From b22a651c5c8651e13acf9acfeb73a02b1ae3c5c8 Mon Sep 17 00:00:00 2001
From: Chris Smith <toonarmy@phpbb.com>
Date: Thu, 15 Apr 2010 23:00:27 +0100
Subject: [PATCH 01/13] [feature/webpi] Validate inline with MSSQL password
 policy.

---
 build/webpi/parameters.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/build/webpi/parameters.xml b/build/webpi/parameters.xml
index 770cabf95b..994247e48e 100644
--- a/build/webpi/parameters.xml
+++ b/build/webpi/parameters.xml
@@ -116,12 +116,12 @@
 
 	<parameter
 		name="Database Password"
-		description="Password for your phpBB database. (Minimum 4 characters)"
+		description="Password for your phpBB database. (Must be at least 8 characters, contain at least one lower case letter, one upper case letter and one digit)"
 		tags="New, Password,SQL,  DbUserPassword">
 
 		<parameterValidation
 			type = "RegularExpression"   
-			validationString = "^.{4,}$" /> 
+			validationString = "^.*(?=.{8,})(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).*$" />
 
 		<parameterEntry
 			type="TextFile"

From abacc2d07d1f62db3aaebff1d37099c6511d0595 Mon Sep 17 00:00:00 2001
From: Andreas Fischer <bantu@phpbb.com>
Date: Wed, 21 Apr 2010 20:48:38 +0200
Subject: [PATCH 02/13] [ticket/9170] Unable to get image size in img bbcode
 when URL has multiple parameters.

Since we htmlspecialchars() all input we have to htmlspecialchars_decode() before passing the URL along to getimagesize().

PHPBB3-9170
---
 phpBB/includes/message_parser.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php
index 50aad8588a..952b55cc8c 100644
--- a/phpBB/includes/message_parser.php
+++ b/phpBB/includes/message_parser.php
@@ -300,7 +300,7 @@ class bbcode_firstpass extends bbcode
 
 		if ($config['max_' . $this->mode . '_img_height'] || $config['max_' . $this->mode . '_img_width'])
 		{
-			$stats = @getimagesize($in);
+			$stats = @getimagesize(htmlspecialchars_decode($in));
 
 			if ($stats === false)
 			{

From fd23bccd4d279e902d0b609cee71f09750d364a7 Mon Sep 17 00:00:00 2001
From: Nils Adermann <naderman@naderman.de>
Date: Sun, 2 May 2010 23:44:42 +0200
Subject: [PATCH 03/13] [develop-olympus] Basic gitignore file for cache files
 and backups.

---
 .gitignore | 2 ++
 1 file changed, 2 insertions(+)
 create mode 100644 .gitignore

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000000..3e0f454e0c
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+phpBB/cache/*.php
+*~
\ No newline at end of file

From cdd9ecdd68c8b0240a121a9bc07fd366a99bd1b3 Mon Sep 17 00:00:00 2001
From: Chris Smith <toonarmy@phpbb.com>
Date: Thu, 8 Apr 2010 10:08:18 +0200
Subject: [PATCH 04/13] [ticket/9520] Add some default web.config files for
 IIS.

These deny access to the various directories written to by phpBB.

PHPBB3-9520
---
 phpBB/cache/web.config                 | 13 +++++++++++++
 phpBB/files/web.config                 | 13 +++++++++++++
 phpBB/images/avatars/upload/web.config | 13 +++++++++++++
 phpBB/store/web.config                 | 13 +++++++++++++
 4 files changed, 52 insertions(+)
 create mode 100644 phpBB/cache/web.config
 create mode 100644 phpBB/files/web.config
 create mode 100644 phpBB/images/avatars/upload/web.config
 create mode 100644 phpBB/store/web.config

diff --git a/phpBB/cache/web.config b/phpBB/cache/web.config
new file mode 100644
index 0000000000..278494bafc
--- /dev/null
+++ b/phpBB/cache/web.config
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+	<system.webServer>
+		<rewrite>
+			<rules>
+				<rule name="phpBB Default Rule" stopProcessing="true">
+					<match url=".*" />
+					<action type="CustomResponse" statusCode="403" statusReason="Forbidden: Access is denied." statusDescription="You do not have permission to view this directory or page." />
+				</rule>
+			</rules>
+		</rewrite>
+	</system.webServer>
+</configuration>
\ No newline at end of file
diff --git a/phpBB/files/web.config b/phpBB/files/web.config
new file mode 100644
index 0000000000..278494bafc
--- /dev/null
+++ b/phpBB/files/web.config
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+	<system.webServer>
+		<rewrite>
+			<rules>
+				<rule name="phpBB Default Rule" stopProcessing="true">
+					<match url=".*" />
+					<action type="CustomResponse" statusCode="403" statusReason="Forbidden: Access is denied." statusDescription="You do not have permission to view this directory or page." />
+				</rule>
+			</rules>
+		</rewrite>
+	</system.webServer>
+</configuration>
\ No newline at end of file
diff --git a/phpBB/images/avatars/upload/web.config b/phpBB/images/avatars/upload/web.config
new file mode 100644
index 0000000000..278494bafc
--- /dev/null
+++ b/phpBB/images/avatars/upload/web.config
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+	<system.webServer>
+		<rewrite>
+			<rules>
+				<rule name="phpBB Default Rule" stopProcessing="true">
+					<match url=".*" />
+					<action type="CustomResponse" statusCode="403" statusReason="Forbidden: Access is denied." statusDescription="You do not have permission to view this directory or page." />
+				</rule>
+			</rules>
+		</rewrite>
+	</system.webServer>
+</configuration>
\ No newline at end of file
diff --git a/phpBB/store/web.config b/phpBB/store/web.config
new file mode 100644
index 0000000000..278494bafc
--- /dev/null
+++ b/phpBB/store/web.config
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+	<system.webServer>
+		<rewrite>
+			<rules>
+				<rule name="phpBB Default Rule" stopProcessing="true">
+					<match url=".*" />
+					<action type="CustomResponse" statusCode="403" statusReason="Forbidden: Access is denied." statusDescription="You do not have permission to view this directory or page." />
+				</rule>
+			</rules>
+		</rewrite>
+	</system.webServer>
+</configuration>
\ No newline at end of file

From 9ac7c492ed5c0537cb34dc3a21d9b9b612d0e091 Mon Sep 17 00:00:00 2001
From: Chris Smith <toonarmy@phpbb.com>
Date: Thu, 15 Apr 2010 23:12:14 +0100
Subject: [PATCH 05/13] [ticket/9520] Add suggested web.config for root files
 as suggested by Microsoft.

PHPBB3-9520
---
 phpBB/web.config | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 phpBB/web.config

diff --git a/phpBB/web.config b/phpBB/web.config
new file mode 100644
index 0000000000..7f2b40ec1b
--- /dev/null
+++ b/phpBB/web.config
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+	<system.webServer>
+		<rewrite>
+			<rules>
+				<rule name="phpBB config.php Rule" patternSyntax="Wildcard" stopProcessing="true">
+					<match url="*config.php" />
+					<action type="AbortRequest" />
+				</rule>
+				<rule name="phpBB common.php Rule" patternSyntax="Wildcard" stopProcessing="true">
+					<match url="*common.php" />
+					<action type="AbortRequest" />
+				</rule>
+			</rules>
+		</rewrite>
+	</system.webServer>
+</configuration>

From e11e53e11bd7ea67fe0b7b0145fe2941ca86fb84 Mon Sep 17 00:00:00 2001
From: Chris Smith <toonarmy@phpbb.com>
Date: Wed, 28 Apr 2010 19:13:01 +0100
Subject: [PATCH 06/13] [ticket/9520] Removed per directory web.config files.

These use the IIS rewriter to reject requests, Microsoft have suggested
we just use a single web.config with the builtin request filter.

PHPBB3-9520
---
 phpBB/cache/web.config                 | 13 -------------
 phpBB/files/web.config                 | 13 -------------
 phpBB/images/avatars/upload/web.config | 13 -------------
 phpBB/store/web.config                 | 13 -------------
 4 files changed, 52 deletions(-)
 delete mode 100644 phpBB/cache/web.config
 delete mode 100644 phpBB/files/web.config
 delete mode 100644 phpBB/images/avatars/upload/web.config
 delete mode 100644 phpBB/store/web.config

diff --git a/phpBB/cache/web.config b/phpBB/cache/web.config
deleted file mode 100644
index 278494bafc..0000000000
--- a/phpBB/cache/web.config
+++ /dev/null
@@ -1,13 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<configuration>
-	<system.webServer>
-		<rewrite>
-			<rules>
-				<rule name="phpBB Default Rule" stopProcessing="true">
-					<match url=".*" />
-					<action type="CustomResponse" statusCode="403" statusReason="Forbidden: Access is denied." statusDescription="You do not have permission to view this directory or page." />
-				</rule>
-			</rules>
-		</rewrite>
-	</system.webServer>
-</configuration>
\ No newline at end of file
diff --git a/phpBB/files/web.config b/phpBB/files/web.config
deleted file mode 100644
index 278494bafc..0000000000
--- a/phpBB/files/web.config
+++ /dev/null
@@ -1,13 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<configuration>
-	<system.webServer>
-		<rewrite>
-			<rules>
-				<rule name="phpBB Default Rule" stopProcessing="true">
-					<match url=".*" />
-					<action type="CustomResponse" statusCode="403" statusReason="Forbidden: Access is denied." statusDescription="You do not have permission to view this directory or page." />
-				</rule>
-			</rules>
-		</rewrite>
-	</system.webServer>
-</configuration>
\ No newline at end of file
diff --git a/phpBB/images/avatars/upload/web.config b/phpBB/images/avatars/upload/web.config
deleted file mode 100644
index 278494bafc..0000000000
--- a/phpBB/images/avatars/upload/web.config
+++ /dev/null
@@ -1,13 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<configuration>
-	<system.webServer>
-		<rewrite>
-			<rules>
-				<rule name="phpBB Default Rule" stopProcessing="true">
-					<match url=".*" />
-					<action type="CustomResponse" statusCode="403" statusReason="Forbidden: Access is denied." statusDescription="You do not have permission to view this directory or page." />
-				</rule>
-			</rules>
-		</rewrite>
-	</system.webServer>
-</configuration>
\ No newline at end of file
diff --git a/phpBB/store/web.config b/phpBB/store/web.config
deleted file mode 100644
index 278494bafc..0000000000
--- a/phpBB/store/web.config
+++ /dev/null
@@ -1,13 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<configuration>
-	<system.webServer>
-		<rewrite>
-			<rules>
-				<rule name="phpBB Default Rule" stopProcessing="true">
-					<match url=".*" />
-					<action type="CustomResponse" statusCode="403" statusReason="Forbidden: Access is denied." statusDescription="You do not have permission to view this directory or page." />
-				</rule>
-			</rules>
-		</rewrite>
-	</system.webServer>
-</configuration>
\ No newline at end of file

From 8612fc23d4d7ca90ea80e5a12e7bd51ed315e0dd Mon Sep 17 00:00:00 2001
From: Chris Smith <toonarmy@phpbb.com>
Date: Wed, 28 Apr 2010 19:20:54 +0100
Subject: [PATCH 07/13] [ticket/9520] New web.config file as suggested by
 Microsoft using request filter

PHPBB3-9520
---
 phpBB/web.config | 32 ++++++++++++++++++++------------
 1 file changed, 20 insertions(+), 12 deletions(-)

diff --git a/phpBB/web.config b/phpBB/web.config
index 7f2b40ec1b..e374e611f6 100644
--- a/phpBB/web.config
+++ b/phpBB/web.config
@@ -1,17 +1,25 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <configuration>
 	<system.webServer>
-		<rewrite>
-			<rules>
-				<rule name="phpBB config.php Rule" patternSyntax="Wildcard" stopProcessing="true">
-					<match url="*config.php" />
-					<action type="AbortRequest" />
-				</rule>
-				<rule name="phpBB common.php Rule" patternSyntax="Wildcard" stopProcessing="true">
-					<match url="*common.php" />
-					<action type="AbortRequest" />
-				</rule>
-			</rules>
-		</rewrite>
+		<security>
+			<requestFiltering>
+				<hiddenSegments>
+					<add segment="cache" />
+					<add segment="files" />
+					<add segment="store" />­
+				</hiddenSegments>
+			</requestFiltering>
+		</security>
 	</system.webServer>
+	<location path="images/avatars">
+		<system.webServer>
+			<security>
+				<requestFiltering>
+					<hiddenSegments>
+						<add segment="upload" />
+					</hiddenSegments>
+				</requestFiltering>
+			</security>
+		</system.webServer>
+	</location>
 </configuration>

From 43f47dba4c8e43b286391748763c00d3e949564b Mon Sep 17 00:00:00 2001
From: Chris Smith <toonarmy@phpbb.com>
Date: Wed, 28 Apr 2010 19:22:10 +0100
Subject: [PATCH 08/13] [ticket/9520] Additionally filter requests for
 {common,config}.php

PHPBB3-9520
---
 phpBB/web.config | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/phpBB/web.config b/phpBB/web.config
index e374e611f6..128fe3c98f 100644
--- a/phpBB/web.config
+++ b/phpBB/web.config
@@ -7,6 +7,8 @@
 					<add segment="cache" />
 					<add segment="files" />
 					<add segment="store" />­
+					<add segment="config.php" />
+					<add segment="common.php" />
 				</hiddenSegments>
 			</requestFiltering>
 		</security>

From 171807213f431f9b4c028a5c5e1b079600d7fc52 Mon Sep 17 00:00:00 2001
From: Rob House <>
Date: Sat, 1 May 2010 01:30:51 +0100
Subject: [PATCH 09/13] [ticket/9582] Custom profile fields cannot be created
 under MSSQL native.

PHPBB3-9565
PHPBB3-9582
---
 phpBB/includes/acp/acp_profile.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/phpBB/includes/acp/acp_profile.php b/phpBB/includes/acp/acp_profile.php
index fc08c7e8e8..2288a0728b 100644
--- a/phpBB/includes/acp/acp_profile.php
+++ b/phpBB/includes/acp/acp_profile.php
@@ -1480,6 +1480,7 @@ class acp_profile
 
 			case 'mssql':
 			case 'mssql_odbc':
+			case 'mssqlnative':
 
 				// We are defining the biggest common value, because of the possibility to edit the min/max values of each field.
 				$sql = 'ALTER TABLE [' . PROFILE_FIELDS_DATA_TABLE . "] ADD [$field_ident] ";

From 57394261364f9fdddded08964d2b7e3842057b2a Mon Sep 17 00:00:00 2001
From: Rob House <>
Date: Sat, 1 May 2010 01:37:01 +0100
Subject: [PATCH 10/13] [ticket/9582] Unable to edit CPFs from UCP under MSSQL
 native driver.

PHPBB3-9566
PHPBB3-9582
---
 phpBB/includes/functions_profile_fields.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/phpBB/includes/functions_profile_fields.php b/phpBB/includes/functions_profile_fields.php
index 61e3587158..fa1cc98e10 100644
--- a/phpBB/includes/functions_profile_fields.php
+++ b/phpBB/includes/functions_profile_fields.php
@@ -366,6 +366,7 @@ class custom_profile
 			case 'sqlite':
 			case 'mssql':
 			case 'mssql_odbc':
+			case 'mssqlnative':
 				$right_delim = ']';
 				$left_delim = '[';
 			break;

From a20576fdd46d1fddb0dbdaca1a537e44cb7ebb10 Mon Sep 17 00:00:00 2001
From: Rob House <>
Date: Sat, 1 May 2010 01:41:06 +0100
Subject: [PATCH 11/13] [ticket/9582] Removing a report reason leaves reports
 with an unknown reason under MSSQL native.

PHPBB3-9564
PHPBB3-9582
---
 phpBB/includes/acp/acp_reasons.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/phpBB/includes/acp/acp_reasons.php b/phpBB/includes/acp/acp_reasons.php
index 8d7bc88769..dbc9fcb6cc 100644
--- a/phpBB/includes/acp/acp_reasons.php
+++ b/phpBB/includes/acp/acp_reasons.php
@@ -233,6 +233,7 @@ class acp_reasons
 						// Standard? What's that?
 						case 'mssql':
 						case 'mssql_odbc':
+						case 'mssqlnative':
 							// Change the reports using this reason to 'other'
 							$sql = "DECLARE @ptrval binary(16)
 

From e95faaeb6845fb999a130497e954ff98d2515f43 Mon Sep 17 00:00:00 2001
From: Rob House <>
Date: Sat, 1 May 2010 01:58:50 +0100
Subject: [PATCH 12/13] [ticket/9582] Advanced search cannot be accessed using
 MSSQL native.

PHPBB3-9562
PHPBB3-9582
---
 phpBB/search.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/phpBB/search.php b/phpBB/search.php
index ab2221a96e..7a9ab82f93 100644
--- a/phpBB/search.php
+++ b/phpBB/search.php
@@ -1155,6 +1155,7 @@ if ($auth->acl_get('a_search'))
 
 		case 'mssql':
 		case 'mssql_odbc':
+		case 'mssqlnative':
 			$sql = 'SELECT search_time, search_keywords
 				FROM ' . SEARCH_RESULTS_TABLE . '
 				WHERE DATALENGTH(search_keywords) > 0

From 11d097fc1a1bc2e539922cfa5d078bbcb74d4da8 Mon Sep 17 00:00:00 2001
From: Chris Smith <toonarmy@phpbb.com>
Date: Sat, 1 May 2010 02:15:58 +0100
Subject: [PATCH 13/13] [ticket/9582] MSSQL native backups can now be restored.

PHPBB3-9583
PHPBB3-9582
---
 phpBB/includes/acp/acp_database.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/phpBB/includes/acp/acp_database.php b/phpBB/includes/acp/acp_database.php
index abfad2b90b..0582d6204e 100644
--- a/phpBB/includes/acp/acp_database.php
+++ b/phpBB/includes/acp/acp_database.php
@@ -394,6 +394,7 @@ class acp_database
 
 								case 'mssql':
 								case 'mssql_odbc':
+								case 'mssqlnative':
 									while (($sql = $fgetd($fp, "GO\n", $read, $seek, $eof)) !== false)
 									{
 										$db->sql_query($sql);