Merge branch 'develop-olympus' into develop

* develop-olympus:
  [ticket/7332] Fix post details expand link rendering on Webkit.
  [ticket/9162] Prevent notice on unset poll title
  [ticket/7417] Also focus search keywords and username in subsilver2.
  [ticket/7417] Focus username field when prosilver login page is loaded.
  [ticket/7417] Focus search keywords field when prosilver search page is loaded.
  [ticket/9841] Change "Save" to "Save draft", "Load" to "Load draft".
  [ticket/9664] Resolve conflict with accesskey="t", change addlitsitem to "y".
  [ticket/7538] Limit user_login_attempts to prevent SQL errors.
  [ticket/9848] Add avatars, attachments and store files to .gitignore.
  [ticket/9822] Correct some style related ACP explain statements.
  [ticket/9698] Add .htaccess to the includes subdirectory.
  [ticket/9830] Redirect to install directly when config.php does not exist.
  [ticket/9816] Remove config.php from repository
  [ticket/9810] Hide "Select All" of code bbcode on print page

phpBB/includes/auth/auth_db.php

@@ -134,7 +134,8 @@ function login_db(&$username, &$password)
 				// increase login attempt count to make sure this cannot be exploited
 				$sql = 'UPDATE ' . USERS_TABLE . '
 					SET user_login_attempts = user_login_attempts + 1
-					WHERE user_id = ' . $row['user_id'];
+					WHERE user_id = ' . (int) $row['user_id'] . '
+						AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX;
 				$db->sql_query($sql);
 
 				return array(
@@ -194,7 +195,8 @@ function login_db(&$username, &$password)
 	// Password incorrect - increase login attempts
 	$sql = 'UPDATE ' . USERS_TABLE . '
 		SET user_login_attempts = user_login_attempts + 1
-		WHERE user_id = ' . $row['user_id'];
+		WHERE user_id = ' . (int) $row['user_id'] . '
+			AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX;
 	$db->sql_query($sql);
 
 	// Give status about wrong password...