7 files changed, 364 insertions, 7 deletions
diff --git a/phpBB/phpbb/console/command/fixup/update_hashes.php b/phpBB/phpbb/console/command/fixup/update_hashes.php
new file mode 100644
index 0000000000..4bcc3b5d19
--- /dev/null
+++ b/phpBB/phpbb/console/command/fixup/update_hashes.php
@@ -0,0 +1,117 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+namespace phpbb\console\command\fixup;
+
+use Symfony\Component\Console\Input\InputInterface;
+use Symfony\Component\Console\Output\OutputInterface;
+use Symfony\Component\Console\Helper\ProgressBar;
+
+class update_hashes extends \phpbb\console\command\command
+{
+	/** @var \phpbb\config\config */
+	protected $config;
+
+	/** @var \phpbb\db\driver\driver_interface */
+	protected $db;
+
+	/** @var \phpbb\passwords\manager */
+	protected $passwords_manager;
+
+	/** @var string Default hashing type */
+	protected $default_type;
+
+	/**
+	 * Update_hashes constructor
+	 *
+	 * @param \phpbb\config\config $config
+	 * @param \phpbb\user $user
+	 * @param \phpbb\db\driver\driver_interface $db
+	 * @param \phpbb\passwords\manager $passwords_manager
+	 * @param array $hashing_algorithms Hashing driver
+	 *			service collection
+	 * @param array $defaults Default password types
+	 */
+	public function __construct(\phpbb\config\config $config, \phpbb\user $user,
+								\phpbb\db\driver\driver_interface $db, \phpbb\passwords\manager $passwords_manager,
+								$hashing_algorithms, $defaults)
+	{
+		$this->config = $config;
+		$this->db = $db;
+
+		$this->passwords_manager = $passwords_manager;
+
+		foreach ($defaults as $type)
+		{
+			if ($hashing_algorithms[$type]->is_supported())
+			{
+				$this->default_type = $type;
+				break;
+			}
+		}
+
+		parent::__construct($user);
+	}
+
+	/**
+	 * {@inheritdoc}
+	 */
+	protected function configure()
+	{
+		$this
+			->setName('fixup:update-hashes')
+			->setDescription($this->user->lang('CLI_DESCRIPTION_UPDATE_HASH_BCRYPT'))
+		;
+	}
+
+	/**
+	 * {@inheritdoc}
+	 */
+	protected function execute(InputInterface $input, OutputInterface $output)
+	{
+		// Get count to be able to display progress
+		$sql = 'SELECT COUNT(user_id) AS count
+				FROM ' . USERS_TABLE . '
+				WHERE user_password ' . $this->db->sql_like_expression('$H$' . $this->db->get_any_char()) . '
+					OR user_password ' . $this->db->sql_like_expression('$CP$' . $this->db->get_any_char());
+		$result = $this->db->sql_query($sql);
+		$total_update_passwords = $this->db->sql_fetchfield('count');
+		$this->db->sql_freeresult($result);
+
+		// Create progress bar
+		$progress_bar = new ProgressBar($output, $total_update_passwords);
+		$progress_bar->start();
+
+		$sql = 'SELECT user_id, user_password
+				FROM ' . USERS_TABLE . '
+				WHERE user_password ' . $this->db->sql_like_expression('$H$' . $this->db->get_any_char()) . '
+					OR user_password ' . $this->db->sql_like_expression('$CP$' . $this->db->get_any_char());
+		$result = $this->db->sql_query($sql);
+
+		while ($row = $this->db->sql_fetchrow($result))
+		{
+			$new_hash = $this->passwords_manager->hash($row['user_password'], array($this->default_type));
+
+			$sql = 'UPDATE ' . USERS_TABLE . '
+					SET user_password = "' . $this->db->sql_escape($new_hash) . '"
+					WHERE user_id = ' . (int) $row['user_id'];
+			$this->db->sql_query($sql);
+			$progress_bar->advance();
+		}
+
+		$this->config->set('update_hashes_last_cron', time());
+
+		$progress_bar->finish();
+
+		$output->writeln('<info>' . $this->user->lang('CLI_FIXUP_UPDATE_HASH_BCRYPT_SUCCESS') . '</info>');
+	}
+}
diff --git a/phpBB/phpbb/cron/task/core/update_hashes.php b/phpBB/phpbb/cron/task/core/update_hashes.php
new file mode 100644
index 0000000000..a4fe477d99
--- /dev/null
+++ b/phpBB/phpbb/cron/task/core/update_hashes.php
@@ -0,0 +1,130 @@
+<?php
+/**
+ *
+ * This file is part of the phpBB Forum Software package.
+ *
+ * @copyright (c) phpBB Limited <https://www.phpbb.com>
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
+
+namespace phpbb\cron\task\core;
+
+/**
+ * Update old hashes to the current default hashing algorithm
+ *
+ * It is intended to gradually update all "old" style hashes to the
+ * current default hashing algorithm.
+ */
+class update_hashes extends \phpbb\cron\task\base
+{
+	/** @var \phpbb\config\config */
+	protected $config;
+
+	/** @var \phpbb\db\driver\driver_interface */
+	protected $db;
+
+	/** @var \phpbb\lock\db */
+	protected $update_lock;
+
+	/** @var \phpbb\passwords\manager */
+	protected $passwords_manager;
+
+	/** @var string Default hashing type */
+	protected $default_type;
+
+	/**
+	 * Constructor.
+	 *
+	 * @param \phpbb\config\config $config
+	 * @param \phpbb\db\driver\driver_interface $db
+	 * @param \phpbb\lock\db $update_lock
+	 * @param \phpbb\passwords\manager $passwords_manager
+	 * @param array $hashing_algorithms Hashing driver
+	 *			service collection
+	 * @param array $defaults Default password types
+	 */
+	public function __construct(\phpbb\config\config $config, \phpbb\db\driver\driver_interface $db, \phpbb\lock\db $update_lock, \phpbb\passwords\manager $passwords_manager, $hashing_algorithms, $defaults)
+	{
+		$this->config = $config;
+		$this->db = $db;
+		$this->passwords_manager = $passwords_manager;
+		$this->update_lock = $update_lock;
+
+		foreach ($defaults as $type)
+		{
+			if ($hashing_algorithms[$type]->is_supported())
+			{
+				$this->default_type = $type;
+				break;
+			}
+		}
+	}
+
+	/**
+	 * {@inheritdoc}
+	 */
+	public function is_runnable()
+	{
+		return !$this->config['use_system_cron'];
+	}
+
+	/**
+	 * {@inheritdoc}
+	 */
+	public function should_run()
+	{
+		if (!empty($this->config['update_hashes_lock']))
+		{
+			$last_run = explode(' ', $this->config['update_hashes_lock']);
+			if ($last_run[0] + 60 >= time())
+			{
+				return false;
+			}
+		}
+
+		return $this->config['enable_update_hashes'] && $this->config['update_hashes_last_cron'] < (time() - 60);
+	}
+
+	/**
+	 * {@inheritdoc}
+	 */
+	public function run()
+	{
+		if ($this->update_lock->acquire())
+		{
+			$sql = 'SELECT user_id, user_password
+				FROM ' . USERS_TABLE . '
+				WHERE user_password ' . $this->db->sql_like_expression('$H$' . $this->db->get_any_char()) . '
+				OR user_password ' . $this->db->sql_like_expression('$CP$' . $this->db->get_any_char());
+			$result = $this->db->sql_query_limit($sql, 20);
+
+			$affected_rows = 0;
+
+			while ($row = $this->db->sql_fetchrow($result))
+			{
+				$new_hash = $this->passwords_manager->hash($row['user_password'], array($this->default_type));
+
+				// Increase number so we know that users were selected from the database
+				$affected_rows++;
+
+				$sql = 'UPDATE ' . USERS_TABLE . '
+					SET user_password = "' . $this->db->sql_escape($new_hash) . '"
+					WHERE user_id = ' . (int) $row['user_id'];
+				$this->db->sql_query($sql);
+			}
+
+			$this->config->set('update_hashes_last_cron', time());
+			$this->update_lock->release();
+
+			// Stop cron for good once all hashes are converted
+			if ($affected_rows === 0)
+			{
+				$this->config->set('enable_update_hashes', '0');
+			}
+		}
+	}
+}
diff --git a/phpBB/phpbb/db/migration/data/v31x/add_jabber_ssl_context_config_options.php b/phpBB/phpbb/db/migration/data/v31x/add_jabber_ssl_context_config_options.php
new file mode 100644
index 0000000000..9f416fe069
--- /dev/null
+++ b/phpBB/phpbb/db/migration/data/v31x/add_jabber_ssl_context_config_options.php
@@ -0,0 +1,32 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+namespace phpbb\db\migration\data\v31x;
+
+class add_jabber_ssl_context_config_options extends \phpbb\db\migration\migration
+{
+	static public function depends_on()
+	{
+		return array('\phpbb\db\migration\data\v31x\v3110');
+	}
+
+	public function update_data()
+	{
+		return array(
+			// See http://php.net/manual/en/context.ssl.php
+			array('config.add', array('jab_verify_peer', 1)),
+			array('config.add', array('jab_verify_peer_name', 1)),
+			array('config.add', array('jab_allow_self_signed', 0)),
+		);
+	}
+}
diff --git a/phpBB/phpbb/db/migration/data/v31x/add_latest_topics_index.php b/phpBB/phpbb/db/migration/data/v31x/add_latest_topics_index.php
new file mode 100644
index 0000000000..fa2899e348
--- /dev/null
+++ b/phpBB/phpbb/db/migration/data/v31x/add_latest_topics_index.php
@@ -0,0 +1,51 @@
+<?php
+/**
+ *
+ * This file is part of the phpBB Forum Software package.
+ *
+ * @copyright (c) phpBB Limited <https://www.phpbb.com>
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
+
+namespace phpbb\db\migration\data\v31x;
+
+class add_latest_topics_index extends \phpbb\db\migration\migration
+{
+	static public function depends_on()
+	{
+		return array(
+			'\phpbb\db\migration\data\v31x\v3110',
+		);
+	}
+
+	public function update_schema()
+	{
+		return array(
+			'add_index' => array(
+				$this->table_prefix . 'topics' => array(
+					'latest_topics'	=> array(
+						'forum_id',
+						'topic_last_post_time',
+						'topic_last_post_id',
+						'topic_moved_id',
+					),
+				),
+			),
+		);
+	}
+
+	public function revert_schema()
+	{
+		return array(
+			'drop_keys' => array(
+				$this->table_prefix . 'topics' => array(
+					'latest_topics',
+				),
+			),
+		);
+	}
+}
diff --git a/phpBB/phpbb/db/migration/data/v31x/update_hashes.php b/phpBB/phpbb/db/migration/data/v31x/update_hashes.php
new file mode 100644
index 0000000000..aa83c3ffbf
--- /dev/null
+++ b/phpBB/phpbb/db/migration/data/v31x/update_hashes.php
@@ -0,0 +1,33 @@
+<?php
+/**
+ *
+ * This file is part of the phpBB Forum Software package.
+ *
+ * @copyright (c) phpBB Limited <https://www.phpbb.com>
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
+
+namespace phpbb\db\migration\data\v31x;
+
+class update_hashes extends \phpbb\db\migration\migration
+{
+	static public function depends_on()
+	{
+		return array(
+			'\phpbb\db\migration\data\v31x\v3110',
+		);
+	}
+
+	public function update_data()
+	{
+		return array(
+			array('config.add', array('enable_update_hashes', '1')),
+			array('config.add', array('update_hashes_lock', '')),
+			array('config.add', array('update_hashes_last_cron', '0'))
+		);
+	}
+}
diff --git a/phpBB/phpbb/profilefields/type/type_date.php b/phpBB/phpbb/profilefields/type/type_date.php
index 90ac9a6703..63a0c79a3d 100644
--- a/phpBB/phpbb/profilefields/type/type_date.php
+++ b/phpBB/phpbb/profilefields/type/type_date.php
@@ -264,7 +264,7 @@ class type_date extends type_base
 		}
 
 		$profile_row['s_year_options'] = '<option value="0"' . ((!$year) ? ' selected="selected"' : '') . '>--</option>';
-		for ($i = $now['year'] - 100; $i <= $now['year'] + 100; $i++)
+		for ($i = 1901; $i <= $now['year'] + 50; $i++)
 		{
 			$profile_row['s_year_options'] .= '<option value="' . $i . '"' . (($i == $year) ? ' selected="selected"' : '') . ">$i</option>";
 		}
diff --git a/phpBB/phpbb/request/request.php b/phpBB/phpbb/request/request.php
index 4cac6fbaea..00ff9064cb 100644
--- a/phpBB/phpbb/request/request.php
+++ b/phpBB/phpbb/request/request.php
@@ -169,12 +169,6 @@ class request implements \phpbb\request\request_interface
 				$GLOBALS[$this->super_globals[$super_global]][$var_name] = $value;
 			}
 		}
-
-		if (!$this->super_globals_disabled())
-		{
-			unset($GLOBALS[$this->super_globals[$super_global]][$var_name]);
-			$GLOBALS[$this->super_globals[$super_global]][$var_name] = $value;
-		}
 	}
 
 	/**