- fixed a few smaller things

git-svn-id: file:///svn/phpbb/trunk@5952 89ea8834-ac86-4346-8a33-228a782c2dd0
2025-05-08 08:35:31 +02:00 · 2006-05-20 18:39:35 +00:00 · 2006-05-20 18:39:35 +00:00 · 5029170afb
commit 5029170afb
parent 037f0bf4da
28 changed files with 118 additions and 106 deletions
--- a/phpBB/adm/style/acp_users.html
+++ b/phpBB/adm/style/acp_users.html
@ -453,6 +453,7 @@
 				<dd><input name="uploadurl" type="text" id="uploadurl" value="" /></dd>
 			</dl>
 		<!-- ENDIF -->
 		<!-- IF S_ALLOW_REMOTE -->
 			<dl>
 				<dt><label for="remotelink">{L_LINK_REMOTE_AVATAR}:</label><br /><span>{L_LINK_REMOTE_AVATAR_EXPLAIN}</span></dt>
 				<dd><input name="remotelink" type="text" id="remotelink" value="" /></dd>
@ -461,6 +462,7 @@
 				<dt><label for="width">{L_LINK_REMOTE_SIZE}:</label><br /><span>{L_LINK_REMOTE_SIZE_EXPLAIN}</span></dt>
 				<dd><input name="width" type="text" id="width" size="3" value="{USER_AVATAR_WIDTH}" /> <span>px X </span> <input type="text" name="height" size="3" value="{USER_AVATAR_HEIGHT}" /> <span>px</span></dd>
 			</dl>
 		<!-- ENDIF -->
 		<!-- IF S_DISPLAY_GALLERY -->
 			<dl> 
 				<dt><label>{L_AVATAR_GALLERY}:</label></dt>
--- a/phpBB/includes/acm/acm_main.php
+++ b/phpBB/includes/acm/acm_main.php
@ -187,7 +187,7 @@ class cache extends acm
 					AND g.allow_group = 1';
 			$result = $db->sql_query($sql);
-			$extensions = array();
+			$extensions = array('_allowed_' => array());
 			while ($row = $db->sql_fetchrow($result))
 			{
 				$extension = strtolower(trim($row['extension']));
--- a/phpBB/includes/acp/acp_email.php
+++ b/phpBB/includes/acp/acp_email.php
@ -36,8 +36,8 @@ class acp_email
 		{
 			// Error checking needs to go here ... if no subject and/or no message then skip 
 			// over the send and return to the form
-			$subject		= html_entity_decode(request_var('subject', '', true));
+			$subject		= request_var('subject', '', true);
-			$message		= html_entity_decode(request_var('message', '', true));
+			$message		= request_var('message', '', true);
 			$use_queue		= (isset($_POST['send_immediatly'])) ? false : true;
 			$priority		= request_var('mail_priority_flag', MAIL_NORMAL_PRIORITY);
@ -150,14 +150,14 @@ class acp_email
 					$messenger->headers('X-AntiAbuse: Username - ' . $user->data['username']);
 					$messenger->headers('X-AntiAbuse: User IP - ' . $user->ip);
-					$messenger->subject($subject);
+					$messenger->subject(html_entity_decode($subject));
 					$messenger->replyto($config['board_email']);
 					$messenger->set_mail_priority($priority);
 					$messenger->assign_vars(array(
 						'SITENAME'		=> $config['sitename'],
 						'CONTACT_EMAIL' => $config['board_contact'],
-						'MESSAGE'		=> $message)
+						'MESSAGE'		=> html_entity_decode($message))
 					);
 					if (!($messenger->send($used_method)))
@ -216,8 +216,8 @@ class acp_email
 			'S_GROUP_OPTIONS'		=> $select_list,
 			'USERNAMES'				=> $usernames,
 			'U_FIND_USERNAME'		=> $phpbb_root_path . "memberlist.$phpEx$SID&amp;mode=searchuser&amp;form=acp_email&amp;field=usernames",
-			'SUBJECT'				=> request_var('subject', '', true),
+			'SUBJECT'				=> $subject,
-			'MESSAGE'				=> request_var('message', '', true),
+			'MESSAGE'				=> $message,
 			'S_PRIORITY_OPTIONS'	=> $s_priority_options)
 		);
--- a/phpBB/includes/acp/acp_main.php
+++ b/phpBB/includes/acp/acp_main.php
@ -127,7 +127,7 @@ class acp_main
 							$messenger->assign_vars(array(
 								'EMAIL_SIG'		=> $sig,
-								'USERNAME'		=> $row['username'],
+								'USERNAME'		=> html_entity_decode($row['username']),
 								'SITENAME'		=> $config['sitename'],
 								'REGISTER_DATE'	=> $user->format_date($row['user_regdate']), 
--- a/phpBB/includes/acp/acp_users.php
+++ b/phpBB/includes/acp/acp_users.php
@ -263,7 +263,7 @@ class acp_users
 								$messenger->assign_vars(array(
 									'SITENAME'		=> $config['sitename'],
 									'WELCOME_MSG'	=> sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename']),
-									'USERNAME'		=> $user_row['username'],
+									'USERNAME'		=> html_entity_decode($user_row['username']),
 									'EMAIL_SIG'		=> str_replace('<br />', "\n", "-- \n" . $config['board_email_sig']),
 									'U_ACTIVATE'	=> "$server_url/ucp.$phpEx?mode=activate&u={$user_row['user_id']}&k=$user_actkey")
@ -1277,7 +1277,7 @@ class acp_users
 					{
 						$data['user_id'] = $user_id;
-						if ((!empty($_FILES['uploadfile']['name']) || $data['uploadurl']) && $can_upload)
+						if ((!empty($_FILES['uploadfile']['name']) || $data['uploadurl']) && $can_upload && $config['allow_avatar_upload'])
 						{
 							list($type, $filename, $width, $height) = avatar_upload($data, $error);
 						}
@ -1347,6 +1347,8 @@ class acp_users
 				// Generate users avatar
 				if ($user_row['user_avatar'])
 				{
 					$avatar_img = '';
 					switch ($user_row['user_avatar_type'])
 					{
 						case AVATAR_UPLOAD:
@ -1357,8 +1359,8 @@ class acp_users
 							$avatar_img = $phpbb_root_path . $config['avatar_gallery_path'] . '/';
 						break;
 					}
 					$avatar_img .= $user_row['user_avatar'];
 					$avatar_img .= $user_row['user_avatar'];
 					$avatar_img = '<img src="' . $avatar_img . '" width="' . $user_row['user_avatar_width'] . '" height="' . $user_row['user_avatar_height'] . '" alt="" />';
 				}
 				else
@ -1375,7 +1377,8 @@ class acp_users
 				$template->assign_vars(array(
 					'S_AVATAR'			=> true,
-					'S_CAN_UPLOAD'		=> $can_upload,
+					'S_CAN_UPLOAD'		=> ($can_upload && $config['allow_avatar_upload']) ? true : false,
 					'S_ALLOW_REMOTE'	=> ($config['allow_avatar_remote']) ? true : false,
 					'S_DISPLAY_GALLERY'	=> ($config['allow_avatar_local'] && !$display_gallery) ? true : false,
 					'S_IN_GALLERY'		=> ($config['allow_avatar_local'] && $display_gallery) ? true : false,
--- a/phpBB/includes/functions_posting.php
+++ b/phpBB/includes/functions_posting.php
@ -682,15 +682,27 @@ function load_drafts($topic_id = 0, $forum_id = 0, $id = 0)
 	global $user, $db, $template, $auth;
 	global $phpbb_root_path, $phpEx, $SID;
-	$topic_ids = $draft_rows = array();
+	$topic_ids = $forum_ids = $draft_rows = array();
 	// Load those drafts not connected to forums/topics
 	// If forum_id == 0 AND topic_id == 0 then this is a PM draft
-	$sql = 'SELECT *
+	if (!$topic_id && !$forum_id)
-		FROM ' . DRAFTS_TABLE . '
+	{
-			WHERE user_id = ' . $user->data['user_id'] . '
+		$sql_and = 'AND d.forum_id = 0 AND d.topic_id = 0';
-			AND (forum_id = 0 OR topic_id = 0)
+	}
-		ORDER BY save_time DESC';
+	else
 	{
 		$sql_and = '';
 		$sql_and .= ($forum_id) ? 'AND d.forum_id = ' . $forum_id : '';
 		$sql_and .= ($topic_id) ? 'AND d.topic_id = ' . $topic_id : '';
 	}
 	$sql = 'SELECT d.*, f.forum_id, f.forum_name
 		FROM ' . DRAFTS_TABLE . ' d
 		LEFT JOIN ' . FORUMS_TABLE . ' f ON (f.forum_id = d.forum_id)
 			WHERE d.user_id = ' . $user->data['user_id'] . "
 			$sql_and
 		ORDER BY d.save_time DESC";
 	$result = $db->sql_query($sql);
 	while ($row = $db->sql_fetchrow($result))
@ -703,35 +715,12 @@ function load_drafts($topic_id = 0, $forum_id = 0, $id = 0)
 	}
 	$db->sql_freeresult($result);
 	// Only those fitting into this forum now...
 	if ($forum_id || $topic_id)
 	{
 		$sql = 'SELECT d.draft_id, d.topic_id, d.forum_id, d.draft_subject, d.save_time, f.forum_name
 			FROM ' . DRAFTS_TABLE . ' d, ' . FORUMS_TABLE . ' f
 				WHERE d.user_id = ' . $user->data['user_id'] . '
 				AND d.forum_id = f.forum_id ' . 
 				(($forum_id) ? " AND d.forum_id = $forum_id" : '') . '
 			ORDER BY d.save_time DESC';
 		$result = $db->sql_query($sql);
 		while ($row = $db->sql_fetchrow($result))
 		{
 			if ($row['topic_id'])
 			{
 				$topic_ids[] = (int) $row['topic_id'];
 			}
 			$draft_rows[] = $row;
 		}
 		$db->sql_freeresult($result);
 	}
 	if (!sizeof($draft_rows))
 	{
 		return;
 	}
 	$topic_rows = array();
 	if (sizeof($topic_ids))
 	{
 		$sql = 'SELECT topic_id, forum_id, topic_title
--- a/phpBB/includes/functions_privmsgs.php
+++ b/phpBB/includes/functions_privmsgs.php
@ -1462,9 +1462,9 @@ function pm_notification($mode, $author, $recipients, $subject, $message)
 		$messenger->assign_vars(array(
 			'EMAIL_SIG'		=> $email_sig,
 			'SITENAME'		=> $config['sitename'],
-			'SUBJECT'		=> $subject,
+			'SUBJECT'		=> html_entity_decode($subject),
-			'AUTHOR_NAME'	=> $author,
+			'AUTHOR_NAME'	=> html_entity_decode($author),
-			'USERNAME'		=> $addr['name'],
+			'USERNAME'		=> html_entity_decode($addr['name']),
 			'U_INBOX'		=> generate_board_url() . "/ucp.$phpEx?i=pm&folder=inbox")
 		);
--- a/phpBB/includes/functions_upload.php
+++ b/phpBB/includes/functions_upload.php
@ -307,7 +307,7 @@ class filespec
 		if (!$this->upload->valid_dimensions($this))
 		{
-			$this->error[] = sprintf($user->lang[$this->upload->error_prefix . 'WRONG_SIZE'], $this->upload->min_width, $this->upload->min_height, $this->upload->max_width, $this->upload->max_height);
+			$this->error[] = sprintf($user->lang[$this->upload->error_prefix . 'WRONG_SIZE'], $this->upload->min_width, $this->upload->min_height, $this->upload->max_width, $this->upload->max_height, $this->width, $this->height);
 		}
 	}
 }
--- a/phpBB/includes/functions_user.php
+++ b/phpBB/includes/functions_user.php
@ -982,25 +982,38 @@ function avatar_remote($data, &$error)
 		return false;
 	}
-	if ((!($data['width'] || $data['height']) || $data['remotelink'] != $user->data['user_avatar']) && ($config['avatar_max_width'] || $config['avatar_max_height']))
+	// Make sure getimagesize works...
 	if (($image_data = @getimagesize($data['remotelink'])) === false)
 	{
-		list($width, $height) = @getimagesize($data['remotelink']);
+		$error[] = $user->lang['AVATAR_URL_INVALID'];
 		return false;
 	}
-		if (!$width || !$height)
+	$width = ($data['width'] && $data['height']) ? $data['width'] : $image_data[0];
 	$height = ($data['width'] && $data['height']) ? $data['height'] : $image_data[1];
 	if (!$width || !$height)
 	{
 		$error[] = $user->lang['AVATAR_NO_SIZE'];
 		return false;
 	}
 	if ($config['avatar_max_width'] || $config['avatar_max_height'])
 	{
 		if ($width > $config['avatar_max_width'] || $height > $config['avatar_max_height'])
 		{
-			$error[] = $user->lang['AVATAR_NO_SIZE'];
+			$error[] = sprintf($user->lang['AVATAR_WRONG_SIZE'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], $width, $height);
 			return false;
 		}
 		else if ($width > $config['avatar_max_width'] || $height > $config['avatar_max_height'])
 		{
 			$error[] = sprintf($user->lang['AVATAR_WRONG_SIZE'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height']);
 			return false;
 		}
 	}
-	else if ($data['width'] > $config['avatar_max_width'] || $data['height'] > $config['avatar_max_height'])
+
 	if ($config['avatar_min_width'] || $config['avatar_min_height'])
 	{
-		$error[] = sprintf($user->lang['AVATAR_WRONG_SIZE'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height']);
+		if ($width < $config['avatar_min_width'] || $height < $config['avatar_min_height'])
-		return false;
+		{
 			$error[] = sprintf($user->lang['AVATAR_WRONG_SIZE'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], $width, $height);
 			return false;
 		}
 	}
 	return array(AVATAR_REMOTE, $data['remotelink'], $width, $height);
--- a/phpBB/includes/mcp/mcp_notes.php
+++ b/phpBB/includes/mcp/mcp_notes.php
@ -116,7 +116,7 @@ function mcp_notes_user_view($id, $mode, $action)
 			add_log('admin', 'LOG_CLEAR_USER', $userrow['username']);
-			$msg = ($deletemark) ? 'MARKED_DELETED' : 'ALL_DELETED';
+			$msg = ($deletemark) ? 'MARKED_NOTES_DELETED' : 'ALL_NOTES_DELETED';
 			$redirect = "mcp.$phpEx$SID&amp;i=$id&amp;mode=$mode&amp;u=$user_id";
 			meta_refresh(2, $redirect);
 			trigger_error($user->lang[$msg] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a>'));
--- a/phpBB/includes/mcp/mcp_queue.php
+++ b/phpBB/includes/mcp/mcp_queue.php
@ -458,12 +458,12 @@ function approve_post($post_id_list, $mode)
 				$messenger->assign_vars(array(
 					'EMAIL_SIG'		=> $email_sig,
 					'SITENAME'		=> $config['sitename'],
-					'USERNAME'		=> $post_data['username'],
+					'USERNAME'		=> html_entity_decode($post_data['username']),
-					'POST_SUBJECT'	=> censor_text($post_data['post_subject']),
+					'POST_SUBJECT'	=> html_entity_decode(censor_text($post_data['post_subject'])),
-					'TOPIC_TITLE'	=> censor_text($post_data['topic_title']),
+					'TOPIC_TITLE'	=> html_entity_decode(censor_text($post_data['topic_title'])),
-					'U_VIEW_TOPIC'	=> "{$phpbb_root_path}viewtopic.$phpEx?f=$forum_id&t={$post_data['topic_id']}&e=0",
+					'U_VIEW_TOPIC'	=> generate_board_url() . "/viewtopic.$phpEx?f=$forum_id&t={$post_data['topic_id']}&e=0",
-					'U_VIEW_POST'	=> "{$phpbb_root_path}viewtopic.$phpEx?f=$forum_id&t={$post_data['topic_id']}&p=$post_id&e=$post_id")
+					'U_VIEW_POST'	=> generate_board_url() . "/viewtopic.$phpEx?f=$forum_id&t={$post_data['topic_id']}&p=$post_id&e=$post_id")
 				);
 				$messenger->send($post_data['user_notify_type']);
@ -550,6 +550,7 @@ function disapprove_post($post_id_list, $mode)
 	);
 	$notify_poster = (isset($_REQUEST['notify_poster'])) ? true : false;
 	$disapprove_reason = '';
 	if ($reason_id)
 	{
@ -569,8 +570,7 @@ function disapprove_post($post_id_list, $mode)
 		{
 			// If the reason is defined within the language file, we will use the localized version, else just use the database entry...
 			$disapprove_reason = ($row['reason_title'] != 'other') ? ((isset($user->lang['report_reasons']['DESCRIPTION'][strtoupper($row['reason_title'])])) ? $user->lang['report_reasons']['DESCRIPTION'][strtoupper($row['reason_title'])] : $row['reason_description']) : '';
-			$disapprove_reason .= ($reason) ? "\n\n" . $_REQUEST['reason'] : '';
+			$disapprove_reason .= ($reason) ? "\n\n" . $reason : '';
 			unset($reason);
 		}
 	}
@ -671,10 +671,10 @@ function disapprove_post($post_id_list, $mode)
 				$messenger->assign_vars(array(
 					'EMAIL_SIG'		=> $email_sig,
 					'SITENAME'		=> $config['sitename'],
-					'USERNAME'		=> $post_data['username'],
+					'USERNAME'		=> html_entity_decode($post_data['username']),
-					'REASON'		=> $disapprove_reason,
+					'REASON'		=> html_entity_decode($disapprove_reason),
-					'POST_SUBJECT'	=> censor_text($post_data['post_subject']),
+					'POST_SUBJECT'	=> html_entity_decode(censor_text($post_data['post_subject'])),
-					'TOPIC_TITLE'	=> censor_text($post_data['topic_title']))
+					'TOPIC_TITLE'	=> html_entity_decode(censor_text($post_data['topic_title'])))
 				);
 				$messenger->send($post_data['user_notify_type']);
--- a/phpBB/includes/mcp/mcp_reports.php
+++ b/phpBB/includes/mcp/mcp_reports.php
@ -461,10 +461,10 @@ function close_report($post_id_list, $mode, $action)
 				$messenger->assign_vars(array(
 					'EMAIL_SIG'		=> $email_sig,
 					'SITENAME'		=> $config['sitename'],
-					'USERNAME'		=> $reporter['username'],
+					'USERNAME'		=> html_entity_decode($reporter['username']),
-					'CLOSER_NAME'	=> $user->data['username'],
+					'CLOSER_NAME'	=> html_entity_decode($user->data['username']),
-					'POST_SUBJECT'	=> censor_text($post_info[$post_id]['post_subject']),
+					'POST_SUBJECT'	=> html_entity_decode(censor_text($post_info[$post_id]['post_subject'])),
-					'TOPIC_TITLE'	=> censor_text($post_info[$post_id]['topic_title']))
+					'TOPIC_TITLE'	=> html_entity_decode(censor_text($post_info[$post_id]['topic_title'])))
 				);
 				$messenger->send($reporter['user_notify_type']);
--- a/phpBB/includes/ucp/ucp_activate.php
+++ b/phpBB/includes/ucp/ucp_activate.php
@ -87,7 +87,7 @@ class ucp_activate
 			$messenger->assign_vars(array(
 				'SITENAME'	=> $config['sitename'],
-				'USERNAME'	=> $row['username'],
+				'USERNAME'	=> html_entity_decode($row['username']),
 				'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $config['board_email_sig']))
 			);
--- a/phpBB/includes/ucp/ucp_groups.php
+++ b/phpBB/includes/ucp/ucp_groups.php
@ -176,8 +176,8 @@ class ucp_groups
 									$messenger->assign_vars(array(
 										'EMAIL_SIG'		=> $email_sig,
 										'SITENAME'		=> $config['sitename'],
-										'USERNAME'		=> $row['username'],
+										'USERNAME'		=> html_entity_decode($row['username']),
-										'GROUP_NAME'	=> $group_row[$group_id]['group_name'],
+										'GROUP_NAME'	=> html_entity_decode($group_row[$group_id]['group_name']),
 										'U_PENDING'		=> generate_board_url() . "/ucp.$phpEx?i=usergroups&mode=manage",
 										'U_GROUP'		=> generate_board_url() . "/memberlist.$phpEx?mode=group&g=$group_id")
--- a/phpBB/includes/ucp/ucp_main.php
+++ b/phpBB/includes/ucp/ucp_main.php
@ -604,6 +604,7 @@ class ucp_main
 			case 'drafts':
 				$pm_drafts = ($this->p_master->p_name == 'pm') ? true : false;
 				$template->assign_var('S_SHOW_DRAFTS', true);
 				$user->add_lang('posting');
--- a/phpBB/includes/ucp/ucp_pm_compose.php
+++ b/phpBB/includes/ucp/ucp_pm_compose.php
@ -332,7 +332,8 @@ function compose_pm($id, $mode, $action)
 	{
 		$sql = 'SELECT draft_id
 			FROM ' . DRAFTS_TABLE . '
-			WHERE (forum_id = 0 AND topic_id = 0)
+			WHERE forum_id = 0
 				AND topic_id = 0
 				AND user_id = ' . $user->data['user_id'] .
 				(($draft_id) ? " AND draft_id <> $draft_id" : '');
 		$result = $db->sql_query_limit($sql, 1);
@ -397,7 +398,7 @@ function compose_pm($id, $mode, $action)
 		if ($row = $db->sql_fetchrow($result))
 		{
 			$_REQUEST['subject'] = $row['draft_subject'];
-			$_POST['message'] = $row['draft_message'];
+			$_REQUEST['message'] = $row['draft_message'];
 			$refresh = true;
 			$template->assign_var('S_DRAFT_LOADED', true);
 		}
--- a/phpBB/includes/ucp/ucp_profile.php
+++ b/phpBB/includes/ucp/ucp_profile.php
@ -136,7 +136,7 @@ class ucp_profile
 							$messenger->assign_vars(array(
 								'SITENAME'		=> $config['sitename'],
-								'USERNAME'		=> $username,
+								'USERNAME'		=> html_entity_decode($username),
 								'EMAIL_SIG'		=> str_replace('<br />', "\n", "-- \n" . $config['board_email_sig']),
 								'U_ACTIVATE'	=> "$server_url/ucp.$phpEx?mode=activate&u={$user->data['user_id']}&k=$user_actkey")
@ -162,7 +162,7 @@ class ucp_profile
 									$messenger->im($row['user_jabber'], $row['username']);
 									$messenger->assign_vars(array(
-										'USERNAME'		=> $username,
+										'USERNAME'		=> html_entity_decode($username),
 										'EMAIL_SIG'		=> str_replace('<br />', "\n", "-- \n" . $config['board_email_sig']),
 										'U_ACTIVATE'	=> "$server_url/ucp.$phpEx?mode=activate&u={$user->data['user_id']}&k=$user_actkey")
--- a/phpBB/includes/ucp/ucp_register.php
+++ b/phpBB/includes/ucp/ucp_register.php
@ -327,8 +327,8 @@ class ucp_register
 					$messenger->assign_vars(array(
 						'SITENAME'		=> $config['sitename'],
 						'WELCOME_MSG'	=> sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename']),
-						'USERNAME'		=> $username,
+						'USERNAME'		=> html_entity_decode($username),
-						'PASSWORD'		=> $password_confirm,
+						'PASSWORD'		=> html_entity_decode($password_confirm),
 						'EMAIL_SIG'		=> str_replace('<br />', "\n", "-- \n" . $config['board_email_sig']),
 						'U_ACTIVATE'	=> "$server_url/ucp.$phpEx?mode=activate&u=$user_id&k=$user_actkey")
@ -365,7 +365,7 @@ class ucp_register
 							$messenger->im($row['user_jabber'], $row['username']);
 							$messenger->assign_vars(array(
-								'USERNAME'		=> $username,
+								'USERNAME'		=> html_entity_decode($username),
 								'EMAIL_SIG'		=> str_replace('<br />', "\n", "-- \n" . $config['board_email_sig']),
 								'U_ACTIVATE'	=> "$server_url/ucp.$phpEx?mode=activate&u=$user_id&k=$user_actkey")
--- a/phpBB/includes/ucp/ucp_remind.php
+++ b/phpBB/includes/ucp/ucp_remind.php
@ -69,8 +69,8 @@ class ucp_remind
 			$messenger->assign_vars(array(
 				'SITENAME'	=> $config['sitename'],
-				'USERNAME'	=> $username,
+				'USERNAME'	=> html_entity_decode($username),
-				'PASSWORD'	=> $user_password,
+				'PASSWORD'	=> html_entity_decode($user_password),
 				'EMAIL_SIG'	=> str_replace('<br />', "\n", "-- \n" . $config['board_email_sig']),
 				'U_ACTIVATE'	=> "$server_url/ucp.$phpEx?mode=activate&u=$user_id&k=$user_actkey")
--- a/phpBB/includes/ucp/ucp_resend.php
+++ b/phpBB/includes/ucp/ucp_resend.php
@ -79,7 +79,7 @@ class ucp_resend
 				$messenger->assign_vars(array(
 					'SITENAME'		=> $config['sitename'],
 					'WELCOME_MSG'	=> sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename']),
-					'USERNAME'		=> $row['username'],
+					'USERNAME'		=> html_entity_decode($row['username']),
 					'EMAIL_SIG'		=> str_replace('<br />', "\n", "-- \n" . $config['board_email_sig']),
 					'U_ACTIVATE'	=> "$server_url/ucp.$phpEx?mode=activate&u={$row['user_id']}&k={$row['user_actkey']}")
@ -117,7 +117,7 @@ class ucp_resend
 					$messenger->im($row['user_jabber'], $row['username']);
 					$messenger->assign_vars(array(
-						'USERNAME'		=> $row['username'],
+						'USERNAME'		=> html_entity_decode($row['username']),
 						'EMAIL_SIG'		=> str_replace('<br />', "\n", "-- \n" . $config['board_email_sig']),
 						'U_ACTIVATE'	=> "$server_url/ucp.$phpEx?mode=activate&u={$row['user_id']}&k={$row['user_actkey']}")
--- a/phpBB/install/install_install.php
+++ b/phpBB/install/install_install.php
@ -1301,8 +1301,8 @@ class install_install extends module
 			$messenger->headers('X-AntiAbuse: User IP - ' . $user->ip);
 			$messenger->assign_vars(array(
-				'USERNAME'		=> $admin_name,
+				'USERNAME'		=> html_entity_decode($admin_name),
-				'PASSWORD'		=> $admin_pass1,
+				'PASSWORD'		=> html_entity_decode($admin_pass1),
 				'U_BOARD'		=> generate_board_url(),
 				'EMAIL_SIG'		=> str_replace('<br />', "\n", "-- \n" . $config['board_email_sig']))
 			);
--- a/phpBB/language/en/common.php
+++ b/phpBB/language/en/common.php
@ -73,7 +73,7 @@ $lang = array_merge($lang, array(
 	'AVATAR_URL_INVALID'			=> 'The URL you specified is invalid.',
 	'AVATAR_URL_NOT_FOUND'			=> 'The file specified could not be found.',
 	'AVATAR_WRONG_FILESIZE'			=> 'The avatar must be between 0 and %1d %2s.',
-	'AVATAR_WRONG_SIZE'				=> 'The avatar must be at least %1$d pixels wide, %2$d pixels high and at most %3$d pixels wide and %4$d pixels high.',
+	'AVATAR_WRONG_SIZE'				=> 'The avatar must be at least %1$d pixels wide, %2$d pixels high and at most %3$d pixels wide and %4$d pixels high. The submitted avatar is %5$d pixels wide and %6$d pixels high.',
 	'BACK_TO_TOP'			=> 'Top',
 	'BBCODE_GUIDE'			=> 'BBCode Guide',
--- a/phpBB/language/en/mcp.php
+++ b/phpBB/language/en/mcp.php
@ -35,6 +35,7 @@ $lang = array_merge($lang, array(
 	'ADD_WARNING'			=> 'Add warning',
 	'ADD_WARNING_EXPLAIN'	=> 'To send a warning to this user please fill out the following form. Only use plain text; HTML, BBCode, etc. are not permitted.',
 	'ALL_ENTRIES'			=> 'All entries',
 	'ALL_NOTES_DELETED'		=> 'Sucessfully removed all user notes',
 	'ALL_REPORTS'			=> 'All reports',
 	'ALREADY_REPORTED'		=> 'This post has already been reported',
 	'ALREADY_WARNED'		=> 'A warning has already been issued for this post',
@ -118,6 +119,8 @@ $lang = array_merge($lang, array(
 	'LOOKUP_ALL'				=> 'Look up all IP',
 	'LOOKUP_IP'					=> 'Look up IP',
 	'MARKED_NOTES_DELETED'		=> 'Sucessfully removed all marked user notes',
 	'MCP_ADD'						=> 'Add a warning',
 	'MCP_BAN'					=> 'Banning',
--- a/phpBB/language/en/posting.php
+++ b/phpBB/language/en/posting.php
@ -193,7 +193,7 @@ $lang = array_merge($lang, array(
 	'VIEW_MESSAGE'				=> 'Click %sHere%s to view your message',
 	'WRONG_FILESIZE'			=> 'The file is too big, maximum allowed size is %1d %2s',
-	'WRONG_SIZE'				=> 'The image must be at least %1$d pixels wide, %2$d pixels high and at most %3$d pixels wide and %4$d pixels high.',
+	'WRONG_SIZE'				=> 'The image must be at least %1$d pixels wide, %2$d pixels high and at most %3$d pixels wide and %4$d pixels high. The submitted image is %5$d pixels wide and %6$d pixels high.',
 ));
 ?>
--- a/phpBB/memberlist.php
+++ b/phpBB/memberlist.php
@ -260,12 +260,12 @@ switch ($mode)
 					include_once($phpbb_root_path . 'includes/functions_messenger.'.$phpEx);
 					$subject = sprintf($user->lang['IM_JABBER_SUBJECT'], $user->data['username'], $config['server_name']);
-					$message = $_POST['message'];
+					$message = request_var('message', '', true);
 					$messenger = new messenger();
 					$messenger->template('profile_send_email', $row['user_lang']);
-					$messenger->subject($subject);
+					$messenger->subject(html_entity_decode($subject));
 					$messenger->replyto($user->data['user_email']);
 					$messenger->im($row['user_jabber'], $row['username']);
@ -273,9 +273,9 @@ switch ($mode)
 					$messenger->assign_vars(array(
 						'SITENAME'		=> $config['sitename'],
 						'BOARD_EMAIL'	=> $config['board_contact'],
-						'FROM_USERNAME' => $user->data['username'],
+						'FROM_USERNAME' => html_entity_decode($user->data['username']),
-						'TO_USERNAME'	=> $row['username'],
+						'TO_USERNAME'	=> html_entity_decode($row['username']),
-						'MESSAGE'		=> $message)
+						'MESSAGE'		=> html_entity_decode($message))
 					);
 					$messenger->send(NOTIFY_IM);
@ -289,10 +289,10 @@ switch ($mode)
 		// Send vars to the template
 		$template->assign_vars(array(
 			'IM_CONTACT'	=> $row[$sql_field],
-			'USERNAME'		=> addslashes($row['username']),
+			'USERNAME'		=> $row['username'],
 			'EMAIL'			=> $row['user_email'],
 			'CONTACT_NAME'	=> $row[$sql_field],
-			'SITENAME'		=> addslashes($config['sitename']),
+			'SITENAME'		=> $config['sitename'],
 			'PRESENCE_IMG'		=> $presence_img,
@ -616,7 +616,7 @@ switch ($mode)
 				if ($user_id)
 				{
-					$messenger->subject($subject);
+					$messenger->subject(html_entity_decode($subject));
 					$messenger->im($row['user_jabber'], $row['username']);
 					$notify_type = $row['user_notify_type'];
 				}
--- a/phpBB/styles/subSilver/template/ucp_footer.html
+++ b/phpBB/styles/subSilver/template/ucp_footer.html
@ -1,5 +1,5 @@
-		<!-- IF not S_PRIVMSGS --></form><!-- ENDIF --></td>
+		<!-- IF not S_PRIVMSGS or S_SHOW_DRAFTS --></form><!-- ENDIF --></td>
 	</tr>
 </table>
--- a/phpBB/styles/subSilver/template/ucp_header.html
+++ b/phpBB/styles/subSilver/template/ucp_header.html
@ -156,4 +156,4 @@
 		</td>
 		<td><img src="images/spacer.gif" width="4" alt="" /></td>
-		<td width="80%" valign="top"><!-- IF not S_PRIVMSGS --><form name="ucp" id="ucp" method="post" action="{S_UCP_ACTION}"{S_FORM_ENCTYPE}><!-- ENDIF -->
+		<td width="80%" valign="top"><!-- IF not S_PRIVMSGS or S_SHOW_DRAFTS --><form name="ucp" id="ucp" method="post" action="{S_UCP_ACTION}"{S_FORM_ENCTYPE}><!-- ENDIF -->
--- a/phpBB/styles/subSilver/template/ucp_main_drafts.html
+++ b/phpBB/styles/subSilver/template/ucp_main_drafts.html
@ -32,10 +32,10 @@
 		<td class="postdetails" style="padding: 4px;" nowrap="nowrap">{draftrow.DATE}</td>
 		<td style="padding: 4px;" valign="top" width="100%">
 			<p class="topictitle">{draftrow.DRAFT_SUBJECT}</p>
-			<!-- IF draftrow.S_LINK_TOPIC --><br /><span class="gensmall">{L_TOPIC}: <a href="{draftrow.U_VIEW}">{draftrow.TITLE}</a></span>
+			<!-- IF draftrow.S_LINK_TOPIC --><span class="gensmall">{L_TOPIC}: <a href="{draftrow.U_VIEW}">{draftrow.TITLE}</a></span>
-			<!-- ELSEIF draftrow.S_LINK_FORUM --><br /><span class="gensmall">{L_FORUM}: <a href="{draftrow.U_VIEW}">{draftrow.TITLE}</a></span>
+			<!-- ELSEIF draftrow.S_LINK_FORUM --><span class="gensmall">{L_FORUM}: <a href="{draftrow.U_VIEW}">{draftrow.TITLE}</a></span>
-			<!-- ELSEIF draftrow.S_LINK_PM --><br /><span class="gensmall">{L_PRIVATE_MESSAGE}</span>
+			<!-- ELSEIF draftrow.S_LINK_PM --><span class="gensmall">{L_PRIVATE_MESSAGE}</span>
-			<!-- ELSE --><br /><span class="gensmall">{L_NO_TOPIC_FORUM}</span><!-- ENDIF -->
+			<!-- ELSE --><span class="gensmall">{L_NO_TOPIC_FORUM}</span><!-- ENDIF -->
 		</td>
 		<td style="padding: 4px;" align="center" nowrap="nowrap"><span class="genmed"><!-- IF draftrow.U_INSERT --><a href="{draftrow.U_INSERT}">{L_LOAD_DRAFT}</a><br /><!-- ENDIF --><a href="{draftrow.U_VIEW_EDIT}">{L_VIEW_EDIT}</a></td>
 		<td style="padding: 4px;" align="center"><input type="checkbox" name="d[{draftrow.DRAFT_ID}]" /></td>