Phorum 5.2.23

Missing column force_password_change added.
Quoted text lines truncated after 50 characters #1020.

Phorum 5.2.22

• Redirect to index.php when there's no query string (fixing #1000).
• Replaced shortened array syntax as of PHP 5.4.
• Workaround for corrupted serialized meta data. When database encoding changed from single to multibyte character set unserialize function fails for data with multibyte characters.
• Check banlists for addon.php.
• random_int function defined too late.
• Force password change option. Start of renovation of our password system. First step: New administrator option to force a password change for individual or all users via the control center. After reload a page or after logging-in
  the user lands directly on the (already existing) "change password" dialog in the control center. A message in a red box says "For security reasons, you are required to change your password.". The user can only move inside the control center until he changed the password. Every other link is redirected to the change password dialog.
• Filter link for IP address in user admin panel. Provides an IP address filter clickable link without opening "details". Provided by Scott Finegan.

Template changes:

• Changed some indents and removed comment to closed trac issue 213.
• Unnecessary closing div removed.
• Revision of emerald template.

Phorum 5.2.21

• Convert $PHORUM = $GLOBALS['PHORUM'] to global $PHORUM (fixing #598)
• Fixing various invalid index warnings
• W3C validator: There is no attribute "onChange" (fixing #908)
• W3C validator: Value of attribute "method" cannot be "POST"
• Missing alt-attributes added
• Module Tidy Output is corrupting avatar images (fixing #911)
• Id and name attribute value mismatch (fixing #917)
• Fix character set for search title
• Multi byte safe word wrapping
• Do not substitute smileys in html entities (fixing #827)
• Replace nobr by css
• Create thumbnails as PNG (fixing #895)
• Fix Group Membership filtering
• Random Extension: Implements a PHP 5.x fallback for random_bytes and random_int functions
• Data validation enhanced (fixing #1001 partly)
• Set cookies with httponly (fixing #1001 partly)
• X-Frame-Options added
• Add posting token to login and register (fixing #1001 partly)
• Obsolete assignment by reference (&new) removed
• Replaced ENT_COMPAT by ENT_QUOTES
• Made admin interface XHTML 1.0 Transitional compliant
• Replace PHP short tags
• BBCode Module: New settings for stripping message bodies
• Event Logging Module: Support for for ipv6
• SMTP Module: Upgrade phpmailer

Phorum 5.2.20

• fixed message pruning with umlauts in forum name
• fixed possible stored and reflected XSS on attachment preview (minor, only could affect the author himself)
• fixed minor security flaw on IIS and open redirect, reported by Curesec
• send 500 HTTP status code in case of database error
• Fix access check for user given only by user_id (fixing #892 )
• Fixed PHP 5.4 notice for iScramble code