Merge branch '3.3.x'

build/build.xml

@@ -3,8 +3,8 @@
 <project name="phpBB" description="The phpBB forum software" default="all" basedir="../">
 	<!-- a few settings for the build -->
 	<property name="newversion" value="4.0.0-a1-dev" />
-	<property name="prevversion" value="3.2.9" />
-	<property name="olderversions" value="3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.7-pl1, 3.1.8, 3.1.9, 3.1.10, 3.1.11, 3.1.12, 3.2.0-a1, 3.2.0-a2, 3.2.0-b1, 3.2.0-b2, 3.2.0-RC1, 3.2.0-RC2, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.2.6, 3.2.7, 3.2.8, 3.3.0-RC1" />
+	<property name="prevversion" value="3.3.0" />
+	<property name="olderversions" value="3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.7-pl1, 3.1.8, 3.1.9, 3.1.10, 3.1.11, 3.1.12, 3.2.0-a1, 3.2.0-a2, 3.2.0-b1, 3.2.0-b2, 3.2.0-RC1, 3.2.0-RC2, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.2.6, 3.2.7, 3.2.8, 3.2.9" />
 	<!-- no configuration should be needed beyond this point -->
 
 	<property name="oldversions" value="${olderversions}, ${prevversion}" />

phpBB/docs/CHANGELOG.html

@@ -20,7 +20,7 @@
 			<div class="inner">
 
 			<div id="doc-description">
-				<a href="../index.php" id="logo"><img src="assets/images/site_logo.gif" alt="" /></a>
+				<a href="../index.php" id="logo"><span class="site_logo"></span></a>
 				<h1>phpBB 3.3.x Changelog</h1>
 				<p style="display: none;"><a href="#start_here">Skip</a></p>
 			</div>
@@ -50,6 +50,7 @@
 <ol>
 	<li><a href="#changelog">Changelog</a>
 	<ul>
+		<li><a href="#v330rc1">Changes since 3.3.0-RC1</a></li>
 		<li><a href="#v330b2">Changes since 3.3.0-b2</a></li>
 		<li><a href="#v330b1">Changes since 3.3.0-b1</a></li>
 		<li><a href="#v32x">Changes since 3.2.x</a></li>
@@ -145,6 +146,50 @@
 		<div class="inner">
 
 		<div class="content">
+			<a name="v330rc1"></a><h3>Changes since 3.3.0-RC1</h3>
+			<h4>Bug</h4>
+			<ul>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15592">PHPBB3-15592</a>] - &quot;Place inline&quot; button appears when BBcode is disabled (Post settings)</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15902">PHPBB3-15902</a>] - Out of range error with Sphinx search</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16209">PHPBB3-16209</a>] - Nginx example configuration file blocks an image in the ACP</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16230">PHPBB3-16230</a>] - Check phrasing of FILESYSTEM_CANNOT_* lang keys</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16257">PHPBB3-16257</a>] - Typo in Email Settings section</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16260">PHPBB3-16260</a>] - Missing check whether the index exists in ACP - PHP 7.4</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16261">PHPBB3-16261</a>] - Missing check whether the index exists in install - PHP 7.4</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16262">PHPBB3-16262</a>] - php 7.3 compact() calls with undefined variables causing error page</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16263">PHPBB3-16263</a>] - Apache auth provider test fails on bamboo</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16266">PHPBB3-16266</a>] - Error on clean install with PHP 7.4</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16267">PHPBB3-16267</a>] - Check whether the index exists in ACP BBcodes - PHP 7.4</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16273">PHPBB3-16273</a>] - Trying to access array offset on value of type bool in Memberlist</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16274">PHPBB3-16274</a>] - compact() calls with undefined variables in search.php</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16276">PHPBB3-16276</a>] - Undefined $mode property in bbcode_firstpass class</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16278">PHPBB3-16278</a>] - Update instructions (INSTALL.html)</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16281">PHPBB3-16281</a>] - Extensions' Tab does not show up automatically</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16282">PHPBB3-16282</a>] - Default jQuery CDN URL is outdated on new installs</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16285">PHPBB3-16285</a>] - Missing sanity checks in migrations for 3.3</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16287">PHPBB3-16287</a>] - At first ACP screen after install, error message regarding statistics submission</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16293">PHPBB3-16293</a>] - Update hashes cron produces invalid hashes while updating from 3.0</li>
+			</ul>
+			<h4>Improvement</h4>
+			<ul>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16221">PHPBB3-16221</a>] - ACP statistics are ugly</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16277">PHPBB3-16277</a>] - Move from each() function</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16279">PHPBB3-16279</a>] - Add permission for Emojii in topic title</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16283">PHPBB3-16283</a>] - Update requirements for 3.3.0</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16290">PHPBB3-16290</a>] - Update to new SVG logo in package docs</li>
+			</ul>
+			<h4>Security</h4>
+			<ul>
+				<li>[SECURITY-249] - Group avatar overwrite on invalid submit</li>
+				<li>[SECURITY-250] - Group leader can be tricked into approving user</li>
+			</ul>
+			<h4>Hardening</h4>
+			<ul>
+				<li>[SECURITY-251] - Unwanted move of PMs to folders</li>
+				<li>[SECURITY-252] - PMs of unsuspecting users can be marked as important</li>
+				<li>[SECURITY-253] - PM export without proper validation</li>
+			</ul>
+
 			<a name="v330b2"></a><h3>Changes since 3.3.0-b2</h3>
 			<h4>Bug</h4>
 			<ul>

phpBB/docs/FAQ.html

@@ -20,7 +20,7 @@
 			<div class="inner">
 
 			<div id="doc-description">
-				<a href="../index.php" id="logo"><img src="assets/images/site_logo.gif" alt="" /></a>
+				<a href="../index.php" id="logo"><span class="site_logo"></span></a>
 				<h1>phpBB 3.3.x FAQ</h1>
 				<p>phpBB 3.3.x frequently asked questions</p>
 				<p style="display: none;"><a href="#start_here">Skip</a></p>

phpBB/docs/INSTALL.html

@@ -20,7 +20,7 @@
 			<div class="inner">
 
 			<div id="doc-description">
-				<a href="../index.php" id="logo"><img src="assets/images/site_logo.gif" alt="" /></a>
+				<a href="../index.php" id="logo"><span class="site_logo"></span></a>
 				<h1>phpBB 3.3.x Install</h1>
 				<p>phpBB 3.3.x Installation, updating and conversion information</p>
 				<p style="display: none;"><a href="#start_here">Skip</a></p>

phpBB/docs/README.html

@@ -20,7 +20,7 @@
 			<div class="inner">
 
 			<div id="doc-description">
-				<a href="../index.php" id="logo"><img src="assets/images/site_logo.gif" alt="" /></a>
+				<a href="../index.php" id="logo"><span class="site_logo"></span></a>
 				<h1>phpBB 3.3.x Readme</h1>
 				<p style="display: none;"><a href="#start_here">Skip</a></p>
 			</div>

phpBB/docs/assets/css/stylesheet.css

@@ -154,6 +154,14 @@ a#logo:hover {
 	text-decoration: none;
 }
 
+.site_logo {
+	background-image: url("../images/site_logo.svg");
+	background-repeat: no-repeat;
+	display: inline-block;
+	width: 149px;
+	height: 52px;
+}
+
 #doc-description {
 	float: left;
 	width: 70%;

phpBB/docs/auth_api.html

@@ -20,7 +20,7 @@
 			<div class="inner">
 
 			<div id="doc-description">
-				<a href="../index.php" id="logo"><img src="assets/images/site_logo.gif" alt="" /></a>
+				<a href="../index.php" id="logo"><span class="site_logo"></span></a>
 				<h1>Auth API</h1>
 				<p>This is an explanation of how to use the phpBB auth/acl API</p>
 				<p style="display: none;"><a href="#start_here">Skip</a></p>

phpBB/docs/coding-guidelines.html

@@ -4,7 +4,7 @@
 <meta charset="utf-8">
 <meta http-equiv="X-UA-Compatible" content="IE=edge">
 <meta name="keywords" content="" />
-<meta name="description" content="Rhea coding guidelines document" />
+<meta name="description" content="Proteus coding guidelines document" />
 <title>phpBB3 &bull; Coding Guidelines</title>
 
 <link href="assets/css/stylesheet.css" rel="stylesheet" type="text/css" media="screen" />
@@ -20,9 +20,9 @@
 			<div class="inner">
 
 			<div id="doc-description">
-				<a href="../index.php" id="logo"><img src="assets/images/site_logo.gif" alt="" /></a>
+				<a href="../index.php" id="logo"><span class="site_logo"></span></a>
 				<h1>Coding Guidelines</h1>
-				<p>Rhea coding guidelines document</p>
+				<p>Proteus coding guidelines document</p>
 				<p style="display: none;"><a href="#start_here">Skip</a></p>
 			</div>
 
@@ -37,7 +37,7 @@
 <!-- BEGIN DOCUMENT -->
 
 <p class="paragraph main-description">
-	These are the phpBB Coding Guidelines for Rhea, all attempts should be made to follow them as closely as possible.
+	These are the phpBB Coding Guidelines for Proteus, all attempts should be made to follow them as closely as possible.
 </p>
 
 <h1>Coding Guidelines</h1>

phpBB/phpbb/cron/task/core/update_hashes.php

@@ -56,7 +56,7 @@ class update_hashes extends \phpbb\cron\task\base
 
 		foreach ($defaults as $type)
 		{
-			if ($hashing_algorithms[$type]->is_supported())
+			if ($hashing_algorithms[$type]->is_supported() && !$hashing_algorithms[$type] instanceof \phpbb\passwords\driver\base_native)
 			{
 				$this->default_type = $type;
 				break;

phpBB/phpbb/db/migration/data/v330/v330.php

@@ -0,0 +1,37 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+namespace phpbb\db\migration\data\v330;
+
+class v330 extends \phpbb\db\migration\migration
+{
+	public function effectively_installed()
+	{
+		return version_compare($this->config['version'], '3.3.0', '>=');
+	}
+
+	static public function depends_on()
+	{
+		return array(
+			'\phpbb\db\migration\data\v32x\v329',
+			'\phpbb\db\migration\data\v330\v330rc1',
+		);
+	}
+
+	public function update_data()
+	{
+		return array(
+			array('config.update', array('version', '3.3.0')),
+		);
+	}
+}

phpBB/phpbb/passwords/driver/argon2i.php

@@ -37,23 +37,15 @@ class argon2i extends base_native
 	{
 		parent::__construct($config, $helper);
 
-		// Workaround to prevent "Use of undefined constant" warning on some unsupported PHP installations
-		if (!defined('PASSWORD_ARGON2I'))
-		{
-			define('PASSWORD_ARGON2_DEFAULT_MEMORY_COST', 1024);
-			define('PASSWORD_ARGON2_DEFAULT_TIME_COST', 2);
-			define('PASSWORD_ARGON2_DEFAULT_THREADS', 1);
-		}
-
 		/**
 		 * For Sodium implementation of argon2 algorithm (since PHP 7.4), set special value of 1 for "threads" cost factor
 		 * See https://wiki.php.net/rfc/sodium.argon.hash and PHPBB3-16266
 		 * Don't allow cost factors to be below default settings where possible
 		 */
-		$this->memory_cost = max($memory_cost, PASSWORD_ARGON2_DEFAULT_MEMORY_COST);
-		$this->time_cost   = max($time_cost, PASSWORD_ARGON2_DEFAULT_TIME_COST);
+		$this->memory_cost = max($memory_cost, defined('PASSWORD_ARGON2_DEFAULT_MEMORY_COST') ? PASSWORD_ARGON2_DEFAULT_MEMORY_COST : 1024);
+		$this->time_cost   = max($time_cost, defined('PASSWORD_ARGON2_DEFAULT_TIME_COST') ? PASSWORD_ARGON2_DEFAULT_TIME_COST : 2);
 		$this->threads     = (defined('PASSWORD_ARGON2_PROVIDER') && PASSWORD_ARGON2_PROVIDER == 'sodium') ?
-									PASSWORD_ARGON2_DEFAULT_THREADS : max($threads, PASSWORD_ARGON2_DEFAULT_THREADS);
+									PASSWORD_ARGON2_DEFAULT_THREADS : max($threads, defined('PASSWORD_ARGON2_DEFAULT_THREADS') ? PASSWORD_ARGON2_DEFAULT_THREADS : 1);
 	}
 
 	/**