Tag 3.0.4

git-svn-id: file:///svn/phpbb/tags/release_3_0_4@9188 89ea8834-ac86-4346-8a33-228a782c2dd0

phpBB/adm/index.php

@@ -45,8 +45,8 @@ define('IN_ADMIN', true);
 $phpbb_admin_path = (defined('PHPBB_ADMIN_PATH')) ? PHPBB_ADMIN_PATH : './';
 
 // Some oft used variables
-$safe_mode		= (@ini_get('safe_mode') || @strtolower(ini_get('safe_mode')) == 'on') ? true : false;
-$file_uploads	= (@ini_get('file_uploads') || strtolower(@ini_get('file_uploads')) == 'on') ? true : false;
+$safe_mode		= (@ini_get('safe_mode') == '1' || strtolower(@ini_get('safe_mode')) === 'on') ? true : false;
+$file_uploads	= (@ini_get('file_uploads') == '1' || strtolower(@ini_get('file_uploads')) === 'on') ? true : false;
 $module_id		= request_var('i', '');
 $mode			= request_var('mode', '');
 
@@ -116,6 +116,7 @@ function adm_page_header($page_title)
 		'ROOT_PATH'				=> $phpbb_admin_path,
 
 		'U_LOGOUT'				=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=logout'),
+		'U_ADM_LOGOUT'			=> append_sid("{$phpbb_admin_path}index.$phpEx", 'action=admlogout'),
 		'U_ADM_INDEX'			=> append_sid("{$phpbb_admin_path}index.$phpEx"),
 		'U_INDEX'				=> append_sid("{$phpbb_root_path}index.$phpEx"),
 
@@ -184,7 +185,7 @@ function adm_page_footer($copyright_html = true)
 				{
 					global $base_memory_usage;
 					$memory_usage -= $base_memory_usage;
-					$memory_usage = ($memory_usage >= 1048576) ? round((round($memory_usage / 1048576 * 100) / 100), 2) . ' ' . $user->lang['MB'] : (($memory_usage >= 1024) ? round((round($memory_usage / 1024 * 100) / 100), 2) . ' ' . $user->lang['KB'] : $memory_usage . ' ' . $user->lang['BYTES']);
+					$memory_usage = get_formatted_filesize($memory_usage);
 
 					$debug_output .= ' | Memory Usage: ' . $memory_usage;
 				}
@@ -367,33 +368,64 @@ function build_cfg_template($tpl_type, $key, &$new, $config_key, $vars)
 }
 
 /**
-* Going through a config array and validate values, writing errors to $error.
+* Going through a config array and validate values, writing errors to $error. The validation method  accepts parameters separated by ':' for string and int.
+* The first parameter defines the type to be used, the second the lower bound and the third the upper bound. Only the type is required.
 */
 function validate_config_vars($config_vars, &$cfg_array, &$error)
 {
 	global $phpbb_root_path, $user;
-
+	$type	= 0;
+	$min	= 1;
+	$max	= 2;
+	
 	foreach ($config_vars as $config_name => $config_definition)
 	{
 		if (!isset($cfg_array[$config_name]) || strpos($config_name, 'legend') !== false)
 		{
 			continue;
 		}
-
+	
 		if (!isset($config_definition['validate']))
 		{
 			continue;
 		}
+		
+		$validator = explode(':', $config_definition['validate']);
 
-		// Validate a bit. ;) String is already checked through request_var(), therefore we do not check this again
-		switch ($config_definition['validate'])
+		// Validate a bit. ;) (0 = type, 1 = min, 2= max)
+		switch ($validator[$type])
 		{
+			case 'string':
+				$length = strlen($cfg_array[$config_name]);
+
+				// the column is a VARCHAR
+				$validator[$max] = (isset($validator[$max])) ? min(255, $validator[$max]) : 255;
+
+				if (isset($validator[$min]) && $length < $validator[$min])
+				{
+					$error[] = sprintf($user->lang['SETTING_TOO_SHORT'], $user->lang[$config_definition['lang']], $validator[$min]);
+				}
+				else if (isset($validator[$max]) && $length > $validator[2])
+				{
+					$error[] = sprintf($user->lang['SETTING_TOO_LONG'], $user->lang[$config_definition['lang']], $validator[$max]);
+				}
+			break;
+
 			case 'bool':
 				$cfg_array[$config_name] = ($cfg_array[$config_name]) ? 1 : 0;
 			break;
 
 			case 'int':
 				$cfg_array[$config_name] = (int) $cfg_array[$config_name];
+
+				if (isset($validator[$min]) && $cfg_array[$config_name] < $validator[$min])
+				{
+					$error[] = sprintf($user->lang['SETTING_TOO_LOW'], $user->lang[$config_definition['lang']], $validator[$min]);
+				}
+				else if (isset($validator[$max]) && $cfg_array[$config_name] > $validator[$max])
+				{
+					$error[] = sprintf($user->lang['SETTING_TOO_BIG'], $user->lang[$config_definition['lang']], $validator[$max]);
+				}
 			break;
 
 			// Absolute path
@@ -508,4 +540,62 @@ function validate_config_vars($config_vars, &$cfg_array, &$error)
 	return;
 }
 
+/**
+* Checks whatever or not a variable is OK for use in the Database
+* param mixed $value_ary An array of the form array(array('lang' => ..., 'value' => ..., 'column_type' =>))'
+* param mixed $error The error array
+*/
+function validate_range($value_ary, &$error)
+{
+	global $user;
+	
+	$column_types = array(
+		'BOOL'	=> array('php_type' => 'int', 		'min' => 0, 				'max' => 1),
+		'USINT'	=> array('php_type' => 'int',		'min' => 0, 				'max' => 65535),
+		'UINT'	=> array('php_type' => 'int', 		'min' => 0, 				'max' => (int) 0x7fffffff),
+		'INT'	=> array('php_type' => 'int', 		'min' => (int) 0x80000000, 	'max' => (int) 0x7fffffff),
+		'TINT'	=> array('php_type' => 'int',		'min' => -128,				'max' => 127),
+		
+		'VCHAR'	=> array('php_type' => 'string', 	'min' => 0, 				'max' => 255),
+	);
+	foreach ($value_ary as $value)
+	{
+		$column = explode(':', $value['column_type']);
+		$max = $min = 0;
+		$type = 0;
+		if (!isset($column_types[$column[0]]))
+		{
+			continue;
+		}
+		else
+		{
+			$type = $column_types[$column[0]];
+		}
+
+		switch ($type['php_type'])
+		{
+			case 'string' :
+				$max = (isset($column[1])) ? min($column[1],$type['max']) : $type['max'];
+				if (strlen($value['value']) > $max)
+				{
+					$error[] = sprintf($user->lang['SETTING_TOO_LONG'], $user->lang[$value['lang']], $max);
+				}
+			break;
+
+			case 'int': 
+				$min = (isset($column[1])) ? max($column[1],$type['min']) : $type['min'];
+				$max = (isset($column[2])) ? min($column[2],$type['max']) : $type['max'];
+				if ($value['value'] < $min)
+				{
+					$error[] = sprintf($user->lang['SETTING_TOO_LOW'], $user->lang[$value['lang']], $min);
+				}
+				else if ($value['value'] > $max)
+				{
+					$error[] = sprintf($user->lang['SETTING_TOO_BIG'], $user->lang[$value['lang']], $max);
+				}
+			break;
+		}
+	}
+}
+
 ?>

phpBB/adm/style/acp_attachments.html

@@ -122,11 +122,11 @@
 			{
 				if (newimage == 'no_image')
 				{
-					document.image_upload_icon.src = "{PHPBB_ROOT_PATH}images/spacer.gif";
+					document.getElementById('image_upload_icon').src = "{PHPBB_ROOT_PATH}images/spacer.gif";
 				}
 				else
 				{
-					document.image_upload_icon.src = "{PHPBB_ROOT_PATH}{IMG_PATH}/" + newimage;
+					document.getElementById('image_upload_icon').src = "{PHPBB_ROOT_PATH}{IMG_PATH}/" + newimage;
 				}
 			}
 
@@ -192,7 +192,7 @@
 			<dd><select name="upload_icon" id="upload_icon" onchange="update_image(this.options[selectedIndex].value);">
 					<option value="no_image"<!-- IF S_NO_IMAGE --> selected="selected"<!-- ENDIF -->>{L_NO_IMAGE}</option>{S_FILENAME_LIST}
 			</select></dd>
-			<dd>&nbsp;<img <!-- IF S_NO_IMAGE -->src="{PHPBB_ROOT_PATH}images/spacer.gif"<!-- ELSE -->src="{UPLOAD_ICON_SRC}"<!-- ENDIF --> name="image_upload_icon" alt="" title="" />&nbsp;</dd>
+			<dd>&nbsp;<img <!-- IF S_NO_IMAGE -->src="{PHPBB_ROOT_PATH}images/spacer.gif"<!-- ELSE -->src="{UPLOAD_ICON_SRC}"<!-- ENDIF --> id="image_upload_icon" alt="" title="" />&nbsp;</dd>
 		</dl>
 		<dl>
 			<dt><label for="extgroup_filesize">{L_MAX_EXTGROUP_FILESIZE}:</label></dt>

phpBB/adm/style/acp_ban.html

@@ -97,11 +97,11 @@
 	</dl>
 	<dl>
 		<dt><label for="unbanreason">{L_BAN_REASON}:</label></dt>
-		<dd><input style="border: 0;" type="text" class="text full" disabled="disabled" name="unbanreason" id="unbanreason" /></dd>
+		<dd><textarea style="border: 0;" class="text full" disabled="disabled" name="unbanreason" id="unbanreason" rows="5" cols="80">&nbsp;</textarea></dd>
 	</dl>
 	<dl>
 		<dt><label for="unbangivereason">{L_BAN_GIVE_REASON}:</label></dt>
-		<dd><input style="border: 0;" type="text" class="text full" disabled="disabled" name="unbangivereason" id="unbangivereason" /></dd>
+		<dd><textarea style="border: 0;" class="text full" disabled="disabled" name="unbangivereason" id="unbangivereason" rows="5" cols="80">&nbsp;</textarea></dd>
 	</dl>
 
 	<p class="submit-buttons">

phpBB/adm/style/acp_bbcodes.html

@@ -103,6 +103,10 @@
 			<td style="text-align: center;">{bbcodes.BBCODE_TAG}</td>
 			<td style="text-align: right; width: 40px;"><a href="{bbcodes.U_EDIT}">{ICON_EDIT}</a> <a href="{bbcodes.U_DELETE}">{ICON_DELETE}</a></td>
 		</tr>
+	<!-- BEGINELSE -->
+		<tr class="row3">
+			<td colspan="2">{L_ACP_NO_ITEMS}</td>
+		</tr>
 	<!-- END bbcodes -->
 	</tbody>
 	</table>

phpBB/adm/style/acp_database.html

@@ -7,8 +7,9 @@
 
 	<p>{L_ACP_RESTORE_EXPLAIN}</p>
 
+	<!-- IF .files -->
 	<form id="acp_backup" method="post" action="{U_ACTION}">
-	
+
 	<fieldset>
 		<legend>{L_RESTORE_OPTIONS}</legend>
 	<dl>
@@ -16,16 +17,19 @@
 		<dd><select id="file" name="file" size="10"><!-- BEGIN files --><option value="{files.FILE}"<!-- IF files.S_LAST_ROW --> selected="selected"<!-- ENDIF -->>{files.NAME}</option><!-- END files --></select></dd>
 	</dl>
 
-	<!-- IF .files -->
-		<p class="submit-buttons">
-			<input class="button1" type="submit" id="submit" name="submit" value="{L_START_RESTORE}" />&nbsp;
-			<input class="button2" type="submit" id="delete" name="delete" value="{L_DELETE_BACKUP}" />&nbsp;
-			<input class="button2" type="submit" id="download" name="download" value="{L_DOWNLOAD_BACKUP}" />
-		</p>
-	<!-- ENDIF -->
-		{S_FORM_TOKEN}
+	<p class="submit-buttons">
+		<input class="button1" type="submit" id="submit" name="submit" value="{L_START_RESTORE}" />&nbsp;
+		<input class="button2" type="submit" id="delete" name="delete" value="{L_DELETE_BACKUP}" />&nbsp;
+		<input class="button2" type="submit" id="download" name="download" value="{L_DOWNLOAD_BACKUP}" />
+	</p>
+	{S_FORM_TOKEN}
 	</fieldset>
 	</form>
+	<!-- ELSE -->
+		<div class="errorbox">
+			<p>{L_ACP_NO_ITEMS}</p>
+		</div>
+	<!-- ENDIF -->
 
 <!-- ELSE -->
 	<h1>{L_ACP_BACKUP}</h1>
@@ -77,7 +81,7 @@
 			<option value="{tables.TABLE}">{tables.TABLE}</option>
 		<!-- END tables -->
 		</select></dd>
-		<dd><a href="#" onclick="selector(true)">{L_SELECT_ALL}</a> :: <a href="#" onclick="selector(false)">{L_DESELECT_ALL}</a></dd>
+		<dd><a href="#" onclick="selector(true); return false;">{L_SELECT_ALL}</a> :: <a href="#" onclick="selector(false); return false;">{L_DESELECT_ALL}</a></dd>
 	</dl>
 
 	<p class="submit-buttons">

phpBB/adm/style/acp_forums.html

@@ -96,7 +96,7 @@
 
 	<a href="{U_BACK}" style="float: {S_CONTENT_FLOW_END};">&laquo; {L_BACK}</a>
 
-	<h1>{L_TITLE} :: {FORUM_NAME}</h1>
+	<h1>{L_TITLE} <!-- IF FORUM_NAME -->:: {FORUM_NAME}<!-- ENDIF --></h1>
 
 	<p>{L_FORUM_EDIT_EXPLAIN}</p>
 
@@ -202,6 +202,11 @@
 			<dt><label for="forum_status">{L_FORUM_STATUS}:</label></dt>
 			<dd><select id="forum_status" name="forum_status">{S_STATUS_OPTIONS}</select></dd>
 		</dl>
+		<dl>
+			<dt><label for="display_subforum_list">{L_LIST_SUBFORUMS}:</label><br /><span>{L_LIST_SUBFORUMS_EXPLAIN}</span></dt>
+			<dd><label><input type="radio" class="radio" name="display_subforum_list" value="1"<!-- IF S_DISPLAY_SUBFORUM_LIST --> id="display_subforum_list" checked="checked"<!-- ENDIF --> /> {L_YES}</label>
+				<label><input type="radio" class="radio" name="display_subforum_list" value="0"<!-- IF not S_DISPLAY_SUBFORUM_LIST --> id="display_subforum_list" checked="checked"<!-- ENDIF --> /> {L_NO}</label></dd>
+		</dl>
 		<dl>
 			<dt><label for="display_on_index">{L_LIST_INDEX}:</label><br /><span>{L_LIST_INDEX_EXPLAIN}</span></dt>
 			<dd><label><input type="radio" class="radio" name="display_on_index" value="1"<!-- IF S_DISPLAY_ON_INDEX --> id="display_on_index" checked="checked"<!-- ENDIF --> /> {L_YES}</label>
@@ -445,7 +450,7 @@
 					<!-- IF forums.S_FIRST_ROW && not forums.S_LAST_ROW -->
 						{ICON_MOVE_UP_DISABLED}
 						<a href="{forums.U_MOVE_DOWN}">{ICON_MOVE_DOWN}</a>
-					<!-- ELSEIF not forums.S_FIRST_ROW && not forums.S_LAST_ROW-->
+					<!-- ELSEIF not forums.S_FIRST_ROW && not forums.S_LAST_ROW -->
 						<a href="{forums.U_MOVE_UP}">{ICON_MOVE_UP}</a>
 						<a href="{forums.U_MOVE_DOWN}">{ICON_MOVE_DOWN}</a>
 					<!-- ELSEIF forums.S_LAST_ROW && not forums.S_FIRST_ROW -->

phpBB/adm/style/acp_groups.html

@@ -74,6 +74,10 @@
 		<dt><label for="group_message_limit">{L_GROUP_MESSAGE_LIMIT}:</label><br /><span>{L_GROUP_MESSAGE_LIMIT_EXPLAIN}</span></dt>
 		<dd><input name="group_message_limit" type="text" id="group_message_limit" maxlength="4" size="4" value="{GROUP_MESSAGE_LIMIT}" /></dd>
 	</dl>
+	<dl>
+		<dt><label for="group_max_recipients">{L_GROUP_MAX_RECIPIENTS}:</label><br /><span>{L_GROUP_MAX_RECIPIENTS_EXPLAIN}</span></dt>
+		<dd><input name="group_max_recipients" type="text" id="group_max_recipients" maxlength="10" size="4" value="{GROUP_MAX_RECIPIENTS}" /></dd>
+	</dl>
 	<dl>
 		<dt><label for="group_colour">{L_GROUP_COLOR}:</label><br /><span>{L_GROUP_COLOR_EXPLAIN}</span></dt>
 		<dd><input name="group_colour" type="text" id="group_colour" value="{GROUP_COLOUR}" size="6" maxlength="6" />&nbsp;&nbsp;<span>[ <a href="{U_SWATCH}" onclick="popup(this.href, 636, 150, '_swatch'); return false">{L_COLOUR_SWATCH}</a> ]</span></dd>

phpBB/adm/style/acp_icons.html

@@ -43,19 +43,19 @@
 	
 	function toggle_select(icon, display, select)
 	{
-		var disp = document.getElementById('order_disp[' + icon + ']');
-		var nodisp = document.getElementById('order_no_disp[' + icon + ']');
+		var disp = document.getElementById('order_disp_' + select);
+		var nodisp = document.getElementById('order_no_disp_' + select);
 		disp.disabled = !display;
 		nodisp.disabled = display;
 		if (display)
 		{
-			document.getElementById(select).selectedIndex = 0;
+			document.getElementById('order_' + select).selectedIndex = 0;
 			nodisp.className = 'disabled-options';
 			disp.className = '';
 		}
 		else
 		{
-			document.getElementById(select).selectedIndex = {S_ORDER_LIST_DISPLAY_COUNT};
+			document.getElementById('order_' + select).selectedIndex = {S_ORDER_LIST_DISPLAY_COUNT};
 			disp.className = 'disabled-options';
 			nodisp.className = '';
 		}
@@ -111,15 +111,15 @@
 		<td><input class="text post" type="text" size="3" name="width[{items.IMG}]" value="{items.WIDTH}" /></td>
 		<td><input class="text post" type="text" size="3" name="height[{items.IMG}]" value="{items.HEIGHT}" /></td>
 		<td>
-			<input type="checkbox" class="radio" name="display_on_posting[{items.IMG}]"{items.POSTING_CHECKED} onclick="toggle_select('{items.A_IMG}', this.checked, 'order[{items.A_IMG}]');"/>
+			<input type="checkbox" class="radio" name="display_on_posting[{items.IMG}]"{items.POSTING_CHECKED} onclick="toggle_select('{items.A_IMG}', this.checked, '{items.S_ROW_COUNT}');"/>
 			<!-- IF items.S_ID -->
 				<input type="hidden" name="id[{items.IMG}]" value="{items.ID}" />
 			<!-- ENDIF -->
 		</td>
 		<!-- IF ID or S_ADD -->
-			<td><select id="order[{items.IMG}]" name="order[{items.IMG}]">
-				<optgroup id="order_disp[{items.IMG}]" label="{L_DISPLAY_POSTING}" <!-- IF not items.POSTING_CHECKED -->disabled="disabled" class="disabled-options" <!-- ENDIF -->>{S_ORDER_LIST_DISPLAY}</optgroup>
-				<optgroup id="order_no_disp[{items.IMG}]" label="{L_DISPLAY_POSTING_NO}" <!-- IF  items.POSTING_CHECKED -->disabled="disabled" class="disabled-options" <!-- ENDIF -->>{S_ORDER_LIST_UNDISPLAY}</optgroup>
+			<td><select id="order_{items.S_ROW_COUNT}" name="order[{items.IMG}]">
+				<optgroup id="order_disp_{items.S_ROW_COUNT}" label="{L_DISPLAY_POSTING}" <!-- IF not items.POSTING_CHECKED -->disabled="disabled" class="disabled-options" <!-- ENDIF -->>{S_ORDER_LIST_DISPLAY}</optgroup>
+				<optgroup id="order_no_disp_{items.S_ROW_COUNT}" label="{L_DISPLAY_POSTING_NO}" <!-- IF  items.POSTING_CHECKED -->disabled="disabled" class="disabled-options" <!-- ENDIF -->>{S_ORDER_LIST_UNDISPLAY}</optgroup>
 			</select></td>
 		<!-- ENDIF -->	
 		<!-- IF S_ADD -->
@@ -248,6 +248,10 @@
 				&nbsp;<a href="{items.U_EDIT}">{ICON_EDIT}</a> <a href="{items.U_DELETE}">{ICON_DELETE}</a>
 			</td>
 		</tr>
+	<!-- BEGINELSE -->
+		<tr class="row3">
+			<td colspan="{COLSPAN}">{L_ACP_NO_ITEMS}</td>
+		</tr>
 	<!-- END items -->
 	</tbody>
 	</table>

phpBB/adm/style/acp_language.html

@@ -121,9 +121,11 @@
 
 	<!--[if lt IE 8]>
 	<style type="text/css">
+	/* <![CDATA[ */
 		input.langvalue, textarea.langvalue {
 		width: 450px;
 		}
+	/* ]]> */
 	</style>
 	<![endif]-->
 

phpBB/adm/style/acp_main.html

@@ -21,6 +21,12 @@
 		</div>
 	<!-- ENDIF -->
 
+	<!-- IF S_WRITABLE_CONFIG -->
+		<div class="errorbox notice">
+			<p>{L_WRITABLE_CONFIG}</p>
+		</div>
+	<!-- ENDIF -->
+
 	<table cellspacing="1">
 		<caption>{L_FORUM_STATS}</caption>
 		<col class="col1" /><col class="col2" /><col class="col1" /><col class="col2" />

phpBB/adm/style/acp_permission_roles.html

@@ -28,11 +28,11 @@
 
 	<p>{L_EXPLAIN}</p>
 
-	<form id="acp_roles" method="post" action="{U_ACTION}">
-
 	<br />
 	<a href="#acl">&raquo; {L_SET_ROLE_PERMISSIONS}</a>
 
+	<form id="acp_roles" method="post" action="{U_ACTION}">
+
 	<fieldset>
 		<legend>{L_ROLE_DETAILS}</legend>
 	<dl>
@@ -46,6 +46,7 @@
 
 	<p class="quick">
 		<input type="submit" class="button1" name="submit" value="{L_SUBMIT}" />
+		{S_FORM_TOKEN}
 	</p>
 	</fieldset>
 
@@ -57,11 +58,15 @@
 
 	<!-- ENDIF -->
 
+	<p>
+
 	<a name="acl"></a>
 
 	<a href="#maincontent">&raquo; {L_BACK_TO_TOP}</a><br />
 	<br /><br />
 
+	</p>
+
 	<h1>{L_ACL_TYPE}</h1>
 
 	<fieldset class="perm nolegend">
@@ -107,9 +112,9 @@
 						<!-- IF auth.mask.S_ROW_COUNT is even --><tr class="row4"><!-- ELSE --><tr class="row3"><!-- ENDIF -->
 						<th class="permissions-name<!-- IF auth.mask.S_ROW_COUNT is even --> row4<!-- ELSE --> row3<!-- ENDIF -->">{auth.mask.PERMISSION}</th>
 							
-						<td class="permissions-yes"><label for="{auth.mask.FIELD_NAME}_y"><input onchange="set_colours('00{auth.S_ROW_COUNT}', false)" id="setting[{auth.mask.FIELD_NAME}]_y" name="setting[{auth.mask.FIELD_NAME}]" class="radio" type="radio"<!-- IF auth.mask.S_YES --> checked="checked"<!-- ENDIF --> value="1" /></label></td>
-						<td class="permissions-no"><label for="{auth.mask.FIELD_NAME}_u"><input onchange="set_colours('00{auth.S_ROW_COUNT}', false)" id="setting[{auth.mask.FIELD_NAME}]_u" name="setting[{auth.mask.FIELD_NAME}]" class="radio" type="radio"<!-- IF auth.mask.S_NO --> checked="checked"<!-- ENDIF --> value="-1" /></label></td>
-						<td class="permissions-never"><label for="{auth.mask.FIELD_NAME}_n"><input onchange="set_colours('00{auth.S_ROW_COUNT}', false)" id="setting[{auth.mask.FIELD_NAME}]_n" name="setting[{auth.mask.FIELD_NAME}]" class="radio" type="radio"<!-- IF auth.mask.S_NEVER --> checked="checked"<!-- ENDIF --> value="0" /></label></td>
+						<td class="permissions-yes"><label for="setting_{auth.mask.FIELD_NAME}_y"><input onchange="set_colours('00{auth.S_ROW_COUNT}', false)" id="setting_{auth.mask.FIELD_NAME}_y" name="setting[{auth.mask.FIELD_NAME}]" class="radio" type="radio"<!-- IF auth.mask.S_YES --> checked="checked"<!-- ENDIF --> value="1" /></label></td>
+						<td class="permissions-no"><label for="setting_{auth.mask.FIELD_NAME}_u"><input onchange="set_colours('00{auth.S_ROW_COUNT}', false)" id="setting_{auth.mask.FIELD_NAME}_u" name="setting[{auth.mask.FIELD_NAME}]" class="radio" type="radio"<!-- IF auth.mask.S_NO --> checked="checked"<!-- ENDIF --> value="-1" /></label></td>
+						<td class="permissions-never"><label for="setting_{auth.mask.FIELD_NAME}_n"><input onchange="set_colours('00{auth.S_ROW_COUNT}', false)" id="setting_{auth.mask.FIELD_NAME}_n" name="setting[{auth.mask.FIELD_NAME}]" class="radio" type="radio"<!-- IF auth.mask.S_NEVER --> checked="checked"<!-- ENDIF --> value="0" /></label></td>
 					</tr>
 					<!-- END mask -->
 					</tbody>

phpBB/adm/style/acp_profile.html

@@ -48,20 +48,20 @@
 		<fieldset>
 			<legend>{L_VISIBILITY_OPTION}</legend>
 		<dl>
-			<dt><label for="field_option_none">{L_DISPLAY_AT_PROFILE}:</label><br /><span>{L_DISPLAY_AT_PROFILE_EXPLAIN}</span></dt>
-			<dd><input type="radio" class="radio" id="field_option_none" name="field_option" value="none"<!-- IF not S_SHOW_ON_REG and not S_FIELD_REQUIRED and not S_FIELD_HIDE --> checked="checked"<!-- ENDIF --> /></dd>
+			<dt><label for="field_show_profile">{L_DISPLAY_AT_PROFILE}:</label><br /><span>{L_DISPLAY_AT_PROFILE_EXPLAIN}</span></dt>
+			<dd><input type="checkbox" class="radio" id="field_show_profile" name="field_show_profile" value="1"<!-- IF S_SHOW_PROFILE --> checked="checked"<!-- ENDIF --> /></dd>
 		</dl>
 		<dl>
 			<dt><label for="field_show_on_reg">{L_DISPLAY_AT_REGISTER}:</label><br /><span>{L_DISPLAY_AT_REGISTER_EXPLAIN}</span></dt>
-			<dd><input type="radio" class="radio" id="field_show_on_reg" name="field_option" value="field_show_on_reg"<!-- IF S_SHOW_ON_REG --> checked="checked"<!-- ENDIF --> /></dd>
+			<dd><input type="checkbox" class="radio" id="field_show_on_reg" name="field_show_on_reg" value="1"<!-- IF S_SHOW_ON_REG --> checked="checked"<!-- ENDIF --> /></dd>
 		</dl>
 		<dl>
 			<dt><label for="field_required">{L_REQUIRED_FIELD}:</label><br /><span>{L_REQUIRED_FIELD_EXPLAIN}</span></dt>
-			<dd><input type="radio" class="radio" id="field_required" name="field_option" value="field_required"<!-- IF S_FIELD_REQUIRED --> checked="checked"<!-- ENDIF --> /></dd>
+			<dd><input type="checkbox" class="radio" id="field_required" name="field_required" value="1"<!-- IF S_FIELD_REQUIRED --> checked="checked"<!-- ENDIF --> /></dd>
 		</dl>
 		<dl>
 			<dt><label for="field_hide">{L_HIDE_PROFILE_FIELD}:</label><br /><span>{L_HIDE_PROFILE_FIELD_EXPLAIN}</span></dt>
-			<dd><input type="radio" class="radio" id="field_hide" name="field_option" value="field_hide"<!-- IF S_FIELD_HIDE --> checked="checked"<!-- ENDIF --> /></dd>
+			<dd><input type="checkbox" class="radio" id="field_hide" name="field_hide" value="1"<!-- IF S_FIELD_HIDE --> checked="checked"<!-- ENDIF --> /></dd>
 		</dl>
 		</fieldset>
 

phpBB/adm/style/acp_prune_forums.html

@@ -44,7 +44,7 @@
 		<p>{L_LOOK_UP_FORUMS_EXPLAIN}</p>
 	<dl>
 		<dt><label for="forum">{L_LOOK_UP_FORUM}:</label></dt>
-		<dd><select name="f[]" multiple="multiple" size="10">{S_FORUM_OPTIONS}</select></dd>
+		<dd><select id="forum" name="f[]" multiple="multiple" size="10">{S_FORUM_OPTIONS}</select></dd>
 		<dd><label><input type="checkbox" class="radio" name="all_forums" value="1" /> {L_ALL_FORUMS}</label></dd>
 	</dl>
 	

phpBB/adm/style/acp_styles.html

@@ -261,11 +261,11 @@
 <!-- ELSEIF S_CACHE -->
 
 	<a href="{U_BACK}" style="float: {S_CONTENT_FLOW_END};">&laquo; {L_BACK}</a>
-	
+
 	<h1>{L_TEMPLATE_CACHE}</h1>
-	
+
 	<p>{L_TEMPLATE_CACHE_EXPLAIN}</p>
-	
+
 	<form name="acp_styles" method="post" action="{U_ACTION}">
 	<fieldset class="tabulated">
 	<legend>{L_TEMPLATE_CACHE}</legend>
@@ -283,7 +283,7 @@
 	<tbody>
 	<!-- BEGIN file -->
 		<!-- IF file.S_ROW_COUNT is even --><tr class="row1"><!-- ELSE --><tr class="row2"><!-- ENDIF -->
-			<td><a href="{file.U_VIEWSOURCE}" onclick="popup(this.href, 750, 550, '_source'); return false;">{file.FILENAME}</a></td>
+			<td><a href="{file.U_VIEWSOURCE}" onclick="popup(this.href, 750, 550, '_source'); return false;">{file.FILENAME_PATH}</a></td>
 			<td>{file.FILESIZE}</td>
 			<td>{file.CACHED}</td>
 			<td>{file.MODIFIED}</td>
@@ -361,7 +361,7 @@
 	</p>
 	</fieldset>
 
-	
+
 	</form>
 
 <!-- ELSEIF S_FRONTEND -->
@@ -459,8 +459,14 @@
 	</dl>
 	<dl>
 		<dt><label for="copyright">{L_COPYRIGHT}:</label></dt>
-		<dd><!-- IF S_INSTALL --><b id="name">{COPYRIGHT}</b><!-- ELSE --><input type="text" id="copyright" name="copyright" value="{COPYRIGHT}" /><!-- ENDIF --></dd>
+		<dd><!-- IF S_INSTALL --><b id="copyright">{COPYRIGHT}</b><!-- ELSE --><input type="text" id="copyright" name="copyright" value="{COPYRIGHT}" /><!-- ENDIF --></dd>
 	</dl>
+	<!-- IF S_SUPERTEMPLATE -->
+	<dl>
+		<dt><label for="inheriting">{L_INHERITING_FROM}:</label></dt>
+		<dd><b id="inheriting">{S_SUPERTEMPLATE}</b></dd>
+	</dl>
+	<!-- ENDIF -->
 	<!-- IF S_STYLE and not S_BASIS -->
 		<dl>
 			<dt><label for="template_id">{L_STYLE_TEMPLATE}:</label></dt>
@@ -475,11 +481,11 @@
 			<dd><!-- IF S_INSTALL --><b id="imageset_id">{IMAGESET_NAME}</b><!-- ELSE --><select id="imageset_id" name="imageset_id">{S_IMAGESET_OPTIONS}</select><!-- ENDIF --></dd>
 		</dl>
 	<!-- ENDIF -->
-	<!-- IF S_TEMPLATE or S_THEME -->
+	<!-- IF (S_TEMPLATE or S_THEME) and (S_LOCATION or not S_INSTALL) -->
 		<dl>
-			<dt><label for="store_db">{L_LOCATION}:</label><br /><span>{L_LOCATION_EXPLAIN}</span></dt>
-			<dd><label><input type="radio" class="radio" name="store_db" value="0"<!-- IF not S_STORE_DB --> id="store_db" checked="checked"<!-- ENDIF --> /> {L_STORE_FILESYSTEM}</label>
-				<label><input type="radio" class="radio" name="store_db" value="1"<!-- IF S_STORE_DB --> id="store_db" checked="checked"<!-- ENDIF --> /> {L_STORE_DATABASE}</label></dd>
+			<dt><label for="store_db">{L_LOCATION}:</label><br /><span><!-- IF S_STORE_DB_DISABLED -->{L_LOCATION_DISABLED_EXPLAIN}<!-- ELSE -->{L_LOCATION_EXPLAIN}<!-- ENDIF --></span></dt>
+			<dd><label><input type="radio" class="radio" name="store_db" value="0"<!-- IF not S_STORE_DB --> id="store_db" checked="checked"<!-- ENDIF --> <!-- IF S_STORE_DB_DISABLED -->disabled="disabled" <!-- ENDIF --> />{L_STORE_FILESYSTEM}</label>
+				<label><input type="radio" class="radio" name="store_db" value="1"<!-- IF S_STORE_DB --> id="store_db" checked="checked"<!-- ENDIF --> <!-- IF S_STORE_DB_DISABLED -->disabled="disabled" <!-- ENDIF -->/> {L_STORE_DATABASE}</label></dd>
 		</dl>
 	<!-- ENDIF -->
 	<!-- IF S_STYLE -->
@@ -507,7 +513,7 @@
 		<input class="button1" type="submit" name="update" value="{L_SUBMIT}" />
 		{S_FORM_TOKEN}
 	</fieldset>
-	
+
 	</form>
 
 <!-- ENDIF -->

phpBB/adm/style/acp_users.html

@@ -197,7 +197,7 @@
 		<a href="#" onclick="jumpto(); return false;" title="{L_JUMP_TO_PAGE}">{S_ON_PAGE}</a> &bull; <span>{PAGINATION}</span>
 	</div>
 	<!-- ENDIF -->
-	
+
 	<fieldset class="quick">
 		<input class="button2" type="submit" name="delmarked" value="{L_DELETE_MARKED}" />
 		<p class="small"><a href="#" onclick="marklist('user_attachments', 'mark', true);">{L_MARK_ALL}</a> &bull; <a href="#" onclick="marklist('user_attachments', 'mark', false);">{L_UNMARK_ALL}</a></p>
@@ -215,7 +215,7 @@
 	<form id="select_forum" method="post" action="{U_ACTION}">
 
 		<fieldset class="quick" style="text-align: left;">
-			{L_SELECT_FORUM}: <select name="f">{S_FORUM_OPTIONS}</select> 
+			{L_SELECT_FORUM}: <select name="f">{S_FORUM_OPTIONS}</select>
 			<input class="button2" type="submit" value="{L_GO}" name="select" />
 			{S_FORM_TOKEN}
 		</fieldset>

phpBB/adm/style/acp_users_overview.html

@@ -30,7 +30,7 @@
 </dl>
 <dl>
 	<dt><label>{L_POSTS}:</label></dt>
-	<dd><strong>{USER_POSTS}</strong></dd>
+	<dd><strong>{USER_POSTS}</strong><!-- IF POSTS_IN_QUEUE and U_MCP_QUEUE --> (<a href="{U_MCP_QUEUE}">{L_POSTS_IN_QUEUE}</a>)<!-- ELSEIF POSTS_IN_QUEUE --> ({L_POSTS_IN_QUEUE})<!-- ENDIF --></dd>
 </dl>
 <dl>
 	<dt><label>{L_WARNINGS}:</label></dt>
@@ -138,7 +138,7 @@
 	</p>
 
 	</fieldset>
-	
+
 	</form>
 
 <!-- ENDIF -->

phpBB/adm/style/acp_words.html

@@ -62,6 +62,10 @@
 		<td style="text-align: center;">{words.REPLACEMENT}</td>
 		<td>&nbsp;<a href="{words.U_EDIT}">{ICON_EDIT}</a>&nbsp;&nbsp;<a href="{words.U_DELETE}">{ICON_DELETE}</a>&nbsp;</td>
 	</tr>
+	<!-- BEGINELSE -->
+	<tr class="row3">
+		<td colspan="3">{L_ACP_NO_ITEMS}</td>
+	</tr>
 	<!-- END words -->
 	</tbody>
 	</table>

phpBB/adm/style/admin.css

@@ -1175,6 +1175,10 @@ input.disabled {
 	font-weight: bold;
 }
 
+.notice {
+	background-color: #62A5CC;
+}
+
 /* Special cases for the error page */
 #errorpage #page-header a {
 	font-weight: bold;
@@ -1333,18 +1337,21 @@ fieldset.permissions .permissions-switch {
 fieldset.permissions .padding {
 }
 
+.permissions-switch {
+	margin-top: -6px;
+	font-size: .9em;
+}
+
 .permissions-switch a {
 	text-decoration: underline;
-	font-size: 0.90em;
 }
 
 .permissions-reset {
-	margin-top: -6px;
 	padding-bottom: 10px;
 }
 
 .permissions-reset a {
-	font-size: .8em;
+	font-size: .85em;
 }
 
 /* Tabbed menu */

phpBB/adm/style/colour_swatch.html

@@ -8,7 +8,7 @@
 <title>{L_COLOUR_SWATCH}</title>
 
 <style type="text/css">
-<!--
+/* <![CDATA[ */
 	body {
 		background-color: #404040;
 		color: #fff;
@@ -29,7 +29,7 @@
 	img {
 		border: 0;
 	}
-//-->
+/* ]]> */
 </style>
 </head>
 

phpBB/adm/style/install_update.html

@@ -63,7 +63,7 @@
 	<p>{L_UPDATE_SUCCESS_EXPLAIN}</p>
 
 	<fieldset class="submit-buttons">
-		<input class="button1" type="submit" name="check_again" value="{L_CHECK_FILES_AGAIN}" />
+		<input class="button1" type="submit" name="check_again" value="{L_CONTINUE_UPDATE}" />
 	</fieldset>
 
 	</form>
@@ -186,7 +186,7 @@
 				<p>{L_NO_UPDATE_FILES_EXPLAIN}</p><br />
 
 				<strong>{NO_UPDATE_FILES}</strong>
-				
+
 			</div>
 		<!-- ENDIF -->
 
@@ -226,7 +226,7 @@
 							<!-- IF files.S_CUSTOM -->
 								<dd style="margin-left: 60%;"><label><input type="checkbox" name="no_update[]" value="{files.FILENAME}" class="radio" /> {L_DO_NOT_UPDATE}</label></dd>
 							<!-- ENDIF -->
-							
+
 							<!-- IF files.STATUS eq 'modified' -->
 							</dl>
 							<dl>
@@ -295,7 +295,7 @@
 		<p>{L_UPDATE_METHOD_EXPLAIN}</p>
 
 		<fieldset class="submit-buttons">
-			<input class="button1" type="submit" name="ftp_upload" value="{L_FTP_UPDATE_METHOD}" />&nbsp; &nbsp;<input class="button1" type="submit" name="download" value="{L_DOWNLOAD_UPDATE_METHOD}" />
+			<input class="button1" type="submit" name="ftp_upload" value="{L_FTP_UPDATE_METHOD}" />&nbsp; &nbsp;<input class="button1" type="submit" name="download" value="{L_DOWNLOAD_UPDATE_METHOD_BUTTON}" />
 		</fieldset>
 
 		</form>
@@ -360,9 +360,18 @@
 			<p>{L_CONNECTION_SUCCESS}</p>
 		</div>
 	<!-- ELSEIF S_CONNECTION_FAILED -->
+		<div class="successbox">
+			<p>{L_TRY_DOWNLOAD_METHOD}</p>
+
+			<fieldset class="quick">
+				<input class="button1" type="submit" name="download" value="{L_TRY_DOWNLOAD_METHOD_BUTTON}" />
+			</fieldset>
+		</div>
+
 		<div class="errorbox">
 			<p>{L_CONNECTION_FAILED}<br />{ERROR_MSG}</p>
 		</div>
+
 	<!-- ENDIF -->
 
 	<fieldset>
@@ -378,7 +387,7 @@
 	</dl>
 	<!-- END data -->
 	</fieldset>
-	
+
 	<fieldset class="submit-buttons">
 		{S_HIDDEN_FIELDS}
 		<input class="button2" type="submit" name="check_again" value="{L_BACK}" />

phpBB/adm/style/install_update_diff.html

@@ -32,7 +32,7 @@ function resize_panel()
 </script>
 
 <style type="text/css">
-<!--
+/* <![CDATA[ */
 
 #main {
 	font-size: 1em;
@@ -198,7 +198,7 @@ table.hrdiff caption span {
 
 <!-- ENDIF -->
 
-//-->
+/* ]]> */
 </style>
 
 </head>

phpBB/adm/style/overall_header.html

@@ -181,11 +181,11 @@ function switch_menu()
 			<span class="corners-top"><span></span></span>
 				<div id="content">
 					<!-- IF not S_USER_NOTICE --> 
-					<div id="toggle">						
+					<div id="toggle">
 						<a id="toggle-handle" accesskey="m" title="{L_MENU_TOGGLE}" onclick="switch_menu(); return false;" href="#"></a></div>
 					<!-- ENDIF -->
 					<div id="menu">
-						<p>{L_LOGGED_IN_AS}<br /><strong>{USERNAME}</strong> [&nbsp;<a href="{U_LOGOUT}">{L_LOGOUT}</a>&nbsp;]</p>
+						<p>{L_LOGGED_IN_AS}<br /><strong>{USERNAME}</strong> [&nbsp;<a href="{U_LOGOUT}">{L_LOGOUT}</a>&nbsp;][&nbsp;<a href="{U_ADM_LOGOUT}">{L_ADM_LOGOUT}</a>&nbsp;]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</p>
 						<ul>
 						<!-- BEGIN l_block1 -->
 							<!-- IF l_block1.S_SELECTED -->

phpBB/adm/style/permission_mask.html

@@ -68,7 +68,7 @@
 		<!-- ELSE -->
 			<li class="permissions-preset-custom<!-- IF p_mask.S_FIRST_ROW and p_mask.f_mask.S_FIRST_ROW and p_mask.f_mask.category.S_FIRST_ROW --> activetab<!-- ENDIF -->" id="tab{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}{p_mask.f_mask.category.S_ROW_COUNT}">
 		<!-- ENDIF -->
-		<a href="#" onclick="swap_options('{p_mask.S_ROW_COUNT}', '{p_mask.f_mask.S_ROW_COUNT}', '{p_mask.f_mask.category.S_ROW_COUNT}', false<!-- IF p_mask.S_VIEW -->, true<!-- ENDIF -->); return false;"><span class="tabbg"><span class="colour"></span>{category.CAT_NAME}</span></a></li>
+		<a href="#" onclick="swap_options('{p_mask.S_ROW_COUNT}', '{p_mask.f_mask.S_ROW_COUNT}', '{p_mask.f_mask.category.S_ROW_COUNT}', false<!-- IF p_mask.S_VIEW -->, true<!-- ENDIF -->); return false;"><span class="tabbg"><span class="colour"></span>{p_mask.f_mask.category.CAT_NAME}</span></a></li>
 	<!-- END category -->
 				</ul>
 			</div>

phpBB/common.php

@@ -103,7 +103,7 @@ if (version_compare(PHP_VERSION, '6.0.0-dev', '>='))
 }
 else
 {
-	set_magic_quotes_runtime(0);
+	@set_magic_quotes_runtime(0);
 
 	// Be paranoid with passed vars
 	if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on' || !function_exists('ini_get'))
@@ -131,7 +131,7 @@ if (!defined('PHPBB_INSTALLED'))
 	// Redirect the user to the installer
 	// We have to generate a full HTTP/1.1 header here since we can't guarantee to have any of the information
 	// available as used by the redirect function
-	$server_name = (!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME');
+	$server_name = (!empty($_SERVER['HTTP_HOST'])) ? strtolower($_SERVER['HTTP_HOST']) : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME'));
 	$server_port = (!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT');
 	$secure = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 1 : 0;
 
@@ -150,7 +150,11 @@ if (!defined('PHPBB_INSTALLED'))
 
 	if ($server_port && (($secure && $server_port <> 443) || (!$secure && $server_port <> 80)))
 	{
-		$url .= ':' . $server_port;
+		// HTTP HOST can carry a port number...
+		if (strpos($server_name, ':') === false)
+		{
+			$url .= ':' . $server_port;
+		}
 	}
 
 	$url .= $script_path;

phpBB/develop/create_schema_files.php

@@ -674,7 +674,7 @@ foreach ($supported_dbms as $dbms)
 						}
 
 						$line .= ($key_data[0] == 'INDEX') ? 'CREATE INDEX' : '';
-						
+
 						$line .= " {$table_name}_{$key_name} ON {$table_name} (" . implode(', ', $key_data[1]) . ")\n";
 						$line .= "/\n";
 					break;
@@ -1005,7 +1005,7 @@ function get_schema_struct()
 			'topic_id'			=> array('UINT', 0),
 			'forum_id'			=> array('UINT', 0),
 			'save_time'			=> array('TIMESTAMP', 0),
-			'draft_subject'		=> array('XSTEXT_UNI', ''),
+			'draft_subject'		=> array('STEXT_UNI', ''),
 			'draft_message'		=> array('MTEXT_UNI', ''),
 		),
 		'PRIMARY_KEY'	=> 'draft_id',
@@ -1052,7 +1052,7 @@ function get_schema_struct()
 			'forum_desc_uid'		=> array('VCHAR:8', ''),
 			'forum_link'			=> array('VCHAR_UNI', ''),
 			'forum_password'		=> array('VCHAR_UNI:40', ''),
-			'forum_style'			=> array('USINT', 0),
+			'forum_style'			=> array('UINT', 0),
 			'forum_image'			=> array('VCHAR', ''),
 			'forum_rules'			=> array('TEXT_UNI', ''),
 			'forum_rules_link'		=> array('VCHAR_UNI', ''),
@@ -1067,11 +1067,12 @@ function get_schema_struct()
 			'forum_topics_real'		=> array('UINT', 0),
 			'forum_last_post_id'	=> array('UINT', 0),
 			'forum_last_poster_id'	=> array('UINT', 0),
-			'forum_last_post_subject' => array('XSTEXT_UNI', ''),
+			'forum_last_post_subject' => array('STEXT_UNI', ''),
 			'forum_last_post_time'	=> array('TIMESTAMP', 0),
 			'forum_last_poster_name'=> array('VCHAR_UNI', ''),
 			'forum_last_poster_colour'=> array('VCHAR:6', ''),
 			'forum_flags'			=> array('TINT:4', 32),
+			'display_subforum_list'	=> array('BOOL', 1),
 			'display_on_index'		=> array('BOOL', 1),
 			'enable_indexing'		=> array('BOOL', 1),
 			'enable_icons'			=> array('BOOL', 1),
@@ -1139,11 +1140,12 @@ function get_schema_struct()
 			'group_sig_chars'		=> array('UINT', 0),
 			'group_receive_pm'		=> array('BOOL', 0),
 			'group_message_limit'	=> array('UINT', 0),
+			'group_max_recipients'	=> array('UINT', 0),
 			'group_legend'			=> array('BOOL', 1),
 		),
 		'PRIMARY_KEY'	=> 'group_id',
 		'KEYS'			=> array(
-			'group_legend'			=> array('INDEX', 'group_legend'),
+			'group_legend_name'		=> array('INDEX', array('group_legend', 'group_name')),
 		),
 	);
 
@@ -1280,7 +1282,7 @@ function get_schema_struct()
 			'enable_magic_url'		=> array('BOOL', 1),
 			'enable_sig'			=> array('BOOL', 1),
 			'post_username'			=> array('VCHAR_UNI:255', ''),
-			'post_subject'			=> array('XSTEXT_UNI', '', 'true_sort'),
+			'post_subject'			=> array('STEXT_UNI', '', 'true_sort'),
 			'post_text'				=> array('MTEXT_UNI', ''),
 			'post_checksum'			=> array('VCHAR:32', ''),
 			'post_attachment'		=> array('BOOL', 0),
@@ -1316,7 +1318,7 @@ function get_schema_struct()
 			'enable_smilies'		=> array('BOOL', 1),
 			'enable_magic_url'		=> array('BOOL', 1),
 			'enable_sig'			=> array('BOOL', 1),
-			'message_subject'		=> array('XSTEXT_UNI', ''),
+			'message_subject'		=> array('STEXT_UNI', ''),
 			'message_text'			=> array('MTEXT_UNI', ''),
 			'message_edit_reason'	=> array('STEXT_UNI', ''),
 			'message_edit_user'		=> array('UINT', 0),
@@ -1402,6 +1404,7 @@ function get_schema_struct()
 			'field_validation'		=> array('VCHAR_UNI:20', ''),
 			'field_required'		=> array('BOOL', 0),
 			'field_show_on_reg'		=> array('BOOL', 0),
+			'field_show_profile'	=> array('BOOL', 0),
 			'field_hide'			=> array('BOOL', 0),
 			'field_no_view'			=> array('BOOL', 0),
 			'field_active'			=> array('BOOL', 0),
@@ -1519,6 +1522,7 @@ function get_schema_struct()
 		'COLUMNS'		=> array(
 			'session_id'			=> array('CHAR:32', ''),
 			'session_user_id'		=> array('UINT', 0),
+			'session_forum_id'		=> array('UINT', 0),
 			'session_last_visit'	=> array('TIMESTAMP', 0),
 			'session_start'			=> array('TIMESTAMP', 0),
 			'session_time'			=> array('TIMESTAMP', 0),
@@ -1534,6 +1538,7 @@ function get_schema_struct()
 		'KEYS'			=> array(
 			'session_time'		=> array('INDEX', 'session_time'),
 			'session_user_id'	=> array('INDEX', 'session_user_id'),
+			'session_fid'		=> array('INDEX', 'session_forum_id'),
 		),
 	);
 
@@ -1580,13 +1585,13 @@ function get_schema_struct()
 
 	$schema_data['phpbb_styles'] = array(
 		'COLUMNS'		=> array(
-			'style_id'				=> array('USINT', NULL, 'auto_increment'),
+			'style_id'				=> array('UINT', NULL, 'auto_increment'),
 			'style_name'			=> array('VCHAR_UNI:255', ''),
 			'style_copyright'		=> array('VCHAR_UNI', ''),
 			'style_active'			=> array('BOOL', 1),
-			'template_id'			=> array('USINT', 0),
-			'theme_id'				=> array('USINT', 0),
-			'imageset_id'			=> array('USINT', 0),
+			'template_id'			=> array('UINT', 0),
+			'theme_id'				=> array('UINT', 0),
+			'imageset_id'			=> array('UINT', 0),
 		),
 		'PRIMARY_KEY'	=> 'style_id',
 		'KEYS'			=> array(
@@ -1599,12 +1604,14 @@ function get_schema_struct()
 
 	$schema_data['phpbb_styles_template'] = array(
 		'COLUMNS'		=> array(
-			'template_id'			=> array('USINT', NULL, 'auto_increment'),
+			'template_id'			=> array('UINT', NULL, 'auto_increment'),
 			'template_name'			=> array('VCHAR_UNI:255', ''),
 			'template_copyright'	=> array('VCHAR_UNI', ''),
 			'template_path'			=> array('VCHAR:100', ''),
 			'bbcode_bitfield'		=> array('VCHAR:255', 'kNg='),
 			'template_storedb'		=> array('BOOL', 0),
+			'template_inherits_id'		=> array('UINT:4', 0),
+			'template_inherit_path'		=> array('VCHAR', ''),
 		),
 		'PRIMARY_KEY'	=> 'template_id',
 		'KEYS'			=> array(
@@ -1614,7 +1621,7 @@ function get_schema_struct()
 
 	$schema_data['phpbb_styles_template_data'] = array(
 		'COLUMNS'		=> array(
-			'template_id'			=> array('USINT', 0),
+			'template_id'			=> array('UINT', 0),
 			'template_filename'		=> array('VCHAR:100', ''),
 			'template_included'		=> array('TEXT', ''),
 			'template_mtime'		=> array('TIMESTAMP', 0),
@@ -1628,7 +1635,7 @@ function get_schema_struct()
 
 	$schema_data['phpbb_styles_theme'] = array(
 		'COLUMNS'		=> array(
-			'theme_id'				=> array('USINT', NULL, 'auto_increment'),
+			'theme_id'				=> array('UINT', NULL, 'auto_increment'),
 			'theme_name'			=> array('VCHAR_UNI:255', ''),
 			'theme_copyright'		=> array('VCHAR_UNI', ''),
 			'theme_path'			=> array('VCHAR:100', ''),
@@ -1644,7 +1651,7 @@ function get_schema_struct()
 
 	$schema_data['phpbb_styles_imageset'] = array(
 		'COLUMNS'		=> array(
-			'imageset_id'				=> array('USINT', NULL, 'auto_increment'),
+			'imageset_id'				=> array('UINT', NULL, 'auto_increment'),
 			'imageset_name'				=> array('VCHAR_UNI:255', ''),
 			'imageset_copyright'		=> array('VCHAR_UNI', ''),
 			'imageset_path'				=> array('VCHAR:100', ''),
@@ -1657,13 +1664,13 @@ function get_schema_struct()
 
 	$schema_data['phpbb_styles_imageset_data'] = array(
 		'COLUMNS'		=> array(
-			'image_id'				=> array('USINT', NULL, 'auto_increment'),
+			'image_id'				=> array('UINT', NULL, 'auto_increment'),
 			'image_name'			=> array('VCHAR:200', ''),
 			'image_filename'		=> array('VCHAR:200', ''),
 			'image_lang'			=> array('VCHAR:30', ''),
 			'image_height'			=> array('USINT', 0),
 			'image_width'			=> array('USINT', 0),
-			'imageset_id'			=> array('USINT', 0),
+			'imageset_id'			=> array('UINT', 0),
 		),
 		'PRIMARY_KEY'		=> 'image_id',
 		'KEYS'				=> array(
@@ -1679,7 +1686,7 @@ function get_schema_struct()
 			'topic_attachment'			=> array('BOOL', 0),
 			'topic_approved'			=> array('BOOL', 1),
 			'topic_reported'			=> array('BOOL', 0),
-			'topic_title'				=> array('XSTEXT_UNI', '', 'true_sort'),
+			'topic_title'				=> array('STEXT_UNI', '', 'true_sort'),
 			'topic_poster'				=> array('UINT', 0),
 			'topic_time'				=> array('TIMESTAMP', 0),
 			'topic_time_limit'			=> array('TIMESTAMP', 0),
@@ -1695,7 +1702,7 @@ function get_schema_struct()
 			'topic_last_poster_id'		=> array('UINT', 0),
 			'topic_last_poster_name'	=> array('VCHAR_UNI', ''),
 			'topic_last_poster_colour'	=> array('VCHAR:6', ''),
-			'topic_last_post_subject'	=> array('XSTEXT_UNI', ''),
+			'topic_last_post_subject'	=> array('STEXT_UNI', ''),
 			'topic_last_post_time'		=> array('TIMESTAMP', 0),
 			'topic_last_view_time'		=> array('TIMESTAMP', 0),
 			'topic_moved_id'			=> array('UINT', 0),
@@ -1801,7 +1808,7 @@ function get_schema_struct()
 			'user_timezone'				=> array('DECIMAL', 0),
 			'user_dst'					=> array('BOOL', 0),
 			'user_dateformat'			=> array('VCHAR_UNI:30', 'd M Y H:i'),
-			'user_style'				=> array('USINT', 0),
+			'user_style'				=> array('UINT', 0),
 			'user_rank'					=> array('UINT', 0),
 			'user_colour'				=> array('VCHAR:6', ''),
 			'user_new_privmsg'			=> array('INT:4', 0),

phpBB/develop/mysql_upgrader.php

@@ -1,10 +1,10 @@
 <?php
-/** 
+/**
 *
 * @package phpBB3
 * @version $Id$
-* @copyright (c) 2006 phpBB Group 
-* @license http://opensource.org/licenses/gpl-license.php GNU Public License 
+* @copyright (c) 2006 phpBB Group
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License
 *
 * This file creates SQL statements to upgrade phpBB on MySQL 3.x/4.0.x to 4.1.x/5.x
 *
@@ -127,7 +127,7 @@ foreach ($schema_data as $table_name => $table_data)
 	$line = "ALTER TABLE {$table_name} $newline";
 
 	// Table specific so we don't get overlap
-	$modded_array = array(); 
+	$modded_array = array();
 
 	// Write columns one by one...
 	foreach ($table_data['COLUMNS'] as $column_name => $column_data)
@@ -477,7 +477,7 @@ function get_schema_struct()
 			'topic_id'			=> array('UINT', 0),
 			'forum_id'			=> array('UINT', 0),
 			'save_time'			=> array('TIMESTAMP', 0),
-			'draft_subject'		=> array('XSTEXT_UNI', ''),
+			'draft_subject'		=> array('STEXT_UNI', ''),
 			'draft_message'		=> array('MTEXT_UNI', ''),
 		),
 		'PRIMARY_KEY'	=> 'draft_id',
@@ -524,7 +524,7 @@ function get_schema_struct()
 			'forum_desc_uid'		=> array('VCHAR:8', ''),
 			'forum_link'			=> array('VCHAR_UNI', ''),
 			'forum_password'		=> array('VCHAR_UNI:40', ''),
-			'forum_style'			=> array('USINT', 0),
+			'forum_style'			=> array('UINT', 0),
 			'forum_image'			=> array('VCHAR', ''),
 			'forum_rules'			=> array('TEXT_UNI', ''),
 			'forum_rules_link'		=> array('VCHAR_UNI', ''),
@@ -539,11 +539,12 @@ function get_schema_struct()
 			'forum_topics_real'		=> array('UINT', 0),
 			'forum_last_post_id'	=> array('UINT', 0),
 			'forum_last_poster_id'	=> array('UINT', 0),
-			'forum_last_post_subject' => array('XSTEXT_UNI', ''),
+			'forum_last_post_subject' => array('STEXT_UNI', ''),
 			'forum_last_post_time'	=> array('TIMESTAMP', 0),
 			'forum_last_poster_name'=> array('VCHAR_UNI', ''),
 			'forum_last_poster_colour'=> array('VCHAR:6', ''),
 			'forum_flags'			=> array('TINT:4', 32),
+			'display_subforum_list'	=> array('BOOL', 1),
 			'display_on_index'		=> array('BOOL', 1),
 			'enable_indexing'		=> array('BOOL', 1),
 			'enable_icons'			=> array('BOOL', 1),
@@ -611,11 +612,12 @@ function get_schema_struct()
 			'group_sig_chars'		=> array('UINT', 0),
 			'group_receive_pm'		=> array('BOOL', 0),
 			'group_message_limit'	=> array('UINT', 0),
+			'group_max_recipients'	=> array('UINT', 0),
 			'group_legend'			=> array('BOOL', 1),
 		),
 		'PRIMARY_KEY'	=> 'group_id',
 		'KEYS'			=> array(
-			'group_legend'			=> array('INDEX', 'group_legend'),
+			'group_legend_name'		=> array('INDEX', array('group_legend', 'group_name')),
 		),
 	);
 
@@ -752,8 +754,8 @@ function get_schema_struct()
 			'enable_magic_url'		=> array('BOOL', 1),
 			'enable_sig'			=> array('BOOL', 1),
 			'post_username'			=> array('VCHAR_UNI:255', ''),
-			'post_subject'			=> array('XSTEXT_UNI', '', 'true_sort'),
-			'post_text'				=> array('MTEXT_UNI', '', ($GLOBALS['mysql_indexer']) ? 'true_sort' : 'no_sort'),
+			'post_subject'			=> array('STEXT_UNI', '', 'true_sort'),
+			'post_text'				=> array('MTEXT_UNI', ''),
 			'post_checksum'			=> array('VCHAR:32', ''),
 			'post_attachment'		=> array('BOOL', 0),
 			'bbcode_bitfield'		=> array('VCHAR:255', ''),
@@ -788,7 +790,7 @@ function get_schema_struct()
 			'enable_smilies'		=> array('BOOL', 1),
 			'enable_magic_url'		=> array('BOOL', 1),
 			'enable_sig'			=> array('BOOL', 1),
-			'message_subject'		=> array('XSTEXT_UNI', ''),
+			'message_subject'		=> array('STEXT_UNI', ''),
 			'message_text'			=> array('MTEXT_UNI', ''),
 			'message_edit_reason'	=> array('STEXT_UNI', ''),
 			'message_edit_user'		=> array('UINT', 0),
@@ -874,6 +876,7 @@ function get_schema_struct()
 			'field_validation'		=> array('VCHAR_UNI:20', ''),
 			'field_required'		=> array('BOOL', 0),
 			'field_show_on_reg'		=> array('BOOL', 0),
+			'field_show_profile'	=> array('BOOL', 0),
 			'field_hide'			=> array('BOOL', 0),
 			'field_no_view'			=> array('BOOL', 0),
 			'field_active'			=> array('BOOL', 0),
@@ -991,6 +994,7 @@ function get_schema_struct()
 		'COLUMNS'		=> array(
 			'session_id'			=> array('CHAR:32', ''),
 			'session_user_id'		=> array('UINT', 0),
+			'session_forum_id'		=> array('UINT', 0),
 			'session_last_visit'	=> array('TIMESTAMP', 0),
 			'session_start'			=> array('TIMESTAMP', 0),
 			'session_time'			=> array('TIMESTAMP', 0),
@@ -1006,6 +1010,7 @@ function get_schema_struct()
 		'KEYS'			=> array(
 			'session_time'		=> array('INDEX', 'session_time'),
 			'session_user_id'	=> array('INDEX', 'session_user_id'),
+			'session_fid'		=> array('INDEX', 'session_forum_id'),
 		),
 	);
 
@@ -1052,13 +1057,13 @@ function get_schema_struct()
 
 	$schema_data['phpbb_styles'] = array(
 		'COLUMNS'		=> array(
-			'style_id'				=> array('USINT', NULL, 'auto_increment'),
+			'style_id'				=> array('UINT', NULL, 'auto_increment'),
 			'style_name'			=> array('VCHAR_UNI:255', ''),
 			'style_copyright'		=> array('VCHAR_UNI', ''),
 			'style_active'			=> array('BOOL', 1),
-			'template_id'			=> array('USINT', 0),
-			'theme_id'				=> array('USINT', 0),
-			'imageset_id'			=> array('USINT', 0),
+			'template_id'			=> array('UINT', 0),
+			'theme_id'				=> array('UINT', 0),
+			'imageset_id'			=> array('UINT', 0),
 		),
 		'PRIMARY_KEY'	=> 'style_id',
 		'KEYS'			=> array(
@@ -1071,7 +1076,7 @@ function get_schema_struct()
 
 	$schema_data['phpbb_styles_template'] = array(
 		'COLUMNS'		=> array(
-			'template_id'			=> array('USINT', NULL, 'auto_increment'),
+			'template_id'			=> array('UINT', NULL, 'auto_increment'),
 			'template_name'			=> array('VCHAR_UNI:255', ''),
 			'template_copyright'	=> array('VCHAR_UNI', ''),
 			'template_path'			=> array('VCHAR:100', ''),
@@ -1086,7 +1091,7 @@ function get_schema_struct()
 
 	$schema_data['phpbb_styles_template_data'] = array(
 		'COLUMNS'		=> array(
-			'template_id'			=> array('USINT', 0),
+			'template_id'			=> array('UINT', 0),
 			'template_filename'		=> array('VCHAR:100', ''),
 			'template_included'		=> array('TEXT', ''),
 			'template_mtime'		=> array('TIMESTAMP', 0),
@@ -1100,7 +1105,7 @@ function get_schema_struct()
 
 	$schema_data['phpbb_styles_theme'] = array(
 		'COLUMNS'		=> array(
-			'theme_id'				=> array('USINT', NULL, 'auto_increment'),
+			'theme_id'				=> array('UINT', NULL, 'auto_increment'),
 			'theme_name'			=> array('VCHAR_UNI:255', ''),
 			'theme_copyright'		=> array('VCHAR_UNI', ''),
 			'theme_path'			=> array('VCHAR:100', ''),
@@ -1116,7 +1121,7 @@ function get_schema_struct()
 
 	$schema_data['phpbb_styles_imageset'] = array(
 		'COLUMNS'		=> array(
-			'imageset_id'				=> array('USINT', NULL, 'auto_increment'),
+			'imageset_id'				=> array('UINT', NULL, 'auto_increment'),
 			'imageset_name'				=> array('VCHAR_UNI:255', ''),
 			'imageset_copyright'		=> array('VCHAR_UNI', ''),
 			'imageset_path'				=> array('VCHAR:100', ''),
@@ -1129,13 +1134,13 @@ function get_schema_struct()
 
 	$schema_data['phpbb_styles_imageset_data'] = array(
 		'COLUMNS'		=> array(
-			'image_id'				=> array('USINT', NULL, 'auto_increment'),
+			'image_id'				=> array('UINT', NULL, 'auto_increment'),
 			'image_name'			=> array('VCHAR:200', ''),
 			'image_filename'		=> array('VCHAR:200', ''),
 			'image_lang'			=> array('VCHAR:30', ''),
 			'image_height'			=> array('USINT', 0),
 			'image_width'			=> array('USINT', 0),
-			'imageset_id'			=> array('USINT', 0),
+			'imageset_id'			=> array('UINT', 0),
 		),
 		'PRIMARY_KEY'		=> 'image_id',
 		'KEYS'				=> array(
@@ -1151,7 +1156,7 @@ function get_schema_struct()
 			'topic_attachment'			=> array('BOOL', 0),
 			'topic_approved'			=> array('BOOL', 1),
 			'topic_reported'			=> array('BOOL', 0),
-			'topic_title'				=> array('XSTEXT_UNI', '', 'true_sort'),
+			'topic_title'				=> array('STEXT_UNI', '', 'true_sort'),
 			'topic_poster'				=> array('UINT', 0),
 			'topic_time'				=> array('TIMESTAMP', 0),
 			'topic_time_limit'			=> array('TIMESTAMP', 0),
@@ -1167,7 +1172,7 @@ function get_schema_struct()
 			'topic_last_poster_id'		=> array('UINT', 0),
 			'topic_last_poster_name'	=> array('VCHAR_UNI', ''),
 			'topic_last_poster_colour'	=> array('VCHAR:6', ''),
-			'topic_last_post_subject'	=> array('XSTEXT_UNI', ''),
+			'topic_last_post_subject'	=> array('STEXT_UNI', ''),
 			'topic_last_post_time'		=> array('TIMESTAMP', 0),
 			'topic_last_view_time'		=> array('TIMESTAMP', 0),
 			'topic_moved_id'			=> array('UINT', 0),
@@ -1273,7 +1278,7 @@ function get_schema_struct()
 			'user_timezone'				=> array('DECIMAL', 0),
 			'user_dst'					=> array('BOOL', 0),
 			'user_dateformat'			=> array('VCHAR_UNI:30', 'd M Y H:i'),
-			'user_style'				=> array('USINT', 0),
+			'user_style'				=> array('UINT', 0),
 			'user_rank'					=> array('UINT', 0),
 			'user_colour'				=> array('VCHAR:6', ''),
 			'user_new_privmsg'			=> array('INT:4', 0),

phpBB/docs/AUTHORS

@@ -22,13 +22,15 @@ involved in phpBB.
 
 phpBB Lead Developer  : Acyd Burn (Meik Sievertsen)
 
-phpBB Developers      : DavidMJ (David M.)
+phpBB Developers      : APTX (Marek A. R.)
+                        DavidMJ (David M.)
                         dhn (Dominik Dr<44>scher)
                         kellanved (Henry Sudhof)
                         naderman (Nils Adermann)
-                        subBlue (Tom Beddard)
+                        ToonArmy (Chris Smith)
                         Vic D'Elfant (Vic D'Elfant)
 
+
 -- Previous Contributors --
 
 phpBB Project Manager : theFinn (James Atkinson) [Founder - 04/2007]

phpBB/docs/CHANGELOG.html

@@ -53,6 +53,9 @@
 <ol>
 	<li><a href="#changelog">Changelog</a>
 	<ol style="list-style-type: lower-roman;">
+		<li><a href="#v303">Changes since 3.0.3</a></li>
+		<li><a href="#v302">Changes since 3.0.2</a></li>
+		<li><a href="#v301">Changes since 3.0.1</a></li>
 		<li><a href="#v300">Changes since 3.0.0</a></li>
 		<li><a href="#v30rc8">Changes since RC-8</a></li>
 		<li><a href="#v30rc7">Changes since RC-7</a></li>
@@ -71,7 +74,7 @@
 
 		<span class="corners-bottom"><span></span></span></div>
 	</div>
-	
+
 	<hr />
 
 	<a name="changelog"></a><h2>1. Changelog</h2>
@@ -80,15 +83,257 @@
 		<div class="inner"><span class="corners-top"><span></span></span>
 
 		<div class="content">
+	<a name="v303"></a><h3>1.i. Changes since 3.0.3</h3>
 
-	<a name="v300"></a><h3>1.i. Changes since 3.0.0</h3>
+	<ul>
+		<li>[Fix] Allow mixed-case template directories to be inherited (Bug #36725)</li>
+		<li>[Fix] Regression bug from revision #8908 regarding log display in ACP</li>
+		<li>[Fix] Allow the UCP group management to work for groups with avatars. (Bug #37375)</li>
+		<li>[Fix] Fix header list build for replying oldest PM in PM history (Bug #37275)</li>
+		<li>[Fix] Do not display COPPA group in memberlist find member dialog if COPPA disabled (Bug #37175)</li>
+		<li>[Fix] Do not try to send jabber notifications if no jid entered (Bug #36775)</li>
+		<li>[Fix] Only display special ranks to guests; no longer display normal ranks for guests (Bug #36735)</li>
+		<li>[Fix] Properly treat punctuation marks after local urls (Bug #37055)</li>
+		<li>[Fix] Make searching for members by YIM address work in prosilver</li>
+		<li>[Fix] Tell users to recreate the search index after changing the common word threshold for fulltext_native (Bug #36345)</li>
+		<li>[Fix] Adjusted phpbb_chmod() to always set permissions for group bit.</li>
+		<li>[Fix] Do not increment users post count after post approval if post had been posted in a forum with no post count increasing set (Bug #37865)</li>
+		<li>[Fix] Extend vertical line for last post column if no posts in forum (Bug #37125)</li>
+		<li>[Fix] correctly update last topic/forum information if changing guest usernames through editing posts (Bug #38095)</li>
+		<li>[Fix] fix postcount resync for situations where low and high post ids are higher than step value, resulting in users having 0 posts. (Bug #38195)</li>
+		<li>[Fix] Use a left join for the topics table on search to avoid trouble with FROM syntax on some databases (Bug #37005)</li>
+		<li>[Fix] Do not show 'Forward' button if the user cannot send PM's</li>
+		<li>[Change] Alllow applications to set custom module inclusion path (idea by HoL)</li>
+		<li>[Change] Handle checking for duplicate usernames in chunks (Bug #17285 - Patch by A_Jelly_Doughnut)</li>
+		<li>[Change] Better handling and finer control for custom profile fields visibility options. (Patch by Highway of Life)</li>
+		<li>[Change] Performance increase for format_date() (Bug #37575 - Patch by BartVB)</li>
+		<li>[Change] Changed prosilver date separator from 'on' to '&raquo;'</li>
+		<li>[Change] Performance increase for get_username_string() (Bug #37545 - Patch by BartVB)</li>
+		<li>[Change] Slight performance increase for common parameter calls to append_sid() (Bug #37555 - Patch by BartVB)</li>
+		<li>[Feature] Added 'AGO' setting to relative date strings. For example: posted 14 minutes ago. (Patch by BartVB)</li>
+		<li>[Sec] Fixed an issue where deactivated accounts could be re-activated without the required privileges. (Reported by Jorick)</li>
+		<li>[Sec] Ask for forum password if post within passworded forum quoted in private message. (Reported by nickvergessen)</li>
+	</ul>
+
+	<a name="v302"></a><h3>1.ii. Changes since 3.0.2</h3>
+
+	<ul>
+		<li>[Fix] Correctly set topic starter if first post in topic removed (Bug #30575 - Patch by blueray2048)</li>
+		<li>[Fix] Delete avatar files (Bug #29985).</li>
+		<li>[Fix] Preserve selection in the MCP. (Bug #31265).</li>
+		<li>[Fix] Added VST - Venezuela Standard Time (Bug #30545).</li>
+		<li>[Fix] Close DB connections in file.php.</li>
+		<li>[Fix] Correctly return results for nested cached queries (Bug #31445 - Patch by faw).</li>
+		<li>[Fix] Allow export of PM pages greater one. (#33155)</li>
+		<li>[Fix] Display coloured username of last poster in list of subscribed forums (prosilver).</li>
+		<li>[Fix] Added missing UCP language string <em>NO_AUTH_READ_HOLD_MESSAGE</em>.</li>
+		<li>[Fix] Do not jump back to page 1 when hiding member search in memberlist. (Bug #32515)</li>
+		<li>[Fix] Correctly limit input of the users location to 100 characters in the UCP and ACP. (Bug #32655)</li>
+		<li>[Fix] Sync reports when using the move all users posts tool in the ACP. (Bug #31165)</li>
+		<li>[Fix] Extra slash is included in the redirect url when redirecting to the forum root directory. (Bug #33605)</li>
+		<li>[Fix] Remove reported flag from shadow topics when closing reports. (Bug #19765)</li>
+		<li>[Fix] Do not show non indexed forums on the search page if they contain no subforums. (Bug #33125)</li>
+		<li>[Fix] Stop search bots incrementing topic views. (Bug #32675 - Patch by eviL&lt;3)</li>
+		<li>[Fix] Use correct link for post author search. (Bug #32595)</li>
+		<li>[Fix] Do not decrease topics counter when deleting shadow topics. (Bug #26495)</li>
+		<li>[Fix] Send localised disapproval reasons in the recipients local language. (Bug #31645)</li>
+		<li>[Fix] Language typos/fixes. (Bugs #27625, #30755, #34185, #32795)</li>
+		<li>[Fix] Added missing terms parameter to search pagination. (Bug #34085)</li>
+		<li>[Fix] Wrong table order in query obtaining posts if post id given.</li>
+		<li>[Fix] Do not display reported topic icon for shadow topics. (Bug #13970)</li>
+		<li>[Fix] Display popular topic based on posts within topic instead of replies within topic. (Bug #16099)</li>
+		<li>[Fix] Expand shown ban reason in unban screen to fully show long entries. (Bug #16234)</li>
+		<li>[Fix] Preserve alpha transparency for created thumbnails. (Bug #16575)</li>
+		<li>[Fix] Use correct port delimiter for MSSQL connections in windows. (Bug #16615)</li>
+		<li>[Fix] Do not allow setting forums parent to the forum itself. (Bug #18855)</li>
+		<li>[Fix] Display assigned rank/avatar for guests. (Bug #19155)</li>
+		<li>[Fix] Set secure cookie for style switcher if required. (Bug #19625)</li>
+		<li>[Fix] Fix native full text search on postgresql while using excluding keyword matches. (Bug #19195)</li>
+		<li>[Fix] Pass S_SEARCH_ACTION through append_sid() in search.php. (Bug #21585)</li>
+		<li>[Fix] Correctly delete message attachments. (Bug #23755)</li>
+		<li>[Fix] Correctly handle unread status of subforums (that are not shown on the index) of forums that are shown on the index. (Bug #14589)</li>
+		<li>[Fix] Stop users from deleting posts after the edit time has passed or they have been locked. (Bug #19115)</li>
+		<li>[Fix] Split posts target forum requires 'f_post' now instead of 'm_split'. (Bug #31015)</li>
+		<li>[Fix] Duplicate log messages for deleting a topic ('LOG_TOPIC_DELETED' has been deprecated in favour of 'LOG_DELETE_TOPIC').</li>
+		<li>[Fix] Use a distinct log message for shadow topic deletions to differentiate between normal topic deletions. (Bug #34635)</li>
+		<li>[Fix] Fix problems with styles using an underscore within the filename. (Bug #34315)</li>
+		<li>[Fix] Better return links when deleting topics through the MCP. (Bug #34655)</li>
+		<li>[Fix] Add quoting support to PM history when composing a reply. (Bug #34285)</li>
+		<li>[Fix] Use phpBB 3.1.x method for storing cached data to prevent PHP bug with our usage of var_export(). (Thanks to Techie-Micheal and HoL for pointing out possible problems)</li>
+		<li>[Fix] Check users pm preferences for pm's sent to groups. (Bug #33245)</li>
+		<li>[Fix] Do not allow password reminders if u_passchg permission is not given. (Bug #14806)</li>
+		<li>[Fix] Implemented strict check for cached user permissions and existing ACL options. This fix makes sure cached permissions are valid, even if they got already cached.</li>
+		<li>[Fix] Do not show link to user/group profiles if user has no permission to view the linked page and gets a denied message anyway. (Bug #15088)</li>
+		<li>[Fix] Do not display last post link and sort display options for search engines. (Bug #15088)</li>
+		<li>[Fix] Make sure users still get notifications if they set to only be notified by Jabber, but Jabber service disabled. (Bug #29715 - Patch by Paul)</li>
+		<li>[Fix] Don't show forum subscription link on categories. (Bug #34895)</li>
+		<li>[Fix] Display a message if no topics or forums are selected when unsubscribing. (Bug #34855)</li>
+		<li>[Fix] Mark/unmark all links in UCP now select/unselect both subscribed topics and forums.</li>
+		<li>[Fix] Increase board topic counter when splitting topics. (Bug #32125)</li>
+		<li>[Fix] Display profile icons when viewing a topic, or PM when only the jabber icon is to be visible. (Bug #34755)</li>
+		<li>[Fix] Do not send PMs with warnings if the user cannot read PMs or they are disabled. (Bug #30815)</li>
+		<li>[Fix] Correctly convert Niels' Birthday MOD to the date format used in phpBB3. (Bug #32895)</li>
+		<li>[Fix] Parse BBCode lists of type square, circle and disc. (Bug #35295)</li>
+		<li>[Fix] Round the displayed percentages in polls. (Bug #32375)</li>
+		<li>[Fix] Disable mass e-mail when e-mail is disabled. (Bug #27385)</li>
+		<li>[Fix] Display coloured poster username of queued posts displayed on the front of the MCP.</li>
+		<li>[Fix] Moderators can only see reports/queue/logs from forums they can actually read. (Bug #31085)</li>
+		<li>[Fix] Correctly display topic when start parameter is equal to the number of posts.</li>
+		<li>[Fix] Correctly display topic in MCP when start parameter is equal to or greater than the number of posts. (Bug #30525)</li>
+
+		<li>[Change] No longer allow the direct use of MULTI_INSERT in sql_build_array. sql_multi_insert() must be used.</li>
+		<li>[Change] Display warning in ACP if config.php file is left writable.</li>
+		<li>[Change] More restrictive chmod to new files being created. (phpbb_chmod() function mostly by faw)</li>
+		<li>[Change] Set headers to allow browsers to better cache attachments (Mylek pointed this out)</li>
+		<li>[Change] Hide parameters if they equal the default in viewforum/viewtopic (Bug #31185)</li>
+		<li>[Change] Various improvements to group listings (Bugs #32155, #32145, #32085, #26675, #26265)</li>
+		<li>[Change] Set headers for IE 8 in file.php</li>
+		<li>[Change] Do not count queued posts to user_posts.</li>
+		<li>[Change] Allow setting birth year to current year.</li>
+		<li>[Change] Do not use the topics posted table when performing an egosearch.</li>
+		<li>[Change] Log the forum name that topics are moved into.</li>
+		<li>[Change] Automatically add users/groups to the PM recipient list, if entered or selected.</li>
+		<li>[Change] Reply to PM now includes all previous recipients and not only the original sender.</li>
+		<li>[Change] Make topic selection for merge less confusing by removing unneeded controls. (Bug #21925)</li>
+		<li>[Change] MCP topic view checkboxes now default to unchecked.</li>
+		<li>[Change] Adjust language key <em>SPLIT_AFTER</em> to make the action clearer.</li>
+		<li>[Change] Add links to the post and forum when viewing a report from the MCP. (Bugs #33795, #33805)</li>
+		<li>[Change] Added CSRF protection to GET-only actions like marking forums.</li>
+		<li>[Change] Remove NUL-Bytes directly in request_var() for strings and within the custom DBAL sql_escape() functions (MSSQL, Firebird, Oracle) (reported by AdhostMikeSw)</li>
+
+		<li>[Feature] Allow limited inheritance for template sets.</li>
+		<li>[Feature] Allow hard disabling of the template editor.</li>
+		<li>[Feature] Allow setting custom language path through $user-&gt;set_custom_lang_path(). $user-&gt;lang_path now also do not include the user language, but only the path.</li>
+		<li>[Feature] Ability to define nullar/singular/plural language entries</li>
+		<li>[Feature] Ability to mimic sprintf() calls with $user-&gt;lang() with the ability to correctly assign nullar/singular/plural language entries.</li>
+		<li>[Feature] Added the possibility to force user posts put in queue if post count is lower than an admin defined value. Guest posting is not affected by this setting.</li>
+		<li>[Feature] Added 'max_recipients' setting for private messages. This setting allows admins to define the maximum number of recipients per private message with a board-wide setting and a group-specific setting.</li>
+		<li>[Feature] Added new permission setting for sending private messages to groups. Now there are two permissions to define sending private messages to multiple recipients and private messages to groups.</li>
+		<li>[Feature] Allow specific connection to different server for jabber functionality by providing a valid JID as username. This also allows the use of talk.google.com as jabber server with gmail.com JIDs. (Bug #14989)</li>
+
+		<li>[Sec Precaution] Stricter validation of the HTTP_HOST header (Thanks to Techie-Micheal et al for pointing out possible issues in derived code)</li>
+	</ul>
+
+	<a name="v301"></a><h3>1.iii. Changes since 3.0.1</h3>
+
+	<ul>
+		<li>[Fix] Ability to set permissions on non-mysql dbms (Bug #24955)</li>
+		<li>[Fix] Fixed blank style on setups having no username defined within config.php (Bug #25065)</li>
+		<li>[Fix] Made the compress_tar class tolerate archives that do not properly have their archived contents listed (Bug #14429 / thanks to JRSweets for his patch)</li>
+		<li>[Fix] Moved topics should not count towards the number of topics in a forum (Bug #14648 / thanks to Schumi for his patch)</li>
+		<li>[Fix] Properly check for invalid characters in MySQL DB prefixes during install (Bug #18775)</li>
+		<li>[Fix] Bring the PostgreSQL backup system back to working order (Bug #22385)</li>
+		<li>[Fix] Update correct theme for cached styles in style.php (Bug #25805)</li>
+		<li>[Fix] Also add PHPBB_INSTALLED check to download/file.php for inline avatar delivery</li>
+		<li>[Fix] Unable to login to some jabber server, reverted previous change (Bug #25095)</li>
+		<li>[Fix] Do not return BMP as valid image type for GD image manipulation (Bug #25925)</li>
+		<li>[Fix] Correctly determine safe mode for temp file creation in functions_upload.php (Bug #23525)</li>
+		<li>[Fix] Correctly sort by rank in memberlist (Bug #24435)</li>
+		<li>[Fix] Purge cache after database restore (Bug #24245)</li>
+		<li>[Fix] Correctly display subforum read/unread icons from RTL in FF3, Konqueror and Safari3+. (thanks arod-1 for the fix, related to Bug #14830)</li>
+		<li>[Fix] Added missing form token in acp (thanks NBBN).</li>
+		<li>[Fix] Do not remove whitespace in front of url containing the boards url and no relative path appended (Bug #27355)</li>
+		<li>[Fix] reset forum notifications in viewtopic (Bug #28025)</li>
+		<li>[Fix] corrected link for searching post author's other posts (Bug #26455)</li>
+		<li>[Fix] HTTP Authentication supports UTF-8 usernames now (Bug #21135)</li>
+		<li>[Fix] Topic searches by author no longer return invalid results (Bug #11777)</li>
+		<li>[Fix] Delete drafts and bookmarks when deleting an user. (#27585, thanks Schumi for the fix)</li>
+		<li>[Fix] Set last_post_subject for new topics. (#23945)</li>
+		<li>[Fix] Allow moving posts to invisible forums. (#27325)</li>
+		<li>[Fix] Don't allow promoting unapproved group members (#16124)</li>
+		<li>[Fix] Correctly fetch server name if using non-standard port (#27395)</li>
+		<li>[Fix] Regular expression for email matching in posts will no longer die on long words.</li>
+		<li>[Fix] Do not display ban message if direct call to cron. (thanks Dog Cow for reporting)</li>
+		<li>[Fix] Correctly display double-colon on special conditions within highlighted php source (Bug #26795)</li>
+		<li>[Fix] Increase storage capacity of titles/subjects due to specialchared content (Bug #25235)</li>
+		<li>[Fix] Catch invalid username wildcard ban (we do not support these) (Bug #29305)</li>
+		<li>[Fix] Fix (email)-domain checks for those having DNS prefixes set (Bug #29635)</li>
+		<li>[Change] Adjust truncate_string() to be able to adjust the maximum storage length.</li>
+		<li>[Change] Generalize load check (Bug #21255 / thanks to Xipher)</li>
+		<li>[Change] Make utf8_htmlspecialchars not pass its argument by reference (Bug #21885)</li>
+		<li>[Change] Sort the tables at the database table backup screen</li>
+		<li>[Change] For determining the maximum number of private messages in one box, use the biggest value from all groups the user is a member of (Bug #24665)</li>
+		<li>[Change] Show email ban reason on registration. Additionally allow custom errors properly returned if using validate_data(). (Bug #26885)</li>
+		<li>[Change] Don't allow redirects to different domains. (thanks nookieman)</li>
+		<li>[Feature] Added optional referer validation of POST requests as additional CSRF protection.</li>
+		<li>[Feature] Added optional stricter upload validation to avoid mime sniffing in addition to the safeguards provided by file.php. (thanks to Nicolas Grekas for compiling the list).</li>
+		<li>[Feature] Streamlined banning via the MCP by adding a ban link to the user profile. Also pre-fills ban fields as far as possible.</li>
+		<li>[Feature] Added ACP logout to reset an admin session.</li>
+		<li>[Sec] Only allow urls gone through redirect() being used within login_box(). (thanks nookieman)</li>
+	</ul>
+
+	<a name="v300"></a><h3>1.iv. Changes since 3.0.0</h3>
 
 	<ul>
 		<li>[Change] Validate birthdays (Bug #15004)</li>
 		<li>[Fix] Allow correct avatar caching for CGI installations. (thanks wildbill)</li>
+		<li>[Fix] Fix disabling of word censor, now possible again</li>
+		<li>[Fix] Allow single quotes in db password to be stored within config.php in installer</li>
+		<li>[Fix] Correctly quote db password for re-display in installer (Bug #16695 / thanks to m313 for reporting too - #s17235)</li>
+		<li>[Fix] Correctly handle empty imageset entries (Bug #16865)</li>
+		<li>[Fix] Correctly check empty subjects/messages (Bug #17915)</li>
+		<li>[Change] Do not check usernames against word censor list. Disallowed usernames is already checked and word censor belong to posts. (Bug #17745)</li>
+		<li>[Fix] Additionally include non-postable forums for moderators forums shown within the teams list. (Bug #17265)</li>
+		<li>[Change] Sped up viewforum considerably (also goes towards mcp_forum)</li>
+		<li>[Fix] Do not split topic list for topics being promoted to announcements after been moved to another forum (Bug #18635)</li>
+		<li>[Fix] Allow editing usernames within database_update on username cleanup (Bug #18415)</li>
+		<li>[Fix] Fixing wrong sync() calls if moving all posts by a member in ACP (Bug #18385)</li>
+		<li>[Fix] Check entered imagemagick path for trailing slash (Bug #18205)</li>
+		<li>[Fix] Use proper title on index for new/unread posts (Bug #13101) - patch provided by Pyramide</li>
+		<li>[Fix] Allow calls to $user-&gt;set_cookie() define no cookie time for setting session cookies (Bug #18025)</li>
+		<li>[Fix] Stricter checks on smilie packs (Bug #19675)</li>
+		<li>[Fix] Gracefully return from cancelling pm drafts (Bug #19675)</li>
+		<li>[Fix] Possible login problems with IE7 if browser check is activated (Bug #20135)</li>
+		<li>[Fix] Fix possible database transaction errors if code returns on error and rollback happened (Bug #17025)</li>
+		<li>[Change] Allow numbers in permission names for modifications, as well as uppercase letters for the request_ part (Bug #20125)</li>
+		<li>[Fix] Use HTTP_HOST in favor of SERVER_NAME for determining server url for redirection and installation (Bug #19955)</li>
+		<li>[Fix] Removing s_watching_img from watch_topic_forum() function (Bug #20445)</li>
+		<li>[Fix] Changing order for post review if more than one post affected (Bug #15249)</li>
+		<li>[Fix] Language typos/fixes (Bug #20425, #15719, #15429, #14669, #13479, #20795, #21095, #21405, #21715, #21725, #21755, #21865, #15689)</li>
+		<li>[Fix] Style/Template fixes (Bug #20065, #19405, #19205, #15028, #14934, #14821, #14752, #14497, #13707, #14738, #19725)</li>
+		<li>[Fix] Tiny code fixes (Bug #20165, #20025, #19795, #14804)</li>
+		<li>[Fix] Prepend phpbb_root_path to ranks path for displaying ranks (Bug #19075)</li>
+		<li>[Fix] Allow forum notifications if topic notifications are disabled but forum notifications enabled (Bug #14765)</li>
+		<li>[Fix] Fixing realpath issues for provider returning the passed value instead of disabling it. This fixes issues with confirm boxes for those hosted on Network Solutions for example. (Bug #20435)</li>
+		<li>[Fix] Try to sort last active date on memberlist correctly at least on current page (Bug #18665)</li>
+		<li>[Fix] Handle generation of form tokens when maximum time is set to -1</li>
+		<li>[Fix] Correctly delete unapproved posts without deleting the topic (Bug #15120)</li>
+		<li>[Fix] Respect signature permissions in posting (Bug #16029)</li>
+		<li>[Fix] Users allowed to resign only from open and freely open groups (Bug #19355)</li>
+		<li>[Fix] Assign a last viewed date to converted topics (Bug #16565)</li>
+		<li>[Fix] Many minor and/or cosmetic fixes (Including, but not limited to: #21315, #18575, #18435, #21215)</li>
+		<li>[Feature] New option to hide the entire list of subforums on listforums</li>
+		<li>[Fix] Custom BBCode {EMAIL}-Token usage (Bug #21155)</li>
+		<li>[Fix] Do not rely on parameter returned by unlink() for verifying cache directory write permission (Bug #19565)</li>
+		<li>[Change] Use correct string for filesize (MiB instead of MB for example)</li>
+		<li>[Change] Remove left join for query used to retrieve already assigned users and groups within permission panel (Bug #20235)</li>
+		<li>[Fix] Correctly return sole whitespaces if used with BBCodes (Bug #19535)</li>
+		<li>[Fix] Quote bbcode parsing adding too much closing tags on special conditions (Bug #20735)</li>
+		<li>[Change] Added sanity checks to various ACP settings</li>
+		<li>[Change] Removed minimum form times</li>
+		<li>[Fix] Check topics_per_page value in acp_forums (Bug #15539)</li>
+		<li>[Fix] Custom profile fields with date type should be timezone independend (Bug #15003)</li>
+		<li>[Fix] Fixing some XHTML errors/warnings within the ACP (Bug #22875)</li>
+		<li>[Fix] Warnings if poll title/options exceed maximum characters per post (Bug #22865)</li>
+		<li>[Fix] Do not allow selecting non-authorized groups within memberlist by adjusting URL (Bug #22805 - patch provided by ToonArmy)</li>
+		<li>[Fix] Correctly specify &quot;close report action&quot; (Bug #22685)</li>
+		<li>[Fix] Display &quot;empty password error&quot; within the login box instead of issuing a general error (Bug #22525)</li>
+		<li>[Fix] Clean up who is online code in page_header (Bug #22715, thanks HighwayofLife)</li>
+		<li>[Fix] Pertain select single link on memberlist (Bug #23235 - patch provided by Schumi)</li>
+		<li>[Fix] Allow &amp; and | in local part of email addresses (Bug #22995)</li>
+		<li>[Fix] Do not error out if php_uname function disabled / Authenticating on SMTP Server (Bug #22235 - patch by HoL)</li>
+		<li>[Fix] Correctly obtain to be ignored users within topic/forum notification (Bug #21795 - patch provided by dr.death)</li>
+		<li>[Fix] Correctly update board statistics for attaching orphaned files to existing posts (Bug #20185)</li>
+		<li>[Fix] Do not detect the board URL as a link twice in posts (Bug #19215)</li>
+		<li>[Fix] Set correct error reporting in style.php to avoid blank pages after CSS changes (Bug #23885)</li>
+		<li>[Fix] If pruning users based on last activity, do not include users never logged in before (Bug #18105)</li>
+		<li>[Sec] Only allow searching by email address in memberlist for users having the a_user permission (reported by evil&lt;3)</li>
+		<li>[Sec] Limit private message attachments to be viewable only by the recipient(s)/sender (Report #s23535) - reported by AlleyKat</li>
+		<li>[Sec] Check for non-empty config.php within style.php (Report #s24575) - reported by bantu</li>
+		<li>[Fix] Find and display colliding usernames correctly when converting from one database to another (Bug #23925)</li>
 	</ul>
-	
-	<a name="v30rc8"></a><h3>1.i. Changes since 3.0.RC8</h3>
+
+	<a name="v30rc8"></a><h3>1.v. Changes since 3.0.RC8</h3>
 
 	<ul>
 		<li>[Fix] Cleaned usernames contain only single spaces, so &quot;a_name&quot; and &quot;a__name&quot; are treated as the same name (Bug #15634)</li>
@@ -97,7 +342,7 @@
 		<li>[Fix] Call garbage_collection() within database updater to correctly close connections (affects Oracle for example)</li>
 	</ul>
 
-	<a name="v30rc7"></a><h3>1.ii. Changes since 3.0.RC7</h3>
+	<a name="v30rc7"></a><h3>1.vi. Changes since 3.0.RC7</h3>
 
 	<ul>
 		<li>[Fix] Fixed MSSQL related bug in the update system</li>
@@ -132,7 +377,7 @@
 		<li>[Fix] No duplication of active topics (Bug #15474)</li>
 	</ul>
 
-	<a name="v30rc6"></a><h3>1.iii. Changes since 3.0.RC6</h3>
+	<a name="v30rc6"></a><h3>1.vii. Changes since 3.0.RC6</h3>
 
 	<ul>
 		<li>[Fix] Submitting language changes using acp_language (Bug #14736)</li>
@@ -142,7 +387,7 @@
 		<li>[Fix] Able to request new password (Bug #14743)</li>
 	</ul>
 
-	<a name="v30rc5"></a><h3>1.iv. Changes since 3.0.RC5</h3>
+	<a name="v30rc5"></a><h3>1.viii. Changes since 3.0.RC5</h3>
 
 	<ul>
 		<li>[Feature] Removing constant PHPBB_EMBEDDED in favor of using an exit_handler(); the constant was meant to achive this more or less.</li>
@@ -205,7 +450,7 @@
 		<li>[Sec] New password hashing mechanism for storing passwords (#i42)</li>
 	</ul>
 
-	<a name="v30rc4"></a><h3>1.v. Changes since 3.0.RC4</h3>
+	<a name="v30rc4"></a><h3>1.ix. Changes since 3.0.RC4</h3>
 
 	<ul>
 		<li>[Fix] MySQL, PostgreSQL and SQLite related database fixes (Bug #13862)</li>
@@ -256,7 +501,7 @@
 		<li>[Fix] odbc_autocommit causing existing result sets to be dropped (Bug #14182)</li>
 	</ul>
 
-	<a name="v30rc3"></a><h3>1.vi. Changes since 3.0.RC3</h3>
+	<a name="v30rc3"></a><h3>1.x. Changes since 3.0.RC3</h3>
 
 	<ul>
 		<li>[Fix] Fixing some subsilver2 and prosilver style issues</li>
@@ -365,7 +610,7 @@
 
 	</ul>
 
-	<a name="v30rc2"></a><h3>1.vii. Changes since 3.0.RC2</h3>
+	<a name="v30rc2"></a><h3>1.xi. Changes since 3.0.RC2</h3>
 
 	<ul>
 		<li>[Fix] Re-allow searching within the memberlist</li>
@@ -390,7 +635,7 @@
 		<li>[Fix] Use our global expression for checking email syntax in memberlist (Bug #12827)</li>
 		<li>[Fix] Correctly retrieve/refresh templates stored in database if using subdirectories within template directory (Bug #12839)</li>
 		<li>[Fix] Correctly translate special group names in ucp_groups.php (Bug #12597)</li>
-		<li>[Fix] Search boxes not loosing session id (changing method from get to post) (Bug #12643)</li>
+		<li>[Fix] Search boxes not losing session id (changing method from get to post) (Bug #12643)</li>
 		<li>[Fix] Make sure the automatic update is also working for those having fsockopen disabled</li>
 		<li>[Fix] Simulate recache of theme data on automatic update finished page - recaching it if css data changed</li>
 		<li>[Feature] Allow dropping in custom &quot;info_[module class]_*.php&quot; files to language/*/mods directory for inclusion into the menu structure without the need to modify phpBB language files for menu placements</li>
@@ -407,11 +652,11 @@
 		<li>[Fix] Some jabber related bugs (Bug #12989, #11805, #11809)</li>
 		<li>[Fix] Added UTF-8 support for banning via the MCP (Bug #13013)</li>
 		<li>[Fix] Properly detect the script name in session::extract_current_page() if PHP_SELF is not defined (Bug #12705) - patch provided by ToonArmy</li>
-		<li>[Fix] Show role mask for global permission class under Permissions->Permission Roles (Bug #13057)</li>
+		<li>[Fix] Show role mask for global permission class under Permissions-&gt;Permission Roles (Bug #13057)</li>
 
 	</ul>
 
-	<a name="v30rc1"></a><h3>1.viii. Changes since 3.0.RC1</h3>
+	<a name="v30rc1"></a><h3>1.xii. Changes since 3.0.RC1</h3>
 
 	<ul>
 		<li>[Fix] (X)HTML issues within the templates (Bug #11255, #11255)</li>

phpBB/docs/INSTALL.html

@@ -273,7 +273,7 @@
 
 	<p>This package is meant for those wanting to only replace changed files from a previous version to the latest version. This package normally contains the changed files from up to five previous versions.</p>
 
-	<p>This package contains a number of archives, each contains the files changed from a given release to the latest version. You should select the appropriate archive for your current version, e.g. if you currently have <samp>3.0.0</samp> you should select the phpBB-3.0.0_to_3.0.1.zip/tar.gz file.</p>
+	<p>This package contains a number of archives, each contains the files changed from a given release to the latest version. You should select the appropriate archive for your current version, e.g. if you currently have <samp>3.0.3</samp> you should select the phpBB-3.0.3_to_3.0.4.zip/tar.gz file.</p>
 
 	<p>The directory structure has been preserved enabling you (if you wish) to simply upload the contents of the archive to the appropriate location on your server, i.e. simply overwrite the existing files with the new versions. Do not forget that if you have installed any MODs these files will overwrite the originals possibly destroying them in the process. You will need to re-add MODs to any affected file before uploading.</p>
 
@@ -281,11 +281,11 @@
 
 <a name="update_patch"></a><h3>4.iii. Patch file</h3>
 
-	<p>The patch file package is for those wanting to update through the patch application, and being compfortable with it.</p>
+	<p>The patch file package is for those wanting to update through the patch application, and being comfortable with it.</p>
 
-	<p>The patch file is one solution for those with many Modifications (MODs) or other changes who do not want to re-add them back to all the changed files if they use the method explained above. To use this you will need command line access to a standard UNIX type <strong>patch</strong> application. If you do not have access to such an application but still want to use this update approach, we strongly recommend the <a href="update_auto">Automatic update package</a> explained below. It is also the preferred update method.</p>
+	<p>The patch file is one solution for those with many Modifications (MODs) or other changes who do not want to re-add them back to all the changed files if they use the method explained above. To use this you will need command line access to a standard UNIX type <strong>patch</strong> application. If you do not have access to such an application but still want to use this update approach, we strongly recommend the <a href="#update_auto">Automatic update package</a> explained below. It is also the preferred update method.</p>
 
-	<p>A number of patch files are provided to allow you to update from previous stable releases. Select the correct patch, e.g. if your current version is 3.0.0 you need the phpBB-3.0.0_to_3.0.1.patch file. Place the correct patch in the parent directory containing the phpBB3 core files (i.e. index.php, viewforum.php, etc.). With this done you should run the following command: <strong>patch -cl -d [PHPBB DIRECTORY] -p1 &lt; [PATCH NAME]</strong> (where PHPBB DIRECTORY is the directory name your phpBB Installation resides in, for example phpBB3, and where PATCH NAME is the relevant filename of the selected patch file). This should complete quickly, hopefully without any HUNK FAILED comments.</p>
+	<p>A number of patch files are provided to allow you to update from previous stable releases. Select the correct patch, e.g. if your current version is 3.0.3 you need the phpBB-3.0.3_to_3.0.4.patch file. Place the correct patch in the parent directory containing the phpBB3 core files (i.e. index.php, viewforum.php, etc.). With this done you should run the following command: <strong>patch -cl -d [PHPBB DIRECTORY] -p1 &lt; [PATCH NAME]</strong> (where PHPBB DIRECTORY is the directory name your phpBB Installation resides in, for example phpBB3, and where PATCH NAME is the relevant filename of the selected patch file). This should complete quickly, hopefully without any HUNK FAILED comments.</p>
 
 	<p>If you do get failures you should look at using the <a href="#update_files">Changed files only</a> package to replace the files which failed to patch, please note that you will need to manually re-add any Modifications (MODs) to these particular files. Alternatively if you know how you can examine the .rej files to determine what failed where and make manual adjustments to the relevant source.</p>
 
@@ -295,7 +295,7 @@
 
 	<p>This update method is the preferred method for updating. This package allows detecting changed files automatically and merges changes if needed.</p>
 
-	<p>The automatic update package is holding - contrary to the others - only the update informations for updating the last released version to the latest available version. These package is meant for use with the automatic update tool.</p>
+	<p>The automatic update package contains - contrary to the others - only the information required to update the previous release version to the latest available version. These packages are meant for use with the automatic update tool.</p>
 
 	<p>To perform the update, either follow the instructions from the <code>Administration Control Panel-&gt;System</code> Tab - this should point out that you are running an outdated version and will guide you through the update - or follow the instructions listed below.</p>
 
@@ -369,11 +369,11 @@
 
 	<p><strong>Password conversion</strong> Due to the utf-8 based handling of passwords in phpBB3, it is not always possible to transfer all passwords. For passwords "lost in translation" the easiest workaround is to use the "forgotten password" function.</p>
 
-	<p><strong>Path to your former board</strong> The converter expects the relative path to your old board's files. So, -for instance - if the new board is located at <code>http://www.yourdomain.com/forum</code> and the phpBB3 is located at <code>http://www.yourdomain.com/phpBB3</code>, then the correct value would be <code>../forum</code>. Note that the webserver user must be able to access the source installation's files.</p>
+	<p><strong>Path to your former board</strong> The converter expects the relative path to your old board's files. So, - for instance - if the old board is located at <code>http://www.yourdomain.com/forum</code> and the phpBB3 installation is located at <code>http://www.yourdomain.com/phpBB3</code>, then the correct value would be <code>../forum</code>. Note that the webserver user must be able to access the source installation's files.</p>
 
-	<p><strong>Missing images</strong> If your default board language's language pack does not include all images, then some images might be missing in your installation. Always use a complete language pack as default language.</p> 
+	<p><strong>Missing images</strong> If your default board language's language pack does not include all images, then some images might be missing in your installation. Always use a complete language pack as default language.</p>
 
-	<p><strong>Smilies</strong> During the conversion you might see warnings about image files where the copying failed. That can happen if the old board's smilies have the same file names as those on the new board. Copy those files manually after the conversion, if you want to continue using the old smilies.</p> 
+	<p><strong>Smilies</strong> During the conversion you might see warnings about image files where the copying failed. That can happen if the old board's smilies have the same file names as those on the new board. Copy those files manually after the conversion, if you want to continue using the old smilies.</p>
 
 
 		</div>

phpBB/docs/coding-guidelines.html

@@ -69,7 +69,15 @@
 	</ol>
 	</li>
 	<li><a href="#styling">Styling</a></li>
-	<li><a href="#templating">Templating</a></li>
+	<ol style="list-style-type: lower-roman;">
+		<li><a href="#cfgfiles">Style Config Files</a></li>
+		<li><a href="#genstyling">General Styling Rules</a></li>
+	</ol></li>
+	<li><a href="#templating">Templating</a>
+	<ol style="list-style-type: lower-roman;">
+		<li><a href="#templates">General Templating</a></li>
+		<li><a href="#inheritance">Template Inheritance</a></li>
+	</ol></li>
 	<li><a href="#charsets">Character Sets and Encodings</a></li>
 	<li><a href="#translation">Translation (<abbr title="Internationalisation">i18n</abbr>/<abbr title="Localisation">L10n</abbr>) Guidelines</a>
 	<ol style="list-style-type: lower-roman;">
@@ -110,7 +118,7 @@
 	<p>If entered with tabs (replace the {TAB}) both equal signs need to be on the same column.</p>
 
 	<h3>Linefeeds:</h3>
-	<p>Ensure that your editor is saving files in the UNIX format. This means lines are terminated with a newline, not with a CR/LF combo as they are on Win32, or whatever the Mac uses. Any decent editor should be able to do this, but it might not always be the default. Know your editor. If you want advice on Windows text editors, just ask one of the developers. Some of them do their editing on Win32.</p>
+	<p>Ensure that your editor is saving files in the UNIX (LF) line ending format. This means that lines are terminated with a newline, not with Windows Line endings (CR/LF combo) as they are on Win32 or Classic Mac (CR) Line endings. Any decent editor should be able to do this, but it might not always be the default setting. Know your editor. If you want advice for an editor for your Operating System, just ask one of the developers. Some of them do their editing on Win32.
 
 	<a name="fileheader"></a><h3>1.ii. File Header</h3>
 
@@ -188,8 +196,7 @@ class ...
 				<li><code>/includes/db/firebird.php</code><br />Firebird/Interbase Database Abstraction Layer</li>
 				<li><code>/includes/db/msssql.php</code><br />MSSQL Database Abstraction Layer</li>
 				<li><code>/includes/db/mssql_odbc.php</code><br />MSSQL ODBC Database Abstraction Layer for MSSQL</li>
-				<li><code>/includes/db/mysql.php</code><br />MySQL Database Abstraction Layer for MySQL 3.x/4.0.x</li>
-				<li><code>/includes/db/mysql4.php</code><br />MySQL4 Database Abstraction Layer for MySQL 4.1.x/5.x</li>
+				<li><code>/includes/db/mysql.php</code><br />MySQL Database Abstraction Layer for MySQL 3.x/4.0.x/4.1.x/5.x
 				<li><code>/includes/db/mysqli.php</code><br />MySQLi Database Abstraction Layer</li>
 				<li><code>/includes/db/oracle.php</code><br />Oracle Database Abstraction Layer</li>
 				<li><code>/includes/db/postgres.php</code><br />PostgreSQL Database Abstraction Layer</li>
@@ -518,7 +525,7 @@ switch ($mode)
 	break;
 
 	default:
-		// Always assume that the case got not catched
+		// Always assume that a case was not caught
 	break;
 }
 	</pre></div>
@@ -541,7 +548,7 @@ switch ($mode)
 
 	default:
 
-		// Always assume that the case got not catched
+		// Always assume that a case was not caught
 
 	break;
 }
@@ -569,7 +576,7 @@ switch ($mode)
 
 	default:
 
-		// Always assume that the case got not catched
+		// Always assume that a case was not caught
 
 	break;
 }
@@ -690,7 +697,29 @@ $sql = 'UPDATE ' . SOME_TABLE . '
 $db-&gt;sql_query($sql);
 	</pre></div>
 
-	<p>The <code>$db-&gt;sql_build_array()</code> function supports the following modes: <code>INSERT</code> (example above), <code>INSERT_SELECT</code> (building query for <code>INSERT INTO table (...) SELECT value, column ...</code> statements), <code>MULTI_INSERT</code> (for returning extended inserts), <code>UPDATE</code> (example above) and <code>SELECT</code> (for building WHERE statement [AND logic]).</p>
+	<p>The <code>$db-&gt;sql_build_array()</code> function supports the following modes: <code>INSERT</code> (example above), <code>INSERT_SELECT</code> (building query for <code>INSERT INTO table (...) SELECT value, column ...</code> statements), <code>UPDATE</code> (example above) and <code>SELECT</code> (for building WHERE statement [AND logic]).</p>
+
+	<h4>sql_multi_insert():</h4>
+
+	<p>If you want to insert multiple statements at once, please use the separate <code>sql_multi_insert()</code> method. An example:</p>
+
+	<div class="codebox"><pre>
+$sql_ary = array();
+
+$sql_ary[] = array(
+	'somedata'		=&gt; $my_string_1,
+	'otherdata'		=&gt; $an_int_1,
+	'moredata'		=&gt; $another_int_1,
+);
+
+$sql_ary[] = array(
+	'somedata'		=&gt; $my_string_2,
+	'otherdata'		=&gt; $an_int_2,
+	'moredata'		=&gt; $another_int_2,
+);
+
+$db->sql_multi_insert(SOME_TABLE, $sql_ary);
+	</pre></div>
 
 	<h4>sql_in_set():</h4>
 
@@ -973,8 +1002,18 @@ append_sid(&quot;{$phpbb_root_path}memberlist.$phpEx&quot;, 'mode=group&amp;amp;
 		<div class="inner"><span class="corners-top"><span></span></span>
 
 		<div class="content">
-
-<h4>General things</h4>
+	<a name="cfgfiles"></a><h3>3.i. Style Config Files</h3>
+	<p>Style cfg files are simple name-value lists with the information necessary for installing a style. Similar cfg files exist for templates, themes and imagesets. These follow the same principle and will not be introduced individually. Styles can use installed components by using the required_theme/required_template/required_imageset entries. The important part of the style configuration file is assigning an unique name.</p>
+	<div class="codebox"><pre>
+        # General Information about this style
+        name = prosilver_duplicate
+        copyright = &copy; phpBB Group, 2007
+        version = 3.0.3
+        required_template = prosilver
+        required_theme = prosilver
+        required_imageset = prosilver
+	</pre></div>
+	<a name="genstyling"></a><h3>3.2. General Styling Rules</h3>
 <p>Templates should be produced in a consistent manner. Where appropriate they should be based off an existing copy, e.g. index, viewforum or viewtopic (the combination of which implement a range of conditional and variable forms). Please also note that the intendation and coding guidelines also apply to templates where possible.</p>
 
 <p>The outer table class <code>forumline</code> has gone and is replaced with <code>tablebg</code>.</p>
@@ -1041,6 +1080,7 @@ append_sid(&quot;{$phpbb_root_path}memberlist.$phpEx&quot;, 'mode=group&amp;amp;
 		<div class="inner"><span class="corners-top"><span></span></span>
 
 		<div class="content">
+	<a name="templates"></a><h3>4.i. General Templating</h3>
 
 <h4>File naming</h4>
 <p>Firstly templates now take the suffix &quot;.html&quot; rather than &quot;.tpl&quot;. This was done simply to make the lifes of some people easier wrt syntax highlighting, etc.</p>
@@ -1059,7 +1099,7 @@ append_sid(&quot;{$phpbb_root_path}memberlist.$phpEx&quot;, 'mode=group&amp;amp;
 <span class="comment">&lt;!-- END loopname --&gt;</span>
 </pre></div>
 
-<p>A bit later loops will be explained further. To not irretate you we will explain conditionals as well as other statements first.</p>
+<p>A bit later loops will be explained further. To not irritate you we will explain conditionals as well as other statements first.</p>
 
 <h4>Including files</h4>
 <p>Something that existed in 2.0.x which no longer exists in 3.0.x is the ability to assign a template to a variable. This was used (for example) to output the jumpbox. Instead (perhaps better, perhaps not but certainly more flexible) we now have INCLUDE. This takes the simple form:</p>
@@ -1429,6 +1469,29 @@ div
 	&lt;/fieldset&gt
 &lt;/form&gt
 		</pre></div><br />
+
+	<a name="inheritance"></a><h3>4.ii. Template Inheritance</h3>
+		<p>When basing a new template on an existing one, it is not necessary to provide all template files. By declaring the template  to be &quot;<strong>inheriting</strong>&quot; in the template configuration file.</p>
+
+		<p>The limitation on this is that the base style has to be installed and complete, meaning that it is not itself inheriting.</p>
+
+		<p>The effect of doing so is that the template engine will use the files in the new template where they exist, but fall back to files in the base template otherwise. Declaring a style to be inheriting also causes it to use some of the configuration settings of the base style, notably database storage.</p>
+
+		<p>We strongly encourage the use of inheritance for styles based on the bundled styles, as it will ease the update procedure.</p>
+
+		<div class="codebox"><pre>
+        # General Information about this template
+        name = inherits
+        copyright = &copy; phpBB Group, 2007
+        version = 3.0.3
+
+        # Defining a different template bitfield
+        template_bitfield = lNg=
+
+        # Are we inheriting?
+        inherit_from = prosilver
+		</pre></div>
+
 		</div>
 
 		<div class="back2top"><a href="#wrap" class="top">Back to Top</a></div>
@@ -1450,7 +1513,7 @@ div
 
 
 <h4>What are Unicode, UCS and UTF-8?</h4>
-<p>The <a href="http://en.wikipedia.org/wiki/Universal_Character_Set">Universal Character Set (UCS)</a> described in ISO/IEC 10646 consists of a large amount of characters. Each of them has a unique name and a code point which is an integer number. <a href="http://en.wikipedia.org/wiki/Unicode">Unicode</a> - which is an industry standard - complements the Universal Character Set with further information about the characters' properties and alternative character encodings. More information on Unicode can be found on the <a href="http://www.unicode.org/">Unicode Consortium's website</a>. One of the Unicode encodings is the <a href="http://en.wikipedia.org/wiki/UTF-8">8-bit Unicode Transformation Format (UTF-8)</a>. It encodes characters with up to four bytes aiming for maximum compatability with the <a href="http://en.wikipedia.org/wiki/ASCII">American Standard Code for Information Interchange</a> which is a 7-bit encoding of a relatively small subset of the UCS.</p>
+<p>The <a href="http://en.wikipedia.org/wiki/Universal_Character_Set">Universal Character Set (UCS)</a> described in ISO/IEC 10646 consists of a large amount of characters. Each of them has a unique name and a code point which is an integer number. <a href="http://en.wikipedia.org/wiki/Unicode">Unicode</a> - which is an industry standard - complements the Universal Character Set with further information about the characters' properties and alternative character encodings. More information on Unicode can be found on the <a href="http://www.unicode.org/">Unicode Consortium's website</a>. One of the Unicode encodings is the <a href="http://en.wikipedia.org/wiki/UTF-8">8-bit Unicode Transformation Format (UTF-8)</a>. It encodes characters with up to four bytes aiming for maximum compatibility with the <a href="http://en.wikipedia.org/wiki/ASCII">American Standard Code for Information Interchange</a> which is a 7-bit encoding of a relatively small subset of the UCS.</p>
 
 <h4>phpBB's use of Unicode</h4>
 <p>Unfortunately PHP does not faciliate the use of Unicode prior to version 6. Most functions simply treat strings as sequences of bytes assuming that each character takes up exactly one byte. This behaviour still allows for storing UTF-8 encoded text in PHP strings but many operations on strings have unexpected results. To circumvent this problem we have created some alternative functions to PHP's native string operations which use code points instead of bytes. These functions can be found in <code>/includes/utf/utf_tools.php</code>. They are also covered in the <a href="http://area51.phpbb.com/docs/code/">phpBB3 Sourcecode Documentation</a>. A lot of native PHP functions still work with UTF-8 as long as you stick to certain restrictions. For example <code>explode</code> still works as long as the first and the last character of the delimiter string are ASCII characters.</p>
@@ -2195,6 +2258,21 @@ if (utf8_case_fold_nfc($string1) == utf8_case_fold_nfc($string2))
 
 		<div class="content">
 
+
+<h3>Revision 8732</h3>
+
+<ul>
+	<li>Added cfg files.</li>
+	<li>Added template <a href="#inheritance">inheritance</a>.</li>
+</ul>
+
+<h3>Revision 8596+</h3>
+
+<ul>
+	<li>Removed sql_build_array('MULTI_INSERT'... statements.</li>
+	<li>Added sql_multi_insert() explanation.</li>
+</ul>
+
 <h3>Revision 1.31</h3>
 
 <ul>

phpBB/docs/hook_system.html

@@ -14,7 +14,7 @@
 <title>phpBB3 &bull; Hook System</title>
 
 <style type="text/css">
-<!--
+/* <![CDATA[ */
 
 /*
 	The original "prosilver" theme for phpBB3
@@ -309,7 +309,7 @@ a:active	{ color: #368AD2; }
 	margin-left: 25px;
 }
 
-//-->
+/* ]]> */
 </style>
 
 </head>

phpBB/download/file.php

@@ -15,9 +15,29 @@ define('IN_PHPBB', true);
 $phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './../';
 $phpEx = substr(strrchr(__FILE__, '.'), 1);
 
+
+// Thank you sun. 
+if (isset($_SERVER['CONTENT_TYPE']))
+{
+	if ($_SERVER['CONTENT_TYPE'] === 'application/x-java-archive')
+	{
+		exit;
+	}
+}
+else if (isset($_SERVER['HTTP_USER_AGENT']) && strpos($_SERVER['HTTP_USER_AGENT'], 'Java') !== false)
+{
+	exit;
+}
+
 if (isset($_GET['avatar']))
 {
 	require($phpbb_root_path . 'config.' . $phpEx);
+
+	if (!defined('PHPBB_INSTALLED') || empty($dbms) || empty($acm_type))
+	{
+		exit;
+	}
+
 	require($phpbb_root_path . 'includes/acm/acm_' . $acm_type . '.' . $phpEx);
 	require($phpbb_root_path . 'includes/cache.' . $phpEx);
 	require($phpbb_root_path . 'includes/db/' . $dbms . '.' . $phpEx);
@@ -32,92 +52,56 @@ if (isset($_GET['avatar']))
 		exit;
 	}
 	unset($dbpasswd);
-	
+
 	// worst-case default
 	$browser = (!empty($_SERVER['HTTP_USER_AGENT'])) ? htmlspecialchars((string) $_SERVER['HTTP_USER_AGENT']) : 'msie 6.0';
 
 	$config = $cache->obtain_config();
 	$filename = $_GET['avatar'];
 	$avatar_group = false;
+	$exit = false;
+	
 	if ($filename[0] === 'g')
 	{
 		$avatar_group = true;
 		$filename = substr($filename, 1);
 	}
-	
+
 	// '==' is not a bug - . as the first char is as bad as no dot at all
 	if (strpos($filename, '.') == false)
 	{
-		header('HTTP/1.0 403 forbidden');
-		if (!empty($cache))
-		{
-			$cache->unload();
-		}
-		$db->sql_close();
-		exit;
+		header('HTTP/1.0 403 Forbidden');
+		$exit = true;
+	}
+
+	if (!$exit)
+	{
+		$ext		= substr(strrchr($filename, '.'), 1);
+		$stamp		= (int) substr(stristr($filename, '_'), 1);
+		$filename	= (int) $filename;
+		$exit = set_modified_headers($stamp, $browser);
+	}
+	if (!$exit && !in_array($ext, array('png', 'gif', 'jpg', 'jpeg')))
+	{
+		// no way such an avatar could exist. They are not following the rules, stop the show.
+		header("HTTP/1.0 403 Forbidden");
+		$exit = true;
 	}
 	
-	$ext		= substr(strrchr($filename, '.'), 1);
-	$stamp		= (int) substr(stristr($filename, '_'), 1);
-	$filename	= (int) $filename;
 	
-	// let's see if we have to send the file at all
-	$last_load 	=  isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) ? strtotime(trim($_SERVER['HTTP_IF_MODIFIED_SINCE'])) : false;
-	if (strpos(strtolower($browser), 'msie 6.0') === false)
+	if (!$exit)
 	{
-		if ($last_load !== false && $last_load <= $stamp)
+		if (!$filename)
 		{
-			if (@php_sapi_name() === 'CGI') 
-			{
-				header('Status: 304 Not Modified', true, 304);
-			} 
-			else 
-			{
-				header('HTTP/1.0 304 Not Modified', true, 304);
-			}
-			// seems that we need those too ... browsers
-			header('Pragma: public');
-			header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', time() + 31536000));
-			exit();
-		} 
+			// no way such an avatar could exist. They are not following the rules, stop the show.
+			header("HTTP/1.0 403 Forbidden");
+		}
 		else
 		{
-			header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $stamp) . ' GMT');
+			send_avatar_to_browser(($avatar_group ? 'g' : '') . $filename . '.' . $ext, $browser);
 		}
 	}
-	
-	if (!in_array($ext, array('png', 'gif', 'jpg', 'jpeg')))
-	{
-		// no way such an avatar could exist. They are not following the rules, stop the show.
-		header("HTTP/1.0 403 forbidden");
-		if (!empty($cache))
-		{
-			$cache->unload();
-		}
-		$db->sql_close();
-		exit;
-	}
-	
-	if (!$filename)
-	{
-		// no way such an avatar could exist. They are not following the rules, stop the show.
-		header("HTTP/1.0 403 forbidden");
-		if (!empty($cache))
-		{
-			$cache->unload();
-		}
-		$db->sql_close();
-		exit;
-	}
-
-	send_avatar_to_browser(($avatar_group ? 'g' : '') . $filename . '.' . $ext, $browser);
-
-	if (!empty($cache))
-	{
-		$cache->unload();
-	}
-	$db->sql_close();
-	exit;
+	file_gc();
 }
 
 // implicit else: we are not in avatar mode
@@ -142,7 +126,7 @@ if (!$config['allow_attachments'] && !$config['allow_pm_attach'])
 	trigger_error('ATTACHMENT_FUNCTIONALITY_DISABLED');
 }
 
-$sql = 'SELECT attach_id, in_message, post_msg_id, extension, is_orphan, poster_id
+$sql = 'SELECT attach_id, in_message, post_msg_id, extension, is_orphan, poster_id, filetime
 	FROM ' . ATTACHMENTS_TABLE . "
 	WHERE attach_id = $download_id";
 $result = $db->sql_query_limit($sql, 1);
@@ -208,8 +192,32 @@ else
 		$row['forum_id'] = false;
 		if (!$auth->acl_get('u_pm_download'))
 		{
+			header('HTTP/1.0 403 Forbidden');
 			trigger_error('SORRY_AUTH_VIEW_ATTACH');
 		}
+
+		// Check if the attachment is within the users scope...
+		$sql = 'SELECT user_id, author_id
+			FROM ' . PRIVMSGS_TO_TABLE . '
+			WHERE msg_id = ' . $attachment['post_msg_id'];
+		$result = $db->sql_query($sql);
+
+		$allowed = false;
+		while ($user_row = $db->sql_fetchrow($result))
+		{
+			if ($user->data['user_id'] == $user_row['user_id'] || $user->data['user_id'] == $user_row['author_id'])
+			{
+				$allowed = true;
+				break;
+			}
+		}
+		$db->sql_freeresult($result);
+
+		if (!$allowed)
+		{
+			header('HTTP/1.0 403 Forbidden');
+			trigger_error('ERROR_NO_ATTACHMENT');
+		}
 	}
 
 	// disallowed?
@@ -222,13 +230,14 @@ else
 
 if (!download_allowed())
 {
+	header('HTTP/1.0 403 Forbidden');
 	trigger_error($user->lang['LINKAGE_FORBIDDEN']);
 }
 
 $download_mode = (int) $extensions[$attachment['extension']]['download_mode'];
 
 // Fetching filename here to prevent sniffing of filename
-$sql = 'SELECT attach_id, is_orphan, in_message, post_msg_id, extension, physical_filename, real_filename, mimetype
+$sql = 'SELECT attach_id, is_orphan, in_message, post_msg_id, extension, physical_filename, real_filename, mimetype, filetime
 	FROM ' . ATTACHMENTS_TABLE . "
 	WHERE attach_id = $download_id";
 $result = $db->sql_query_limit($sql, 1);
@@ -266,7 +275,7 @@ else if (($display_cat == ATTACHMENT_CATEGORY_NONE || $display_cat == ATTACHMENT
 	$db->sql_query($sql);
 }
 
-if ($display_cat == ATTACHMENT_CATEGORY_IMAGE && $mode === 'view' && (strpos($attachment['mimetype'], 'image') === 0) && strpos(strtolower($user->browser), 'msie') !== false)
+if ($display_cat == ATTACHMENT_CATEGORY_IMAGE && $mode === 'view' && (strpos($attachment['mimetype'], 'image') === 0) && ((strpos(strtolower($user->browser), 'msie') !== false) && (strpos(strtolower($user->browser), 'msie 8.0') === false)))
 {
 	wrap_img_in_html(append_sid($phpbb_root_path . 'download/file.' . $phpEx, 'id=' . $attachment['attach_id']), $attachment['real_filename']);
 }
@@ -280,14 +289,14 @@ else
 		{
 			trigger_error($user->lang['PHYSICAL_DOWNLOAD_NOT_POSSIBLE']);
 		}
-		
+
 		redirect($phpbb_root_path . $config['upload_path'] . '/' . $attachment['physical_filename']);
-		exit;
+		file_gc();
 	}
 	else
 	{
 		send_file_to_browser($attachment, $config['upload_path'], $display_cat);
-		exit;
+		file_gc();
 	}
 }
 
@@ -323,7 +332,7 @@ function send_avatar_to_browser($file, $browser)
 		$image_data = @getimagesize($file_path);
 		header('Content-Type: ' . image_type_to_mime_type($image_data[2]));
 
-		if (strpos(strtolower($browser), 'msie') !== false)
+		if (strpos(strtolower($browser), 'msie') !== false && strpos(strtolower($browser), 'msie 8.0') === false)
 		{
 			header('Content-Disposition: attachment; ' . header_filename($file));
 
@@ -348,7 +357,7 @@ function send_avatar_to_browser($file, $browser)
 			header("Content-Length: $size");
 		}
 
-		if (@readfile($file_path) === false)
+		if (@readfile($file_path) == false)
 		{
 			$fp = @fopen($file_path, 'rb');
 
@@ -453,9 +462,10 @@ function send_file_to_browser($attachment, $upload_dir, $category)
 	*/
 
 	// Send out the Headers. Do not set Content-Disposition to inline please, it is a security measure for users using the Internet Explorer.
-	header('Content-Type: ' . $attachment['mimetype']);
+	$is_ie8 = (strpos(strtolower($user->browser), 'msie 8.0') !== false);
+	header('Content-Type: ' . $attachment['mimetype'] . (($is_ie8) ? '; authoritative=true;' : ''));
 
-	if (empty($user->browser) || (strpos(strtolower($user->browser), 'msie') !== false))
+	if (empty($user->browser) || (!$is_ie8 && (strpos(strtolower($user->browser), 'msie') !== false)))
 	{
 		header('Content-Disposition: attachment; ' . header_filename(htmlspecialchars_decode($attachment['real_filename'])));
 		if (empty($user->browser) || (strpos(strtolower($user->browser), 'msie 6.0') !== false))
@@ -466,33 +476,43 @@ function send_file_to_browser($attachment, $upload_dir, $category)
 	else
 	{
 		header('Content-Disposition: ' . ((strpos($attachment['mimetype'], 'image') === 0) ? 'inline' : 'attachment') . '; ' . header_filename(htmlspecialchars_decode($attachment['real_filename'])));
+		if ($is_ie8 && (strpos($attachment['mimetype'], 'image') !== 0))
+		{
+			header('X-Download-Options: noopen');
+		}
 	}
-	
+
 	if ($size)
 	{
 		header("Content-Length: $size");
 	}
 
-	// Try to deliver in chunks
-	@set_time_limit(0);
+	// Close the db connection before sending the file
+	$db->sql_close();
 
-	$fp = @fopen($filename, 'rb');
-
-	if ($fp !== false)
+	if (!set_modified_headers($attachment['filetime'], $user->browser))
 	{
-		while (!feof($fp))
+		// Try to deliver in chunks
+		@set_time_limit(0);
+
+		$fp = @fopen($filename, 'rb');
+
+		if ($fp !== false)
 		{
-			echo fread($fp, 8192);
+			while (!feof($fp))
+			{
+				echo fread($fp, 8192);
+			}
+			fclose($fp);
+		}
+		else
+		{
+			@readfile($filename);
 		}
-		fclose($fp);
-	}
-	else
-	{
-		@readfile($filename);
-	}
 
-	flush();
-	exit;
+		flush();
+	}
+	file_gc();
 }
 
 /**
@@ -556,9 +576,9 @@ function download_allowed()
 			}
 		}
 	}
-	
+
 	// Check for own server...
-	$server_name = (!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME');
+	$server_name = $user->host;
 
 	// Forcing server vars is the only way to specify/override the protocol
 	if ($config['force_server_vars'] || !$server_name)
@@ -570,7 +590,7 @@ function download_allowed()
 	{
 		$allowed = true;
 	}
-	
+
 	// Get IP's and Hostnames
 	if (!$allowed)
 	{
@@ -620,8 +640,52 @@ function download_allowed()
 		}
 		$db->sql_freeresult($result);
 	}
-	
+
 	return $allowed;
 }
 
+/**
+* Check if the browser has the file already and set the appropriate headers-
+* @returns false if a resend is in order.
+*/
+function set_modified_headers($stamp, $browser)
+{
+	// let's see if we have to send the file at all
+	$last_load 	=  isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) ? strtotime(trim($_SERVER['HTTP_IF_MODIFIED_SINCE'])) : false;
+	if ((strpos(strtolower($browser), 'msie 6.0') === false) && (strpos(strtolower($browser), 'msie 8.0') === false))
+	{
+		if ($last_load !== false && $last_load <= $stamp)
+		{
+			if (@php_sapi_name() === 'CGI')
+			{
+				header('Status: 304 Not Modified', true, 304);
+			}
+			else
+			{
+				header('HTTP/1.0 304 Not Modified', true, 304);
+			}
+			// seems that we need those too ... browsers
+			header('Pragma: public');
+			header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', time() + 31536000));
+			return true;
+		}
+		else
+		{
+			header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $stamp) . ' GMT');
+		}
+	}
+	return false;
+}
+
+function file_gc()
+{
+	global $cache, $db;
+	if (!empty($cache))
+	{
+		$cache->unload();
+	}
+	$db->sql_close();
+	exit;
+}
+
 ?>

phpBB/includes/acm/acm_file.php

@@ -93,7 +93,13 @@ class acm
 			@flock($fp, LOCK_UN);
 			fclose($fp);
 
-			@chmod($this->cache_dir . 'data_global.' . $phpEx, 0666);
+			if (!function_exists('phpbb_chmod'))
+			{
+				global $phpbb_root_path;
+				include($phpbb_root_path . 'includes/functions.' . $phpEx);
+			}
+
+			phpbb_chmod($this->cache_dir . 'data_global.' . $phpEx, CHMOD_WRITE);
 		}
 		else
 		{
@@ -154,7 +160,7 @@ class acm
 				}
 			}
 		}
-		
+
 		set_config('cache_last_gc', time(), true);
 	}
 
@@ -193,11 +199,17 @@ class acm
 			if ($fp = @fopen($this->cache_dir . "data{$var_name}.$phpEx", 'wb'))
 			{
 				@flock($fp, LOCK_EX);
-				fwrite($fp, "<?php\n\$expired = (time() > " . (time() + $ttl) . ") ? true : false;\nif (\$expired) { return; }\n\n\$data = " . var_export($var, true) . ";\n?>");
+				fwrite($fp, "<?php\n\$expired = (time() > " . (time() + $ttl) . ") ? true : false;\nif (\$expired) { return; }\n\n\$data =  " . (sizeof($var) ? "unserialize(" . var_export(serialize($var), true) . ");" : 'array();') . "\n\n?>");
 				@flock($fp, LOCK_UN);
 				fclose($fp);
 
-				@chmod($this->cache_dir . "data{$var_name}.$phpEx", 0666);
+				if (!function_exists('phpbb_chmod'))
+				{
+					global $phpbb_root_path;
+					include($phpbb_root_path . 'includes/functions.' . $phpEx);
+				}
+
+				phpbb_chmod($this->cache_dir . "data{$var_name}.$phpEx", CHMOD_WRITE);
 			}
 		}
 		else
@@ -312,7 +324,7 @@ class acm
 
 		if ($var_name[0] == '_')
 		{
-			$this->remove_file($this->cache_dir . 'data' . $var_name . ".$phpEx");
+			$this->remove_file($this->cache_dir . 'data' . $var_name . ".$phpEx", true);
 		}
 		else if (isset($this->vars[$var_name]))
 		{
@@ -375,7 +387,7 @@ class acm
 		}
 		else if ($expired)
 		{
-			$this->remove_file($this->cache_dir . 'sql_' . md5($query) . ".$phpEx");
+			$this->remove_file($this->cache_dir . 'sql_' . md5($query) . ".$phpEx", true);
 			return false;
 		}
 
@@ -412,11 +424,17 @@ class acm
 			$file = "<?php\n\n/* " . str_replace('*/', '*\/', $query) . " */\n";
 			$file .= "\n\$expired = (time() > " . (time() + $ttl) . ") ? true : false;\nif (\$expired) { return; }\n";
 
-			fwrite($fp, $file . "\n\$this->sql_rowset[\$query_id] = " . var_export($this->sql_rowset[$query_id], true) . ";\n?>");
+			fwrite($fp, $file . "\n\$this->sql_rowset[\$query_id] = " . (sizeof($this->sql_rowset[$query_id]) ? "unserialize(" . var_export(serialize($this->sql_rowset[$query_id]), true) . ");" : 'array();') . "\n\n?>");
 			@flock($fp, LOCK_UN);
 			fclose($fp);
 
-			@chmod($filename, 0666);
+			if (!function_exists('phpbb_chmod'))
+			{
+				global $phpbb_root_path;
+				include($phpbb_root_path . 'includes/functions.' . $phpEx);
+			}
+
+			phpbb_chmod($filename, CHMOD_WRITE);
 
 			$query_result = $query_id;
 		}
@@ -489,13 +507,15 @@ class acm
 	/**
 	* Removes/unlinks file
 	*/
-	function remove_file($filename)
+	function remove_file($filename, $check = false)
 	{
-		if (!@unlink($filename))
+		if ($check && !@is_writable($this->cache_dir))
 		{
 			// E_USER_ERROR - not using language entry - intended.
 			trigger_error('Unable to remove files within ' . $this->cache_dir . '. Please check directory permissions.', E_USER_ERROR);
 		}
+
+		return @unlink($filename);
 	}
 }
 

phpBB/includes/acp/acp_attachments.php

@@ -23,7 +23,7 @@ class acp_attachments
 {
 	var $u_action;
 	var $new_config;
-	
+
 	function main($id, $mode)
 	{
 		global $db, $user, $auth, $template, $cache;
@@ -56,7 +56,7 @@ class acp_attachments
 			case 'ext_groups':
 				$l_title = 'ACP_EXTENSION_GROUPS';
 			break;
-	
+
 			case 'orphan':
 				$l_title = 'ACP_ORPHAN_ATTACHMENTS';
 			break;
@@ -99,9 +99,13 @@ class acp_attachments
 				$display_vars = array(
 					'title'	=> 'ACP_ATTACHMENT_SETTINGS',
 					'vars'	=> array(
-						'img_max_width' => false, 'img_max_height' => false, 'img_link_width' => false, 'img_link_height' => false,
-
 						'legend1'				=> 'ACP_ATTACHMENT_SETTINGS',
+
+						'img_max_width'			=> array('lang' => 'MAX_IMAGE_SIZE', 'validate' => 'int:0', 'type' => false, 'method' => false, 'explain' => false,),
+						'img_max_height'		=> array('lang' => 'MAX_IMAGE_SIZE', 'validate' => 'int:0', 'type' => false, 'method' => false, 'explain' => false,),
+						'img_link_width'		=> array('lang' => 'IMAGE_LINK_SIZE', 'validate' => 'int:0', 'type' => false, 'method' => false, 'explain' => false,),
+						'img_link_height'		=> array('lang' => 'IMAGE_LINK_SIZE', 'validate' => 'int:0', 'type' => false, 'method' => false, 'explain' => false,),
+
 						'allow_attachments'		=> array('lang' => 'ALLOW_ATTACHMENTS',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
 						'allow_pm_attach'		=> array('lang' => 'ALLOW_PM_ATTACHMENTS',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
 						'upload_path'			=> array('lang' => 'UPLOAD_DIR',			'validate' => 'wpath',	'type' => 'text:25:100', 'explain' => true),
@@ -113,7 +117,9 @@ class acp_attachments
 						'max_attachments_pm'	=> array('lang' => 'MAX_ATTACHMENTS_PM',	'validate' => 'int',	'type' => 'text:3:3', 'explain' => false),
 						'secure_downloads'		=> array('lang' => 'SECURE_DOWNLOADS',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'secure_allow_deny'		=> array('lang' => 'SECURE_ALLOW_DENY',		'validate' => 'int',	'type' => 'custom', 'method' => 'select_allow_deny', 'explain' => true),
-						'secure_allow_empty_referer' => array('lang' => 'SECURE_EMPTY_REFERRER', 'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
+						'secure_allow_empty_referer'	=> array('lang' => 'SECURE_EMPTY_REFERRER', 'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
+						'check_attachment_content' 		=> array('lang' => 'CHECK_CONTENT', 'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
+
 
 						'legend2'					=> $l_legend_cat_images,
 						'img_display_inlined'		=> array('lang' => 'DISPLAY_INLINED',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
@@ -184,7 +190,18 @@ class acp_attachments
 				}
 
 				// We strip eventually manual added convert program, we only want the patch
-				$this->new_config['img_imagick'] = str_replace(array('convert', '.exe'), array('', ''), $this->new_config['img_imagick']);
+				if ($this->new_config['img_imagick'])
+				{
+					// Change path separator
+					$this->new_config['img_imagick'] = str_replace('\\', '/', $this->new_config['img_imagick']);
+					$this->new_config['img_imagick'] = str_replace(array('convert', '.exe'), array('', ''), $this->new_config['img_imagick']);
+
+					// Check for trailing slash
+					if (substr($this->new_config['img_imagick'], -1) !== '/')
+					{
+						$this->new_config['img_imagick'] .= '/';
+					}
+				}
 
 				$supported_types = get_supported_image_types();
 
@@ -201,7 +218,7 @@ class acp_attachments
 
 				// Secure Download Options - Same procedure as with banning
 				$allow_deny = ($this->new_config['secure_allow_deny']) ? 'ALLOWED' : 'DISALLOWED';
-		
+
 				$sql = 'SELECT *
 					FROM ' . SITELIST_TABLE;
 				$result = $db->sql_query($sql);
@@ -263,15 +280,21 @@ class acp_attachments
 						$l_explain = (isset($user->lang[$vars['lang'] . '_EXPLAIN'])) ? $user->lang[$vars['lang'] . '_EXPLAIN'] : '';
 					}
 
+					$content = build_cfg_template($type, $config_key, $this->new_config, $config_key, $vars);
+					if (empty($content))
+					{
+						continue;
+					}
+
 					$template->assign_block_vars('options', array(
 						'KEY'			=> $config_key,
 						'TITLE'			=> $user->lang[$vars['lang']],
 						'S_EXPLAIN'		=> $vars['explain'],
 						'TITLE_EXPLAIN'	=> $l_explain,
-						'CONTENT'		=> build_cfg_template($type, $config_key, $this->new_config, $config_key, $vars),
+						'CONTENT'		=> $content,
 						)
 					);
-		
+
 					unset($display_vars['vars'][$config_key]);
 				}
 
@@ -323,7 +346,7 @@ class acp_attachments
 								FROM ' . EXTENSIONS_TABLE . '
 								WHERE ' . $db->sql_in_set('extension_id', $extension_id_list);
 							$result = $db->sql_query($sql);
-							
+
 							$extension_list = '';
 							while ($row = $db->sql_fetchrow($result))
 							{
@@ -353,7 +376,7 @@ class acp_attachments
 								FROM ' . EXTENSIONS_TABLE . "
 								WHERE extension = '" . $db->sql_escape($add_extension) . "'";
 							$result = $db->sql_query($sql);
-							
+
 							if ($row = $db->sql_fetchrow($result))
 							{
 								$error[] = sprintf($user->lang['EXTENSION_EXIST'], $add_extension);
@@ -592,7 +615,7 @@ class acp_attachments
 								SET group_id = 0
 								WHERE group_id = $group_id";
 							$db->sql_query($sql);
-					
+
 							add_log('admin', 'LOG_ATTACH_EXTGROUP_DEL', $group_name);
 
 							$cache->destroy('_extensions');
@@ -662,8 +685,7 @@ class acp_attachments
 						}
 
 						$size_format = ($ext_group_row['max_filesize'] >= 1048576) ? 'mb' : (($ext_group_row['max_filesize'] >= 1024) ? 'kb' : 'b');
-
-						$ext_group_row['max_filesize'] = ($ext_group_row['max_filesize'] >= 1048576) ? round($ext_group_row['max_filesize'] / 1048576 * 100) / 100 : (($ext_group_row['max_filesize'] >= 1024) ? round($ext_group_row['max_filesize'] / 1024 * 100) / 100 : $ext_group_row['max_filesize']);
+						$ext_group_row['max_filesize'] = get_formatted_filesize($ext_group_row['max_filesize'], false);
 
 						$img_path = $config['upload_icons_path'];
 
@@ -743,6 +765,8 @@ class acp_attachments
 
 						$s_forum_id_options = '';
 
+						/** @todo use in-built function **/
+
 						$sql = 'SELECT forum_id, forum_name, parent_id, forum_type, left_id, right_id
 							FROM ' . FORUMS_TABLE . '
 							ORDER BY left_id ASC';
@@ -773,7 +797,7 @@ class acp_attachments
 							}
 							else if ($row['left_id'] > $right + 1)
 							{
-								$padding = $padding_store[$row['parent_id']];
+								$padding = empty($padding_store[$row['parent_id']]) ? '' : $padding_store[$row['parent_id']];
 							}
 
 							$right = $row['right_id'];
@@ -889,7 +913,7 @@ class acp_attachments
 					$upload_list = array();
 					foreach ($add_files as $attach_id)
 					{
-						if (!in_array($attach_id, array_keys($delete_files)) && !empty($post_ids[$attach_id]))
+						if (!isset($delete_files[$attach_id]) && !empty($post_ids[$attach_id]))
 						{
 							$upload_list[$attach_id] = $post_ids[$attach_id];
 						}
@@ -930,6 +954,7 @@ class acp_attachments
 								AND is_orphan = 1';
 						$result = $db->sql_query($sql);
 
+						$files_added = $space_taken = 0;
 						while ($row = $db->sql_fetchrow($result))
 						{
 							$post_row = $post_info[$upload_list[$row['attach_id']]];
@@ -969,9 +994,18 @@ class acp_attachments
 								WHERE topic_id = ' . $post_row['topic_id'];
 							$db->sql_query($sql);
 
+							$space_taken += $row['filesize'];
+							$files_added++;
+
 							add_log('admin', 'LOG_ATTACH_FILEUPLOAD', $post_row['post_id'], $row['real_filename']);
 						}
 						$db->sql_freeresult($result);
+
+						if ($files_added)
+						{
+							set_config('upload_dir_size', $config['upload_dir_size'] + $space_taken, true);
+							set_config('num_files', $config['num_files'] + $files_added, true);
+						}
 					}
 				}
 
@@ -989,11 +1023,8 @@ class acp_attachments
 
 				while ($row = $db->sql_fetchrow($result))
 				{
-					$size_lang = ($row['filesize'] >= 1048576) ? $user->lang['MB'] : (($row['filesize'] >= 1024) ? $user->lang['KB'] : $user->lang['BYTES']);
-					$row['filesize'] = ($row['filesize'] >= 1048576) ? round((round($row['filesize'] / 1048576 * 100) / 100), 2) : (($row['filesize'] >= 1024) ? round((round($row['filesize'] / 1024 * 100) / 100), 2) : $row['filesize']);
-
 					$template->assign_block_vars('orphan', array(
-						'FILESIZE'			=> $row['filesize'] . ' ' . $size_lang,
+						'FILESIZE'			=> get_formatted_filesize($row['filesize']),
 						'FILETIME'			=> $user->format_date($row['filetime']),
 						'REAL_FILENAME'		=> basename($row['real_filename']),
 						'PHYSICAL_FILENAME'	=> basename($row['physical_filename']),
@@ -1039,7 +1070,7 @@ class acp_attachments
 			ATTACHMENT_CATEGORY_FLASH		=> $user->lang['CAT_FLASH_FILES'],
 			ATTACHMENT_CATEGORY_QUICKTIME	=> $user->lang['CAT_QUICKTIME_FILES'],
 		);
-		
+
 		if ($group_id)
 		{
 			$sql = 'SELECT cat_id
@@ -1055,7 +1086,7 @@ class acp_attachments
 		{
 			$cat_type = ATTACHMENT_CATEGORY_NONE;
 		}
-		
+
 		$group_select = '<select name="' . $select_name . '"' . (($key) ? ' id="' . $key . '"' : '') . '>';
 
 		foreach ($types as $type => $mode)
@@ -1075,7 +1106,7 @@ class acp_attachments
 	function group_select($select_name, $default_group = false, $key = '')
 	{
 		global $db, $user;
-			
+
 		$group_select = '<select name="' . $select_name . '"' . (($key) ? ' id="' . $key . '"' : '') . '>';
 
 		$sql = 'SELECT group_id, group_name
@@ -1093,7 +1124,7 @@ class acp_attachments
 		$row['group_id'] = 0;
 		$row['group_name'] = $user->lang['NOT_ASSIGNED'];
 		$group_name[] = $row;
-		
+
 		for ($i = 0; $i < sizeof($group_name); $i++)
 		{
 			if ($default_group === false)
@@ -1127,19 +1158,19 @@ class acp_attachments
 		if (empty($magic_home))
 		{
 			$locations = array('C:/WINDOWS/', 'C:/WINNT/', 'C:/WINDOWS/SYSTEM/', 'C:/WINNT/SYSTEM/', 'C:/WINDOWS/SYSTEM32/', 'C:/WINNT/SYSTEM32/', '/usr/bin/', '/usr/sbin/', '/usr/local/bin/', '/usr/local/sbin/', '/opt/', '/usr/imagemagick/', '/usr/bin/imagemagick/');
-			$path_locations = str_replace('\\', '/', (explode(($exe) ? ';' : ':', getenv('PATH'))));	
+			$path_locations = str_replace('\\', '/', (explode(($exe) ? ';' : ':', getenv('PATH'))));
 
 			$locations = array_merge($path_locations, $locations);
 
 			foreach ($locations as $location)
 			{
 				// The path might not end properly, fudge it
-				if (substr($location, -1, 1) !== '/')
+				if (substr($location, -1) !== '/')
 				{
 					$location .= '/';
 				}
 
-				if (@is_readable($location . 'mogrify' . $exe) && @filesize($location . 'mogrify' . $exe) > 3000)
+				if (@file_exists($location) && @is_readable($location . 'mogrify' . $exe) && @filesize($location . 'mogrify' . $exe) > 3000)
 				{
 					$imagick = str_replace('\\', '/', $location);
 					continue;
@@ -1167,7 +1198,7 @@ class acp_attachments
 			if (!file_exists($phpbb_root_path . $upload_dir))
 			{
 				@mkdir($phpbb_root_path . $upload_dir, 0777);
-				@chmod($phpbb_root_path . $upload_dir, 0777);
+				phpbb_chmod($phpbb_root_path . $upload_dir, CHMOD_READ | CHMOD_WRITE);
 			}
 		}
 
@@ -1341,7 +1372,7 @@ class acp_attachments
 					$db->sql_query($sql);
 				}
 			}
-			
+
 			if (!empty($ip_list_log))
 			{
 				// Update log
@@ -1399,7 +1430,7 @@ class acp_attachments
 	{
 		// Determine size var and adjust the value accordingly
 		$size_var = ($value >= 1048576) ? 'mb' : (($value >= 1024) ? 'kb' : 'b');
-		$value = ($value >= 1048576) ? round($value / 1048576 * 100) / 100 : (($value >= 1024) ? round($value / 1024 * 100) / 100 : $value);
+		$value = get_formatted_filesize($value, false);
 
 		return '<input type="text" id="' . $key . '" size="8" maxlength="15" name="config[' . $key . ']" value="' . $value . '" /> <select name="' . $key . '">' . size_select_options($size_var) . '</select>';
 	}

phpBB/includes/acp/acp_bbcodes.php

@@ -168,6 +168,12 @@ class acp_bbcodes
 				{
 					trigger_error($user->lang['BBCODE_TAG_DEF_TOO_LONG'] . adm_back_link($this->u_action), E_USER_WARNING);
 				}
+				
+				
+				if (strlen($bbcode_helpline) > 255)
+				{
+					trigger_error($user->lang['BBCODE_HELPLINE_TOO_LONG'] . adm_back_link($this->u_action), E_USER_WARNING);
+				}
 
 				$sql_ary = array(
 					'bbcode_tag'				=> $data['bbcode_tag'],
@@ -312,7 +318,7 @@ class acp_bbcodes
 				'!(' . str_replace(array('!', '\#'), array('\!', '#'), get_preg_expression('relative_url')) . ')!e'	=>	"\$this->bbcode_specialchars('$1')"
 			),
 			'EMAIL' => array(
-				'!([a-z0-9]+[a-z0-9\-\._]*@(?:(?:[0-9]{1,3}\.){3,5}[0-9]{1,3}|[a-z0-9]+[a-z0-9\-\._]*\.[a-z]+))!i'	=>	"\$this->bbcode_specialchars('$1')"
+				'!(' . get_preg_expression('email') . ')!ie'	=>	"\$this->bbcode_specialchars('$1')"
 			),
 			'TEXT' => array(
 				'!(.*?)!es'	 =>	"str_replace(array(\"\\r\\n\", '\\\"', '\\'', '(', ')'), array(\"\\n\", '\"', ''', '(', ')'), trim('\$1'))"
@@ -334,7 +340,7 @@ class acp_bbcodes
 		$sp_tokens = array(
 			'URL'	 => '(?i)((?:' . str_replace(array('!', '\#'), array('\!', '#'), get_preg_expression('url')) . ')|(?:' . str_replace(array('!', '\#'), array('\!', '#'), get_preg_expression('www_url')) . '))(?-i)',
 			'LOCAL_URL'	 => '(?i)(' . str_replace(array('!', '\#'), array('\!', '#'), get_preg_expression('relative_url')) . ')(?-i)',
-			'EMAIL' => '([a-zA-Z0-9]+[a-zA-Z0-9\-\._]*@(?:(?:[0-9]{1,3}\.){3,5}[0-9]{1,3}|[a-zA-Z0-9]+[a-zA-Z0-9\-\._]*\.[a-zA-Z]+))',
+			'EMAIL' => '(' . get_preg_expression('email') . ')',
 			'TEXT' => '(.*?)',
 			'SIMPLETEXT' => '([a-zA-Z0-9-+.,_ ]+)',
 			'IDENTIFIER' => '([a-zA-Z0-9-_]+)',

phpBB/includes/acp/acp_board.php

@@ -102,14 +102,18 @@ class acp_board
 					'title'	=> 'ACP_AVATAR_SETTINGS',
 					'vars'	=> array(
 						'legend1'				=> 'ACP_AVATAR_SETTINGS',
-						'avatar_min_height'		=> false, 'avatar_min_width' => false, 'avatar_max_height' => false, 'avatar_max_width' => false,
+
+						'avatar_min_width'		=> array('lang' => 'MIN_AVATAR_SIZE', 'validate' => 'int:0', 'type' => false, 'method' => false, 'explain' => false,),
+						'avatar_min_height'		=> array('lang' => 'MIN_AVATAR_SIZE', 'validate' => 'int:0', 'type' => false, 'method' => false, 'explain' => false,),
+						'avatar_max_width'		=> array('lang' => 'MAX_AVATAR_SIZE', 'validate' => 'int:0', 'type' => false, 'method' => false, 'explain' => false,),
+						'avatar_max_height'		=> array('lang' => 'MAX_AVATAR_SIZE', 'validate' => 'int:0', 'type' => false, 'method' => false, 'explain' => false,),
 
 						'allow_avatar_local'	=> array('lang' => 'ALLOW_LOCAL',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
 						'allow_avatar_remote'	=> array('lang' => 'ALLOW_REMOTE',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'allow_avatar_upload'	=> array('lang' => 'ALLOW_UPLOAD',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
-						'avatar_filesize'		=> array('lang' => 'MAX_FILESIZE',			'validate' => 'int',	'type' => 'text:4:10', 'explain' => true, 'append' => ' ' . $user->lang['BYTES']),
-						'avatar_min'			=> array('lang' => 'MIN_AVATAR_SIZE',		'validate' => 'int',	'type' => 'dimension:3:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
-						'avatar_max'			=> array('lang' => 'MAX_AVATAR_SIZE',		'validate' => 'int',	'type' => 'dimension:3:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
+						'avatar_filesize'		=> array('lang' => 'MAX_FILESIZE',			'validate' => 'int:0',	'type' => 'text:4:10', 'explain' => true, 'append' => ' ' . $user->lang['BYTES']),
+						'avatar_min'			=> array('lang' => 'MIN_AVATAR_SIZE',		'validate' => 'int:0',	'type' => 'dimension:3:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
+						'avatar_max'			=> array('lang' => 'MAX_AVATAR_SIZE',		'validate' => 'int:0',	'type' => 'dimension:3:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
 						'avatar_path'			=> array('lang' => 'AVATAR_STORAGE_PATH',	'validate' => 'rwpath',	'type' => 'text:20:255', 'explain' => true),
 						'avatar_gallery_path'	=> array('lang' => 'AVATAR_GALLERY_PATH',	'validate' => 'rpath',	'type' => 'text:20:255', 'explain' => true)
 					)
@@ -123,11 +127,12 @@ class acp_board
 					'vars'	=> array(
 						'legend1'				=> 'GENERAL_SETTINGS',
 						'allow_privmsg'			=> array('lang' => 'BOARD_PM',				'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
-						'pm_max_boxes'			=> array('lang' => 'BOXES_MAX',				'validate' => 'int',	'type' => 'text:4:4', 'explain' => true),
-						'pm_max_msgs'			=> array('lang' => 'BOXES_LIMIT',			'validate' => 'int',	'type' => 'text:4:4', 'explain' => true),
+						'pm_max_boxes'			=> array('lang' => 'BOXES_MAX',				'validate' => 'int:0',	'type' => 'text:4:4', 'explain' => true),
+						'pm_max_msgs'			=> array('lang' => 'BOXES_LIMIT',			'validate' => 'int:0',	'type' => 'text:4:4', 'explain' => true),
 						'full_folder_action'	=> array('lang' => 'FULL_FOLDER_ACTION',	'validate' => 'int',	'type' => 'select', 'method' => 'full_folder_select', 'explain' => true),
-						'pm_edit_time'			=> array('lang' => 'PM_EDIT_TIME',			'validate' => 'int',	'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['MINUTES']),
-						
+						'pm_edit_time'			=> array('lang' => 'PM_EDIT_TIME',			'validate' => 'int:0',	'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['MINUTES']),
+						'pm_max_recipients'		=> array('lang' => 'PM_MAX_RECIPIENTS',		'validate' => 'int:0',	'type' => 'text:5:5', 'explain' => true),
+
 						'legend2'				=> 'GENERAL_OPTIONS',
 						'allow_mass_pm'			=> array('lang' => 'ALLOW_MASS_PM',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
 						'auth_bbcode_pm'		=> array('lang' => 'ALLOW_BBCODE_PM',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
@@ -159,22 +164,24 @@ class acp_board
 						'enable_post_confirm'	=> array('lang' => 'VISUAL_CONFIRM_POST',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 
 						'legend2'				=> 'POSTING',
+						'enable_queue_trigger'	=> array('lang' => 'ENABLE_QUEUE_TRIGGER',	'validate' => 'bool',		'type' => 'radio:yes_no', 'explain' => true),
+						'queue_trigger_posts'	=> array('lang' => 'QUEUE_TRIGGER_POSTS',	'validate' => 'int:0:250',	'type' => 'text:4:4', 'explain' => true),
 						'bump_type'				=> false,
-						'edit_time'				=> array('lang' => 'EDIT_TIME',				'validate' => 'int',	'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['MINUTES']),
-						'display_last_edited'	=> array('lang' => 'DISPLAY_LAST_EDITED',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
-						'flood_interval'		=> array('lang' => 'FLOOD_INTERVAL',		'validate' => 'int',	'type' => 'text:3:10', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
-						'bump_interval'			=> array('lang' => 'BUMP_INTERVAL',			'validate' => 'int',	'type' => 'custom', 'method' => 'bump_interval', 'explain' => true),
-						'topics_per_page'		=> array('lang' => 'TOPICS_PER_PAGE',		'validate' => 'int',	'type' => 'text:3:4', 'explain' => false),
-						'posts_per_page'		=> array('lang' => 'POSTS_PER_PAGE',		'validate' => 'int',	'type' => 'text:3:4', 'explain' => false),
-						'hot_threshold'			=> array('lang' => 'HOT_THRESHOLD',			'validate' => 'int',	'type' => 'text:3:4', 'explain' => true),
-						'max_poll_options'		=> array('lang' => 'MAX_POLL_OPTIONS',		'validate' => 'int',	'type' => 'text:4:4', 'explain' => false),
-						'max_post_chars'		=> array('lang' => 'CHAR_LIMIT',			'validate' => 'int',	'type' => 'text:4:6', 'explain' => true),
-						'max_post_smilies'		=> array('lang' => 'SMILIES_LIMIT',			'validate' => 'int',	'type' => 'text:4:4', 'explain' => true),
-						'max_post_urls'			=> array('lang' => 'MAX_POST_URLS',			'validate' => 'int',	'type' => 'text:5:4', 'explain' => true),
-						'max_post_font_size'	=> array('lang' => 'MAX_POST_FONT_SIZE',	'validate' => 'int',	'type' => 'text:5:4', 'explain' => true, 'append' => ' %'),
-						'max_quote_depth'		=> array('lang' => 'QUOTE_DEPTH_LIMIT',		'validate' => 'int',	'type' => 'text:4:4', 'explain' => true),
-						'max_post_img_width'	=> array('lang' => 'MAX_POST_IMG_WIDTH',	'validate' => 'int',	'type' => 'text:5:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
-						'max_post_img_height'	=> array('lang' => 'MAX_POST_IMG_HEIGHT',	'validate' => 'int',	'type' => 'text:5:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
+						'edit_time'				=> array('lang' => 'EDIT_TIME',				'validate' => 'int:0',		'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['MINUTES']),
+						'display_last_edited'	=> array('lang' => 'DISPLAY_LAST_EDITED',	'validate' => 'bool',		'type' => 'radio:yes_no', 'explain' => true),
+						'flood_interval'		=> array('lang' => 'FLOOD_INTERVAL',		'validate' => 'int:0',		'type' => 'text:3:10', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
+						'bump_interval'			=> array('lang' => 'BUMP_INTERVAL',			'validate' => 'int:0',		'type' => 'custom', 'method' => 'bump_interval', 'explain' => true),
+						'topics_per_page'		=> array('lang' => 'TOPICS_PER_PAGE',		'validate' => 'int:1',		'type' => 'text:3:4', 'explain' => false),
+						'posts_per_page'		=> array('lang' => 'POSTS_PER_PAGE',		'validate' => 'int:1',		'type' => 'text:3:4', 'explain' => false),
+						'hot_threshold'			=> array('lang' => 'HOT_THRESHOLD',			'validate' => 'int:0',		'type' => 'text:3:4', 'explain' => true),
+						'max_poll_options'		=> array('lang' => 'MAX_POLL_OPTIONS',		'validate' => 'int:2:127',	'type' => 'text:4:4', 'explain' => false),
+						'max_post_chars'		=> array('lang' => 'CHAR_LIMIT',			'validate' => 'int:0',		'type' => 'text:4:6', 'explain' => true),
+						'max_post_smilies'		=> array('lang' => 'SMILIES_LIMIT',			'validate' => 'int:0',		'type' => 'text:4:4', 'explain' => true),
+						'max_post_urls'			=> array('lang' => 'MAX_POST_URLS',			'validate' => 'int:0',		'type' => 'text:5:4', 'explain' => true),
+						'max_post_font_size'	=> array('lang' => 'MAX_POST_FONT_SIZE',	'validate' => 'int:0',		'type' => 'text:5:4', 'explain' => true, 'append' => ' %'),
+						'max_quote_depth'		=> array('lang' => 'QUOTE_DEPTH_LIMIT',		'validate' => 'int:0',		'type' => 'text:4:4', 'explain' => true),
+						'max_post_img_width'	=> array('lang' => 'MAX_POST_IMG_WIDTH',	'validate' => 'int:0',		'type' => 'text:5:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
+						'max_post_img_height'	=> array('lang' => 'MAX_POST_IMG_HEIGHT',	'validate' => 'int:0',		'type' => 'text:5:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
 					)
 				);
 			break;
@@ -192,12 +199,12 @@ class acp_board
 						'allow_sig_links'		=> array('lang' => 'ALLOW_SIG_LINKS',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 
 						'legend2'				=> 'GENERAL_SETTINGS',
-						'max_sig_chars'			=> array('lang' => 'MAX_SIG_LENGTH',		'validate' => 'int',	'type' => 'text:5:4', 'explain' => true),
-						'max_sig_urls'			=> array('lang' => 'MAX_SIG_URLS',			'validate' => 'int',	'type' => 'text:5:4', 'explain' => true),
-						'max_sig_font_size'		=> array('lang' => 'MAX_SIG_FONT_SIZE',		'validate' => 'int',	'type' => 'text:5:4', 'explain' => true, 'append' => ' %'),
-						'max_sig_smilies'		=> array('lang' => 'MAX_SIG_SMILIES',		'validate' => 'int',	'type' => 'text:5:4', 'explain' => true),
-						'max_sig_img_width'		=> array('lang' => 'MAX_SIG_IMG_WIDTH',		'validate' => 'int',	'type' => 'text:5:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
-						'max_sig_img_height'	=> array('lang' => 'MAX_SIG_IMG_HEIGHT',	'validate' => 'int',	'type' => 'text:5:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
+						'max_sig_chars'			=> array('lang' => 'MAX_SIG_LENGTH',		'validate' => 'int:0',	'type' => 'text:5:4', 'explain' => true),
+						'max_sig_urls'			=> array('lang' => 'MAX_SIG_URLS',			'validate' => 'int:0',	'type' => 'text:5:4', 'explain' => true),
+						'max_sig_font_size'		=> array('lang' => 'MAX_SIG_FONT_SIZE',		'validate' => 'int:0',	'type' => 'text:5:4', 'explain' => true, 'append' => ' %'),
+						'max_sig_smilies'		=> array('lang' => 'MAX_SIG_SMILIES',		'validate' => 'int:0',	'type' => 'text:5:4', 'explain' => true),
+						'max_sig_img_width'		=> array('lang' => 'MAX_SIG_IMG_WIDTH',		'validate' => 'int:0',	'type' => 'text:5:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
+						'max_sig_img_height'	=> array('lang' => 'MAX_SIG_IMG_HEIGHT',	'validate' => 'int:0',	'type' => 'text:5:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
 					)
 				);
 			break;
@@ -207,24 +214,22 @@ class acp_board
 					'title'	=> 'ACP_REGISTER_SETTINGS',
 					'vars'	=> array(
 						'legend1'				=> 'GENERAL_SETTINGS',
-						'max_name_chars'		=> false,
-						'max_pass_chars'		=> false,
+						'max_name_chars'		=> array('lang' => 'USERNAME_LENGTH', 'validate' => 'int:8:180', 'type' => false, 'method' => false, 'explain' => false,),
+						'max_pass_chars'		=> array('lang' => 'PASSWORD_LENGTH', 'validate' => 'int:8:255', 'type' => false, 'method' => false, 'explain' => false,),
 
 						'require_activation'	=> array('lang' => 'ACC_ACTIVATION',	'validate' => 'int',	'type' => 'custom', 'method' => 'select_acc_activation', 'explain' => true),
-						'min_name_chars'		=> array('lang' => 'USERNAME_LENGTH',	'validate' => 'int',	'type' => 'custom', 'method' => 'username_length', 'explain' => true),
-						'min_pass_chars'		=> array('lang' => 'PASSWORD_LENGTH',	'validate' => 'int',	'type' => 'custom', 'method' => 'password_length', 'explain' => true),
+						'min_name_chars'		=> array('lang' => 'USERNAME_LENGTH',	'validate' => 'int:1',	'type' => 'custom:5:180', 'method' => 'username_length', 'explain' => true),
+						'min_pass_chars'		=> array('lang' => 'PASSWORD_LENGTH',	'validate' => 'int:1',	'type' => 'custom', 'method' => 'password_length', 'explain' => true),
 						'allow_name_chars'		=> array('lang' => 'USERNAME_CHARS',	'validate' => 'string',	'type' => 'select', 'method' => 'select_username_chars', 'explain' => true),
 						'pass_complex'			=> array('lang' => 'PASSWORD_TYPE',		'validate' => 'string',	'type' => 'select', 'method' => 'select_password_chars', 'explain' => true),
-						'chg_passforce'			=> array('lang' => 'FORCE_PASS_CHANGE',	'validate' => 'int',	'type' => 'text:3:3', 'explain' => true, 'append' => ' ' . $user->lang['DAYS']),
+						'chg_passforce'			=> array('lang' => 'FORCE_PASS_CHANGE',	'validate' => 'int:0',	'type' => 'text:3:3', 'explain' => true, 'append' => ' ' . $user->lang['DAYS']),
 
 						'legend2'				=> 'GENERAL_OPTIONS',
 						'allow_namechange'		=> array('lang' => 'ALLOW_NAME_CHANGE',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
 						'allow_emailreuse'		=> array('lang' => 'ALLOW_EMAIL_REUSE',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'enable_confirm'		=> array('lang' => 'VISUAL_CONFIRM_REG',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
-						'max_login_attempts'	=> array('lang' => 'MAX_LOGIN_ATTEMPTS',	'validate' => 'int',	'type' => 'text:3:3', 'explain' => true),
-						'max_reg_attempts'		=> array('lang' => 'REG_LIMIT',				'validate' => 'int',	'type' => 'text:4:4', 'explain' => true),
-						'min_time_reg'			=> array('lang' => 'MIN_TIME_REG',			'validate' => 'int',	'type' => 'text:3:3', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
-						'min_time_terms'		=> array('lang' => 'MIN_TIME_TERMS',		'validate' => 'int',	'type' => 'text:3:3', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
+						'max_login_attempts'	=> array('lang' => 'MAX_LOGIN_ATTEMPTS',	'validate' => 'int:0',	'type' => 'text:3:3', 'explain' => true),
+						'max_reg_attempts'		=> array('lang' => 'REG_LIMIT',				'validate' => 'int:0',	'type' => 'text:4:4', 'explain' => true),
 
 						'legend3'			=> 'COPPA',
 						'coppa_enable'		=> array('lang' => 'ENABLE_COPPA',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
@@ -253,9 +258,9 @@ class acp_board
 					'vars'	=> array(
 						'legend1'			=> 'GENERAL_SETTINGS',
 						'limit_load'		=> array('lang' => 'LIMIT_LOAD',		'validate' => 'string',	'type' => 'text:4:4', 'explain' => true),
-						'session_length'	=> array('lang' => 'SESSION_LENGTH',	'validate' => 'int',	'type' => 'text:5:10', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
-						'active_sessions'	=> array('lang' => 'LIMIT_SESSIONS',	'validate' => 'int',	'type' => 'text:4:4', 'explain' => true),
-						'load_online_time'	=> array('lang' => 'ONLINE_LENGTH',		'validate' => 'int',	'type' => 'text:4:3', 'explain' => true, 'append' => ' ' . $user->lang['MINUTES']),
+						'session_length'	=> array('lang' => 'SESSION_LENGTH',	'validate' => 'int:60',	'type' => 'text:5:10', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
+						'active_sessions'	=> array('lang' => 'LIMIT_SESSIONS',	'validate' => 'int:0',	'type' => 'text:4:4', 'explain' => true),
+						'load_online_time'	=> array('lang' => 'ONLINE_LENGTH',		'validate' => 'int:0',	'type' => 'text:4:3', 'explain' => true, 'append' => ' ' . $user->lang['MINUTES']),
 
 						'legend2'				=> 'GENERAL_OPTIONS',
 						'load_db_track'			=> array('lang' => 'YES_POST_MARKING',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
@@ -269,7 +274,7 @@ class acp_board
 						'load_jumpbox'			=> array('lang' => 'YES_JUMPBOX',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
 						'load_user_activity'	=> array('lang' => 'LOAD_USER_ACTIVITY',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'load_tplcompile'		=> array('lang' => 'RECOMPILE_STYLES',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
-						
+
 						'legend3'				=> 'CUSTOM_PROFILE_FIELDS',
 						'load_cpf_memberlist'	=> array('lang' => 'LOAD_CPF_MEMBERLIST',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
 						'load_cpf_viewprofile'	=> array('lang' => 'LOAD_CPF_VIEWPROFILE',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
@@ -305,7 +310,7 @@ class acp_board
 						'force_server_vars'		=> array('lang' => 'FORCE_SERVER_VARS',	'validate' => 'bool',			'type' => 'radio:yes_no', 'explain' => true),
 						'server_protocol'		=> array('lang' => 'SERVER_PROTOCOL',	'validate' => 'string',			'type' => 'text:10:10', 'explain' => true),
 						'server_name'			=> array('lang' => 'SERVER_NAME',		'validate' => 'string',			'type' => 'text:40:255', 'explain' => true),
-						'server_port'			=> array('lang' => 'SERVER_PORT',		'validate' => 'int',			'type' => 'text:5:5', 'explain' => true),
+						'server_port'			=> array('lang' => 'SERVER_PORT',		'validate' => 'int:0',			'type' => 'text:5:5', 'explain' => true),
 						'script_path'			=> array('lang' => 'SCRIPT_PATH',		'validate' => 'script_path',	'type' => 'text::255', 'explain' => true),
 					)
 				);
@@ -317,18 +322,18 @@ class acp_board
 					'vars'	=> array(
 						'legend1'				=> 'ACP_SECURITY_SETTINGS',
 						'allow_autologin'		=> array('lang' => 'ALLOW_AUTOLOGIN',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
-						'max_autologin_time'	=> array('lang' => 'AUTOLOGIN_LENGTH',		'validate' => 'int',	'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['DAYS']),
+						'max_autologin_time'	=> array('lang' => 'AUTOLOGIN_LENGTH',		'validate' => 'int:0',	'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['DAYS']),
 						'ip_check'				=> array('lang' => 'IP_VALID',				'validate' => 'int',	'type' => 'custom', 'method' => 'select_ip_check', 'explain' => true),
 						'browser_check'			=> array('lang' => 'BROWSER_VALID',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'forwarded_for_check'	=> array('lang' => 'FORWARDED_FOR_VALID',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
+						'referer_validation'	=> array('lang' => 'REFERER_VALID',		'validate' => 'int:0:3','type' => 'custom', 'method' => 'select_ref_check', 'explain' => true),
 						'check_dnsbl'			=> array('lang' => 'CHECK_DNSBL',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'email_check_mx'		=> array('lang' => 'EMAIL_CHECK_MX',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'pass_complex'			=> array('lang' => 'PASSWORD_TYPE',			'validate' => 'string',	'type' => 'select', 'method' => 'select_password_chars', 'explain' => true),
-						'chg_passforce'			=> array('lang' => 'FORCE_PASS_CHANGE',		'validate' => 'int',	'type' => 'text:3:3', 'explain' => true, 'append' => ' ' . $user->lang['DAYS']),
-						'max_login_attempts'	=> array('lang' => 'MAX_LOGIN_ATTEMPTS',	'validate' => 'int',	'type' => 'text:3:3', 'explain' => true),
+						'chg_passforce'			=> array('lang' => 'FORCE_PASS_CHANGE',		'validate' => 'int:0',	'type' => 'text:3:3', 'explain' => true, 'append' => ' ' . $user->lang['DAYS']),
+						'max_login_attempts'	=> array('lang' => 'MAX_LOGIN_ATTEMPTS',	'validate' => 'int:0',	'type' => 'text:3:3', 'explain' => true),
 						'tpl_allow_php'			=> array('lang' => 'TPL_ALLOW_PHP',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
-						'form_token_lifetime'	=> array('lang' => 'FORM_TIME_MAX',			'validate' => 'int',	'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
-						'form_token_mintime'	=> array('lang' => 'FORM_TIME_MIN',			'validate' => 'int',	'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
+						'form_token_lifetime'	=> array('lang' => 'FORM_TIME_MAX',			'validate' => 'int:-1',	'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
 						'form_token_sid_guests'	=> array('lang' => 'FORM_SID_GUESTS',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 
 					)
@@ -343,7 +348,7 @@ class acp_board
 						'email_enable'			=> array('lang' => 'ENABLE_EMAIL',			'validate' => 'bool',	'type' => 'radio:enabled_disabled', 'explain' => true),
 						'board_email_form'		=> array('lang' => 'BOARD_EMAIL_FORM',		'validate' => 'bool',	'type' => 'radio:enabled_disabled', 'explain' => true),
 						'email_function_name'	=> array('lang' => 'EMAIL_FUNCTION_NAME',	'validate' => 'string',	'type' => 'text:20:50', 'explain' => true),
-						'email_package_size'	=> array('lang' => 'EMAIL_PACKAGE_SIZE',	'validate' => 'int',	'type' => 'text:5:5', 'explain' => true),
+						'email_package_size'	=> array('lang' => 'EMAIL_PACKAGE_SIZE',	'validate' => 'int:0',	'type' => 'text:5:5', 'explain' => true),
 						'board_contact'			=> array('lang' => 'CONTACT_EMAIL',			'validate' => 'string',	'type' => 'text:25:100', 'explain' => true),
 						'board_email'			=> array('lang' => 'ADMIN_EMAIL',			'validate' => 'string',	'type' => 'text:25:100', 'explain' => true),
 						'board_email_sig'		=> array('lang' => 'EMAIL_SIG',				'validate' => 'string',	'type' => 'textarea:5:30', 'explain' => true),
@@ -352,7 +357,7 @@ class acp_board
 						'legend2'				=> 'SMTP_SETTINGS',
 						'smtp_delivery'			=> array('lang' => 'USE_SMTP',				'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'smtp_host'				=> array('lang' => 'SMTP_SERVER',			'validate' => 'string',	'type' => 'text:25:50', 'explain' => false),
-						'smtp_port'				=> array('lang' => 'SMTP_PORT',				'validate' => 'int',	'type' => 'text:4:5', 'explain' => true),
+						'smtp_port'				=> array('lang' => 'SMTP_PORT',				'validate' => 'int:0',	'type' => 'text:4:5', 'explain' => true),
 						'smtp_auth_method'		=> array('lang' => 'SMTP_AUTH_METHOD',		'validate' => 'string',	'type' => 'select', 'method' => 'mail_auth_select', 'explain' => true),
 						'smtp_username'			=> array('lang' => 'SMTP_USERNAME',			'validate' => 'string',	'type' => 'text:25:255', 'explain' => true),
 						'smtp_password'			=> array('lang' => 'SMTP_PASSWORD',			'validate' => 'string',	'type' => 'password:25:255', 'explain' => true)
@@ -556,15 +561,22 @@ class acp_board
 				$l_explain = (isset($user->lang[$vars['lang'] . '_EXPLAIN'])) ? $user->lang[$vars['lang'] . '_EXPLAIN'] : '';
 			}
 
+			$content = build_cfg_template($type, $config_key, $this->new_config, $config_key, $vars);
+
+			if (empty($content))
+			{
+				continue;
+			}
+
 			$template->assign_block_vars('options', array(
 				'KEY'			=> $config_key,
 				'TITLE'			=> (isset($user->lang[$vars['lang']])) ? $user->lang[$vars['lang']] : $vars['lang'],
 				'S_EXPLAIN'		=> $vars['explain'],
 				'TITLE_EXPLAIN'	=> $l_explain,
-				'CONTENT'		=> build_cfg_template($type, $config_key, $this->new_config, $config_key, $vars),
+				'CONTENT'		=> $content,
 				)
 			);
-		
+
 			unset($display_vars['vars'][$config_key]);
 		}
 
@@ -669,6 +681,16 @@ class acp_board
 		return h_radio('config[ip_check]', $radio_ary, $value, $key);
 	}
 
+	/**
+	* Select referer validation
+	*/
+	function select_ref_check($value, $key = '')
+	{
+		$radio_ary = array(REFERER_VALIDATE_PATH => 'REF_PATH', REFERER_VALIDATE_HOST => 'REF_HOST', REFERER_VALIDATE_NONE => 'NO_REF_VALIDATION');
+
+		return h_radio('config[referer_validation]', $radio_ary, $value, $key);
+	}
+
 	/**
 	* Select account activation method
 	*/
@@ -795,7 +817,7 @@ class acp_board
 		}
 
 		$dateformat_options .= '<option value="custom"';
-		if (!in_array($value, array_keys($user->lang['dateformats'])))
+		if (!isset($user->lang['dateformats'][$value]))
 		{
 			$dateformat_options .= ' selected="selected"';
 		}

phpBB/includes/acp/acp_captcha.php

@@ -29,7 +29,7 @@ class acp_captcha
 
 		$user->add_lang('acp/board');
 
-		
+
 		$captcha_vars = array(
 			'captcha_gd_x_grid'				=> 'CAPTCHA_GD_X_GRID',
 			'captcha_gd_y_grid'				=> 'CAPTCHA_GD_Y_GRID',
@@ -54,7 +54,7 @@ class acp_captcha
 			}
 			$captcha = new captcha();
 			$captcha->execute(gen_rand_string(mt_rand(5, 8)), time());
-			exit_handler();
+			exit;
 		}
 
 		$config_vars = array(
@@ -80,7 +80,11 @@ class acp_captcha
 			$captcha_vars = array_keys($captcha_vars);
 			foreach ($captcha_vars as $captcha_var)
 			{
-				set_config($captcha_var, request_var($captcha_var, 0));
+				$value = request_var($captcha_var, 0);
+				if ($value >= 0)
+				{
+					set_config($captcha_var, $value);
+				}
 			}
 			trigger_error($user->lang['CONFIG_UPDATED'] . adm_back_link($this->u_action));
 		}
@@ -90,7 +94,7 @@ class acp_captcha
 		}
 		else
 		{
-			
+
 			$preview_image_src = append_sid(append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&demo=demo"));
 			if (@extension_loaded('gd'))
 			{
@@ -110,7 +114,7 @@ class acp_captcha
 				'CAPTCHA_PREVIEW'	=> $preview_image_src,
 				'PREVIEW'			=> isset($_POST['preview']),
 			));
-			
+
 		}
 	}
 }

phpBB/includes/acp/acp_database.php

@@ -25,7 +25,7 @@ class acp_database
 
 	function main($id, $mode)
 	{
-		global $db, $user, $auth, $template, $table_prefix;
+		global $cache, $db, $user, $auth, $template, $table_prefix;
 		global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx;
 		
 		$user->add_lang('acp/database');
@@ -159,18 +159,20 @@ class acp_database
 
 						$extractor->write_end();
 
+						add_log('admin', 'LOG_DB_BACKUP');
+
 						if ($download == true)
 						{
 							exit;
 						}
 
-						add_log('admin', 'LOG_DB_BACKUP');
 						trigger_error($user->lang['BACKUP_SUCCESS'] . adm_back_link($this->u_action));
 					break;
 
 					default:
 						include($phpbb_root_path . 'includes/functions_install.' . $phpEx);
 						$tables = get_tables($db);
+						asort($tables);
 						foreach ($tables as $table_name)
 						{
 							if (strlen($table_prefix) === 0 || stripos($table_name, $table_prefix) === 0)
@@ -341,10 +343,29 @@ class acp_database
 								break;
 
 								case 'postgres':
+									$delim = ";\n";
 									while (($sql = $fgetd($fp, $delim, $read, $seek, $eof)) !== false)
 									{
 										$query = trim($sql);
-										$db->sql_query($query);
+
+										if (substr($query, 0, 13) == 'CREATE DOMAIN')
+										{
+											list(, , $domain) = explode(' ', $query);
+											$sql = "SELECT domain_name
+												FROM information_schema.domains
+												WHERE domain_name = '$domain';";
+											$result = $db->sql_query($sql);
+											if (!$db->sql_fetchrow($result))
+											{
+												$db->sql_query($query);
+											}
+											$db->sql_freeresult($result);
+										}
+										else
+										{
+											$db->sql_query($query);
+										}
+
 										if (substr($query, 0, 4) == 'COPY')
 										{
 											while (($sub = $fgetd($fp, "\n", $read, $seek, $eof)) !== '\.')
@@ -379,6 +400,9 @@ class acp_database
 
 							$close($fp);
 
+							// Purge the cache due to updated data
+							$cache->purge();
+
 							add_log('admin', 'LOG_DB_RESTORE');
 							trigger_error($user->lang['RESTORE_SUCCESS'] . adm_back_link($this->u_action));
 							break;
@@ -596,7 +620,7 @@ class mysql_extractor extends base_extractor
 
 		if ($new_extract === null)
 		{
-			if ($db->sql_layer === 'mysqli' || version_compare($db->mysql_version, '3.23.20', '>='))
+			if ($db->sql_layer === 'mysqli' || version_compare($db->sql_server_info(true), '3.23.20', '>='))
 			{
 				$new_extract = true;
 			}
@@ -1086,7 +1110,7 @@ class postgres_extractor extends base_extractor
 		}
 
 		$sql_data = '-- Table: ' . $table_name . "\n";
-		//$sql_data .= "DROP TABLE $table_name;\n";
+		$sql_data .= "DROP TABLE $table_name;\n";
 		// PGSQL does not "tightly" bind sequences and tables, we must guess...
 		$sql = "SELECT relname
 			FROM pg_class
@@ -1155,7 +1179,7 @@ class postgres_extractor extends base_extractor
 				$line .= ')';
 			}
 
-			if (!empty($row['rowdefault']))
+			if (isset($row['rowdefault']))
 			{
 				$line .= ' DEFAULT ' . $row['rowdefault'];
 			}

phpBB/includes/acp/acp_forums.php

@@ -56,7 +56,7 @@ class acp_forums
 				$total = request_var('total', 0);
 
 				$this->display_progress_bar($start, $total);
-				exit_handler();
+				exit;
 			break;
 
 			case 'delete':
@@ -74,7 +74,7 @@ class acp_forums
 				{
 					trigger_error($user->lang['NO_PERMISSION_FORUM_ADD'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id), E_USER_WARNING);
 				}
-			
+
 			break;
 		}
 
@@ -100,7 +100,7 @@ class acp_forums
 					$cache->destroy('sql', FORUMS_TABLE);
 
 					trigger_error($user->lang['FORUM_DELETED'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id));
-	
+
 				break;
 
 				case 'edit':
@@ -132,6 +132,7 @@ class acp_forums
 						'forum_rules_link'		=> request_var('forum_rules_link', ''),
 						'forum_image'			=> request_var('forum_image', ''),
 						'forum_style'			=> request_var('forum_style', 0),
+						'display_subforum_list'	=> request_var('display_subforum_list', false),
 						'display_on_index'		=> request_var('display_on_index', false),
 						'forum_topics_per_page'	=> request_var('topics_per_page', 0),
 						'enable_indexing'		=> request_var('enable_indexing', true),
@@ -153,8 +154,11 @@ class acp_forums
 					if ($forum_data['forum_type'] == FORUM_LINK)
 					{
 						$forum_data['display_on_index'] = request_var('link_display_on_index', false);
+					}
 
-						// Linked forums are not able to be locked...
+					// Linked forums and categories are not able to be locked...
+					if ($forum_data['forum_type'] == FORUM_LINK || $forum_data['forum_type'] == FORUM_CAT)
+					{
 						$forum_data['forum_status'] = ITEM_UNLOCKED;
 					}
 
@@ -188,7 +192,7 @@ class acp_forums
 								$sql = 'DELETE FROM ' . ACL_USERS_TABLE . '
 									WHERE forum_id = ' . (int) $forum_data['forum_id'];
 								$db->sql_query($sql);
-	
+
 								$sql = 'DELETE FROM ' . ACL_GROUPS_TABLE . '
 									WHERE forum_id = ' . (int) $forum_data['forum_id'];
 								$db->sql_query($sql);
@@ -244,7 +248,7 @@ class acp_forums
 
 						$auth->acl_clear_prefetch();
 						$cache->destroy('sql', FORUMS_TABLE);
-	
+
 						$acl_url = '&mode=setting_forum_local&forum_id[]=' . $forum_data['forum_id'];
 
 						$message = ($action == 'add') ? $user->lang['FORUM_CREATED'] : $user->lang['FORUM_UPDATED'];
@@ -471,6 +475,7 @@ class acp_forums
 							'forum_rules_link'		=> '',
 							'forum_image'			=> '',
 							'forum_style'			=> 0,
+							'display_subforum_list'	=> true,
 							'display_on_index'		=> false,
 							'forum_topics_per_page'	=> 0,
 							'enable_indexing'		=> true,
@@ -541,7 +546,7 @@ class acp_forums
 
 				$forum_type_options = '';
 				$forum_type_ary = array(FORUM_CAT => 'CAT', FORUM_POST => 'FORUM', FORUM_LINK => 'LINK');
-		
+
 				foreach ($forum_type_ary as $value => $lang)
 				{
 					$forum_type_options .= '<option value="' . $value . '"' . (($value == $forum_data['forum_type']) ? ' selected="selected"' : '') . '>' . $user->lang['TYPE_' . $lang] . '</option>';
@@ -611,7 +616,7 @@ class acp_forums
 						}
 					}
 				}
-				
+
 				if (strlen($forum_data['forum_password']) == 32)
 				{
 					$errors[] = $user->lang['FORUM_PASSWORD_OLD'];
@@ -670,6 +675,7 @@ class acp_forums
 					'S_FORUM_CAT'				=> ($forum_data['forum_type'] == FORUM_CAT) ? true : false,
 					'S_ENABLE_INDEXING'			=> ($forum_data['enable_indexing']) ? true : false,
 					'S_TOPIC_ICONS'				=> ($forum_data['enable_icons']) ? true : false,
+					'S_DISPLAY_SUBFORUM_LIST'	=> ($forum_data['display_subforum_list']) ? true : false,
 					'S_DISPLAY_ON_INDEX'		=> ($forum_data['display_on_index']) ? true : false,
 					'S_PRUNE_ENABLE'			=> ($forum_data['enable_prune']) ? true : false,
 					'S_FORUM_LINK_TRACK'		=> ($forum_data['forum_flags'] & FORUM_FLAG_LINK_TRACK) ? true : false,
@@ -916,6 +922,12 @@ class acp_forums
 			$errors[] = $user->lang['FORUM_DATA_NEGATIVE'];
 		}
 
+		$range_test_ary = array(
+			array('lang' => 'FORUM_TOPICS_PAGE', 'value' => $forum_data['forum_topics_per_page'], 'column_type' => 'TINT:0'),
+		);
+
+		validate_range($range_test_ary, $errors);
+
 		// Set forum flags
 		// 1 = link tracking
 		// 2 = prune old polls
@@ -964,7 +976,7 @@ class acp_forums
 			$forum_data_sql['forum_password'] = phpbb_hash($forum_data_sql['forum_password']);
 		}
 		unset($forum_data_sql['forum_password_unset']);
-		
+
 		if (!isset($forum_data_sql['forum_id']))
 		{
 			// no forum_id means we're creating a new forum
@@ -1196,7 +1208,14 @@ class acp_forums
 
 			if ($row['parent_id'] != $forum_data_sql['parent_id'])
 			{
-				$errors = $this->move_forum($forum_data_sql['forum_id'], $forum_data_sql['parent_id']);
+				if ($row['forum_id'] != $forum_data_sql['parent_id'])
+				{
+					$errors = $this->move_forum($forum_data_sql['forum_id'], $forum_data_sql['parent_id']);
+				}
+				else
+				{
+					$forum_data_sql['parent_id'] = $row['parent_id'];
+				}
 			}
 
 			if (sizeof($errors))
@@ -1622,7 +1641,7 @@ class acp_forums
 			WHERE p.forum_id = $forum_id
 				AND a.in_message = 0
 				AND a.topic_id = p.topic_id";
-		$result = $db->sql_query($sql);	
+		$result = $db->sql_query($sql);
 
 		$topic_ids = array();
 		while ($row = $db->sql_fetchrow($result))
@@ -1637,7 +1656,8 @@ class acp_forums
 		$sql = 'SELECT poster_id
 			FROM ' . POSTS_TABLE . '
 			WHERE forum_id = ' . $forum_id . '
-				AND post_postcount = 1';
+				AND post_postcount = 1
+				AND post_approved = 1';
 		$result = $db->sql_query($sql);
 
 		$post_counts = array();
@@ -1680,7 +1700,7 @@ class acp_forums
 			break;
 
 			default:
-			
+
 				// Delete everything else and curse your DB for not offering multi-table deletion
 				$tables_ary = array(
 					'post_id'	=>	array(
@@ -1758,6 +1778,7 @@ class acp_forums
 					WHERE user_id = ' . $poster_id . '
 					AND user_posts < ' . $substract;
 				$db->sql_query($sql);
+
 				$sql = 'UPDATE ' . USERS_TABLE . '
 					SET user_posts = user_posts - ' . $substract . '
 					WHERE user_id = ' . $poster_id . '
@@ -1801,7 +1822,7 @@ class acp_forums
 		$row = $db->sql_fetchrow($result);
 		$db->sql_freeresult($result);
 
-		set_config('upload_dir_size', (int) $row['stat'], true);
+		set_config('upload_dir_size', (float) $row['stat'], true);
 
 		return array();
 	}

phpBB/includes/acp/acp_groups.php

@@ -87,24 +87,32 @@ class acp_groups
 
 				// Approve, demote or promote
 				$group_name = ($group_row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $group_row['group_name']] : $group_row['group_name'];
-				group_user_attributes($action, $group_id, $mark_ary, false, $group_name);
+				$error = group_user_attributes($action, $group_id, $mark_ary, false, $group_name);
 
-				switch ($action)
+				if (!$error)
 				{
-					case 'demote':
-						$message = 'GROUP_MODS_DEMOTED';
-					break;
+					switch ($action)
+					{
+						case 'demote':
+							$message = 'GROUP_MODS_DEMOTED';
+						break;
 
-					case 'promote':
-						$message = 'GROUP_MODS_PROMOTED';
-					break;
+						case 'promote':
+							$message = 'GROUP_MODS_PROMOTED';
+						break;
 
-					case 'approve':
-						$message = 'USERS_APPROVED';
-					break;
+						case 'approve':
+							$message = 'USERS_APPROVED';
+						break;
+					}
+
+					trigger_error($user->lang[$message] . adm_back_link($this->u_action . '&action=list&g=' . $group_id));
+				}
+				else
+				{
+					trigger_error($user->lang[$error] . adm_back_link($this->u_action . '&action=list&g=' . $group_id), E_USER_WARNING);
 				}
 
-				trigger_error($user->lang[$message] . adm_back_link($this->u_action . '&action=list&g=' . $group_id));
 			break;
 
 			case 'default':
@@ -172,13 +180,17 @@ class acp_groups
 
 			case 'deleteusers':
 			case 'delete':
+				if (!$group_id)
+				{
+					trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action), E_USER_WARNING);
+				}
+				else if ($action === 'delete' && $group_row['group_type'] == GROUP_SPECIAL)
+				{
+					trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING);
+				}
+
 				if (confirm_box(true))
 				{
-					if (!$group_id)
-					{
-						trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action), E_USER_WARNING);
-					}
-
 					$error = '';
 
 					switch ($action)
@@ -295,6 +307,7 @@ class acp_groups
 						'receive_pm'		=> isset($_REQUEST['group_receive_pm']) ? 1 : 0,
 						'legend'			=> isset($_REQUEST['group_legend']) ? 1 : 0,
 						'message_limit'		=> request_var('group_message_limit', 0),
+						'max_recipients'	=> request_var('group_max_recipients', 0),
 						'founder_manage'	=> 0,
 					);
 
@@ -387,7 +400,7 @@ class acp_groups
 						// were made.
 
 						$group_attributes = array();
-						$test_variables = array('rank', 'colour', 'avatar', 'avatar_type', 'avatar_width', 'avatar_height', 'receive_pm', 'legend', 'message_limit', 'founder_manage');
+						$test_variables = array('rank', 'colour', 'avatar', 'avatar_type', 'avatar_width', 'avatar_height', 'receive_pm', 'legend', 'message_limit', 'max_recipients', 'founder_manage');
 						foreach ($test_variables as $test)
 						{
 							if (isset($submit_ary[$test]) && ($action == 'add' || $group_row['group_' . $test] != $submit_ary[$test]))
@@ -547,6 +560,7 @@ class acp_groups
 					'GROUP_FOUNDER_MANAGE'	=> (isset($group_row['group_founder_manage']) && $group_row['group_founder_manage']) ? ' checked="checked"' : '',
 					'GROUP_LEGEND'			=> (isset($group_row['group_legend']) && $group_row['group_legend']) ? ' checked="checked"' : '',
 					'GROUP_MESSAGE_LIMIT'	=> (isset($group_row['group_message_limit'])) ? $group_row['group_message_limit'] : 0,
+					'GROUP_MAX_RECIPIENTS'	=> (isset($group_row['group_max_recipients'])) ? $group_row['group_max_recipients'] : 0,
 					'GROUP_COLOUR'			=> (isset($group_row['group_colour'])) ? $group_row['group_colour'] : '',
 
 
@@ -739,14 +753,14 @@ class acp_groups
 			foreach ($row_ary as $group_id => $row)
 			{
 				$group_name = (!empty($user->lang['G_' . $row['group_name']]))? $user->lang['G_' . $row['group_name']] : $row['group_name'];
-				
+
 				$template->assign_block_vars('groups', array(
 					'U_LIST'		=> "{$this->u_action}&action=list&g=$group_id",
 					'U_EDIT'		=> "{$this->u_action}&action=edit&g=$group_id",
 					'U_DELETE'		=> ($auth->acl_get('a_groupdel')) ? "{$this->u_action}&action=delete&g=$group_id" : '',
 
 					'S_GROUP_SPECIAL'	=> ($row['group_type'] == GROUP_SPECIAL) ? true : false,
-					
+
 					'GROUP_NAME'	=> $group_name,
 					'TOTAL_MEMBERS'	=> $row['total_members'],
 					)

phpBB/includes/acp/acp_icons.php

@@ -73,6 +73,13 @@ class acp_icons
 
 			foreach ($imglist as $path => $img_ary)
 			{
+				if (empty($img_ary))
+				{
+					continue;
+				}
+
+				asort($img_ary, SORT_STRING);
+
 				foreach ($img_ary as $img)
 				{
 					$img_size = getimagesize($phpbb_root_path . $img_path . '/' . $path . $img);
@@ -99,6 +106,11 @@ class acp_icons
 					}
 				}
 				closedir($dir);
+
+				if (!empty($_paks))
+				{
+					asort($_paks, SORT_STRING);
+				}
 			}
 		}
 
@@ -337,11 +349,16 @@ class acp_icons
 				}
 
 				$icons_updated = 0;
+				$errors = array();
 				foreach ($images as $image)
 				{
-					if (($mode == 'smilies' && ($image_emotion[$image] == '' || $image_code[$image] == '')) ||
-						($action == 'create' && !isset($image_add[$image])))
+					if ($mode == 'smilies' && ($image_emotion[$image] == '' || $image_code[$image] == ''))
 					{
+						$errors[$image] = 'SMILIE_NO_' . (($image_emotion[$image] == '') ? 'EMOTION' : 'CODE');
+					}
+					else if ($action == 'create' && !isset($image_add[$image]))
+					{
+						// skip images where add wasn't checked
 					}
 					else
 					{
@@ -431,13 +448,18 @@ class acp_icons
 					default:
 						$suc_lang = $lang;
 				}
+				$errormsgs = '';
+				foreach ($errors as $img => $error)
+				{
+					$errormsgs .= '<br />' . sprintf($user->lang[$error], $img);
+				}
 				if ($action == 'modify')
 				{
-					trigger_error($user->lang[$suc_lang . '_EDITED'] . adm_back_link($this->u_action), $level);
+					trigger_error($user->lang[$suc_lang . '_EDITED'] . $errormsgs . adm_back_link($this->u_action), $level);
 				}
 				else
 				{
-					trigger_error($user->lang[$suc_lang . '_ADDED'] . adm_back_link($this->u_action), $level);
+					trigger_error($user->lang[$suc_lang . '_ADDED'] . $errormsgs . adm_back_link($this->u_action), $level);
 				}
 
 			break;
@@ -462,7 +484,7 @@ class acp_icons
 						if (preg_match_all("#'(.*?)', ?#", $pak_entry, $data))
 						{
 							if ((sizeof($data[1]) != 4 && $mode == 'icons') ||
-								(sizeof($data[1]) != 6 && $mode == 'smilies'))
+								((sizeof($data[1]) != 6 || (empty($data[1][4]) || empty($data[1][5]))) && $mode == 'smilies' ))
 							{
 								trigger_error($user->lang['WRONG_PAK_TYPE'] . adm_back_link($this->u_action), E_USER_WARNING);
 							}

phpBB/includes/acp/acp_jabber.php

@@ -85,6 +85,19 @@ class acp_jabber
 
 				$jabber->disconnect();
 			}
+			else
+			{
+				// This feature is disabled.
+				// We update the user table to be sure all users that have IM as notify type are set to both  as notify type
+				$sql_ary = array(
+					'user_notify_type'		=> NOTIFY_BOTH,
+				);
+
+				$sql = 'UPDATE ' . USERS_TABLE . '
+					SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
+					WHERE user_notify_type = ' . NOTIFY_IM;
+				$db->sql_query($sql);
+			}
 
 			set_config('jab_enable', $jab_enable);
 			set_config('jab_host', $jab_host);

phpBB/includes/acp/acp_language.php

@@ -181,7 +181,7 @@ class acp_language
 			case 'submit_file':
 			case 'download_file':
 			case 'upload_data':
-				
+
 				if (!$submit || !check_form_key($form_name))
 				{
 					trigger_error($user->lang['FORM_INVALID']. adm_back_link($this->u_action), E_USER_WARNING);
@@ -261,16 +261,16 @@ class acp_language
 				if (!$safe_mode)
 				{
 					$mkdir_ary = array('language', 'language/' . $row['lang_iso']);
-					
+
 					if ($this->language_directory)
 					{
 						$mkdir_ary[] = 'language/' . $row['lang_iso'] . '/' . $this->language_directory;
 					}
-				
+
 					foreach ($mkdir_ary as $dir)
 					{
 						$dir = $phpbb_root_path . 'store/' . $dir;
-			
+
 						if (!is_dir($dir))
 						{
 							if (!@mkdir($dir, 0777))
@@ -316,7 +316,7 @@ class acp_language
 							}
 
 							$entry = "\tarray(\n";
-							
+
 							foreach ($value as $_key => $_value)
 							{
 								$entry .= "\t\t" . (int) $_key . "\t=> '" . $this->prepare_lang_entry($_value) . "',\n";
@@ -433,7 +433,7 @@ class acp_language
 				{
 					trigger_error($user->lang['NO_LANG_ID'] . adm_back_link($this->u_action), E_USER_WARNING);
 				}
-				
+
 				$this->page_title = 'LANGUAGE_PACK_DETAILS';
 
 				$sql = 'SELECT *
@@ -442,7 +442,7 @@ class acp_language
 				$result = $db->sql_query($sql);
 				$lang_entries = $db->sql_fetchrow($result);
 				$db->sql_freeresult($result);
-				
+
 				$lang_iso = $lang_entries['lang_iso'];
 				$missing_vars = $missing_files = array();
 
@@ -488,7 +488,7 @@ class acp_language
 							trigger_error($user->lang['WRONG_LANGUAGE_FILE'] . adm_back_link($this->u_action . '&action=details&id=' . $lang_id), E_USER_WARNING);
 						}
 				}
-				
+
 				if (isset($_POST['remove_store']))
 				{
 					$store_filename = $this->get_filename($lang_iso, $this->language_directory, $this->language_file, true, true);
@@ -532,7 +532,7 @@ class acp_language
 						if (file_exists($phpbb_root_path . $this->get_filename($lang_iso, '', $file)))
 						{
 							$missing_vars[$file] = $this->compare_language_files($config['default_lang'], $lang_iso, '', $file);
-							
+
 							if (sizeof($missing_vars[$file]))
 							{
 								$is_missing_var = true;
@@ -550,7 +550,7 @@ class acp_language
 						if (file_exists($phpbb_root_path . $this->get_filename($lang_iso, 'acp', $file)))
 						{
 							$missing_vars['acp/' . $file] = $this->compare_language_files($config['default_lang'], $lang_iso, 'acp', $file);
-							
+
 							if (sizeof($missing_vars['acp/' . $file]))
 							{
 								$is_missing_var = true;
@@ -569,7 +569,7 @@ class acp_language
 							if (file_exists($phpbb_root_path . $this->get_filename($lang_iso, 'mods', $file)))
 							{
 								$missing_vars['mods/' . $file] = $this->compare_language_files($config['default_lang'], $lang_iso, 'mods', $file);
-								
+
 								if (sizeof($missing_vars['mods/' . $file]))
 								{
 									$is_missing_var = true;
@@ -581,7 +581,7 @@ class acp_language
 							}
 						}
 					}
-				
+
 					// More missing files... for example email templates?
 					foreach ($email_files as $file)
 					{
@@ -1046,7 +1046,7 @@ class acp_language
 				$compress->add_data('', 'language/' . $row['lang_iso'] . '/index.html');
 				$compress->add_data('', 'language/' . $row['lang_iso'] . '/email/index.html');
 				$compress->add_data('', 'language/' . $row['lang_iso'] . '/acp/index.html');
-				
+
 				if (sizeof($mod_files))
 				{
 					$compress->add_data('', 'language/' . $row['lang_iso'] . '/mods/index.html');
@@ -1208,7 +1208,7 @@ $lang = array_merge($lang, array(
 	function get_filename($lang_iso, $directory, $filename, $check_store = false, $only_return_filename = false)
 	{
 		global $phpbb_root_path, $safe_mode;
-		
+
 		$check_filename = "language/$lang_iso/" . (($directory) ? $directory . '/' : '') . $filename;
 
 		if ($check_store)

phpBB/includes/acp/acp_main.php

@@ -61,6 +61,14 @@ class acp_main
 
 		if ($action)
 		{
+			if ($action === 'admlogout')
+			{
+				$user->unset_admin();
+				$redirect_url = append_sid("{$phpbb_root_path}index.$phpEx");
+				meta_refresh(3, $redirect_url);
+				trigger_error($user->lang['ADM_LOGGED_OUT'] . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . $redirect_url . '">', '</a>'));
+			}
+
 			if (!confirm_box(true))
 			{
 				switch ($action)
@@ -108,6 +116,7 @@ class acp_main
 			{
 				switch ($action)
 				{
+
 					case 'online':
 						if (!$auth->acl_get('a_board'))
 						{
@@ -157,9 +166,9 @@ class acp_main
 							FROM ' . ATTACHMENTS_TABLE . '
 							WHERE is_orphan = 0';
 						$result = $db->sql_query($sql);
-						set_config('upload_dir_size', (int) $db->sql_fetchfield('stat'), true);
+						set_config('upload_dir_size', (float) $db->sql_fetchfield('stat'), true);
 						$db->sql_freeresult($result);
-						
+
 						if (!function_exists('update_last_username'))
 						{
 							include($phpbb_root_path . "includes/functions_user.$phpEx");
@@ -175,22 +184,63 @@ class acp_main
 							trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING);
 						}
 
-						$sql = 'SELECT COUNT(p.post_id) AS num_posts, u.user_id
-							FROM ' . USERS_TABLE . ' u
-							LEFT JOIN  ' . POSTS_TABLE . ' p ON (u.user_id = p.poster_id AND p.post_postcount = 1)
-							GROUP BY u.user_id';
-						$result = $db->sql_query($sql);
+						// Resync post counts
+						$start = $max_post_id = 0;
 
-						while ($row = $db->sql_fetchrow($result))
-						{
-							$db->sql_query('UPDATE ' . USERS_TABLE . " SET user_posts = {$row['num_posts']} WHERE user_id = {$row['user_id']}");
-						}
+						// Find the maximum post ID, we can only stop the cycle when we've reached it
+						$sql = 'SELECT MAX(forum_last_post_id) as max_post_id
+							FROM ' . FORUMS_TABLE;
+						$result = $db->sql_query($sql);
+						$max_post_id = (int) $db->sql_fetchfield('max_post_id');
 						$db->sql_freeresult($result);
 
+						// No maximum post id? :o
+						if (!$max_post_id)
+						{
+							$sql = 'SELECT MAX(post_id)
+								FROM ' . POSTS_TABLE;
+							$result = $db->sql_query($sql);
+							$max_post_id = (int) $db->sql_fetchfield('max_post_id');
+							$db->sql_freeresult($result);
+						}
+
+						// Still no maximum post id? Then we are finished
+						if (!$max_post_id)
+						{
+							add_log('admin', 'LOG_RESYNC_POSTCOUNTS');
+							break;
+						}
+
+						$step = ($config['num_posts']) ? (max((int) ($config['num_posts'] / 5), 20000)) : 20000;
+						$db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_posts = 0');
+
+						while ($start < $max_post_id)
+						{
+							$sql = 'SELECT COUNT(post_id) AS num_posts, poster_id
+								FROM ' . POSTS_TABLE . '
+								WHERE post_id BETWEEN ' . ($start + 1) . ' AND ' . ($start + $step) . '
+									AND post_postcount = 1 AND post_approved = 1
+								GROUP BY poster_id';
+							$result = $db->sql_query($sql);
+
+							if ($row = $db->sql_fetchrow($result))
+							{
+								do
+								{
+									$sql = 'UPDATE ' . USERS_TABLE . " SET user_posts = user_posts + {$row['num_posts']} WHERE user_id = {$row['poster_id']}";
+									$db->sql_query($sql);
+								}
+								while ($row = $db->sql_fetchrow($result));
+							}
+							$db->sql_freeresult($result);
+
+							$start += $step;
+						}
+
 						add_log('admin', 'LOG_RESYNC_POSTCOUNTS');
 
 					break;
-			
+
 					case 'date':
 						if (!$auth->acl_get('a_board'))
 						{
@@ -200,7 +250,7 @@ class acp_main
 						set_config('board_startdate', time() - 1);
 						add_log('admin', 'LOG_RESET_DATE');
 					break;
-				
+
 					case 'db_track':
 						switch ($db->sql_layer)
 						{
@@ -222,7 +272,7 @@ class acp_main
 							FROM ' . FORUMS_TABLE . '
 							WHERE forum_type <> ' . FORUM_CAT;
 						$result = $db->sql_query($sql);
-				
+
 						$forum_ids = array();
 						while ($row = $db->sql_fetchrow($result))
 						{
@@ -272,7 +322,7 @@ class acp_main
 								$db->sql_multi_insert(TOPICS_POSTED_TABLE, $sql_ary);
 							}
 						}
-			
+
 						add_log('admin', 'LOG_RESYNC_POST_MARKING');
 					break;
 
@@ -310,7 +360,7 @@ class acp_main
 		$users_per_day = sprintf('%.2f', $total_users / $boarddays);
 		$files_per_day = sprintf('%.2f', $total_files / $boarddays);
 
-		$upload_dir_size = ($config['upload_dir_size'] >= 1048576) ? sprintf('%.2f ' . $user->lang['MB'], ($config['upload_dir_size'] / 1048576)) : (($config['upload_dir_size'] >= 1024) ? sprintf('%.2f ' . $user->lang['KB'], ($config['upload_dir_size'] / 1024)) : sprintf('%.2f ' . $user->lang['BYTES'], $config['upload_dir_size']));
+		$upload_dir_size = get_formatted_filesize($config['upload_dir_size']);
 
 		$avatar_dir_size = 0;
 
@@ -325,10 +375,7 @@ class acp_main
 			}
 			closedir($avatar_dir);
 
-			// This bit of code translates the avatar directory size into human readable format
-			// Borrowed the code from the PHP.net annoted manual, origanally written by:
-			// Jesse (jesse@jess.on.ca)
-			$avatar_dir_size = ($avatar_dir_size >= 1048576) ? sprintf('%.2f ' . $user->lang['MB'], ($avatar_dir_size / 1048576)) : (($avatar_dir_size >= 1024) ? sprintf('%.2f ' . $user->lang['KB'], ($avatar_dir_size / 1024)) : sprintf('%.2f ' . $user->lang['BYTES'], $avatar_dir_size));
+			$avatar_dir_size = get_formatted_filesize($avatar_dir_size);
 		}
 		else
 		{
@@ -392,7 +439,7 @@ class acp_main
 			'DATABASE_INFO'		=> $db->sql_server_info(),
 			'BOARD_VERSION'		=> $config['version'],
 
-			'U_ACTION'			=> append_sid("{$phpbb_admin_path}index.$phpEx"),
+			'U_ACTION'			=> $this->u_action,
 			'U_ADMIN_LOG'		=> append_sid("{$phpbb_admin_path}index.$phpEx", 'i=logs&amp;mode=admin'),
 			'U_INACTIVE_USERS'	=> append_sid("{$phpbb_admin_path}index.$phpEx", 'i=inactive&amp;mode=list'),
 
@@ -457,6 +504,12 @@ class acp_main
 			$template->assign_var('S_REMOVE_INSTALL', true);
 		}
 
+		if (!defined('PHPBB_DISABLE_CONFIG_CHECK') && file_exists($phpbb_root_path . 'config.' . $phpEx) && is_writable($phpbb_root_path . 'config.' . $phpEx))
+		{
+			// World-Writable? (000x)
+			$template->assign_var('S_WRITABLE_CONFIG', (bool) (@fileperms($phpbb_root_path . 'config.' . $phpEx) & 0x0002));
+		}
+
 		$this->tpl_name = 'acp_main';
 		$this->page_title = 'ACP_MAIN';
 	}

phpBB/includes/acp/acp_modules.php

@@ -658,6 +658,8 @@ class acp_modules
 
 			$iteration++;
 		}
+		$db->sql_freeresult($result);
+
 		unset($padding_store);
 
 		return $module_list;

phpBB/includes/acp/acp_permissions.php

@@ -48,7 +48,7 @@ class acp_permissions
 
 			$this->tpl_name = 'permission_trace';
 
-			if ($user_id && isset($auth_admin->option_ids[$permission]) && $auth->acl_get('a_viewauth'))
+			if ($user_id && isset($auth_admin->acl_options['id'][$permission]) && $auth->acl_get('a_viewauth'))
 			{
 				$this->page_title = sprintf($user->lang['TRACE_PERMISSION'], $user->lang['acl_' . $permission]['lang']);
 				$this->permission_trace($user_id, $forum_id, $permission);
@@ -124,7 +124,7 @@ class acp_permissions
 			$forum_id = array();
 			while ($row = $db->sql_fetchrow($result))
 			{
-				$forum_id[] = $row['forum_id'];
+				$forum_id[] = (int) $row['forum_id'];
 			}
 			$db->sql_freeresult($result);
 		}
@@ -133,7 +133,7 @@ class acp_permissions
 			$forum_id = array();
 			foreach (get_forum_branch($subforum_id, 'children') as $row)
 			{
-				$forum_id[] = $row['forum_id'];
+				$forum_id[] = (int) $row['forum_id'];
 			}
 		}
 
@@ -369,8 +369,8 @@ class acp_permissions
 
 					$template->assign_vars(array(
 						'S_SELECT_GROUP'		=> true,
-						'S_GROUP_OPTIONS'		=> group_select_options(false, false, (($user->data['user_type'] == USER_FOUNDER) ? false : 0)))
-					);
+						'S_GROUP_OPTIONS'		=> group_select_options(false, false, false), // Show all groups
+					));
 
 				break;
 
@@ -415,7 +415,7 @@ class acp_permissions
 						'S_SELECT_USERGROUP_VIEW'	=> ($victim == 'usergroup_view') ? true : false,
 						'S_DEFINED_USER_OPTIONS'	=> $items['user_ids_options'],
 						'S_DEFINED_GROUP_OPTIONS'	=> $items['group_ids_options'],
-						'S_ADD_GROUP_OPTIONS'		=> group_select_options(false, $items['group_ids'], (($user->data['user_type'] == USER_FOUNDER) ? false : 0)),
+						'S_ADD_GROUP_OPTIONS'		=> group_select_options(false, $items['group_ids'], false),	// Show all groups
 						'U_FIND_USERNAME'			=> append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=add_user&field=username&select_single=true'),
 					));
 
@@ -598,7 +598,7 @@ class acp_permissions
 			$ids = array();
 			while ($row = $db->sql_fetchrow($result))
 			{
-				$ids[] = $row[$sql_id];
+				$ids[] = (int) $row[$sql_id];
 			}
 			$db->sql_freeresult($result);
 		}
@@ -1117,31 +1117,51 @@ class acp_permissions
 		global $db, $user;
 
 		$sql_forum_id = ($permission_scope == 'global') ? 'AND a.forum_id = 0' : ((sizeof($forum_id)) ? 'AND ' . $db->sql_in_set('a.forum_id', $forum_id) : 'AND a.forum_id <> 0');
-		$sql_permission_option = ' AND o.auth_option ' . $db->sql_like_expression($permission_type . $db->any_char);
-		
-		$sql = $db->sql_build_query('SELECT_DISTINCT', array(
-			'SELECT'	=> 'u.username, u.username_clean, u.user_regdate, u.user_id',
 
-			'FROM'		=> array(
-				USERS_TABLE			=> 'u',
-				ACL_OPTIONS_TABLE	=> 'o',
-				ACL_USERS_TABLE		=> 'a'
-			),
+		// Permission options are only able to be a permission set... therefore we will pre-fetch the possible options and also the possible roles
+		$option_ids = $role_ids = array();
 
-			'LEFT_JOIN'	=> array(
-				array(
-					'FROM'	=> array(ACL_ROLES_DATA_TABLE => 'r'),
-					'ON'	=> 'a.auth_role_id = r.role_id'
-				)
-			),
+		$sql = 'SELECT auth_option_id
+			FROM ' . ACL_OPTIONS_TABLE . '
+			WHERE auth_option ' . $db->sql_like_expression($permission_type . $db->any_char);
+		$result = $db->sql_query($sql);
 
-			'WHERE'		=> "(a.auth_option_id = o.auth_option_id OR r.auth_option_id = o.auth_option_id)
-				$sql_permission_option
+		while ($row = $db->sql_fetchrow($result))
+		{
+			$option_ids[] = (int) $row['auth_option_id'];
+		}
+		$db->sql_freeresult($result);
+
+		if (sizeof($option_ids))
+		{
+			$sql = 'SELECT DISTINCT role_id
+				FROM ' . ACL_ROLES_DATA_TABLE . '
+				WHERE ' . $db->sql_in_set('auth_option_id', $option_ids);
+			$result = $db->sql_query($sql);
+
+			while ($row = $db->sql_fetchrow($result))
+			{
+				$role_ids[] = (int) $row['role_id'];
+			}
+			$db->sql_freeresult($result);
+		}
+
+		if (sizeof($option_ids) && sizeof($role_ids))
+		{
+			$sql_where = 'AND (' . $db->sql_in_set('a.auth_option_id', $option_ids) . ' OR ' . $db->sql_in_set('a.auth_role_id', $role_ids) . ')';
+		}
+		else
+		{
+			$sql_where = 'AND ' . $db->sql_in_set('a.auth_option_id', $option_ids);
+		}
+
+		// Not ideal, due to the filesort, non-use of indexes, etc.
+		$sql = 'SELECT DISTINCT u.user_id, u.username, u.username_clean, u.user_regdate
+			FROM ' . USERS_TABLE . ' u, ' . ACL_USERS_TABLE . " a
+			WHERE u.user_id = a.user_id
 				$sql_forum_id
-				AND u.user_id = a.user_id",
-
-			'ORDER_BY'	=> 'u.username_clean, u.user_regdate ASC'
-		));
+				$sql_where
+			ORDER BY u.username_clean, u.user_regdate ASC";
 		$result = $db->sql_query($sql);
 
 		$s_defined_user_options = '';
@@ -1153,29 +1173,12 @@ class acp_permissions
 		}
 		$db->sql_freeresult($result);
 
-		$sql = $db->sql_build_query('SELECT_DISTINCT', array(
-			'SELECT'	=> 'g.group_type, g.group_name, g.group_id',
-
-			'FROM'		=> array(
-				GROUPS_TABLE		=> 'g',
-				ACL_OPTIONS_TABLE	=> 'o',
-				ACL_GROUPS_TABLE	=> 'a'
-			),
-
-			'LEFT_JOIN'	=> array(
-				array(
-					'FROM'	=> array(ACL_ROLES_DATA_TABLE => 'r'),
-					'ON'	=> 'a.auth_role_id = r.role_id'
-				)
-			),
-
-			'WHERE'		=> "(a.auth_option_id = o.auth_option_id OR r.auth_option_id = o.auth_option_id)
-				$sql_permission_option
+		$sql = 'SELECT DISTINCT g.group_type, g.group_name, g.group_id
+			FROM ' . GROUPS_TABLE . ' g, ' . ACL_GROUPS_TABLE . " a
+			WHERE g.group_id = a.group_id
 				$sql_forum_id
-				AND g.group_id = a.group_id",
-
-			'ORDER_BY'	=> 'g.group_type DESC, g.group_name ASC'
-		));
+				$sql_where
+			ORDER BY g.group_type DESC, g.group_name ASC";
 		$result = $db->sql_query($sql);
 
 		$s_defined_group_options = '';

phpBB/includes/acp/acp_profile.php

@@ -77,7 +77,7 @@ class acp_profile
 			FROM ' . PROFILE_LANG_TABLE . '
 			ORDER BY lang_id';
 		$result = $db->sql_query($sql);
-	
+
 		while ($row = $db->sql_fetchrow($result))
 		{
 			// Which languages are available for each item
@@ -206,7 +206,7 @@ class acp_profile
 						'field_id'	=> $field_id,
 					)));
 				}
-	
+
 			break;
 
 			case 'activate':
@@ -216,7 +216,7 @@ class acp_profile
 				{
 					trigger_error($user->lang['NO_FIELD_ID'] . adm_back_link($this->u_action), E_USER_WARNING);
 				}
-	
+
 				$sql = 'SELECT lang_id
 					FROM ' . LANG_TABLE . "
 					WHERE lang_iso = '" . $db->sql_escape($config['default_lang']) . "'";
@@ -253,7 +253,7 @@ class acp_profile
 				{
 					trigger_error($user->lang['NO_FIELD_ID'] . adm_back_link($this->u_action), E_USER_WARNING);
 				}
-	
+
 				$sql = 'UPDATE ' . PROFILE_FIELDS_TABLE . "
 					SET field_active = 0
 					WHERE field_id = $field_id";
@@ -285,7 +285,7 @@ class acp_profile
 
 			case 'create':
 			case 'edit':
-		
+
 				$field_id = request_var('field_id', 0);
 				$step = request_var('step', 1);
 
@@ -354,18 +354,19 @@ class acp_profile
 				{
 					// We are adding a new field, define basic params
 					$lang_options = $field_row = array();
-		
+
 					$field_type = request_var('field_type', 0);
-			
+
 					if (!$field_type)
 					{
 						trigger_error($user->lang['NO_FIELD_TYPE'] . adm_back_link($this->u_action), E_USER_WARNING);
 					}
 
 					$field_row = array_merge($default_values[$field_type], array(
-						'field_ident'		=> utf8_clean_string(request_var('field_ident', '', true)),
+						'field_ident'		=> str_replace(' ', '_', utf8_clean_string(request_var('field_ident', '', true))),
 						'field_required'	=> 0,
 						'field_hide'		=> 0,
+						'field_show_profile'=> 0,
 						'field_no_view'		=> 0,
 						'field_show_on_reg'	=> 0,
 						'lang_name'			=> utf8_normalize_nfc(request_var('field_ident', '', true)),
@@ -378,7 +379,7 @@ class acp_profile
 
 				// $exclude contains the data we gather in each step
 				$exclude = array(
-					1	=> array('field_ident', 'lang_name', 'lang_explain', 'field_option', 'field_no_view'),
+					1	=> array('field_ident', 'lang_name', 'lang_explain', 'field_option_none', 'field_show_on_reg', 'field_required', 'field_hide', 'field_show_profile', 'field_no_view'),
 					2	=> array('field_length', 'field_maxlen', 'field_minlen', 'field_validation', 'field_novalue', 'field_default_value'),
 					3	=> array('l_lang_name', 'l_lang_explain', 'l_lang_default_value', 'l_lang_options')
 				);
@@ -400,25 +401,20 @@ class acp_profile
 				$cp->vars['lang_explain']		= utf8_normalize_nfc(request_var('lang_explain', $field_row['lang_explain'], true));
 				$cp->vars['lang_default_value']	= utf8_normalize_nfc(request_var('lang_default_value', $field_row['lang_default_value'], true));
 
-				// Field option...
-				if (isset($_REQUEST['field_option']))
-				{
-					$field_option = request_var('field_option', '');
+				// Visibility Options...
+				$visibility_ary = array(
+					'field_required',
+					'field_show_on_reg',
+					'field_show_profile',
+					'field_hide',
+				);
 
-					$cp->vars['field_required'] = ($field_option == 'field_required') ? 1 : 0;
-					$cp->vars['field_show_on_reg'] = ($field_option == 'field_show_on_reg') ? 1 : 0;
-					$cp->vars['field_hide'] = ($field_option == 'field_hide') ? 1 : 0;
-				}
-				else
+				foreach ($visibility_ary as $val)
 				{
-					$cp->vars['field_required'] = $field_row['field_required'];
-					$cp->vars['field_show_on_reg'] = $field_row['field_show_on_reg'];
-					$cp->vars['field_hide'] = $field_row['field_hide'];
-
-					$field_option = ($field_row['field_required']) ? 'field_required' : (($field_row['field_show_on_reg']) ? 'field_show_on_reg' : (($field_row['field_hide']) ? 'field_hide' : ''));
+					$cp->vars[$val] = ($submit || $save) ? request_var($val, 0) : $field_row[$val];
 				}
 
-				$cp->vars['field_no_view'] = request_var('field_no_view', $field_row['field_no_view']);
+				$cp->vars['field_no_view'] = request_var('field_no_view', (int) $field_row['field_no_view']);
 
 				// A boolean field expects an array as the lang options
 				if ($field_type == FIELD_BOOL)
@@ -481,7 +477,7 @@ class acp_profile
 					else if ($field_type == FIELD_DATE && $key == 'field_default_value')
 					{
 						$always_now = request_var('always_now', -1);
-						
+
 						if ($always_now == 1 || ($always_now === -1 && $var == 'now'))
 						{
 							$now = getdate();
@@ -504,7 +500,7 @@ class acp_profile
 							{
 								list($cp->vars['field_default_value_day'], $cp->vars['field_default_value_month'], $cp->vars['field_default_value_year']) = explode('-', $var);
 							}
-						}	
+						}
 					}
 					/* else if ($field_type == FIELD_BOOL && $key == 'field_default_value')
 					{
@@ -533,7 +529,7 @@ class acp_profile
 					}
 					$db->sql_freeresult($result);
 
-		
+
 					$sql = 'SELECT lang_id, lang_name, lang_explain, lang_default_value
 						FROM ' . PROFILE_LANG_TABLE . '
 						WHERE lang_id <> ' . $this->edit_lang_id . "
@@ -550,7 +546,7 @@ class acp_profile
 					}
 					$db->sql_freeresult($result);
 				}
-		
+
 				foreach ($exclude[3] as $key)
 				{
 					$cp->vars[$key] = utf8_normalize_nfc(request_var($key, array(0 => ''), true));
@@ -569,7 +565,7 @@ class acp_profile
 						{
 							$cp->vars[$key][$lang_id] = explode("\n", $options);
 						}
-						
+
 					}
 				}
 
@@ -709,7 +705,7 @@ class acp_profile
 
 					'L_TITLE'			=> $user->lang['STEP_' . $step . '_TITLE_' . strtoupper($action)],
 					'L_EXPLAIN'			=> $user->lang['STEP_' . $step . '_EXPLAIN_' . strtoupper($action)],
-					
+
 					'U_ACTION'			=> $this->u_action . "&amp;action=$action&amp;step=$step",
 					'U_BACK'			=> $this->u_action)
 				);
@@ -719,13 +715,14 @@ class acp_profile
 				{
 					// Create basic options - only small differences between field types
 					case 1:
-	
+
 						// Build common create options
 						$template->assign_vars(array(
 							'S_STEP_ONE'		=> true,
 							'S_FIELD_REQUIRED'	=> ($cp->vars['field_required']) ? true : false,
 							'S_SHOW_ON_REG'		=> ($cp->vars['field_show_on_reg']) ? true : false,
 							'S_FIELD_HIDE'		=> ($cp->vars['field_hide']) ? true : false,
+							'S_SHOW_PROFILE'	=> ($cp->vars['field_show_profile']) ? true : false,
 							'S_FIELD_NO_VIEW'	=> ($cp->vars['field_no_view']) ? true : false,
 
 							'L_LANG_SPECIFIC'	=> sprintf($user->lang['LANG_SPECIFIC_OPTIONS'], $config['default_lang']),
@@ -746,7 +743,7 @@ class acp_profile
 								'LANG_DEFAULT_VALUE'		=> $cp->vars['lang_default_value'])
 							);
 						}
-			
+
 						if ($field_type == FIELD_BOOL || $field_type == FIELD_DROPDOWN)
 						{
 							// Initialize these array elements if we are creating a new field
@@ -775,11 +772,11 @@ class acp_profile
 								'SECOND_LANG_OPTION'		=> ($field_type == FIELD_BOOL) ? $cp->vars['lang_options'][1] : '')
 							);
 						}
-					
+
 					break;
 
 					case 2:
-						
+
 						$template->assign_vars(array(
 							'S_STEP_TWO'		=> true,
 							'L_NEXT_STEP'			=> (sizeof($this->lang_defs['iso']) == 1) ? $user->lang['SAVE'] : $user->lang['PROFILE_LANG_OPTIONS'])
@@ -817,7 +814,7 @@ class acp_profile
 								);
 							}
 						}
-		
+
 					break;
 				}
 
@@ -829,7 +826,7 @@ class acp_profile
 
 			break;
 		}
-		
+
 		$sql = 'SELECT *
 			FROM ' . PROFILE_FIELDS_TABLE . '
 			ORDER BY field_order';
@@ -905,14 +902,14 @@ class acp_profile
 			$languages[$row['lang_id']] = $row['lang_iso'];
 		}
 		$db->sql_freeresult($result);
-		
+
 		$options = array();
 		$options['lang_name'] = 'string';
 		if ($cp->vars['lang_explain'])
 		{
 			$options['lang_explain'] = 'text';
 		}
-	
+
 		switch ($field_type)
 		{
 			case FIELD_BOOL:
@@ -922,7 +919,7 @@ class acp_profile
 			case FIELD_DROPDOWN:
 				$options['lang_options'] = 'optionfield';
 			break;
-			
+
 			case FIELD_TEXT:
 			case FIELD_STRING:
 				if ($cp->vars['lang_default_value'])
@@ -931,7 +928,7 @@ class acp_profile
 				}
 			break;
 		}
-	
+
 		$lang_options = array();
 
 		foreach ($options as $field => $field_type)
@@ -957,7 +954,7 @@ class acp_profile
 				if ($field == 'lang_options')
 				{
 					$var = (!isset($cp->vars['l_lang_options'][$lang_id]) || !is_array($cp->vars['l_lang_options'][$lang_id])) ? $cp->vars['lang_options'] : $cp->vars['l_lang_options'][$lang_id];
-					
+
 					switch ($field_type)
 					{
 						case 'two_options':
@@ -978,7 +975,7 @@ class acp_profile
 							);
 						break;
 					}
-				
+
 					if (isset($user->lang['CP_' . strtoupper($field) . '_EXPLAIN']))
 					{
 						$lang_options[$lang_id]['fields'][$field]['EXPLAIN'] = $user->lang['CP_' . strtoupper($field) . '_EXPLAIN'];
@@ -992,7 +989,7 @@ class acp_profile
 						'TITLE'		=> $user->lang['CP_' . strtoupper($field)],
 						'FIELD'		=> ($field_type == 'string') ? '<dd><input class="medium" type="text" name="l_' . $field . '[' . $lang_id . ']" value="' . ((isset($value[$lang_id])) ? $value[$lang_id] : $var) . '" /></dd>' : '<dd><textarea name="l_' . $field . '[' . $lang_id . ']" rows="3" cols="80">' . ((isset($value[$lang_id])) ? $value[$lang_id] : $var) . '</textarea></dd>'
 					);
-			
+
 					if (isset($user->lang['CP_' . strtoupper($field) . '_EXPLAIN']))
 					{
 						$lang_options[$lang_id]['fields'][$field]['EXPLAIN'] = $user->lang['CP_' . strtoupper($field) . '_EXPLAIN'];
@@ -1040,6 +1037,7 @@ class acp_profile
 			'field_required'		=> $cp->vars['field_required'],
 			'field_show_on_reg'		=> $cp->vars['field_show_on_reg'],
 			'field_hide'			=> $cp->vars['field_hide'],
+			'field_show_profile'	=> $cp->vars['field_show_profile'],
 			'field_no_view'			=> $cp->vars['field_no_view']
 		);
 
@@ -1065,7 +1063,7 @@ class acp_profile
 				WHERE field_id = $field_id";
 			$db->sql_query($sql);
 		}
-		
+
 		if ($action == 'create')
 		{
 			$field_ident = 'pf_' . $field_ident;
@@ -1082,7 +1080,7 @@ class acp_profile
 		{
 			$sql_ary['field_id'] = $field_id;
 			$sql_ary['lang_id'] = $default_lang_id;
-		
+
 			$profile_sql[] = 'INSERT INTO ' . PROFILE_LANG_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
 		}
 		else
@@ -1155,7 +1153,7 @@ class acp_profile
 						AND lang_id = " . (int) $default_lang_id;
 				$db->sql_query($sql);
 			}
-			
+
 			foreach ($cp->vars['lang_options'] as $option_id => $value)
 			{
 				$sql_ary = array(
@@ -1258,7 +1256,7 @@ class acp_profile
 					$lang_id = $sql['lang_id'];
 					$option_id = $sql['option_id'];
 					unset($sql['lang_id'], $sql['field_id'], $sql['option_id']);
-					
+
 					$this->update_insert(PROFILE_FIELDS_LANG_TABLE, $sql, array(
 						'lang_id'	=> $lang_id,
 						'field_id'	=> $field_id,
@@ -1278,7 +1276,7 @@ class acp_profile
 				$db->sql_query($sql);
 			}
 		}
-		
+
 		$db->sql_transaction('commit');
 
 		if ($action == 'edit')
@@ -1324,7 +1322,7 @@ class acp_profile
 		if (!$row)
 		{
 			$sql_ary = array_merge($where_fields, $sql_ary);
-			
+
 			if (sizeof($sql_ary))
 			{
 				$db->sql_query("INSERT INTO $table " . $db->sql_build_array('INSERT', $sql_ary));
@@ -1376,7 +1374,7 @@ class acp_profile
 					case FIELD_BOOL:
 						$sql .= 'TINYINT(2) ';
 					break;
-				
+
 					case FIELD_DROPDOWN:
 						$sql .= 'MEDIUMINT(8) ';
 					break;
@@ -1612,4 +1610,4 @@ class acp_profile
 	}
 }
 
-?>
+?>

phpBB/includes/acp/acp_prune.php

@@ -405,7 +405,15 @@ class acp_prune
 			$where_sql .= ($email) ? ' AND user_email ' . $db->sql_like_expression(str_replace('*', $db->any_char, $email)) . ' ' : '';
 			$where_sql .= (sizeof($joined)) ? " AND user_regdate " . $key_match[$joined_select] . ' ' . gmmktime(0, 0, 0, (int) $joined[1], (int) $joined[2], (int) $joined[0]) : '';
 			$where_sql .= ($count !== '') ? " AND user_posts " . $key_match[$count_select] . ' ' . (int) $count . ' ' : '';
-			$where_sql .= (sizeof($active)) ? " AND user_lastvisit " . $key_match[$active_select] . " " . gmmktime(0, 0, 0, (int) $active[1], (int) $active[2], (int) $active[0]) : '';
+
+			if (sizeof($active) && $active_select != 'lt')
+			{
+				$where_sql .= ' AND user_lastvisit ' . $key_match[$active_select] . ' ' . gmmktime(0, 0, 0, (int) $active[1], (int) $active[2], (int) $active[0]);
+			}
+			else if (sizeof($active))
+			{
+				$where_sql .= ' AND (user_lastvisit > 0 AND user_lastvisit < ' . gmmktime(0, 0, 0, (int) $active[1], (int) $active[2], (int) $active[0]) . ')';
+			}
 		}
 
 		// Protect the admin, do not prune if no options are given...

phpBB/includes/acp/acp_search.php

@@ -183,6 +183,26 @@ class acp_search
 				}
 			}
 
+			$search = null;
+			$error = false;
+			if (!$this->init_search($config['search_type'], $search, $error))
+			{
+				if ($updated)
+				{
+					if (method_exists($search, 'config_updated'))
+					{
+						if ($search->config_updated())
+						{
+							trigger_error($error . adm_back_link($this->u_action), E_USER_WARNING);
+						}
+					}
+				}
+			}
+			else
+			{
+				trigger_error($error . adm_back_link($this->u_action), E_USER_WARNING);
+			}
+
 			trigger_error($user->lang['CONFIG_UPDATED'] . $extra_message . adm_back_link($this->u_action));
 		}
 		unset($cfg_array);
@@ -518,9 +538,9 @@ class acp_search
 	function close_popup_js()
 	{
 		return "<script type=\"text/javascript\">\n" .
-			"<!--\n" .
+			"// <![CDATA[\n" .
 			"	close_waitscreen = 1;\n" .
-			"//-->\n" .
+			"// ]]>\n" .
 			"</script>\n";
 	}
 

phpBB/includes/acp/acp_styles.php

@@ -93,6 +93,15 @@ version = {VERSION}
 parse_css_file = {PARSE_CSS_FILE}
 ';
 
+		$this->template_cfg .= '
+# Some configuration options
+
+#
+# You can use this function to inherit templates from another template.
+# The template of the given name has to be installed.
+# Templates cannot inherit from inheriting templates.
+#';
+
 		$this->imageset_keys = array(
 			'logos' => array(
 				'site_logo',
@@ -670,6 +679,11 @@ parse_css_file = {PARSE_CSS_FILE}
 	{
 		global $phpbb_root_path, $phpEx, $config, $db, $cache, $user, $template, $safe_mode;
 
+		if (defined('PHPBB_DISABLE_ACP_EDITOR'))
+		{
+			trigger_error($user->lang['EDITOR_DISABLED'] . adm_back_link($this->u_action));
+		}
+
 		$this->page_title = 'EDIT_TEMPLATE';
 
 		$filelist = $filelist_cats = array();
@@ -682,7 +696,7 @@ parse_css_file = {PARSE_CSS_FILE}
 
 		// make sure template_file path doesn't go upwards
 		$template_file = str_replace('..', '.', $template_file);
-		
+
 		// Retrieve some information about the template
 		$sql = 'SELECT template_storedb, template_path, template_name
 			FROM ' . STYLES_TEMPLATE_TABLE . "
@@ -696,6 +710,15 @@ parse_css_file = {PARSE_CSS_FILE}
 			trigger_error($user->lang['NO_TEMPLATE'] . adm_back_link($this->u_action), E_USER_WARNING);
 		}
 
+		if ($save_changes && !check_form_key('acp_styles'))
+		{
+			trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+		}
+		else if (!$save_changes)
+		{
+			add_form_key('acp_styles');
+		}
+
 		// save changes to the template if the user submitted any
 		if ($save_changes && $template_file)
 		{
@@ -720,13 +743,14 @@ parse_css_file = {PARSE_CSS_FILE}
 				// If it's not stored in the db yet, then update the template setting and store all template files in the db
 				if (!$template_info['template_storedb'])
 				{
-					$sql = 'UPDATE ' . STYLES_TEMPLATE_TABLE . '
-						SET template_storedb = 1
-						WHERE template_id = ' . $template_id;
-					$db->sql_query($sql);
-
-					$filelist = filelist("{$phpbb_root_path}styles/{$template_info['template_path']}/template", '', 'html');
-					$this->store_templates('insert', $template_id, $template_info['template_path'], $filelist);
+					if ($this->get_super('template', $template_id))
+					{
+						$this->store_in_db('template', $super['template_id']);
+					}
+					else
+					{
+						$this->store_in_db('template', $template_id);
+					}
 
 					add_log('admin', 'LOG_TEMPLATE_EDIT_DETAILS', $template_info['template_name']);
 					$additional .= '<br />' . $user->lang['EDIT_TEMPLATE_STORED_DB'];
@@ -914,7 +938,7 @@ parse_css_file = {PARSE_CSS_FILE}
 			trigger_error($user->lang['TEMPLATE_CACHE_CLEARED'] . adm_back_link($this->u_action . "&amp;action=cache&amp;id=$template_id"));
 		}
 
-		$cache_prefix = 'tpl_' . $template_row['template_path'];
+		$cache_prefix = 'tpl_' . str_replace('_', '-', $template_row['template_path']);
 
 		// Someone wants to see the cached source ... so we'll highlight it,
 		// add line numbers and indent it appropriately. This could be nasty
@@ -966,17 +990,30 @@ parse_css_file = {PARSE_CSS_FILE}
 		$filemtime = array();
 		if ($template_row['template_storedb'])
 		{
-			$sql = 'SELECT template_filename, template_mtime
-				FROM ' . STYLES_TEMPLATE_DATA_TABLE . "
-				WHERE template_id = $template_id";
-			$result = $db->sql_query($sql);
-
-			$filemtime = array();
-			while ($row = $db->sql_fetchrow($result))
+			$ids = array();
+			if (isset($template_row['template_inherits_id']) && $template_row['template_inherits_id'])
 			{
-				$filemtime[$row['template_filename']] = $row['template_mtime'];
+				$ids[] = $template_row['template_inherits_id'];
+			}
+			$ids[] = $template_row['template_id'];
+
+			$filemtime 			= array();
+			$file_template_db	= array();
+
+			foreach ($ids as $id)
+			{
+				$sql = 'SELECT template_filename, template_mtime
+					FROM ' . STYLES_TEMPLATE_DATA_TABLE . "
+					WHERE template_id = $id";
+				$result = $db->sql_query($sql);
+
+				while ($row = $db->sql_fetchrow($result))
+				{
+					$filemtime[$row['template_filename']] = $row['template_mtime'];
+					$file_template_db[$row['template_filename']] = $id;
+				}
+				$db->sql_freeresult($result);
 			}
-			$db->sql_freeresult($result);
 		}
 
 		// Get a list of cached template files and then retrieve additional information about them
@@ -985,12 +1022,12 @@ parse_css_file = {PARSE_CSS_FILE}
 		foreach ($file_ary as $file)
 		{
 			$file 		= str_replace('/', '.', $file);
-			
+
 			// perform some dirty guessing to get the path right.
 			// We assume that three dots in a row were '../'
 			$tpl_file 	= str_replace('.', '/', $file);
 			$tpl_file 	= str_replace('///', '../', $tpl_file);
-			
+
 			$filename = "{$cache_prefix}_$file.html.$phpEx";
 
 			if (!file_exists("{$phpbb_root_path}cache/$filename"))
@@ -998,13 +1035,38 @@ parse_css_file = {PARSE_CSS_FILE}
 				continue;
 			}
 
+			$file_tpl = "{$phpbb_root_path}styles/{$template_row['template_path']}/template/$tpl_file.html";
+			$inherited = false;
+
+			if (isset($template_row['template_inherits_id']) && $template_row['template_inherits_id'])
+			{
+				if (!$template_row['template_storedb'])
+				{
+					if (!file_exists($file_tpl))
+					{
+						$file_tpl = "{$phpbb_root_path}styles/{$template_row['template_inherit_path']}/template/$tpl_file.html";
+						$inherited = true;
+					}
+				}
+				else
+				{
+					if ($file_template_db[$file . '.html'] == $template_row['template_inherits_id'])
+					{
+						$file_tpl = "{$phpbb_root_path}styles/{$template_row['template_inherit_path']}/template/$tpl_file.html";
+						$inherited = true;
+					}
+				}
+			}
+
+
 			$template->assign_block_vars('file', array(
 				'U_VIEWSOURCE'	=> $this->u_action . "&amp;action=cache&amp;id=$template_id&amp;source=$file",
 
 				'CACHED'		=> $user->format_date(filemtime("{$phpbb_root_path}cache/$filename")),
 				'FILENAME'		=> $file,
-				'FILESIZE'		=> sprintf('%.1f KB', filesize("{$phpbb_root_path}cache/$filename") / 1024),
-				'MODIFIED'		=> $user->format_date((!$template_row['template_storedb']) ? filemtime("{$phpbb_root_path}styles/{$template_row['template_path']}/template/$tpl_file.html") : $filemtime[$file . '.html']))
+				'FILENAME_PATH'	=> $file_tpl,
+				'FILESIZE'		=> sprintf('%.1f ' . $user->lang['KIB'], filesize("{$phpbb_root_path}cache/$filename") / 1024),
+				'MODIFIED'		=> $user->format_date((!$template_row['template_storedb']) ? filemtime($file_tpl) : $filemtime[$file . '.html']))
 			);
 		}
 		unset($filemtime);
@@ -1039,7 +1101,7 @@ parse_css_file = {PARSE_CSS_FILE}
 
 		// make sure theme_file path doesn't go upwards
 		$theme_file = str_replace('..', '.', $theme_file);
-		
+
 		// Retrieve some information about the theme
 		$sql = 'SELECT theme_storedb, theme_path, theme_name, theme_data
 			FROM ' . STYLES_THEME_TABLE . "
@@ -1220,7 +1282,7 @@ parse_css_file = {PARSE_CSS_FILE}
 		$imgsize	= request_var('imgsize', false);
 		$imgwidth	= request_var('imgwidth', 0);
 		$imgheight	= request_var('imgheight', 0);
-		
+
 		$imgname	= preg_replace('#[^a-z0-9\-+_]#i', '', $imgname);
 		$imgpath	= str_replace('..', '.', $imgpath);
 
@@ -1508,6 +1570,18 @@ parse_css_file = {PARSE_CSS_FILE}
 			break;
 		}
 
+		if ($mode === 'template' && ($conflicts = $this->check_inheritance($mode, $style_id)))
+		{
+			$l_type = strtoupper($mode);
+			$msg = $user->lang[$l_type . '_DELETE_DEPENDENT'];
+			foreach ($conflicts as $id => $values)
+			{
+				$msg .= '<br />' . $values['template_name'];
+			}
+
+			trigger_error($msg . adm_back_link($this->u_action), E_USER_WARNING);
+		}
+
 		$l_prefix = strtoupper($mode);
 
 		$sql = "SELECT $sql_select
@@ -1708,7 +1782,7 @@ parse_css_file = {PARSE_CSS_FILE}
 				trigger_error($user->lang['NO_' . $l_prefix] . adm_back_link($this->u_action), E_USER_WARNING);
 			}
 
-			$var_ary = array('style_id', 'style_name', 'style_copyright', 'template_id', 'template_name', 'template_path', 'template_copyright', 'template_storedb', 'bbcode_bitfield', 'theme_id', 'theme_name', 'theme_path', 'theme_copyright', 'theme_storedb', 'theme_mtime', 'theme_data', 'imageset_id', 'imageset_name', 'imageset_path', 'imageset_copyright');
+			$var_ary = array('style_id', 'style_name', 'style_copyright', 'template_id', 'template_name', 'template_path', 'template_copyright', 'template_storedb', 'template_inherits_id', 'bbcode_bitfield', 'theme_id', 'theme_name', 'theme_path', 'theme_copyright', 'theme_storedb', 'theme_mtime', 'theme_data', 'imageset_id', 'imageset_name', 'imageset_path', 'imageset_copyright');
 
 			foreach ($var_ary as $var)
 			{
@@ -1740,7 +1814,23 @@ parse_css_file = {PARSE_CSS_FILE}
 			if ($mode == 'template' || $inc_template)
 			{
 				$template_cfg = str_replace(array('{MODE}', '{NAME}', '{COPYRIGHT}', '{VERSION}'), array($mode, $style_row['template_name'], $style_row['template_copyright'], $config['version']), $this->template_cfg);
-				$template_cfg .= "\nbbcode_bitfield = {$style_row['bbcode_bitfield']}";
+
+				$use_template_name = '';
+
+				// Add the inherit from variable, depending on it's use...
+				if ($style_row['template_inherits_id'])
+				{
+					// Get the template name
+					$sql = 'SELECT template_name
+						FROM ' . STYLES_TEMPLATE_TABLE . '
+						WHERE template_id = ' . (int) $style_row['template_inherits_id'];
+					$result = $db->sql_query($sql);
+					$use_template_name = (string) $db->sql_fetchfield('template_name');
+					$db->sql_freeresult($result);
+				}
+
+				$template_cfg .= ($use_template_name) ? "\ninherit_from = $use_template_name" : "\n#inherit_from = ";
+				$template_cfg .= "\n\nbbcode_bitfield = {$style_row['bbcode_bitfield']}";
 
 				$data[] = array(
 					'src'		=> $template_cfg,
@@ -2086,6 +2176,20 @@ parse_css_file = {PARSE_CSS_FILE}
 			$style_default = request_var('style_default', 0);
 			$store_db = request_var('store_db', 0);
 
+			// If the admin selected the style to be the default style, but forgot to activate it... we will do it for him
+			if ($style_default)
+			{
+				$style_active = 1;
+			}
+
+			$sql = "SELECT {$mode}_id, {$mode}_name
+				FROM $sql_from
+				WHERE {$mode}_id <> $style_id
+				AND LOWER({$mode}_name) = '" . $db->sql_escape(strtolower($name)) . "'";
+			$result = $db->sql_query($sql);
+			$conflict = $db->sql_fetchrow($result);
+			$db->sql_freeresult($result);
+
 			if ($mode == 'style' && (!$template_id || !$theme_id || !$imageset_id))
 			{
 				$error[] = $user->lang['STYLE_ERR_NO_IDS'];
@@ -2096,7 +2200,7 @@ parse_css_file = {PARSE_CSS_FILE}
 				$error[] = $user->lang['DEACTIVATE_DEFAULT'];
 			}
 
-			if (!$name)
+			if (!$name || $conflict)
 			{
 				$error[] = $user->lang[$l_type . '_ERR_STYLE_NAME'];
 			}
@@ -2123,7 +2227,7 @@ parse_css_file = {PARSE_CSS_FILE}
 					}
 				}
 			}
-			
+
 			if (!sizeof($error))
 			{
 				// Check length settings
@@ -2209,51 +2313,38 @@ parse_css_file = {PARSE_CSS_FILE}
 
 					if ($style_row['template_storedb'] != $store_db)
 					{
-						if (!$store_db && !$safe_mode && @is_writable("{$phpbb_root_path}styles/{$style_row['template_path']}/template"))
+						if ($super = $this->get_super($mode, $style_row['template_id']))
 						{
-							$sql = 'SELECT *
-								FROM ' . STYLES_TEMPLATE_DATA_TABLE . "
-								WHERE template_id = $style_id";
-							$result = $db->sql_query($sql);
-
-							while ($row = $db->sql_fetchrow($result))
+							$error[] = (sprintf($user->lang["{$l_type}_INHERITS"], $super['template_name']));
+							$sql_ary = array();
+						}
+						else
+						{
+							if (!$store_db && !$safe_mode && @is_writable("{$phpbb_root_path}styles/{$style_row['template_path']}/template"))
 							{
-								if (!($fp = @fopen("{$phpbb_root_path}styles/{$style_row['template_path']}/template/" . $row['template_filename'], 'wb')))
+								$err = $this->store_in_fs('template', $style_row['template_id']);
+								if ($err)
 								{
-									$store_db = 1;
-									$error[] = $user->lang['EDIT_TEMPLATE_STORED_DB'];
-									break;
+									$error += $err;
 								}
-
-								fwrite($fp, $row['template_data']);
-								fclose($fp);
 							}
-							$db->sql_freeresult($result);
-
-							if (!$store_db)
+							else if ($store_db)
 							{
+								$this->store_in_db('template', $style_row['template_id']);
+							}
+							else
+							{
+								// We no longer store within the db, but are also not able to update the file structure
+								// Since the admin want to switch this, we adhere to his decision. But we also need to remove the cache
 								$sql = 'DELETE FROM ' . STYLES_TEMPLATE_DATA_TABLE . "
 									WHERE template_id = $style_id";
 								$db->sql_query($sql);
 							}
-						}
-						else if ($store_db)
-						{
-							$filelist = filelist("{$phpbb_root_path}styles/{$style_row['template_path']}/template", '', 'html');
-							$this->store_templates('insert', $style_id, $style_row['template_path'], $filelist);
-						}
-						else
-						{
-							// We no longer store within the db, but are also not able to update the file structure
-							// Since the admin want to switch this, we adhere to his decision. But we also need to remove the cache
-							$sql = 'DELETE FROM ' . STYLES_TEMPLATE_DATA_TABLE . "
-								WHERE template_id = $style_id";
-							$db->sql_query($sql);
-						}
 
-						$sql_ary += array(
-							'template_storedb'	=> $store_db,
-						);
+							$sql_ary += array(
+								'template_storedb'	=> $store_db,
+							);
+						}
 					}
 				break;
 			}
@@ -2304,6 +2395,16 @@ parse_css_file = {PARSE_CSS_FILE}
 			}
 		}
 
+
+		if ($mode == 'template')
+		{
+			$super = array();
+			if (isset($style_row[$mode . '_inherits_id']) && $style_row['template_inherits_id'])
+			{
+				$super = $this->get_super($mode, $style_row['template_id']);
+			}
+		}
+
 		$this->page_title = 'EDIT_DETAILS_' . $l_type;
 
 		$template->assign_vars(array(
@@ -2314,8 +2415,10 @@ parse_css_file = {PARSE_CSS_FILE}
 			'S_THEME'				=> ($mode == 'theme') ? true : false,
 			'S_IMAGESET'			=> ($mode == 'imageset') ? true : false,
 			'S_STORE_DB'			=> (isset($style_row[$mode . '_storedb'])) ? $style_row[$mode . '_storedb'] : 0,
+			'S_STORE_DB_DISABLED'	=> (isset($style_row[$mode . '_inherits_id'])) ? $style_row[$mode . '_inherits_id'] : 0,
 			'S_STYLE_ACTIVE'		=> (isset($style_row['style_active'])) ? $style_row['style_active'] : 0,
 			'S_STYLE_DEFAULT'		=> (isset($style_row['style_default'])) ? $style_row['style_default'] : 0,
+			'S_SUPERTEMPLATE'		=> (isset($style_row[$mode . '_inherits_id']) && $style_row[$mode . '_inherits_id']) ? $super['template_name'] : 0,
 
 			'S_TEMPLATE_OPTIONS'	=> ($mode == 'style') ? $template_options : '',
 			'S_THEME_OPTIONS'		=> ($mode == 'style') ? $theme_options : '',
@@ -2354,6 +2457,10 @@ parse_css_file = {PARSE_CSS_FILE}
 		{
 			$content = '';
 		}
+		if (defined('DEBUG'))
+		{
+			$content = "/* BEGIN @include $filename */ \n $content \n /* END @include $filename */ \n";
+		}
 
 		return $content;
 	}
@@ -2478,7 +2585,7 @@ parse_css_file = {PARSE_CSS_FILE}
 	{
 		global $phpbb_root_path, $phpEx, $user;
 
-		$cache_prefix = 'tpl_' . $template_path;
+		$cache_prefix = 'tpl_' . str_replace('_', '-', $template_path);
 
 		if (!($dp = @opendir("{$phpbb_root_path}cache")))
 		{
@@ -2514,7 +2621,7 @@ parse_css_file = {PARSE_CSS_FILE}
 	{
 		global $phpbb_root_path, $phpEx, $user;
 
-		$cache_prefix = 'tpl_' . $template_row['template_path'];
+		$cache_prefix = 'tpl_' . str_replace('_', '-', $template_row['template_path']);
 
 		if (!$file_ary || !is_array($file_ary))
 		{
@@ -2615,6 +2722,23 @@ parse_css_file = {PARSE_CSS_FILE}
 						{
 							$style_row[$element . '_name'] = $reqd_template;
 						}
+
+						// Merge other information to installcfg... if present
+						$cfg_file = $phpbb_root_path . 'styles/' . $install_path . '/' . $element . '/' . $element . '.cfg';
+
+						if (file_exists($cfg_file))
+						{
+							$cfg_contents = parse_cfg_file($cfg_file);
+
+							// Merge only specific things. We may need them later.
+							foreach (array('inherit_from', 'parse_css_file') as $key)
+							{
+								if (!empty($cfg_contents[$key]) && !isset($installcfg[$key]))
+								{
+									$installcfg[$key] = $cfg_contents[$key];
+								}
+							}
+						}
 					}
 
 				break;
@@ -2673,8 +2797,10 @@ parse_css_file = {PARSE_CSS_FILE}
 			'S_DETAILS'			=> true,
 			'S_INSTALL'			=> true,
 			'S_ERROR_MSG'		=> (sizeof($error)) ? true : false,
+			'S_LOCATION'		=> (isset($installcfg['inherit_from']) && $installcfg['inherit_from']) ? false : true,
 			'S_STYLE'			=> ($mode == 'style') ? true : false,
 			'S_TEMPLATE'		=> ($mode == 'template') ? true : false,
+			'S_SUPERTEMPLATE'	=> (isset($installcfg['inherit_from'])) ? $installcfg['inherit_from'] : '',
 			'S_THEME'			=> ($mode == 'theme') ? true : false,
 
 			'S_STORE_DB'			=> (isset($style_row[$mode . '_storedb'])) ? $style_row[$mode . '_storedb'] : 0,
@@ -3025,6 +3151,9 @@ parse_css_file = {PARSE_CSS_FILE}
 	{
 		global $phpbb_root_path, $db, $user;
 
+		// we parse the cfg here (again)
+		$cfg_data = parse_cfg_file("$root_path$mode/$mode.cfg");
+
 		switch ($mode)
 		{
 			case 'template':
@@ -3066,6 +3195,7 @@ parse_css_file = {PARSE_CSS_FILE}
 		$row = $db->sql_fetchrow($result);
 		$db->sql_freeresult($result);
 
+
 		if ($row)
 		{
 			// If it exist, we just use the style on installation
@@ -3078,6 +3208,34 @@ parse_css_file = {PARSE_CSS_FILE}
 			$error[] = $user->lang[$l_type . '_ERR_NAME_EXIST'];
 		}
 
+		if (isset($cfg_data['inherit_from']) && $cfg_data['inherit_from'])
+		{
+			$sql = "SELECT {$mode}_id, {$mode}_name, {$mode}_path, {$mode}_storedb
+				FROM $sql_from
+				WHERE {$mode}_name = '" . $db->sql_escape($cfg_data['inherit_from']) . "'
+					AND {$mode}_inherits_id = 0";
+			$result = $db->sql_query($sql);
+			$row = $db->sql_fetchrow($result);
+			$db->sql_freeresult($result);
+			if (!$row)
+			{
+				$error[] = sprintf($user->lang[$l_type . '_ERR_REQUIRED_OR_INCOMPLETE'], $cfg_data['inherit_from']);
+			}
+			else
+			{
+				$inherit_id = $row["{$mode}_id"];
+				$inherit_path = $row["{$mode}_path"];
+				$cfg_data['store_db'] = $row["{$mode}_storedb"];
+				$store_db = $row["{$mode}_storedb"];
+			}
+		}
+		else
+		{
+			$inherit_id = 0;
+			$inherit_path = '';
+		}
+
+
 		if (sizeof($error))
 		{
 			return false;
@@ -3093,8 +3251,6 @@ parse_css_file = {PARSE_CSS_FILE}
 		{
 			case 'template':
 				// We check if the template author defined a different bitfield
-				$cfg_data = parse_cfg_file("$root_path$mode/template.cfg");
-
 				if (!empty($cfg_data['template_bitfield']))
 				{
 					$sql_ary['bbcode_bitfield'] = $cfg_data['template_bitfield'];
@@ -3106,15 +3262,21 @@ parse_css_file = {PARSE_CSS_FILE}
 
 				// We set a pre-defined bitfield here which we may use further in 3.2
 				$sql_ary += array(
-					'template_storedb'	=> $store_db
+					'template_storedb'		=> $store_db,
 				);
+				if (isset($cfg_data['inherit_from']) && $cfg_data['inherit_from'])
+				{
+					$sql_ary += array(
+						'template_inherits_id'	=> $inherit_id,
+						'template_inherit_path' => $inherit_path,
+					);
+				}
 			break;
 
 			case 'theme':
 				// We are only interested in the theme configuration for now
-				$theme_cfg = parse_cfg_file("{$phpbb_root_path}styles/$path/theme/theme.cfg");
 
-				if (isset($theme_cfg['parse_css_file']) && $theme_cfg['parse_css_file'])
+				if (isset($cfg_data['parse_css_file']) && $cfg_data['parse_css_file'])
 				{
 					$store_db = 1;
 				}
@@ -3254,6 +3416,297 @@ parse_css_file = {PARSE_CSS_FILE}
 		return $store_db;
 	}
 
+	/**
+	* Checks downwards dependencies
+	*
+	* @access public
+	* @param string $mode The element type to check - only template is supported
+	* @param int $id The template id
+	* @returns false if no component inherits, array with name, path and id for each subtemplate otherwise
+	*/
+	function check_inheritance($mode, $id)
+	{
+		global $db;
+
+		$l_type = strtoupper($mode);
+
+		switch ($mode)
+		{
+			case 'template':
+				$sql_from = STYLES_TEMPLATE_TABLE;
+			break;
+
+			case 'theme':
+				$sql_from = STYLES_THEME_TABLE;
+			break;
+
+			case 'imageset':
+				$sql_from = STYLES_IMAGESET_TABLE;
+			break;
+		}
+
+		$sql = "SELECT {$mode}_id, {$mode}_name, {$mode}_path
+			FROM $sql_from
+			WHERE {$mode}_inherits_id = " . (int) $id;
+		$result = $db->sql_query($sql);
+
+		$names = array();
+		while ($row = $db->sql_fetchrow($result))
+		{
+
+			$names[$row["{$mode}_id"]] = array(
+				"{$mode}_id" => $row["{$mode}_id"],
+				"{$mode}_name" => $row["{$mode}_name"],
+				"{$mode}_path" => $row["{$mode}_path"],
+			);
+		}
+		$db->sql_freeresult($result);
+
+		if (sizeof($names))
+		{
+			return $names;
+		}
+		else
+		{
+			return false;
+		}
+	}
+
+	/**
+	* Checks upwards dependencies
+	*
+	* @access public
+	* @param string $mode The element type to check - only template is supported
+	* @param int $id The template id
+	* @returns false if the component does not inherit, array with name, path and id otherwise
+	*/
+	function get_super($mode, $id)
+	{
+		global $db;
+
+		$l_type = strtoupper($mode);
+
+		switch ($mode)
+		{
+			case 'template':
+				$sql_from = STYLES_TEMPLATE_TABLE;
+			break;
+
+			case 'theme':
+				$sql_from = STYLES_THEME_TABLE;
+			break;
+
+			case 'imageset':
+				$sql_from = STYLES_IMAGESET_TABLE;
+			break;
+		}
+
+
+		$sql = "SELECT {$mode}_inherits_id
+			FROM $sql_from
+			WHERE {$mode}_id = " . (int) $id;
+		$result = $db->sql_query_limit($sql, 1);
+
+		if ($row = $db->sql_fetchrow($result))
+		{
+			$db->sql_freeresult($result);
+		}
+		else
+		{
+			return false;
+		}
+
+		$super_id = $row["{$mode}_inherits_id"];
+
+		$sql = "SELECT {$mode}_id, {$mode}_name, {$mode}_path
+			FROM $sql_from
+			WHERE {$mode}_id = " . (int) $super_id;
+
+		$result = $db->sql_query_limit($sql, 1);
+		if ($row = $db->sql_fetchrow($result))
+		{
+			$db->sql_freeresult($result);
+			return $row;
+		}
+
+		return false;
+	}
+
+	/**
+	* Moves a template set and its subtemplates to the database
+	*
+	* @access public
+	* @param string $mode The component to move - only template is supported
+	* @param int $id The template id
+	*/
+	function store_in_db($mode, $id)
+	{
+		global $db, $user;
+
+		$error = array();
+		$l_type = strtoupper($mode);
+		if ($super = $this->get_super($mode, $id))
+		{
+			$error[] = (sprintf($user->lang["{$l_type}_INHERITS"], $super['template_name']));
+			return $error;
+		}
+
+		$sql = "SELECT {$mode}_id, {$mode}_name, {$mode}_path
+			FROM " . STYLES_TEMPLATE_TABLE . '
+			WHERE template_id = ' . (int) $id;
+
+		$result = $db->sql_query_limit($sql, 1);
+		if ($row = $db->sql_fetchrow($result))
+		{
+			$db->sql_freeresult($result);
+			$subs = $this->check_inheritance($mode, $id);
+
+			$this->_store_in_db($mode, $id, $row["{$mode}_path"]);
+			if ($subs && sizeof($subs))
+			{
+				foreach ($subs as $sub_id => $sub)
+				{
+					if ($err = $this->_store_in_db($mode, $sub["{$mode}_id"], $sub["{$mode}_path"]))
+					{
+						$error[] = $err;
+					}
+				}
+			}
+		}
+		if (sizeof($error))
+		{
+			return $error;
+		}
+
+		return false;
+	}
+
+	/**
+	* Moves a template set to the database
+	*
+	* @access private
+	* @param string $mode The component to move - only template is supported
+	* @param int $id The template id
+	* @param string $path TThe path to the template files
+	*/
+	function _store_in_db($mode, $id, $path)
+	{
+		global $phpbb_root_path, $db;
+
+		$filelist = filelist("{$phpbb_root_path}styles/{$path}/template", '', 'html');
+		$this->store_templates('insert', $id, $path, $filelist);
+
+		// Okay, we do the query here -shouldn't be triggered often.
+		$sql = 'UPDATE ' . STYLES_TEMPLATE_TABLE . '
+						SET template_storedb = 1
+						WHERE template_id = ' . $id;
+		$db->sql_query($sql);
+	}
+
+	/**
+	* Moves a template set and its subtemplates to the filesystem
+	*
+	* @access public
+	* @param string $mode The component to move - only template is supported
+	* @param int $id The template id
+	*/
+	function store_in_fs($mode, $id)
+	{
+		global $db, $user;
+
+		$error = array();
+		$l_type = strtoupper($mode);
+		if ($super = $this->get_super($mode, $id))
+		{
+			$error[] = (sprintf($user->lang["{$l_type}_INHERITS"], $super['template_name']));
+			return($error);
+		}
+
+		$sql = "SELECT {$mode}_id, {$mode}_name, {$mode}_path
+			FROM " . STYLES_TEMPLATE_TABLE . '
+			WHERE template_id = ' . (int) $id;
+
+		$result = $db->sql_query_limit($sql, 1);
+		if ($row = $db->sql_fetchrow($result))
+		{
+			$db->sql_freeresult($result);
+			if (!sizeof($error))
+			{
+				$subs = $this->check_inheritance($mode, $id);
+
+				$this->_store_in_fs($mode, $id, $row["{$mode}_path"]);
+
+				if ($subs && sizeof($subs))
+				{
+					foreach ($subs as $sub_id => $sub)
+					{
+						$this->_store_in_fs($mode, $sub["{$mode}_id"], $sub["{$mode}_path"]);
+					}
+				}
+			}
+			if (sizeof($error))
+			{
+				$this->store_in_db($id, $mode);
+				return $error;
+			}
+		}
+		return false;
+	}
+
+	/**
+	* Moves a template set to the filesystem
+	*
+	* @access private
+	* @param string $mode The component to move - only template is supported
+	* @param int $id The template id
+	* @param string $path The path to the template
+	*/
+	function _store_in_fs($mode, $id, $path)
+	{
+		global $phpbb_root_path, $db, $user, $safe_mode;
+
+		$store_db = 0;
+		$error = array();
+		if (!$safe_mode && @is_writable("{$phpbb_root_path}styles/{$path}/template"))
+		{
+			$sql = 'SELECT *
+					FROM ' . STYLES_TEMPLATE_DATA_TABLE . "
+					WHERE template_id = $id";
+			$result = $db->sql_query($sql);
+
+			while ($row = $db->sql_fetchrow($result))
+			{
+				if (!($fp = @fopen("{$phpbb_root_path}styles/{$path}/template/" . $row['template_filename'], 'wb')))
+				{
+					$store_db = 1;
+					$error[] = $user->lang['EDIT_TEMPLATE_STORED_DB'];
+					break;
+				}
+
+				fwrite($fp, $row['template_data']);
+				fclose($fp);
+			}
+			$db->sql_freeresult($result);
+
+			if (!$store_db)
+			{
+				$sql = 'DELETE FROM ' . STYLES_TEMPLATE_DATA_TABLE . "
+						WHERE template_id = $id";
+				$db->sql_query($sql);
+			}
+		}
+		if (sizeof($error))
+		{
+			return $error;
+		}
+		$sql = 'UPDATE ' . STYLES_TEMPLATE_TABLE . '
+				SET template_storedb = 0
+				WHERE template_id = ' . $id;
+		$db->sql_query($sql);
+
+		return false;
+	}
+
 }
 
 ?>

phpBB/includes/acp/acp_users.php

@@ -411,7 +411,7 @@ class acp_users
 							$sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
 								WHERE user_id = $user_id";
 							$db->sql_query($sql);
-						
+
 							add_log('admin', 'LOG_USER_DEL_SIG', $user_row['username']);
 							add_log('user', $user_id, 'LOG_USER_DEL_SIG_USER');
 
@@ -492,9 +492,9 @@ class acp_users
 									'update'		=> true))
 								);
 							}
-						
+
 						break;
-						
+
 						case 'moveposts':
 
 							if (!check_form_key($form_name))
@@ -630,11 +630,11 @@ class acp_users
 							}
 
 							$forum_id_ary = array_unique($forum_id_ary);
-							$topic_id_ary = array_unique(array_merge($topic_id_ary, $new_topic_id_ary));
+							$topic_id_ary = array_unique(array_merge(array_keys($topic_id_ary), $new_topic_id_ary));
 
 							if (sizeof($topic_id_ary))
 							{
-								sync('reported', 'topic_id', $topic_id_ary);
+								sync('topic_reported', 'topic_id', $topic_id_ary);
 								sync('topic', 'topic_id', $topic_id_ary);
 							}
 
@@ -835,9 +835,9 @@ class acp_users
 					{
 						$quick_tool_ary += array('active' => (($user_row['user_type'] == USER_INACTIVE) ? 'ACTIVATE' : 'DEACTIVATE'));
 					}
-					
+
 					$quick_tool_ary += array('delsig' => 'DEL_SIG', 'delavatar' => 'DEL_AVATAR', 'moveposts' => 'MOVE_POSTS', 'delposts' => 'DEL_POSTS', 'delattach' => 'DEL_ATTACH');
-					
+
 					if ($config['email_enable'] && ($user_row['user_type'] == USER_NORMAL || $user_row['user_type'] == USER_INACTIVE))
 					{
 						$quick_tool_ary['reactivate'] = 'FORCE';
@@ -891,9 +891,19 @@ class acp_users
 					}
 				}
 
+				// Posts in Queue
+				$sql = 'SELECT COUNT(post_id) as posts_in_queue
+					FROM ' . POSTS_TABLE . '
+					WHERE poster_id = ' . $user_id . '
+						AND post_approved = 0';
+				$result = $db->sql_query($sql);
+				$user_row['posts_in_queue'] = (int) $db->sql_fetchfield('posts_in_queue');
+				$db->sql_freeresult($result);
+
 				$template->assign_vars(array(
 					'L_NAME_CHARS_EXPLAIN'		=> sprintf($user->lang[$config['allow_name_chars'] . '_EXPLAIN'], $config['min_name_chars'], $config['max_name_chars']),
 					'L_CHANGE_PASSWORD_EXPLAIN'	=> sprintf($user->lang[$config['pass_complex'] . '_EXPLAIN'], $config['min_pass_chars'], $config['max_pass_chars']),
+					'L_POSTS_IN_QUEUE'			=> $user->lang('NUM_POSTS_IN_QUEUE', $user_row['posts_in_queue']),
 					'S_FOUNDER'					=> ($user->data['user_type'] == USER_FOUNDER) ? true : false,
 
 					'S_OVERVIEW'		=> true,
@@ -905,9 +915,11 @@ class acp_users
 
 					'U_SHOW_IP'		=> $this->u_action . "&u=$user_id&ip=" . (($ip == 'ip') ? 'hostname' : 'ip'),
 					'U_WHOIS'		=> $this->u_action . "&action=whois&user_ip={$user_row['user_ip']}",
+					'U_MCP_QUEUE'	=> ($auth->acl_getf_global('m_approve')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue', true, $user->session_id) : '',
 
 					'U_SWITCH_PERMISSIONS'	=> ($auth->acl_get('a_switchperm') && $user->data['user_id'] != $user_row['user_id']) ? append_sid("{$phpbb_root_path}ucp.$phpEx", "mode=switch_perm&u={$user_row['user_id']}") : '',
 
+					'POSTS_IN_QUEUE'	=> $user_row['posts_in_queue'],
 					'USER'				=> $user_row['username'],
 					'USER_REGISTERED'	=> $user->format_date($user_row['user_regdate']),
 					'REGISTERED_IP'		=> ($ip == 'hostname') ? gethostbyaddr($user_row['user_ip']) : $user_row['user_ip'],
@@ -923,7 +935,7 @@ class acp_users
 			case 'feedback':
 
 				$user->add_lang('mcp');
-				
+
 				// Set up general vars
 				$start		= request_var('start', 0);
 				$deletemark = (isset($_POST['delmarked'])) ? true : false;
@@ -980,7 +992,7 @@ class acp_users
 
 					trigger_error($user->lang['USER_FEEDBACK_ADDED'] . adm_back_link($this->u_action . '&u=' . $user_id));
 				}
-				
+
 				// Sorting
 				$limit_days = array(0 => $user->lang['ALL_ENTRIES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']);
 				$sort_by_text = array('u' => $user->lang['SORT_USERNAME'], 't' => $user->lang['SORT_DATE'], 'i' => $user->lang['SORT_IP'], 'o' => $user->lang['SORT_ACTION']);
@@ -1081,7 +1093,7 @@ class acp_users
 						'website'		=> array(
 							array('string', true, 12, 255),
 							array('match', true, '#^http[s]?://(.*?\.)*?[a-z0-9\-]+\.[a-z]{2,4}#i')),
-						'location'		=> array('string', true, 2, 255),
+						'location'		=> array('string', true, 2, 100),
 						'occupation'	=> array('string', true, 2, 500),
 						'interests'		=> array('string', true, 2, 500),
 						'bday_day'		=> array('num', true, 1, 31),
@@ -1216,7 +1228,7 @@ class acp_users
 					'S_BIRTHDAY_DAY_OPTIONS'	=> $s_birthday_day_options,
 					'S_BIRTHDAY_MONTH_OPTIONS'	=> $s_birthday_month_options,
 					'S_BIRTHDAY_YEAR_OPTIONS'	=> $s_birthday_year_options,
-						
+
 					'S_PROFILE'		=> true)
 				);
 
@@ -1347,7 +1359,7 @@ class acp_users
 				$s_custom = false;
 
 				$dateformat_options .= '<option value="custom"';
-				if (!in_array($data['dateformat'], array_keys($user->lang['dateformats'])))
+				if (!isset($user->lang['dateformats'][$data['dateformat']]))
 				{
 					$dateformat_options .= ' selected="selected"';
 					$s_custom = true;
@@ -1395,7 +1407,7 @@ class acp_users
 				$template->assign_vars(array(
 					'S_PREFS'			=> true,
 					'S_JABBER_DISABLED'	=> ($config['jab_enable'] && $user_row['user_jabber'] && @extension_loaded('xml')) ? false : true,
-					
+
 					'VIEW_EMAIL'		=> $data['viewemail'],
 					'MASS_EMAIL'		=> $data['massemail'],
 					'ALLOW_PM'			=> $data['allowpm'],
@@ -1416,7 +1428,7 @@ class acp_users
 					'VIEW_SIGS'			=> $data['view_sigs'],
 					'VIEW_AVATARS'		=> $data['view_avatars'],
 					'VIEW_WORDCENSOR'	=> $data['view_wordcensor'],
-					
+
 					'S_TOPIC_SORT_DAYS'		=> $s_limit_topic_days,
 					'S_TOPIC_SORT_KEY'		=> $s_sort_topic_key,
 					'S_TOPIC_SORT_DIR'		=> $s_sort_topic_dir,
@@ -1509,7 +1521,7 @@ class acp_users
 
 					trigger_error($user->lang['USER_RANK_UPDATED'] . adm_back_link($this->u_action . '&amp;u=' . $user_id));
 				}
-				
+
 				$sql = 'SELECT *
 					FROM ' . RANKS_TABLE . '
 					WHERE rank_special = 1
@@ -1531,9 +1543,9 @@ class acp_users
 				);
 
 			break;
-			
+
 			case 'sig':
-			
+
 				include_once($phpbb_root_path . 'includes/functions_posting.' . $phpEx);
 				include_once($phpbb_root_path . 'includes/functions_display.' . $phpEx);
 
@@ -1552,7 +1564,7 @@ class acp_users
 
 					// Allowing Quote BBCode
 					$message_parser->parse($enable_bbcode, $enable_urls, $enable_smilies, $config['allow_sig_img'], $config['allow_sig_flash'], true, $config['allow_sig_links'], true, 'sig');
-						
+
 					if (sizeof($message_parser->warn_msg))
 					{
 						$error[] = implode('<br />', $message_parser->warn_msg);
@@ -1578,13 +1590,13 @@ class acp_users
 
 						trigger_error($user->lang['USER_SIG_UPDATED'] . adm_back_link($this->u_action . '&amp;u=' . $user_id));
 					}
-	
+
 					// Replace "error" strings with their real, localised form
 					$error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error);
 				}
-				
+
 				$signature_preview = '';
-				
+
 				if ($preview)
 				{
 					// Now parse it for displaying
@@ -1747,7 +1759,7 @@ class acp_users
 						'REAL_FILENAME'		=> $row['real_filename'],
 						'COMMENT'			=> nl2br($row['attach_comment']),
 						'EXTENSION'			=> $row['extension'],
-						'SIZE'				=> ($row['filesize'] >= 1048576) ? ($row['filesize'] >> 20) . ' ' . $user->lang['MB'] : (($row['filesize'] >= 1024) ? ($row['filesize'] >> 10) . ' ' . $user->lang['KB'] : $row['filesize'] . ' ' . $user->lang['BYTES']),
+						'SIZE'				=> get_formatted_filesize($row['filesize']),
 						'DOWNLOAD_COUNT'	=> $row['download_count'],
 						'POST_TIME'			=> $user->format_date($row['filetime']),
 						'TOPIC_TITLE'		=> ($row['in_message']) ? $row['message_title'] : $row['topic_title'],
@@ -1755,7 +1767,7 @@ class acp_users
 						'ATTACH_ID'			=> $row['attach_id'],
 						'POST_ID'			=> $row['post_msg_id'],
 						'TOPIC_ID'			=> $row['topic_id'],
-				
+
 						'S_IN_MESSAGE'		=> $row['in_message'],
 
 						'U_DOWNLOAD'		=> append_sid("{$phpbb_root_path}download/file.$phpEx", 'mode=view&amp;id=' . $row['attach_id']),
@@ -1763,7 +1775,7 @@ class acp_users
 					);
 				}
 				$db->sql_freeresult($result);
-		
+
 				$template->assign_vars(array(
 					'S_ATTACHMENTS'		=> true,
 					'S_ON_PAGE'			=> on_page($num_attachments, $config['topics_per_page'], $start),
@@ -1774,14 +1786,14 @@ class acp_users
 				);
 
 			break;
-		
+
 			case 'groups':
 
 				include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
 
 				$user->add_lang(array('groups', 'acp/groups'));
 				$group_id = request_var('g', 0);
-				
+
 				if ($group_id)
 				{
 					// Check the founder only entry for this group to make sure everything is well
@@ -1791,7 +1803,7 @@ class acp_users
 					$result = $db->sql_query($sql);
 					$founder_manage = (int) $db->sql_fetchfield('group_founder_manage');
 					$db->sql_freeresult($result);
-					
+
 					if ($user->data['user_type'] != USER_FOUNDER && $founder_manage)
 					{
 						trigger_error($user->lang['NOT_ALLOWED_MANAGE_GROUP'] . adm_back_link($this->u_action . '&amp;u=' . $user_id), E_USER_WARNING);
@@ -1801,7 +1813,7 @@ class acp_users
 				{
 					$founder_manage = 0;
 				}
-				
+
 				switch ($action)
 				{
 					case 'demote':
@@ -1832,7 +1844,7 @@ class acp_users
 							{
 								trigger_error($user->lang[$error] . adm_back_link($this->u_action . '&amp;u=' . $user_id), E_USER_WARNING);
 							}
-						
+
 							$error = array();
 						}
 						else
@@ -1845,7 +1857,7 @@ class acp_users
 								'g'				=> $group_id))
 							);
 						}
-	
+
 					break;
 				}
 
@@ -1980,7 +1992,7 @@ class acp_users
 					$result = $db->sql_query($sql);
 
 					$hold_ary = array();
-					
+
 					while ($row = $db->sql_fetchrow($result))
 					{
 						$hold_ary = $auth_admin->get_mask('view', $user_id, false, false, $row['auth_option'], 'global', ACL_NEVER);
@@ -2020,7 +2032,7 @@ class acp_users
 					'U_USER_PERMISSIONS'		=> append_sid("{$phpbb_admin_path}index.$phpEx" ,'i=permissions&amp;mode=setting_user_global&amp;user_id[]=' . $user_id),
 					'U_USER_FORUM_PERMISSIONS'	=> append_sid("{$phpbb_admin_path}index.$phpEx", 'i=permissions&amp;mode=setting_user_local&amp;user_id[]=' . $user_id))
 				);
-			
+
 			break;
 
 		}

phpBB/includes/acp/auth.php

@@ -22,8 +22,6 @@ if (!defined('IN_PHPBB'))
 */
 class auth_admin extends auth
 {
-	var $option_ids = array();
-
 	/**
 	* Init auth settings
 	*/
@@ -33,7 +31,7 @@ class auth_admin extends auth
 
 		if (($this->acl_options = $cache->get('_acl_options')) === false)
 		{
-			$sql = 'SELECT auth_option, is_global, is_local
+			$sql = 'SELECT auth_option_id, auth_option, is_global, is_local
 				FROM ' . ACL_OPTIONS_TABLE . '
 				ORDER BY auth_option_id';
 			$result = $db->sql_query($sql);
@@ -51,25 +49,14 @@ class auth_admin extends auth
 				{
 					$this->acl_options['local'][$row['auth_option']] = $local++;
 				}
+
+				$this->acl_options['id'][$row['auth_option']] = (int) $row['auth_option_id'];
+				$this->acl_options['option'][(int) $row['auth_option_id']] = $row['auth_option'];
 			}
 			$db->sql_freeresult($result);
 
 			$cache->put('_acl_options', $this->acl_options);
 		}
-
-		if (!sizeof($this->option_ids))
-		{
-			$sql = 'SELECT auth_option_id, auth_option
-				FROM ' . ACL_OPTIONS_TABLE;
-			$result = $db->sql_query($sql);
-
-			$this->option_ids = array();
-			while ($row = $db->sql_fetchrow($result))
-			{
-				$this->option_ids[$row['auth_option']] = $row['auth_option_id'];
-			}
-			$db->sql_freeresult($result);
-		}
 	}
 	
 	/**
@@ -126,7 +113,7 @@ class auth_admin extends auth
 
 			while ($row = $db->sql_fetchrow($result))
 			{
-				$forum_ids[] = $row['forum_id'];
+				$forum_ids[] = (int) $row['forum_id'];
 			}
 			$db->sql_freeresult($result);
 		}
@@ -778,6 +765,10 @@ class auth_admin extends auth
 		$cache->destroy('_acl_options');
 		$this->acl_clear_prefetch();
 
+		// Because we just changed the options and also purged the options cache, we instantly update/regenerate it for later calls to succeed.
+		$this->acl_options = array();
+		$this->auth_admin();
+
 		return true;
 	}
 
@@ -813,7 +804,7 @@ class auth_admin extends auth
 		$flag = substr($flag, 0, strpos($flag, '_') + 1);
 		
 		// This ID (the any-flag) is set if one or more permissions are true...
-		$any_option_id = (int) $this->option_ids[$flag];
+		$any_option_id = (int) $this->acl_options['id'][$flag];
 
 		// Remove any-flag from auth ary
 		if (isset($auth[$flag]))
@@ -825,7 +816,7 @@ class auth_admin extends auth
 		$auth_option_ids = array((int)$any_option_id);
 		foreach ($auth as $auth_option => $auth_setting)
 		{
-			$auth_option_ids[] = (int) $this->option_ids[$auth_option];
+			$auth_option_ids[] = (int) $this->acl_options['id'][$auth_option];
 		}
 
 		$sql = "DELETE FROM $table
@@ -888,7 +879,7 @@ class auth_admin extends auth
 			{
 				foreach ($auth as $auth_option => $setting)
 				{
-					$auth_option_id = (int) $this->option_ids[$auth_option];
+					$auth_option_id = (int) $this->acl_options['id'][$auth_option];
 
 					if ($setting != ACL_NO)
 					{
@@ -944,7 +935,7 @@ class auth_admin extends auth
 		$sql_ary = array();
 		foreach ($auth as $auth_option => $setting)
 		{
-			$auth_option_id = (int) $this->option_ids[$auth_option];
+			$auth_option_id = (int) $this->acl_options['id'][$auth_option];
 
 			if ($setting != ACL_NO)
 			{
@@ -961,7 +952,7 @@ class auth_admin extends auth
 		{
 			$sql_ary[] = array(
 				'role_id'			=> (int) $role_id,
-				'auth_option_id'	=> (int) $this->option_ids[$flag],
+				'auth_option_id'	=> (int) $this->acl_options['id'][$flag],
 				'auth_setting'		=> ACL_NEVER
 			);
 		}
@@ -1238,13 +1229,8 @@ class auth_admin extends auth
 			return false;
 		}
 
-		$hold_ary = $this->acl_raw_data($from_user_id, false, false);
+		$hold_ary = $this->acl_raw_data_single_user($from_user_id);
 
-		if (isset($hold_ary[$from_user_id]))
-		{
-			$hold_ary = $hold_ary[$from_user_id];
-		}
-		
 		// Key 0 in $hold_ary are global options, all others are forum_ids
 
 		// We disallow copying admin permissions
@@ -1252,12 +1238,12 @@ class auth_admin extends auth
 		{
 			if (strpos($opt, 'a_') === 0)
 			{
-				$hold_ary[0][$opt] = ACL_NEVER;
+				$hold_ary[0][$this->acl_options['id'][$opt]] = ACL_NEVER;
 			}
 		}
 
 		// Force a_switchperm to be allowed
-		$hold_ary[0]['a_switchperm'] = ACL_YES;
+		$hold_ary[0][$this->acl_options['id']['a_switchperm']] = ACL_YES;
 
 		$user_permissions = $this->build_bitstring($hold_ary);
 

phpBB/includes/acp/info/acp_email.php

@@ -20,7 +20,7 @@ class acp_email_info
 			'title'		=> 'ACP_MASS_EMAIL',
 			'version'	=> '1.0.0',
 			'modes'		=> array(
-				'email'		=> array('title' => 'ACP_MASS_EMAIL', 'auth' => 'acl_a_email', 'cat' => array('ACP_GENERAL_TASKS')),
+				'email'		=> array('title' => 'ACP_MASS_EMAIL', 'auth' => 'acl_a_email && cfg_email_enable', 'cat' => array('ACP_GENERAL_TASKS')),
 			),
 		);
 	}

phpBB/includes/auth.php

@@ -39,7 +39,7 @@ class auth
 
 		if (($this->acl_options = $cache->get('_acl_options')) === false)
 		{
-			$sql = 'SELECT auth_option, is_global, is_local
+			$sql = 'SELECT auth_option_id, auth_option, is_global, is_local
 				FROM ' . ACL_OPTIONS_TABLE . '
 				ORDER BY auth_option_id';
 			$result = $db->sql_query($sql);
@@ -57,6 +57,9 @@ class auth
 				{
 					$this->acl_options['local'][$row['auth_option']] = $local++;
 				}
+
+				$this->acl_options['id'][$row['auth_option']] = (int) $row['auth_option_id'];
+				$this->acl_options['option'][(int) $row['auth_option_id']] = $row['auth_option'];
 			}
 			$db->sql_freeresult($result);
 
@@ -68,7 +71,46 @@ class auth
 			$this->acl_cache($userdata);
 		}
 
-		$user_permissions = explode("\n", $userdata['user_permissions']);
+		// Fill ACL array
+		$this->_fill_acl($userdata['user_permissions']);
+
+		// Verify bitstring length with options provided...
+		$renew = false;
+		$global_length = sizeof($this->acl_options['global']);
+		$local_length = sizeof($this->acl_options['local']);
+
+		// Specify comparing length (bitstring is padded to 31 bits)
+		$global_length = ($global_length % 31) ? ($global_length - ($global_length % 31) + 31) : $global_length;
+		$local_length = ($local_length % 31) ? ($local_length - ($local_length % 31) + 31) : $local_length;
+
+		// You thought we are finished now? Noooo... now compare them.
+		foreach ($this->acl as $forum_id => $bitstring)
+		{
+			if (($forum_id && strlen($bitstring) != $local_length) || (!$forum_id && strlen($bitstring) != $global_length))
+			{
+				$renew = true;
+				break;
+			}
+		}
+
+		// If a bitstring within the list does not match the options, we have a user with incorrect permissions set and need to renew them
+		if ($renew)
+		{
+			$this->acl_cache($userdata);
+			$this->_fill_acl($userdata['user_permissions']);
+		}
+
+		return;
+	}
+
+	/**
+	* Fill ACL array with relevant bitstrings from user_permissions column
+	* @access private
+	*/
+	function _fill_acl($user_permissions)
+	{
+		$this->acl = array();
+		$user_permissions = explode("\n", $user_permissions);
 
 		foreach ($user_permissions as $f => $seq)
 		{
@@ -89,8 +131,6 @@ class auth
 				}
 			}
 		}
-
-		return;
 	}
 
 	/**
@@ -166,7 +206,7 @@ class auth
 
 				$sql = 'SELECT forum_id
 					FROM ' . FORUMS_TABLE;
-				
+
 				if (sizeof($this->acl))
 				{
 					$sql .= ' WHERE ' . $db->sql_in_set('forum_id', array_keys($this->acl), true);
@@ -181,7 +221,7 @@ class auth
 				$db->sql_freeresult($result);
 			}
 		}
-		
+
 		if (isset($this->acl_options['local'][$opt]))
 		{
 			foreach ($this->acl as $f => $bitstring)
@@ -302,7 +342,14 @@ class auth
 	*/
 	function acl_get_list($user_id = false, $opts = false, $forum_id = false)
 	{
-		$hold_ary = $this->acl_raw_data($user_id, $opts, $forum_id);
+		if ($user_id !== false && !is_array($user_id) && $opts === false && $forum_id === false)
+		{
+			$hold_ary = array($user_id => $this->acl_raw_data_single_user($user_id));
+		}
+		else
+		{
+			$hold_ary = $this->acl_raw_data($user_id, $opts, $forum_id);
+		}
 
 		$auth_ary = array();
 		foreach ($hold_ary as $user_id => $forum_ary)
@@ -332,12 +379,7 @@ class auth
 		// Empty user_permissions
 		$userdata['user_permissions'] = '';
 
-		$hold_ary = $this->acl_raw_data($userdata['user_id'], false, false);
-
-		if (isset($hold_ary[$userdata['user_id']]))
-		{
-			$hold_ary = $hold_ary[$userdata['user_id']];
-		}
+		$hold_ary = $this->acl_raw_data_single_user($userdata['user_id']);
 
 		// Key 0 in $hold_ary are global options, all others are forum_ids
 
@@ -348,42 +390,11 @@ class auth
 			{
 				if (strpos($opt, 'a_') === 0)
 				{
-					$hold_ary[0][$opt] = ACL_YES;
+					$hold_ary[0][$this->acl_options['id'][$opt]] = ACL_YES;
 				}
 			}
 		}
 
-		// Sometimes, it can happen $hold_ary holding forums which do not exist.
-		// Since this function is not called that often (we are caching the data) we check for this inconsistency.
-		$sql = 'SELECT forum_id
-			FROM ' . FORUMS_TABLE . '
-			WHERE ' . $db->sql_in_set('forum_id', array_keys($hold_ary), false, true);
-		$result = $db->sql_query($sql);
-
-		$forum_ids = (isset($hold_ary[0])) ? array(0) : array();
-		while ($row = $db->sql_fetchrow($result))
-		{
-			$forum_ids[] = $row['forum_id'];
-		}
-		$db->sql_freeresult($result);
-
-		// Now determine forums which do not exist and remove the unneeded information (for modding purposes it is clearly the wrong place. ;))
-		$missing_forums = array_diff(array_keys($hold_ary), $forum_ids);
-
-		if (sizeof($missing_forums))
-		{
-			foreach ($missing_forums as $forum_id)
-			{
-				unset($hold_ary[$forum_id]);
-			}
-
-			$sql = 'DELETE FROM ' . ACL_GROUPS_TABLE . ' WHERE ' . $db->sql_in_set('forum_id', $missing_forums);
-			$db->sql_query($sql);
-
-			$sql = 'DELETE FROM ' . ACL_USERS_TABLE . ' WHERE ' . $db->sql_in_set('forum_id', $missing_forums);
-			$db->sql_query($sql);
-		}
-
 		$hold_str = $this->build_bitstring($hold_ary);
 
 		if ($hold_str)
@@ -420,15 +431,15 @@ class auth
 				$bitstring = array();
 				foreach ($this->acl_options[$ary_key] as $opt => $id)
 				{
-					if (isset($auth_ary[$opt]))
+					if (isset($auth_ary[$this->acl_options['id'][$opt]]))
 					{
-						$bitstring[$id] = $auth_ary[$opt];
+						$bitstring[$id] = $auth_ary[$this->acl_options['id'][$opt]];
 
 						$option_key = substr($opt, 0, strpos($opt, '_') + 1);
 
 						// If one option is allowed, the global permission for this option has to be allowed too
 						// example: if the user has the a_ permission this means he has one or more a_* permissions
-						if ($auth_ary[$opt] == ACL_YES && (!isset($bitstring[$this->acl_options[$ary_key][$option_key]]) || $bitstring[$this->acl_options[$ary_key][$option_key]] == ACL_NEVER))
+						if ($auth_ary[$this->acl_options['id'][$opt]] == ACL_YES && (!isset($bitstring[$this->acl_options[$ary_key][$option_key]]) || $bitstring[$this->acl_options[$ary_key][$option_key]] == ACL_NEVER))
 						{
 							$bitstring[$this->acl_options[$ary_key][$option_key]] = ACL_YES;
 						}
@@ -444,7 +455,7 @@ class auth
 
 				// The line number indicates the id, therefore we have to add empty lines for those ids not present
 				$hold_str .= str_repeat("\n", $f - $last_f);
-			
+
 				// Convert bitstring for storage - we do not use binary/bytes because PHP's string functions are not fully binary safe
 				for ($i = 0, $bit_length = strlen($bitstring); $i < $bit_length; $i += 31)
 				{
@@ -466,8 +477,31 @@ class auth
 	*/
 	function acl_clear_prefetch($user_id = false)
 	{
-		global $db;
+		global $db, $cache;
 
+		// Rebuild options cache
+		$cache->destroy('_role_cache');
+
+		$sql = 'SELECT *
+			FROM ' . ACL_ROLES_DATA_TABLE . '
+			ORDER BY role_id ASC';
+		$result = $db->sql_query($sql);
+
+		$this->role_cache = array();
+		while ($row = $db->sql_fetchrow($result))
+		{
+			$this->role_cache[$row['role_id']][$row['auth_option_id']] = (int) $row['auth_setting'];
+		}
+		$db->sql_freeresult($result);
+
+		foreach ($this->role_cache as $role_id => $role_options)
+		{
+			$this->role_cache[$role_id] = serialize($role_options);
+		}
+
+		$cache->put('_role_cache', $this->role_cache);
+
+		// Now empty user permissions
 		$where_sql = '';
 
 		if ($user_id !== false)
@@ -528,103 +562,35 @@ class auth
 		$sql_user = ($user_id !== false) ? ((!is_array($user_id)) ? 'user_id = ' . (int) $user_id : $db->sql_in_set('user_id', array_map('intval', $user_id))) : '';
 		$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? 'AND a.forum_id = ' . (int) $forum_id : 'AND ' . $db->sql_in_set('a.forum_id', array_map('intval', $forum_id))) : '';
 
-		$sql_opts = '';
+		$sql_opts = $sql_opts_select = $sql_opts_from = '';
+		$hold_ary = array();
 
 		if ($opts !== false)
 		{
+			$sql_opts_select = ', ao.auth_option';
+			$sql_opts_from = ', ' . ACL_OPTIONS_TABLE . ' ao';
 			$this->build_auth_option_statement('ao.auth_option', $opts, $sql_opts);
 		}
 
-		$hold_ary = array();
+		$sql_ary = array();
 
-		// First grab user settings ... each user has only one setting for each
-		// option ... so we shouldn't need any ACL_NEVER checks ... he says ...
-		// Grab assigned roles...
-		$sql = $db->sql_build_query('SELECT', array(
-			'SELECT'	=> 'ao.auth_option, a.auth_role_id, r.auth_setting as role_auth_setting, a.user_id, a.forum_id, a.auth_setting',
-
-			'FROM'		=> array(
-				ACL_OPTIONS_TABLE	=> 'ao',
-				ACL_USERS_TABLE		=> 'a'
-			),
-
-			'LEFT_JOIN'	=> array(
-				array(
-					'FROM'	=> array(ACL_ROLES_DATA_TABLE => 'r'),
-					'ON'	=> 'a.auth_role_id = r.role_id'
-				)
-			),
-
-			'WHERE'		=> '(ao.auth_option_id = a.auth_option_id OR ao.auth_option_id = r.auth_option_id)
-				' . (($sql_user) ? 'AND a.' . $sql_user : '') . "
+		// Grab non-role settings - user-specific
+		$sql_ary[] = 'SELECT a.user_id, a.forum_id, a.auth_setting, a.auth_option_id' . $sql_opts_select . '
+			FROM ' . ACL_USERS_TABLE . ' a' . $sql_opts_from . '
+			WHERE a.auth_role_id = 0 ' .
+				(($sql_opts_from) ? 'AND a.auth_option_id = ao.auth_option_id ' : '') .
+				(($sql_user) ? 'AND a.' . $sql_user : '') . "
 				$sql_forum
-				$sql_opts",
-		));
-		$result = $db->sql_query($sql);
+				$sql_opts";
 
-		while ($row = $db->sql_fetchrow($result))
-		{
-			$setting = ($row['auth_role_id']) ? $row['role_auth_setting'] : $row['auth_setting'];
-			$hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']] = $setting;
-		}
-		$db->sql_freeresult($result);
-
-		// Now grab group settings ... ACL_NEVER overrides ACL_YES so act appropriatley
-		$sql_ary[] = $db->sql_build_query('SELECT', array(
-			'SELECT'	=> 'ug.user_id, ao.auth_option, a.forum_id, a.auth_setting, a.auth_role_id, r.auth_setting as role_auth_setting',
-
-			'FROM'		=> array(
-				USER_GROUP_TABLE	=> 'ug',
-				ACL_OPTIONS_TABLE	=> 'ao',
-				ACL_GROUPS_TABLE	=> 'a'
-			),
-
-			'LEFT_JOIN'	=> array(
-				array(
-					'FROM'	=> array(ACL_ROLES_DATA_TABLE => 'r'),
-					'ON'	=> 'a.auth_role_id = r.role_id'
-				)
-			),
-
-			'WHERE'		=> 'ao.auth_option_id = a.auth_option_id
-				AND a.group_id = ug.group_id
-				AND ug.user_pending = 0
-				' . (($sql_user) ? 'AND ug.' . $sql_user : '') . "
+		// Now the role settings - user-specific
+		$sql_ary[] = 'SELECT a.user_id, a.forum_id, r.auth_option_id, r.auth_setting, r.auth_option_id' . $sql_opts_select . '
+			FROM ' . ACL_USERS_TABLE . ' a, ' . ACL_ROLES_DATA_TABLE . ' r' . $sql_opts_from . '
+			WHERE a.auth_role_id = r.role_id ' .
+				(($sql_opts_from) ? 'AND r.auth_option_id = ao.auth_option_id ' : '') .
+				(($sql_user) ? 'AND a.' . $sql_user : '') . "
 				$sql_forum
-				$sql_opts"
-		));
-
-		$sql_ary[] = $db->sql_build_query('SELECT', array(
-			'SELECT'	=> 'ug.user_id,  a.forum_id, a.auth_setting, a.auth_role_id, r.auth_setting as role_auth_setting, ao.auth_option' ,
-
-			'FROM'		=> array(
-				ACL_OPTIONS_TABLE	=> 'ao'
-				
-			),
-
-			'LEFT_JOIN'	=> array(
-				
-				array(
-					'FROM'	=> array(ACL_ROLES_DATA_TABLE => 'r'),
-					'ON'	=> 'r.auth_option_id = ao.auth_option_id'
-				),
-				array(
-					'FROM'	=> array(ACL_GROUPS_TABLE	=> 'a'),
-					'ON'	=> 'a.auth_role_id = r.role_id'
-				),
-				array(
-					'FROM'	=> array(USER_GROUP_TABLE	=> 'ug'),
-					'ON'	=> 'ug.group_id = a.group_id'
-				)
-				
-			),
-
-			'WHERE'		=> 'ug.user_pending = 0
-				' . (($sql_user) ? 'AND ug.' . $sql_user : '') . "
-				$sql_forum
-				$sql_opts"
-		));
-		
+				$sql_opts";
 
 		foreach ($sql_ary as $sql)
 		{
@@ -632,24 +598,62 @@ class auth
 
 			while ($row = $db->sql_fetchrow($result))
 			{
-				if (!isset($hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']]) || (isset($hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']]) && $hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']] != ACL_NEVER))
+				$option = ($sql_opts_select) ? $row['auth_option'] : $this->acl_options['option'][$row['auth_option_id']];
+				$hold_ary[$row['user_id']][$row['forum_id']][$option] = $row['auth_setting'];
+			}
+			$db->sql_freeresult($result);
+		}
+
+		$sql_ary = array();
+
+		// Now grab group settings - non-role specific...
+		$sql_ary[] = 'SELECT ug.user_id, a.forum_id, a.auth_setting, a.auth_option_id' . $sql_opts_select . '
+			FROM ' . ACL_GROUPS_TABLE . ' a, ' . USER_GROUP_TABLE . ' ug' . $sql_opts_from . '
+			WHERE a.auth_role_id = 0 ' .
+				(($sql_opts_from) ? 'AND a.auth_option_id = ao.auth_option_id ' : '') . '
+				AND a.group_id = ug.group_id
+				AND ug.user_pending = 0
+				' . (($sql_user) ? 'AND ug.' . $sql_user : '') . "
+				$sql_forum
+				$sql_opts";
+
+		// Now grab group settings - role specific...
+		$sql_ary[] = 'SELECT ug.user_id, a.forum_id, r.auth_setting, r.auth_option_id' . $sql_opts_select . '
+			FROM ' . ACL_GROUPS_TABLE . ' a, ' . USER_GROUP_TABLE . ' ug, ' . ACL_ROLES_DATA_TABLE . ' r' . $sql_opts_from . '
+			WHERE a.auth_role_id = r.role_id ' .
+				(($sql_opts_from) ? 'AND r.auth_option_id = ao.auth_option_id ' : '') . '
+				AND a.group_id = ug.group_id
+				AND ug.user_pending = 0
+				' . (($sql_user) ? 'AND ug.' . $sql_user : '') . "
+				$sql_forum
+				$sql_opts";
+
+		foreach ($sql_ary as $sql)
+		{
+			$result = $db->sql_query($sql);
+
+			while ($row = $db->sql_fetchrow($result))
+			{
+				$option = ($sql_opts_select) ? $row['auth_option'] : $this->acl_options['option'][$row['auth_option_id']];
+
+				if (!isset($hold_ary[$row['user_id']][$row['forum_id']][$option]) || (isset($hold_ary[$row['user_id']][$row['forum_id']][$option]) && $hold_ary[$row['user_id']][$row['forum_id']][$option] != ACL_NEVER))
 				{
-					$setting = ($row['auth_role_id']) ? $row['role_auth_setting'] : $row['auth_setting'];
-					$hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']] = $setting;
-	
-					// Check for existence of ACL_YES if an option got set to ACL_NEVER
-					if ($setting == ACL_NEVER)
+					$hold_ary[$row['user_id']][$row['forum_id']][$option] = $row['auth_setting'];
+
+					// If we detect ACL_NEVER, we will unset the flag option (within building the bitstring it is correctly set again)
+					if ($row['auth_setting'] == ACL_NEVER)
 					{
-						$flag = substr($row['auth_option'], 0, strpos($row['auth_option'], '_') + 1);
-	
+						$flag = substr($option, 0, strpos($option, '_') + 1);
+
 						if (isset($hold_ary[$row['user_id']][$row['forum_id']][$flag]) && $hold_ary[$row['user_id']][$row['forum_id']][$flag] == ACL_YES)
 						{
 							unset($hold_ary[$row['user_id']][$row['forum_id']][$flag]);
-	
-							if (in_array(ACL_YES, $hold_ary[$row['user_id']][$row['forum_id']]))
+
+/*							if (in_array(ACL_YES, $hold_ary[$row['user_id']][$row['forum_id']]))
 							{
 								$hold_ary[$row['user_id']][$row['forum_id']][$flag] = ACL_YES;
 							}
+*/
 						}
 					}
 				}
@@ -671,45 +675,43 @@ class auth
 		$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? 'AND a.forum_id = ' . (int) $forum_id : 'AND ' . $db->sql_in_set('a.forum_id', array_map('intval', $forum_id))) : '';
 
 		$sql_opts = '';
+		$hold_ary = $sql_ary = array();
 
 		if ($opts !== false)
 		{
 			$this->build_auth_option_statement('ao.auth_option', $opts, $sql_opts);
 		}
 
-		$hold_ary = array();
-
-		// Grab user settings...
-		$sql = $db->sql_build_query('SELECT', array(
-			'SELECT'	=> 'ao.auth_option, a.auth_role_id, r.auth_setting as role_auth_setting, a.user_id, a.forum_id, a.auth_setting',
-			
-			'FROM'		=> array(
-				ACL_OPTIONS_TABLE	=> 'ao',
-				ACL_USERS_TABLE		=> 'a'
-			),
-			
-			'LEFT_JOIN'	=> array(
-				array(
-					'FROM'	=> array(ACL_ROLES_DATA_TABLE => 'r'),
-					'ON'	=> 'a.auth_role_id = r.role_id'
-				),
-			),
-
-			'WHERE'		=> '(ao.auth_option_id = a.auth_option_id OR ao.auth_option_id = r.auth_option_id)
-				' . (($sql_user) ? 'AND a.' . $sql_user : '') . "
+		// Grab user settings - non-role specific...
+		$sql_ary[] = 'SELECT a.user_id, a.forum_id, a.auth_setting, a.auth_option_id, ao.auth_option
+			FROM ' . ACL_USERS_TABLE . ' a, ' . ACL_OPTIONS_TABLE . ' ao
+			WHERE a.auth_role_id = 0
+				AND a.auth_option_id = ao.auth_option_id ' .
+				(($sql_user) ? 'AND a.' . $sql_user : '') . "
 				$sql_forum
-				$sql_opts",
+				$sql_opts
+			ORDER BY a.forum_id, ao.auth_option";
 
-			'ORDER_BY'	=> 'a.forum_id, ao.auth_option'
-		));
-		$result = $db->sql_query($sql);
+		// Now the role settings - user-specific
+		$sql_ary[] = 'SELECT a.user_id, a.forum_id, r.auth_option_id, r.auth_setting, r.auth_option_id, ao.auth_option
+			FROM ' . ACL_USERS_TABLE . ' a, ' . ACL_ROLES_DATA_TABLE . ' r, ' . ACL_OPTIONS_TABLE . ' ao
+			WHERE a.auth_role_id = r.role_id
+				AND r.auth_option_id = ao.auth_option_id ' .
+				(($sql_user) ? 'AND a.' . $sql_user : '') . "
+				$sql_forum
+				$sql_opts
+			ORDER BY a.forum_id, ao.auth_option";
 
-		while ($row = $db->sql_fetchrow($result))
+		foreach ($sql_ary as $sql)
 		{
-			$setting = ($row['auth_role_id']) ? $row['role_auth_setting'] : $row['auth_setting'];
-			$hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']] = $setting;
+			$result = $db->sql_query($sql);
+
+			while ($row = $db->sql_fetchrow($result))
+			{
+				$hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']] = $row['auth_setting'];
+			}
+			$db->sql_freeresult($result);
 		}
-		$db->sql_freeresult($result);
 
 		return $hold_ary;
 	}
@@ -725,49 +727,158 @@ class auth
 		$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? 'AND a.forum_id = ' . (int) $forum_id : 'AND ' . $db->sql_in_set('a.forum_id', array_map('intval', $forum_id))) : '';
 
 		$sql_opts = '';
+		$hold_ary = $sql_ary = array();
 
 		if ($opts !== false)
 		{
 			$this->build_auth_option_statement('ao.auth_option', $opts, $sql_opts);
 		}
 
+		// Grab group settings - non-role specific...
+		$sql_ary[] = 'SELECT a.group_id, a.forum_id, a.auth_setting, a.auth_option_id, ao.auth_option
+			FROM ' . ACL_GROUPS_TABLE . ' a, ' . ACL_OPTIONS_TABLE . ' ao
+			WHERE a.auth_role_id = 0
+				AND a.auth_option_id = ao.auth_option_id ' .
+				(($sql_group) ? 'AND a.' . $sql_group : '') . "
+				$sql_forum
+				$sql_opts
+			ORDER BY a.forum_id, ao.auth_option";
+
+		// Now grab group settings - role specific...
+		$sql_ary[] = 'SELECT a.group_id, a.forum_id, r.auth_setting, r.auth_option_id, ao.auth_option
+			FROM ' . ACL_GROUPS_TABLE . ' a, ' . ACL_ROLES_DATA_TABLE . ' r, ' . ACL_OPTIONS_TABLE . ' ao
+			WHERE a.auth_role_id = r.role_id
+				AND r.auth_option_id = ao.auth_option_id ' .
+				(($sql_group) ? 'AND a.' . $sql_group : '') . "
+				$sql_forum
+				$sql_opts
+			ORDER BY a.forum_id, ao.auth_option";
+
+		foreach ($sql_ary as $sql)
+		{
+			$result = $db->sql_query($sql);
+
+			while ($row = $db->sql_fetchrow($result))
+			{
+				$hold_ary[$row['group_id']][$row['forum_id']][$row['auth_option']] = $row['auth_setting'];
+			}
+			$db->sql_freeresult($result);
+		}
+
+		return $hold_ary;
+	}
+
+	/**
+	* Get raw acl data based on user for caching user_permissions
+	* This function returns the same data as acl_raw_data(), but without the user id as the first key within the array.
+	*/
+	function acl_raw_data_single_user($user_id)
+	{
+		global $db, $cache;
+
+		// Check if the role-cache is there
+		if (($this->role_cache = $cache->get('_role_cache')) === false)
+		{
+			$this->role_cache = array();
+
+			// We pre-fetch roles
+			$sql = 'SELECT *
+				FROM ' . ACL_ROLES_DATA_TABLE . '
+				ORDER BY role_id ASC';
+			$result = $db->sql_query($sql);
+
+			while ($row = $db->sql_fetchrow($result))
+			{
+				$this->role_cache[$row['role_id']][$row['auth_option_id']] = (int) $row['auth_setting'];
+			}
+			$db->sql_freeresult($result);
+
+			foreach ($this->role_cache as $role_id => $role_options)
+			{
+				$this->role_cache[$role_id] = serialize($role_options);
+			}
+
+			$cache->put('_role_cache', $this->role_cache);
+		}
+
 		$hold_ary = array();
 
-		// Grab group settings...
-		$sql = $db->sql_build_query('SELECT', array(
-			'SELECT'	=> 'a.group_id, ao.auth_option, a.forum_id, a.auth_setting, a.auth_role_id, r.auth_setting as role_auth_setting',
-
-			'FROM'		=> array(
-				ACL_OPTIONS_TABLE	=> 'ao',
-				ACL_GROUPS_TABLE	=> 'a'
-			),
-
-			'LEFT_JOIN'	=> array(
-				array(
-					'FROM'	=> array(ACL_ROLES_DATA_TABLE => 'r'),
-					'ON'	=> 'a.auth_role_id = r.role_id'
-				),
-			),
-
-			'WHERE'		=> '(ao.auth_option_id = a.auth_option_id OR ao.auth_option_id = r.auth_option_id)
-				' . (($sql_group) ? 'AND a.' . $sql_group : '') . "
-				$sql_forum
-				$sql_opts",
-
-			'ORDER_BY'	=> 'a.forum_id, ao.auth_option'
-		));
+		// Grab user-specific permission settings
+		$sql = 'SELECT forum_id, auth_option_id, auth_role_id, auth_setting
+			FROM ' . ACL_USERS_TABLE . '
+			WHERE user_id = ' . $user_id;
 		$result = $db->sql_query($sql);
 
 		while ($row = $db->sql_fetchrow($result))
 		{
-			$setting = ($row['auth_role_id']) ? $row['role_auth_setting'] : $row['auth_setting'];
-			$hold_ary[$row['group_id']][$row['forum_id']][$row['auth_option']] = $setting;
+			// If a role is assigned, assign all options included within this role. Else, only set this one option.
+			if ($row['auth_role_id'])
+			{
+				$hold_ary[$row['forum_id']] = (empty($hold_ary[$row['forum_id']])) ? unserialize($this->role_cache[$row['auth_role_id']]) : $hold_ary[$row['forum_id']] + unserialize($this->role_cache[$row['auth_role_id']]);
+			}
+			else
+			{
+				$hold_ary[$row['forum_id']][$row['auth_option_id']] = $row['auth_setting'];
+			}
+		}
+		$db->sql_freeresult($result);
+
+		// Now grab group-specific permission settings
+		$sql = 'SELECT a.forum_id, a.auth_option_id, a.auth_role_id, a.auth_setting
+			FROM ' . ACL_GROUPS_TABLE . ' a, ' . USER_GROUP_TABLE . ' ug
+			WHERE a.group_id = ug.group_id
+				AND ug.user_pending = 0
+				AND ug.user_id = ' . $user_id;
+		$result = $db->sql_query($sql);
+
+		while ($row = $db->sql_fetchrow($result))
+		{
+			if (!$row['auth_role_id'])
+			{
+				$this->_set_group_hold_ary($hold_ary[$row['forum_id']], $row['auth_option_id'], $row['auth_setting']);
+			}
+			else if (!empty($this->role_cache[$row['auth_role_id']]))
+			{
+				foreach (unserialize($this->role_cache[$row['auth_role_id']]) as $option_id => $setting)
+				{
+					$this->_set_group_hold_ary($hold_ary[$row['forum_id']], $option_id, $setting);
+				}
+			}
 		}
 		$db->sql_freeresult($result);
 
 		return $hold_ary;
 	}
 
+	/**
+	* Private function snippet for setting a specific piece of the hold_ary
+	*/
+	function _set_group_hold_ary(&$hold_ary, $option_id, $setting)
+	{
+		if (!isset($hold_ary[$option_id]) || (isset($hold_ary[$option_id]) && $hold_ary[$option_id] != ACL_NEVER))
+		{
+			$hold_ary[$option_id] = $setting;
+
+			// If we detect ACL_NEVER, we will unset the flag option (within building the bitstring it is correctly set again)
+			if ($setting == ACL_NEVER)
+			{
+				$flag = substr($this->acl_options['option'][$option_id], 0, strpos($this->acl_options['option'][$option_id], '_') + 1);
+				$flag = (int) $this->acl_options['id'][$flag];
+
+				if (isset($hold_ary[$flag]) && $hold_ary[$flag] == ACL_YES)
+				{
+					unset($hold_ary[$flag]);
+
+/*					This is uncommented, because i suspect this being slightly wrong due to mixed permission classes being possible
+					if (in_array(ACL_YES, $hold_ary))
+					{
+						$hold_ary[$flag] = ACL_YES;
+					}*/
+				}
+			}
+		}
+	}
+
 	/**
 	* Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him.
 	*/

phpBB/includes/auth/auth_apache.php

@@ -48,8 +48,18 @@ function login_apache(&$username, &$password)
 	if (!$password)
 	{
 		return array(
-			'status'	=> LOGIN_BREAK,
+			'status'	=> LOGIN_ERROR_PASSWORD,
 			'error_msg'	=> 'NO_PASSWORD_SUPPLIED',
+			'user_row'	=> array('user_id' => ANONYMOUS),
+		);
+	}
+
+	if (!$username)
+	{
+		return array(
+			'status'	=> LOGIN_ERROR_USERNAME,
+			'error_msg'	=> 'LOGIN_ERROR_USERNAME',
+			'user_row'	=> array('user_id' => ANONYMOUS),
 		);
 	}
 
@@ -138,8 +148,8 @@ function autologin_apache()
 
 	if (!empty($php_auth_user) && !empty($php_auth_pw))
 	{
-		set_var($php_auth_user, $php_auth_user, 'string');
-		set_var($php_auth_pw, $php_auth_pw, 'string');
+		set_var($php_auth_user, $php_auth_user, 'string', true);
+		set_var($php_auth_pw, $php_auth_pw, 'string', true);
 
 		$sql = 'SELECT *
 			FROM ' . USERS_TABLE . "
@@ -223,7 +233,7 @@ function validate_session_apache(&$user)
 	}
 
 	$php_auth_user = '';
-	set_var($php_auth_user, $_SERVER['PHP_AUTH_USER'], 'string');
+	set_var($php_auth_user, $_SERVER['PHP_AUTH_USER'], 'string', true);
 
 	return ($php_auth_user === $user['username']) ? true : false;
 }

phpBB/includes/auth/auth_db.php

@@ -32,8 +32,18 @@ function login_db(&$username, &$password)
 	if (!$password)
 	{
 		return array(
-			'status'	=> LOGIN_BREAK,
+			'status'	=> LOGIN_ERROR_PASSWORD,
 			'error_msg'	=> 'NO_PASSWORD_SUPPLIED',
+			'user_row'	=> array('user_id' => ANONYMOUS),
+		);
+	}
+
+	if (!$username)
+	{
+		return array(
+			'status'	=> LOGIN_ERROR_USERNAME,
+			'error_msg'	=> 'LOGIN_ERROR_USERNAME',
+			'user_row'	=> array('user_id' => ANONYMOUS),
 		);
 	}
 

phpBB/includes/auth/auth_ldap.php

@@ -104,8 +104,18 @@ function login_ldap(&$username, &$password)
 	if (!$password)
 	{
 		return array(
-			'status'	=> LOGIN_BREAK,
+			'status'	=> LOGIN_ERROR_PASSWORD,
 			'error_msg'	=> 'NO_PASSWORD_SUPPLIED',
+			'user_row'	=> array('user_id' => ANONYMOUS),
+		);
+	}
+
+	if (!$username)
+	{
+		return array(
+			'status'	=> LOGIN_ERROR_USERNAME,
+			'error_msg'	=> 'LOGIN_ERROR_USERNAME',
+			'user_row'	=> array('user_id' => ANONYMOUS),
 		);
 	}
 

phpBB/includes/bbcode.php

@@ -134,10 +134,21 @@ class bbcode
 		{
 			$this->template_bitfield = new bitfield($user->theme['bbcode_bitfield']);
 			$this->template_filename = $phpbb_root_path . 'styles/' . $user->theme['template_path'] . '/template/bbcode.html';
-
+			
 			if (!@file_exists($this->template_filename))
 			{
-				trigger_error('The file ' . $this->template_filename . ' is missing.', E_USER_ERROR);
+				if (isset($user->theme['template_inherits_id']) && $user->theme['template_inherits_id'])
+				{
+					$this->template_filename = $phpbb_root_path . 'styles/' . $user->theme['template_inherit_path'] . '/template/bbcode.html';
+					if (!@file_exists($this->template_filename))
+					{
+						trigger_error('The file ' . $this->template_filename . ' is missing.', E_USER_ERROR);
+					}
+				}
+				else
+				{
+					trigger_error('The file ' . $this->template_filename . ' is missing.', E_USER_ERROR);
+				}
 			}
 		}
 

phpBB/includes/cache.php

@@ -63,7 +63,7 @@ class cache extends acm
 
 			$this->put('config', $cached_config);
 		}
-	
+
 		return $config;
 	}
 
@@ -103,7 +103,7 @@ class cache extends acm
 		if (($icons = $this->get('_icons')) === false)
 		{
 			global $db;
-	
+
 			// Topic icons
 			$sql = 'SELECT *
 				FROM ' . ICONS_TABLE . '
@@ -134,7 +134,7 @@ class cache extends acm
 		if (($ranks = $this->get('_ranks')) === false)
 		{
 			global $db;
-	
+
 			$sql = 'SELECT *
 				FROM ' . RANKS_TABLE . '
 				ORDER BY rank_min DESC';
@@ -284,7 +284,7 @@ class cache extends acm
 		if (($bots = $this->get('_bots')) === false)
 		{
 			global $db;
-	
+
 			switch ($db->sql_layer)
 			{
 				case 'mssql':
@@ -321,7 +321,7 @@ class cache extends acm
 
 			$this->put('_bots', $bots);
 		}
-	
+
 		return $bots;
 	}
 

phpBB/includes/constants.php

@@ -24,6 +24,9 @@ if (!defined('IN_PHPBB'))
 * PHPBB_ADMIN_PATH
 */
 
+// phpBB Version
+define('PHPBB_VERSION', '3.0.4');
+
 // QA-related
 // define('PHPBB_QA', 1);
 
@@ -171,9 +174,19 @@ define('FIELD_BOOL', 4);
 define('FIELD_DROPDOWN', 5);
 define('FIELD_DATE', 6);
 
+// referer validation
+define('REFERER_VALIDATE_NONE', 0);
+define('REFERER_VALIDATE_HOST', 1);
+define('REFERER_VALIDATE_PATH', 2);
+
+// phpbb_chmod() permissions
+@define('CHMOD_ALL', 7);
+@define('CHMOD_READ', 4);
+@define('CHMOD_WRITE', 2);
+@define('CHMOD_EXECUTE', 1);
 
 // Additional constants
-define('VOTE_CONVERTED', 9999);
+define('VOTE_CONVERTED', 127);
 
 // Table names
 define('ACL_GROUPS_TABLE',			$table_prefix . 'acl_groups');

phpBB/includes/db/db_tools.php

@@ -265,7 +265,7 @@ class phpbb_db_tools
 			break;
 
 			case 'mysql4':
-				if (version_compare($this->db->mysql_version, '4.1.3', '>='))
+				if (version_compare($this->db->sql_server_info(true), '4.1.3', '>='))
 				{
 					$this->sql_layer = 'mysql_41';
 				}
@@ -593,7 +593,7 @@ class phpbb_db_tools
 
 	/**
 	* Private method for performing sql statements (either execute them or return them)
-	* @private
+	* @access private
 	*/
 	function _sql_run_sql($statements)
 	{
@@ -624,7 +624,7 @@ class phpbb_db_tools
 
 	/**
 	* Function to prepare some column information for better usage
-	* @private
+	* @access private
 	*/
 	function sql_prepare_column_data($table_name, $column_name, $column_data)
 	{