phpBB

Code Changes

File: includes/functions.php

  Unmodified   Added   Modified   Removed
Line 65Line 65

/**
* Generates an alphanumeric random string of given length


/**
* Generates an alphanumeric random string of given length

 
*
* @param int $num_chars Length of random string, defaults to 8.
* This number should be less or equal than 64.

*
* @return string
*/
function gen_rand_string($num_chars = 8)
{

*
* @return string
*/
function gen_rand_string($num_chars = 8)
{

	// [a, z] + [0, 9] = 36
return substr(strtoupper(base_convert(unique_id(), 16, 36)), 0, $num_chars);










	$range = array_merge(range('A', 'Z'), range(0, 9));
$size = count($range);

$output = '';
for ($i = 0; $i < $num_chars; $i++)
{
$rand = random_int(0, $size-1);
$output .= $range[$rand];
}

return $output;

}

/**
* Generates a user-friendly alphanumeric random string of given length
* We remove 0 and O so users cannot confuse those in passwords etc.

}

/**
* Generates a user-friendly alphanumeric random string of given length
* We remove 0 and O so users cannot confuse those in passwords etc.

 
*
* @param int $num_chars Length of random string, defaults to 8.
* This number should be less or equal than 64.

*
* @return string
*/
function gen_rand_string_friendly($num_chars = 8)
{

*
* @return string
*/
function gen_rand_string_friendly($num_chars = 8)
{

	$rand_str = unique_id();


	$range = array_merge(range('A', 'N'), range('P', 'Z'), range(1, 9));
$size = count($range);





	// Remove Z and Y from the base_convert(), replace 0 with Z and O with Y
// [a, z] + [0, 9] - {z, y} = [a, z] + [0, 9] - {0, o} = 34
$rand_str = str_replace(array('0', 'O'), array('Z', 'Y'), strtoupper(base_convert($rand_str, 16, 34)));




	$output = '';
for ($i = 0; $i < $num_chars; $i++)
{
$rand = random_int(0, $size-1);
$output .= $range[$rand];
}





	return substr($rand_str, 0, $num_chars);

	return $output;

}

/**

}

/**

Line 96Line 115
*/
function unique_id()
{

*/
function unique_id()
{

	return bin2hex(random_bytes(8));

	return strtolower(gen_rand_string(16));

}

/**

}

/**

Line 602Line 621

if ($mode == 'all')
{


if ($mode == 'all')
{

		if ($forum_id === false || !sizeof($forum_id))

		if (empty($forum_id))

		{
// Mark all forums read (index page)
/* @var $phpbb_notifications \phpbb\notification\manager */

		{
// Mark all forums read (index page)
/* @var $phpbb_notifications \phpbb\notification\manager */

Line 661Line 680
				}
}
}

				}
}
}


return;

 
	}
else if ($mode == 'topics')
{

	}
else if ($mode == 'topics')
{

Line 727Line 744
			}
$db->sql_freeresult($result);


			}
$db->sql_freeresult($result);


			if (sizeof($sql_update))

			if (count($sql_update))

			{
$sql = 'UPDATE ' . FORUMS_TRACK_TABLE . "
SET mark_time = $post_time

			{
$sql = 'UPDATE ' . FORUMS_TRACK_TABLE . "
SET mark_time = $post_time

Line 789Line 806

unset($tracking);
}


unset($tracking);
}


return;

 
	}
else if ($mode == 'topic')
{

	}
else if ($mode == 'topic')
{

Line 863Line 878

// We get the ten most minimum stored time offsets and its associated topic ids
$time_keys = array();


// We get the ten most minimum stored time offsets and its associated topic ids
$time_keys = array();

				for ($i = 0; $i < 10 && sizeof($tracking['t']); $i++)

				for ($i = 0; $i < 10 && count($tracking['t']); $i++)

				{
$min_value = min($tracking['t']);
$m_tkey = array_search($min_value, $tracking['t']);

				{
$min_value = min($tracking['t']);
$m_tkey = array_search($min_value, $tracking['t']);

Line 904Line 919
			$user->set_cookie('track', tracking_serialize($tracking), $post_time + 31536000);
$request->overwrite($config['cookie_name'] . '_track', tracking_serialize($tracking), \phpbb\request\request_interface::COOKIE);
}

			$user->set_cookie('track', tracking_serialize($tracking), $post_time + 31536000);
$request->overwrite($config['cookie_name'] . '_track', tracking_serialize($tracking), \phpbb\request\request_interface::COOKIE);
}


return;

 
	}
else if ($mode == 'post')
{

	}
else if ($mode == 'post')
{

Line 930Line 943

$db->sql_return_on_error(false);
}


$db->sql_return_on_error(false);
}


return;

 
	}

	}

 

/**
* This event is used for performing actions directly after forums,
* topics or posts have been marked as read.
*
* @event core.markread_after
* @var string mode Variable containing marking mode value
* @var mixed forum_id Variable containing forum id, or false
* @var mixed topic_id Variable containing topic id, or false
* @var int post_time Variable containing post time
* @var int user_id Variable containing the user id
* @since 3.2.6-RC1
*/
$vars = array(
'mode',
'forum_id',
'topic_id',
'post_time',
'user_id',
);
extract($phpbb_dispatcher->trigger_event('core.markread_after', compact($vars)));

}

/**

}

/**

Line 959Line 991

$topic_ids = array_diff($topic_ids, array_keys($last_read));



$topic_ids = array_diff($topic_ids, array_keys($last_read));


	if (sizeof($topic_ids))

	if (count($topic_ids))

	{
$mark_time = array();


	{
$mark_time = array();


Line 1011Line 1043

$topic_ids = array_diff($topic_ids, array_keys($last_read));



$topic_ids = array_diff($topic_ids, array_keys($last_read));


		if (sizeof($topic_ids))

		if (count($topic_ids))

		{
$sql = 'SELECT forum_id, mark_time
FROM ' . FORUMS_TRACK_TABLE . "

		{
$sql = 'SELECT forum_id, mark_time
FROM ' . FORUMS_TRACK_TABLE . "

Line 1038Line 1070
	{
global $tracking_topics;


	{
global $tracking_topics;


		if (!isset($tracking_topics) || !sizeof($tracking_topics))

		if (!isset($tracking_topics) || !count($tracking_topics))

		{
$tracking_topics = $request->variable($config['cookie_name'] . '_track', '', true, \phpbb\request\request_interface::COOKIE);
$tracking_topics = ($tracking_topics) ? tracking_unserialize($tracking_topics) : array();

		{
$tracking_topics = $request->variable($config['cookie_name'] . '_track', '', true, \phpbb\request\request_interface::COOKIE);
$tracking_topics = ($tracking_topics) ? tracking_unserialize($tracking_topics) : array();

Line 1065Line 1097

$topic_ids = array_diff($topic_ids, array_keys($last_read));



$topic_ids = array_diff($topic_ids, array_keys($last_read));


		if (sizeof($topic_ids))

		if (count($topic_ids))

		{
$mark_time = array();


		{
$mark_time = array();


Line 1407Line 1439
				switch ($string[$i])
{
case '(':

				switch ($string[$i])
{
case '(':

						if (sizeof($stack) >= $max_depth)

						if (count($stack) >= $max_depth)

						{
die('Invalid data supplied');
}

						{
die('Invalid data supplied');
}

Line 1461Line 1493
		}
}


		}
}


	if (sizeof($stack) != 0 || ($mode != 0 && $mode != 3))

	if (count($stack) != 0 || ($mode != 0 && $mode != 3))

	{
die('Invalid data supplied');
}

	{
die('Invalid data supplied');
}

Line 1644Line 1676
*/
function generate_board_url($without_script_path = false)
{

*/
function generate_board_url($without_script_path = false)
{

	global $config, $user, $request;

	global $config, $user, $request, $symfony_request;


$server_name = $user->host;



$server_name = $user->host;


Line 1661Line 1693
	}
else
{

	}
else
{

		$server_port = $request->server('SERVER_PORT', 0);


		$server_port = (int) $symfony_request->getPort();


		$forwarded_proto = $request->server('HTTP_X_FORWARDED_PROTO');

if (!empty($forwarded_proto) && $forwarded_proto === 'https')

		$forwarded_proto = $request->server('HTTP_X_FORWARDED_PROTO');

if (!empty($forwarded_proto) && $forwarded_proto === 'https')

Line 1724Line 1757
	if ($url_parts === false)
{
// Malformed url

	if ($url_parts === false)
{
// Malformed url

		trigger_error('INSECURE_REDIRECT', E_USER_ERROR);

		trigger_error('INSECURE_REDIRECT', E_USER_WARNING);

	}
else if (!empty($url_parts['scheme']) && !empty($url_parts['host']))
{
// Attention: only able to redirect within the same domain if $disable_cd_check is false (yourdomain.com -> www.yourdomain.com will not work)
if (!$disable_cd_check && $url_parts['host'] !== $user->host)
{

	}
else if (!empty($url_parts['scheme']) && !empty($url_parts['host']))
{
// Attention: only able to redirect within the same domain if $disable_cd_check is false (yourdomain.com -> www.yourdomain.com will not work)
if (!$disable_cd_check && $url_parts['host'] !== $user->host)
{

			trigger_error('INSECURE_REDIRECT', E_USER_ERROR);

			trigger_error('INSECURE_REDIRECT', E_USER_WARNING);

		}
}
else if ($url[0] == '/')

		}
}
else if ($url[0] == '/')

Line 1771Line 1804

if (!$disable_cd_check && strpos($url, generate_board_url(true) . '/') !== 0)
{


if (!$disable_cd_check && strpos($url, generate_board_url(true) . '/') !== 0)
{

		trigger_error('INSECURE_REDIRECT', E_USER_ERROR);

		trigger_error('INSECURE_REDIRECT', E_USER_WARNING);

	}

// Make sure no linebreaks are there... to prevent http response splitting for PHP < 4.4.2
if (strpos(urldecode($url), "\n") !== false || strpos(urldecode($url), "\r") !== false || strpos($url, ';') !== false)
{

	}

// Make sure no linebreaks are there... to prevent http response splitting for PHP < 4.4.2
if (strpos(urldecode($url), "\n") !== false || strpos(urldecode($url), "\r") !== false || strpos($url, ';') !== false)
{

		trigger_error('INSECURE_REDIRECT', E_USER_ERROR);

		trigger_error('INSECURE_REDIRECT', E_USER_WARNING);

	}

// Now, also check the protocol and for a valid url the last time...

	}

// Now, also check the protocol and for a valid url the last time...

Line 1786Line 1819

if ($url_parts === false || empty($url_parts['scheme']) || !in_array($url_parts['scheme'], $allowed_protocols))
{


if ($url_parts === false || empty($url_parts['scheme']) || !in_array($url_parts['scheme'], $allowed_protocols))
{

		trigger_error('INSECURE_REDIRECT', E_USER_ERROR);

		trigger_error('INSECURE_REDIRECT', E_USER_WARNING);

	}

/**

	}

/**

Line 1808Line 1841
	else
{
garbage_collection();

	else
{
garbage_collection();

	}

// Redirect via an HTML form for PITA webservers
if (@preg_match('#WebSTAR|Xitami#', getenv('SERVER_SOFTWARE')))
{
header('Refresh: 0; URL=' . $url);

echo '<!DOCTYPE html>';
echo '<html dir="' . $user->lang['DIRECTION'] . '" lang="' . $user->lang['USER_LANG'] . '">';
echo '<head>';
echo '<meta charset="utf-8">';
echo '<meta http-equiv="X-UA-Compatible" content="IE=edge">';
echo '<meta http-equiv="refresh" content="0; url=' . str_replace('&', '&amp;', $url) . '" />';
echo '<title>' . $user->lang['REDIRECT'] . '</title>';
echo '</head>';
echo '<body>';
echo '<div style="text-align: center;">' . sprintf($user->lang['URL_REDIRECT'], '<a href="' . str_replace('&', '&amp;', $url) . '">', '</a>') . '</div>';
echo '</body>';
echo '</html>';

exit;

 
	}

// Behave as per HTTP/1.1 spec for others

	}

// Behave as per HTTP/1.1 spec for others

Line 1839Line 1851
/**
* Re-Apply session id after page reloads
*/

/**
* Re-Apply session id after page reloads
*/

function reapply_sid($url)

function reapply_sid($url, $is_route = false)

{
global $phpEx, $phpbb_root_path;


{
global $phpEx, $phpbb_root_path;


Line 1861Line 1873
		$url = preg_replace("/$phpEx(&amp;|&)+?/", "$phpEx?", $url);
}


		$url = preg_replace("/$phpEx(&amp;|&)+?/", "$phpEx?", $url);
}


	return append_sid($url);

	return append_sid($url, false, true, false, $is_route);

}

/**

}

/**

Line 2110Line 2122
/**
* Build Confirm box
* @param boolean $check True for checking if confirmed (without any additional parameters) and false for displaying the confirm box

/**
* Build Confirm box
* @param boolean $check True for checking if confirmed (without any additional parameters) and false for displaying the confirm box

* @param string $title Title/Message used for confirm box.

* @param string|array $title Title/Message used for confirm box.

*		message text is _CONFIRM appended to title.
* If title cannot be found in user->lang a default one is displayed
* If title_CONFIRM cannot be found in user->lang the text given is used.

*		message text is _CONFIRM appended to title.
* If title cannot be found in user->lang a default one is displayed
* If title_CONFIRM cannot be found in user->lang the text given is used.

 
*       If title is an array, the first array value is used as explained per above,
* all other array values are sent as parameters to the language function.

* @param string $hidden Hidden variables
* @param string $html_body Template used for confirm box
* @param string $u_action Custom form action

* @param string $hidden Hidden variables
* @param string $html_body Template used for confirm box
* @param string $u_action Custom form action

 
*
* @return bool True if confirmation was successful, false if not

*/
function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_body.html', $u_action = '')
{
global $user, $template, $db, $request;

*/
function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_body.html', $u_action = '')
{
global $user, $template, $db, $request;

	global $config, $phpbb_path_helper;

	global $config, $language, $phpbb_path_helper, $phpbb_dispatcher;


if (isset($_POST['cancel']))
{
return false;
}



if (isset($_POST['cancel']))
{
return false;
}


	$confirm = ($user->lang['YES'] === $request->variable('confirm', '', true, \phpbb\request\request_interface::POST));

	$confirm = ($language->lang('YES') === $request->variable('confirm', '', true, \phpbb\request\request_interface::POST));


if ($check && $confirm)
{


if ($check && $confirm)
{

Line 2161Line 2177

// generate activation key
$confirm_key = gen_rand_string(10);


// generate activation key
$confirm_key = gen_rand_string(10);

 

// generate language strings
if (is_array($title))
{
$key = array_shift($title);
$count = array_shift($title);
$confirm_title = $language->is_set($key) ? $language->lang($key, $count, $title) : $language->lang('CONFIRM');
$confirm_text = $language->is_set($key . '_CONFIRM') ? $language->lang($key . '_CONFIRM', $count, $title) : $key;
}
else
{
$confirm_title = $language->is_set($title) ? $language->lang($title) : $language->lang('CONFIRM');
$confirm_text = $language->is_set($title . '_CONFIRM') ? $language->lang($title . '_CONFIRM') : $title;
}


if (defined('IN_ADMIN') && isset($user->data['session_admin']) && $user->data['session_admin'])
{


if (defined('IN_ADMIN') && isset($user->data['session_admin']) && $user->data['session_admin'])
{

		adm_page_header((!isset($user->lang[$title])) ? $user->lang['CONFIRM'] : $user->lang[$title]);

		adm_page_header($confirm_title);

	}
else
{

	}
else
{

		page_header((!isset($user->lang[$title])) ? $user->lang['CONFIRM'] : $user->lang[$title]);

		page_header($confirm_title);

	}

$template->set_filenames(array(

	}

$template->set_filenames(array(

Line 2188Line 2218
	$u_action .= ((strpos($u_action, '?') === false) ? '?' : '&amp;') . 'confirm_key=' . $confirm_key;

$template->assign_vars(array(

	$u_action .= ((strpos($u_action, '?') === false) ? '?' : '&amp;') . 'confirm_key=' . $confirm_key;

$template->assign_vars(array(

		'MESSAGE_TITLE'		=> (!isset($user->lang[$title])) ? $user->lang['CONFIRM'] : $user->lang($title, 1),
'MESSAGE_TEXT' => (!isset($user->lang[$title . '_CONFIRM'])) ? $title : $user->lang[$title . '_CONFIRM'],

		'MESSAGE_TITLE'		=> $confirm_title,
'MESSAGE_TEXT' => $confirm_text,





		'YES_VALUE'			=> $user->lang['YES'],

		'YES_VALUE'			=> $language->lang('YES'),

		'S_CONFIRM_ACTION'	=> $u_action,
'S_HIDDEN_FIELDS' => $hidden . $s_hidden_fields,
'S_AJAX_REQUEST' => $request->is_ajax(),

		'S_CONFIRM_ACTION'	=> $u_action,
'S_HIDDEN_FIELDS' => $hidden . $s_hidden_fields,
'S_AJAX_REQUEST' => $request->is_ajax(),

Line 2204Line 2234
	if ($request->is_ajax())
{
$u_action .= '&confirm_uid=' . $user->data['user_id'] . '&sess=' . $user->session_id . '&sid=' . $user->session_id;

	if ($request->is_ajax())
{
$u_action .= '&confirm_uid=' . $user->data['user_id'] . '&sess=' . $user->session_id . '&sid=' . $user->session_id;

		$json_response = new \phpbb\json_response;
$json_response->send(array(

		$data = array(


			'MESSAGE_BODY'		=> $template->assign_display('body'),

			'MESSAGE_BODY'		=> $template->assign_display('body'),

			'MESSAGE_TITLE'		=> (!isset($user->lang[$title])) ? $user->lang['CONFIRM'] : $user->lang[$title],
'MESSAGE_TEXT' => (!isset($user->lang[$title . '_CONFIRM'])) ? $title : $user->lang[$title . '_CONFIRM'],

			'MESSAGE_TITLE'		=> $confirm_title,
'MESSAGE_TEXT' => $confirm_text,





			'YES_VALUE'			=> $user->lang['YES'],

			'YES_VALUE'			=> $language->lang('YES'),

			'S_CONFIRM_ACTION'	=> str_replace('&amp;', '&', $u_action), //inefficient, rewrite whole function
'S_HIDDEN_FIELDS' => $hidden . $s_hidden_fields

			'S_CONFIRM_ACTION'	=> str_replace('&amp;', '&', $u_action), //inefficient, rewrite whole function
'S_HIDDEN_FIELDS' => $hidden . $s_hidden_fields

		));






















		);

/**
* This event allows an extension to modify the ajax output of confirm box.
*
* @event core.confirm_box_ajax_before
* @var string u_action Action of the form
* @var array data Data to be sent
* @var string hidden Hidden fields generated by caller
* @var string s_hidden_fields Hidden fields generated by this function
* @since 3.2.8-RC1
*/
$vars = array(
'u_action',
'data',
'hidden',
's_hidden_fields',
);
extract($phpbb_dispatcher->trigger_event('core.confirm_box_ajax_before', compact($vars)));

$json_response = new \phpbb\json_response;
$json_response->send($data);

	}

if (defined('IN_ADMIN') && isset($user->data['session_admin']) && $user->data['session_admin'])

	}

if (defined('IN_ADMIN') && isset($user->data['session_admin']) && $user->data['session_admin'])

Line 2224Line 2274
	{
page_footer();
}

	{
page_footer();
}

 

exit; // unreachable, page_footer() above will call exit()

}

/**

}

/**

Line 2235Line 2287
	global $request, $phpbb_container, $phpbb_dispatcher, $phpbb_log;

$err = '';

	global $request, $phpbb_container, $phpbb_dispatcher, $phpbb_log;

$err = '';

 
	$form_name = 'login';


// Make sure user->setup() has been called
if (!$user->is_setup())


// Make sure user->setup() has been called
if (!$user->is_setup())

Line 2310Line 2363
			trigger_error('NO_AUTH_ADMIN_USER_DIFFER');
}


			trigger_error('NO_AUTH_ADMIN_USER_DIFFER');
}


 
		// Check form key
if ($password && !defined('IN_CHECK_BAN') && !check_form_key($form_name))
{
$result = array(
'status' => false,
'error_msg' => 'FORM_INVALID',
);
}
else
{

		// If authentication is successful we redirect user to previous page
$result = $auth->login($username, $password, $autologin, $viewonline, $admin);

		// If authentication is successful we redirect user to previous page
$result = $auth->login($username, $password, $autologin, $viewonline, $admin);

 
		}


// If admin authentication and login, we will log if it was a success or not...
// We also break the operation on the first non-success login - it could be argued that the user already knows


// If admin authentication and login, we will log if it was a success or not...
// We also break the operation on the first non-success login - it could be argued that the user already knows

Line 2343Line 2407
			* @event core.login_box_redirect
* @var string redirect Redirect string
* @var bool admin Is admin?

			* @event core.login_box_redirect
* @var string redirect Redirect string
* @var bool admin Is admin?

 
			* @var	array	result		Result from auth provider

			* @since 3.1.0-RC5
* @changed 3.1.9-RC1 Removed undefined return variable

			* @since 3.1.0-RC5
* @changed 3.1.9-RC1 Removed undefined return variable

 
			* @changed 3.2.4-RC1 Added result

			*/

			*/

			$vars = array('redirect', 'admin');

			$vars = array('redirect', 'admin', 'result');

			extract($phpbb_dispatcher->trigger_event('core.login_box_redirect', compact($vars)));

// append/replace SID (may change during the session for AOL users)

			extract($phpbb_dispatcher->trigger_event('core.login_box_redirect', compact($vars)));

// append/replace SID (may change during the session for AOL users)

Line 2462Line 2528

$s_hidden_fields = build_hidden_fields($s_hidden_fields);



$s_hidden_fields = build_hidden_fields($s_hidden_fields);


	$template->assign_vars(array(

	$login_box_template_data = array(

		'LOGIN_ERROR'		=> $err,
'LOGIN_EXPLAIN' => $l_explain,


		'LOGIN_ERROR'		=> $err,
'LOGIN_EXPLAIN' => $l_explain,


Line 2470Line 2536
		'U_RESEND_ACTIVATION'	=> ($config['require_activation'] == USER_ACTIVATION_SELF && $config['email_enable']) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=resend_act') : '',
'U_TERMS_USE' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=terms'),
'U_PRIVACY' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=privacy'),

		'U_RESEND_ACTIVATION'	=> ($config['require_activation'] == USER_ACTIVATION_SELF && $config['email_enable']) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=resend_act') : '',
'U_TERMS_USE' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=terms'),
'U_PRIVACY' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=privacy'),

 
		'UA_PRIVACY'			=> addslashes(append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=privacy')),


'S_DISPLAY_FULL_LOGIN' => ($s_display) ? true : false,
'S_HIDDEN_FIELDS' => $s_hidden_fields,


'S_DISPLAY_FULL_LOGIN' => ($s_display) ? true : false,
'S_HIDDEN_FIELDS' => $s_hidden_fields,

Line 2479Line 2546

'USERNAME_CREDENTIAL' => 'username',
'PASSWORD_CREDENTIAL' => ($admin) ? 'password_' . $credential : 'password',


'USERNAME_CREDENTIAL' => 'username',
'PASSWORD_CREDENTIAL' => ($admin) ? 'password_' . $credential : 'password',

	));























	);

/**
* Event to add/modify login box template data
*
* @event core.login_box_modify_template_data
* @var int admin Flag whether user is admin
* @var string username User name
* @var int autologin Flag whether autologin is enabled
* @var string redirect Redirect URL
* @var array login_box_template_data Array with the login box template data
* @since 3.2.3-RC2
*/
$vars = array(
'admin',
'username',
'autologin',
'redirect',
'login_box_template_data',
);
extract($phpbb_dispatcher->trigger_event('core.login_box_modify_template_data', compact($vars)));

$template->assign_vars($login_box_template_data);


page_header($user->lang['LOGIN']);



page_header($user->lang['LOGIN']);


Line 2496Line 2585
*/
function login_forum_box($forum_data)
{

*/
function login_forum_box($forum_data)
{

	global $db, $phpbb_container, $request, $template, $user, $phpbb_dispatcher;

	global $db, $phpbb_container, $request, $template, $user, $phpbb_dispatcher, $phpbb_root_path, $phpEx;


$password = $request->variable('password', '', true);



$password = $request->variable('password', '', true);


Line 2580Line 2669
	$template->set_filenames(array(
'body' => 'login_forum.html')
);

	$template->set_filenames(array(
'body' => 'login_forum.html')
);

 

make_jumpbox(append_sid("{$phpbb_root_path}viewforum.$phpEx"), $forum_data['forum_id']);


page_footer();
}


page_footer();
}

Line 2675Line 2766
		{
$value = '';
}

		{
$value = '';
}

		else if (($value[0] == "'" && $value[sizeof($value) - 1] == "'") || ($value[0] == '"' && $value[sizeof($value) - 1] == '"'))

		else if (($value[0] == "'" && $value[strlen($value) - 1] == "'") || ($value[0] == '"' && $value[strlen($value) - 1] == '"'))

		{

		{

			$value = htmlspecialchars(substr($value, 1, sizeof($value)-2));

			$value = htmlspecialchars(substr($value, 1, strlen($value)-2));

		}
else
{

		}
else
{

Line 2779Line 2870

case 'url':
// generated with regex_idn.php file in the develop folder


case 'url':
// generated with regex_idn.php file in the develop folder

			return "[a-z][a-z\d+\-.]*:/{2}(?:(?:[^\p{C}\p{Z}\p{S}\p{P}\p{Nl}\p{No}\p{Me}\x{1100}-\x{115F}\x{A960}-\x{A97C}\x{1160}-\x{11A7}\x{D7B0}-\x{D7C6}\x{20D0}-\x{20FF}\x{1D100}-\x{1D1FF}\x{1D200}-\x{1D24F}\x{0640}\x{07FA}\x{302E}\x{302F}\x{3031}-\x{3035}\x{303B}]*[\x{00B7}\x{0375}\x{05F3}\x{05F4}\x{30FB}\x{002D}\x{06FD}\x{06FE}\x{0F0B}\x{3007}\x{00DF}\x{03C2}\x{200C}\x{200D}\pL0-9\-._~!$&'()*+,;=:@|]+|%[\dA-F]{2})+|[0-9.]+|\[[a-z0-9.]+:[a-z0-9.]+:[a-z0-9.:]+\])(?::\d*)?(?:/(?:[^\p{C}\p{Z}\p{S}\p{P}\p{Nl}\p{No}\p{Me}\x{1100}-\x{115F}\x{A960}-\x{A97C}\x{1160}-\x{11A7}\x{D7B0}-\x{D7C6}\x{20D0}-\x{20FF}\x{1D100}-\x{1D1FF}\x{1D200}-\x{1D24F}\x{0640}\x{07FA}\x{302E}\x{302F}\x{3031}-\x{3035}\x{303B}]*[\x{00B7}\x{0375}\x{05F3}\x{05F4}\x{30FB}\x{002D}\x{06FD}\x{06FE}\x{0F0B}\x{3007}\x{00DF}\x{03C2}\x{200C}\x{200D}\pL0-9\-._~!$&'()*+,;=:@|]+|%[\dA-F]{2})*)*(?:\?(?:[^\p{C}\p{Z}\p{S}\p{P}\p{Nl}\p{No}\p{Me}\x{1100}-\x{115F}\x{A960}-\x{A97C}\x{1160}-\x{11A7}\x{D7B0}-\x{D7C6}\x{20D0}-\x{20FF}\x{1D100}-\x{1D1FF}\x{1D200}-\x{1D24F}\x{0640}\x{07FA}\x{302E}\x{302F}\x{3031}-\x{3035}\x{303B}]*[\x{00B7}\x{0375}\x{05F3}\x{05F4}\x{30FB}\x{002D}\x{06FD}\x{06FE}\x{0F0B}\x{3007}\x{00DF}\x{03C2}\x{200C}\x{200D}\pL0-9\-._~!$&'()*+,;=:@/?|]+|%[\dA-F]{2})*)?(?:\#(?:[^\p{C}\p{Z}\p{S}\p{P}\p{Nl}\p{No}\p{Me}\x{1100}-\x{115F}\x{A960}-\x{A97C}\x{1160}-\x{11A7}\x{D7B0}-\x{D7C6}\x{20D0}-\x{20FF}\x{1D100}-\x{1D1FF}\x{1D200}-\x{1D24F}\x{0640}\x{07FA}\x{302E}\x{302F}\x{3031}-\x{3035}\x{303B}]*[\x{00B7}\x{0375}\x{05F3}\x{05F4}\x{30FB}\x{002D}\x{06FD}\x{06FE}\x{0F0B}\x{3007}\x{00DF}\x{03C2}\x{200C}\x{200D}\pL0-9\-._~!$&'()*+,;=:@/?|]+|%[\dA-F]{2})*)?";






			return "[a-z][a-z\d+\-.]*(?<!javascript):/{2}(?:(?:[^\p{C}\p{Z}\p{S}\p{P}\p{Nl}\p{No}\p{Me}\x{1100}-\x{115F}\x{A960}-\x{A97C}\x{1160}-\x{11A7}\x{D7B0}-\x{D7C6}\x{20D0}-\x{20FF}\x{1D100}-\x{1D1FF}\x{1D200}-\x{1D24F}\x{0640}\x{07FA}\x{302E}\x{302F}\x{3031}-\x{3035}\x{303B}]*[\x{00B7}\x{0375}\x{05F3}\x{05F4}\x{30FB}\x{002D}\x{06FD}\x{06FE}\x{0F0B}\x{3007}\x{00DF}\x{03C2}\x{200C}\x{200D}\pL0-9\-._~!$&'()*+,;=:@|]+|%[\dA-F]{2})+|[0-9.]+|\[[a-z0-9.]+:[a-z0-9.]+:[a-z0-9.:]+\])(?::\d*)?(?:/(?:[^\p{C}\p{Z}\p{S}\p{P}\p{Nl}\p{No}\p{Me}\x{1100}-\x{115F}\x{A960}-\x{A97C}\x{1160}-\x{11A7}\x{D7B0}-\x{D7C6}\x{20D0}-\x{20FF}\x{1D100}-\x{1D1FF}\x{1D200}-\x{1D24F}\x{0640}\x{07FA}\x{302E}\x{302F}\x{3031}-\x{3035}\x{303B}]*[\x{00B7}\x{0375}\x{05F3}\x{05F4}\x{30FB}\x{002D}\x{06FD}\x{06FE}\x{0F0B}\x{3007}\x{00DF}\x{03C2}\x{200C}\x{200D}\pL0-9\-._~!$&'()*+,;=:@|]+|%[\dA-F]{2})*)*(?:\?(?:[^\p{C}\p{Z}\p{S}\p{P}\p{Nl}\p{No}\p{Me}\x{1100}-\x{115F}\x{A960}-\x{A97C}\x{1160}-\x{11A7}\x{D7B0}-\x{D7C6}\x{20D0}-\x{20FF}\x{1D100}-\x{1D1FF}\x{1D200}-\x{1D24F}\x{0640}\x{07FA}\x{302E}\x{302F}\x{3031}-\x{3035}\x{303B}]*[\x{00B7}\x{0375}\x{05F3}\x{05F4}\x{30FB}\x{002D}\x{06FD}\x{06FE}\x{0F0B}\x{3007}\x{00DF}\x{03C2}\x{200C}\x{200D}\pL0-9\-._~!$&'()*+,;=:@/?|]+|%[\dA-F]{2})*)?(?:\#(?:[^\p{C}\p{Z}\p{S}\p{P}\p{Nl}\p{No}\p{Me}\x{1100}-\x{115F}\x{A960}-\x{A97C}\x{1160}-\x{11A7}\x{D7B0}-\x{D7C6}\x{20D0}-\x{20FF}\x{1D100}-\x{1D1FF}\x{1D200}-\x{1D24F}\x{0640}\x{07FA}\x{302E}\x{302F}\x{3031}-\x{3035}\x{303B}]*[\x{00B7}\x{0375}\x{05F3}\x{05F4}\x{30FB}\x{002D}\x{06FD}\x{06FE}\x{0F0B}\x{3007}\x{00DF}\x{03C2}\x{200C}\x{200D}\pL0-9\-._~!$&'()*+,;=:@/?|]+|%[\dA-F]{2})*)?";
break;

case 'url_http':
// generated with regex_idn.php file in the develop folder
return "http[s]?:/{2}(?:(?:[^\p{C}\p{Z}\p{S}\p{P}\p{Nl}\p{No}\p{Me}\x{1100}-\x{115F}\x{A960}-\x{A97C}\x{1160}-\x{11A7}\x{D7B0}-\x{D7C6}\x{20D0}-\x{20FF}\x{1D100}-\x{1D1FF}\x{1D200}-\x{1D24F}\x{0640}\x{07FA}\x{302E}\x{302F}\x{3031}-\x{3035}\x{303B}]*[\x{00B7}\x{0375}\x{05F3}\x{05F4}\x{30FB}\x{002D}\x{06FD}\x{06FE}\x{0F0B}\x{3007}\x{00DF}\x{03C2}\x{200C}\x{200D}\pL0-9\-._~!$&'()*+,;=:@|]+|%[\dA-F]{2})+|[0-9.]+|\[[a-z0-9.]+:[a-z0-9.]+:[a-z0-9.:]+\])(?::\d*)?(?:/(?:[^\p{C}\p{Z}\p{S}\p{P}\p{Nl}\p{No}\p{Me}\x{1100}-\x{115F}\x{A960}-\x{A97C}\x{1160}-\x{11A7}\x{D7B0}-\x{D7C6}\x{20D0}-\x{20FF}\x{1D100}-\x{1D1FF}\x{1D200}-\x{1D24F}\x{0640}\x{07FA}\x{302E}\x{302F}\x{3031}-\x{3035}\x{303B}]*[\x{00B7}\x{0375}\x{05F3}\x{05F4}\x{30FB}\x{002D}\x{06FD}\x{06FE}\x{0F0B}\x{3007}\x{00DF}\x{03C2}\x{200C}\x{200D}\pL0-9\-._~!$&'()*+,;=:@|]+|%[\dA-F]{2})*)*(?:\?(?:[^\p{C}\p{Z}\p{S}\p{P}\p{Nl}\p{No}\p{Me}\x{1100}-\x{115F}\x{A960}-\x{A97C}\x{1160}-\x{11A7}\x{D7B0}-\x{D7C6}\x{20D0}-\x{20FF}\x{1D100}-\x{1D1FF}\x{1D200}-\x{1D24F}\x{0640}\x{07FA}\x{302E}\x{302F}\x{3031}-\x{3035}\x{303B}]*[\x{00B7}\x{0375}\x{05F3}\x{05F4}\x{30FB}\x{002D}\x{06FD}\x{06FE}\x{0F0B}\x{3007}\x{00DF}\x{03C2}\x{200C}\x{200D}\pL0-9\-._~!$&'()*+,;=:@/?|]+|%[\dA-F]{2})*)?(?:\#(?:[^\p{C}\p{Z}\p{S}\p{P}\p{Nl}\p{No}\p{Me}\x{1100}-\x{115F}\x{A960}-\x{A97C}\x{1160}-\x{11A7}\x{D7B0}-\x{D7C6}\x{20D0}-\x{20FF}\x{1D100}-\x{1D1FF}\x{1D200}-\x{1D24F}\x{0640}\x{07FA}\x{302E}\x{302F}\x{3031}-\x{3035}\x{303B}]*[\x{00B7}\x{0375}\x{05F3}\x{05F4}\x{30FB}\x{002D}\x{06FD}\x{06FE}\x{0F0B}\x{3007}\x{00DF}\x{03C2}\x{200C}\x{200D}\pL0-9\-._~!$&'()*+,;=:@/?|]+|%[\dA-F]{2})*)?";

		break;

case 'url_inline':
// generated with regex_idn.php file in the develop folder

		break;

case 'url_inline':
// generated with regex_idn.php file in the develop folder

			return "[a-z][a-z\d+]*:/{2}(?:(?:[^\p{C}\p{Z}\p{S}\p{P}\p{Nl}\p{No}\p{Me}\x{1100}-\x{115F}\x{A960}-\x{A97C}\x{1160}-\x{11A7}\x{D7B0}-\x{D7C6}\x{20D0}-\x{20FF}\x{1D100}-\x{1D1FF}\x{1D200}-\x{1D24F}\x{0640}\x{07FA}\x{302E}\x{302F}\x{3031}-\x{3035}\x{303B}]*[\x{00B7}\x{0375}\x{05F3}\x{05F4}\x{30FB}\x{002D}\x{06FD}\x{06FE}\x{0F0B}\x{3007}\x{00DF}\x{03C2}\x{200C}\x{200D}\pL0-9\-._~!$&'(*+,;=:@|]+|%[\dA-F]{2})+|[0-9.]+|\[[a-z0-9.]+:[a-z0-9.]+:[a-z0-9.:]+\])(?::\d*)?(?:/(?:[^\p{C}\p{Z}\p{S}\p{P}\p{Nl}\p{No}\p{Me}\x{1100}-\x{115F}\x{A960}-\x{A97C}\x{1160}-\x{11A7}\x{D7B0}-\x{D7C6}\x{20D0}-\x{20FF}\x{1D100}-\x{1D1FF}\x{1D200}-\x{1D24F}\x{0640}\x{07FA}\x{302E}\x{302F}\x{3031}-\x{3035}\x{303B}]*[\x{00B7}\x{0375}\x{05F3}\x{05F4}\x{30FB}\x{002D}\x{06FD}\x{06FE}\x{0F0B}\x{3007}\x{00DF}\x{03C2}\x{200C}\x{200D}\pL0-9\-._~!$&'(*+,;=:@|]+|%[\dA-F]{2})*)*(?:\?(?:[^\p{C}\p{Z}\p{S}\p{P}\p{Nl}\p{No}\p{Me}\x{1100}-\x{115F}\x{A960}-\x{A97C}\x{1160}-\x{11A7}\x{D7B0}-\x{D7C6}\x{20D0}-\x{20FF}\x{1D100}-\x{1D1FF}\x{1D200}-\x{1D24F}\x{0640}\x{07FA}\x{302E}\x{302F}\x{3031}-\x{3035}\x{303B}]*[\x{00B7}\x{0375}\x{05F3}\x{05F4}\x{30FB}\x{002D}\x{06FD}\x{06FE}\x{0F0B}\x{3007}\x{00DF}\x{03C2}\x{200C}\x{200D}\pL0-9\-._~!$&'(*+,;=:@/?|]+|%[\dA-F]{2})*)?(?:\#(?:[^\p{C}\p{Z}\p{S}\p{P}\p{Nl}\p{No}\p{Me}\x{1100}-\x{115F}\x{A960}-\x{A97C}\x{1160}-\x{11A7}\x{D7B0}-\x{D7C6}\x{20D0}-\x{20FF}\x{1D100}-\x{1D1FF}\x{1D200}-\x{1D24F}\x{0640}\x{07FA}\x{302E}\x{302F}\x{3031}-\x{3035}\x{303B}]*[\x{00B7}\x{0375}\x{05F3}\x{05F4}\x{30FB}\x{002D}\x{06FD}\x{06FE}\x{0F0B}\x{3007}\x{00DF}\x{03C2}\x{200C}\x{200D}\pL0-9\-._~!$&'(*+,;=:@/?|]+|%[\dA-F]{2})*)?";

			return "[a-z][a-z\d+]*(?<!javascript):/{2}(?:(?:[^\p{C}\p{Z}\p{S}\p{P}\p{Nl}\p{No}\p{Me}\x{1100}-\x{115F}\x{A960}-\x{A97C}\x{1160}-\x{11A7}\x{D7B0}-\x{D7C6}\x{20D0}-\x{20FF}\x{1D100}-\x{1D1FF}\x{1D200}-\x{1D24F}\x{0640}\x{07FA}\x{302E}\x{302F}\x{3031}-\x{3035}\x{303B}]*[\x{00B7}\x{0375}\x{05F3}\x{05F4}\x{30FB}\x{002D}\x{06FD}\x{06FE}\x{0F0B}\x{3007}\x{00DF}\x{03C2}\x{200C}\x{200D}\pL0-9\-._~!$&'(*+,;=:@|]+|%[\dA-F]{2})+|[0-9.]+|\[[a-z0-9.]+:[a-z0-9.]+:[a-z0-9.:]+\])(?::\d*)?(?:/(?:[^\p{C}\p{Z}\p{S}\p{P}\p{Nl}\p{No}\p{Me}\x{1100}-\x{115F}\x{A960}-\x{A97C}\x{1160}-\x{11A7}\x{D7B0}-\x{D7C6}\x{20D0}-\x{20FF}\x{1D100}-\x{1D1FF}\x{1D200}-\x{1D24F}\x{0640}\x{07FA}\x{302E}\x{302F}\x{3031}-\x{3035}\x{303B}]*[\x{00B7}\x{0375}\x{05F3}\x{05F4}\x{30FB}\x{002D}\x{06FD}\x{06FE}\x{0F0B}\x{3007}\x{00DF}\x{03C2}\x{200C}\x{200D}\pL0-9\-._~!$&'(*+,;=:@|]+|%[\dA-F]{2})*)*(?:\?(?:[^\p{C}\p{Z}\p{S}\p{P}\p{Nl}\p{No}\p{Me}\x{1100}-\x{115F}\x{A960}-\x{A97C}\x{1160}-\x{11A7}\x{D7B0}-\x{D7C6}\x{20D0}-\x{20FF}\x{1D100}-\x{1D1FF}\x{1D200}-\x{1D24F}\x{0640}\x{07FA}\x{302E}\x{302F}\x{3031}-\x{3035}\x{303B}]*[\x{00B7}\x{0375}\x{05F3}\x{05F4}\x{30FB}\x{002D}\x{06FD}\x{06FE}\x{0F0B}\x{3007}\x{00DF}\x{03C2}\x{200C}\x{200D}\pL0-9\-._~!$&'(*+,;=:@/?|]+|%[\dA-F]{2})*)?(?:\#(?:[^\p{C}\p{Z}\p{S}\p{P}\p{Nl}\p{No}\p{Me}\x{1100}-\x{115F}\x{A960}-\x{A97C}\x{1160}-\x{11A7}\x{D7B0}-\x{D7C6}\x{20D0}-\x{20FF}\x{1D100}-\x{1D1FF}\x{1D200}-\x{1D24F}\x{0640}\x{07FA}\x{302E}\x{302F}\x{3031}-\x{3035}\x{303B}]*[\x{00B7}\x{0375}\x{05F3}\x{05F4}\x{30FB}\x{002D}\x{06FD}\x{06FE}\x{0F0B}\x{3007}\x{00DF}\x{03C2}\x{200C}\x{200D}\pL0-9\-._~!$&'(*+,;=:@/?|]+|%[\dA-F]{2})*)?";

		break;

case 'www_url':

		break;

case 'www_url':

Line 2814Line 2910
		// Matches the predecing dot
case 'path_remove_dot_trailing_slash':
return '#^(?:(\.)?)+(?:(.+)?)+(?:([\\/\\\])$)#';

		// Matches the predecing dot
case 'path_remove_dot_trailing_slash':
return '#^(?:(\.)?)+(?:(.+)?)+(?:([\\/\\\])$)#';

 
		break;

case 'semantic_version':
// Regular expression to match semantic versions by http://rgxdb.com/
return '/(?<=^[Vv]|^)(?:(?<major>(?:0|[1-9](?:(?:0|[1-9])+)*))[.](?<minor>(?:0|[1-9](?:(?:0|[1-9])+)*))[.](?<patch>(?:0|[1-9](?:(?:0|[1-9])+)*))(?:-(?<prerelease>(?:(?:(?:[A-Za-z]|-)(?:(?:(?:0|[1-9])|(?:[A-Za-z]|-))+)?|(?:(?:(?:0|[1-9])|(?:[A-Za-z]|-))+)(?:[A-Za-z]|-)(?:(?:(?:0|[1-9])|(?:[A-Za-z]|-))+)?)|(?:0|[1-9](?:(?:0|[1-9])+)*))(?:[.](?:(?:(?:[A-Za-z]|-)(?:(?:(?:0|[1-9])|(?:[A-Za-z]|-))+)?|(?:(?:(?:0|[1-9])|(?:[A-Za-z]|-))+)(?:[A-Za-z]|-)(?:(?:(?:0|[1-9])|(?:[A-Za-z]|-))+)?)|(?:0|[1-9](?:(?:0|[1-9])+)*)))*))?(?:[+](?<build>(?:(?:(?:[A-Za-z]|-)(?:(?:(?:0|[1-9])|(?:[A-Za-z]|-))+)?|(?:(?:(?:0|[1-9])|(?:[A-Za-z]|-))+)(?:[A-Za-z]|-)(?:(?:(?:0|[1-9])|(?:[A-Za-z]|-))+)?)|(?:(?:0|[1-9])+))(?:[.](?:(?:(?:[A-Za-z]|-)(?:(?:(?:0|[1-9])|(?:[A-Za-z]|-))+)?|(?:(?:(?:0|[1-9])|(?:[A-Za-z]|-))+)(?:[A-Za-z]|-)(?:(?:(?:0|[1-9])|(?:[A-Za-z]|-))+)?)|(?:(?:0|[1-9])+)))*))?)$/';

		break;
}


		break;
}


Line 3001Line 3102
	if (preg_match(get_preg_expression('ipv6'), $address))
{
$parts = explode(':', $address);

	if (preg_match(get_preg_expression('ipv6'), $address))
{
$parts = explode(':', $address);

		$missing_parts = 8 - sizeof($parts) + 1;

		$missing_parts = 8 - count($parts) + 1;


if (substr($address, 0, 2) === '::')
{


if (substr($address, 0, 2) === '::')
{

Line 3018Line 3119

if (preg_match(get_preg_expression('ipv4'), $last_part))
{


if (preg_match(get_preg_expression('ipv4'), $last_part))
{

			$parts[sizeof($parts) - 1] = '';

			$parts[count($parts) - 1] = '';

			$last_part = phpbb_inet_pton($last_part);
$embedded_ipv4 = true;
--$missing_parts;

			$last_part = phpbb_inet_pton($last_part);
$embedded_ipv4 = true;
--$missing_parts;

Line 3030Line 3131
			{
$ret .= str_pad($part, 4, '0', STR_PAD_LEFT);
}

			{
$ret .= str_pad($part, 4, '0', STR_PAD_LEFT);
}

			else if ($i && $i < sizeof($parts) - 1)

			else if ($i && $i < count($parts) - 1)

			{
$ret .= str_repeat('0000', $missing_parts);
}

			{
$ret .= str_repeat('0000', $missing_parts);
}

Line 3626Line 3727
	// Need caps version of $item for language-strings
$item_caps = strtoupper($item);


	// Need caps version of $item for language-strings
$item_caps = strtoupper($item);


	if (sizeof($online_users['online_users']))

	if (count($online_users['online_users']))

	{
$sql_ary = array(
'SELECT' => 'u.username, u.username_clean, u.user_id, u.user_type, u.user_allow_viewonline, u.user_colour',

	{
$sql_ary = array(
'SELECT' => 'u.username, u.username_clean, u.user_id, u.user_type, u.user_allow_viewonline, u.user_colour',

Line 4024Line 4125
*
* @return string Avatar html
*/

*
* @return string Avatar html
*/

function phpbb_get_group_avatar($user_row, $alt = 'GROUP_AVATAR', $ignore_config = false, $lazy = false)

function phpbb_get_group_avatar($group_row, $alt = 'GROUP_AVATAR', $ignore_config = false, $lazy = false)

{

{

	$row = \phpbb\avatar\manager::clean_row($user_row, 'group');

	$row = \phpbb\avatar\manager::clean_row($group_row, 'group');

	return phpbb_get_avatar($row, $alt, $ignore_config, $lazy);
}


	return phpbb_get_avatar($row, $alt, $ignore_config, $lazy);
}


Line 4064Line 4165
	if ($driver)
{
$html = $driver->get_custom_html($user, $row, $alt);

	if ($driver)
{
$html = $driver->get_custom_html($user, $row, $alt);

		if (!empty($html))
{
return $html;
}


 
		$avatar_data = $driver->get_data($row);
}
else

		$avatar_data = $driver->get_data($row);
}
else

Line 4076Line 4172
		$avatar_data['src'] = '';
}


		$avatar_data['src'] = '';
}


	if (!empty($avatar_data['src']))

	if (empty($html) && !empty($avatar_data['src']))

	{
if ($lazy)
{

	{
if ($lazy)
{

Line 4335Line 4431
	/** @var \phpbb\controller\helper $controller_helper */
$controller_helper = $phpbb_container->get('controller.helper');
$notification_mark_hash = generate_link_hash('mark_all_notifications_read');

	/** @var \phpbb\controller\helper $controller_helper */
$controller_helper = $phpbb_container->get('controller.helper');
$notification_mark_hash = generate_link_hash('mark_all_notifications_read');

 

$s_login_redirect = build_hidden_fields(array('redirect' => $phpbb_path_helper->remove_web_root_path(build_url())));

// Add form token for login box, in case page is presenting a login form.
add_form_key('login', '_LOGIN');

/**
* Workaround for missing template variable in pre phpBB 3.2.6 styles.
* @deprecated 3.2.7 (To be removed: 3.3.0-a1)
*/
$form_token_login = $template->retrieve_var('S_FORM_TOKEN_LOGIN');
if (!empty($form_token_login))
{
$s_login_redirect .= $form_token_login;
// Remove S_FORM_TOKEN_LOGIN as it's already appended to S_LOGIN_REDIRECT
$template->assign_var('S_FORM_TOKEN_LOGIN', '');
}


// The following assigns all _common_ variables that may be used at any point in a template.
$template->assign_vars(array(


// The following assigns all _common_ variables that may be used at any point in a template.
$template->assign_vars(array(

Line 4395Line 4508
		'U_SEARCH_ACTIVE_TOPICS'=> append_sid("{$phpbb_root_path}search.$phpEx", 'search_id=active_topics'),
'U_DELETE_COOKIES' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=delete_cookies'),
'U_CONTACT_US' => ($config['contact_admin_form_enable'] && $config['email_enable']) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=contactadmin') : '',

		'U_SEARCH_ACTIVE_TOPICS'=> append_sid("{$phpbb_root_path}search.$phpEx", 'search_id=active_topics'),
'U_DELETE_COOKIES' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=delete_cookies'),
'U_CONTACT_US' => ($config['contact_admin_form_enable'] && $config['email_enable']) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=contactadmin') : '',

		'U_TEAM'				=> ($user->data['user_id'] != ANONYMOUS && !$auth->acl_get('u_viewprofile')) ? '' : append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=team'),

		'U_TEAM'				=> (!$auth->acl_get('u_viewprofile')) ? '' : append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=team'),

		'U_TERMS_USE'			=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=terms'),
'U_PRIVACY' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=privacy'),

		'U_TERMS_USE'			=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=terms'),
'U_PRIVACY' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=privacy'),

 
		'UA_PRIVACY'			=> addslashes(append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=privacy')),

		'U_RESTORE_PERMISSIONS'	=> ($user->data['user_perm_from'] && $auth->acl_get('a_switchperm')) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=restore_perm') : '',
'U_FEED' => $controller_helper->route('phpbb_feed_index'),


		'U_RESTORE_PERMISSIONS'	=> ($user->data['user_perm_from'] && $auth->acl_get('a_switchperm')) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=restore_perm') : '',
'U_FEED' => $controller_helper->route('phpbb_feed_index'),


Line 4424Line 4538
		'S_TOPIC_ID'			=> $topic_id,

'S_LOGIN_ACTION' => ((!defined('ADMIN_START')) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=login') : append_sid("{$phpbb_admin_path}index.$phpEx", false, true, $user->session_id)),

		'S_TOPIC_ID'			=> $topic_id,

'S_LOGIN_ACTION' => ((!defined('ADMIN_START')) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=login') : append_sid("{$phpbb_admin_path}index.$phpEx", false, true, $user->session_id)),

		'S_LOGIN_REDIRECT'		=> build_hidden_fields(array('redirect' => $phpbb_path_helper->remove_web_root_path(build_url()))),

		'S_LOGIN_REDIRECT'		=> $s_login_redirect,


'S_ENABLE_FEEDS' => ($config['feed_enable']) ? true : false,
'S_ENABLE_FEEDS_OVERALL' => ($config['feed_overall']) ? true : false,


'S_ENABLE_FEEDS' => ($config['feed_enable']) ? true : false,
'S_ENABLE_FEEDS_OVERALL' => ($config['feed_overall']) ? true : false,

Line 4457Line 4571
		'S_COOKIE_NOTICE'		=> !empty($config['cookie_notice']),

'T_THEME_NAME' => rawurlencode($user->style['style_path']),

		'S_COOKIE_NOTICE'		=> !empty($config['cookie_notice']),

'T_THEME_NAME' => rawurlencode($user->style['style_path']),

		'T_THEME_LANG_NAME'		=> $user->data['user_lang'],

		'T_THEME_LANG_NAME'		=> $user->lang_name,

		'T_TEMPLATE_NAME'		=> $user->style['style_path'],
'T_SUPER_TEMPLATE_NAME' => rawurlencode((isset($user->style['style_parent_tree']) && $user->style['style_parent_tree']) ? $user->style['style_parent_tree'] : $user->style['style_path']),
'T_IMAGES' => 'images',

		'T_TEMPLATE_NAME'		=> $user->style['style_path'],
'T_SUPER_TEMPLATE_NAME' => rawurlencode((isset($user->style['style_parent_tree']) && $user->style['style_parent_tree']) ? $user->style['style_parent_tree'] : $user->style['style_path']),
'T_IMAGES' => 'images',

Line 4475Line 4589

if ($send_headers)
{


if ($send_headers)
{

		// An array of http headers that phpbb will set. The following event may override these.

		// An array of http headers that phpBB will set. The following event may override these.

		$http_headers += array(
// application/xhtml+xml not used because of IE
'Content-type' => 'text/html; charset=UTF-8',
'Cache-Control' => 'private, no-cache="set-cookie"',
'Expires' => gmdate('D, d M Y H:i:s', time()) . ' GMT',

		$http_headers += array(
// application/xhtml+xml not used because of IE
'Content-type' => 'text/html; charset=UTF-8',
'Cache-Control' => 'private, no-cache="set-cookie"',
'Expires' => gmdate('D, d M Y H:i:s', time()) . ' GMT',

 
			'Referrer-Policy' => 'strict-origin-when-cross-origin',

		);
if (!empty($user->data['is_bot']))
{

		);
if (!empty($user->data['is_bot']))
{