3 files changed, 52 insertions, 3 deletions
diff --git a/phpBB/phpbb/cache/driver/file.php b/phpBB/phpbb/cache/driver/file.php
index fd5bce4515..9a7c4aec7f 100644
--- a/phpBB/phpbb/cache/driver/file.php
+++ b/phpBB/phpbb/cache/driver/file.php
@@ -279,6 +279,7 @@ class file extends \phpbb\cache\driver\base
 		if ($var_name[0] == '_')
 		{
 			global $phpEx;
+			$var_name = $this->clean_varname($var_name);
 			return file_exists($this->cache_dir . 'data' . $var_name . ".$phpEx");
 		}
 		else
@@ -334,6 +335,7 @@ class file extends \phpbb\cache\driver\base
 	{
 		global $phpEx;
 
+		$filename = $this->clean_varname($filename);
 		$file = "{$this->cache_dir}$filename.$phpEx";
 
 		$type = substr($filename, 0, strpos($filename, '_'));
@@ -516,6 +518,7 @@ class file extends \phpbb\cache\driver\base
 	{
 		global $phpEx;
 
+		$filename = $this->clean_varname($filename);
 		$file = "{$this->cache_dir}$filename.$phpEx";
 
 		$lock = new \phpbb\lock\flock($file);
@@ -584,4 +587,15 @@ class file extends \phpbb\cache\driver\base
 
 		return $return_value;
 	}
+
+	/**
+	* Replace slashes in the file name
+	*
+	* @param string $varname name of a cache variable
+	* @return string $varname name that is safe to use as a filename
+	*/
+	protected function clean_varname($varname)
+	{
+		return str_replace('/', '-', $varname);
+	}
 }
diff --git a/phpBB/phpbb/content_visibility.php b/phpBB/phpbb/content_visibility.php
index 02338a5c2f..700009da6a 100644
--- a/phpBB/phpbb/content_visibility.php
+++ b/phpBB/phpbb/content_visibility.php
@@ -143,12 +143,43 @@ class content_visibility
 	*/
 	public function get_visibility_sql($mode, $forum_id, $table_alias = '')
 	{
+		$where_sql = '';
+
+		$get_visibility_sql_overwrite = false;
+
+		/**
+		* Allow changing the result of calling get_visibility_sql
+		*
+		* @event core.phpbb_content_visibility_get_visibility_sql_before
+		* @var	string		where_sql						Extra visibility conditions. It must end with either an SQL "AND" or an "OR"
+		* @var	string		mode							Either "topic" or "post" depending on the query this is being used in
+		* @var	array		forum_id						The forum id in which the search is made.
+		* @var	string		table_alias						Table alias to prefix in SQL queries
+		* @var	mixed		get_visibility_sql_overwrite	If a string, forces the function to return get_forums_visibility_sql_overwrite after executing the event
+		* 													If false, get_visibility_sql continues normally
+		* 													It must be either boolean or string
+		* @since 3.1.4-RC1
+		*/
+		$vars = array(
+			'where_sql',
+			'mode',
+			'forum_id',
+			'table_alias',
+			'get_visibility_sql_overwrite',
+		);
+		extract($this->phpbb_dispatcher->trigger_event('core.phpbb_content_visibility_get_visibility_sql_before', compact($vars)));
+
+		if ($get_visibility_sql_overwrite !== false)
+		{
+			return $get_visibility_sql_overwrite;
+		}
+
 		if ($this->auth->acl_get('m_approve', $forum_id))
 		{
-			return '1 = 1';
+			return $where_sql . '1 = 1';
 		}
 
-		return $table_alias . $mode . '_visibility = ' . ITEM_APPROVED;
+		return $where_sql . $table_alias . $mode . '_visibility = ' . ITEM_APPROVED;
 	}
 
 	/**
diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php
index 0a6a18ffbe..bedd581725 100644
--- a/phpBB/phpbb/session.php
+++ b/phpBB/phpbb/session.php
@@ -130,6 +130,10 @@ class session
 		$script_path .= (substr($script_path, -1, 1) == '/') ? '' : '/';
 		$root_script_path .= (substr($root_script_path, -1, 1) == '/') ? '' : '/';
 
+		$forum_id = $request->variable('f', 0);
+		// maximum forum id value is maximum value of mediumint unsigned column
+		$forum_id = ($forum_id > 0 && $forum_id < 16777215) ? $forum_id : 0;
+
 		$page_array += array(
 			'page_name'			=> $page_name,
 			'page_dir'			=> $page_dir,
@@ -139,7 +143,7 @@ class session
 			'root_script_path'	=> str_replace(' ', '%20', htmlspecialchars($root_script_path)),
 
 			'page'				=> $page,
-			'forum'				=> request_var('f', 0),
+			'forum'				=> $forum_id,
 		);
 
 		return $page_array;