1 files changed, 92 insertions, 45 deletions
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index df613682a7..1a3560dbb1 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -31,7 +31,7 @@ function phpbb_load_extensions_autoloaders($phpbb_root_path)
 		new \phpbb\recursive_dot_prefix_filter_iterator(
 			new \RecursiveDirectoryIterator(
 				$phpbb_root_path . 'ext/',
-				\FilesystemIterator::SKIP_DOTS
+				\FilesystemIterator::SKIP_DOTS | \FilesystemIterator::FOLLOW_SYMLINKS
 			)
 		),
 		\RecursiveIteratorIterator::SELF_FIRST
@@ -937,14 +937,20 @@ function style_select($default = '', $all = false)
 * Format the timezone offset with hours and minutes
 *
 * @param	int		$tz_offset	Timezone offset in seconds
+* @param	bool	$show_null	Whether null offsets should be shown
 * @return	string		Normalized offset string:	-7200 => -02:00
 *													16200 => +04:30
 */
-function phpbb_format_timezone_offset($tz_offset)
+function phpbb_format_timezone_offset($tz_offset, $show_null = false)
 {
 	$sign = ($tz_offset < 0) ? '-' : '+';
 	$time_offset = abs($tz_offset);
 
+	if ($time_offset == 0 && $show_null == false)
+	{
+		return '';
+	}
+
 	$offset_seconds	= $time_offset % 3600;
 	$offset_minutes	= $offset_seconds / 60;
 	$offset_hours	= ($time_offset - $offset_seconds) / 3600;
@@ -1040,13 +1046,14 @@ function phpbb_get_timezone_identifiers($selected_timezone)
 /**
 * Options to pick a timezone and date/time
 *
+* @param	\phpbb\template\template $template	phpBB template object
 * @param	\phpbb\user	$user				Object of the current user
 * @param	string		$default			A timezone to select
 * @param	boolean		$truncate			Shall we truncate the options text
 *
-* @return		array		Returns an array, also containing the options for the time selector.
+* @return		array		Returns an array containing the options for the time selector.
 */
-function phpbb_timezone_select($user, $default = '', $truncate = false)
+function phpbb_timezone_select($template, $user, $default = '', $truncate = false)
 {
 	static $timezones;
 
@@ -1062,15 +1069,15 @@ function phpbb_timezone_select($user, $default = '', $truncate = false)
 			$dt = $user->create_datetime('now', $tz);
 			$offset = $dt->getOffset();
 			$current_time = $dt->format($user->lang['DATETIME_FORMAT'], true);
-			$offset_string = phpbb_format_timezone_offset($offset);
-			$timezones['GMT' . $offset_string . ' - ' . $timezone] = array(
+			$offset_string = phpbb_format_timezone_offset($offset, true);
+			$timezones['UTC' . $offset_string . ' - ' . $timezone] = array(
 				'tz'		=> $timezone,
-				'offset'	=> 'GMT' . $offset_string,
+				'offset'	=> $offset_string,
 				'current'	=> $current_time,
 			);
 			if ($timezone === $default)
 			{
-				$default_offset = 'GMT' . $offset_string;
+				$default_offset = 'UTC' . $offset_string;
 			}
 		}
 		unset($unsorted_timezones);
@@ -1078,18 +1085,27 @@ function phpbb_timezone_select($user, $default = '', $truncate = false)
 		uksort($timezones, 'phpbb_tz_select_compare');
 	}
 
-	$tz_select = $tz_dates = $opt_group = '';
+	$tz_select = $opt_group = '';
 
-	foreach ($timezones as $timezone)
+	foreach ($timezones as $key => $timezone)
 	{
 		if ($opt_group != $timezone['offset'])
 		{
+			// Generate tz_select for backwards compatibility
 			$tz_select .= ($opt_group) ? '</optgroup>' : '';
-			$tz_select .= '<optgroup label="' . $timezone['offset'] . ' - ' . $timezone['current'] . '">';
+			$tz_select .= '<optgroup label="' . $user->lang(array('timezones', 'UTC_OFFSET_CURRENT'), $timezone['offset'], $timezone['current']) . '">';
 			$opt_group = $timezone['offset'];
+			$template->assign_block_vars('timezone_select', array(
+				'LABEL'		=> $user->lang(array('timezones', 'UTC_OFFSET_CURRENT'), $timezone['offset'], $timezone['current']),
+				'VALUE'		=> $key . ' - ' . $timezone['current'],
+			));
 
-			$selected = ($default_offset == $timezone['offset']) ? ' selected="selected"' : '';
-			$tz_dates .= '<option value="' . $timezone['offset'] . ' - ' . $timezone['current'] . '"' . $selected . '>' . $timezone['offset'] . ' - ' . $timezone['current'] . '</option>';
+			$selected = (!empty($default_offset) && strpos($key, $default_offset) !== false) ? ' selected="selected"' : '';
+			$template->assign_block_vars('timezone_date', array(
+				'VALUE'		=> $key . ' - ' . $timezone['current'],
+				'SELECTED'	=> !empty($selected),
+				'TITLE'		=> $user->lang(array('timezones', 'UTC_OFFSET_CURRENT'), $timezone['offset'], $timezone['current']),
+			));
 		}
 
 		$label = $timezone['tz'];
@@ -1097,22 +1113,26 @@ function phpbb_timezone_select($user, $default = '', $truncate = false)
 		{
 			$label = $user->lang['timezones'][$label];
 		}
-		$title = $timezone['offset'] . ' - ' . $label;
+		$title = $user->lang(array('timezones', 'UTC_OFFSET_CURRENT'), $timezone['offset'], $label);
 
 		if ($truncate)
 		{
 			$label = truncate_string($label, 50, 255, false, '...');
 		}
 
+		// Also generate timezone_select for backwards compatibility
 		$selected = ($timezone['tz'] === $default) ? ' selected="selected"' : '';
 		$tz_select .= '<option title="' . $title . '" value="' . $timezone['tz'] . '"' . $selected . '>' . $label . '</option>';
+		$template->assign_block_vars('timezone_select.timezone_options', array(
+			'TITLE'			=> $title,
+			'VALUE'			=> $timezone['tz'],
+			'SELECTED'		=> !empty($selected),
+			'LABEL'			=> $label,
+		));
 	}
 	$tz_select .= '</optgroup>';
 
-	return array(
-		'tz_select'		=> $tz_select,
-		'tz_dates'		=> $tz_dates,
-	);
+	return $tz_select;
 }
 
 // Functions handling topic/post tracking/marking
@@ -1989,6 +2009,9 @@ function tracking_unserialize($string, $max_depth = 3)
 * @param mixed $params String or array of additional url parameters
 * @param bool $is_amp Is url using &amp; (true) or & (false)
 * @param string $session_id Possibility to use a custom session id instead of the global one
+* @param bool $is_route Is url generated by a route.
+*
+* @return string The corrected url.
 *
 * Examples:
 * <code>
@@ -1999,7 +2022,7 @@ function tracking_unserialize($string, $max_depth = 3)
 * </code>
 *
 */
-function append_sid($url, $params = false, $is_amp = true, $session_id = false)
+function append_sid($url, $params = false, $is_amp = true, $session_id = false, $is_route = false)
 {
 	global $_SID, $_EXTRA_URL, $phpbb_hook, $phpbb_path_helper;
 	global $phpbb_dispatcher;
@@ -2011,7 +2034,7 @@ function append_sid($url, $params = false, $is_amp = true, $session_id = false)
 	}
 
 	// Update the root path with the correct relative web path
-	if ($phpbb_path_helper instanceof \phpbb\path_helper)
+	if (!$is_route && $phpbb_path_helper instanceof \phpbb\path_helper)
 	{
 		$url = $phpbb_path_helper->update_web_root_path($url);
 	}
@@ -2037,9 +2060,10 @@ function append_sid($url, $params = false, $is_amp = true, $session_id = false)
 	*											the global one (false)
 	* @var	bool|string	append_sid_overwrite	Overwrite function (string
 	*											URL) or not (false)
+	* @var	bool	is_route					Is url generated by a route.
 	* @since 3.1.0-a1
 	*/
-	$vars = array('url', 'params', 'is_amp', 'session_id', 'append_sid_overwrite');
+	$vars = array('url', 'params', 'is_amp', 'session_id', 'append_sid_overwrite', 'is_route');
 	extract($phpbb_dispatcher->trigger_event('core.append_sid', compact($vars)));
 
 	if ($append_sid_overwrite)
@@ -2576,15 +2600,17 @@ function add_form_key($form_name)
 }
 
 /**
-* Check the form key. Required for all altering actions not secured by confirm_box
-* @param string  $form_name The name of the form; has to match the name used in add_form_key, otherwise no restrictions apply
-* @param int $timespan The maximum acceptable age for a submitted form in seconds. Defaults to the config setting.
-* @param string $return_page The address for the return link
-* @param bool $trigger If true, the function will triger an error when encountering an invalid form
-*/
-function check_form_key($form_name, $timespan = false, $return_page = '', $trigger = false)
+ * Check the form key. Required for all altering actions not secured by confirm_box
+ *
+ * @param	string	$form_name	The name of the form; has to match the name used
+ *								in add_form_key, otherwise no restrictions apply
+ * @param	int		$timespan	The maximum acceptable age for a submitted form
+ *								in seconds. Defaults to the config setting.
+ * @return	bool	True, if the form key was valid, false otherwise
+ */
+function check_form_key($form_name, $timespan = false)
 {
-	global $config, $user;
+	global $config, $request, $user;
 
 	if ($timespan === false)
 	{
@@ -2592,10 +2618,10 @@ function check_form_key($form_name, $timespan = false, $return_page = '', $trigg
 		$timespan = ($config['form_token_lifetime'] == -1) ? -1 : max(30, $config['form_token_lifetime']);
 	}
 
-	if (isset($_POST['creation_time']) && isset($_POST['form_token']))
+	if ($request->is_set_post('creation_time') && $request->is_set_post('form_token'))
 	{
-		$creation_time	= abs(request_var('creation_time', 0));
-		$token = request_var('form_token', '');
+		$creation_time	= abs($request->variable('creation_time', 0));
+		$token = $request->variable('form_token', '');
 
 		$diff = time() - $creation_time;
 
@@ -2612,11 +2638,6 @@ function check_form_key($form_name, $timespan = false, $return_page = '', $trigg
 		}
 	}
 
-	if ($trigger)
-	{
-		trigger_error($user->lang['FORM_INVALID'] . $return_page);
-	}
-
 	return false;
 }
 
@@ -2747,7 +2768,7 @@ function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_bo
 function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = false, $s_display = true)
 {
 	global $db, $user, $template, $auth, $phpEx, $phpbb_root_path, $config;
-	global $request, $phpbb_container;
+	global $request, $phpbb_container, $phpbb_dispatcher;
 
 	$err = '';
 
@@ -2832,8 +2853,18 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
 		if ($result['status'] == LOGIN_SUCCESS)
 		{
 			$redirect = request_var('redirect', "{$phpbb_root_path}index.$phpEx");
-			$message = ($l_success) ? $l_success : $user->lang['LOGIN_REDIRECT'];
-			$l_redirect = ($admin) ? $user->lang['PROCEED_TO_ACP'] : (($redirect === "{$phpbb_root_path}index.$phpEx" || $redirect === "index.$phpEx") ? $user->lang['RETURN_INDEX'] : $user->lang['RETURN_PAGE']);
+
+			/**
+			* This event allows an extension to modify the redirection when a user successfully logs in
+			*
+			* @event core.login_box_redirect
+			* @var  string	redirect	Redirect string
+			* @var	boolean	admin		Is admin?
+			* @var	bool	return		If true, do not redirect but return the sanitized URL.
+			* @since 3.1.0-RC5
+			*/
+			$vars = array('redirect', 'admin', 'return');
+			extract($phpbb_dispatcher->trigger_event('core.login_box_redirect', compact($vars)));
 
 			// append/replace SID (may change during the session for AOL users)
 			$redirect = reapply_sid($redirect);
@@ -3318,6 +3349,11 @@ function get_preg_expression($mode)
 		case 'table_prefix':
 			return '#^[a-zA-Z][a-zA-Z0-9_]*$#';
 		break;
+
+		// Matches the predecing dot
+		case 'path_remove_dot_trailing_slash':
+			return '#^(?:(\.)?)+(?:(.+)?)+(?:([\\/\\\])$)#';
+		break;
 	}
 
 	return '';
@@ -4899,7 +4935,7 @@ function page_header($page_title = '', $display_online_list = false, $item_id =
 	}
 
 	$dt = $user->create_datetime();
-	$timezone_offset = 'GMT' . phpbb_format_timezone_offset($dt->getOffset());
+	$timezone_offset = $user->lang(array('timezones', 'UTC_OFFSET'), phpbb_format_timezone_offset($dt->getOffset()));
 	$timezone_name = $user->timezone->getName();
 	if (isset($user->lang['timezones'][$timezone_name]))
 	{
@@ -5063,8 +5099,7 @@ function page_header($page_title = '', $display_online_list = false, $item_id =
 		// application/xhtml+xml not used because of IE
 		'Content-type' => 'text/html; charset=UTF-8',
 		'Cache-Control' => 'private, no-cache="set-cookie"',
-		'Expires' => '0',
-		'Pragma' => 'no-cache',
+		'Expires' => gmdate('D, d M Y H:i:s', time()) . ' GMT',
 	);
 	if (!empty($user->data['is_bot']))
 	{
@@ -5219,7 +5254,7 @@ function page_footer($run_cron = true, $display_template = true, $exit_handler =
 
 	// Call cron-type script
 	$call_cron = false;
-	if (!defined('IN_CRON') && !$config['use_system_cron'] && $run_cron && !$config['board_disable'] && !$user->data['is_bot'] && !$cache->get('cron.lock_check'))
+	if (!defined('IN_CRON') && !$config['use_system_cron'] && $run_cron && !$config['board_disable'] && !$user->data['is_bot'] && !$cache->get('_cron.lock_check'))
 	{
 		$call_cron = true;
 		$time_now = (!empty($user->time_now) && is_int($user->time_now)) ? $user->time_now : time();
@@ -5251,10 +5286,22 @@ function page_footer($run_cron = true, $display_template = true, $exit_handler =
 		}
 		else
 		{
-			$cache->put('cron.lock_check', true, 300);
+			$cache->put('_cron.lock_check', true, 60);
 		}
 	}
 
+	/**
+	* Execute code and/or modify output before displaying the template.
+	*
+	* @event core.page_footer_after
+	* @var	bool display_template	Whether or not to display the template
+	* @var	bool exit_handler		Whether or not to run the exit_handler()
+	*
+	* @since 3.1.0-RC5
+	*/
+	$vars = array('display_template', 'exit_handler');
+	extract($phpbb_dispatcher->trigger_event('core.page_footer_after', compact($vars)));
+
 	if ($display_template)
 	{
 		$template->display('body');