Merge branch 'prep-release-4.0.0'

Author: marc1706

build/build.xml

@@ -2,9 +2,9 @@
 
 <project name="phpBB" description="The phpBB forum software" default="all" basedir="../">
 	<!-- a few settings for the build -->
-	<property name="newversion" value="4.0.0-a2-dev" />
-	<property name="prevversion" value="3.3.16" />
-	<property name="olderversions" value="3.1.12, 3.2.11, 4.0.0-a1" />
+	<property name="newversion" value="4.0.0-a2" />
+	<property name="prevversion" value="4.0.0-a1" />
+	<property name="olderversions" value="3.1.12, 3.2.11, 3.3.16" />
 	<!-- no configuration should be needed beyond this point -->
 
 	<property name="oldversions" value="${olderversions}, ${prevversion}" />

phpBB/docs/CHANGELOG.html

@@ -50,6 +50,7 @@ <h1>Changelog</h1>
 <ol>
 	<li><a href="#changelog">Changelog</a>
 	<ul>
+		<li><a href="#v400a1">Changes since 4.0.0-a1</a></li>
 		<li><a href="#v33x">Changes since 3.3.x</a></li>
 		<li><a href="#v3316rc1">Changes since 3.3.16-RC1</a></li>
 		<li><a href="#v3315">Changes since 3.3.15</a></li>
@@ -178,6 +179,93 @@ <h1>Changelog</h1>
 		<div class="inner">
 
 		<div class="content">
+			<a name="v400a1"></a><h3>Changes since 4.0.0-a1</h3>
+			<h4>Bug</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-15085">PHPBB-15085</a>] - HTTP authentication from feeds served via controller</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17477">PHPBB-17477</a>] - Problem with Whois lookups returning incorrect information due to ARIN/RIPE changes</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17552">PHPBB-17552</a>] - extensions.php lang file uses plural rule structure for different purpose</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17553">PHPBB-17553</a>] - Remove jabber notification entries instead of trying to convert them</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17554">PHPBB-17554</a>] - Feature tests for Extensions Catalog are making external HTTP calls</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17557">PHPBB-17557</a>] - Error suppression is missing for migrating avatars in 4.0</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17560">PHPBB-17560</a>] - Diff engine causes PHP fatal error</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17562">PHPBB-17562</a>] - base.css file contains font-size declaration overridden in common.css</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17563">PHPBB-17563</a>] - CodeSniffer ruleset (PPSSE) not fully compatible with CS 4</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17564">PHPBB-17564</a>] - Header profile contrast in navbar can result in hard to read username</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17565">PHPBB-17565</a>] - Incorrect exporting PM as CSV for Excel</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17567">PHPBB-17567</a>] - Page width exceeds the screen width in responsive mode</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17569">PHPBB-17569</a>] - Responsive bug in footer navbar</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17571">PHPBB-17571</a>] - pm inline attachment not showing</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17573">PHPBB-17573</a>] - Allow to run phpunit in local again</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17575">PHPBB-17575</a>] - Web Manifest scope path is likely invalid</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17580">PHPBB-17580</a>] - Downloading files with a byte range of 8192 bytes causes fatal error</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17581">PHPBB-17581</a>] - PHP warning on viewing a topic page with avatars as bot</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17582">PHPBB-17582</a>] - Not working lang vars in acp_ext_list.html</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17585">PHPBB-17585</a>] - Some extensions with modules can't be uninstalled</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17589">PHPBB-17589</a>] - QA captcha appears on every other login attempt</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17594">PHPBB-17594</a>] - Improved error handling of web push subscriber</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17596">PHPBB-17596</a>] - Logout link in ACP does not work</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17622">PHPBB-17622</a>] - Version helper may return update from newer branch</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17624">PHPBB-17624</a>] - Datetime edge case tests fail when local timezone is ahead of UTC</li>
+			</ul>
+			<h4>Improvement</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-13481">PHPBB-13481</a>] - Explain in ACP Attachment settings images get resized (at client-side)</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-15007">PHPBB-15007</a>] - Add Restart link to installer</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17447">PHPBB-17447</a>] - Attachments controller: Use BinaryFileResponse when adapter is local</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17524">PHPBB-17524</a>] - Add possibility to use index key length in migrations</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17536">PHPBB-17536</a>] - Add event to Edit forum in ACP to modify template</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17539">PHPBB-17539</a>] - Increase default password complexity</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17541">PHPBB-17541</a>] - Ext Catalog is using variables in loops incorrectly</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17555">PHPBB-17555</a>] - Improve running of tests on windows runners in GitHub Actions</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17556">PHPBB-17556</a>] - Upgrade to Symfony 7.4</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17559">PHPBB-17559</a>] - Extension Catalog can be installed without repositories</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17561">PHPBB-17561</a>] - Extension Catalog Installs Incompatible Extensions</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17570">PHPBB-17570</a>] - Replace an old CSS accessibility hack with a modern, recommended and W3C compliant method</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17572">PHPBB-17572</a>] - meta apple-mobile-web-app-capable depreciated</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17587">PHPBB-17587</a>] - Move mark notification read to controller</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17588">PHPBB-17588</a>] - Move index page to controller</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17590">PHPBB-17590</a>] - Use index.php as frontend controller</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17592">PHPBB-17592</a>] - Translate &quot;No match found!!!&quot; if no mention entry was found</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17598">PHPBB-17598</a>] - Deny access to composer files in apache</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17603">PHPBB-17603</a>] - Remove unused gulp</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17604">PHPBB-17604</a>] - Disable all extension during phpBB4 install/update</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17605">PHPBB-17605</a>] - Fix homestead and use a fork since is no longer maintained</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17619">PHPBB-17619</a>] - Fix UnusedUseSniff to detect property type declarations</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17620">PHPBB-17620</a>] - Skip whois test when daily rate-limit is reached</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17621">PHPBB-17621</a>] - Change U_WARN to use new warn_allowed variable</li>
+			</ul>
+			<h4>New Feature</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17566">PHPBB-17566</a>] - Add default avatars based on username</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17597">PHPBB-17597</a>] - Use avatar twig function instead of html generated in PHP</li>
+			</ul>
+			<h4>Task</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-15823">PHPBB-15823</a>] - Move viewonline.php to controller</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-16005">PHPBB-16005</a>] - Remove phpBB2 converter</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17545">PHPBB-17545</a>] - Improve handling of DDoS/brute force attacks on login form</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17584">PHPBB-17584</a>] - Exclude tests from PSR1 code sniffs</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17591">PHPBB-17591</a>] - Update to Code Sniffer 4</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17593">PHPBB-17593</a>] - Allow functional tests on a secure local server</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17595">PHPBB-17595</a>] - Ext Catalog should load packages from titania's 4.0 branch</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17599">PHPBB-17599</a>] - Update composer and node dependencies</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17602">PHPBB-17602</a>] - Clean up avatar code and avatar tests</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17612">PHPBB-17612</a>] - Remove imageset to css converter</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17613">PHPBB-17613</a>] - Remove support for retired WebPI packages</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17628">PHPBB-17628</a>] - Update composer and node dependencies</li>
+			</ul>
+			<h4>Security Issue</h4>
+			<ul>
+				<li>[SECURITY-285] - Password Reset Link Poisoning</li>
+				<li>[SECURITY-286] - IDOR when composing PMs</li>
+				<li>[SECURITY-287] - CSRF on report submission</li>
+				<li>[SECURITY-288] - Blind POST SSRF via Web Push Notification</li>
+				<li>[SECURITY-289] - Hardening against non-rasterized image uploads</li>
+				<li>[SECURITY-290] - Cross-User Notification Read State Manipulation</li>
+				<li>[SECURITY-291] - Improper access control in mention controller</li>
+			</ul>
+
 			<a name="v33x"></a><h3>Changes since 3.3.x</h3>
 			<h4>Bug</h4>
 			<ul>

phpBB/includes/constants.php

@@ -28,7 +28,7 @@
 */
 
 // phpBB Version
-@define('PHPBB_VERSION', '4.0.0-a2-dev');
+@define('PHPBB_VERSION', '4.0.0-a2');
 
 // QA-related
 // define('PHPBB_QA', 1);

phpBB/install/phpbbcli.php

@@ -23,7 +23,7 @@
 define('IN_PHPBB', true);
 define('IN_INSTALL', true);
 define('PHPBB_ENVIRONMENT', 'production');
-define('PHPBB_VERSION', '4.0.0-a1');
+define('PHPBB_VERSION', '4.0.0-a2');
 $phpbb_root_path = __DIR__ . '/../';
 $phpEx = substr(strrchr(__FILE__, '.'), 1);
 

phpBB/install/schemas/schema_data.sql

@@ -299,7 +299,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('update_hashes_last
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('update_hashes_lock', '0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_icons_path', 'images/upload_icons');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('use_system_cron', '0');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '4.0.0-a2-dev');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '4.0.0-a2');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_expire_days', '90');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_gc', '14400');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('exts_composer_repositories', '["https://satis.phpbb.com/","https://www.phpbb.com/customise/db/composer/40/"]');

phpBB/phpbb/db/migration/data/v400/v400a2.php

@@ -0,0 +1,38 @@
+<?php
+/**
+ *
+ * This file is part of the phpBB Forum Software package.
+ *
+ * @copyright (c) phpBB Limited <https://www.phpbb.com>
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
+
+namespace phpbb\db\migration\data\v400;
+
+class v400a2 extends \phpbb\db\migration\migration
+{
+	public function effectively_installed()
+	{
+		return version_compare($this->config['version'], '4.0.0-a2', '>=');
+	}
+
+	public static function depends_on()
+	{
+		return [
+			'\phpbb\db\migration\data\v33x\v3316',
+			'\phpbb\db\migration\data\v400\disable_extensions',
+			'\phpbb\db\migration\data\v400\extensions_composer_4',
+		];
+	}
+
+	public function update_data()
+	{
+		return [
+			['config.update', ['version', '4.0.0-a2']],
+		];
+	}
+}

phpBB/styles/prosilver/theme/stylesheet.css

@@ -11,13 +11,13 @@
 @import url("base.css?hash=e4336923");
 @import url("utilities.css?hash=b95e1ad4");
 @import url("icons.css?hash=cf9a9308");
-@import url("common.css?hash=b2c7c02b");
+@import url("common.css?hash=3e946b8c");
 @import url("buttons.css?hash=be0468e7");
-@import url("links.css?hash=ecc09d7a");
+@import url("links.css?hash=20df6b95");
 @import url("mentions.css?hash=308fbc69");
-@import url("content.css?hash=46dafcea");
+@import url("content.css?hash=cab73962");
 @import url("cp.css?hash=9ed1a111");
 @import url("forms.css?hash=e6a667ba");
-@import url("colours.css?hash=f1c629cc");
-@import url("responsive.css?hash=c6136396");
-@import url("bidi.css?hash=c1b99d9a");
+@import url("colours.css?hash=fae5c302");
+@import url("responsive.css?hash=62adf6f6");
+@import url("bidi.css?hash=2e917914");