diff --git a/build/build.xml b/build/build.xml index c97d200fbb..dd7bb3d014 100644 --- a/build/build.xml +++ b/build/build.xml @@ -2,9 +2,9 @@ - - - + + + diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html index 4d96aa4981..5cf98e20fc 100644 --- a/phpBB/docs/CHANGELOG.html +++ b/phpBB/docs/CHANGELOG.html @@ -46,6 +46,7 @@
  1. Changelog
      +
    1. Changes since 3.1.1
    2. Changes since 3.1.0
    3. Changes since 3.1.0-RC6
    4. Changes since 3.1.0-RC5
      5. @@ -101,7 +102,88 @@
      -

      1.i. Changes since 3.1.0

      +

      1.i. Changes since 3.1.1

      + +

      Security

      +
        +
      • [SECURITY-171] - Version helper does not properly escape version info
        • +
      • [SECURITY-169] - AJAX request with unexpected referrer causes infinite loop
        • +
      + +

      Bug

      +
        +
      • [PHPBB3-10442] - XHTML is invalid when a forum link without redirect counter is present
        • +
      • [PHPBB3-10744] - Prevent user from installing styles with reserved directory names
        • +
      • [PHPBB3-11863] - User registration settings show incorrectly as disabled when board-wide emails are disabled
        • +
      • [PHPBB3-12703] - Notification System sends exact same SQL query multiple times
        • +
      • [PHPBB3-13083] - Language correction in NO_ENTRIES in acp_logs
        • +
      • [PHPBB3-13100] - Don't display "delete reason" dialog for shadow-topics
        • +
      • [PHPBB3-13193] - Post counts in Private Messages should link to the user's posts
        • +
      • [PHPBB3-13197] - Group Avatar not deleted from users
        • +
      • [PHPBB3-13204] - Login flood control error supresses incorrect credential error
        • +
      • [PHPBB3-13209] - Boolean (Yes/No) custom profile field doesn't show given name
        • +
      • [PHPBB3-13216] - Datetime tests fail randomly
        • +
      • [PHPBB3-13228] - "Code: Select all" font-size too big in Private Messages
        • +
      • [PHPBB3-13239] - Can´t upload Attachments on iOS
        • +
      • [PHPBB3-13241] - Topics are being duplicated in multipage forums
        • +
      • [PHPBB3-13242] - Validation error in Contact a Board Administrator
        • +
      • [PHPBB3-13243] - Debug error when clicking Re-check all versions on ACP manage extensions page
        • +
      • [PHPBB3-13251] - Database password containing special characters no longer accepted after upgrade to 3.1.0
        • +
      • [PHPBB3-13253] - MCP queue link in active topics search is missing
        • +
      • [PHPBB3-13265] - "Edit profile" link on view-own-profile page should only show if user has permission to edit
        • +
      • [PHPBB3-13270] - Upgrading from 3.0.12 to 3.1.1 does not display moderator soft delete permissions
        • +
      • [PHPBB3-13277] - Move Up & Down does not take work in Internet Explorer
        • +
      • [PHPBB3-13280] - $user->page['page'] - is invalid resulting in confirm_box() not working correctly
        • +
      • [PHPBB3-13284] - Message body not included in email topic message
        • +
      • [PHPBB3-13298] - Use mysql_free_result to free result sets which were requested using mysql_query()
        • +
      • [PHPBB3-13300] - Jabber field still shown in profile when feature is disabled
        • +
      • [PHPBB3-13301] - Apache Authentication is probably broken
        • +
      • [PHPBB3-13303] - Migrator caught in loop calculating dependencies
        • +
      • [PHPBB3-13315] - Upgrade from 3.0.12 to 3.1.1 resets CAPTCHA selection
        • +
      • [PHPBB3-13316] - reCAPTCHA does not work on secured connection
        • +
      • [PHPBB3-13318] - login_username doesn't have multibyte parameter set to true
        • +
      • [PHPBB3-13323] - posting.php can pass invalid auth option to acl_get()
        • +
      • [PHPBB3-13332] - Insufficient information passed to password drivers for converted boards
        • +
      • [PHPBB3-13337] - Mark subforums read triggers error if subforums contain no topics
        • +
      • [PHPBB3-13338] - Some tests fail when run on their own
        • +
      • [PHPBB3-13342] - 310/captcha_plugins migration changes recaptcha to nogd
        • +
      • [PHPBB3-13349] - Incorrect entities used for breadcrumb separator in CSS
        • +
      • [PHPBB3-13354] - Unknown column 'topic_logs' in 'where clause' when deleting topic log in MCP
        • +
      • [PHPBB3-13376] - deregister_globals() does not work correctly when $_COOKIE['GLOBALS'] is specified
        • +
      + +

      Improvement

      +
        +
      • [PHPBB3-12681] - Cache the compiled routes and dump the url_generator
        • +
      • [PHPBB3-12885] - Wrong index page title when using Board Index text
        • +
      • [PHPBB3-13023] - [event] - Add Event posting_editor_buttons_custom_tags_before
        • +
      • [PHPBB3-13133] - Allow @vendor_extname in INCLUDECSS
        • +
      • [PHPBB3-13182] - [event] - Add posting.php core event to allow modifying the message before parsing
        • +
      • [PHPBB3-13220] - [event] - Add template events to memberlist_search.html
        • +
      • [PHPBB3-13290] - [event] - Add template event index_body_forumlist_body_after
        • +
      • [PHPBB3-13294] - [event] - Add message_parser.php core event for additional message handling before parsing
        • +
      • [PHPBB3-13297] - Add unicode modifier to url/email regular expression patterns
        • +
      • [PHPBB3-13309] - [event] - Add ACP template event acp_email_options_after
        • +
      • [PHPBB3-13310] - [event] - Add core event core.acp_email_modify_sql
        • +
      • [PHPBB3-13326] - Add viewtopic_url variable to a viewtopic event
        • +
      • [PHPBB3-13328] - [event] - Add event core.mcp_view_forum_modify_sql
        • +
      • [PHPBB3-13347] - [event] - Add new template events to acp_forums.html
        • +
      + +

      New Feature

      +
        +
      • [PHPBB3-12962] - Use phantomjs and webdriver for UI testing
        • +
      + +

      Task

      +
        +
      • [PHPBB3-13324] - Composer no longer downloads sami/sami and fabpot/goutte
        • +
      • [PHPBB3-13325] - Make installing dependencies for tests more user friendly or optional
        • +
      • [PHPBB3-13331] - Sami run as part of phing MUST NOT switch branches
        • +
      + + +

      1.ii. Changes since 3.1.0

      Security

        @@ -119,7 +201,7 @@
      • [PHPBB3-13262] - Add note to docs about htaccess file when upgrading 3.0 to 3.1
      -

      1.i. Changes since 3.1.0-RC6

      +

      1.iii. Changes since 3.1.0-RC6

      Bug

        @@ -147,7 +229,7 @@
      • [PHPBB3-13215] - Update Symfony Components to 2.3.21
      -

      1.ii. Changes since 3.1.0-RC5

      +

      1.iv. Changes since 3.1.0-RC5

      Bug

        @@ -188,7 +270,7 @@
      -

      1.iii. Changes since 3.1.0-RC4

      +

      1.v. Changes since 3.1.0-RC4

      Bug

        @@ -255,7 +337,7 @@
      • [PHPBB3-13123] - Add events to allow post blocking and post pre/past processing
      -

      1.iv. Changes since 3.1.0-RC3

      +

      1.vi. Changes since 3.1.0-RC3

      Bug

        @@ -345,7 +427,7 @@
      -

      1.v. Changes since 3.1.0-RC2

      +

      1.vii. Changes since 3.1.0-RC2

      Bug

        @@ -469,7 +551,7 @@
      • [PHPBB3-12948] - Remove Travis CI "broken opcache on PHP 5.5.7 and 5.5.8" workaround.
      -

      1.vi. Changes since 3.1.0-RC1

      +

      1.viii. Changes since 3.1.0-RC1

      Bug

        @@ -540,7 +622,7 @@
      • [PHPBB3-12829] - Remove check for pgsql 8.3/8.2
      -

      1.vii. Changes since 3.1.0-b4

      +

      1.ix. Changes since 3.1.0-b4

      Bug

        @@ -660,7 +742,7 @@
      -

      1.viii. Changes since 3.1.0-b3

      +

      1.x. Changes since 3.1.0-b3

      Bug

        @@ -767,7 +849,7 @@
      -

      1.ix. Changes since 3.1.0-b2

      +

      1.xi. Changes since 3.1.0-b2

      Bug

        @@ -932,7 +1014,7 @@
      -

      1.x. Changes since 3.1.0-b1

      +

      1.xii. Changes since 3.1.0-b1

      Bug

        @@ -1000,7 +1082,7 @@
      • [PHPBB3-12302] - Upgrade composer.phar to 1.0.0-alpha8
      -

      1.xi. Changes since 3.1.0-a3

      +

      1.xiii. Changes since 3.1.0-a3

      Bug

        @@ -1147,7 +1229,7 @@
      -

      1.xii. Changes since 3.1.0-a2

      +

      1.xiv. Changes since 3.1.0-a2

      Bug

        @@ -1255,7 +1337,7 @@
      • [PHPBB3-12147] - Remove Travis CI notification configuration
      -

      1.xiii. Changes since 3.1.0-a1

      +

      1.xv. Changes since 3.1.0-a1

      Bug

        @@ -1331,7 +1413,7 @@
      • [PHPBB3-11998] - Add console / command line client environment
      -

      1.xiv. Changes since 3.0.x

      +

      1.xvi. Changes since 3.0.x

      Bug

        @@ -2012,7 +2094,7 @@
      • [PHPBB3-11913] - Apply reorganisation of download.phpbb.com to build_announcement.php
      -

      1.xv. Changes since 3.0.11

      +

      1.xvii. Changes since 3.0.11

      Bug

        @@ -2167,7 +2249,7 @@
      • [PHPBB3-11753] - Upgrade mysql_upgrader.php schema data.
      -

      1.xvi. Changes since 3.0.10

      +

      1.xviii. Changes since 3.0.10

      Bug

        @@ -2292,7 +2374,7 @@
      • [PHPBB3-10909] - Update Travis Test Configuration: Travis no longer supports PHP 5.3.2
      -

      1.xvii. Changes since 3.0.9

      +

      1.xix. Changes since 3.0.9

      Bug

        @@ -2428,7 +2510,7 @@
      • [PHPBB3-10480] - Automate changelog building
      -

      1.xviii. Changes since 3.0.8

      +

      1.xx. Changes since 3.0.8

      Bug

      @@ -2796,7 +2878,7 @@ -

      1.xix. Changes since 3.0.7-PL1

      +

      1.xxi. Changes since 3.0.7-PL1

      Security

        @@ -3254,13 +3336,13 @@
      -

      1.xx. Changes since 3.0.7

      +

      1.xxii. Changes since 3.0.7

      • [Sec] Do not expose forum content of forums with ACL entries but no actual permission in ATOM Feeds. (Bug #58595)
      -

      1.xxi. Changes since 3.0.6

      +

      1.xxiii. Changes since 3.0.6

      • [Fix] Allow ban reason and length to be selected and copied in ACP and subsilver2 MCP. (Bug #51095)
        • @@ -3364,7 +3446,7 @@
      -

      1.xxii. Changes since 3.0.5

      +

      1.xxiv. Changes since 3.0.5

      • [Fix] Allow whitespaces in avatar gallery names. (Bug #44955)
        • @@ -3586,7 +3668,7 @@
      • [Feature] Send anonymous statistical information to phpBB on installation and update (optional).
      -

      1.xxiii. Changes since 3.0.4

      +

      1.xxv. Changes since 3.0.4

      • [Fix] Delete user entry from ban list table upon user deletion (Bug #40015 - Patch by TerraFrost)
        • @@ -3675,7 +3757,7 @@
      • [Sec] Only use forum id supplied for posting if global announcement detected. (Reported by nickvergessen)
      -

      1.xxiv. Changes since 3.0.3

      +

      1.xxvi. Changes since 3.0.3

      • [Fix] Allow mixed-case template directories to be inherited (Bug #36725)
        • @@ -3707,7 +3789,7 @@
      • [Sec] Ask for forum password if post within passworded forum quoted in private message. (Reported by nickvergessen)
      -

      1.xxv. Changes since 3.0.2

      +

      1.xxvii. Changes since 3.0.2

      • [Fix] Correctly set topic starter if first post in topic removed (Bug #30575 - Patch by blueray2048)
        • @@ -3806,7 +3888,7 @@
      • [Sec Precaution] Stricter validation of the HTTP_HOST header (Thanks to Techie-Micheal et al for pointing out possible issues in derived code)
      -

      1.xxvi. Changes since 3.0.1

      +

      1.xxviii. Changes since 3.0.1

      • [Fix] Ability to set permissions on non-mysql dbms (Bug #24955)
        • @@ -3854,7 +3936,7 @@
      • [Sec] Only allow urls gone through redirect() being used within login_box(). (thanks nookieman)
      -

      1.xxvii. Changes since 3.0.0

      +

      1.xxix. Changes since 3.0.0

      • [Change] Validate birthdays (Bug #15004)
        • @@ -3925,7 +4007,7 @@
      • [Fix] Find and display colliding usernames correctly when converting from one database to another (Bug #23925)
      -

      1.xxviii. Changes since 3.0.RC8

      +

      1.xxx. Changes since 3.0.RC8

      • [Fix] Cleaned usernames contain only single spaces, so "a_name" and "a__name" are treated as the same name (Bug #15634)
        • @@ -3934,7 +4016,7 @@
      • [Fix] Call garbage_collection() within database updater to correctly close connections (affects Oracle for example)
      -

      1.xxix. Changes since 3.0.RC7

      +

      1.xxxi. Changes since 3.0.RC7

      • [Fix] Fixed MSSQL related bug in the update system
        • @@ -3969,7 +4051,7 @@
      • [Fix] No duplication of active topics (Bug #15474)
      -

      1.xxx. Changes since 3.0.RC6

      +

      1.xxxii. Changes since 3.0.RC6

      • [Fix] Submitting language changes using acp_language (Bug #14736)
        • @@ -3979,7 +4061,7 @@
      • [Fix] Able to request new password (Bug #14743)
      -

      1.xxxi. Changes since 3.0.RC5

      +

      1.xxxiii. Changes since 3.0.RC5

      • [Feature] Removing constant PHPBB_EMBEDDED in favor of using an exit_handler(); the constant was meant to achive this more or less.
        • @@ -4042,7 +4124,7 @@
      • [Sec] New password hashing mechanism for storing passwords (#i42)
      -

      1.xxxii. Changes since 3.0.RC4

      +

      1.xxxiv. Changes since 3.0.RC4

      • [Fix] MySQL, PostgreSQL and SQLite related database fixes (Bug #13862)
        • @@ -4093,7 +4175,7 @@
      • [Fix] odbc_autocommit causing existing result sets to be dropped (Bug #14182)
      -

      1.xxxiii. Changes since 3.0.RC3

      +

      1.xxxv. Changes since 3.0.RC3

      • [Fix] Fixing some subsilver2 and prosilver style issues
        • @@ -4202,7 +4284,7 @@
      -

      1.xxxiv. Changes since 3.0.RC2

      +

      1.xxxvi. Changes since 3.0.RC2

      • [Fix] Re-allow searching within the memberlist
        • @@ -4248,7 +4330,7 @@
      -

      1.xxxv. Changes since 3.0.RC1

      +

      1.xxxvii. Changes since 3.0.RC1

      • [Fix] (X)HTML issues within the templates (Bug #11255, #11255)
        • diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php index 2d4cb727a7..0ac9208aa4 100644 --- a/phpBB/includes/constants.php +++ b/phpBB/includes/constants.php @@ -28,7 +28,7 @@ if (!defined('IN_PHPBB')) */ // phpBB Version -define('PHPBB_VERSION', '3.1.2-RC1-dev'); +define('PHPBB_VERSION', '3.1.3-RC1-dev'); // QA-related // define('PHPBB_QA', 1); diff --git a/phpBB/includes/startup.php b/phpBB/includes/startup.php index 50fcd11bee..2885c80541 100644 --- a/phpBB/includes/startup.php +++ b/phpBB/includes/startup.php @@ -69,31 +69,13 @@ function deregister_globals() { if (isset($not_unset[$varname])) { - // Hacking attempt. No point in continuing unless it's a COOKIE (so a cookie called GLOBALS doesn't lock users out completely) - if ($varname !== 'GLOBALS' || isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_SERVER['GLOBALS']) || isset($_SESSION['GLOBALS']) || isset($_ENV['GLOBALS']) || isset($_FILES['GLOBALS'])) + // Hacking attempt. No point in continuing. + if (isset($_COOKIE[$varname])) { - exit; - } - else - { - $cookie = &$_COOKIE; - while (isset($cookie['GLOBALS'])) - { - if (!is_array($cookie['GLOBALS'])) - { - break; - } - - foreach ($cookie['GLOBALS'] as $registered_var => $value) - { - if (!isset($not_unset[$registered_var])) - { - unset($GLOBALS[$registered_var]); - } - } - $cookie = &$cookie['GLOBALS']; - } + echo "Clear your cookies. "; } + echo "Malicious variable name detected. Contact the administrator and ask them to disable register_globals."; + exit; } unset($GLOBALS[$varname]); diff --git a/phpBB/install/convertors/convert_phpbb20.php b/phpBB/install/convertors/convert_phpbb20.php index effd72aeff..da53d2c143 100644 --- a/phpBB/install/convertors/convert_phpbb20.php +++ b/phpBB/install/convertors/convert_phpbb20.php @@ -38,7 +38,7 @@ $dbms = $phpbb_config_php_file->convert_30_dbms_to_31($dbms); $convertor_data = array( 'forum_name' => 'phpBB 2.0.x', 'version' => '1.0.3', - 'phpbb_version' => '3.1.1', + 'phpbb_version' => '3.1.2', 'author' => 'phpBB Limited', 'dbms' => $dbms, 'dbhost' => $dbhost, diff --git a/phpBB/install/schemas/schema_data.sql b/phpBB/install/schemas/schema_data.sql index 8fd163a81f..ea51e5df76 100644 --- a/phpBB/install/schemas/schema_data.sql +++ b/phpBB/install/schemas/schema_data.sql @@ -273,7 +273,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('tpl_allow_php', '0 INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_icons_path', 'images/upload_icons'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_path', 'files'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('use_system_cron', '0'); -INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.1.2-RC1-dev'); +INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.1.3-RC1-dev'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_expire_days', '90'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_gc', '14400'); diff --git a/phpBB/phpbb/db/migration/data/v31x/v312.php b/phpBB/phpbb/db/migration/data/v31x/v312.php new file mode 100644 index 0000000000..12a3ec3ae6 --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v31x/v312.php @@ -0,0 +1,31 @@ + + * @license GNU General Public License, version 2 (GPL-2.0) + * + * For full copyright and license information, please see + * the docs/CREDITS.txt file. + * + */ + +namespace phpbb\db\migration\data\v31x; + +class v312 extends \phpbb\db\migration\migration +{ + static public function depends_on() + { + return array( + '\phpbb\db\migration\data\v31x\v312rc1', + ); + } + + public function update_data() + { + return array( + array('config.update', array('version', '3.1.2')), + ); + } +} diff --git a/phpBB/phpbb/db/migration/data/v31x/v312rc1.php b/phpBB/phpbb/db/migration/data/v31x/v312rc1.php new file mode 100644 index 0000000000..d4b133fc01 --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v31x/v312rc1.php @@ -0,0 +1,32 @@ + +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\db\migration\data\v31x; + +class v312rc1 extends \phpbb\db\migration\migration +{ + static public function depends_on() + { + return array( + '\phpbb\db\migration\data\v31x\v311', + '\phpbb\db\migration\data\v31x\m_softdelete_global', + ); + } + + public function update_data() + { + return array( + array('config.update', array('version', '3.1.2-RC1')), + ); + } +} diff --git a/phpBB/styles/prosilver/style.cfg b/phpBB/styles/prosilver/style.cfg index 9684df73ba..41e0d68714 100644 --- a/phpBB/styles/prosilver/style.cfg +++ b/phpBB/styles/prosilver/style.cfg @@ -21,8 +21,8 @@ # General Information about this style name = prosilver copyright = © phpBB Limited, 2007 -style_version = 3.1.1 -phpbb_version = 3.1.1 +style_version = 3.1.2 +phpbb_version = 3.1.2 # Defining a different template bitfield # template_bitfield = lNg= diff --git a/phpBB/styles/subsilver2/style.cfg b/phpBB/styles/subsilver2/style.cfg index 3b33c07002..6014b89e66 100644 --- a/phpBB/styles/subsilver2/style.cfg +++ b/phpBB/styles/subsilver2/style.cfg @@ -21,8 +21,8 @@ # General Information about this style name = subsilver2 copyright = © 2005 phpBB Limited -style_version = 3.1.1 -phpbb_version = 3.1.1 +style_version = 3.1.2 +phpbb_version = 3.1.2 # Defining a different template bitfield # template_bitfield = lNg=