phpBB

Okay, that is pretty raw, but better to have it in place than trying to play catch-up. Introducing an early stage of CAPTCHA modules.

add missing dot. :)

Remove a useless str_replace()

Remove caching of templates from the database completely, themes is cut down ready for a complete chop, and fix the installer :)

marge

#27395

merge

Merging mime and referer checks into the Trunk

some missing merges…

Go away evil carriage returns\!

Merging revisions #r8346, #r8347 and #r8348

nit rightfully picked

- Do not split topic list for topics being promoted to announcements after been moved to another forum (Bug #18635)
- Allow editing usernames within database_update on username cleanup (Bug #18415)
- Fixing wrong sync() calls if moving all posts by a member in ACP (Bug #18385)
- Check entered imagemagick path for trailing slash (Bug #18205)
- Use proper title on index for new/unread posts (Bug #13101) – patch provided by Pyramide
- Allow calls to $user->set_cookie() define no cookie time for setting session cookies (Bug #18025)

oh boy…
- Migrate code base to PHP 5.1+

try to add another fix for bans

make the ban check perform a bit better :/

- fixed database updater
- fixed hook function call in database updater
- fixed bot agent detection (we used a wildcard within the w3c-agent, therefore we should really support this. ;))

new hook system (do not get it confused with events or plugins please)
- introducing two new hookable functions too

put expressions for ip validation into our get_preg_ function.

fixing some bugs

two fixes

• empty log message *

fix session problems for those using mysql in strict mode and users having a browser agent string > 150 characters.

please have a second look at the change within session.php – we had a few “doubled” keys within the db…

hehehe… :(

remove T_THEME_DATA completely… now the css data is able to be fetched for banned users too. Gives us a good chunk of memory back.

- search result extract shouldn’t end in the middle of a multibyte character [Bug #11863]
- missing localisation for an imageset shouldn’t create lots of “imageset refreshed” log messages [Bug #12027]
- explain that themes which need parsing cannot be stored on the filesystem [Bug #11134]
- normalize usernames (we really need to make sure we normalize everything)
- improved utf8_clean_string, more complete list of homographs and NFKC normalization, also the resulting string is now trimmed
- corrected searching subforums explanation [Bug #12209]

some more fixes

#12705

fixing some bugs

Maybe we shouldn’t trust the language settings in the db so much.

This should be a better fix for #12441

Should also fix #12393

well, oops.

#12441

Changing the behaviour of the hideonline permission.

Test the current setting before altering the memory limit during install(Bug #12195)

And another language var.

hopefully not too late in the game. Checked in new jabber class (the class done by the flyspray project). It would be nice if this could be tested with more servers – jabber.org seems to work fine…
- other fixes

- style.php uses default language fallback for the imageset like session.php now
- style.php removes placeholders for non-existant images instead of leaving them alone
- automatically try to load a localised part of an imageset if the folder exists and no images for that language were found in the database, thanks PhilippK

added class for disabled options in ACP
E_USER_ERROR now using language keys if available [related to #10445]
UCP/MCP title tags [#10441]
Check $start parameter in viewforum [#10435]
Check for postable forum for moving user posts within users ACP [#10433]
Show error if admin tries to put forums beneath linked forums [related to #10433]
Correctly catch attachments while moving posts [#10431]
language change in install.html [#10425]
Updated AUTHORS file

#10283 – no style if banning anonymous/ip and using style requiring stylesheet parsing. Also fixes a bug for non-parsed THEME_DATA…

- correctly initialise $words in fulltext_native [Bug #347]
- display ignored words from sub-search-queries
- “Return to search page” [Bug #9591]
- spelling in coding guidelines
- htmlspecialchars forwarded_for before logging

some fixes…

fix issue with user agent and debug_extra enabled – reported by kellanved…

- fix htmlspecialchars handling in search (search backends get specialchared input, and should return specialchared output), current backends strip entities anyway [includes Bug #8156]
- allow cancelling search index creation/removal
- custom CSS class name input too short [Bug #8328]
- give an error message if a password wasn’t convertable (special characters in non-standard encoding)
- moved still_on_time to functions.php, used by acp_search and converter, might be useful for MODs (or complex cron scripts)
- do not allow empty passwords on login
- add sids to local URLs in posts (this was a really terrible bug to fix ;)) [Bug #7892]
ignore invalid HTTP_X_FORWARDED_FOR headers (just use REMOTE_ADDR if invalid) [Bug #8314]
- changed forum listing code on search page and acp_attachments [Bug #6658]
- search indexing uses still_on_time(), smaller batch size (1000) and meta_refresh() instead of redirect(), this should solve a few problems [Bugs #8034, #8270]
- made password requirement language strings clearer
- ALPHA is not meant to be alphanumric [Bug #7764]
- display bug in firefox on linux making the pagination wrap on search results page (caused by  )

trying to fix two conversion issues
- anonymous user not entered correctly or entered with user id 0 (need to be tested)
- ips not converted

- fix some oddities (doubled spaces for example)
- changed the way make_forum_select() is returning the forum list – now including skipped forums but being disabled. This should make identifying the correct forum much more easier.
- Changed some permission namings based on suggestions by the community
- Tried to comply to the permission field ordering within the language files while displaying permission sets. Hopefully it’s worth the additional processing time.
- Disable submit buttons after clicking for installation and conversions.

- fixing some bugs
- removing utf8 characters from email files (has been discussed internally, you guys know why)
- making sure some opendir calls are checked before calling readdir.

- Optimize acl_getf_global a bit
- a little performance improvement of the IP regular expressions
- convert post_text/subject collation to utf8_unicode_ci if a user wants to use mysql_fulltext to allow case insensitivity [Bug #6272]
- mysql_fulltext should alter all necessary columns at once to speed up the process
- validate URLs against RFC3986
- fixed some weirdness in make_clickable
I hope I didn’t break any URLs with this commit, if I did then report it to the bugtracker please!

I’m very oblivious today :@

- finally correctly calculate current time for birthday calculation [Bug #6030]
- allow searching forums with unsearchable subforums [Bug #6056]
- addition of an optional HTTP_X_FORWARDED_FOR check in sessions, including bans
- do not index forums which have indexing disabled on index recreation [Bug #6060]
- properly handle html entities in the theme editor [Bug #6048]
- anonymous access is no longer required for the LDAP auth plugin [Bug #6046]
- corrected mcp_front queue link to point to approve_details [Bug #6134]
- added direct (dis)approval to mcp_front queue items [Bug #6134]
- proper mysql version test for fulltext-compatibility [Bug #6054]
- added note to style/language “used by” column so it’s clear that bots are included
- correctly update bot last visit time [Bug #6108]

- author search should use clean names for searching [Bug #5752]
- local moderators are moderators too!
- don’t show a “word is not contained in any post” message for ignored common words
- bold search words in search error messages [Bug #5762]

fix for bug #5676 – of course the “delete install folder” notice should not occur if directly within installation.

- fixing a bunch of bugs
- moved the install trigger error to sessions and also disabled it for those having DEBUG_EXTRA enabled.
i hope not having introduced too many new bugs.

- fixes for the following bugs:
#5326
#5318
#5304
#5290
#5288
#5278
#5276
#5272
#5266
- also fixed the “Call-time pass-by-reference” bug #5252
- within this step changed the normalize calls to require references.
- added captcha size variables to the class scope (suggestion was posted at area51)

#5094

comment out for the moment – it may be not fair to disallow “virtual” urls. :)

ok, i do not why the db is setting the type for user id to string – but with this change bots should no longer “spawn” sessions. ;)

- extend config checking to include check for writeable path
- removed not utilized user_allow_email column from schema
- removed inactive groups (they had no use at all, since inactive users are not able to login)
The only benefit those brought are distinguish users – but this is no longer needed too due to the inactive code present. This also allows us to retain group memberships as well as default settings for users being set inactive due to profile changes.
- rewrote user_active_flip to support multiple users and a mode, as well as coping with the aforementioned changes
- implemented updated jabber class to support SRV server records and for better jabberd2 support.
- jabber errors now logged to the error log with a full transaction
- fixed user_delete calls to include usernames where possible and also update last post information correctly
- implemented additioal checks to user management to cope with common mistakes
- On installation, guess the required mysql schema as best as possible. Users now only need to decide if they want to use the mysqli extension or not (mysqli selected by default) and no longer need to know their mysql version.
- founders do not need to re-activate their account on profile changes
- remove older session if re-authentication was successful (re-authentication always assigns a new session id)
- set the cookie directly instead of using php’s function
- added inactive_remind to see which users got deactivated because of reminders (or re-activation) sent out

hopefully not introduced too many bugs – those testing with CVS releases, please concentrate on user registration, activation, profile changes (email/password)...

Prevent cookies from other applications interfering with our forms

use the “old” approach

- fixed some bugs
- changed attachment handling a bit
- tried to remove target tags out of the code
- do not add session ids to urls for bots as well as not creating a new session on each page view for them

I bet i introduced some bugs too. ;)

- birthdays/age in user’s timezone and not server’s local time
- parse bbcode in posts with fewer characters than selected maximum on search results page
- retrieve search word context in posts which are longer than maximum characters (no raw BBCode anymore)
- formatted text is processed in the same order everywhere now: censor_text, replace newlines, bbcode, smileys, attachments, highlighting [including Bug #2048]
- highlighting pattern updated to exclude style and script (e.g custom BBCode) [Bug #3856]
- fixed a style problem in Opera [Bug #3770]
- performance increase for user::img()
- slight adjustments to search

- casting to int so this won’t throw any unwanted errors

submit some attachment changes/fixes as well as fixing the language pack download for zip files.

- fixed some problems with themes
- added support for {IMG_NAME_SRC}, {IMG_NAME_WIDTH} and {IMG_NAME_HEIGHT}
- fulltext_native has to use group by in a few more quries

Fix session id assignment for bots (previously this bug related in bots creating a new session for every view, now bots are assigned one session like normal users – still no rotation).
If cookie is there but having an empty session try to get it through the url – but also resetting the user

- also check for registered users since i do not think guests and bots want to change their password.

some bugfixes

make sure set_config is called with the correct is_dynamic value

some bugfixes

- fixed a few bugs
- added user_add() function
- check posted images ([img]) for same domain/scipt and php files
- auth_api.html updated to the coding guidelines look&feel
- introduced ability to force non page-updates (cron is using it)
- correctly resend coppa email

ok, this one is rather large… the most important change:
re-introduce append_sid: old style continues to work, not a performance hog as it was in 2.0.x -> structure is differe