When an administrator set a numbers field to default to 'not specified', a SQL
error was caused on the registration page because it was tried to insert an
empty string into an integer column.
Because the column already supports NULL values, empty strings are now
converted to NULL for custom profile fields of the type 'Numbers' before
insertion into the data table.
PHPBB3-9075
explode('|', '') and explode('|', NULL) both return array(0 => '') which can
cause filespec::check_content() to reject everything starting with a '<'
character in case $config['mime_triggers'] is an empty string or not set.
fileupload::set_disallowed_content() now filters out empty strings by calling
array_diff() on the passed array, so setting $config['mime_triggers'] to an
empty string will turn off mime checking completely.
On the other side we want to fail safe if $config['mime_triggers'] is not set
at all. To do this, the array fileupload::$disallowed_content now contains some
default strings to be filtered out.
PHPBB3-9764
Changed queue locking to cover all queue file operations,
in particular the check for queue file existince and
inclusion of queue file must be done under one lock.
Also refactored queue locking and unlocking into separate
methods.
PHPBB3-9061
* ticket/bantu/9627:
[ticket/9627] Prefix function names with 'phpbb_'.
[ticket/9627] Adding unit tests for http_byte_range().
[ticket/9627] Adding download unit tests.
[ticket/9627] Split http_range_request() into several functions.
[ticket/9627] Make sure range request reads till the end of the file.
[ticket/9627] Make use of 'static' since the function is called more than once
[ticket/9627] Make sure the database record for the filesize is correct.
[ticket/9627] Do not increase download counter if file is requested partially.
[ticket/9627] Support for HTTP range requests in download/file.php
* develop-olympus:
[ticket/9478] Validate maximum number of allowed recipients per PM value.
[ticket/9686] Fix mssqlnative database data export
[ticket/9595] List min/max characters indexed by search for mysql_fulltext.
[ticket/9101] Remove misleading 'below' from RECAPTCHA_EXPLAIN.
[ticket/9853] Change recaptcha theme from default to 'clean'.
* ticket/bantu/9101:
[ticket/9101] Remove misleading 'below' from RECAPTCHA_EXPLAIN.
* ticket/bantu/9595:
[ticket/9595] List min/max characters indexed by search for mysql_fulltext.
* ticket/bantu/9853:
[ticket/9853] Change recaptcha theme from default to 'clean'.
We require version 1.1 of the sqlsrv extension anyway so the regular
sqlsrv_num_rows can be used instead of buffering the result. The result
buffer (class result_mssqlnative) should never automatically free the
resource it receives - we consistently close resources using sql_freeresult().
PHPBB3-9686
* develop-olympus:
[ticket/9509] Remove section 8 from index
[ticket/9509] Close anchor tag in coding guidelines
[ticket/9854] Revise docs/auth_api.html to add more methods
[ticket/9509] The VCS is now git
[ticket/9840] Display view unread posts link for guests.
Conflicts:
phpBB/docs/coding-guidelines.html
* develop-olympus:
[ticket/7332] Fix post details expand link rendering on Webkit.
[ticket/9162] Prevent notice on unset poll title
[ticket/7417] Also focus search keywords and username in subsilver2.
[ticket/7417] Focus username field when prosilver login page is loaded.
[ticket/7417] Focus search keywords field when prosilver search page is loaded.
[ticket/9841] Change "Save" to "Save draft", "Load" to "Load draft".
[ticket/9664] Resolve conflict with accesskey="t", change addlitsitem to "y".
[ticket/7538] Limit user_login_attempts to prevent SQL errors.
[ticket/9848] Add avatars, attachments and store files to .gitignore.
[ticket/9822] Correct some style related ACP explain statements.
[ticket/9698] Add .htaccess to the includes subdirectory.
[ticket/9830] Redirect to install directly when config.php does not exist.
[ticket/9816] Remove config.php from repository
[ticket/9810] Hide "Select All" of code bbcode on print page
Add .htaccess to the includes folder to prevent full path disclosure when
running PHP 5.3. When the error_reporting setting in php.ini contains the
E_DEPRECATED error level, the PHP parser throws an error message containing
the local filesystem path when accessing one of the captcha plugins directly.
This is because the captcha plugins return explicit references for PHP 4
compatibility.
PHPBB3-9698
* feature/igorw/request-class: (21 commits)
[feature/request-class] Fix mcp.php mode parameter
[feature/request-class] Fix remember and session hide on login
[feature/request-class] Fix missing include in database_update
[feature/request-class] Make additional request test cases run
[feature/request-class] Adjust some trailing newlines
[feature/request-class] Remove tricky $_* is_array from acp_profile
[feature/request-class] Convert any direct access to $_* to use $request
[feature/request-class] Add $request to style.php, minor change
[feature/request-class] Prevent recursive_set_var from applying htmlspecialchars twice
[feature/request-class] Removal of direct access to some superglobals
[feature/request-class] Refactor request classes to use autoloading
[feature/request-class] Automatically normalize multibyte data in request_var
[feature/request-class] Request class test now uses a type cast helper mock.
[feature/request-class] Refactored request class and wrapper functions.
[feature/request-class] Extracted type casting helpers from the request class.
[feature/request-class] Replace direct use of GET/REQUEST with request_var.
[feature/request-class] Use the request class in the installer & updater.
[feature/request-class] request_var should return after setting the request object.
[feature/request-class] Instantiate a global request class instance.
[feature/request-class] New request class supports recursive arrays.
...
All class names have been adjusted to use a phpbb_request prefix,
allowing them to be autoloaded.
Also introduces some improvements to autoloading in general.
PHPBB3-9716
To save users from having to run everything through
utf8_normalize_nfc(), a call is done automatically from within set_var,
which is called by request_var.
PHPBB3-9716
