From 18abef716ecf42a35416444f3f84f5459d573789 Mon Sep 17 00:00:00 2001
From: Marc Alexander <admin@m-a-styles.de>
Date: Wed, 23 Dec 2015 17:31:43 +0100
Subject: [PATCH 1/6] [ticket/security-188] Check form key in acp_bbcodes

SECURITY-188
---
 phpBB/includes/acp/acp_bbcodes.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/phpBB/includes/acp/acp_bbcodes.php b/phpBB/includes/acp/acp_bbcodes.php
index e245eea069..35ac33882e 100644
--- a/phpBB/includes/acp/acp_bbcodes.php
+++ b/phpBB/includes/acp/acp_bbcodes.php
@@ -33,6 +33,7 @@ class acp_bbcodes
 		// Set up general vars
 		$action	= request_var('action', '');
 		$bbcode_id = request_var('bbcode', 0);
+		$submit = $request->is_set_post('submit');
 
 		$this->tpl_name = 'acp_bbcodes';
 		$this->page_title = 'ACP_BBCODES';
@@ -40,6 +41,11 @@ class acp_bbcodes
 
 		add_form_key($form_key);
 
+		if ($submit && !check_form_key($form_key))
+		{
+			trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+		}
+
 		// Set up mode-specific vars
 		switch ($action)
 		{

From 87345807ded8602c0266ccf9b04ea39e0f30243d Mon Sep 17 00:00:00 2001
From: Marc Alexander <admin@m-a-styles.de>
Date: Wed, 23 Dec 2015 17:32:31 +0100
Subject: [PATCH 2/6] [ticket/security-188] Remove unused form key from
 acp_extensions

SECURITY-188
---
 phpBB/includes/acp/acp_extensions.php | 2 --
 1 file changed, 2 deletions(-)

diff --git a/phpBB/includes/acp/acp_extensions.php b/phpBB/includes/acp/acp_extensions.php
index 0c9bc0deab..e66bd01464 100644
--- a/phpBB/includes/acp/acp_extensions.php
+++ b/phpBB/includes/acp/acp_extensions.php
@@ -121,8 +121,6 @@ class acp_extensions
 					'U_ACTION' 				=> $this->u_action,
 				));
 
-				add_form_key('version_check_settings');
-
 				$this->tpl_name = 'acp_ext_list';
 			break;
 

From 80c32fb7ef107e0d6ae9eae56688d6a087184f41 Mon Sep 17 00:00:00 2001
From: kasimi <kasimi@inbox.ru>
Date: Sun, 27 Dec 2015 14:52:20 +0100
Subject: [PATCH 3/6] [ticket/14343] Added missing $phpbb_dispatcher

PHPBB3-14343
---
 phpBB/includes/mcp/mcp_main.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/phpBB/includes/mcp/mcp_main.php b/phpBB/includes/mcp/mcp_main.php
index 9696605450..d0908a0d8b 100644
--- a/phpBB/includes/mcp/mcp_main.php
+++ b/phpBB/includes/mcp/mcp_main.php
@@ -262,7 +262,7 @@ class mcp_main
 */
 function lock_unlock($action, $ids)
 {
-	global $auth, $user, $db, $phpEx, $phpbb_root_path, $request;
+	global $auth, $user, $db, $phpEx, $phpbb_root_path, $request, $phpbb_dispatcher;
 
 	if ($action == 'lock' || $action == 'unlock')
 	{

From 89da4e8bf73b9fe14f83fd73f476e1031d9d9854 Mon Sep 17 00:00:00 2001
From: Joas Schilling <nickvergessen@gmx.de>
Date: Sat, 9 Jan 2016 09:35:03 +0100
Subject: [PATCH 4/6] [prep-release-3.1.7] Update version to 3.1.7-pl1

---
 build/build.xml                       | 4 ++--
 phpBB/includes/constants.php          | 2 +-
 phpBB/install/schemas/schema_data.sql | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/build/build.xml b/build/build.xml
index 017e171550..601ec2ccf7 100644
--- a/build/build.xml
+++ b/build/build.xml
@@ -2,9 +2,9 @@
 
 <project name="phpBB" description="The phpBB forum software" default="all" basedir="../">
 	<!-- a few settings for the build -->
-	<property name="newversion" value="3.1.7" />
+	<property name="newversion" value="3.1.7-pl1" />
 	<property name="prevversion" value="3.1.6" />
-	<property name="olderversions" value="3.0.14, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5" />
+	<property name="olderversions" value="3.0.14, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.7-RC1, 3.1.7" />
 	<!-- no configuration should be needed beyond this point -->
 
 	<property name="oldversions" value="${olderversions}, ${prevversion}" />
diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php
index 1493b5e4bf..062975ac62 100644
--- a/phpBB/includes/constants.php
+++ b/phpBB/includes/constants.php
@@ -28,7 +28,7 @@ if (!defined('IN_PHPBB'))
 */
 
 // phpBB Version
-define('PHPBB_VERSION', '3.1.7');
+define('PHPBB_VERSION', '3.1.7-pl1');
 
 // QA-related
 // define('PHPBB_QA', 1);
diff --git a/phpBB/install/schemas/schema_data.sql b/phpBB/install/schemas/schema_data.sql
index 205b0e83de..b091016446 100644
--- a/phpBB/install/schemas/schema_data.sql
+++ b/phpBB/install/schemas/schema_data.sql
@@ -273,7 +273,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('tpl_allow_php', '0
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_icons_path', 'images/upload_icons');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_path', 'files');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('use_system_cron', '0');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.1.7');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.1.7-pl1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_expire_days', '90');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_gc', '14400');
 

From 29a239a4dbde664ddb7936bd5f7b7e12d5fbc5db Mon Sep 17 00:00:00 2001
From: Joas Schilling <nickvergessen@gmx.de>
Date: Sat, 9 Jan 2016 09:35:53 +0100
Subject: [PATCH 5/6] [prep-release-3.1.7] Add migration for 3.1.7-pl1

---
 .../phpbb/db/migration/data/v31x/v317pl1.php  | 31 +++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 phpBB/phpbb/db/migration/data/v31x/v317pl1.php

diff --git a/phpBB/phpbb/db/migration/data/v31x/v317pl1.php b/phpBB/phpbb/db/migration/data/v31x/v317pl1.php
new file mode 100644
index 0000000000..2e1b0e9b9d
--- /dev/null
+++ b/phpBB/phpbb/db/migration/data/v31x/v317pl1.php
@@ -0,0 +1,31 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+namespace phpbb\db\migration\data\v31x;
+
+class v317pl1 extends \phpbb\db\migration\migration
+{
+	static public function depends_on()
+	{
+		return array(
+			'\phpbb\db\migration\data\v31x\v317',
+		);
+	}
+
+	public function update_data()
+	{
+		return array(
+			array('config.update', array('version', '3.1.7-pl1')),
+		);
+	}
+}

From 85e98a9d702cf179dc09a6ad077fac23bb28ae38 Mon Sep 17 00:00:00 2001
From: Joas Schilling <nickvergessen@gmx.de>
Date: Sat, 9 Jan 2016 09:46:32 +0100
Subject: [PATCH 6/6] [prep-release-3.1.7] Add changelog for 3.1.7-pl1

---
 phpBB/docs/CHANGELOG.html | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html
index a59ea31509..97998e7d00 100644
--- a/phpBB/docs/CHANGELOG.html
+++ b/phpBB/docs/CHANGELOG.html
@@ -49,6 +49,7 @@
 <ol>
 	<li><a href="#changelog">Changelog</a>
 	<ul>
+		<li><a href="#v317">Changes since 3.1.7</a></li>
 		<li><a href="#v316">Changes since 3.1.6</a></li>
 		<li><a href="#v315">Changes since 3.1.5</a></li>
 		<li><a href="#v314">Changes since 3.1.4</a></li>
@@ -114,6 +115,17 @@
 
 		<div class="content">
 
+			<a name="v317"></a><h3>Changes since 3.1.7</h3>
+
+	<h4>Security Issue</h4>
+	<ul>
+		<li>[SECURITY-188] - Check form key in acp_bbcodes</li>
+	</ul>
+	<h4>Bug</h4>
+	<ul>
+		<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-14343">PHPBB3-14343</a>] - Undefined variable $phpbb_dispatcher when (un-)locking a topic or post</li>
+	</ul>
+
 			<a name="v316"></a><h3>Changes since 3.1.6</h3>
 
 	<h4>Bug</h4>