phpBB Changelog

What's new in phpBB 3.3

Jan 7, 2020
  • The new phpBB 3.3 Proteus builds upon 3.2 Rhea and is a big step towards a more modern base while maintaining a clear update path. It is now shipped with Symfony 3.4, Twig 2, and jQuery 3.4. The improvements include, among others, support for Invisible reCAPTCHA, Argon2i and Argon2id password hashing, improved reset password functionality, and minor changes to the UI.
  • The minimum supported PHP version has been increased to PHP 7.1.3 while support for PHP 7.3 and PHP 7.4 has been added. Fixed security issues in 3.2.9 are part of this release as well.

New in phpBB 3.2.7 (May 5, 2019)

  • The fixed issues include, among others, issues with form token validation during login, the inability to change topic types after posting, an issue with viewing private message folders, and potentially incorrectly shortened URL links when using the [url=] BBCode.
  • Full backwards compatibility for styles released before phpBB 3.2.6 has been introduced, which will enable logins even though these styles have not yet been updated with the latest style changes.

New in phpBB 3.2.4 (Nov 22, 2018)

  • This version is a maintenance and security release of the 3.2.x branch which fixes one security issue and various issues reported in previous versions.
  • The security issue was discovered with a new exploitation technique called Phar deserialization. An attacker with control over a founder admin account could escalate to remote code execution by abusing PHP’s default unserialization of metadata in Phar files. More information about this technique can be found here. In order to fix this issue we’ve removed the ability to define absolute paths in the Admin Control Panel. This resulted in the removal of setting the ImageMagick path, so make sure to have the GD image library available instead. A new event to generate thumbnails was added as replacement, so you’re able to write an extension that uses a different image library to generate thumbnails. We would like to thank Simon Scannell and Robin Peraglie of RIPS Technologies for their report and responsible disclosure. The issue has been assigned CVE-2018-19274.
  • The fixed issues include, among others, compatibility issues with PHP 7.2 and issues with removing users from the newly registered user group more than once.
  • Among the notable changes are the addition of the list-unsubscribe header to emails sent by phpBB and the ability to reset your password without entering the username.

New in phpBB 3.2.2 (Jan 9, 2018)

  • This version is a maintenance & security release of the 3.2.x branch which fixes one security issue, adds one minor feature addition, as well as fixing various issues reported in previous versions.
  • Previous versions did not limit the allowed schemes for URLs in profile fields and therefore allowed users to also specify URLs with the javascript scheme. This is now forbidden. As always, please keep in mind that external URLs can potentially be unsafe. Therefore it is recommended to not click on any URLs that might look suspicious to you. We would like to thank “aaaimg” for the disclosure of this issue to our development team.
  • As a minor feature addition, phpBB now also supports Memcached caching.
  • The fixed issues include, among others, problems when updating from phpBB versions 3.0.5 and older, incorrect image size being detected for uploaded files, blurry forum & topic icons in some browsers, and problems with deleting orphaned attachments when a high number of orphaned attachments is present.
  • We’d also like to note that due to changes in our dependency the minimum expected PHP version is now PHP 5.4.7. PHP versions between 5.4.0 and 5.4.6 will most likely continue to work but can cause unexpected side effects. If you are affected by this you should upgrade to a newer, secure version of PHP. In addition to that, PHP 7.2 is now supported by phpBB 3.2. Please ensure that your extensions are compatible before upgrading.

New in phpBB 3.2.1 (Jul 20, 2017)

  • This version is a maintenance & security release of the 3.2.x branch which fixes three security issues, as well as adding more hardening and fixes for various bugs reported in previous versions.
  • A server-side request forgery (SSRF) exploit was discovered in the remote avatar functionality which could be used to perform service discovery on internal and external networks as well as retrieve images which are usually restricted to local access (thanks to SEC Consult for the report). Additionally, a cross-site scripting vulnerability via version check files was discovered internally (thanks Derk Ruitenbeek). This could have been used to trick users into clicking on javascript: links. The third fixed issue concerned potential high load scenarios that could be caused by specially crafted search queries while using MySQL fulltext search.
  • The bugfixes address issues with migration dependencies preventing updates from phpBB 3.0.6 or older, multiple issues with the new text formatter, make the FTP update method functional again, as well as issues with updating from earlier versions using PostgreSQL. Notable changes include new, higher resolution images for the imageset icons, pagination for IP tables and post info, and added search indexing for topics after splitting a topic. The version check now also supports branches which will result in more helpful information about new versions on other branches.

New in phpBB 3.2 (Jan 15, 2017)

  • Today is a big day for the entire phpBB community and we hope that you're as excited as we are! With the help of over one hundred volunteers, we have improved and extended phpBB to provide the new and improved phpBB 3.2 Rhea.
  • The new phpBB 3.2 Rhea builds upon 3.1 Ascraeus, upgrading the experience for users, administrators, and developers. The new BBCode parser adds support for all the emojis you've been using on mobile devices, the new font awesome integration adds retina quality icons to prosilver, and the quoting feature has been enhanced. Together with Symfony 2.8, an improved integration of the twig template engine, and full support for both PHP 7.0 & 7.1, we have increased extensibility of phpBB 3.2 while reducing development time.
  • Board admins will apprecite the new installer, which enables easier updating using the browser or a command-line interface, as well as the newly added reCAPTCHA 2.0 to thwart would-be spammers at the gate.

New in phpBB 3.1.9 (Apr 18, 2016)

  • New Features:
  • Respect X-Forwarded-Headers for upgrading non-SSL to SSL connection - Proxy's request to upgrade users to using SSL instead of non-SSL communication will be correctly respected (e.g. when using HAproxy). This requires default ports for SSL and can only be used for upgrading from non-SSL to SSL and not to downgrade from SSL to non-SSL.
  • Disable sending headers - Extension authors can disable sending headers in the page_header() function and the controller helper's render() method
  • Notable Changes:
  • Q&A fallback to non-default language questions - Q&A will try to fall back to Q&A combos that are not the current or default language if it's enabled and no valid Q&A set for the current or default language are set. If this is not possible, the captcha system will throw an error and prevent registrations without filling out the captcha caused by the invalid setup and misconfiguration.
  • Notable Bug Fixes:
  • Removed automatic approve of unapproved posts - Editing an unapproved post as a moderator will no longer automatically approve it.
  • Email queue not cached by opcache - Email queue won't be cached by opcache anymore. This caused issues with dulicate emails.
  • Correct column default in MSSQL - Database column default will no longer be incorrectly escaped in MSSQL (caused upgrade issues for 3.0.x to 3.1.x)
  • Modified since for files served with download/file.php - The modified since header was not correctly served
  • File update when using non-file based cache - Admins updating when using caches like memcache no longer see the comparing files page over and over again when looking at file changes
  • Attachments display according to the correct BBCode ID - Attachments displayed now correctly correspond to the ones defined by the attachment BBCodes that were added using the frontend

New in phpBB 3.1.5 (Jun 18, 2015)

  • Security and Hardening:
  • Hardening: Use autocomplete=off for password fields
  • Hardening: Do not populate password fields in the ACP settings with the old password - Thanks Fortify Open Source Review for suggesting
  • Content Permissons: Post subjects from protected subforums were listed incorrectly on the forum index in the following two scenarios: 1. Forum that has no forum password has a subforum with a password. 2. Forum with read permissions has a subforum without read permissions "Can read forum", but with list permissions "Can see forum" - Thanks 5hocK for suggesting
  • New Features:
  • Events - More events have been added to the template and the php core
  • Notable Bug Fixes:
  • Printing topics with webkit - Properly display background images when printing with webkit browser
  • Language files for xCP modules - Adding multiple language files for acp/mcp/ucp modules was incorrectly handled for extensions
  • Several Controller Fixes - AJAX responses did not support exceptions messages, AJAX responses did not support meta_refresh and redirect

New in phpBB 3.1.4 (May 8, 2015)

  • Security and Hardening:
  • Security: An insufficient check allowed users of the Google Chrome browser to be redirected to external domains (e.g. on login). Thanks to Mathias Karlsson (avlidienbrunn) for bringing this to our attention.
  • Hardening: The HTTP protocol version received via SERVER_PROTOCOL is now verifed to have the expected format. See PHPBB3-13765.
  • New Features:
  • Events - More events have been added to the template and the php core
  • Notable Bug Fixes:
  • Version check of extensions - File caching of extensions' version check file doesn't work
  • Fix links from /board - Append page name to base url if it doesn't contain it and the path ends without a trailing slash

New in phpBB 3.1.3 (Feb 2, 2015)

  • Security and Hardening:
  • Hardening of imagick path - Existence of the path to the imagick program specified in the Administration Control Panel is now verified.
  • New Features:
  • Events - More events have been added to the template and the php core
  • Support for IDN (IRI) Urls - Urls in BBCodes, posts and profile fields can now contain UTF8 characters
  • Migrations can now use DI - Migrations can now use the container to access additional objects
  • Notable Bug Fixes:
  • Canonical URLs sort parameters removed - In order to produce less duplicate pages, the sort parameters have been removed from the canonical URLs
  • Multiple bugs while updating - Quite some bugs in the database update scripts have been fixed
  • Boolean profile fields on PostgreSQL - Boolean profile fields can now be created again
  • UTF8 characters in attachment names - Attachments with UTF8 characters in their file name can now be uploaded again

New in phpBB 3.1.2 (Nov 26, 2014)

  • Today, we are publishing phpBB 3.1.2 in order to address over 30 discovered issues since the release of 3.1.0: a number of improvements as well as two minor security vulnerabilities that we identified ourselves. Please update your phpBB 3.1 installation as soon as possible.
  • We resolved problems with redirects to incorrect URLs following confirmation screens that we introduced with the security fix in 3.1.1. A large number of the bug fixes and improvements relate to the update process from phpBB 3.0 Olympus to 3.1 Ascraeus and we are confident that the process now works more smoothly for anyone looking to update.
  • Through specifically crafted requests with an XMLHttpRequest header it was possible to trigger an infinite loop in a phpBB routine which may end up consuming a large amount of resources on a server running phpBB 3.1.1. Further, once you installed an extension, its authors were able to load additional HTML in the extensions administration interface through the version check file which would only be exploitable by malicious extension authors. Independent of this particular problem we recommend you only install extensions made available in the extension database on http://www.phpbb.com as they go through a security audit by the extensions team before they are published.

New in phpBB 3.1.1 (Nov 3, 2014)

  • If a user's selected style no longer exists, attempt to reset to an existing style.
  • Fix auth provider errors for forums that migrated from other forum software.
  • Improve and correct update instructions and documentation.

New in phpBB 3.1.0 (Oct 29, 2014)

  • Today is a big day for the entire phpBB community and we hope you're excited! With the help of hundreds of volunteers, we have created the best and most modern version of phpBB yet: 3.1 Ascraeus. It features many improvements for users, administrators, and developers alike. Its new responsive theme takes phpBB into the modern mobile world, OAuth logins and Gravatars improve phpBB's integration into the social web, and a new notification system makes it easy to keep apprised of all that's going on.
  • With phpBB 3.1 Ascraeus' extension system, you can easily customize and extend your forum's functionality without modifying source code. The extension system makes updating phpBB and 3rd party code a breeze. Our Extensions Team is also actively developing a set of officially supported extensions, explanding upon phpBB's already rich feature-set with some separately maintained popular options. For example custom pages, Google Analytics integration, and detailed board rules.
  • We have been hard at work to ensure 3.1 Ascraeus is also the most stable and secure release of phpBB. A professional security audit performed by SektionEins found phpBB 3.1 Ascraeus to be solid, due to the examplary execution of strict coding guidelines. The well tested and widely used Symfony components have replaced some of the underlying foundations of phpBB to let us focus our efforts on providing the best forum experience imaginable.

New in phpBB 3.1.0 RC5 (Oct 8, 2014)

  • New Features:
  • Events - New events have been added to increase the power of extensions
  • Notable Changes:
  • Services sorted - The services provided by the phpBB core have been ordered and split into multiple files so you can find them more easily
  • Notable Bug Fixes:
  • MySQL 5.7 - Installing on MySQL 5.7 is now possible again

New in phpBB 3.1.0 RC4 (Sep 22, 2014)

  • New Features:
  • Events - New events have been added to increase the power of extensions
  • Extensions and "all" style - Extensions templates are now loaded from the "all" folder by controller/helper/render()
  • Extensions outside of phpBB - Add ability to access extensions outside the phpBB root
  • Notable Changes:
  • Notification service prefix - The hardcoded prefix for notification services has been removed, so extensions can correctly namespace them.
  • Symfony Update - Symfony Components have been updated to 2.3.19
  • Notable Bug Fixes:
  • Converting from phpBB 2.0 - Converting from phpBB 2.0 to 3.1 is now possible again

New in phpBB 3.0.12 (Sep 30, 2013)

  • This version is a maintenance release fixing various bugs but not adding any new features. We have updated the list of bots/spiders, further improved compatibility with recent PHP versions, and support MySQL fulltext search on InnoDB for those MySQL versions which provide it. The custom BBCode token LOCAL_URL has been modified to operate closer to its description. If you have any custom BBCodes using the token you should test if the custom BBCode still functions correctly or if you need to replace the token with the new RELATIVE_URL token. Moderators are no longer exempt from post approval, instead the permission "Can post without approval" is applied as it is for all other users. We now reject very long password inputs immediately to save on resources during password checks.

New in phpBB 3.0.11 (Aug 27, 2012)

  • Bug:
  • [PHPBB3-7432] - Unclear language for Inactive Users on ACP main page
  • [PHPBB3-8652] - Duplicate Emails Sent When Subscribed to Forum and Topic
  • [PHPBB3-9079] - Display backtrace on all E_USER_ERROR errors, not only SQL errors (when DEBUG_EXTRA is enabled)
  • [PHPBB3-9084] - Unable to display 'option equal to non entered value' if dropdown CPF is not required
  • [PHPBB3-9089] - PM message title box not accessible via Tab key
  • [PHPBB3-9220] - Blue border width when table in a div
  • [PHPBB3-9681] - Password length not in security settings
  • [PHPBB3-9813] - fulltext_native.php on innodb loading deadly slow for big indexes
  • [PHPBB3-9831] - Cannot change default of Boolean checkbox custom profile field
  • [PHPBB3-10094] - Clear cache before phpBB installation
  • [PHPBB3-10129] - Missing apostrophes in ACP user management -> permissions
  • [PHPBB3-10349] - Unit tests do not remove comments from schemas
  • [PHPBB3-10399] - Special characters aren't parsed in style component variables
  • [PHPBB3-10401] - auth_ldap has an incorrect return value in login_ldap()
  • [PHPBB3-10407] - Incorrect check for empty image file paths during conversion
  • [PHPBB3-10428] - optionget/optionset functions in session.php and acp_users.php incorrectly check whether $data is at its default value
  • [PHPBB3-10456] - Subsilver2 does not define $CAPTCHA_TAB_INDEX
  • [PHPBB3-10508] - Marking forums as read displays misleading language
  • [PHPBB3-10511] - Grammar defect in permissions language
  • [PHPBB3-10512] - Test failure when no default timezone is set in php
  • [PHPBB3-10532] - Out of range $start causes a page with no search results but with pagination
  • [PHPBB3-10538] - Special character are not correctly parsed for SMTP protocol
  • [PHPBB3-10542] - Incorrect class="postlink" in styles/subsilver2/template/faq_body.html
  • [PHPBB3-10546] - Argument missing for adm_back_link() in acp_captcha.php
  • [PHPBB3-10561] - All users can choose deactivated styles.
  • [PHPBB3-10569] - template/ucp_main_front.html does not correctly handle active topic with the name "0"
  • [PHPBB3-10580] - Default tz in registration dropdown not the same as the board default tz
  • [PHPBB3-10589] - user_birthday does not use table alias in $leap_year_birthdays variable definition
  • [PHPBB3-10605] - Orpahned privmsgs are left in the prvmsgs table, with no ties in privmsgs_to table
  • [PHPBB3-10606] - $s_hidden_fields -> incorrect array name (3 files affected)
  • [PHPBB3-10611] - Add a check for selected tables existence for ACP database backup tool
  • [PHPBB3-10615] - Static calls in utf normalizer yield E_STRICT spam on php 5.4
  • [PHPBB3-10630] - Prune Users produced unnecessarily long query; Got a packet bigger than 'max_allowed_packet' bytes
  • [PHPBB3-10633] - Users are able to get the real filename of attachment
  • [PHPBB3-10639] - negative value of ranks message
  • [PHPBB3-10658] - Rank-item is not shown on team-list
  • [PHPBB3-10675] - Use more descriptive message when disk is out of space
  • [PHPBB3-10684] - Function user_notification() prevents notifications for users with stale bans
  • [PHPBB3-10689] - Bug in the popup " Find a member" when select by letter.
  • [PHPBB3-10691] - Search index creation CLI script incorrectly calculates indexing speed
  • [PHPBB3-10699] - Long h2 title breaks div.minitabs in MCP
  • [PHPBB3-10708] - After a conversion, passwords with UTF8 characters do not work when user_pass_convert is set.
  • [PHPBB3-10717] - memberlist_view.html: including admin defined profile fields doesnt work
  • [PHPBB3-10723] - Do not use SQLite on PHP 5.4 in Tests on Travis
  • [PHPBB3-10731] - JS function addquote() works incorrectly in Opera
  • [PHPBB3-10751] - MS SQL Error when searching Admin Log
  • [PHPBB3-10760] - In pre-commit git hook, syntax error is thrown, but is not specifically described
  • [PHPBB3-10767] - Git hooks do not work properly with git GUIs
  • [PHPBB3-10774] - db_tools::create_unique_index does not use specified index names on MySQL
  • [PHPBB3-10790] - Strict comparison on user_id for sending pms
  • [PHPBB3-10797] - Template var for user rank not filled
  • [PHPBB3-10835] - Misleading message in UCP when no permission to change password
  • [PHPBB3-10846] - Missing alias for MAX(post_id) in SQL query in acp_main.php
  • [PHPBB3-10849] - Missing BBCode Help Text in subsilver2
  • [PHPBB3-10858] - $db->sql_fetchfield returns false with mssqlnative
  • [PHPBB3-10860] - Side-by-side diff styling javascript bug
  • [PHPBB3-10881] - Some files use 0xA9 as the copyright symbol which is neither ASCII nor the UTF8 copyright symbol.
  • [PHPBB3-10887] - Auto increment tests depend on varbinary handling
  • [PHPBB3-10889] - Default value for c_char_size in database unit tests is an empty string instead of a char(4)
  • [PHPBB3-10890] - test_sql_fetchrow_returns_false_when_empty() fails on MSSQL and Oracle
  • [PHPBB3-10908] - No remote avatar size limit results in files limited only by PHP memory limit
  • [PHPBB3-10913] - Admin is logged out when accessing any url under adm/ without session id
  • Improvement:
  • [PHPBB3-8599] - Add "Select All" to "Add multiple smilies" screen
  • [PHPBB3-8636] - Add resync option to topic_view moderation page
  • [PHPBB3-9876] - Names and descriptions for roles "Newly registered User" in "User roles" and "Forum roles" must be different
  • [PHPBB3-9914] - Add backup warning to Automatic DB Updater
  • [PHPBB3-9916] - License in header not linking to version 2 of GNU GPL
  • [PHPBB3-10093] - Make commit-msg hook always not fatal
  • [PHPBB3-10162] - Allow TLDs over 6 characters in email addresses
  • [PHPBB3-10280] - Change the ACP user activation display
  • [PHPBB3-10308] - Disable Retain/Delete Posts selection if the user has no posts.
  • [PHPBB3-10453] - PM viewmessage page is misplacing the online icon
  • [PHPBB3-10492] - Port functional tests to develop-olympus
  • [PHPBB3-10507] - Sort installed styles list in admin control panel - styles
  • [PHPBB3-10550] - Sort not installed styles list in admin control panel - styles
  • [PHPBB3-10563] - ACP usability improvement: show deactivated styles below active styles in styles list
  • [PHPBB3-10565] - Performance: Unneeded GROUP BY in update_forum_tracking_info
  • [PHPBB3-10607] - phpBB Credit Line Hardcoded
  • [PHPBB3-10653] - Add ability to count table rows to database abstraction layer
  • [PHPBB3-10730] - Add label tags around "select" text in post splitting UI in MCP
  • [PHPBB3-10764] - FAQ mentions SourceForge
  • [PHPBB3-10812] - Installer should not display register globals UI for php 5.4+
  • [PHPBB3-10815] - Enable Feeds by default
  • [PHPBB3-10819] - Improve side-by-side diff styling
  • [PHPBB3-10834] - Backport general development language changes in readme files
  • [PHPBB3-10836] - Enable Avatars by default
  • [PHPBB3-10891] - Allow specifying test config file name via environment variable
  • [PHPBB3-10892] - Cosmetic improvements to RUNNING_TESTS.txt
  • [PHPBB3-10898] - Do not write ?> into config.php to avoid whitespace output
  • New Feature:
  • [PHPBB3-10616] - Add template inheritance by default
  • Sub-task:
  • [PHPBB3-10907] - Mark (var)binary tests as incomplete on non-MySQL DBMSes
  • Task:
  • [PHPBB3-9896] - Update links in docs/readme.html
  • [PHPBB3-10434] - Add a script that allows creating a search index from CLI
  • [PHPBB3-10455] - Remove NOTE from header files
  • [PHPBB3-10694] - Update notification in ACP (Olympus) for increase of minimum PHP version to 5.3.2
  • [PHPBB3-10718] - Add Travis CI
  • [PHPBB3-10788] - Update docs/AUTHORS for 3.0.11-RC1
  • [PHPBB3-10909] - Update Travis Test Configuration: Travis no longer supports PHP 5.3.2

New in phpBB 3.0.10 (Jan 3, 2012)

  • Bug:
  • [PHPBB3-5506] - Deleting all items from last page results in empty list display
  • [PHPBB3-6458] - Width of Topics and Posts columns in Board Index is causing problems with language packs
  • [PHPBB3-7138] - Cannot display simple header/footer with trigger_error()
  • [PHPBB3-7291] - Broken links of char selection in memberlist
  • [PHPBB3-7932] - Fix font size in select boxes
  • [PHPBB3-8094] - Text in the forums.php and install.php not matching
  • [PHPBB3-8173] - Redundant BBCode helpline in JS
  • [PHPBB3-8177] - February 29th birthdays not shown in non-leap year
  • [PHPBB3-8571] - Users can make their age a negative number on memberlist
  • [PHPBB3-8691] - Error creating log_time index
  • [PHPBB3-8937] - Code tags - single space indent
  • [PHPBB3-9008] - Incorrect unread topic tracking for unapproved topics
  • [PHPBB3-9066] - Invalid Prefix Names Allowed
  • [PHPBB3-9416] - HTML entities in poll titles and options incorrectly re-encoded
  • [PHPBB3-9525] - Minimum characters per post/message should never be '0'
  • [PHPBB3-9645] - XHTML error on phpinfo page in ACP
  • [PHPBB3-9776] - When deleting and recreating a poll, old options aren't deleted and reappear with the new ones
  • [PHPBB3-9956] - No error message displayed when disapprove reason is invalid or empty
  • [PHPBB3-9976] - Direct post links open the wrong page of viewtopic when multiple posts are posted in the same second
  • [PHPBB3-9978] - Missing semicolons in // = 5.3.0
  • [PHPBB3-10237] - Unwatching a forum/topic does not check for correct hash parameter
  • [PHPBB3-10240] - Word filter evasion
  • [PHPBB3-10253] - IE9 Quote problem
  • [PHPBB3-10255] - gitignore ignores too much
  • [PHPBB3-10257] - AAAA record parsing fails on older versions of Windows
  • [PHPBB3-10259] - Incorrect email on joining Open group
  • [PHPBB3-10265] - Unit test tests/random/mt_rand.php is not run because of missing _test suffix.
  • [PHPBB3-10266] - Poor navigation links after reporting a post
  • [PHPBB3-10267] - Missing strlen() on $table_prefix in db tools index name length check
  • [PHPBB3-10274] - Hardcoded module ID in "Re-check version" link on ACP front page
  • [PHPBB3-10275] - Wrong information about sent passwords in FAQ
  • [PHPBB3-10292] - Whitespace inconsistency in acp_ranks
  • [PHPBB3-10293] - Jumpbox allows jumping to invalid forums in prosilver
  • [PHPBB3-10294] - sqlsrv_rows_affected non-functional in MSSQLNative.php
  • [PHPBB3-10296] - incorrect cross join in SQL Server
  • [PHPBB3-10298] - EMBED Tag Not Closed Properly In subSilver2 attachment.html
  • [PHPBB3-10299] - Typo in comment about $max_store_length in truncate_string() (in functions_content.php)
  • [PHPBB3-10303] - send_status_line() doesn't validate user input
  • [PHPBB3-10304] - Bad url in U_ICQ on /ucp_mp_viewmessage.php
  • [PHPBB3-10307] - Return value of $db->sql_fetchrow() on empty tables is not consistent
  • [PHPBB3-10309] - Utf tests download data into temporary locations deep in source tree
  • [PHPBB3-10320] - "Most active topic" can leak topic title of topics in password-protected forums
  • [PHPBB3-10321] - Link to page 1 of the Memberlist has a useless question mark at the end
  • [PHPBB3-10324] - XHTML error in Prosilver - MCP - User Notes
  • [PHPBB3-10339] - Typo in prosilver's mcp_front.html
  • [PHPBB3-10341] - Topic title of "0" does not show as "Most active topic"
  • [PHPBB3-10351] - Invalid syntax for Oracle's sql_column_remove()
  • [PHPBB3-10352] - Missing break for Oracle's sql_table_drop()
  • [PHPBB3-10365] - Moderators can view forbidden information
  • [PHPBB3-10377] - All moderators can change topic type
  • [PHPBB3-10394] - Tests use call-time pass by reference which results in Fatal error on PHP 5.4
  • [PHPBB3-10397] - Pagination code inconsistency
  • [PHPBB3-10400] - '0' (zero) not allowed as forum name
  • [PHPBB3-10413] - Make create_schema_files usable
  • [PHPBB3-10416] - Use dbport in phpbb_database_test_connection_manager::connect()
  • [PHPBB3-10420] - Update startup to account for PHP 5.4
  • [PHPBB3-10421] - Interchanged parameters in includes/acp/acp_users.php
  • [PHPBB3-10422] - Unnecessary statement in viewtopic_body.html
  • [PHPBB3-10435] - Topic count mismatch on viewforum
  • [PHPBB3-10437] - Announcements on moderation queue are not hidden
  • [PHPBB3-10446] - Unencoded 8bit characters in email headers
  • [PHPBB3-10452] - XHTML error when printing a PM
  • [PHPBB3-10461] - MCP's recent actions list is empty
  • [PHPBB3-10479] - Remove PostgreSQL version numbers from driver's language string
  • [PHPBB3-10485] - XHTML error in Prosilver - index and viewforum
  • [PHPBB3-10488] - Database updater for 3.0.10-RC1 overwrites config variable email_max_chunk_size without checking for custom value
  • [PHPBB3-10497] - SQL error when guest visits forum with unread topic
  • [PHPBB3-10319] - Missing hidden fields in search form
  • [PHPBB3-10501] - Description of table prefix is wrong
  • [PHPBB3-10502] - ./../support/documents.php?mode=changelog&version=3&sid=87b8e60fdbdc09a1a631f0fd50edfb4a has a typo: 'red' should be 'read'.
  • [PHPBB3-10503] - Debug error when previewing edits
  • [PHPBB3-10504] - MCP Layout STILL broken in ProSilver when screen is resized to less 1200 pixels
  • [PHPBB3-10531] - Last remaining style can be uninstalled
  • Improvement:
  • [PHPBB3-8616] - Add direct link to PM to notification message
  • [PHPBB3-9036] - Forums that can be listed but not read expose forum information
  • [PHPBB3-9297] - Add support for Extended Passive Mode (EPSV) in class ftp_fsock to better support IPv6 connections.
  • [PHPBB3-9307] - Mass email $max_chunk_size
  • [PHPBB3-9361] - Edit account settings - Improved clarification needed
  • [PHPBB3-9778] - Member Search from the Admin Control Panel is not Intuitive
  • [PHPBB3-9898] - Readme needs updating to reflect more opening for patches
  • [PHPBB3-9995] - Unnecessary coding in display_forums() in functions_display.php
  • [PHPBB3-10032] - BBCode Add List Item Control Name Contains Typo
  • [PHPBB3-10074] - Change default value of 'Set as special rank' to No for Add new rank
  • [PHPBB3-10185] - Board startdate not being set
  • [PHPBB3-10189] - Add "automatically generated" comment into schema-files.
  • [PHPBB3-10199] - Performance: viewtopic has a useless join
  • [PHPBB3-10222] - Also build language and styles changes in diff/patch format
  • [PHPBB3-10239] - Add "Are you sure" confirmation to backup restore in ACP
  • [PHPBB3-10243] - Add gmgetdate() wrapper for getdate() which returns dates in UTC.
  • [PHPBB3-10245] - Messenger uses output buffering for error collection, should use error collector instead
  • [PHPBB3-10246] - Remove VCS section from docs/coding-guidelines.html
  • [PHPBB3-10254] - Remove style names from themes and fix some information on it
  • [PHPBB3-10263] - Add phpbb_version_compare() wrapper for version_compare()
  • [PHPBB3-10278] - Improve timeout handling in get_remote_file()
  • [PHPBB3-10315] - Radio Buttons in ACP are clipped in Safari - Fix suggested
  • [PHPBB3-10327] - Use "ALTER TABLE ... ADD INDEX" instead of "CREATE INDEX"
  • [PHPBB3-10334] - Birthday List display not dependent on user privileges
  • [PHPBB3-10335] - Responses to bots should have extra header to be used by reverse proxies
  • [PHPBB3-10346] - Add drop_tables key for database updater
  • [PHPBB3-10354] - When template tests are skipped because cache is not writable, print cache directory path
  • [PHPBB3-10369] - Change error collector to always report errfile and errline
  • [PHPBB3-10370] - Various improvements for get_backtrace()
  • [PHPBB3-10402] - Displaying report texts with linebreaks and clickable links
  • [PHPBB3-10419] - Add mbstring PHP ini parameters checks to ACP
  • [PHPBB3-10430] - Some typos and the like in docs/coding-guidelines.html
  • New Feature:
  • [PHPBB3-8240] - Request: db_tools to have two additional functions, table list and column list
  • Task:
  • [PHPBB3-9689] - Scripts and utilities
  • [PHPBB3-10003] - Resolve db_tools proliferation
  • [PHPBB3-10313] - Include slow unit tests when running build script
  • [PHPBB3-10483] - Test suite does not run with MySQL strict mode
  • [PHPBB3-10486] - Create git shortlog and git diff --stat in build script
  • [PHPBB3-10480] - Automate changelog building

New in phpBB 3.0.9 (Jul 11, 2011)

  • Bug:
  • [PHPBB3-217] - Multiline [url] not Converted
  • [PHPBB3-6712] - Topic bumping does not create new topic icon on index
  • [PHPBB3-7057] - Quicksearch uses POST, thus the page expires!
  • [PHPBB3-7778] - Increase limit of custom BBcodes
  • [PHPBB3-7834] - Correctly update topic_time when deleting first post in topic
  • [PHPBB3-7888] - URL of search results page does not always contain all keywords of the search query
  • [PHPBB3-7941] - mistake in description of function generate_board_url
  • [PHPBB3-8138] - Browser autocompleton fills wrong fields in ACP
  • [PHPBB3-8736] - Honour ACP settings for min/max username length when posting as a guest.
  • [PHPBB3-8802] - Wrong confirmation text when clicking "mark forums read" in a category
  • [PHPBB3-8904] - Show numeric CPF default value when editing
  • [PHPBB3-9166] - Subsilver and prosilver CSS elements out of order.
  • [PHPBB3-9348] - Correctly encode default_dateformat when converting from phpBB2
  • [PHPBB3-9575] - The word "administrate" is not correct.
  • [PHPBB3-9630] - Naming inconsistency of Merging Posts / Topics in MCP
  • [PHPBB3-9675] - Add option to delete template/theme/imageset when deleting style.
  • [PHPBB3-9685] - Unable to create "Fulltext native" search index using the mssqlnative DBAL
  • [PHPBB3-9751] - Password requirement "Must contain letters and numbers" is not working properly
  • [PHPBB3-9764] - Empty value for CONFIG_TABLE config_name= 'mime_triggers' causes functions_fileupload.php->fileupload->check_content() to be too restrictive
  • [PHPBB3-9851] - "Search new posts" should require login
  • [PHPBB3-9872] - Total topics isn't correct after I deleted a user
  • [PHPBB3-9874] - view_log() performs unneeded count query over all log entries.
  • [PHPBB3-9892] - Firebird index name length limit is not taken into account
  • [PHPBB3-9905] - DSN field should include SQLite
  • [PHPBB3-9908] - Send "Moved Permanently" before stripping off session ids for Bots.
  • [PHPBB3-9910] - Javascript bug in Subsilver2 PMs
  • [PHPBB3-9911] - Incorrect open/close field in Manage ranks ACP
  • [PHPBB3-9913] - currunt should be current
  • [PHPBB3-9915] - "Length of ban:" is not displayed in ACP
  • [PHPBB3-9924] - $template->display hook does not pass $template instance
  • [PHPBB3-9925] - prosilver logo margin bug in IE 6-7-8
  • [PHPBB3-9928] - Do not link "login to your board" to the "send statistics" page after completed update.
  • [PHPBB3-9930] - Redirect fails with open_basedir enabled
  • [PHPBB3-9932] - The Bing bot is not added when converting.
  • [PHPBB3-9933] - Wrong handling of consecutive multiple asterisks in word censor
  • [PHPBB3-9934] - Mass Mail missing under the system tab on a fresh install
  • [PHPBB3-9939] - JavaScript error in recaptcha ACP template
  • [PHPBB3-9944] - Extension groups naming don't use users' language in ACP
  • [PHPBB3-9946] - $inserts empty in sql_query() for oracle
  • [PHPBB3-9948] - Inline quicktime files won't display
  • [PHPBB3-9949] - $user->lang() is not handling arguments as per documentation
  • [PHPBB3-9950] - Problem with localized button images after uprading from 3.0.7-PL1 to 3.0.8
  • [PHPBB3-9953] - Set focus to password on re-authentication
  • [PHPBB3-9954] - u_masspm* permissions are forced to never for certain groups
  • [PHPBB3-9961] - Inconsistent activation logs
  • [PHPBB3-9966] - Language download in ACP creates index.html and misses captcha_*
  • [PHPBB3-9970] - user_lang input not checked during registration
  • [PHPBB3-9981] - Fix unit test dependencies on phpBB files
  • [PHPBB3-9985] - 3D Wave CAPTCHA mt_rand() does not check order of min/max values
  • [PHPBB3-9997] - Inconsistent approve/disapprove button order in modcp
  • [PHPBB3-9999] - {forumrow.L_FORUM_FOLDER_ALT} and {SEARCH_IMG} only return a language key.
  • [PHPBB3-10005] - users can register without custom profile field correctly entered
  • [PHPBB3-10011] - __DIR__ in test suite renders it unusable on php < 5.3
  • [PHPBB3-10016] - set_config_count() fails on PostreSQL 7
  • [PHPBB3-10020] - ACP function validate_range() fails partially on non-32-bit systems
  • [PHPBB3-10021] - "Find a member" generates SQL error when large dates are entered
  • [PHPBB3-10029] - No such thing as $_SERVER['HTTP_VERSION']
  • [PHPBB3-10033] - "Disallow usernames" does not check already disallowed names
  • [PHPBB3-10035] - ACP template edit feature allows to read any files on webserver and to upload/execute any script on it
  • [PHPBB3-10036] - Use image from configuration file for displaying online-status.
  • [PHPBB3-10038] - download/file.php uses $_GET value instead of function request_var()
  • [PHPBB3-10039] - 2.x to 3.x conversion fails when using mssqlnative to connect to destination database
  • [PHPBB3-10042] - GD captcha has invalid mt_rand calls
  • [PHPBB3-10047] - Session ID always included in URL on posting.php
  • [PHPBB3-10049] - Session test files are misnamed, session tests are not run
  • [PHPBB3-10052] - Session tests are broken
  • [PHPBB3-10056] - Firebird misspelled in database updater
  • [PHPBB3-10058] - Root path is undefined in MySQL upgrader
  • [PHPBB3-10059] - Consistent is misspelled twice
  • [PHPBB3-10060] - Typo in tests database connection manager
  • [PHPBB3-10068] - Firefox4 restrictions to :visited
  • [PHPBB3-10078] - commit-msg hook prints \n on freebsd
  • [PHPBB3-10081] - Cleanup Template Tests
  • [PHPBB3-10084] - Add smilie errors out when image is missing
  • [PHPBB3-10088] - Cache mock does not unset database versions other than mysqli
  • [PHPBB3-10090] - cache/queue.php.lock isn't covered by .gitignore
  • [PHPBB3-10092] - commit-msg hook aborts on overlength comment lines
  • [PHPBB3-10096] - Wrong whitespace in functions.php
  • [PHPBB3-10100] - Race condition in unique_id() on heavily busy database.
  • [PHPBB3-10102] - member.S_PENDING_SET in styles/prosilver/template/ucp_groups_manage.html
  • [PHPBB3-10104] - missing one intval() along with others already being there
  • [PHPBB3-10109] - Errors while copying a topic
  • [PHPBB3-10112] - Use of count() in captcha_gd.php and mssqlnative.php
  • [PHPBB3-10115] - BBcodes not working if post contains about or more 55000 non-english symbols
  • [PHPBB3-10117] - Big posts becomes empty if they have smilies on specified places.
  • [PHPBB3-10121] - ICQ profile link leads to a webservice that is no longer active
  • [PHPBB3-10123] - Inconsistent use of smilie/smiley
  • [PHPBB3-10128] - Error message is on green background when trying to ban a nonexistent user
  • [PHPBB3-10137] - Deleting an unintended space at the end of PHP_URL_FOPEN_SUPPORT_EXPLAIN
  • [PHPBB3-10146] - Firebird cannot handle DECIMAL(255, 0)
  • [PHPBB3-10147] - Typo in code comment in functions_template.php
  • [PHPBB3-10149] - deregister_globals causes error when cookie called GLOBALS is set to scalar value
  • [PHPBB3-10170] - reCAPTCHA address has changed
  • [PHPBB3-10171] - Firefox4 displays grey pixels at PM message rows when message is neither marked nor replied
  • [PHPBB3-10177] - phpBB package cannot be built with bsdtar
  • [PHPBB3-10178] - build.xml does not specify path to find - breaks on FreeBSD
  • [PHPBB3-10188] - Broken compressed output when errors/warnings are handled by phpbb and output_buffering is set to 4096 and phpbb gzip is enabled
  • [PHPBB3-10191] - Duplicate output when output_handler is set in php.ini
  • [PHPBB3-10192] - Missing semicolon in MySQL Upgrader
  • [PHPBB3-10195] - Do not check DNS Blacklists if IPv6 address is passed to session::check_dnsbl().
  • [PHPBB3-10198] - Function validate_config_vars() improperly validates multibyte strings
  • [PHPBB3-10203] - Fix quotations and hyphen in language strings for PHPBB3-10067
  • [PHPBB3-10204] - Package build tool does not detect binary file changes
  • [PHPBB3-10206] - Normalization tests fail when unicode.org is not reachable
  • [PHPBB3-10211] - Missing space on the recent PHPBB3-9992 changes
  • [PHPBB3-10213] - IP limit index name too long on Oracle
  • [PHPBB3-10214] - Cannot configure Q&A on Oracle
  • [PHPBB3-10218] - STRIP is not defined in style.php causing a notice to be thrown
  • [PHPBB3-10219] - Inappropriate character in web.config file
  • [PHPBB3-10220] - Logging in with Mobile Device triggers SQL error on *_login_attempts.
  • [PHPBB3-10221] - Inconsistent usage of "Seconds" in ACP Settings
  • [PHPBB3-7729] - Prevent date/time functions from throwing E_WARNING on PHP 5.3 by setting a default timezone
  • [PHPBB3-10188] - Broken compressed output when errors/warnings are handled by phpbb and output_buffering is set to 4096 and phpbb gzip is enabled
  • [PHPBB3-10223] - Updater references startup.php from board path
  • [PHPBB3-10228] - Typo in 3.0.9-RC1 user registration settings
  • [PHPBB3-10229] - On languge/acp/styles.php "%s" should be "%s"
  • [PHPBB3-10232] - Search within topic/forum searches all posts
  • [PHPBB3-10233] - IE Emulation fix breaks posting layout when PMing
  • [PHPBB3-10234] - msg_handler() reports E_WARNING as "PHP Notice: "
  • [PHPBB3-10247] - mediumint(8) too small for phpbb_login_attempts.attempt_id
  • [PHPBB3-10250] - phpBB Logo needs the Registered Trademark Symbol
  • Improvement:
  • [PHPBB3-9581] - Banned users get mass emails.
  • [PHPBB3-9802] - Optimize session_begin REMOTE_ADDR validation
  • [PHPBB3-9878] - Get rid of Internet Explorer 7 emulation
  • [PHPBB3-9897] - Language typos in language/en/acp/board.php
  • [PHPBB3-9922] - Posting URL in subsilver 2
  • [PHPBB3-9937] - Feed Icon displays on Forum links
  • [PHPBB3-9980] - URLs to javascript should be T_SUPER_TEMPLATE_PATH instead of T_TEMPLATE_PATH
  • [PHPBB3-9989] - Skip PM popup in overall_header.html, if there are no new PMs.
  • [PHPBB3-10007] - Add directive 'internal' to blocked folders in nginx example configuration.
  • [PHPBB3-10009] - Differentiate published/updated dates in Atom feed
  • [PHPBB3-10014] - Make the error message when cache is not writable clearer
  • [PHPBB3-10024] - Allow a Style to present Unread PM in different way than read PM
  • [PHPBB3-10040] - Continuous integration on PHP 5.2
  • [PHPBB3-10041] - download/file.php needs more use of send_status_line
  • [PHPBB3-10044] - Setup github network improvements
  • [PHPBB3-10057] - More informative reporting of errors when database connection fails for Firebird and PostgreSQL.
  • [PHPBB3-10067] - ACP options for account activation are confusing when emails are turned off board-wide
  • [PHPBB3-10069] - Improvements in sample nginx config file
  • [PHPBB3-10072] - Send the post number to the template as it relates to it's position in the topic
  • [PHPBB3-10101] - Compatibility with native phpass hashes
  • [PHPBB3-10126] - Replace ^ with &~ in error_reporting calls
  • [PHPBB3-10141] - Performance improvement for $auth->_fill_acl()
  • [PHPBB3-10145] - Ability to force recompilation of all templates on every page load
  • [PHPBB3-10154] - Move "copy permissions from" to below "parent" in forum creation form
  • [PHPBB3-10158] - Return link not really useful after sending a Private Message
  • [PHPBB3-10186] - UCP signature panel displays when not authed for signatures
  • New Feature:
  • [PHPBB3-9942] - WinCache Caching Module
  • [PHPBB3-9992] - Limit amount of failed login attempts per IP
  • [PHPBB3-10110] - Redis caching module
  • Task:
  • [PHPBB3-9788] - Add README for GitHub
  • [PHPBB3-9805] - Add a script for setting up git remotes for a github network
  • [PHPBB3-9806] - Script for easy merging
  • [PHPBB3-9824] - Git hook quirks
  • [PHPBB3-9859] - Remove the years from visible copyright in the footer.
  • [PHPBB3-9921] - Add sample configuration for lighttpd webserver
  • [PHPBB3-9943] - Setup phpDocumentor API documentation generation
  • [PHPBB3-9967] - Use phpunit.xml for test suite
  • [PHPBB3-9987] - Enforce _test.php suffix for test files
  • [PHPBB3-9990] - Integrate utf normalizer tests into test suite
  • [PHPBB3-10043] - Refactor phpbb_database_test_case
  • [PHPBB3-10046] - Getting rid of register_shutdown_function() in cron.php to prevent path disclosure (reported by lacton)
  • [PHPBB3-10075] - Update docs/AUTHORS for 3.0.9-RC1 release
  • [PHPBB3-10079] - Add gallery avatars to .gitignore.
  • [PHPBB3-10082] - Fix Session Test Issues with CHAR vs. VARCHAR.
  • [PHPBB3-10105] - Update AIM express link and "Download Application" links
  • [PHPBB3-10107] - Improve docs for non-apache webserver configuration
  • Sub-task:
  • [PHPBB3-9732] - Cover session code extensively in tests
  • [PHPBB3-9968] - Create unit test for word censor regular expression
  • [PHPBB3-9969] - Move word censor regular expression creation into separate function definition in functions.php

New in phpBB 3.0.8 (Nov 22, 2010)

  • Security:
  • [PHPBB3-9903] - Execute javascript in [flash=] BBCode
  • Bug:
  • [PHPBB3-4923] - compress_tar incorrectly determines type
  • [PHPBB3-5164] - Honor minimum and maximum password length in generated passwords as much as possible.
  • [PHPBB3-6726] - Connecting to PostgreSQL using 'localhost' doesn't try to use a TCP connection
  • [PHPBB3-6747] - word censoringdoes not handle space for two or more words
  • [PHPBB3-7260] - Do not delete polls if one exists and editing user lacks permissions
  • [PHPBB3-7296] - Style export to tar(.*) does not work
  • [PHPBB3-7369] - Custom Profile dates display incorrectly
  • [PHPBB3-7417] - Search keywords field does not initially get focus
  • [PHPBB3-7538] - Query exceeds maximum value for user_login_attempts
  • [PHPBB3-7716] - Data too long for column 'message_subject'
  • [PHPBB3-7720] - Fix alternative image-description for unread posts.
  • [PHPBB3-7782] - Send HTTP 404 if topic, forum or user do not exist
  • [PHPBB3-7972] - Copied topics are not indexed
  • [PHPBB3-8169] - Parse CSS Regex accepts invalid code
  • [PHPBB3-8792] - Misleading error message in auth_ldap.php, function init_ldap()
  • [PHPBB3-8894] - JavaScript error and visible quote button on topic review if BBCodes disallowed
  • [PHPBB3-8924] - spelling in admin_welcome_inactive.txt
  • [PHPBB3-8929] - MS SQL error on view all smilies after 3.0.6 upgrade
  • [PHPBB3-8935] - able to set minimal avatar size larger than maximum
  • [PHPBB3-8944] - Error on database update (must specify size of index on MySQL4)
  • [PHPBB3-9012] - Retain original topic title in shadow topic when moving a topic and editing the title.
  • [PHPBB3-9034] - Redirect() fails with directory traversal
  • [PHPBB3-9047] - Active topics and reported posts
  • [PHPBB3-9049] - Password reminder system generates confusable passwords
  • [PHPBB3-9053] - Correctly sort database backup file list by date on database restore page
  • [PHPBB3-9061] - Race condition in queue locking
  • [PHPBB3-9068] - Grammatical Error under Load Settings
  • [PHPBB3-9075] - Missing / bad default values of CPFs result in SQL errors on registration of new users
  • [PHPBB3-9091] - Wrong IP checking for IPv4 addresses mapped into IPv6
  • [PHPBB3-9094] - Hide "Copy permissions" message, when permissions were copied.
  • [PHPBB3-9095] - Misleading setting text for CAPTCHA
  • [PHPBB3-9099] - Missing comma in PASSWORD_EXPLAIN acp language strings
  • [PHPBB3-9101] - Bad text placement for reCAPTCHA description
  • [PHPBB3-9104] - Safari does not display box headers correctly in the ACP.
  • [PHPBB3-9107] - Can't Set Parent Forum
  • [PHPBB3-9108] - RSS feeds does not work on Postgres
  • [PHPBB3-9112] - Most active forum post count does not respect m_approve permission
  • [PHPBB3-9114] - Recent bug fix for smilies causing problems on older MySQL versions
  • [PHPBB3-9117] - Wrong redirection after login
  • [PHPBB3-9119] - Language selection is disregarded in automatic update
  • [PHPBB3-9120] - Typo fix in a comment in functions.php
  • [PHPBB3-9121] - Forum feed shows posts that are currently on the moderation queue
  • [PHPBB3-9125] - ACP User Overview: Unmatched tag when viewing own user
  • [PHPBB3-9126] - Invalid redirection after login to forum not in web root
  • [PHPBB3-9132] - Oracle CLOB support is broken, preventing storage of long strings
  • [PHPBB3-9135] - Fix report-icon for moderators in PM folders.
  • [PHPBB3-9140] - Check current board version in incremental update packages
  • [PHPBB3-9145] - Fix open_basedir issues when accessing styles- and language-management
  • [PHPBB3-9146] - Quick-Reply tabindex="6" set twice
  • [PHPBB3-9147] - "Change topic type"-option "Normal" always selected.
  • [PHPBB3-9154] - Correctly check for double inclusion in captcha garbage collection
  • [PHPBB3-9158] - viewforum/viewtopic pages unnecessarily duplicated with start=0
  • [PHPBB3-9162] - BBCode in poll options is broken, when posting without question.
  • [PHPBB3-9167] - Remove shadow topics from remaining forums when deleting a forum including posts
  • [PHPBB3-9170] - Unable to get image size in img bbcode when URL has multiple parameters.
  • [PHPBB3-9173] - sql_config_count() artificially limits number scope to 4byte-integer on PostgreSQL and Firebird
  • [PHPBB3-9176] - When setting the board's date format the board's timezone settings aren't taken into account
  • [PHPBB3-9451] - Unnecessary overhead in avatar_process_user function
  • [PHPBB3-9478] - Validate maximum number of allowed recipients per PM value
  • [PHPBB3-9495] - Loginbox redirect breaks xHTML
  • [PHPBB3-9499] - Javascript function dE does not correctly detect element visibility
  • [PHPBB3-9504] - Allow gallery avatars with whitespaces in the filename
  • [PHPBB3-9509] - phpBB Coding Guidelines state subversion as the version control system for phpBB
  • [PHPBB3-9510] - Unable to copy permissions from and to forums you cannot see
  • [PHPBB3-9512] - Fix dead link in MCP on reports for global announcements in prosilver.
  • [PHPBB3-9514] - Correctly delete big datasets when deleting a forum including topics/posts on non-MySQL databases
  • [PHPBB3-9518] - Postgres DBAL does not correctly create a new database connection when passing $new_link as true
  • [PHPBB3-9519] - Replace remaining is_writable() calls with phpbb_is_writable().
  • [PHPBB3-9521] - MSSQL error reporting returns String instead of an error
  • [PHPBB3-9524] - IPv6 regular expression does not match addresses starting in ::
  • [PHPBB3-9526] - User Preference to hide online status does not work for bots
  • [PHPBB3-9528] - Quoting in a PM does not fall back to bbcode-less quotes using "> " when bbcodes are disabled
  • [PHPBB3-9529] - Topic review does not display all selected posts
  • [PHPBB3-9530] - subsilver2 missing fallback option on quoting when bbcodes are disabled
  • [PHPBB3-9531] - BBCode-less fall back option for quotes is missing "Author wrote:" line when quoting from topic-review.
  • [PHPBB3-9535] - Incorrect margins in RTL languages: signatures, permission ACP & updater
  • [PHPBB3-9545] - 'Your first forum' should have 'Display active topics:' set to 'Yes'
  • [PHPBB3-9546] - Moving all posts from one topic to another does not delete bookmarks
  • [PHPBB3-9547] - Changing forum type applies FORUM_FLAG_ACTIVE_TOPICS to new forum type.
  • [PHPBB3-9548] - Delete user quicktool drop down should have an empty or invalid selection as the default
  • [PHPBB3-9559] - Messenger Queue Batch Size configuration option is overridden
  • [PHPBB3-9567] - Newly registered users group ACP wording
  • [PHPBB3-9582] - Missing MSSQL native driver case statements
  • [PHPBB3-9587] - Prosilver overrides reCaptcha class.
  • [PHPBB3-9592] - Test suite does not run on SQLite
  • [PHPBB3-9593] - Missing documentation for running unit tests
  • [PHPBB3-9599] - Windows workaround for checkdnsrr() returns wrong results
  • [PHPBB3-9605] - Wrong class added to topiclist, when there's no announcement topic.
  • [PHPBB3-9615] - When attaching a file whose name contains quotes, filename before last quote is cut off in display
  • [PHPBB3-9623] - Strings not properly normalized - acp_prune.php
  • [PHPBB3-9626] - Regular expressions from get_preg_expression() are untested.
  • [PHPBB3-9628] - Add module function does not correctly insert a module after the specified one
  • [PHPBB3-9633] - Newly registered users group color is not used in Our Newest Member
  • [PHPBB3-9635] - Useless parameter $data['post_time'] in function submit_post.
  • [PHPBB3-9637] - SET NAMES 'BINARY' error in convertor
  • [PHPBB3-9643] - DB connection error when $dbhost is an IPv6 address
  • [PHPBB3-9644] - submit_post shows support for options that cause a trigger_error in the call to user_notification
  • [PHPBB3-9646] - Cant hide/outcomment @import in stylesheet.css
  • [PHPBB3-9650] - It should not be possible to ban Anonymous
  • [PHPBB3-9653] - xhtml errors in subsilver2 when using the bbcodes code and quote in signatures
  • [PHPBB3-9655] - Selecting an unavailable captcha plugin looks like a successful action
  • [PHPBB3-9656] - PHP Information in ACP always lists error_reporting as 0
  • [PHPBB3-9658] - Optimize topic splitting
  • [PHPBB3-9662] - Search interval applied inconsistently
  • [PHPBB3-9664] - Another duplicate accesskey: t = top and list item
  • [PHPBB3-9665] - Signature "0" cannot be previewed
  • [PHPBB3-9677] - Subsilver2 is missing the bbcode-helpline for inline-attachments.
  • [PHPBB3-9678] - Flash attachments are not displayed in subsilver2.
  • [PHPBB3-9679] - "Notify User" checkbox appears in MCP Queue even if no notification methods are enabled
  • [PHPBB3-9686] - Unable to create data backup using the mssqlnative DBAL
  • [PHPBB3-9694] - Calling download/file.php with empty avatar parameter can throw an E_NOTICE message
  • [PHPBB3-9695] - Bad Display of User Input - mcp_ban
  • [PHPBB3-9696] - Installation of phpBB with SQLite fails
  • [PHPBB3-9697] - Backlink broken when the select parent forum does not exist.
  • [PHPBB3-9698] - Returning result of new by reference is deprecated in php 5.3
  • [PHPBB3-9702] - "Ban until (date)" appears to be based on UTC time instead of local time
  • [PHPBB3-9703] - Removing a user does not remove their private message folders or rules
  • [PHPBB3-9704] - Coding guidelines typo
  • [PHPBB3-9712] - Future dates display as "less than one minute ago"
  • [PHPBB3-9714] - "Undefined variable: email" in email regular expression unit tests
  • [PHPBB3-9715] - Fix email address regular expression or adjust email regular expression unit tests
  • [PHPBB3-9722] - "New Topic" button title attribute mismatch in prosilver's viewforum
  • [PHPBB3-9727] - Feed replaces ./ with board URL
  • [PHPBB3-9743] - Fix background-position of top2-class in prosilver for RTL-languages.
  • [PHPBB3-9744] - Mistyped word 'then' in FAQ. It should be 'than'.
  • [PHPBB3-9748] - not being replaced in prepare_message
  • [PHPBB3-9749] - fulltext_mysql.php overreacts on + and - characters in search words
  • [PHPBB3-9752] - Misleading text when using Q&A CAPTCHA
  • [PHPBB3-9754] - Template variable S_USER_POSTED always set to false in search.php
  • [PHPBB3-9757] - Empty template variable HISTORY_TITLE in ucp_pm_history
  • [PHPBB3-9760] - Fulltext native search, wildcarddoes not get escaped leading to long execution time
  • [PHPBB3-9761] - Quote nesting depth explanation is misleading
  • [PHPBB3-9771] - build_url() doesn't ignore empty parameters
  • [PHPBB3-9772] - Under some circumstances, email addresses are shown to undesired users
  • [PHPBB3-9780] - gen_rand_string() not respecting $num_chars parameter anymore.
  • [PHPBB3-9782] - Board disable radio in Board-Settings set on when server load high
  • [PHPBB3-9793] - Undefined function send_status_line() in download/file.php when in avatar mode.
  • [PHPBB3-9807] - Avatar tab displays when avatars are disabled
  • [PHPBB3-9810] - Clicking on "Select All" of code tag on print page results in a javascript error when using prosilver
  • [PHPBB3-9820] - Fix undefined indexes when trying to post a new topic
  • [PHPBB3-9822] - Can not delete style-components from the file-system as per explanation.
  • [PHPBB3-9829] - Recaptcha plugin result interpretation fault
  • [PHPBB3-9835] - Login Confirm Explain Not Working
  • [PHPBB3-9840] - Display view unread posts link for guests
  • [PHPBB3-9841] - Change "Save" button to "Save draft"
  • [PHPBB3-9847] - Language typo and written form (British/American)
  • [PHPBB3-9854] - Auth API documentation is incomplete
  • [PHPBB3-9855] - Tests don't run on PHPUnit 3.5
  • [PHPBB3-9879] - captcha_qa.php spelling, punctuation and grammar errors
  • [PHPBB3-9883] - CAPTCHA uses american english
  • [PHPBB3-9884] - Massive email delays
  • [PHPBB3-9885] - Default file extension groups not properly updated by database updater.
  • [PHPBB3-9886] - Database updater does not run on PostgreSQL because of an error in _add_module()
  • [PHPBB3-9888] - Update fails when Bing [Bot] was already added to the users table
  • [PHPBB3-9891] - Updater drops language-selection after database-update
  • [PHPBB3-9509] - phpBB Coding Guidelines state subversion as the version control system for phpBB
  • Improvement:
  • [PHPBB3-7332] - MCP post details usability
  • [PHPBB3-7717] - Use user's language for standard-extensions-group name
  • [PHPBB3-8709] - Multibyte keys in request_var not possible
  • [PHPBB3-8936] - subsilver2 missing reply-to-all feature
  • [PHPBB3-9088] - Add missing semicolons in js files
  • [PHPBB3-9179] - improve quasi-documentation of notify_status values
  • [PHPBB3-9503] - Posts with empty titles in moderation queue are not easily approved
  • [PHPBB3-9534] - user_ipwhois() does not support IPv6 addresses
  • [PHPBB3-9536] - Small improvement for query against sessions table in acp_users.php
  • [PHPBB3-9553] - Make git hooks run with /bin/sh instead of bash
  • [PHPBB3-9570] - Change "system timezone" to "guest timezone" in acp, add explanation
  • [PHPBB3-9578] - ACP Posting tab is missing "Post settings" module.
  • [PHPBB3-9589] - Sample nginx configuration file
  • [PHPBB3-9595] - Search settings in ACP: Add information on minimum word size indexed when using Fulltext MySQL backend
  • [PHPBB3-9598] - Call checkdnsrr() on Windows with PHP 5.3
  • [PHPBB3-9609] - Use send_status_line instead of calling header
  • [PHPBB3-9611] - Increase entropy in activation keys
  • [PHPBB3-9612] - Split gen_rand_string() into gen_rand_string() and gen_rand_string_friendly()
  • [PHPBB3-9629] - sid parameter forced for style.php makes caching difficult
  • [PHPBB3-9659] - Default phpBB signature user_options need to be set for convertors
  • [PHPBB3-9690] - MSN Bot will become Bing Bot
  • [PHPBB3-9777] - Print useful error message in pre-commit hook when php is not installed.
  • [PHPBB3-9785] - Not able to recover a password when board disabled
  • [PHPBB3-9825] - Run tests on sqlite if available and no test db configured
  • [PHPBB3-9827] - IE9 Beta fixes IE8 textarea bug
  • [PHPBB3-9830] - Awkward message when config.php is missing
  • [PHPBB3-9850] - Allow version checker to display information on multiple releases
  • [PHPBB3-9853] - Change default reCAPTCHA theme in Prosilver & Subsilver2 to better coordinate with style color scheme
  • [PHPBB3-9880] - Rename all mentions of CAPTCHA or visual confirmation to anti-bot
  • [PHPBB3-9899] - Change the style in the ACP for the recaptcha to match that displayed on prosilver
  • New Feature:
  • [PHPBB3-9039] - Native SQL Server Support mssqlnative.php
  • [PHPBB3-9511] - View note for moderators on unapproved posts/topics with unapproved posts in ATOM Feed.
  • Task:
  • [PHPBB3-9520] - Add web.config files for IIS
  • [PHPBB3-9625] - Update database UNIT-test
  • [PHPBB3-9701] - Enable notices in unit tests
  • [PHPBB3-9768] - Create git commit-msg hook that verifies the commit message conforms to our standards
  • [PHPBB3-9769] - Add install and uninstall scripts for the git hooks
  • [PHPBB3-9770] - Git commit message should be prefilled with branch and ticket information
  • [PHPBB3-9800] - Update tracker URL in docs/./../support/documents.php?mode=readme&version=3
  • [PHPBB3-9804] - Update docs/AUTHORS (DavidMJ & igorw)
  • [PHPBB3-9808] - Git commit message hook depends on GNU wc
  • [PHPBB3-9816] - Remove config.php from git repository
  • [PHPBB3-9848] - Add phpBB data files to .gitignore.
  • [PHPBB3-9849] - Create build script using phing
  • [PHPBB3-9857] - Remove visible $Id: ./../support/documents.php?mode=changelog&version=3 10873 2010-11-20 17:15:18Z git-gate $ from docs files.
  • [PHPBB3-9868] - Make the test suite run and pass using the mssqlnative driver
  • [PHPBB3-9904] - Update WebPI Parameters.xml
  • Sub-task:
  • [PHPBB3-9517] - Remote avatar upload does not check the filesize before and during transfer.
  • [PHPBB3-9562] - Advanced Search is inaccessible using the mssqlnative DBAL
  • [PHPBB3-9564] - Reported messages are not assigned the default report reason when a reason is removed from the ACP using the mssqlnative DBAL
  • [PHPBB3-9565] - It is impossible to create a custom profile field using the mssqlnative DBAL
  • [PHPBB3-9566] - Two debug notices are displayed when setting a custom profile field though the UCP using the mssqlnative DBAL
  • [PHPBB3-9583] - MSSQL native backups cannot be restored
  • [PHPBB3-9606] - Drop redundant SQL query for unreads fetching
  • [PHPBB3-9613] - Implement a load switch for unreads search feature.
  • [PHPBB3-9817] - Make build script create blank config.php

New in phpBB 3.0.7-PL1 (Mar 9, 2010)

  • We are sorry to announce the immediate release of phpBB 3.0.7-PL1 to address a security issue which was introduced in 3.0.7, unfortunately the issue wasn't noticed during testing and has only surfaced a week after the release of 3.0.7.
  • We promised working feeds for phpBB 3.0.7. Sadly, we were not able to deliver on that promise - a critical bug in the permission handling for feeds slipped past. To all people who already have updated to 3.0.7, it is of critical importance to update to 3.0.7-PL1. Otherwise, it is possible for users to bypass permission settings under the following circumstances:
  • Feeds are enabled
  • Any of the posts or topics feeds are enabled
  • The unauthorised user - or one of the groups they are a member of - have forum permissions set on a private forum
  • If you have excluded a forum from the list of forums that provide feeds, it is unaffected
  • Note: We recommend the use of a regular update routine over manually editing your files. If you manually edit your files your board will not recognise the update.
  • There were no other changes, in particular neither style nor language changes.

New in phpBB 3.0.6 (Nov 18, 2009)

  • Better captcha options and backported 3.2 captcha plugins:
  • Classic and GD CAPTCHA
  • reCaptcha (based on API from recaptcha.net by Mike Crawford and Ben Maurer)
  • Q&A CAPTCHA
  • 3D Wave (by Robert "Xore" Hetzler)
  • Introduced new ACM (Cache) plugins. (Please consult our support forums for help if you need to use one of the new ACM plugins)
  • null (to disable caching completely)
  • memcache
  • APC
  • XCache
  • eAccelerator
  • ATOM Feeds
  • Bare-bones Quick Reply editor in viewtopic
  • Users can report PMs to moderators which are then visible in a new MCP module
  • Ability to copy permissions from one forum to several other forums.
  • Send anonymous statistical information to phpBB on installation and update (optional)

New in phpBB 3.0.5 (Jun 1, 2009)

  • Added and refined CAPTCHA options to better protect against new version of CAPTCHA crackers.
  • Added an option to the registration screen to allow users to refresh the displayed CAPTCHA.
  • Performance improvements for native fulltext search.
  • Added a new search option. The admin can define the maximum number of words allowed to search for. This option gives control about the maximum search load.
  • Search indexing should no longer stall for some installations.
  • Conflicting files are able to be downloaded now within the automatic updater for manual inspection.
  • The database updater now checks for an incompatible database schema in case the database version got updated. The admin will be notified about possible solutions and repair scripts.
  • We now set the connection encoding for MySQL versions 4.1.0 to 4.1.2. This may fix some conversion issues with special characters.
  • Language pack authors now see errors/notices within their language pack if they enabled DEBUG_EXTRA.
  • Flash files now display again after update to flash player 10.

New in phpBB 3.0.4 (Dec 16, 2008)

  • [Fix] Allow mixed-case template directories to be inherited (Bug #36725)
  • [Fix] Regression bug from revision #8908 regarding log display in ACP
  • [Fix] Allow the UCP group management to work for groups with avatars. (Bug #37375)
  • [Fix] Fix header list build for replying oldest PM in PM history (Bug #37275)
  • [Fix] Do not display COPPA group in memberlist find member dialog if COPPA disabled (Bug #37175)
  • [Fix] Do not try to send jabber notifications if no jid entered (Bug #36775)
  • [Fix] Only display special ranks to guests; no longer display normal ranks for guests (Bug #36735)
  • [Fix] Properly treat punctuation marks after local urls (Bug #37055)
  • [Fix] Make searching for members by YIM address work in prosilver
  • [Fix] Tell users to recreate the search index after changing the common word threshold for fulltext_native (Bug #36345)
  • [Fix] Adjusted phpbb_chmod() to always set permissions for group bit.
  • [Fix] Do not increment users post count after post approval if post had been posted in a forum with no post count increasing set (Bug #37865)
  • [Fix] Extend vertical line for last post column if no posts in forum (Bug #37125)
  • [Fix] correctly update last topic/forum information if changing guest usernames through editing posts (Bug #38095)
  • [Fix] fix postcount resync for situations where low and high post ids are higher than step value, resulting in users having 0 posts. (Bug #38195)
  • [Fix] Use a left join for the topics table on search to avoid trouble with FROM syntax on some databases (Bug #37005)
  • [Fix] Do not show 'Forward' button if the user cannot send PM's
  • [Change] Alllow applications to set custom module inclusion path (idea by HoL)
  • [Change] Handle checking for duplicate usernames in chunks (Bug #17285 - Patch by A_Jelly_Doughnut)
  • [Change] Better handling and finer control for custom profile fields visibility options. (Patch by Highway of Life)
  • [Change] Performance increase for format_date() (Bug #37575 - Patch by BartVB)
  • [Change] Changed prosilver date separator from 'on' to '»'
  • [Change] Performance increase for get_username_string() (Bug #37545 - Patch by BartVB)
  • [Change] Slight performance increase for common parameter calls to append_sid() (Bug #37555 - Patch by BartVB)
  • [Feature] Added 'AGO' setting to relative date strings. For example: posted 14 minutes ago. (Patch by BartVB)
  • [Sec] Fixed an issue where deactivated accounts could be re-activated without the required privileges. (Reported by Jorick)
  • [Sec] Ask for forum password if post within passworded forum quoted in private message. (Reported by nickvergessen)

New in phpBB 3.0.3 (Nov 13, 2008)

  • Fixed:
  • Correctly set topic starter if first post in topic removed
  • Added VST - Venezuela Standard Time
  • Close DB connections in file.php.
  • Correctly return results for nested cached queries
  • Allow export of PM pages greater one. (#33155)
  • Display coloured username of last poster in list of subscribed forums (prosilver).
  • Do not jump back to page 1 when hiding member search in memberlist.
  • Correctly limit input of the users location to 100 characters in the UCP and ACP.
  • Sync reports when using the move all users posts tool in the ACP.
  • Remove reported flag from shadow topics when closing reports.
  • Do not show non indexed forums on the search page if they contain no subforums.
  • Stop search bots incrementing topic views.
  • Use correct link for post author search.
  • Do not decrease topics counter when deleting shadow topics.
  • Send localised disapproval reasons in the recipients local language.
  • Do not display reported topic icon for shadow topics.
  • Expand shown ban reason in unban screen to fully show long entries.
  • Preserve alpha transparency for created thumbnails.
  • Use correct port delimiter for MSSQL connections in windows.
  • Do not allow setting forums parent to the forum itself.
  • Display assigned rank/avatar for guests.
  • Set secure cookie for style switcher if required.
  • Fix native full text search on postgresql while using excluding keyword matches.
  • Pass S_SEARCH_ACTION through append_sid() in search.php.
  • Correctly handle unread status of subforums (that are not shown on the index) of forums that are shown on the index.
  • Stop users from deleting posts after the edit time has passed or they have been locked.
  • Split posts target forum requires 'f_post' now instead of 'm_split'.
  • Use a distinct log message for shadow topic deletions to differentiate between normal topic deletions.
  • Fix problems with styles using an underscore within the filename.
  • Better return links when deleting topics through the MCP.
  • Add quoting support to PM history when composing a reply.
  • Use phpBB 3.1.x method for storing cached data to prevent PHP bug with our usage of var_export(). (Thanks to Techie-Micheal and HoL for pointing out possible problems)
  • Check users pm preferences for pm's sent to groups.
  • Do not allow password reminders if u_passchg permission is not given.
  • Implemented strict check for cached user permissions and existing ACL options. This fix makes sure cached permissions are valid, even if they got already cached.
  • Do not show link to user/group profiles if user has no permission to view the linked page and gets a denied message anyway.
  • Do not display last post link and sort display options for search engines.
  • Make sure users still get notifications if they set to only be notified by Jabber, but Jabber service disabled.
  • Don't show forum subscription link on categories.
  • Display a message if no topics or forums are selected when unsubscribing.
  • Mark/unmark all links in UCP now select/unselect both subscribed topics and forums.
  • Increase board topic counter when splitting topics.
  • Display profile icons when viewing a topic, or PM when only the jabber icon is to be visible.
  • Do not send PMs with warnings if the user cannot read PMs or they are disabled.
  • Correctly convert Niels' Birthday MOD to the date format used in phpBB3.
  • Parse BBCode lists of type square, circle and disc.
  • Round the displayed percentages in polls.
  • Disable mass e-mail when e-mail is disabled.
  • Display coloured poster username of queued posts displayed on the front of the MCP.
  • Moderators can only see reports/queue/logs from forums they can actually read.
  • Correctly display topic when start parameter is equal to the number of posts.
  • Correctly display topic in MCP when start parameter is equal to or greater than the number of posts.
  • Changed:
  • No longer allow the direct use of MULTI_INSERT in sql_build_array. sql_multi_insert() must be used.
  • Display warning in ACP if config.php file is left writable.
  • More restrictive chmod to new files being created. (phpbb_chmod() function mostly by faw)
  • Set headers to allow browsers to better cache attachments (Mylek pointed this out)
  • Hide parameters if they equal the default in viewforum/viewtopic
  • Various improvements to group listings
  • Set headers for IE 8 in file.php
  • Do not count queued posts to user_posts.
  • Allow setting birth year to current year.
  • Do not use the topics posted table when performing an egosearch.
  • Log the forum name that topics are moved into.
  • Automatically add users/groups to the PM recipient list, if entered or selected.
  • Reply to PM now includes all previous recipients and not only the original sender.
  • Make topic selection for merge less confusing by removing unneeded controls.
  • MCP topic view checkboxes now default to unchecked.
  • Adjust language key "SPLIT_AFTER" to make the action clearer.
  • Add links to the post and forum when viewing a report from the MCP.
  • Remove NUL-Bytes directly in request_var() for strings and within the custom DBAL sql_escape() functions (MSSQL, Firebird, Oracle) (reported by AdhostMikeSw)
  • Feature:
  • Allow limited inheritance for template sets.
  • Allow hard disabling of the template editor.
  • Allow setting custom language path through $user->set_custom_lang_path(). $user->lang_path now also do not include the user language, but only the path.
  • Ability to define nullar/singular/plural language entries
  • Ability to mimic sprintf() calls with $user->lang() with the ability to correctly assign nullar/singular/plural language entries.
  • Added the possibility to force user posts put in queue if post count is lower than an admin defined value. Guest posting is not affected by this setting.
  • Added 'max_recipients' setting for private messages. This setting allows admins to define the maximum number of recipients per private message with a board-wide setting and a group-specific setting.
  • Added new permission setting for sending private messages to groups. Now there are two permissions to define sending private messages to multiple recipients and private messages to groups.
  • Allow specific connection to different server for jabber functionality by providing a valid JID as username. This also allows the use of talk.google.com as jabber server with gmail.com JIDs.
  • Sec Precaution:
  • Stricter validation of the HTTP_HOST header (Thanks to Techie-Micheal et al for pointing out possible issues in derived code)