request->variable, in the file phpbb/request/request.php:

    /**
    * Central type safe input handling function.
    * All variables in GET or POST requests should be retrieved through this function to maximise security.
    * ...
    * @param    bool            $multibyte        If $default is a string this parameter has to be true if the variable may contain any UTF-8 characters
    *                                            Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks
    * ...
    */
    public function variable($var_name, $default, $multibyte = false, $super_global = \phpbb\request\request_interface::REQUEST)

Is there any reason not to default the optional 3rd `multibyte` parameter to `true`? When would silently replacing all non-ASCII bytes with question marks ever be desirable behavior? O_o