				'user_in_group'		=> $user->data['group_id'],
 				'author_in_group'	=> array())
 			);
 
@@ -1966,7 +1966,7 @@ function submit_pm($mode, $subject, &$data_ary, $put_in_outbox = true)
 */
 function message_history($msg_id, $user_id, $message_row, $folder, $in_post_mode = false)
 {
-	global $db, $user, $template, $phpbb_root_path, $phpEx, $auth;
+	global $db, $user, $template, $phpbb_root_path, $phpEx, $auth, $phpbb_dispatcher;
 
 	// Select all receipts and the author from the pm we currently view, to only display their pm-history
 	$sql = 'SELECT author_id, user_id
@@ -1985,9 +1985,7 @@ function message_history($msg_id, $user_id, $message_row, $folder, $in_post_mode
 	$recipients = array_unique($recipients);
 
 	// Get History Messages (could be newer)
-	$sql = 'SELECT t.*, p.*, u.*
+	$sql_where = 't.msg_id = p.msg_id
-		FROM ' . PRIVMSGS_TABLE . ' p, ' . PRIVMSGS_TO_TABLE . ' t, ' . USERS_TABLE . ' u
-		WHERE t.msg_id = p.msg_id
 			AND p.author_id = u.user_id
 			AND t.folder_id NOT IN (' . PRIVMSGS_NO_BOX . ', ' . PRIVMSGS_HOLD_BOX . ')
 			AND ' . $db->sql_in_set('t.author_id', $recipients, false, true) . "
@@ -1998,13 +1996,37 @@ function message_history($msg_id, $user_id, $message_row, $folder, $in_post_mode
 
 	if (!$message_row['root_level'])
 	{
-		$sql .= " AND (p.root_level = $msg_id OR (p.root_level = 0 AND p.msg_id = $msg_id))";
+		$sql_where .= " AND (p.root_level = $msg_id OR (p.root_level = 0 AND p.msg_id = $msg_id))";
 	}
 	else
 	{
-		$sql .= " AND (p.root_level = " . $message_row['root_level'] . ' OR p.msg_id = ' . $message_row['root_level'] . ')';
+		$sql_where .= " AND (p.root_level = " . $message_row['root_level'] . ' OR p.msg_id = ' . $message_row['root_level'] . ')';
 	}
-	$sql .= ' ORDER BY p.message_time DESC';
+
+	$sql_ary = array(
+		'SELECT'	=> 't.*, p.*, u.*',
+		'FROM'		=> array(
+			PRIVMSGS_TABLE		=> 'p',
+			PRIVMSGS_TO_TABLE	=> 't',
+			USERS_TABLE			=> 'u'
+		),
+		'LEFT_JOIN'	=> array(),
+		'WHERE'		=> $sql_where,
+		'ORDER_BY'	=> 'p.message_time DESC',
+	);
+
+	/**
+	* Event to modify the SQL query before the message history in private message is queried
+	*
+	* @event core.message_history_modify_sql_ary
+	* @var	array	sql_ary		The SQL array to get the data of the message history in private message
+	* @since 3.2.8-RC1
+	*/
+	$vars = array('sql_ary');
+	extract($phpbb_dispatcher->trigger_event('core.message_history_modify_sql_ary', compact($vars)));
+
+	$sql = $db->sql_build_query('SELECT', $sql_ary);
+	unset($sql_ary);
 
 	$result = $db->sql_query($sql);
 	$row = $db->sql_fetchrow($result);
@@ -2087,7 +2109,7 @@ function message_history($msg_id, $user_id, $message_row, $folder, $in_post_mode
 			$previous_history_pm = $prev_id;
 		}
 
-		$template->assign_block_vars('history_row', array(
+		$template_vars = array(
 			'MESSAGE_AUTHOR_QUOTE'		=> (($decoded_message) ? addslashes(get_username_string('username', $author_id, $row['username'], $row['user_colour'], $row['username'])) : ''),
 			'MESSAGE_AUTHOR_FULL'		=> get_username_string('full', $author_id, $row['username'], $row['user_colour'], $row['username']),
 			'MESSAGE_AUTHOR_COLOUR'		=> get_username_string('colour', $author_id, $row['username'], $row['user_colour'], $row['username']),
@@ -2109,8 +2131,25 @@ function message_history($msg_id, $user_id, $message_row, $folder, $in_post_mode
 			'USER_ID'			=> $row['user_id'],
 			'U_VIEW_MESSAGE'	=> "$url&f=$folder_id&p=" . $row['msg_id'],
 			'U_QUOTE'			=> (!$in_post_mode && $auth->acl_get('u_sendpm') && $author_id != ANONYMOUS) ? "$url&mode=compose&action=quote&f=" . $folder_id . "&p=" . $row['msg_id'] : '',
-			'U_POST_REPLY_PM'	=> ($author_id != $user->data['user_id'] && $author_id != ANONYMOUS && $auth->acl_get('u_sendpm')) ? "$url&mode=compose&action=reply&f=$folder_id&p=" . $row['msg_id'] : '')
+			'U_POST_REPLY_PM'	=> ($author_id != $user->data['user_id'] && $author_id != ANONYMOUS && $auth->acl_get('u_sendpm')) ? "$url&mode=compose&action=reply&f=$folder_id&p=" . $row['msg_id'] : ''
 		);
+
+		/**
+		* Modify the template vars for displaying the message history in private message
+		*
+		* @event core.message_history_modify_template_vars
+		* @var array	template_vars		Array containing the query
+		* @var array	row					Array containing the action user row
+		* @since 3.2.8-RC1
+		*/
+		$vars = array(
+			'template_vars',
+			'row',
+		);
+		extract($phpbb_dispatcher->trigger_event('core.message_history_modify_template_vars', compact($vars)));
+
+		$template->assign_block_vars('history_row', $template_vars);
+
 		unset($rowset[$i]);
 		$prev_id = $id;
 	}

includes/functions_transfer.php

@@ -810,7 +810,7 @@ class ftp_fsock extends transfer
 			$server_ip = substr($socket_name, 0, strrpos($socket_name, ':'));
 		}
 
-		if (!isset($server_ip) || preg_match(get_preg_expression('ipv4'), $server_ip))
+		if (isset($server_ip) && filter_var($server_ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) // ipv4
 		{
 			// Passive mode
 			$this->_send_command('PASV', '', false);
@@ -831,7 +831,7 @@ class ftp_fsock extends transfer
 			$server_ip = $temp[0] . '.' . $temp[1] . '.' . $temp[2] . '.' . $temp[3];
 			$server_port = $temp[4] * 256 + $temp[5];
 		}
-		else
+		else // ipv6
 		{
 			// Extended Passive Mode - RFC2428
 			$this->_send_command('EPSV', '', false);

includes/functions_user.php

@@ -204,7 +204,6 @@ function user_add($user_row, $cp_data = false, $notifications_data = null)
 		'username_clean'	=> $username_clean,
 		'user_password'		=> (isset($user_row['user_password'])) ? $user_row['user_password'] : '',
 		'user_email'		=> strtolower($user_row['user_email']),
-		'user_email_hash'	=> phpbb_email_hash($user_row['user_email']),
 		'group_id'			=> $user_row['group_id'],
 		'user_type'			=> $user_row['user_type'],
 	);
@@ -1455,12 +1454,7 @@ function user_unban($mode, $ban)
 */
 function user_ipwhois($ip)
 {
-	if (empty($ip))
+	if (!filter_var($ip, FILTER_VALIDATE_IP))
-	{
-		return '';
-	}
-
-	if (!preg_match(get_preg_expression('ipv4'), $ip) && !preg_match(get_preg_expression('ipv6'), $ip))
 	{
 		return '';
 	}
@@ -1732,7 +1726,7 @@ function phpbb_validate_timezone($timezone)
  * @return mixed							Either false if validation succeeded or a string which will be
  *											used as the error message (with the variable name appended)
  */
-function validate_username($username, $allowed_username = false)
+function validate_username($username, $allowed_username = false, $allow_all_names = false)
 {
 	global $config, $db, $user, $cache;
 
@@ -1815,13 +1809,16 @@ function validate_username($username, $allowed_username = false)
 		return 'USERNAME_TAKEN';
 	}
 
-	$bad_usernames = $cache->obtain_disallowed_usernames();
+	if (!$allow_all_names)
-
-	foreach ($bad_usernames as $bad_username)
 	{
-		if (preg_match('#^' . $bad_username . '$#', $clean_username))
+		$bad_usernames = $cache->obtain_disallowed_usernames();
+
+		foreach ($bad_usernames as $bad_username)
 		{
-			return 'USERNAME_DISALLOWED';
+			if (preg_match('#^' . $bad_username . '$#', $clean_username))
+			{
+				return 'USERNAME_DISALLOWED';
+			}
 		}
 	}
 
@@ -1907,7 +1904,7 @@ function phpbb_validate_email($email, $config = null)
 	{
 		list(, $domain) = explode('@', $email);
 
-		if (phpbb_checkdnsrr($domain, 'A') === false && phpbb_checkdnsrr($domain, 'MX') === false)
+		if (checkdnsrr($domain, 'A') === false && checkdnsrr($domain, 'MX') === false)
 		{
 			return 'DOMAIN_NO_MX_RECORD';
 		}
@@ -1942,16 +1939,17 @@ function validate_user_email($email, $allowed_email = false)
 		return $validate_email;
 	}
 
-	if (($ban = $user->check_ban(false, false, $email, true)) !== false)
+	$ban = $user->check_ban(false, false, $email, true);
+	if (!empty($ban))
 	{
-		return ($ban === true) ? 'EMAIL_BANNED' : (!empty($ban['ban_give_reason']) ? $ban['ban_give_reason'] : $ban);
+		return !empty($ban['ban_give_reason']) ? $ban['ban_give_reason'] : 'EMAIL_BANNED';
 	}
 
 	if (!$config['allow_emailreuse'])
 	{
-		$sql = 'SELECT user_email_hash
+		$sql = 'SELECT user_email
 			FROM ' . USERS_TABLE . "
-			WHERE user_email_hash = " . $db->sql_escape(phpbb_email_hash($email));
+			WHERE user_email = '" . $db->sql_escape($email) . "'";
 		$result = $db->sql_query($sql);
 		$row = $db->sql_fetchrow($result);
 		$db->sql_freeresult($result);