This commit was manufactured by cvs2svn to create tag

'release_3_0_B2'.

git-svn-id: file:///svn/phpbb/tags/release_3_0_B2@6288 89ea8834-ac86-4346-8a33-228a782c2dd0

phpBB/adm/index.php

@@ -11,6 +11,7 @@
 /**
 */
 define('IN_PHPBB', 1);
+define('ADMIN_START', 1);
 define('NEED_SID', true);
 
 // Include files
@@ -151,7 +152,7 @@ function adm_page_header($page_title)
 	{
 		header('Content-type: text/html; charset: ' . $user->lang['ENCODING']);
 	}
-	header('Cache-Control: private, no-cache="set-cookie", pre-check=0, post-check=0');
+	header('Cache-Control: private, no-cache="set-cookie"');
 	header('Expires: 0');
 	header('Pragma: no-cache');
 
@@ -205,14 +206,7 @@ function adm_page_footer($copyright_html = true)
 
 	$template->display('body');
 
-	// Unload cache, must be done before the DB connection if closed
-	if (!empty($cache))
-	{
-		$cache->unload();
-	}
-
-	// Close our DB connection.
-	$db->sql_close();
+	garbage_collection();
 
 	exit;
 }

phpBB/adm/style/acp_bbcodes.html

@@ -30,6 +30,15 @@
 	</dl>
 	</fieldset>
 
+	<fieldset>
+		<legend>{L_BBCODE_HELPLINE}</legend>
+		<p>{L_BBCODE_HELPLINE_EXPLAIN}</p>
+	<dl>
+		<dt><label for="bbcode_helpline">{L_BBCODE_HELPLINE_TEXT}</label></dt>
+		<dd><input type="text" id="bbcode_helpline" name="bbcode_helpline" size="60" maxlength="255" value="{BBCODE_HELPLINE}" /></dd>
+	</dl>
+	</fieldset>
+
 	<fieldset>
 		<legend>{L_SETTINGS}</legend>
 	<dl>
@@ -45,7 +54,7 @@
 	
 	<br />
 
-	<table cellspacing="1">
+	<table cellspacing="1" id="down">
 	<thead>
 	<tr>
 		<th colspan="2">{L_TOKENS}</th>
@@ -76,7 +85,7 @@
 
 	<p>{L_ACP_BBCODES_EXPLAIN}</p>
 	
-	<table cellspacing="1">
+	<table cellspacing="1" id="down">
 	<thead>
 	<tr>
 		<th>{L_BBCODE_TAG}</th>

phpBB/adm/style/acp_captcha.html

@@ -0,0 +1,122 @@
+<!-- INCLUDE overall_header.html -->
+
+<a name="maincontent"></a>
+
+<h1>{L_ACP_VC_SETTINGS}</h1>
+
+<p>{L_ACP_VC_SETTINGS_EXPLAIN}</p>
+
+<form id="acp_captcha" method="post" action="{U_ACTION}">
+
+<fieldset>
+	<legend>{L_GENERAL_OPTIONS}</legend>
+<dl>
+	<dt><label for="enable_confirm">{L_VISUAL_CONFIRM_REG}:</label><br /><span>{L_VISUAL_CONFIRM_REG_EXPLAIN}</span></dt>
+	<dd><input type="radio" class="radio" id="enable_confirm" name="enable_confirm" value="1"<!-- IF REG_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_ENABLED}&nbsp; &nbsp;<input type="radio" class="radio" name="enable_confirm" value="0"<!-- IF not REG_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_DISABLED}</dd>
+</dl>
+<dl>
+	<dt><label for="enable_post_confirm">{L_VISUAL_CONFIRM_POST}:</label><br /><span>{L_VISUAL_CONFIRM_POST_EXPLAIN}</span></dt>
+	<dd><input type="radio" class="radio" id="enable_post_confirm" name="enable_post_confirm" value="1"<!-- IF POST_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_ENABLED}&nbsp; &nbsp;<input type="radio" class="radio" name="enable_post_confirm" value="0"<!-- IF not POST_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_DISABLED}</dd>
+</dl>
+</fieldset>
+
+<!-- IF GD -->
+<fieldset>
+	<legend>{L_CAPTCHA_OVERLAP}</legend>
+<!-- IF TTF -->
+<dl>
+	<dt><label for="policy_overlap">{L_CAPTCHA_OVERLAP}:</label><br /><span>{U_POLICY_OVERLAP}</span></dt>
+	<dd><input id="policy_overlap" name="policy_overlap" value="1" class="radio" type="radio"<!-- IF OVERLAP_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_YES}&nbsp;&nbsp;<input name="policy_overlap" value="0" class="radio" type="radio"<!-- IF not OVERLAP_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_NO}</dd>
+</dl>
+<dl>
+	<dt><label for="policy_overlap_noise_pixel">{L_OVERLAP_NOISE_PIXEL}:</label></dt>
+	<select id="policy_overlap_noise_pixel" name="policy_overlap_noise_pixel"><option value="0"<!-- IF OVERLAP_NOISE_PIXEL eq '0' --> selected="selected"<!-- ENDIF -->>{L_NO_NOISE}</option><option value="1"<!-- IF OVERLAP_NOISE_PIXEL eq '1' --> selected="selected"<!-- ENDIF -->>{L_LIGHT}</option><option value="2"<!-- IF OVERLAP_NOISE_PIXEL eq '2' --> selected="selected"<!-- ENDIF -->>{L_MEDIUM}</option><option value="3"<!-- IF OVERLAP_NOISE_PIXEL eq '3' --> selected="selected"<!-- ENDIF -->>{L_HEAVY}</option></select></dd>
+</dl>
+<dl>
+	<dt><label for="policy_overlap_noise_line">{L_OVERLAP_NOISE_LINE}:</label></dt>
+
+	<dd><input id="policy_overlap_noise_line" name="policy_overlap_noise_line" value="1" class="radio" type="radio"<!-- IF OVERLAP_NOISE_LINE_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_YES}&nbsp;&nbsp;<input name="policy_overlap_noise_line" value="0" class="radio" type="radio"<!-- IF not OVERLAP_NOISE_LINE_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_NO}</dd>
+</dl>
+</fieldset>
+<!-- ENDIF -->
+
+<fieldset>
+	<legend>{L_CAPTCHA_ENTROPY}</legend>
+<dl>
+	<dt><label for="policy_entropy">{L_CAPTCHA_ENTROPY}:</label><br /><span>{U_POLICY_ENTROPY}</span></dt>
+	<dd><input id="policy_entropy" name="policy_entropy" value="1" class="radio" type="radio"<!-- IF ENTROPY_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_YES}&nbsp;&nbsp;<input name="policy_entropy" value="0" class="radio" type="radio"<!-- IF not ENTROPY_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_NO}</dd>
+</dl>
+<dl>
+	<dt><label for="policy_entropy_noise_pixel">{L_ENTROPY_NOISE_PIXEL}:</label></dt>
+	<select id="policy_entropy_noise_pixel" name="policy_entropy_noise_pixel"><option value="0"<!-- IF ENTROPY_NOISE_PIXEL eq '0' --> selected="selected"<!-- ENDIF -->>{L_NO_NOISE}</option><option value="1"<!-- IF ENTROPY_NOISE_PIXEL eq '1' --> selected="selected"<!-- ENDIF -->>{L_LIGHT}</option><option value="2"<!-- IF ENTROPY_NOISE_PIXEL eq '2' --> selected="selected"<!-- ENDIF -->>{L_MEDIUM}</option><option value="3"<!-- IF ENTROPY_NOISE_PIXEL eq '3' --> selected="selected"<!-- ENDIF -->>{L_HEAVY}</option></select></dd>
+</dl>
+<dl>
+
+	<dt><label for="policy_entropy_noise_line">{L_ENTROPY_NOISE_LINE}:</label></dt>
+	<dd><input id="policy_entropy_noise_line" name="policy_entropy_noise_line" value="1" class="radio" type="radio"<!-- IF ENTROPY_NOISE_LINE_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_YES}&nbsp;&nbsp;<input name="policy_entropy_noise_line" value="0" class="radio" type="radio"<!-- IF not ENTROPY_NOISE_LINE_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_NO}</dd>
+</dl>
+</fieldset>
+
+<!-- IF TTF -->
+<fieldset>
+	<legend>{L_CAPTCHA_SHAPE}</legend>
+<dl>
+	<dt><label for="policy_shape">{L_CAPTCHA_SHAPE}:</label><br /><span>{U_POLICY_SHAPE}</span></dt>
+	<dd><input id="policy_shape" name="policy_shape" value="1" class="radio" type="radio"<!-- IF SHAPE_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_YES}&nbsp;&nbsp;<input name="policy_shape" value="0" class="radio" type="radio"<!-- IF not SHAPE_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_NO}</dd>
+
+</dl>
+<dl>
+	<dt><label for="policy_shape_noise_pixel">{L_SHAPE_NOISE_PIXEL}:</label></dt>
+	<select id="policy_shape_noise_pixel" name="policy_shape_noise_pixel"><option value="0"<!-- IF SHAPE_NOISE_PIXEL eq '0' --> selected="selected"<!-- ENDIF -->>{L_NO_NOISE}</option><option value="1"<!-- IF SHAPE_NOISE_PIXEL eq '1' --> selected="selected"<!-- ENDIF -->>{L_LIGHT}</option><option value="2"<!-- IF SHAPE_NOISE_PIXEL eq '2' --> selected="selected"<!-- ENDIF -->>{L_MEDIUM}</option><option value="3"<!-- IF SHAPE_NOISE_PIXEL eq '3' --> selected="selected"<!-- ENDIF -->>{L_HEAVY}</option></select></dd>
+</dl>
+<dl>
+	<dt><label for="policy_shape_noise_line">{L_SHAPE_NOISE_LINE}:</label></dt>
+	<dd><input id="policy_shape_noise_line" name="policy_shape_noise_line" value="1" class="radio" type="radio"<!-- IF SHAPE_NOISE_LINE_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_YES}&nbsp;&nbsp;<input name="policy_shape_noise_line" value="0" class="radio" type="radio"<!-- IF not SHAPE_NOISE_LINE_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_NO}</dd>
+</dl>
+</fieldset>
+<!-- ENDIF -->
+
+<fieldset>
+	<legend>{L_CAPTCHA_3DBITMAP}</legend>
+<dl>
+	<dt><label for="policy_3dbitmap">{L_CAPTCHA_3DBITMAP}:</label><br /><span>{U_POLICY_3DBITMAP}</span></dt>
+	<dd><input id="policy_3dbitmap" name="policy_3dbitmap" value="1" class="radio" type="radio"<!-- IF THREEDBITMAP_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_YES}&nbsp;&nbsp;<input name="policy_3dbitmap" value="0" class="radio" type="radio"<!-- IF not THREEDBITMAP_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_NO}</dd>
+</dl>
+</fieldset>
+
+<!-- IF TTF -->
+<fieldset>
+	<legend>{L_CAPTCHA_CELLS}</legend>
+<dl>
+	<dt><label for="policy_cells">{L_CAPTCHA_CELLS}:</label><br /><span>{U_POLICY_CELLS}</span></dt>
+	<dd><input id="policy_cells" name="policy_cells" value="1" class="radio" type="radio"<!-- IF CELLS_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_YES}&nbsp;&nbsp;<input name="policy_cells" value="0" class="radio" type="radio"<!-- IF not CELLS_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_NO}</dd>
+</dl>
+</fieldset>
+
+<fieldset>
+	<legend>{L_CAPTCHA_STENCIL}</legend>
+<dl>
+	<dt><label for="policy_stencil">{L_CAPTCHA_STENCIL}:</label><br /><span>{U_POLICY_STENCIL}</span></dt>
+	<dd><input id="policy_stencil" name="policy_stencil" value="1" class="radio" type="radio"<!-- IF STENCIL_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_YES}&nbsp;&nbsp;<input name="policy_stencil" value="0" class="radio" type="radio"<!-- IF not STENCIL_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_NO}</dd>
+</dl>
+</fieldset>
+
+<fieldset>
+	<legend>{L_CAPTCHA_COMPOSITE}</legend>
+<dl>
+	<dt><label for="policy_composite">{L_CAPTCHA_COMPOSITE}:</label><br /><span>{U_POLICY_COMPOSITE}</span></dt>
+	<dd><input id="policy_composite" name="policy_composite" value="1" class="radio" type="radio"<!-- IF COMPOSITE_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_YES}&nbsp;&nbsp;<input name="policy_composite" value="0" class="radio" type="radio"<!-- IF not COMPOSITE_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_NO}</dd>
+</dl>
+</fieldset>
+<!-- ENDIF -->
+
+<!-- ENDIF -->
+
+<fieldset class="submit-buttons">
+	<input class="button1" type="submit" id="submit" name="submit" value="{L_SUBMIT}" />&nbsp;
+	<input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" />
+</fieldset>
+
+</form>
+
+<!-- INCLUDE overall_footer.html -->

phpBB/adm/style/acp_database.html

@@ -54,7 +54,7 @@
 		<legend>{L_BACKUP_OPTIONS}</legend>
 	<dl>
 		<dt><label for="user">{L_BACKUP_TYPE}:</label></dt>
-		<dd><input type="radio" class="radio" name="type" value="full" id="type" checked="checked" />&nbsp;{L_FULL_BACKUP}&nbsp;&nbsp;<input type="radio" name="type" value="structure" id="type" />&nbsp;{L_STRUCTURE_ONLY}&nbsp;&nbsp;<input type="radio" class="radio" name="type" value="data" id="type" />&nbsp;{L_DATA_ONLY}</dd>
+		<dd><input type="radio" class="radio" name="type" value="full" id="type" checked="checked" />&nbsp;{L_FULL_BACKUP}&nbsp;&nbsp;<input type="radio" name="type" class="radio" value="structure" id="type" />&nbsp;{L_STRUCTURE_ONLY}&nbsp;&nbsp;<input type="radio" class="radio" name="type" value="data" id="type" />&nbsp;{L_DATA_ONLY}</dd>
 	</dl>
 	<dl>
 		<dt><label for="user">{L_FILE_TYPE}:</label></dt>

phpBB/adm/style/acp_forums.html

@@ -100,12 +100,10 @@
 		<dt><label for="forum_style">{L_FORUM_STYLE}:</label></dt>
 		<dd><select id="forum_style" name="forum_style"><option value="0">{L_DEFAULT_STYLE}</option>{S_STYLES_OPTIONS}</select></dd>
 	</dl>
-	<!-- IF S_ADD_ACTION -->
-		<dl>
-			<dt><label for="forum_perm_from">{L_COPY_PERMISSIONS}:</label><br /><span>{L_COPY_PERMISSIONS_EXPLAIN}</span></dt>
-			<dd><select id="forum_perm_from" name="forum_perm_from"><option value="0">{L_NO_PERMISSIONS}</option>{S_FORUM_OPTIONS}</select></dd>
-		</dl>
-	<!-- ENDIF -->
+	<dl>
+		<dt><label for="forum_perm_from">{L_COPY_PERMISSIONS}:</label><br /><span>{L_COPY_PERMISSIONS_EXPLAIN}</span></dt>
+		<dd><select id="forum_perm_from" name="forum_perm_from"><option value="0">{L_NO_PERMISSIONS}</option>{S_FORUM_OPTIONS}</select></dd>
+	</dl>
 	</fieldset>
 
 	<div id="forum_cat_options"<!-- IF not S_FORUM_CAT --> style="display: none;"<!-- ENDIF -->>
@@ -125,6 +123,16 @@
 			<dt><label for="forum_status">{L_FORUM_STATUS}:</label></dt>
 			<dd><select id="forum_status" name="forum_status">{S_STATUS_OPTIONS}</select></dd>
 		</dl>
+	<!-- IF S_SHOW_DISPLAY_ON_INDEX -->
+		<dl>
+			<dt><label for="display_on_index">{L_LIST_INDEX}:</label><br /><span>{L_LIST_INDEX_EXPLAIN}</span></dt>
+			<dd><input type="radio" class="radio" name="display_on_index" value="1"<!-- IF S_DISPLAY_ON_INDEX --> id="display_on_index" checked="checked"<!-- ENDIF --> /> {L_YES} &nbsp; <input type="radio" class="radio" name="display_on_index" value="0"<!-- IF not S_DISPLAY_ON_INDEX --> id="display_on_index" checked="checked"<!-- ENDIF --> /> {L_NO}</dd>
+		</dl>
+	<!-- ENDIF -->
+		<dl>
+			<dt><label for="enable_post_review">{L_ENABLE_POST_REVIEW}:</label><br /><span>{L_ENABLE_POST_REVIEW_EXPLAIN}</span></dt>
+			<dd><input type="radio" class="radio" name="enable_post_review" value="1"<!-- IF S_ENABLE_POST_REVIEW --> id="enable_post_review" checked="checked"<!-- ENDIF --> /> {L_YES} &nbsp; <input type="radio" class="radio" name="enable_post_review" value="0"<!-- IF not S_ENABLE_POST_REVIEW --> id="enable_post_review" checked="checked"<!-- ENDIF --> /> {L_NO}</dd>
+		</dl>
 		<dl>
 			<dt><label for="enable_indexing">{L_ENABLE_INDEXING}:</label><br /><span>{L_ENABLE_INDEXING_EXPLAIN}</span></dt>
 			<dd><input type="radio" class="radio" name="enable_indexing" value="1"<!-- IF S_ENABLE_INDEXING --> id="enable_indexing" checked="checked"<!-- ENDIF --> /> {L_YES} &nbsp; <input type="radio" class="radio" name="enable_indexing" value="0"<!-- IF not S_ENABLE_INDEXING --> id="enable_indexing" checked="checked"<!-- ENDIF --> /> {L_NO}</dd>
@@ -133,22 +141,30 @@
 			<dt><label for="enable_icons">{L_ENABLE_TOPIC_ICONS}:</label></dt>
 			<dd><input type="radio" class="radio" name="enable_icons" value="1"<!-- IF S_TOPIC_ICONS --> id="enable_icons" checked="checked"<!-- ENDIF --> /> {L_YES} &nbsp; <input type="radio" class="radio" name="enable_icons" value="0"<!-- IF not S_TOPIC_ICONS --> id="enable_icons" checked="checked"<!-- ENDIF --> /> {L_NO}</dd>
 		</dl>
-	<!-- IF S_SHOW_DISPLAY_ON_INDEX -->
-		<dl>
-			<dt><label for="display_on_index">{L_LIST_INDEX}:</label><br /><span>{L_LIST_INDEX_EXPLAIN}</span></dt>
-			<dd><input type="radio" class="radio" name="display_on_index" value="1"<!-- IF S_DISPLAY_ON_INDEX --> id="display_on_index" checked="checked"<!-- ENDIF --> /> {L_YES} &nbsp; <input type="radio" class="radio" name="display_on_index" value="0"<!-- IF not S_DISPLAY_ON_INDEX --> id="display_on_index" checked="checked"<!-- ENDIF --> /> {L_NO}</dd>
-		</dl>
-	<!-- ENDIF -->
 		<dl>
 			<dt><label for="display_recent">{L_ENABLE_RECENT}:</label><br /><span>{L_ENABLE_RECENT_EXPLAIN}</span></dt>
 			<dd><input type="radio" class="radio" name="display_recent" value="1"<!-- IF S_DISPLAY_ACTIVE_TOPICS --> id="display_recent" checked="checked"<!-- ENDIF --> /> {L_YES} &nbsp; <input type="radio" class="radio" name="display_recent" value="0"<!-- IF not S_DISPLAY_ACTIVE_TOPICS --> id="display_recent" checked="checked"<!-- ENDIF --> /> {L_NO}</dd>
 		</dl>
 		<dl>
-			<dt><label for="enable_prune">{L_FORUM_AUTO_PRUNE}:</label><br /><span>{L_FORUM_AUTO_PRUNE_EXPLAIN}</span></dt>
-			<dd><input type="radio" class="radio" name="enable_prune" onchange="dE('forum_prune_options', 1)" value="1"<!-- IF S_PRUNE_ENABLE --> id="enable_prune" checked="checked"<!-- ENDIF --> /> {L_YES} &nbsp; <input type="radio" class="radio" name="enable_prune" onchange="dE('forum_prune_options', -1)" value="0"<!-- IF not S_PRUNE_ENABLE --> id="enable_prune" checked="checked"<!-- ENDIF --> /> {L_NO}</dd>
+			<dt><label for="topics_per_page">{L_FORUM_TOPICS_PAGE}:</label><br /><span>{L_FORUM_TOPICS_PAGE_EXPLAIN}</span></dt>
+			<dd><input type="text" id="topics_per_page" name="topics_per_page" value="{TOPICS_PER_PAGE}" /></dd>
+		</dl>
+		<dl>
+			<dt><label for="forum_password">{L_FORUM_PASSWORD}:</label><br /><span>{L_FORUM_PASSWORD_EXPLAIN}</span></dt>
+			<dd><input type="password" id="forum_password" name="forum_password" value="{FORUM_PASSWORD}" /></dd>
+		</dl>
+		<dl>
+			<dt><label for="forum_password_confirm">{L_FORUM_PASSWORD_CONFIRM}:</label><br /><span>{L_FORUM_PASSWORD_CONFIRM_EXPLAIN}</span></dt>
+			<dd><input type="password" id="forum_password_confirm" name="forum_password_confirm" value="{FORUM_PASSWORD_CONFIRM}" /></dd>
+		</dl>
+		</fieldset>
+
+		<fieldset>
+			<legend>{L_FORUM_PRUNE_SETTINGS}</legend>
+		<dl>
+			<dt><label for="enable_prune">{L_FORUM_AUTO_PRUNE}:</label><br /><span>{L_FORUM_AUTO_PRUNE_EXPLAIN}</span></dt>
+			<dd><input type="radio" class="radio" name="enable_prune" value="1"<!-- IF S_PRUNE_ENABLE --> id="enable_prune" checked="checked"<!-- ENDIF --> /> {L_YES} &nbsp; <input type="radio" class="radio" name="enable_prune" value="0"<!-- IF not S_PRUNE_ENABLE --> id="enable_prune" checked="checked"<!-- ENDIF --> /> {L_NO}</dd>
 		</dl>
-	
-	<div id="forum_prune_options"<!-- IF not S_PRUNE_ENABLE --> style="display: none;"<!-- ENDIF -->>
 		<dl>
 			<dt><label for="prune_freq">{L_AUTO_PRUNE_FREQ}:</label><br /><span>{L_AUTO_PRUNE_FREQ_EXPLAIN}</span></dt>
 			<dd><input type="text" id="prune_freq" name="prune_freq" value="{PRUNE_FREQ}" /> {L_DAYS}</dd>
@@ -173,20 +189,6 @@
 			<dt><label for="prune_sticky">{L_PRUNE_STICKY}:</label></dt>
 			<dd><input type="radio" class="radio" name="prune_sticky" value="1"<!-- IF S_PRUNE_STICKY --> id="prune_sticky" checked="checked"<!-- ENDIF --> /> {L_YES} &nbsp; <input type="radio" class="radio" name="prune_sticky" value="0"<!-- IF not S_PRUNE_STICKY --> id="prune_sticky" checked="checked"<!-- ENDIF --> /> {L_NO}</dd>
 		</dl>
-	</div>
-	
-		<dl>
-			<dt><label for="topics_per_page">{L_FORUM_TOPICS_PAGE}:</label><br /><span>{L_FORUM_TOPICS_PAGE_EXPLAIN}</span></dt>
-			<dd><input type="text" id="topics_per_page" name="topics_per_page" value="{TOPICS_PER_PAGE}" /></dd>
-		</dl>
-		<dl>
-			<dt><label for="forum_password">{L_FORUM_PASSWORD}:</label><br /><span>{L_FORUM_PASSWORD_EXPLAIN}</span></dt>
-			<dd><input type="password" id="forum_password" name="forum_password" value="{FORUM_PASSWORD}" /></dd>
-		</dl>
-		<dl>
-			<dt><label for="forum_password_confirm">{L_FORUM_PASSWORD_CONFIRM}:</label><br /><span>{L_FORUM_PASSWORD_CONFIRM_EXPLAIN}</span></dt>
-			<dd><input type="password" id="forum_password_confirm" name="forum_password_confirm" value="{FORUM_PASSWORD_CONFIRM}" /></dd>
-		</dl>
 		</fieldset>
 	</div>
 

phpBB/adm/style/acp_groups.html

@@ -153,12 +153,16 @@
 
 	<a href="{U_BACK}" style="float: right">&laquo; {L_BACK}</a>
 
-	<h1>{L_GROUP_MEMBERS}</h1>
+	<h1>{L_GROUP_MEMBERS} :: {GROUP_NAME}</h1>
 
 	<p>{L_GROUP_MEMBERS_EXPLAIN}</p>
 
 	<form id="list" method="post" action="{U_ACTION}">
 
+	<fieldset class="quick">
+		<a href="{U_DEFAULT_ALL}">&raquo; {L_MAKE_DEFAULT_FOR_ALL}</a>
+	</fieldset>
+
 	<table cellspacing="1">
 	<thead>
 	<tr>
@@ -259,6 +263,13 @@
 
 	<p>{L_ACP_GROUPS_MANAGE_EXPLAIN}</p>
 
+	<!-- IF S_ERROR -->
+		<div class="errorbox">
+			<h3>{L_WARNING}</h3>
+			<p>{ERROR_MSG}</p>
+		</div>
+	<!-- ENDIF -->
+
 	<h1>{L_USER_DEF_GROUPS}</h1>
 
 	<p>{L_USER_DEF_GROUPS_EXPLAIN}</p>
@@ -269,9 +280,10 @@
 		<col class="col1" /><col class="col1" /><col class="col2" /><col class="col2" /><col class="col2" />
 	<thead>
 	<tr>
-		<th style="width: 50%">{L_MANAGE}</th>
+		<th style="width: 50%">{L_GROUP}</th>
 		<th>{L_TOTAL_MEMBERS}</th>
-		<th colspan="3">{L_OPTIONS}</th>
+		<th colspan="2">{L_OPTIONS}</th>
+		<th>{L_ACTION}</th>
 	</tr>
 	</thead>
 	<tbody>
@@ -282,10 +294,13 @@
 
 	<fieldset class="quick">
 		<!-- IF S_GROUP_ADD -->
-			{L_CREATE_GROUP}: <input type="text" name="group_name" value="" /> <input class="button2" type="submit" name="add" value="{L_SUBMIT}" />
+			{L_CREATE_GROUP}: <input type="text" name="group_name" value="" /> <input class="button2" type="submit" name="submit" value="{L_SUBMIT}" />
+			<input type="hidden" name="add" value="1" />
 		<!-- ENDIF -->
 	</fieldset>
 
+	</form>
+
 	<h1>{L_SPECIAL_GROUPS}</h1>
 
 	<p>{L_SPECIAL_GROUPS_EXPLAIN}</p>
@@ -294,18 +309,19 @@
 		<col class="col1" /><col class="col1" /><col class="col2" /><col class="col2" /><col class="col2" />
 	<thead>
 	<tr>
-		<th style="width: 50%">{L_MANAGE}</th>
+		<th style="width: 50%">{L_GROUP}</th>
 		<th>{L_TOTAL_MEMBERS}</th>
-		<th colspan="3">{L_OPTIONS}</th>
+		<th colspan="2">{L_OPTIONS}</th>
+		<th>{L_ACTION}</th>
 	</tr>
 	</thead>
 	<tbody>
 		<!-- ELSE -->
 		<tr>
-			<td><a href="{groups.U_LIST}">{groups.GROUP_NAME}</a></td>
+			<td><strong>{groups.GROUP_NAME}</strong></td>
 			<td style="text-align: center;">{groups.TOTAL_MEMBERS}</td>
-			<td style="text-align: center;"><a href="{groups.U_DEFAULT}">{L_GROUP_DEFAULT}</a></td>
-			<td style="text-align: center;"><a href="{groups.U_EDIT}">{L_EDIT}</a></td>
+			<td style="text-align: center;"><a href="{groups.U_EDIT}">{L_SETTINGS}</a></td>
+			<td style="text-align: center;"><a href="{groups.U_LIST}">{L_MEMBERS}</a></td>
 			<td style="text-align: center;"><!-- IF not groups.S_GROUP_SPECIAL and groups.U_DELETE --><a href="{groups.U_DELETE}">{L_DELETE}</a><!-- ELSE -->{L_DELETE}<!-- ENDIF --></td>
 		</tr>
 		<!-- ENDIF -->
@@ -313,8 +329,6 @@
 	</tbody>
 	</table>
 
-	</form>
-
 <!-- ENDIF -->
 
 <!-- INCLUDE overall_footer.html -->

phpBB/adm/style/acp_logs.html

@@ -70,12 +70,20 @@
 
 <!-- IF S_CLEARLOGS -->
 	<fieldset class="quick">
-		<b class="small"><a href="#" onclick="marklist('list', 'mark', true);">{L_MARK_ALL}</a> :: <a href="#" onclick="marklist('list', 'mark', false);">{L_UNMARK_ALL}</a></b><br />
+		<b class="small"><a href="javascript: marklist('list', 'mark', true);">{L_MARK_ALL}</a> :: <a href="javascript:marklist('list', 'mark', false);">{L_UNMARK_ALL}</a></b><br />
 		<input class="button2" type="submit" name="delmarked" value="{L_DELETE_MARKED}" />&nbsp;
 		<input class="button2" type="submit" name="delall" value="{L_DELETE_ALL}" />&nbsp;
 	</fieldset>
 <!-- ENDIF -->
 
+<div class="pagination">
+	<!-- IF PAGINATION -->
+		<a href="javascript:jumpto();" title="{L_JUMP_TO_PAGE}">{S_ON_PAGE}</a> &bull; <span>{PAGINATION}</span>
+	<!-- ELSE -->
+		{S_ON_PAGE}
+	<!-- ENDIF -->
+</div>
+
 </form>
 
 <!-- INCLUDE overall_footer.html -->

phpBB/adm/style/acp_main.html

@@ -11,6 +11,13 @@
 	</div>
 <!-- ENDIF -->
 
+<!-- IF S_REMOVE_INSTALL -->
+	<div class="errorbox">
+		<h3>{L_WARNING}</h3>
+		<p>{L_REMOVE_INSTALL}</p>
+	</div>
+<!-- ENDIF -->
+
 <table cellspacing="1">
 	<caption>{L_FORUM_STATS}</caption>
 	<col class="col1" /><col class="col2" /><col class="col1" /><col class="col2" />
@@ -60,10 +67,10 @@
 	<td><b>{UPLOAD_DIR_SIZE}</b></td>
 </tr>
 <tr>
+	<td>{L_DATABASE_SERVER_INFO}: </td>
+	<td><b>{DATABASE_INFO}</b></td>
 	<td>{L_GZIP_COMPRESSION}: </td>
 	<td><b>{GZIP_COMPRESSION}</b></td>
-	<td>&nbsp;</td>
-	<td>&nbsp;</td>
 </tr>
 </tbody>
 </table>
@@ -104,6 +111,10 @@
 	<!-- END log -->
 	</tbody>
 	</table>
+
+	<br />
+	<div style="text-align: right;"><a href="{U_ADMIN_LOG}">&raquo; {L_VIEW_ADMIN_LOG}</a></div>
+
 <!-- ENDIF -->
 
 <!-- IF S_INACTIVE_USERS -->
@@ -118,6 +129,7 @@
 	<tr>
 		<th>{L_USERNAME}</th>
 		<th>{L_JOINED}</th>
+		<th>{L_LAST_VISIT}</th>
 		<th>{L_MARK}</th>
 	</tr>
 	</thead>
@@ -127,6 +139,7 @@
 
 			<td><a href="{inactive.U_USER_ADMIN}">{inactive.USERNAME}</a></td>
 			<td>{inactive.DATE}</td>
+			<td>{inactive.LAST_VISIT}</td>
 			<td>&nbsp;<input type="checkbox" class="radio" name="mark[]" value="{inactive.USER_ID}" />&nbsp;</td>
 		</tr>
 	<!-- BEGINELSE -->

phpBB/adm/style/acp_modules.html

@@ -93,9 +93,9 @@
 			<label><input type="radio" class="radio" name="module_display" value="0"<!-- IF not MODULE_DISPLAY --> checked="checked"<!-- ENDIF --> /> {L_NO}</label></dd>
 		</dl>
 		<dl>
-			<dt><label for="module_name">{L_CHOOSE_MODULE}:</label><br />
+			<dt><label for="module_basename">{L_CHOOSE_MODULE}:</label><br />
 			<span>{L_CHOOSE_MODULE_EXPLAIN}</span></dt>
-			<dd><select name="module_name" id="module_name" onchange="display_modes(this.value);">{S_MODULE_NAMES}</select></dd>
+			<dd><select name="module_basename" id="module_basename" onchange="display_modes(this.value);">{S_MODULE_NAMES}</select></dd>
 		</dl>
 		<dl>
 			<dt><label for="module_mode">{L_CHOOSE_MODE}:</label><br />

phpBB/adm/style/acp_permission_roles.html

@@ -96,7 +96,7 @@
 	<h1>{L_ACL_TYPE}</h1>
 
 	<fieldset class="quick">
-		<a href="javascript: mark_options('a_options', 'y');">{L_ALL_YES}</a> &bull; <a href="javascript: mark_options('a_options', 'n');">{L_ALL_NO}</a> &bull; <a href="javascript: mark_options('a_options', 'u');">{L_ALL_UNSET}</a>
+		<a href="javascript: mark_options('a_options', 'y');">{L_ALL_YES}</a> &bull; <a href="javascript: mark_options('a_options', 'n');">{L_ALL_NEVER}</a> &bull; <a href="javascript: mark_options('a_options', 'u');">{L_ALL_NO}</a>
 	</fieldset>
 
 	<fieldset class="permissions">
@@ -114,10 +114,10 @@
 		<!-- BEGIN auth -->
 			<!-- IF auth.S_YES -->
 				<td class="preset preset_yes">
+			<!-- ELSEIF auth.S_NEVER -->
+				<td class="preset preset_never">
 			<!-- ELSEIF auth.S_NO -->
 				<td class="preset preset_no">
-			<!-- ELSEIF auth.S_UNSET -->
-				<td class="preset preset_unset">
 			<!-- ELSE -->
 				<td class="preset preset_custom">
 			<!-- ENDIF -->
@@ -132,17 +132,17 @@
 				<tr>
 					<th scope="col" style="text-align: left; padding-left: 0;"><strong>{L_ACL_SETTING} [{auth.CAT_NAME}]</strong></th>
 					<th scope="col"><a href="javascript: mark_options('options{auth.S_ROW_COUNT}', 'y');">{L_ACL_YES}</a></th>
-					<th scope="col"><a href="javascript: mark_options('options{auth.S_ROW_COUNT}', 'u');">{L_ACL_UNSET}</a></th>
-					<th scope="col"><a href="javascript: mark_options('options{auth.S_ROW_COUNT}', 'n');">{L_ACL_NO}</a></th>
+					<th scope="col"><a href="javascript: mark_options('options{auth.S_ROW_COUNT}', 'u');">{L_ACL_NO}</a></th>
+					<th scope="col"><a href="javascript: mark_options('options{auth.S_ROW_COUNT}', 'n');">{L_ACL_NEVER}</a></th>
 				</tr>
 				</thead>
 				<tbody>
 				<!-- BEGIN mask -->
 					<!-- IF auth.mask.S_ROW_COUNT is even --><tr class="row4"><!-- ELSE --><tr class="row3"><!-- ENDIF -->
 					<th>{auth.mask.PERMISSION}</th>
-					<td class="unset"><input id="setting[{auth.mask.FIELD_NAME}]_y" name="setting[{auth.mask.FIELD_NAME}]" class="radio" type="radio"<!-- IF auth.mask.S_YES --> checked="checked"<!-- ENDIF --> value="1" /></td>
-					<td class="unset"><input id="setting[{auth.mask.FIELD_NAME}]_u" name="setting[{auth.mask.FIELD_NAME}]" class="radio" type="radio"<!-- IF auth.mask.S_UNSET --> checked="checked"<!-- ENDIF --> value="-1" /></td>
-					<td class="unset"><input id="setting[{auth.mask.FIELD_NAME}]_n" name="setting[{auth.mask.FIELD_NAME}]" class="radio" type="radio"<!-- IF auth.mask.S_NO --> checked="checked"<!-- ENDIF --> value="0" /></td>
+					<td class="no"><input id="setting[{auth.mask.FIELD_NAME}]_y" name="setting[{auth.mask.FIELD_NAME}]" class="radio" type="radio"<!-- IF auth.mask.S_YES --> checked="checked"<!-- ENDIF --> value="1" /></td>
+					<td class="no"><input id="setting[{auth.mask.FIELD_NAME}]_u" name="setting[{auth.mask.FIELD_NAME}]" class="radio" type="radio"<!-- IF auth.mask.S_NO --> checked="checked"<!-- ENDIF --> value="-1" /></td>
+					<td class="no"><input id="setting[{auth.mask.FIELD_NAME}]_n" name="setting[{auth.mask.FIELD_NAME}]" class="radio" type="radio"<!-- IF auth.mask.S_NEVER --> checked="checked"<!-- ENDIF --> value="0" /></td>
 				</tr>
 				<!-- END mask -->
 				</tbody>

phpBB/adm/style/acp_permissions.html

@@ -140,8 +140,7 @@
 			
 			<fieldset class="quick">
 				{S_HIDDEN_FIELDS}
-				<input class="button2" type="submit" name="action[delete]" value="{L_REMOVE_PERMISSIONS}" /> &nbsp;
-				<input class="button1" type="submit" name="submit_edit_options" value="{L_EDIT_PERMISSIONS}" />
+				<input type="submit" class="button2" name="action[delete]" value="{L_REMOVE_PERMISSIONS}" style="width: 46% !important;" /> &nbsp; <input class="button1" type="submit" name="submit_edit_options" value="{L_EDIT_PERMISSIONS}" style="width: 46% !important;" />
 			</fieldset>
 			
 			</form>
@@ -153,13 +152,12 @@
 				<p>{L_USERNAMES_EXPLAIN}</p>
 			<dl>
 				<dd class="full"><textarea id="username" name="usernames" rows="5" cols="5" style="width: 100%; height: 60px;"></textarea></dd>
-				<dd class="full" style="text-align: left;"><input type="checkbox" class="radio" id="anonymous" name="user_id[]" value="{ANONYMOUS_USER_ID}" /> &nbsp;{L_SELECT_ANONYMOUS}</dd>
+				<dd class="full" style="text-align: left;"><div style="float: right;">[ <a href="#" onclick="window.open('{U_FIND_USERNAME}', '_phpbbsearch', 'height=500, resizable=yes, scrollbars=yes, width=740'); return false;">{L_FIND_USERNAME}</a> ]</div><input type="checkbox" class="radio" id="anonymous" name="user_id[]" value="{ANONYMOUS_USER_ID}" /> &nbsp;{L_SELECT_ANONYMOUS}</dd>
 			</dl>
 			</fieldset>
 
 			<fieldset class="quick">
 				{S_HIDDEN_FIELDS}
-				<input class="button2" type="submit" name="find_username" value="{L_FIND_USERNAME}" onclick="window.open('{U_FIND_USERNAME}', '_phpbbsearch', 'height=500, resizable=yes, scrollbars=yes, width=740'); return false;" /> &nbsp;
 				<input class="button1" type="submit" name="submit_add_options" value="{L_ADD_PERMISSIONS}" />
 			</fieldset>
 			
@@ -187,8 +185,7 @@
 			
 			<fieldset class="quick">
 				{S_HIDDEN_FIELDS}
-				<input class="button2" type="submit" name="action[delete]" value="{L_REMOVE_PERMISSIONS}" />&nbsp;
-				<input class="button1" type="submit" name="submit_edit_options" value="{L_EDIT_PERMISSIONS}" />
+				<input class="button2" type="submit" name="action[delete]" value="{L_REMOVE_PERMISSIONS}" style="width: 46% !important;" /> &nbsp; <input class="button1" type="submit" name="submit_edit_options" value="{L_EDIT_PERMISSIONS}" style="width: 46% !important;" />
 			</fieldset>
 			
 			</form>

phpBB/adm/style/acp_profile.html

@@ -40,7 +40,7 @@
 		<fieldset>
 			<legend>{L_VISIBILITY_OPTION}</legend>
 		<dl>
-			<dt><label for="field_option_none">{L_DISPLAY_AT_PROFILE}:</label></dt>
+			<dt><label for="field_option_none">{L_DISPLAY_AT_PROFILE}:</label><br /><span>{L_DISPLAY_AT_PROFILE_EXPLAIN}</span></dt>
 			<dd><input type="radio" class="radio" id="field_option_none" name="field_option" value="none"<!-- IF not S_SHOW_ON_REG and not S_FIELD_REQUIRED and not S_FIELD_HIDE --> checked="checked"<!-- ENDIF --> /></dd>
 		</dl>
 		<dl>
@@ -81,7 +81,13 @@
 		<!-- ENDIF -->
 		<!-- IF S_BOOL or S_DROPDOWN -->
 			<dl>
-				<dt><label for="lang_options">{L_ENTRIES}:</label><br /><span>{L_LANG_OPTIONS_EXPLAIN}</span></dt>
+				<dt><label for="lang_options">{L_ENTRIES}:</label>
+					<!-- IF S_EDIT_MODE and S_DROPDOWN -->
+						<br /><span>{L_EDIT_DROPDOWN_LANG_EXPLAIN}</span>
+					<!-- ELSE -->
+						<br /><span>{L_LANG_OPTIONS_EXPLAIN}</span>
+					<!-- ENDIF -->
+				</dt>
 			<!-- IF S_DROPDOWN -->
 				<dd><textarea id="lang_options" name="lang_options" rows="5" cols="80">{LANG_OPTIONS}</textarea></dd>
 			<!-- ELSE -->
@@ -182,7 +188,8 @@
 	
 	<fieldset class="quick">
 		<input class="small" type="text" name="field_ident" /> <select name="field_type">{S_TYPE_OPTIONS}</select>
-		<input class="button1" type="submit" name="create" value="{L_CREATE_NEW_FIELD}" />
+		<input class="button1" type="submit" name="submit" value="{L_CREATE_NEW_FIELD}" />
+		<input type="hidden" name="create" value="1" />
 	</fieldset>
 
 	</form>

phpBB/adm/style/acp_styles.html

@@ -78,7 +78,7 @@
 				<td class="row1" colspan="2" align="center">
 					<table width="100%" cellspacing="2" cellpadding="2" border="0">
 					<tr>
-						<td width="50%" align="center"><img src="<!-- IF IMAGE_REQUEST neq '' -->{IMAGE_REQUEST}<!-- ELSE -->images/no_image.png<!-- ENDIF -->"/></td>
+						<td width="50%" align="center"><img src="<!-- IF IMAGE_REQUEST -->{IMAGE_REQUEST}<!-- ELSE -->images/no_image.png<!-- ENDIF -->"/></td>
 						<td width="50%" align="center"><img src="images/no_image.png" name="newimg" /></td>
 					</tr>
 					<tr>
@@ -94,7 +94,7 @@
 			</tr>
 			<tr>
 				<td class="row1" width="40%"><b>{L_IMAGE}: </b></td>
-				<td class="row2"><select name="imgpath" onchange="update_image(this.options[selectedIndex].value);"><option value=""<!-- IF not IMAGE_SELECT--> selected="selected"<!-- ENDIF -->>{L_NONE}</option>
+				<td class="row2"><select name="imgpath" onchange="update_image(this.options[selectedIndex].value);"><option value=""<!-- IF not IMAGE_SELECT--> selected="selected"<!-- ENDIF -->>{L_NO_IMAGE}</option>
 					<!-- BEGIN imagesetlist -->
 					<option class="sep" value=""><!-- IF imagesetlist.TYPE -->{L_LOCALISED_IMAGES}<!-- ELSE -->{L_GLOBAL_IMAGES}<!-- ENDIF --></option>
 						<!-- BEGIN images -->
@@ -506,15 +506,16 @@
 
 	<p>{L_EXPLAIN}</p>
 
-	<!-- IF S_STYLE --> <!-- DEFINE $COLSPAN = 4 --> <!-- ELSE --> <!-- DEFINE $COLSPAN = 3 --> <!-- ENDIF -->
+	<!-- IF S_STYLE --> <!-- DEFINE $COLSPAN = 5 --> <!-- ELSE --> <!-- DEFINE $COLSPAN = 4 --> <!-- ENDIF -->
 
 	<table cellspacing="1">
-		<col class="row1" /><!-- IF S_STYLE --><col class="row1" /><!-- ENDIF --><col class="row2" />
+		<col class="row1" /><!-- IF S_STYLE --><col class="row1" /><!-- ENDIF --><col class="row2" /><col class="row2" />
 	<thead>
 	<tr>
 		<th>{L_NAME}</th>
 		<!-- IF S_STYLE --><th>{L_STYLE_USED_BY}</th><!-- ENDIF -->
 		<th>{L_OPTIONS}</th>
+		<th>{L_ACTIONS}</th>
 	</tr>
 	</thead>
 	<tbody>
@@ -523,15 +524,18 @@
 	</tr>
 	<!-- BEGIN installed -->
 	<tr>
-		<td><a href="{installed.U_EDIT}">{installed.NAME}</a><!-- IF installed.S_DEFAULT_STYLE --> *<!-- ENDIF --></td>
+		<td><strong>{installed.NAME}</strong></a><!-- IF installed.S_DEFAULT_STYLE --> *<!-- ENDIF --></td>
 		<!-- IF S_STYLE -->
 			<td style="text-align: center;">{installed.STYLE_COUNT}</td>
 		<!-- ENDIF -->
+		<td style="text-align: center;">
+			{installed.S_OPTIONS}
+		</td>
 		<td style="text-align: center;">
 			<!-- IF S_STYLE -->
 				<a href="{installed.U_STYLE_ACT_DEACT}">{installed.L_STYLE_ACT_DEACT}</a> |
 			<!-- ENDIF -->
-			{installed.S_OPTIONS}
+			{installed.S_ACTIONS}
 			<!-- IF S_STYLE -->
 				| <a href="{installed.U_PREVIEW}" onclick="this.target='_preview';">{L_PREVIEW}</a>
 			<!-- ENDIF -->
@@ -548,7 +552,7 @@
 	<!-- BEGIN uninstalled -->
 		<tr>
 			<td<!-- IF S_STYLE --> colspan="2"<!-- ENDIF -->><b>{uninstalled.NAME}</b><br /><span>{L_COPYRIGHT}: {uninstalled.COPYRIGHT}</span></td>
-			<td style="text-align: center;"><a href="{uninstalled.U_INSTALL}">{L_INSTALL}</a></td>
+			<td style="text-align: center;" colspan="2"><a href="{uninstalled.U_INSTALL}">{L_INSTALL}</a></td>
 		</tr>
 	<!-- END uninstalled -->
 	</tbody>

phpBB/adm/style/acp_users.html

@@ -101,6 +101,10 @@
 		<dt><label>{L_LAST_ACTIVE}:</label></dt>
 		<dd><strong>{USER_LASTACTIVE}</strong></dd>
 	</dl>
+	<dl>
+		<dt><label>{L_POSTS}:</label></dt>
+		<dd><strong>{USER_POSTS}</strong></dd>
+	</dl>
 	<dl>
 		<dt><label for="user_founder">{L_FOUNDER}:</label><br /><span>{L_FOUNDER_EXPLAIN}</span></dt>
 		<dd><input type="radio" class="radio" name="user_founder" value="1"<!-- IF S_USER_FOUNDER --> id="user_founder" checked="checked"<!-- ENDIF --><!-- IF not S_FOUNDER --> disabled="disabled"<!-- ENDIF --> />&nbsp;{L_YES}&nbsp; <input type="radio" class="radio" name="user_founder" value="0"<!-- IF not S_USER_FOUNDER --> id="user_founder" checked="checked"<!-- ENDIF --><!-- IF not S_FOUNDER --> disabled="disabled"<!-- ENDIF --> />&nbsp;{L_NO}&nbsp;</dd>
@@ -134,11 +138,13 @@
 		<dt><label for="quicktools">{L_QUICK_TOOLS}:</label></dt>
 		<dd><select id="quicktools" name="action">{S_ACTION_OPTIONS}</select></dd>
 	</dl>
-	<dl>
-		<dt><label for="delete_user">{L_DELETE_USER}:</label><br /><span>{L_DELETE_USER_EXPLAIN}</span></dt>
-		<dd><input type="checkbox" class="radio" name="delete" value="1" /></dd>
-		<dd><select id="delete_user" name="delete_type"><option value="retain">{L_RETAIN_POSTS}</option><option value="remove">{L_DELETE_POSTS}</option></select></dd>
-	</dl>
+		<!-- IF not S_OWN_ACCOUNT -->
+			<dl>
+				<dt><label for="delete_user">{L_DELETE_USER}:</label><br /><span>{L_DELETE_USER_EXPLAIN}</span></dt>
+				<dd><input type="checkbox" class="radio" name="delete" value="1" /></dd>
+				<dd><select id="delete_user" name="delete_type"><option value="retain">{L_RETAIN_POSTS}</option><option value="remove">{L_DELETE_POSTS}</option></select></dd>
+			</dl>
+		<!-- ENDIF -->
 	<!-- ENDIF -->
 	</fieldset>
 
@@ -340,7 +346,7 @@
 	</dl>
 	<dl> 
 		<dt><label for="tz">{L_BOARD_TIMEZONE}:</label></dt>
-		<dd><select id="tz" name="tz">{S_TZ_OPTIONS}</select></dd>
+		<dd><select id="tz" name="tz" style="width: 100%;">{S_TZ_OPTIONS}</select></dd>
 	</dl>
 	<dl> 
 		<dt><label for="dst">{L_BOARD_DST}:</label></dt>
@@ -537,7 +543,7 @@
 
 	// Define the bbCode tags
 	bbcode = new Array();
-	bbtags = new Array('[b]','[/b]','[i]','[/i]','[u]','[/u]','[quote]','[/quote]','[code]','[/code]','[list]','[/list]','[list=]','[/list]','[img]','[/img]','[url]','[/url]');
+	bbtags = new Array('[b]','[/b]','[i]','[/i]','[u]','[/u]','[quote]','[/quote]','[code]','[/code]','[list]','[/list]','[list=]','[/list]','[img]','[/img]','[url]','[/url]','[flash=]', '[/flash]','[size=]','[/size]'<!-- BEGIN custom_tags -->, {custom_tags.BBCODE_NAME}<!-- END custom_tags -->);
 	imageTag = false;
 
 	// Helpline messages
@@ -554,6 +560,8 @@
 	s_help = "{LA_BBCODE_S_HELP}";
 	f_help = "{LA_BBCODE_F_HELP}";
 	e_help = "{LA_BBCODE_E_HELP}";
+	d_help = "{LA_BBCODE_D_HELP}";
+	<!-- BEGIN custom_tags -->cb_{custom_tags.BBCODE_ID}_help = "{custom_tags.BBCODE_HELPLINE}";<!-- END custom_tags -->
 
 	//-->
 	</script>
@@ -572,15 +580,17 @@
 		<legend>{L_SIGNATURE}</legend>
 		<p>{L_SIGNATURE_EXPLAIN}</p>
 		<div id="format-buttons">
-			<input class="button2" type="button" accesskey="b" name="addbbcode0" value=" B " style="font-weight:bold; width: 30px" onclick="bbstyle(0)" onmouseover="helpline('b')" />
-			<input class="button2" type="button" accesskey="i" name="addbbcode2" value=" i " style="font-style:italic; width: 30px" onclick="bbstyle(2)" onmouseover="helpline('i')" />
-			<input class="button2" type="button" accesskey="u" name="addbbcode4" value=" u " style="text-decoration: underline; width: 30px" onclick="bbstyle(4)" onmouseover="helpline('u')" />
-			<input class="button2" type="button" accesskey="q" name="addbbcode6" value="Quote" style="width: 50px" onclick="bbstyle(6)" onmouseover="helpline('q')" />
-			<input class="button2" type="button" accesskey="c" name="addbbcode8" value="Code" style="width: 40px" onclick="bbstyle(8)" onmouseover="helpline('c')" />
-			<input class="button2" type="button" accesskey="l" name="addbbcode10" value="List" style="width: 40px" onclick="bbstyle(10)" onmouseover="helpline('l')" />
-			<input class="button2" type="button" accesskey="o" name="addbbcode12" value="List=" style="width: 40px" onclick="bbstyle(12)" onmouseover="helpline('o')" />
-			<input class="button2" type="button" accesskey="p" name="addbbcode14" value="Img" style="width: 40px"  onclick="bbstyle(14)" onmouseover="helpline('p')" />
-			<input class="button2" type="button" accesskey="w" name="addbbcode16" value="URL" style="text-decoration: underline; width: 40px" onclick="bbstyle(16)" onmouseover="helpline('w')" />
+			<input type="button" class="button2" accesskey="b" name="addbbcode0" value=" B " style="font-weight:bold; width: 30px;" onclick="bbstyle(0)" onmouseover="helpline('b')" />
+			<input type="button" class="button2" accesskey="i" name="addbbcode2" value=" i " style="font-style:italic; width: 30px;" onclick="bbstyle(2)" onmouseover="helpline('i')" />
+			<input type="button" class="button2" accesskey="u" name="addbbcode4" value=" u " style="text-decoration: underline; width: 30px;" onclick="bbstyle(4)" onmouseover="helpline('u')" />
+			<input type="button" class="button2" accesskey="q" name="addbbcode6" value="Quote" style="width: 50px" onclick="bbstyle(6)" onmouseover="helpline('q')" />
+			<input type="button" class="button2" accesskey="c" name="addbbcode8" value="Code" style="width: 40px" onclick="bbstyle(8)" onmouseover="helpline('c')" />
+			<input type="button" class="button2" accesskey="l" name="addbbcode10" value="List" style="width: 40px" onclick="bbstyle(10)" onmouseover="helpline('l')" />
+			<input type="button" class="button2" accesskey="o" name="addbbcode12" value="List=" style="width: 40px" onclick="bbstyle(12)" onmouseover="helpline('o')" />
+			<!-- IF S_BBCODE_IMG --><input type="button" class="button2" accesskey="p" name="addbbcode14" value="Img" style="width: 40px"  onclick="bbstyle(14)" onmouseover="helpline('p')" /><!-- ENDIF -->
+			<input type="button" class="button2" accesskey="w" name="addbbcode16" value="URL" style="text-decoration: underline; width: 40px" onclick="bbstyle(16)" onmouseover="helpline('w')" onmouseover="helpline('d')" />
+			<!-- IF S_BBCODE_FLASH --><input type="button" class="button2" accesskey="d" name="addbbcode18" value="Flash" onclick="bbstyle(18)" onmouseover="helpline('d')" /><!-- ENDIF -->
+
 			{L_FONT_SIZE}: <select name="addbbcode20" onchange="bbfontstyle('[size=' + this.form.addbbcode20.options[this.form.addbbcode20.selectedIndex].value + ']', '[/size]');this.form.addbbcode20.selectedIndex = 2;" onmouseover="helpline('f')">
 				<option value="7">{L_FONT_TINY}</option>
 				<option value="9">{L_FONT_SMALL}</option>
@@ -589,6 +599,13 @@
 				<option  value="24">{L_FONT_HUGE}</option>
 			</select>
 			<a href="javascript:bbstyle(-1)" onmouseover="helpline('a')">{L_CLOSE_TAGS}</a>
+		<!-- IF .custom_tags -->
+			<br /><br />
+			<!-- BEGIN custom_tags -->
+				<input type="button" class="button2" name="addbbcode{custom_tags.BBCODE_ID}" value="{custom_tags.BBCODE_TAG}" onclick="bbstyle({custom_tags.BBCODE_ID})"<!-- IF custom_tags.BBCODE_HELPLINE !== '' --> onmouseover="helpline('cb_{custom_tags.BBCODE_ID}')"<!-- ENDIF --> />
+			<!-- END custom_tags -->
+		<!-- ENDIF -->
+
 		</div>
 		<p><input type="text" name="helpbox" value="{L_STYLES_TIP}" class="full" style="border: 0; background: none;" /></p>
 	<dl>

phpBB/adm/style/acp_words.html

@@ -38,6 +38,15 @@
 
 	<p>{L_ACP_WORDS_EXPLAIN}</p>
 
+	<form id="acp_words" method="post" action="{U_ACTION}">
+
+	<fieldset class="quick">
+		{S_HIDDEN_FIELDS}
+		<input class="button2" name="add" type="submit" value="{L_ADD_WORD}" />
+	</fieldset>
+
+	</form>
+
 	<table cellspacing="1">
 	<thead>
 	<tr>
@@ -58,15 +67,6 @@
 	</tbody>
 	</table>
 
-	<form id="acp_words" method="post" action="{U_ACTION}">
-
-	<fieldset class="quick">
-		{S_HIDDEN_FIELDS}
-		<input class="button2" name="add" type="submit" value="{L_ADD_WORD}" />
-	</fieldset>
-
-	</form>
-
 <!-- ENDIF -->
 
 <!-- INCLUDE overall_footer.html -->

phpBB/adm/style/admin.css

@@ -851,12 +851,12 @@ table.pmask td.name {
 	background-color: #40C53D;
 }
 
-.permissions td.no {
+.permissions td.never {
 	width: 20px;
 	background-color: #EC7181;
 }
 
-.permissions td.unset {
+.permissions td.no {
 	width: 20px;
 	background-color: transparent;
 }
@@ -889,11 +889,11 @@ table.pmask td.name {
 	background: #DAE4EC url("../images/bg_hash2.gif") repeat;
 }
 
-.preset_no {
+.preset_never {
 	background: #ECD7DA url("../images/bg_hash3.gif") repeat;
 }
 
-.preset_unset {
+.preset_no {
 	background: #ECD7DA url("../images/bg_hash4.gif") repeat;
 }
 

phpBB/adm/style/install_header.html

@@ -16,6 +16,14 @@
 <div id="wrap">
 	<div id="page-header">
 		<h1>{L_INSTALL_PANEL}</h1>
+		<!-- IF S_LANG_SELECT -->
+		<br />
+		<form method="post">
+			<label for="language">{L_SELECT_LANG}:</label>
+			{S_LANG_SELECT}
+			<input class="button1" type="submit" id="change_lang" name="change_lang" value="{L_CHANGE}" />
+		</form>
+		<!-- ENDIF -->
 	</div>
 	
 	<div id="page-body">

phpBB/adm/style/overall_footer.html

@@ -19,8 +19,9 @@
 	<div id="page-footer">
 		<!-- IF S_COPYRIGHT_HTML -->
 			Powered by phpBB {VERSION} &copy; 2006 <a href="http://www.phpbb.com/">phpBB Group</a>
+			{L_TRANSLATION_INFO}
 		<!-- ENDIF -->
-	
+
 		<!-- IF DEBUG_OUTPUT -->
 			<!-- IF S_COPYRIGHT_HTML --><br /><!-- ENDIF -->
 			{DEBUG_OUTPUT}

phpBB/adm/style/permission_mask.html

@@ -115,7 +115,7 @@
 			return;
 		}
 
-		// Mark all options to unset first...
+		// Mark all options to no (unset) first...
 		mark_options(target_id, 'u');
 
 		for (var r in settings)
@@ -179,10 +179,10 @@
 		<!-- BEGIN category -->
 			<!-- IF p_mask.f_mask.category.S_YES -->
 				<td class="preset preset_yes">
+			<!-- ELSEIF p_mask.f_mask.category.S_NEVER -->
+				<td class="preset preset_never">
 			<!-- ELSEIF p_mask.f_mask.category.S_NO -->
 				<td class="preset preset_no">
-			<!-- ELSEIF p_mask.f_mask.category.S_UNSET -->
-				<td class="preset preset_unset">
 			<!-- ELSE -->
 				<td class="preset preset_custom">
 			<!-- ENDIF -->
@@ -200,8 +200,8 @@
 				<div style="float: right; text-align: right; width: 35%;">
 					<p class="small">
 						[<a href="javascript: mark_options('a_options{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}', 'y'); reset_role('role{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}');">{L_ALL_YES}</a>]<br />
-						[<a href="javascript: mark_options('a_options{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}', 'n'); reset_role('role{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}');">{L_ALL_NO}</a>]<br />
-						[<a href="javascript: mark_options('a_options{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}', 'u'); reset_role('role{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}');">{L_ALL_UNSET}</a>]
+						[<a href="javascript: mark_options('a_options{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}', 'n'); reset_role('role{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}');">{L_ALL_NEVER}</a>]<br />
+						[<a href="javascript: mark_options('a_options{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}', 'u'); reset_role('role{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}');">{L_ALL_NO}</a>]
 					</p>
 				</div>
 			<!-- ELSE -->
@@ -218,11 +218,11 @@
 					<th scope="col" style="text-align: left; padding-left: 0;"><strong>{L_ACL_SETTING} [{p_mask.f_mask.category.CAT_NAME}]</strong></th>
 				<!-- IF p_mask.S_VIEW -->
 					<th scope="col">{L_ACL_YES}</th>
-					<th scope="col">{L_ACL_NO}</th>
+					<th scope="col">{L_ACL_NEVER}</th>
 				<!-- ELSE -->
 					<th scope="col"><a href="javascript: mark_options('options{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}{p_mask.f_mask.category.S_ROW_COUNT}', 'y'); reset_role('role{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}');">{L_ACL_YES}</a></th>
-					<th scope="col"><a href="javascript: mark_options('options{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}{p_mask.f_mask.category.S_ROW_COUNT}', 'u'); reset_role('role{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}');">{L_ACL_UNSET}</a></th>
-					<th scope="col"><a href="javascript: mark_options('options{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}{p_mask.f_mask.category.S_ROW_COUNT}', 'n'); reset_role('role{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}');">{L_ACL_NO}</a></th>
+					<th scope="col"><a href="javascript: mark_options('options{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}{p_mask.f_mask.category.S_ROW_COUNT}', 'u'); reset_role('role{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}');">{L_ACL_NO}</a></th>
+					<th scope="col"><a href="javascript: mark_options('options{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}{p_mask.f_mask.category.S_ROW_COUNT}', 'n'); reset_role('role{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}');">{L_ACL_NEVER}</a></th>
 				<!-- ENDIF -->
 				</tr>
 				</thead>
@@ -231,12 +231,12 @@
 					<!-- IF p_mask.f_mask.category.mask.S_ROW_COUNT is even --><tr class="row4"><!-- ELSE --><tr class="row3"><!-- ENDIF -->
 					<th><!-- IF p_mask.f_mask.category.mask.U_TRACE --><a href="#" onclick="javascript:trace('{p_mask.f_mask.category.mask.U_TRACE}')" title="{L_TRACE_SETTING}"><img src="images/icon_trace.gif" alt="{L_TRACE_SETTING}" /></a> <!-- ENDIF -->{p_mask.f_mask.category.mask.PERMISSION}</th>
 					<!-- IF p_mask.S_VIEW -->
-						<td<!-- IF p_mask.f_mask.category.mask.S_YES --> class="yes"<!-- ELSE --> class="unset"<!-- ENDIF -->>&nbsp;</td>
-						<td<!-- IF p_mask.f_mask.category.mask.S_NO --> class="no"<!-- ELSE --> class="unset"<!-- ENDIF -->>&nbsp;</td>
+						<td<!-- IF p_mask.f_mask.category.mask.S_YES --> class="yes"<!-- ELSE --> class="no"<!-- ENDIF -->>&nbsp;</td>
+						<td<!-- IF p_mask.f_mask.category.mask.S_NEVER --> class="never"<!-- ELSE --> class="no"<!-- ENDIF -->>&nbsp;</td>
 					<!-- ELSE -->
-						<td class="unset"><input onchange="reset_role('role{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}')" id="{p_mask.f_mask.category.mask.S_FIELD_NAME}_y" name="{p_mask.f_mask.category.mask.S_FIELD_NAME}" class="radio" type="radio"<!-- IF p_mask.f_mask.category.mask.S_YES --> checked="checked"<!-- ENDIF --> value="1" /></td>
-						<td class="unset"><input onchange="reset_role('role{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}')" id="{p_mask.f_mask.category.mask.S_FIELD_NAME}_u" name="{p_mask.f_mask.category.mask.S_FIELD_NAME}" class="radio" type="radio"<!-- IF p_mask.f_mask.category.mask.S_UNSET --> checked="checked"<!-- ENDIF --> value="-1" /></td>
-						<td class="unset"><input onchange="reset_role('role{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}')" id="{p_mask.f_mask.category.mask.S_FIELD_NAME}_n" name="{p_mask.f_mask.category.mask.S_FIELD_NAME}" class="radio" type="radio"<!-- IF p_mask.f_mask.category.mask.S_NO --> checked="checked"<!-- ENDIF --> value="0" /></td>
+						<td class="no"><input onchange="reset_role('role{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}')" id="{p_mask.f_mask.category.mask.S_FIELD_NAME}_y" name="{p_mask.f_mask.category.mask.S_FIELD_NAME}" class="radio" type="radio"<!-- IF p_mask.f_mask.category.mask.S_YES --> checked="checked"<!-- ENDIF --> value="1" /></td>
+						<td class="no"><input onchange="reset_role('role{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}')" id="{p_mask.f_mask.category.mask.S_FIELD_NAME}_u" name="{p_mask.f_mask.category.mask.S_FIELD_NAME}" class="radio" type="radio"<!-- IF p_mask.f_mask.category.mask.S_NO --> checked="checked"<!-- ENDIF --> value="-1" /></td>
+						<td class="no"><input onchange="reset_role('role{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}')" id="{p_mask.f_mask.category.mask.S_FIELD_NAME}_n" name="{p_mask.f_mask.category.mask.S_FIELD_NAME}" class="radio" type="radio"<!-- IF p_mask.f_mask.category.mask.S_NEVER --> checked="checked"<!-- ENDIF --> value="0" /></td>
 					<!-- ENDIF -->
 				</tr>
 				<!-- END mask -->

phpBB/adm/style/permission_trace.html

@@ -22,20 +22,20 @@
 		<!-- IF trace.S_ROW_COUNT is even --><tr class="row4"><!-- ELSE --><tr class="row3"><!-- ENDIF -->
 		<td style="white-space: nowrap;"><strong>{trace.WHO}</strong></td>
 
-		<!-- IF trace.S_SETTING_NO -->
-			<td class="no">{L_ACL_NO}</td>
+		<!-- IF trace.S_SETTING_NEVER -->
+			<td class="never">{L_ACL_NEVER}</td>
 		<!-- ELSEIF trace.S_SETTING_YES -->
 			<td class="yes">{L_ACL_YES}</td>
 		<!-- ELSE -->
-			<td class="unset">{L_ACL_UNSET}</td>
+			<td class="no">{L_ACL_NO}</td>
 		<!-- ENDIF -->
 
-		<!-- IF trace.S_TOTAL_NO -->
-			<td class="no">{L_ACL_NO}</td>
+		<!-- IF trace.S_TOTAL_NEVER -->
+			<td class="never">{L_ACL_NEVER}</td>
 		<!-- ELSEIF trace.S_TOTAL_YES -->
 			<td class="yes">{L_ACL_YES}</td>
 		<!-- ELSE -->
-			<td class="unset">{L_ACL_UNSET}</td>
+			<td class="no">{L_ACL_NO}</td>
 		<!-- ENDIF -->
 
 		<td>{trace.INFORMATION}</td>

phpBB/adm/style/simple_footer.html

@@ -17,6 +17,7 @@
 
 	<!-- IF S_COPYRIGHT_HTML -->
 		<br />Powered by phpBB {VERSION} &copy; 2006 <a href="http://www.phpbb.com/">phpBB Group</a>
+		{TRANSLATION_INFO}
 	<!-- ENDIF -->
 
 	<!-- IF DEBUG_OUTPUT -->

phpBB/adm/swatch.php

@@ -36,13 +36,6 @@ $template->assign_vars(array(
 
 $template->display('body');
 
-// Unload cache, must be done before the DB connection if closed
-if (!empty($cache))
-{
-	$cache->unload();
-}
-
-// Close our DB connection.
-$db->sql_close();
+garbage_collection();
 
 ?>

phpBB/common.php

@@ -104,14 +104,40 @@ if (defined('IN_CRON'))
 
 if (!file_exists($phpbb_root_path . 'config.' . $phpEx))
 {
-	die("<p>The config.$phpEx file could not be found.</p><p><a href=\"$phpbb_root_path/install/index.$phpEx\">Click here to install phpBB</a></p>");
+	die("<p>The config.$phpEx file could not be found.</p><p><a href=\"{$phpbb_root_path}install/index.$phpEx\">Click here to install phpBB</a></p>");
 }
 
 require($phpbb_root_path . 'config.' . $phpEx);
 
 if (!defined('PHPBB_INSTALLED'))
 {
-	header('Location: install/index.' . $phpEx);
+	// Redirect the user to the installer
+	// We have to generate a full HTTP/1.1 header here since we can't guarantee to have any of the information
+	// available as used by the redirect function
+	$server_name = (!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME');
+	$server_port = (!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT');
+	$secure = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 1 : 0;
+
+	$script_name = (!empty($_SERVER['PHP_SELF'])) ? $_SERVER['PHP_SELF'] : getenv('PHP_SELF');
+	if (!$script_name)
+	{
+		$script_name = (!empty($_SERVER['REQUEST_URI'])) ? $_SERVER['REQUEST_URI'] : getenv('REQUEST_URI');
+	}
+
+	// Replace any number of consecutive backslashes and/or slashes with a single slash
+	// (could happen on some proxy setups and/or Windows servers)
+	$script_path = trim(dirname($script_name)) . '/install/index.' . $phpEx;
+	$script_path = preg_replace('#[\\\\/]{2,}#', '/', $script_path);
+
+	$url = (($secure) ? 'https://' : 'http://') . $server_name;
+
+	if ($server_port && (($secure && $server_port <> 443) || (!$secure && $server_port <> 80)))
+	{
+		$url .= ':' . $server_port;
+	}
+
+	$url .= $script_path;
+	header('Location: ' . $url);
 	exit;
 }
 
@@ -165,10 +191,11 @@ unset($dbpasswd);
 $config = $cache->obtain_config();
 $dss_seeded = false;
 
-// Warn about install/ directory
-if (file_exists($phpbb_root_path . 'install'))
+// Disable board if the install/ directory is still present
+if (file_exists($phpbb_root_path . 'install') && !defined('ADMIN_START'))
 {
-	trigger_error('REMOVE_INSTALL');
+	$message = (!empty($config['board_disable_msg'])) ? $config['board_disable_msg'] : 'BOARD_DISABLE';
+	trigger_error($message);
 }
 
 ?>

phpBB/develop/add_permissions.php

@@ -33,9 +33,9 @@ require($phpbb_root_path . 'includes/acm/acm_' . $acm_type . '.'.$phpEx);
 require($phpbb_root_path . 'includes/db/' . $dbms . '.'.$phpEx);
 include($phpbb_root_path . 'includes/functions.'.$phpEx);
 
-define('ACL_NO', 0);
+define('ACL_NEVER', 0);
 define('ACL_YES', 1);
-define('ACL_UNSET', -1);
+define('ACL_NO', -1);
 
 define('ACL_GROUPS_TABLE', $table_prefix.'acl_groups');
 define('ACL_OPTIONS_TABLE', $table_prefix.'acl_options');
@@ -212,14 +212,14 @@ foreach ($prefixes as $prefix)
 		
 			echo "<p><b>Adding $auth_option...</b></p>\n";
 
-			mass_auth('group', 0, 'guests', $auth_option, ACL_NO);
-			mass_auth('group', 0, 'inactive', $auth_option, ACL_NO);
-			mass_auth('group', 0, 'inactive_coppa', $auth_option, ACL_NO);
-			mass_auth('group', 0, 'registered_coppa', $auth_option, ACL_NO);
-			mass_auth('group', 0, 'registered', $auth_option, (($prefix != 'm_' && $prefix != 'a_') ? ACL_YES : ACL_NO));
-			mass_auth('group', 0, 'global_moderators', $auth_option, (($prefix != 'a_') ? ACL_YES : ACL_NO));
+			mass_auth('group', 0, 'guests', $auth_option, ACL_NEVER);
+			mass_auth('group', 0, 'inactive', $auth_option, ACL_NEVER);
+			mass_auth('group', 0, 'inactive_coppa', $auth_option, ACL_NEVER);
+			mass_auth('group', 0, 'registered_coppa', $auth_option, ACL_NEVER);
+			mass_auth('group', 0, 'registered', $auth_option, (($prefix != 'm_' && $prefix != 'a_') ? ACL_YES : ACL_NEVER));
+			mass_auth('group', 0, 'global_moderators', $auth_option, (($prefix != 'a_') ? ACL_YES : ACL_NEVER));
 			mass_auth('group', 0, 'administrators', $auth_option, ACL_YES);
-			mass_auth('group', 0, 'bots', $auth_option, (($prefix != 'm_' && $prefix != 'a_') ? ACL_YES : ACL_NO));
+			mass_auth('group', 0, 'bots', $auth_option, (($prefix != 'm_' && $prefix != 'a_') ? ACL_YES : ACL_NEVER));
 		}
 	}
 }
@@ -236,7 +236,7 @@ echo "<p><b>Done</b></p>\n";
 	$forum_id = forum ids (array|int|0) -> 0 == all forums
 	$ug_id = [int] user_id|group_id : [string] usergroup name
 	$acl_list = [string] acl entry : [array] acl entries
-	$setting = ACL_YES|ACL_NO|ACL_UNSET
+	$setting = ACL_YES|ACL_NEVER|ACL_NO
 */
 function mass_auth($ug_type, $forum_id, $ug_id, $acl_list, $setting)
 {
@@ -337,7 +337,7 @@ function mass_auth($ug_type, $forum_id, $ug_id, $acl_list, $setting)
 
 			switch ($setting)
 			{
-				case ACL_UNSET:
+				case ACL_NO:
 					if (isset($cur_auth[$forum][$auth_option_id]))
 					{
 						$sql_ary['delete'][] = "DELETE FROM $table 

phpBB/develop/generate_utf_tables.php

@@ -0,0 +1,559 @@
+<?php
+/** 
+*
+* @package phpBB3
+* @version $Id$
+* @copyright (c) 2005 phpBB Group 
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License 
+*
+*/
+
+if (php_sapi_name() != 'cli')
+{
+	die("This program must be run from the command line.\n");
+}
+
+set_time_limit(0);
+
+define('IN_PHPBB', true);
+$phpbb_root_path = '../';
+$phpEx = substr(strrchr(__FILE__, '.'), 1);
+
+echo "Checking for required files\n";
+download('http://www.unicode.org/Public/UNIDATA/CompositionExclusions.txt');
+download('http://www.unicode.org/Public/UNIDATA/DerivedNormalizationProps.txt');
+download('http://www.unicode.org/Public/UNIDATA/UnicodeData.txt');
+echo "\n";
+
+require_once($phpbb_root_path . 'includes/utf/utf_normalizer.' . $phpEx);
+$file_contents = array();
+
+/**
+* Generate some Hangul/Jamo stuff
+*/
+echo "\nGenerating Hangul and Jamo tables\n";
+for ($i = 0; $i < UNICODE_HANGUL_LCOUNT; ++$i)
+{
+	$utf_char = cp_to_utf(UNICODE_HANGUL_LBASE + $i);
+	$file_contents['utf_normalizer_common']['utf_jamo_index'][$utf_char] = $i * UNICODE_HANGUL_VCOUNT * UNICODE_HANGUL_TCOUNT + UNICODE_HANGUL_SBASE;
+	$file_contents['utf_normalizer_common']['utf_jamo_type'][$utf_char] = UNICODE_JAMO_L;
+}
+
+for ($i = 0; $i < UNICODE_HANGUL_VCOUNT; ++$i)
+{
+	$utf_char = cp_to_utf(UNICODE_HANGUL_VBASE + $i);
+	$file_contents['utf_normalizer_common']['utf_jamo_index'][$utf_char] = $i * UNICODE_HANGUL_TCOUNT;
+	$file_contents['utf_normalizer_common']['utf_jamo_type'][$utf_char] = UNICODE_JAMO_V;
+}
+
+for ($i = 0; $i < UNICODE_HANGUL_TCOUNT; ++$i)
+{
+	$utf_char = cp_to_utf(UNICODE_HANGUL_TBASE + $i);
+	$file_contents['utf_normalizer_common']['utf_jamo_index'][$utf_char] = $i;
+	$file_contents['utf_normalizer_common']['utf_jamo_type'][$utf_char] = UNICODE_JAMO_T;
+}
+
+/**
+* Load the CompositionExclusions table
+*/
+echo "Loading CompositionExclusion\n";
+$fp = fopen('CompositionExclusions.txt', 'rt');
+
+$exclude = array();
+while (!feof($fp))
+{
+	$line = fgets($fp, 1024);
+
+	if (!strpos(' 0123456789ABCDEFabcdef', $line[0]))
+	{
+		continue;
+	}
+
+	$cp = strtok($line, ' ');
+
+	if ($pos = strpos($cp, '..'))
+	{
+		$start = hexdec(substr($cp, 0, $pos));
+		$end = hexdec(substr($cp, $pos + 2));
+
+		for ($i = $start; $i < $end; ++$i)
+		{
+			$exclude[$i] = 1;
+		}
+	}
+	else
+	{
+		$exclude[hexdec($cp)] = 1;
+	}
+}
+fclose($fp);
+
+/**
+* Load QuickCheck tables
+*/
+echo "Generating QuickCheck tables\n";
+$fp = fopen('DerivedNormalizationProps.txt', 'rt');
+
+while (!feof($fp))
+{
+	$line = fgets($fp, 1024);
+
+	if (!strpos(' 0123456789ABCDEFabcdef', $line[0]))
+	{
+		continue;
+	}
+
+	$p = array_map('trim', explode(';', strtok($line, '#')));
+
+	/**
+	* Capture only NFC_QC, NFKC_QC
+	*/
+	if (!preg_match('#^NFK?C_QC$#', $p[1]))
+	{
+		continue;
+	}
+
+	if ($pos = strpos($p[0], '..'))
+	{
+		$start = hexdec(substr($p[0], 0, $pos));
+		$end = hexdec(substr($p[0], $pos + 2));
+	}
+	else
+	{
+		$start = $end = hexdec($p[0]);
+	}
+
+	if ($start >= UTF8_HANGUL_FIRST && $end <= UTF8_HANGUL_LAST)
+	{
+		/**
+		* We do not store Hangul syllables in the array
+		*/
+		continue;
+	}
+
+	if ($p[2] == 'M')
+	{
+		$val = UNICODE_QC_MAYBE;
+	}
+	else
+	{
+		$val = UNICODE_QC_NO;
+	}
+
+	if ($p[1] == 'NFKC_QC')
+	{
+		$file = 'utf_nfkc_qc';
+	}
+	else
+	{
+		$file = 'utf_nfc_qc';
+	}
+
+	for ($i = $start; $i <= $end; ++$i)
+	{
+		/**
+		* The vars have the same name as the file: $utf_nfc_qc is in utf_nfc_qc.php
+		*/
+		$file_contents[$file][$file][cp_to_utf($i)] = $val;
+	}
+}
+fclose($fp);
+
+/**
+* Do mappings
+*/
+echo "Loading Unicode decomposition mappings\n";
+$fp = fopen($phpbb_root_path . 'develop/UnicodeData.txt', 'rt');
+
+$map = array();
+while (!feof($fp))
+{
+	$p = explode(';', fgets($fp, 1024));
+	$cp = hexdec($p[0]);
+
+	if (!empty($p[3]))
+	{
+		/**
+		* Store combining class > 0
+		*/
+		$file_contents['utf_normalizer_common']['utf_combining_class'][cp_to_utf($cp)] = (int) $p[3];
+	}
+
+	if (!isset($p[5]) || !preg_match_all('#[0-9A-F]+#', strip_tags($p[5]), $m))
+	{
+		continue;
+	}
+
+	if (strpos($p[5], '>'))
+	{
+		$map['NFKD'][$cp] = implode(' ', array_map('hexdec', $m[0]));
+	}
+	else
+	{
+		$map['NFD'][$cp] = $map['NFKD'][$cp] = implode(' ', array_map('hexdec', $m[0]));
+	}
+}
+fclose($fp);
+
+/**
+* Build the canonical composition table
+*/
+echo "Generating the Canonical Composition table\n";
+foreach ($map['NFD'] as $cp => $decomp_seq)
+{
+	if (!strpos($decomp_seq, ' ') || isset($exclude[$cp]))
+	{
+		/**
+		* Singletons are excluded from canonical composition
+		*/
+		continue;
+	}
+
+	$utf_seq = implode('', array_map('cp_to_utf', explode(' ', $decomp_seq)));
+
+	if (!isset($file_contents['utf_canonical_comp']['utf_canonical_comp'][$utf_seq]))
+	{
+		$file_contents['utf_canonical_comp']['utf_canonical_comp'][$utf_seq] = cp_to_utf($cp);
+	}
+}
+
+/**
+* Decompose the NF[K]D mappings recursively and prepare the file contents
+*/
+echo "Generating the Canonical and Compatibility Decomposition tables\n\n";
+foreach ($map as $type => $decomp_map)
+{
+	foreach ($decomp_map as $cp => $decomp_seq)
+	{
+		$decomp_map[$cp] = decompose($decomp_map, $decomp_seq);
+	}
+	unset($decomp_seq);
+
+	if ($type == 'NFKD')
+	{
+		$file = 'utf_compatibility_decomp';
+		$var = 'utf_compatibility_decomp';
+	}
+	else
+	{
+		$file = 'utf_canonical_decomp';
+		$var = 'utf_canonical_decomp';
+	}
+
+	/**
+	* Generate the corresponding file
+	*/
+	foreach ($decomp_map as $cp => $decomp_seq)
+	{
+		$file_contents[$file][$var][cp_to_utf($cp)] = implode('', array_map('cp_to_utf', explode(' ', $decomp_seq)));
+	}
+}
+
+/**
+* Generate and/or alter the files
+*/
+foreach ($file_contents as $file => $contents)
+{
+	/**
+	* Generate a new file
+	*/
+	echo "Writing to $file.$phpEx\n";
+
+	if (!$fp = fopen($phpbb_root_path . 'includes/utf/data/' . $file . '.' . $phpEx, 'wb'))
+	{
+		trigger_error('Cannot open ' . $file . ' for write');
+	}
+
+	fwrite($fp, '<?php');
+	foreach ($contents as $var => $val)
+	{
+		fwrite($fp, "\n\$GLOBALS[" . my_var_export($var) . ']=' . my_var_export($val) . ";");
+	}
+	fclose($fp);
+}
+
+echo "\n*** UTF-8 normalization tables done\n\n";
+
+/**
+* Now we'll generate the files needed by the search indexer
+*/
+echo "Generating search indexer tables\n";
+
+$fp = fopen($phpbb_root_path . 'develop/UnicodeData.txt', 'rt');
+
+$map = array();
+while ($line = fgets($fp, 1024))
+{
+	/**
+	* The current line is split, $m[0] hold the codepoint in hexadecimal and
+	* all other fields numbered as in http://www.unicode.org/Public/UNIDATA/UCD.html#UnicodeData.txt
+	*/
+	$m = explode(';', $line);
+
+	/**
+	* @var	integer	$cp			Current char codepoint
+	* @var	string	$utf_char	UTF-8 representation of current char
+	*/
+	$cp = hexdec($m[0]);
+	$utf_char = cp_to_utf($cp);
+
+	/**
+	* $m[2] holds the "General Category" of the character
+	* @link http://www.unicode.org/Public/UNIDATA/UCD.html#General_Category_Values
+	*/
+	switch ($m[2][0])
+	{
+		case 'L':
+			/**
+			* We allow all letters and map them to their lowercased counterpart on the fly
+			*/
+			$map_to_hex = (isset($m[13][0])) ? $m[13] : $m[0];
+
+			if (preg_match('#^LATIN.*(?:LETTER|LIGATURE) ([A-Z]{2}(?![A-Z]))$#', $m[1], $capture))
+			{
+				/**
+				* Special hack for some latin ligatures. Using the name of a character
+				* is bad practice, but for now it works well enough.
+				*
+				* @todo Note that ligatures with combining marks such as U+01E2 are
+				* not supported at this time
+				*/
+				$map[$cp] = strtolower($capture[1]);
+			}
+			elseif (isset($m[13][0]))
+			{
+				/**
+				* If the letter has a lowercased form, use it
+				*/
+				$map[$cp] = hex_to_utf($m[13]);
+			}
+			else
+			{
+				/**
+				* In all other cases, map the letter to itself
+				*/
+				$map[$cp] = $utf_char;
+			}
+			break;
+
+		case 'M':
+			/**
+			* We allow all marks, they are mapped to themselves
+			*/
+			$map[$cp] = $utf_char;
+			break;
+
+		case 'N':
+			/**
+			* We allow all numbers, but we map them to their numeric value whenever
+			* possible. The numeric value (field #8) is in ASCII already
+			*
+			* @todo Note that fractions such as U+00BD will be converted to something
+			* like "1/2", with a slash. However, "1/2" entered in ASCII is converted
+			* to "1 2". This will have to be fixed.
+			*/
+			$map[$cp] = (isset($m[8][0])) ? $m[8] : $utf_char;
+			break;
+
+		default:
+			/**
+			* Everything else is ignored, skip to the next line
+			*/
+			continue 2;
+	}
+}
+fclose($fp);
+
+/**
+* Add some cheating
+*/
+$cheats = array(
+	'00DF'	=>	'ss',		#	German sharp S
+	'00D6'	=>	'oe',		#	Capital O with diaeresis
+	'00F6'	=>	'oe',		#	Small O with diaeresis
+);
+
+/**
+* Add our "cheat replacements" to the map
+*/
+foreach ($cheats as $hex => $map_to)
+{
+	$map[hexdec($hex)] = $map_to;
+}
+
+/**
+* Split the map into smaller blocks
+*/
+$file_contents = array();
+foreach ($map as $cp => $map_to)
+{
+	$file_contents[$cp >> 11][cp_to_utf($cp)] = $map_to;
+}
+unset($map);
+
+foreach ($file_contents as $idx => $contents)
+{
+	echo "Writing to search_indexer_$idx.$phpEx\n";
+	$fp = fopen($phpbb_root_path . 'includes/utf/data/search_indexer_' . $idx . '.' . $phpEx, 'wb');
+	fwrite($fp, '<?php return ' . my_var_export($contents) . ';');
+	fclose($fp);
+}
+echo "\n*** Search indexer tables done\n\n";
+
+
+die("\nAll done!\n");
+
+
+////////////////////////////////////////////////////////////////////////////////
+//                             Internal functions                             //
+////////////////////////////////////////////////////////////////////////////////
+
+/**
+* Decompose a sequence recusively
+*
+* @param	array	$decomp_map	Decomposition mapping, passed by reference
+* @param	string	$decomp_seq	Decomposition sequence as decimal codepoints separated with a space
+* @return	string				Decomposition sequence, fully decomposed
+*/
+function decompose(&$decomp_map, $decomp_seq)
+{
+	$ret = array();
+	foreach (explode(' ', $decomp_seq) as $cp)
+	{
+		if (isset($decomp_map[$cp]))
+		{
+			$ret[] = decompose($decomp_map, $decomp_map[$cp]);
+		}
+		else
+		{
+			$ret[] = $cp;
+		}
+	}
+
+	return implode(' ', $ret);
+}
+
+
+/**
+* Return a parsable string representation of a variable
+*
+* This is function is limited to array/strings/integers
+*
+* @param	mixed	$var		Variable
+* @return	string				PHP code representing the variable
+*/
+function my_var_export($var)
+{
+	if (is_array($var))
+	{
+		$lines = array();
+
+		foreach ($var as $k => $v)
+		{
+			$lines[] = my_var_export($k) . '=>' . my_var_export($v);
+		}
+
+		return 'array(' . implode(',', $lines) . ')';
+	}
+	elseif (is_string($var))
+	{
+		return "'" . str_replace(array('\\', "'"), array('\\\\', "\\'"), $var) . "'";
+	}
+	else
+	{
+		return $var;
+	}
+}
+
+/**
+* Download a file to the develop/ dir
+*
+* @param	string	$url		URL of the file to download
+* @return	void
+*/
+function download($url)
+{
+	global $phpbb_root_path;
+
+	if (file_exists($phpbb_root_path . 'develop/' . basename($url)))
+	{
+		return;
+	}
+
+	echo 'Downloading from ', $url, ' ';
+
+	if (!$fpr = fopen($url, 'rb'))
+	{
+		die("Can't download from $url\nPlease download it yourself and put it in the develop/ dir, kthxbai");
+	}
+
+	if (!$fpw = fopen($phpbb_root_path . 'develop/' . basename($url), 'wb'))
+	{
+		die("Can't open develop/" . basename($url) . " for output... please check your permissions or something");
+	}
+
+	$i = 0;
+	$chunk = 32768;
+	$done = '';
+
+	while (!feof($fpr))
+	{
+		$i += fwrite($fpw, fread($fpr, $chunk));
+		echo str_repeat("\x08", strlen($done));
+
+		$done = ($i >> 10) . ' KiB';
+		echo $done;
+	}
+	fclose($fpr);
+	fclose($fpw);
+
+	echo "\n";
+}
+
+/**
+* Convert a codepoint in hexadecimal to a UTF-8 char
+*
+* @param	string	$hex		Codepoint, in hexadecimal
+* @return	string				UTF-8 char
+*/
+function hex_to_utf($hex)
+{
+	return cp_to_utf(hexdec($hex));
+}
+
+/**
+* Return a UTF string formed from a sequence of codepoints in hexadecimal
+*
+* @param	string	$seq		Sequence of codepoints, separated with a space
+* @return	string				UTF-8 string
+*/
+function hexseq_to_utf($seq)
+{
+	return implode('', array_map('hex_to_utf', explode(' ', $seq)));
+}
+
+/**
+* Convert a codepoint to a UTF-8 char
+*
+* @param	integer	$cp			Unicode codepoint
+* @return	string				UTF-8 string
+*/
+function cp_to_utf($cp)
+{
+	if ($cp > 0xFFFF)
+	{
+		return chr(0xF0 | ($cp >> 18)) . chr(0x80 | (($cp >> 12) & 0x3F)) . chr(0x80 | (($cp >> 6) & 0x3F)) . chr(0x80 | ($cp & 0x3F));
+	}
+	elseif ($cp > 0x7FF)
+	{
+		return chr(0xE0 | ($cp >> 12)) . chr(0x80 | (($cp >> 6) & 0x3F)) . chr(0x80 | ($cp & 0x3F));
+	}
+	elseif ($cp > 0x7F)
+	{
+		return chr(0xC0 | ($cp >> 6)) . chr(0x80 | ($cp & 0x3F));
+	}
+	else
+	{
+		return chr($cp);
+	}
+}

phpBB/develop/utf_normalizer_test.php

@@ -0,0 +1,380 @@
+<?php
+/** 
+*
+* @package phpBB3
+* @version $Id$
+* @copyright (c) 2005 phpBB Group 
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License 
+*
+*/
+
+if (php_sapi_name() != 'cli')
+{
+	die("This program must be run from the command line.\n");
+}
+
+set_time_limit(0);
+error_reporting(E_ALL);
+
+define('IN_PHPBB', true);
+$phpbb_root_path = '../';
+$phpEx = substr(strrchr(__FILE__, '.'), 1);
+
+
+/**
+* Let's download some files we need
+*/
+download('http://www.unicode.org/Public/UNIDATA/NormalizationTest.txt');
+download('http://www.unicode.org/Public/UNIDATA/UnicodeData.txt');
+
+/**
+* Those are the tests we run
+*/
+$test_suite = array(
+	/**
+	* NFC
+	*   c2 ==  NFC(c1) ==  NFC(c2) ==  NFC(c3)
+	*   c4 ==  NFC(c4) ==  NFC(c5)
+	*/
+	'NFC'	=>	array(
+		'c2'	=>	array('c1', 'c2', 'c3'),
+		'c4'	=>	array('c4', 'c5')
+	),
+
+	/**
+	* NFD
+	*   c3 ==  NFD(c1) ==  NFD(c2) ==  NFD(c3)
+	*   c5 ==  NFD(c4) ==  NFD(c5)
+	*/
+	'NFD'	=>	array(
+		'c3'	=>	array('c1', 'c2', 'c3'),
+		'c5'	=>	array('c4', 'c5')
+	),
+
+	/**
+	* NFKC
+	*   c4 == NFKC(c1) == NFKC(c2) == NFKC(c3) == NFKC(c4) == NFKC(c5)
+	*/
+	'NFKC'	=>	array(
+		'c4'	=>	array('c1', 'c2', 'c3', 'c4', 'c5')
+	),
+
+	/**
+	* NFKD
+	*   c5 == NFKD(c1) == NFKD(c2) == NFKD(c3) == NFKD(c4) == NFKD(c5)
+	*/
+	'NFKD'	=>	array(
+		'c5'	=>	array('c1', 'c2', 'c3', 'c4', 'c5')
+	)
+);
+
+require_once($phpbb_root_path . 'includes/utf/utf_normalizer.' . $phpEx);
+
+$i = $n = 0;
+$failed = FALSE;
+$tested_chars = array();
+
+$fp = fopen($phpbb_root_path . 'develop/NormalizationTest.txt', 'rb');
+while (!feof($fp))
+{
+	$line = fgets($fp);
+	++$n;
+
+	if ($line[0] == '@')
+	{
+		if ($i)
+		{
+			echo "done\n";
+		}
+
+		$i = 0;
+		echo "\n", substr($line, 1), "\n\n";
+		continue;
+	}
+
+	if (!strpos(' 0123456789ABCDEF', $line[0]))
+	{
+		continue;
+	}
+
+	if (++$i % 100 == 0)
+	{
+		echo $i, ' ';
+	}
+
+	list($c1, $c2, $c3, $c4, $c5) = explode(';', $line);
+
+	if (!strpos($c1, ' '))
+	{
+		/**
+		* We are currently testing a single character, we add it to the list of
+		* characters we have processed so that we can exclude it when testing
+		* for invariants
+		*/
+		$tested_chars[$c1] = 1;
+	}
+
+	foreach ($test_suite as $form => $serie)
+	{
+		foreach ($serie as $expected => $tests)
+		{
+			$hex_expected = ${$expected};
+			$utf_expected = hexseq_to_utf($hex_expected);
+
+			foreach ($tests as $test)
+			{
+				$utf_result = call_user_func(array('utf_normalizer', $form), $utf_expected);
+
+				if (strcmp($utf_expected, $utf_result))
+				{
+					$failed = TRUE;
+					$hex_result = utf_to_hexseq($utf_result);
+
+					echo "\nFAILED $expected == $form($test) ($hex_expected != $hex_result)";
+				}
+			}
+		}
+
+		if ($failed)
+		{
+			die("\n\nFailed at line $n\n");
+		}
+	}
+}
+fclose($fp);
+
+/**
+* Test for invariants
+*/
+echo "\n\nTesting for invariants...\n\n";
+
+$fp = fopen($phpbb_root_path . 'develop/UnicodeData.txt', 'rt');
+
+$n = 0;
+while (!feof($fp))
+{
+	if (++$n % 100 == 0)
+	{
+		echo $n, ' ';
+	}
+
+	$line = fgets($fp, 1024);
+
+	if (!$pos = strpos($line, ';'))
+	{
+		continue;
+	}
+
+	$hex_tested = $hex_expected = substr($line, 0, $pos);
+
+	if (isset($tested_chars[$hex_tested]))
+	{
+		continue;
+	}
+
+	$utf_expected = hex_to_utf($hex_expected);
+
+	if ($utf_expected >= UTF8_SURROGATE_FIRST
+	 && $utf_expected <= UTF8_SURROGATE_LAST)
+	{
+		/**
+		* Surrogates are illegal on their own, we expect the normalizer
+		* to return a replacement char
+		*/
+		$utf_expected = UTF8_REPLACEMENT;
+		$hex_expected = utf_to_hexseq($utf_expected);
+	}
+
+	foreach (array('nfc', 'nfkc', 'nfd', 'nfkd') as $form)
+	{
+		$utf_result = utf_normalizer::$form($utf_expected);
+		$hex_result = utf_to_hexseq($utf_result);
+//		echo "$form($utf_expected) == $utf_result\n";
+
+		if (strcmp($utf_expected, $utf_result))
+		{
+			$failed = 1;
+
+			echo "\nFAILED $hex_expected == $form($hex_tested) ($hex_expected != $hex_result)";
+		}
+	}
+
+	if ($failed)
+	{
+		die("\n\nFailed at line $n\n");
+	}
+}
+fclose($fp);
+
+die("\n\nALL TESTS PASSED SUCCESSFULLY\n");
+
+/**
+* Download a file to the develop/ dir
+*
+* @param	string	$url		URL of the file to download
+* @return	void
+*/
+function download($url)
+{
+	global $phpbb_root_path;
+
+	if (file_exists($phpbb_root_path . 'develop/' . basename($url)))
+	{
+		return;
+	}
+
+	echo 'Downloading from ', $url, ' ';
+
+	if (!$fpr = fopen($url, 'rb'))
+	{
+		die("Can't download from $url\nPlease download it yourself and put it in the develop/ dir, kthxbai");
+	}
+
+	if (!$fpw = fopen($phpbb_root_path . 'develop/' . basename($url), 'wb'))
+	{
+		die("Can't open develop/" . basename($url) . " for output... please check your permissions or something");
+	}
+
+	$i = 0;
+	$chunk = 32768;
+	$done = '';
+
+	while (!feof($fpr))
+	{
+		$i += fwrite($fpw, fread($fpr, $chunk));
+		echo str_repeat("\x08", strlen($done));
+
+		$done = ($i >> 10) . ' KiB';
+		echo $done;
+	}
+	fclose($fpr);
+	fclose($fpw);
+
+	echo "\n";
+}
+
+/**
+* Convert a UTF string to a sequence of codepoints in hexadecimal
+*
+* @param	string	$utf	UTF string
+* @return	integer			Unicode codepoints in hex
+*/
+function utf_to_hexseq($str)
+{
+	$pos = 0;
+	$len = strlen($str);
+	$ret = array();
+
+	while ($pos < $len)
+	{
+		$c = $str[$pos];
+		switch ($c & "\xF0")
+		{
+			case "\xC0":
+			case "\xD0":
+				$utf_char = substr($str, $pos, 2);
+				$pos += 2;
+				break;
+
+			case "\xE0":
+				$utf_char = substr($str, $pos, 3);
+				$pos += 3;
+				break;
+
+			case "\xF0":
+				$utf_char = substr($str, $pos, 4);
+				$pos += 4;
+				break;
+
+			default:
+				$utf_char = $c;
+				++$pos;
+		}
+
+		$hex = dechex(utf_to_cp($utf_char));
+
+		if (!isset($hex[3]))
+		{
+			$hex = substr('000' . $hex, -4);
+		}
+
+		$ret[] = $hex;
+	}
+
+	return strtr(implode(' ', $ret), 'abcdef', 'ABCDEF');
+}
+
+/**
+* Convert a UTF-8 char to its codepoint
+*
+* @param	string	$utf_char	UTF-8 char
+* @return	integer				Unicode codepoint
+*/
+function utf_to_cp($utf_char)
+{
+	switch (strlen($utf_char))
+	{
+		case 1:
+			return ord($utf_char);
+
+		case 2:
+			return ((ord($utf_char[0]) & 0x1F) << 6) | (ord($utf_char[1]) & 0x3F);
+
+		case 3:
+			return ((ord($utf_char[0]) & 0x0F) << 12) | ((ord($utf_char[1]) & 0x3F) << 6) | (ord($utf_char[2]) & 0x3F);
+
+		case 4:
+			return ((ord($utf_char[0]) & 0x07) << 18) | ((ord($utf_char[1]) & 0x3F) << 12) | ((ord($utf_char[2]) & 0x3F) << 6) | (ord($utf_char[3]) & 0x3F);
+
+		default:
+			die('UTF-8 chars can only be 1-4 bytes long');
+	}
+}
+
+/**
+* Return a UTF string formed from a sequence of codepoints in hexadecimal
+*
+* @param	string	$seq		Sequence of codepoints, separated with a space
+* @return	string				UTF-8 string
+*/
+function hexseq_to_utf($seq)
+{
+	return implode('', array_map('hex_to_utf', explode(' ', $seq)));
+}
+
+/**
+* Convert a codepoint in hexadecimal to a UTF-8 char
+*
+* @param	string	$hex		Codepoint, in hexadecimal
+* @return	string				UTF-8 char
+*/
+function hex_to_utf($hex)
+{
+	return cp_to_utf(hexdec($hex));
+}
+
+/**
+* Convert a codepoint to a UTF-8 char
+*
+* @param	integer	$cp			Unicode codepoint
+* @return	string				UTF-8 string
+*/
+function cp_to_utf($cp)
+{
+	if ($cp > 0xFFFF)
+	{
+		return chr(0xF0 | ($cp >> 18)) . chr(0x80 | (($cp >> 12) & 0x3F)) . chr(0x80 | (($cp >> 6) & 0x3F)) . chr(0x80 | ($cp & 0x3F));
+	}
+	elseif ($cp > 0x7FF)
+	{
+		return chr(0xE0 | ($cp >> 12)) . chr(0x80 | (($cp >> 6) & 0x3F)) . chr(0x80 | ($cp & 0x3F));
+	}
+	elseif ($cp > 0x7F)
+	{
+		return chr(0xC0 | ($cp >> 6)) . chr(0x80 | ($cp & 0x3F));
+	}
+	else
+	{
+		return chr($cp);
+	}
+}

phpBB/docs/AUTHORS

@@ -14,12 +14,12 @@ phpBB Project Manager : theFinn (James Atkinson)
 phpBB Lead Developers : Acyd Burn (Meik Sievertsen)
                         psoTFX (Paul S. Owen) [2001 - 09/2005]
 
-phpBB Developers      : DavidMJ (David M.)
+phpBB Developers      : Ashe (Ludovic Arnaud) - [10/2002 - 11/2003, 06/2006 - ]
+                        DavidMJ (David M.)
                         GrahamJE (Graham Eames)
-                        naderman (Nils Aderman)
+                        naderman (Nils Adermann)
                         subBlue (Tom Beddard)
 
-                        Ashe (Ludovic Arnaud) - [10/2002 - 11/2003]
                         BartVB (Bart van Bragt) - [11/2000 - 03/2006]
 
 

phpBB/download.php

@@ -17,12 +17,10 @@ $phpEx = substr(strrchr(__FILE__, '.'), 1);
 include($phpbb_root_path . 'common.' . $phpEx);
 
 $download_id = request_var('id', 0);
-
-// Thumbnails are not handled by this file by default - but for modders this should be interesting. ;)
 $thumbnail = request_var('t', false);
 
-// Start session management
-$user->session_begin();
+// Start session management, do not update session page.
+$user->session_begin(false);
 $auth->acl($user->data);
 $user->setup('viewtopic');
 
@@ -65,6 +63,19 @@ if (!$attachment['in_message'])
 	$row = $db->sql_fetchrow($result);
 	$db->sql_freeresult($result);
 
+	// Global announcement?
+	if (!$row)
+	{
+		$forum_id = request_var('f', 0);
+
+		$sql = 'SELECT forum_id, forum_password, parent_id
+			FROM ' . FORUMS_TABLE . '
+			WHERE forum_id = ' . $forum_id;
+		$result = $db->sql_query($sql);
+		$row = $db->sql_fetchrow($result);
+		$db->sql_freeresult($result);
+	}
+
 	if ($auth->acl_get('u_download') && $auth->acl_get('f_download', $row['forum_id']))
 	{
 		if ($row['forum_password'])
@@ -81,7 +92,7 @@ if (!$attachment['in_message'])
 else
 {
 	$row['forum_id'] = 0;
-	if (!$auth->acl_get('u_pm_download') || !$config['auth_download_pm'])
+	if (!$auth->acl_get('u_pm_download'))
 	{
 		trigger_error('SORRY_AUTH_VIEW_ATTACH');
 	}
@@ -116,12 +127,13 @@ if (!$attachment)
 
 
 $attachment['physical_filename'] = basename($attachment['physical_filename']);
+$display_cat = $extensions[$attachment['extension']]['display_cat'];
 
 if ($thumbnail)
 {
 	$attachment['physical_filename'] = 'thumb_' . $attachment['physical_filename'];
 }
-else
+else if ($display_cat == ATTACHMENT_CATEGORY_NONE)
 {
 	// Update download count
 	$sql = 'UPDATE ' . ATTACHMENTS_TABLE . ' 
@@ -162,83 +174,52 @@ function send_file_to_browser($attachment, $upload_dir, $category)
 		trigger_error($user->lang['ERROR_NO_ATTACHMENT'] . '<br /><br />' . sprintf($user->lang['FILE_NOT_FOUND_404'], $filename));
 	}
 
-	// Determine the Browser the User is using, because of some nasty incompatibilities.
-	// borrowed from phpMyAdmin. :)
-	$user_agent = $user->browser;
-
-	if (ereg('Opera(/| )([0-9].[0-9]{1,2})', $user_agent, $log_version))
-	{
-		$browser_version = $log_version[2];
-		$browser_agent = 'opera';
-	}
-	else if (ereg('MSIE ([0-9].[0-9]{1,2})', $user_agent, $log_version))
-	{
-		$browser_version = $log_version[1];
-		$browser_agent = 'ie';
-	}
-	else if (ereg('OmniWeb/([0-9].[0-9]{1,2})', $user_agent, $log_version))
-	{
-		$browser_version = $log_version[1];
-		$browser_agent = 'omniweb';
-	}
-	else if (ereg('(Konqueror/)(.*)(;)', $user_agent, $log_version))
-	{
-		$browser_version = $log_version[2];
-		$browser_agent = 'konqueror';
-	}
-	else if (ereg('Mozilla/([0-9].[0-9]{1,2})', $user_agent, $log_version) && ereg('Safari/([0-9]*)', $user_agent, $log_version2))
-	{
-		$browser_version = $log_version[1] . '.' . $log_version2[1];
-		$browser_agent = 'safari';
-	}
-	else if (ereg('Mozilla/([0-9].[0-9]{1,2})', $user_agent, $log_version))
-	{
-		$browser_version = $log_version[1];
-		$browser_agent = 'mozilla';
-	}
-	else
-	{
-		$browser_version = 0;
-		$browser_agent = 'other';
-	}
-
 	// Correct the mime type - we force application/octetstream for all files, except images
 	// Please do not change this, it is a security precaution
 	if ($category == ATTACHMENT_CATEGORY_NONE && strpos($attachment['mimetype'], 'image') === false)
 	{
-		$attachment['mimetype'] = ($browser_agent == 'ie' || $browser_agent == 'opera') ? 'application/octetstream' : 'application/octet-stream';
+		$attachment['mimetype'] = (strpos(strtolower($user->browser), 'msie') !== false || strpos(strtolower($user->browser), 'opera') !== false) ? 'application/octetstream' : 'application/octet-stream';
 	}
 
 	if (@ob_get_length())
 	{
 		@ob_end_clean();
 	}
-	
+
+	// Now send the File Contents to the Browser
+	$size = @filesize($filename);
+
+	// Might not be ideal to store the contents, but file_get_contents is binary-safe as well as the recommended method
+	// To correctly display further errors we need to make sure we are using the correct headers for both (unsetting content-length may not work)
+	$contents = @file_get_contents($filename);
+
+	// Check if headers already sent or not able to get the file contents.
+	if (headers_sent() || $contents === false)
+	{
+		unset($contents);
+
+		// PHP track_errors setting On?
+		if (!empty($php_errormsg))
+		{
+			trigger_error($user->lang['UNABLE_TO_DELIVER_FILE'] . '<br />' . sprintf($user->lang['TRACKED_PHP_ERROR'], $php_errormsg));
+		}
+
+		trigger_error('UNABLE_TO_DELIVER_FILE');
+	}
+
 	// Now the tricky part... let's dance
 	header('Pragma: public');
 
 	// Send out the Headers
-	header('Content-Type: ' . $attachment['mimetype'] . '; name="' . $attachment['real_filename'] . '"');
+	header('Content-type: ' . $attachment['mimetype'] . '; name="' . $attachment['real_filename'] . '"');
 	header('Content-Disposition: inline; filename="' . $attachment['real_filename'] . '"');
 
-	// Now send the File Contents to the Browser
-	$size = @filesize($filename);
 	if ($size)
 	{
 		header("Content-length: $size");
 	}
-	$result = @readfile($filename);
-	
-	if (!$result)
-	{
-		// PHP track_errors setting On?
-		if (!empty($php_errormsg))
-		{
-			trigger_error('Unable to deliver file.<br />Error was: ' . $php_errormsg, E_USER_ERROR);
-		}
-
-		trigger_error('Unable to deliver file.', E_USER_ERROR);
-	}
+	echo $contents;
+	unset($contents);
 
 	flush();
 	exit;
@@ -256,7 +237,7 @@ function download_allowed()
 		return true;
 	}
 
-	$url = (getenv('HTTP_REFERER')) ? trim(getenv('HTTP_REFERER')) : trim($_SERVER['HTTP_REFERER']);
+	$url = (!empty($_SERVER['HTTP_REFERER'])) ? trim($_SERVER['HTTP_REFERER']) : trim(getenv('HTTP_REFERER'));
 
 	if (!$url)
 	{
@@ -264,20 +245,27 @@ function download_allowed()
 	}
 
 	// Split URL into domain and script part
-	$url = explode('?', str_replace(array('http://', 'https://'), array('', ''), $url));
-	$hostname = trim($url[0]);
+	$url = @parse_url($url);
+
+	if ($url === false)
+	{
+		return ($config['secure_allow_empty_referer']) ? true : false;
+	}
+
+	$hostname = $url['host'];
 	unset($url);
 
 	$allowed = ($config['secure_allow_deny']) ? false : true;
 	$iplist = array();
 
-	$ip_ary = gethostbynamel($hostname);
-
-	foreach ($ip_ary as $ip)
+	if (($ip_ary = @gethostbynamel($hostname)) !== false)
 	{
-		if ($ip)
+		foreach ($ip_ary as $ip)
 		{
-			$iplist[] = $ip;
+			if ($ip)
+			{
+				$iplist[] = $ip;
+			}
 		}
 	}
 	
@@ -311,7 +299,7 @@ function download_allowed()
 			{
 				foreach ($iplist as $ip)
 				{
-					if (preg_match('#^' . str_replace('*', '.*?', $site_ip) . '$#i', $ip))
+					if (preg_match('#^' . str_replace('*', '.*?', preg_quote($site_ip, '#')) . '$#i', $ip))
 					{
 						if ($row['ip_exclude'])
 						{
@@ -328,7 +316,7 @@ function download_allowed()
 
 			if ($site_hostname)
 			{
-				if (preg_match('#^' . str_replace('*', '.*?', $site_hostname) . '$#i', $hostname))
+				if (preg_match('#^' . str_replace('*', '.*?', preg_quote($site_hostname, '#')) . '$#i', $hostname))
 				{
 					if ($row['ip_exclude'])
 					{

phpBB/includes/acm/acm_file.php

@@ -19,6 +19,7 @@ class acm
 	var $is_modified = false;
 
 	var $sql_rowset = array();
+	var $sql_row_pointer = array();
 
 	/**
 	* Set cache path
@@ -56,6 +57,7 @@ class acm
 		unset($this->vars);
 		unset($this->var_expires);
 		unset($this->sql_rowset);
+		unset($this->sql_row_pointer);
 	}
 
 	/**
@@ -69,7 +71,7 @@ class acm
 		}
 
 		global $phpEx;
-		$file = '<?php $this->vars=' . $this->format_array($this->vars) . ";\n\$this->var_expires=" . $this->format_array($this->var_expires) . ' ?>';
+		$file = "<?php\n\$this->vars = " . $this->format_array($this->vars) . ";\n\n\$this->var_expires = " . $this->format_array($this->var_expires) . "\n?>";
 
 		if ($fp = @fopen($this->cache_dir . 'data_global.' . $phpEx, 'wb'))
 		{
@@ -255,26 +257,28 @@ class acm
 	/**
 	* Format an array to be stored on filesystem
 	*/
-	function format_array($array)
+	function format_array($array, $tab = '')
 	{
+		$tab .= "\t";
+
 		$lines = array();
 		foreach ($array as $k => $v)
 		{
 			if (is_array($v))
 			{
-				$lines[] = "\n'$k' => " . $this->format_array($v);
+				$lines[] = "\n{$tab}'$k' => " . $this->format_array($v, $tab);
 			}
 			else if (is_int($v))
 			{
-				$lines[] = "\n'$k' => $v";
+				$lines[] = "\n{$tab}'$k' => $v";
 			}
 			else if (is_bool($v))
 			{
-				$lines[] = "\n'$k' => " . (($v) ? 'true' : 'false');
+				$lines[] = "\n{$tab}'$k' => " . (($v) ? 'true' : 'false');
 			}
 			else
 			{
-				$lines[] = "\n'$k' => '" . str_replace("'", "\\'", str_replace('\\', '\\\\', $v)) . "'";
+				$lines[] = "\n{$tab}'$k' => '" . str_replace("'", "\\'", str_replace('\\', '\\\\', $v)) . "'";
 			}
 		}
 
@@ -309,6 +313,8 @@ class acm
 			return false;
 		}
 
+		$this->sql_row_pointer[$query_id] = 0;
+
 		return $query_id;
 	}
 
@@ -329,6 +335,7 @@ class acm
 			$lines = array();
 			$query_id = sizeof($this->sql_rowset);
 			$this->sql_rowset[$query_id] = array();
+			$this->sql_row_pointer[$query_id] = 0;
 
 			while ($row = $db->sql_fetchrow($query_result))
 			{
@@ -359,7 +366,63 @@ class acm
 	*/
 	function sql_fetchrow($query_id)
 	{
-		return array_shift($this->sql_rowset[$query_id]);
+		if ($this->sql_row_pointer[$query_id] < sizeof($this->sql_rowset[$query_id]))
+		{
+			return $this->sql_rowset[$query_id][$this->sql_row_pointer[$query_id]++];
+		}
+
+		return false;
+	}
+
+	/**
+	* Fetch the number of rows from cache (database)
+	*/
+	function sql_numrows($query_id)
+	{
+		return sizeof($this->sql_rowset[$query_id]);
+	}
+
+	/**
+	* Fetch a field from the current row of a cached database result (database)
+	*/
+	function sql_fetchfield($query_id, $field)
+	{
+		if ($this->sql_row_pointer[$query_id] < sizeof($this->sql_rowset[$query_id]))
+		{
+			return (isset($this->sql_rowset[$query_id][$this->sql_row_pointer[$query_id]][$field])) ? $this->sql_rowset[$query_id][$this->sql_row_pointer[$query_id]][$field] : false;
+		}
+
+		return false;
+	}
+
+	/**
+	* Seek a specific row in an a cached database result (database)
+	*/
+	function sql_rowseek($query_id, $rownum)
+	{
+		if ($rownum >= sizeof($this->sql_rowset[$query_id]))
+		{
+			return false;
+		}
+
+		$this->sql_row_pointer[$query_id] = $rownum;
+		return true;
+	}
+
+	/**
+	* Free memory used for a cached database result (database)
+	*/
+	function sql_freeresult($query_id)
+	{
+		if (!isset($this->sql_rowset[$query_id]))
+		{
+			return false;
+		}
+
+		unset($this->sql_rowset[$query_id]);
+		unset($this->sql_row_pointer[$query_id]);
+
+		return true;
 	}
 }
 

phpBB/includes/acp/acp_attachments.php

@@ -78,7 +78,7 @@ class acp_attachments
 				}
 				$db->sql_freeresult($result);
 
-				$l_legend_cat_images = $user->lang['SETTINGS_CAT_IMAGES'] . ' [' . $user->lang['ASSIGNED_GROUP'] . ': ' . ((sizeof($s_assigned_groups[ATTACHMENT_CATEGORY_IMAGE])) ? implode(', ', $s_assigned_groups[ATTACHMENT_CATEGORY_IMAGE]) : $user->lang['NONE']) . ']';
+				$l_legend_cat_images = $user->lang['SETTINGS_CAT_IMAGES'] . ' [' . $user->lang['ASSIGNED_GROUP'] . ': ' . ((sizeof($s_assigned_groups[ATTACHMENT_CATEGORY_IMAGE])) ? implode(', ', $s_assigned_groups[ATTACHMENT_CATEGORY_IMAGE]) : $user->lang['NO_EXT_GROUP']) . ']';
 
 				$display_vars = array(
 					'title'	=> 'ACP_ATTACHMENT_SETTINGS',
@@ -97,7 +97,7 @@ class acp_attachments
 						'max_attachments_pm'	=> array('lang' => 'MAX_ATTACHMENTS_PM',	'type' => 'text:3:3', 'explain' => false),
 						'secure_downloads'		=> array('lang' => 'SECURE_DOWNLOADS',		'type' => 'radio:yes_no', 'explain' => true),
 						'secure_allow_deny'		=> array('lang' => 'SECURE_ALLOW_DENY',		'type' => 'custom', 'method' => 'select_allow_deny', 'explain' => true),
-						'secure_allow_empty_referer' => array('lang' => 'SECURE_EMPTY_REFERER', 'type' => 'radio:yes_no', 'explain' => true),
+						'secure_allow_empty_referer' => array('lang' => 'SECURE_EMPTY_REFERRER', 'type' => 'radio:yes_no', 'explain' => true),
 
 						'legend2'					=> $l_legend_cat_images,
 						'img_display_inlined'		=> array('lang' => 'DISPLAY_INLINED',		'type' => 'radio:yes_no', 'explain' => true),
@@ -294,7 +294,7 @@ class acp_attachments
 						{
 							$sql = 'SELECT extension 
 								FROM ' . EXTENSIONS_TABLE . '
-								WHERE extension_id IN (' . implode(', ', $extension_id_list) . ')';
+								WHERE ' . $db->sql_in_set('extension_id', $extension_id_list);
 							$result = $db->sql_query($sql);
 							
 							$extension_list = '';
@@ -306,7 +306,7 @@ class acp_attachments
 
 							$sql = 'DELETE 
 								FROM ' . EXTENSIONS_TABLE . '
-								WHERE extension_id IN (' . implode(', ', $extension_id_list) . ')';
+								WHERE ' . $db->sql_in_set('extension_id', $extension_id_list);
 							$db->sql_query($sql);
 
 							add_log('admin', 'LOG_ATTACH_EXT_DEL', $extension_list);
@@ -508,7 +508,7 @@ class acp_attachments
 					{
 						$sql = 'UPDATE ' . EXTENSIONS_TABLE . " 
 							SET group_id = $group_id
-							WHERE extension_id IN (" . implode(', ', $extension_list) . ")";
+							WHERE " . $db->sql_in_set('extension_id', $extension_list);
 						$db->sql_query($sql);
 					}
 
@@ -521,7 +521,7 @@ class acp_attachments
 				}
 			
 				$cat_lang = array(
-					ATTACHMENT_CATEGORY_NONE	=> $user->lang['NONE'],
+					ATTACHMENT_CATEGORY_NONE	=> $user->lang['NO_FILE_CAT'],
 					ATTACHMENT_CATEGORY_IMAGE	=> $user->lang['CAT_IMAGES'],
 					ATTACHMENT_CATEGORY_WM		=> $user->lang['CAT_WM_FILES'],
 					ATTACHMENT_CATEGORY_RM		=> $user->lang['CAT_RM_FILES']
@@ -631,25 +631,30 @@ class acp_attachments
 
 						$img_path = $config['upload_icons_path'];
 
-						$imglist = filelist($phpbb_root_path . $img_path);
-						$imglist = array_values($imglist);
-						$imglist = $imglist[0];
-
 						$filename_list = '';
 						$no_image_select = false;
-						foreach ($imglist as $key => $img)
-						{
-							if (!$ext_group_row['upload_icon'])
-							{
-								$no_image_select = true;
-								$selected = '';
-							}
-							else
-							{
-								$selected = ($ext_group_row['upload_icon'] == $img) ? ' selected="selected"' : '';
-							}
 
-							$filename_list .= '<option value="' . htmlspecialchars($img) . '"' . $selected . '>' . htmlspecialchars($img) . '</option>';
+						$imglist = filelist($phpbb_root_path . $img_path);
+
+						if (sizeof($imglist))
+						{
+							$imglist = array_values($imglist);
+							$imglist = $imglist[0];
+
+							foreach ($imglist as $key => $img)
+							{
+								if (!$ext_group_row['upload_icon'])
+								{
+									$no_image_select = true;
+									$selected = '';
+								}
+								else
+								{
+									$selected = ($ext_group_row['upload_icon'] == $img) ? ' selected="selected"' : '';
+								}
+
+								$filename_list .= '<option value="' . htmlspecialchars($img) . '"' . $selected . '>' . htmlspecialchars($img) . '</option>';
+							}
 						}
 
 						$i = 0;
@@ -701,7 +706,7 @@ class acp_attachments
 						$sql = 'SELECT forum_id, forum_name, parent_id, forum_type, left_id, right_id
 							FROM ' . FORUMS_TABLE . '
 							ORDER BY left_id ASC';
-						$result = $db->sql_query($sql);
+						$result = $db->sql_query($sql, 600);
 
 						$right = $cat_right = $padding_inc = 0;
 						$padding = $forum_list = $holding = '';
@@ -860,7 +865,7 @@ class acp_attachments
 
 						$sql = 'SELECT forum_id, topic_id, post_id 
 							FROM ' . POSTS_TABLE . '
-							WHERE post_id IN (' . implode(', ', array_keys($upload_list)) . ')';
+							WHERE ' . $db->sql_in_set('post_id', array_keys($upload_list));
 						$result = $db->sql_query($sql);
 
 						while ($row = $db->sql_fetchrow($result))
@@ -954,7 +959,7 @@ class acp_attachments
 		global $db, $user;
 
 		$types = array(
-			ATTACHMENT_CATEGORY_NONE	=> $user->lang['NONE'],
+			ATTACHMENT_CATEGORY_NONE	=> $user->lang['NO_FILE_CAT'],
 			ATTACHMENT_CATEGORY_IMAGE	=> $user->lang['CAT_IMAGES'],
 			ATTACHMENT_CATEGORY_WM		=> $user->lang['CAT_WM_FILES'],
 			ATTACHMENT_CATEGORY_RM		=> $user->lang['CAT_RM_FILES']
@@ -1097,7 +1102,7 @@ class acp_attachments
 				'in_message'		=> 0,
 				'physical_filename'	=> $filedata['physical_filename'],
 				'real_filename'		=> $filedata['real_filename'],
-				'comment'			=> $message_parser->filename_data['filecomment'],
+				'attach_comment'	=> $message_parser->filename_data['filecomment'],
 				'extension'			=> $filedata['extension'],
 				'mimetype'			=> $filedata['mimetype'],
 				'filesize'			=> $filedata['filesize'],
@@ -1145,7 +1150,7 @@ class acp_attachments
 	{
 		$imagick = '';
 
-		$exe = ((defined('PHP_OS')) && (preg_match('#win#i', PHP_OS))) ? '.exe' : '';
+		$exe = ((defined('PHP_OS')) && (preg_match('#^win#i', PHP_OS))) ? '.exe' : '';
 
 		$magic_home = getenv('MAGICK_HOME');
 
@@ -1368,16 +1373,16 @@ class acp_attachments
 		}
 		else if (isset($_POST['unsecuresubmit']))
 		{
-			$unip_sql = implode(', ', array_map('intval', $_POST['unip']));
+			$unip_sql = array_map('intval', $_POST['unip']);
 
-			if ($unip_sql != '')
+			if (sizeof($unip_sql))
 			{
 				$l_unip_list = '';
-			
+
 				// Grab details of ips for logging information later
 				$sql = 'SELECT site_ip, site_hostname
-					FROM ' . SITELIST_TABLE . "
-					WHERE site_id IN ($unip_sql)";
+					FROM ' . SITELIST_TABLE . '
+					WHERE ' . $db->sql_in_set('site_id', $unip_sql);
 				$result = $db->sql_query($sql);
 
 				while ($row = $db->sql_fetchrow($result))
@@ -1386,8 +1391,8 @@ class acp_attachments
 				}
 				$db->sql_freeresult($result);
 
-				$sql = 'DELETE FROM ' . SITELIST_TABLE . "
-					WHERE site_id IN ($unip_sql)";
+				$sql = 'DELETE FROM ' . SITELIST_TABLE . '
+					WHERE ' . $db->sql_in_set('site_id', $unip_sql);
 				$db->sql_query($sql);
 
 				add_log('admin', 'LOG_DOWNLOAD_REMOVE_IP', $l_unip_list);

phpBB/includes/acp/acp_bbcodes.php

@@ -33,12 +33,12 @@ class acp_bbcodes
 		switch ($action)
 		{
 			case 'add':
-				$bbcode_match = $bbcode_tpl = '';
+				$bbcode_match = $bbcode_tpl = $bbcode_helpline = '';
 				$display_on_posting = 0;
 			break;
 
 			case 'edit':
-				$sql = 'SELECT bbcode_match, bbcode_tpl, display_on_posting
+				$sql = 'SELECT bbcode_match, bbcode_tpl, display_on_posting, bbcode_helpline
 					FROM ' . BBCODES_TABLE . '
 					WHERE bbcode_id = ' . $bbcode_id;
 				$result = $db->sql_query($sql);
@@ -53,6 +53,7 @@ class acp_bbcodes
 				$bbcode_match = $row['bbcode_match'];
 				$bbcode_tpl = htmlspecialchars($row['bbcode_tpl']);
 				$display_on_posting = $row['display_on_posting'];
+				$bbcode_helpline = html_entity_decode($row['bbcode_helpline']);
 			break;
 
 			case 'modify':
@@ -75,6 +76,7 @@ class acp_bbcodes
 
 				$bbcode_match = request_var('bbcode_match', '');
 				$bbcode_tpl = html_entity_decode(request_var('bbcode_tpl', ''));
+				$bbcode_helpline = htmlspecialchars(request_var('bbcode_helpline', ''));
 			break;
 		}
 
@@ -89,8 +91,10 @@ class acp_bbcodes
 					'U_BACK'			=> $this->u_action,
 					'U_ACTION'			=> $this->u_action . '&action=' . (($action == 'add') ? 'create' : 'modify') . (($bbcode_id) ? "&bbcode=$bbcode_id" : ''),
 
+					'L_BBCODE_USAGE_EXPLAIN'=> sprintf($user->lang['BBCODE_USAGE_EXPLAIN'], '<a href="#down">', '</a>'),
 					'BBCODE_MATCH'			=> $bbcode_match,
 					'BBCODE_TPL'			=> $bbcode_tpl,
+					'BBCODE_HELPLINE'		=> $bbcode_helpline,
 					'DISPLAY_ON_POSTING'	=> $display_on_posting)
 				);
 
@@ -134,6 +138,7 @@ class acp_bbcodes
 					'bbcode_match'				=> $bbcode_match,
 					'bbcode_tpl'				=> $bbcode_tpl,
 					'display_on_posting'		=> $display_on_posting,
+					'bbcode_helpline'			=> $bbcode_helpline,
 					'first_pass_match'			=> $data['first_pass_match'],
 					'first_pass_replace'		=> $data['first_pass_replace'],
 					'second_pass_match'			=> $data['second_pass_match'],
@@ -163,7 +168,7 @@ class acp_bbcodes
 						$bbcode_id = NUM_CORE_BBCODES + 1;
 					}
 
-					if ($bbcode_id > 31)
+					if ($bbcode_id > 1511)
 					{
 						trigger_error('TOO_MANY_BBCODES');
 					}
@@ -278,8 +283,8 @@ class acp_bbcodes
 			{
 				$token_type = $m[1][$n];
 
-				reset($tokens[$token_type]);
-				list($match, $replace) = each($tokens[$token_type]);
+				reset($tokens[strtoupper($token_type)]);
+				list($match, $replace) = each($tokens[strtoupper($token_type)]);
 
 				// Pad backreference numbers from tokens
 				if (preg_match_all('/(?<!\\\\)\$([0-9]+)/', $replace, $repad))
@@ -337,7 +342,7 @@ class acp_bbcodes
 		}
 
 		// Lowercase tags
-		$bbcode_tag = preg_replace('/.*?\[([a-z]+=?).*/i', '$1', $bbcode_match);
+		$bbcode_tag = preg_replace('/.*?\[([a-z0-9_-]+=?).*/i', '$1', $bbcode_match);
 		$fp_match = preg_replace('#\[/?' . $bbcode_tag . '#ie', "strtolower('\$0')", $fp_match);
 		$fp_replace = preg_replace('#\[/?' . $bbcode_tag . '#ie', "strtolower('\$0')", $fp_replace);
 		$sp_match = preg_replace('#\[/?' . $bbcode_tag . '#ie', "strtolower('\$0')", $sp_match);

phpBB/includes/acp/acp_board.php

@@ -40,9 +40,9 @@ class acp_board
 						'board_disable_msg'		=> false,
 						'default_lang'			=> array('lang' => 'DEFAULT_LANGUAGE',		'type' => 'select', 'function' => 'language_select', 'params' => array('{CONFIG_VALUE}'), 'explain' => false),
 						'default_dateformat'	=> array('lang' => 'DEFAULT_DATE_FORMAT',	'type' => 'custom', 'method' => 'dateformat_select', 'explain' => true),
-						'board_timezone'		=> array('lang' => 'SYSTEM_TIMEZONE',		'type' => 'select', 'function' => 'tz_select', 'params' => array('{CONFIG_VALUE}'), 'explain' => false),
+						'board_timezone'		=> array('lang' => 'SYSTEM_TIMEZONE',		'type' => 'select', 'function' => 'tz_select', 'params' => array('{CONFIG_VALUE}', 1), 'explain' => false),
 						'board_dst'				=> array('lang' => 'SYSTEM_DST',			'type' => 'radio:yes_no', 'explain' => false),
-						'default_style'			=> array('lang' => 'DEFAULT_STYLE',			'type' => 'select', 'function' => 'style_select', 'params' => array('{CONFIG_VALUE}', true), 'explain' => false),
+						'default_style'			=> array('lang' => 'DEFAULT_STYLE',			'type' => 'select', 'function' => 'style_select', 'params' => array('{CONFIG_VALUE}', 1), 'explain' => false),
 						'override_user_style'	=> array('lang' => 'OVERRIDE_STYLE',		'type' => 'radio:yes_no', 'explain' => true),
 
 						'legend2'				=> 'WARNINGS',
@@ -71,6 +71,14 @@ class acp_board
 						'allow_sig_smilies'		=> array('lang' => 'ALLOW_SIG_SMILIES',		'type' => 'radio:yes_no', 'explain' => false),
 						'allow_nocensors'		=> array('lang' => 'ALLOW_NO_CENSORS',		'type' => 'radio:yes_no', 'explain' => true),
 						'allow_bookmarks'		=> array('lang' => 'ALLOW_BOOKMARKS',		'type' => 'radio:yes_no', 'explain' => true),
+
+						'legend2'				=> 'ACP_LOAD_SETTINGS',
+						'load_birthdays'		=> array('lang' => 'YES_BIRTHDAYS',		'type' => 'radio:yes_no', 'explain' => false),
+						'load_moderators'		=> array('lang' => 'YES_MODERATORS',	'type' => 'radio:yes_no', 'explain' => false),
+						'load_jumpbox'			=> array('lang' => 'YES_JUMPBOX',		'type' => 'radio:yes_no', 'explain' => false),
+						'load_cpf_memberlist'	=> array('lang' => 'LOAD_CPF_MEMBERLIST',	'type' => 'radio:yes_no', 'explain' => false),
+						'load_cpf_viewprofile'	=> array('lang' => 'LOAD_CPF_VIEWPROFILE',	'type' => 'radio:yes_no', 'explain' => false),
+						'load_cpf_viewtopic'	=> array('lang' => 'LOAD_CPF_VIEWTOPIC',	'type' => 'radio:yes_no', 'explain' => false),
 					)
 				);
 			break;
@@ -104,14 +112,13 @@ class acp_board
 						'pm_max_boxes'			=> array('lang' => 'BOXES_MAX',				'type' => 'text:4:4', 'explain' => true),
 						'pm_max_msgs'			=> array('lang' => 'BOXES_LIMIT',			'type' => 'text:4:4', 'explain' => true),
 						'full_folder_action'	=> array('lang' => 'FULL_FOLDER_ACTION',	'type' => 'select', 'method' => 'full_folder_select', 'explain' => true),
-						'pm_edit_time'			=> array('lang' => 'PM_EDIT_TIME',			'type' => 'text:3:3', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
+						'pm_edit_time'			=> array('lang' => 'PM_EDIT_TIME',			'type' => 'text:3:3', 'explain' => true, 'append' => ' ' . $user->lang['MINUTES']),
 						
 						'legend2'				=> 'GENERAL_OPTIONS',
 						'allow_mass_pm'			=> array('lang' => 'ALLOW_MASS_PM',			'type' => 'radio:yes_no', 'explain' => false),
 						'auth_bbcode_pm'		=> array('lang' => 'ALLOW_BBCODE_PM',		'type' => 'radio:yes_no', 'explain' => false),
 						'auth_smilies_pm'		=> array('lang' => 'ALLOW_SMILIES_PM',		'type' => 'radio:yes_no', 'explain' => false),
 						'allow_pm_attach'		=> array('lang' => 'ALLOW_PM_ATTACHMENTS',	'type' => 'radio:yes_no', 'explain' => false),
-						'auth_download_pm'		=> array('lang' => 'ALLOW_DOWNLOAD_PM',		'type' => 'radio:yes_no', 'explain' => false),
 						'allow_sig_pm'			=> array('lang' => 'ALLOW_SIG_PM',			'type' => 'radio:yes_no', 'explain' => false),
 						'print_pm'				=> array('lang' => 'ALLOW_PRINT_PM',		'type' => 'radio:yes_no', 'explain' => false),
 						'forward_pm'			=> array('lang' => 'ALLOW_FORWARD_PM',		'type' => 'radio:yes_no', 'explain' => false),
@@ -137,7 +144,7 @@ class acp_board
 
 						'legend2'				=> 'POSTING',
 						'bump_type'				=> false,
-						'edit_time'				=> array('lang' => 'EDIT_TIME',				'type' => 'text:3:3', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
+						'edit_time'				=> array('lang' => 'EDIT_TIME',				'type' => 'text:3:3', 'explain' => true, 'append' => ' ' . $user->lang['MINUTES']),
 						'display_last_edited'	=> array('lang' => 'DISPLAY_LAST_EDITED',	'type' => 'radio:yes_no', 'explain' => true),
 						'flood_interval'		=> array('lang' => 'FLOOD_INTERVAL',		'type' => 'text:3:4', 'explain' => true),
 						'bump_interval'			=> array('lang' => 'BUMP_INTERVAL',			'type' => 'custom', 'method' => 'bump_interval', 'explain' => true),
@@ -204,33 +211,6 @@ class acp_board
 						'coppa_enable'		=> array('lang' => 'ENABLE_COPPA',		'type' => 'radio:yes_no', 'explain' => true),
 						'coppa_mail'		=> array('lang' => 'COPPA_MAIL',		'type' => 'textarea:5:40', 'explain' => true),
 						'coppa_fax'			=> array('lang' => 'COPPA_FAX',			'type' => 'text:25:100', 'explain' => false),
-						'coppa_hide_groups'	=> array('lang' => 'COPPA_HIDE_GROUPS',	'type' => 'radio:yes_no', 'explain' => true),
-					)
-				);
-			break;
-
-			case 'visual':
-				$display_vars = array(
-					'title'	=> 'ACP_VC_SETTINGS',
-					'vars'	=> array(
-						'legend1'				=> 'GENERAL_OPTIONS',
-						'enable_confirm'		=> array('lang' => 'VISUAL_CONFIRM_REG',	'type' => 'radio:yes_no', 'explain' => true),
-						'enable_post_confirm'	=> array('lang' => 'VISUAL_CONFIRM_POST',	'type' => 'radio:yes_no', 'explain' => true),
-
-						'legend2'						=> 'CAPTCHA_OPTIONS',
-						'policy_overlap'				=> array('lang' => 'CAPTCHA_OVERLAP',		'type' => 'radio:yes_no', 'explain' => false),
-						'policy_overlap_noise_pixel'	=> array('lang' => 'OVERLAP_NOISE_PIXEL',	'type' => 'select', 'method' => 'captcha_pixel_noise_select', 'explain' => false),
-						'policy_overlap_noise_line'		=> array('lang' => 'OVERLAP_NOISE_LINE',	'type' => 'radio:yes_no', 'explain' => false),
-						'policy_entropy'				=> array('lang' => 'CAPTCHA_ENTROPY',		'type' => 'radio:yes_no', 'explain' => false),
-						'policy_entropy_noise_pixel'	=> array('lang' => 'ENTROPY_NOISE_PIXEL',	'type' => 'select', 'method' => 'captcha_pixel_noise_select', 'explain' => false),
-						'policy_entropy_noise_line'		=> array('lang' => 'ENTROPY_NOISE_LINE',	'type' => 'radio:yes_no', 'explain' => false),
-						'policy_shape'					=> array('lang' => 'CAPTCHA_SHAPE',			'type' => 'radio:yes_no', 'explain' => false),
-						'policy_shape_noise_pixel'		=> array('lang' => 'SHAPE_NOISE_PIXEL',		'type' => 'select', 'method' => 'captcha_pixel_noise_select', 'explain' => false),
-						'policy_shape_noise_line'		=> array('lang' => 'SHAPE_NOISE_LINE',		'type' => 'radio:yes_no', 'explain' => false),
-						'policy_3dbitmap'				=> array('lang' => 'CAPTCHA_3DBITMAP',		'type' => 'radio:yes_no', 'explain' => false),
-						'policy_cells'					=> array('lang' => 'CAPTCHA_CELLS',			'type' => 'radio:yes_no', 'explain' => false),
-						'policy_stencil'				=> array('lang' => 'CAPTCHA_STENCIL',		'type' => 'radio:yes_no', 'explain' => false),
-						'policy_composite'				=> array('lang' => 'CAPTCHA_COMPOSITE',		'type' => 'radio:yes_no', 'explain' => false),
 					)
 				);
 			break;
@@ -259,16 +239,17 @@ class acp_board
 						'load_online_time'	=> array('lang' => 'ONLINE_LENGTH',		'type' => 'text:4:3', 'explain' => true),
 
 						'legend2'				=> 'GENERAL_OPTIONS',
-						'load_db_track'			=> array('lang' => 'YES_POST_MARKING',	'type' => 'radio:yes_no', 'explain' => true),
-						'load_db_lastread'		=> array('lang' => 'YES_READ_MARKING',	'type' => 'radio:yes_no', 'explain' => true),
-						'load_online'			=> array('lang' => 'YES_ONLINE',		'type' => 'radio:yes_no', 'explain' => true),
-						'load_online_guests'	=> array('lang' => 'YES_ONLINE_GUESTS',	'type' => 'radio:yes_no', 'explain' => true),
-						'load_onlinetrack'		=> array('lang' => 'YES_ONLINE_TRACK',	'type' => 'radio:yes_no', 'explain' => true),
-						'load_birthdays'		=> array('lang' => 'YES_BIRTHDAYS',		'type' => 'radio:yes_no', 'explain' => false),
-						'load_moderators'		=> array('lang' => 'YES_MODERATORS',	'type' => 'radio:yes_no', 'explain' => false),
-						'load_jumpbox'			=> array('lang' => 'YES_JUMPBOX',		'type' => 'radio:yes_no', 'explain' => false),
-						'load_user_activity'	=> array('lang' => 'LOAD_USER_ACTIVITY','type' => 'radio:yes_no', 'explain' => true),
-						'load_tplcompile'		=> array('lang' => 'RECOMPILE_TEMPLATES', 'type' => 'radio:yes_no', 'explain' => true),
+						'load_db_track'			=> array('lang' => 'YES_POST_MARKING',		'type' => 'radio:yes_no', 'explain' => true),
+						'load_db_lastread'		=> array('lang' => 'YES_READ_MARKING',		'type' => 'radio:yes_no', 'explain' => true),
+						'load_anon_lastread'	=> array('lang' => 'YES_ANON_READ_MARKING',	'type' => 'radio:yes_no', 'explain' => true),
+						'load_online'			=> array('lang' => 'YES_ONLINE',			'type' => 'radio:yes_no', 'explain' => true),
+						'load_online_guests'	=> array('lang' => 'YES_ONLINE_GUESTS',		'type' => 'radio:yes_no', 'explain' => true),
+						'load_onlinetrack'		=> array('lang' => 'YES_ONLINE_TRACK',		'type' => 'radio:yes_no', 'explain' => true),
+						'load_birthdays'		=> array('lang' => 'YES_BIRTHDAYS',			'type' => 'radio:yes_no', 'explain' => false),
+						'load_moderators'		=> array('lang' => 'YES_MODERATORS',		'type' => 'radio:yes_no', 'explain' => false),
+						'load_jumpbox'			=> array('lang' => 'YES_JUMPBOX',			'type' => 'radio:yes_no', 'explain' => false),
+						'load_user_activity'	=> array('lang' => 'LOAD_USER_ACTIVITY',	'type' => 'radio:yes_no', 'explain' => true),
+						'load_tplcompile'		=> array('lang' => 'RECOMPILE_TEMPLATES',	'type' => 'radio:yes_no', 'explain' => true),
 						
 						'legend3'				=> 'CUSTOM_PROFILE_FIELDS',
 						'load_cpf_memberlist'	=> array('lang' => 'LOAD_CPF_MEMBERLIST',	'type' => 'radio:yes_no', 'explain' => false),
@@ -316,14 +297,14 @@ class acp_board
 					'title'	=> 'ACP_SECURITY_SETTINGS',
 					'vars'	=> array(
 						'legend1'				=> 'ACP_SECURITY_SETTINGS',
-						'allow_autologin'		=> array('lang' => 'ALLOW_AUTOLOGIN',	'type' => 'radio:yes_no', 'explain' => true),
-						'max_autologin_time'	=> array('lang' => 'AUTOLOGIN_LENGTH',	'type' => 'text:5:5', 'explain' => true),
-						'ip_check'				=> array('lang' => 'IP_VALID',			'type' => 'custom', 'method' => 'select_ip_check', 'explain' => true),
-						'browser_check'			=> array('lang' => 'BROWSER_VALID',		'type' => 'radio:yes_no', 'explain' => true),
-						'pass_complex'			=> array('lang' => 'PASSWORD_TYPE',		'type' => 'select', 'method' => 'select_password_chars', 'explain' => true),
-						'chg_passforce'			=> array('lang' => 'FORCE_PASS_CHANGE',	'type' => 'text:3:3', 'explain' => true),
-						'max_login_attempts'	=> array('lang' => 'MAX_LOGIN_ATTEMPTS','type' => 'text:3:3', 'explain' => true),
-						'tpl_allow_php'			=> array('lang' => 'TPL_ALLOW_PHP',		'type' => 'radio:yes_no', 'explain' => true),
+						'allow_autologin'		=> array('lang' => 'ALLOW_AUTOLOGIN',		'type' => 'radio:yes_no', 'explain' => true),
+						'max_autologin_time'	=> array('lang' => 'AUTOLOGIN_LENGTH',		'type' => 'text:5:5', 'explain' => true),
+						'ip_check'				=> array('lang' => 'IP_VALID',				'type' => 'custom', 'method' => 'select_ip_check', 'explain' => true),
+						'browser_check'			=> array('lang' => 'BROWSER_VALID',			'type' => 'radio:yes_no', 'explain' => true),
+						'pass_complex'			=> array('lang' => 'PASSWORD_TYPE',			'type' => 'select', 'method' => 'select_password_chars', 'explain' => true),
+						'chg_passforce'			=> array('lang' => 'FORCE_PASS_CHANGE',		'type' => 'text:3:3', 'explain' => true),
+						'max_login_attempts'	=> array('lang' => 'MAX_LOGIN_ATTEMPTS',	'type' => 'text:3:3', 'explain' => true),
+						'tpl_allow_php'			=> array('lang' => 'TPL_ALLOW_PHP',			'type' => 'radio:yes_no', 'explain' => true),
 					)
 				);
 			break;
@@ -363,7 +344,7 @@ class acp_board
 		}
 
 		$this->new_config = $config;
-		$cfg_array = (isset($_REQUEST['config'])) ? request_var('config', array('' => '')) : $this->new_config;
+		$cfg_array = (isset($_REQUEST['config'])) ? request_var('config', array('' => ''), true) : $this->new_config;
 
 		// We go through the display_vars to make sure no one is trying to set variables he/she is not allowed to...
 		foreach ($display_vars['vars'] as $config_name => $null)
@@ -417,7 +398,7 @@ class acp_board
 				{
 					include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx);
 
-					$method = 'admin_' . $method;
+					$method = 'acp_' . $method;
 					if (function_exists($method))
 					{
 						if ($fields = $method($this->new_config))
@@ -545,7 +526,7 @@ class acp_board
 			{
 				if ($method && file_exists($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx))
 				{
-					$method = 'admin_' . $method;
+					$method = 'acp_' . $method;
 					if (function_exists($method))
 					{
 						$fields = $method($this->new_config);
@@ -621,22 +602,12 @@ class acp_board
 		return '<option value="1"' . (($value == 1) ? ' selected="selected"' : '') . '>' . $user->lang['DELETE_OLDEST_MESSAGES'] . '</option><option value="2"' . (($value == 2) ? ' selected="selected"' : '') . '>' . $user->lang['HOLD_NEW_MESSAGES_SHORT'] . '</option>';
 	}
 
-	/**
-	* Select captcha pixel noise
-	*/
-	function captcha_pixel_noise_select($value, $key = '')
-	{
-		global $user;
-
-		return '<option value="0"' . (($value == 0) ? ' selected="selected"' : '') . '>' . $user->lang['NONE'] . '</option><option value="1"' . (($value == 1) ? ' selected="selected"' : '') . '>' . $user->lang['LIGHT'] . '</option><option value="2"' . (($value == 2) ? ' selected="selected"' : '') . '>' . $user->lang['MEDIUM'] . '</option><option value="3"' . (($value == 3) ? ' selected="selected"' : '') . '>' . $user->lang['HEAVY'] . '</option>';
-	}
-
 	/**
 	* Select ip validation
 	*/
 	function select_ip_check($value, $key = '')
 	{
-		$radio_ary = array(4 => 'ALL', 3 => 'CLASS_C', 2 => 'CLASS_B', 0 => 'NONE');
+		$radio_ary = array(4 => 'ALL', 3 => 'CLASS_C', 2 => 'CLASS_B', 0 => 'NO_IP_VALIDATION');
 
 		return h_radio('config[ip_check]', $radio_ary, $value, $key);
 	}

phpBB/includes/acp/acp_bots.php

@@ -96,7 +96,7 @@ class acp_bots
 					foreach ($_tables as $table)
 					{
 						$sql = "DELETE FROM $table
-							WHERE user_id IN (" . implode(', ', $user_id_ary) . ')';
+							WHERE " . $db->sql_in_set('user_id', $user_id_ary);
 						$db->sql_query($sql);
 					}
 

phpBB/includes/acp/acp_captcha.php

@@ -0,0 +1,113 @@
+<?php
+/** 
+*
+* @package acp
+* @version $Id$
+* @copyright (c) 2005 phpBB Group 
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License 
+*/
+
+/**
+* @package acp
+*/
+class acp_captcha
+{
+	var $u_action;
+
+	function main($id, $mode)
+	{
+		global $db, $user, $auth, $template;
+		global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx;
+
+		$user->add_lang('acp/board');
+
+		$config_vars = array('enable_confirm'			=> 'REG_ENABLE',
+						'enable_post_confirm'			=> 'POST_ENABLE',
+						'policy_overlap'				=> 'OVERLAP_ENABLE',
+						'policy_overlap_noise_pixel'	=> 'OVERLAP_NOISE_PIXEL',
+						'policy_overlap_noise_line'		=> 'OVERLAP_NOISE_LINE_ENABLE',
+						'policy_entropy'				=> 'ENTROPY_ENABLE',
+						'policy_entropy_noise_pixel'	=> 'ENTROPY_NOISE_PIXEL',
+						'policy_entropy_noise_line'		=> 'ENTROPY_NOISE_LINE_ENABLE',
+						'policy_shape'					=> 'SHAPE_ENABLE',
+						'policy_shape_noise_pixel'		=> 'SHAPE_NOISE_PIXEL',
+						'policy_shape_noise_line'		=> 'SHAPE_NOISE_LINE_ENABLE',
+						'policy_3dbitmap'				=> 'THREEDBITMAP_ENABLE',
+						'policy_cells'					=> 'CELLS_ENABLE',
+						'policy_stencil'				=> 'STENCIL_ENABLE',
+						'policy_composite'				=> 'COMPOSITE_ENABLE'
+					);
+
+		$policy_modules = array('policy_entropy', 'policy_3dbitmap', 'policy_overlap', 'policy_shape', 'policy_cells', 'policy_stencil', 'policy_composite');
+
+		switch ($mode)
+		{
+			case 'visual':
+				$this->tpl_name = 'acp_captcha';
+				$this->page_title = 'ACP_VC_SETTINGS';
+				$submit = request_var('submit', '');
+				if ($submit)
+				{
+					$config_vars = array_keys($config_vars);
+					foreach ($config_vars as $config_var)
+					{
+						set_config($config_var, request_var($config_var, ''));
+					}
+					trigger_error($user->lang['CONFIG_UPDATED'] . adm_back_link($this->u_action));
+				}
+				else
+				{
+					$array = array();
+
+					foreach ($config_vars as $config_var => $template_var)
+					{
+						$array[$template_var] = $config[$config_var];
+					}
+					$template->assign_vars($array);
+
+					
+					if (@extension_loaded('gd'))
+					{
+						$template->assign_var('GD', true);
+						foreach ($policy_modules as $module_name)
+						{
+							$template->assign_var('U_' . strtoupper($module_name), sprintf($user->lang['CAPTCHA_EXPLAIN'], '<a href="' . append_sid("{$phpbb_root_path}adm/index.$phpEx", 'i=captcha&amp;mode=img&amp;policy=' . $module_name) . '" target="_blank">', '</a>'));
+						}
+						if (function_exists('imagettfbbox') && function_exists('imagettftext'))
+						{
+							$template->assign_var('TTF', true);
+						}
+					}
+				}
+			break;
+
+			case 'img':
+				$policy = request_var('policy', '');
+
+				if (!@extension_loaded('gd'))
+				{
+					trigger_error($user->lang['NO_GD']);
+				}
+
+				if (!($policy === 'policy_entropy' || $policy === 'policy_3dbitmap') && (!function_exists('imagettfbbox') || !function_exists('imagettftext')))
+				{
+					trigger_error($user->lang['NO_TTF']);
+				}
+
+				if (!in_array($policy, $policy_modules))
+				{
+					trigger_error($user->lang['BAD_POLICY']);
+				}
+
+				$user->add_lang('ucp');
+
+				include($phpbb_root_path . 'includes/captcha/captcha_gd.' . $phpEx);
+
+				$captcha = new captcha();
+				$captcha->execute(gen_rand_string(), $policy);
+			break;
+		}
+	}
+}
+
+?>

phpBB/includes/acp/acp_database.php

@@ -68,7 +68,7 @@ class acp_database
 
 						@set_time_limit(1200);
 
-						$filename = time();
+						$filename = 'backup_' . time();
 
 						// We set up the info needed for our on-the-fly creation :D
 						switch ($format)
@@ -135,6 +135,7 @@ class acp_database
 						{
 							case 'sqlite':
 								$sql_data .= "BEGIN TRANSACTION;\n";
+								$sqlite_version = sqlite_libversion();
 							break;
 
 							case 'postgres':
@@ -143,7 +144,8 @@ class acp_database
 
 							case 'mssql':
 							case 'mssql_odbc':
-								$sql_data .= "BEGIN TRANSACTION\nGO\n";
+								$sql_data .= "BEGIN TRANSACTION\n";
+								$sql_data .= "GO\n";
 							break;
 						}
 
@@ -157,14 +159,26 @@ class acp_database
 									case 'mysqli':
 									case 'mysql4':
 									case 'mysql':
-									case 'sqlite':
 										$sql_data .= '# Table: ' . $table_name . "\n";
 										$sql_data .= "DROP TABLE IF EXISTS $table_name;\n";
 									break;
 									
 									case 'oracle':
 										$sql_data .= '# Table: ' . $table_name . "\n";
-										$sql_data .= "DROP TABLE $table_name;\n\\\n";
+										$sql_data .= "DROP TABLE $table_name;\n";
+										$sql_data .= '\\' . "\n";
+									break;
+
+									case 'sqlite':
+										$sql_data .= '# Table: ' . $table_name . "\n";
+										if (version_compare($sqlite_version, '3.0') == -1)
+										{
+											$sql_data .= "DROP TABLE $table_name;\n";
+										}
+										else
+										{
+											$sql_data .= "DROP TABLE IF EXISTS $table_name;\n";
+										}
 									break;
 
 									case 'postgres':
@@ -177,11 +191,33 @@ class acp_database
 									case 'mssql_odbc':
 										$sql_data .= '# Table: ' . $table_name . "\n";
 										$sql_data .= "IF OBJECT_ID(N'$table_name', N'U') IS NOT NULL\n";
-										$sql_data .= "DROP TABLE $table_name;\nGO\n";
+										$sql_data .= "DROP TABLE $table_name;\n";
+										$sql_data .= "GO\n";
 									break;
 								}
 								$sql_data .= $this->get_table_structure($table_name);
 							}
+							// We might wanna empty out all that junk :D
+							else
+							{
+								switch (SQL_LAYER)
+								{
+									case 'mysqli':
+									case 'mysql4':
+									case 'mysql':
+									case 'mssql':
+									case 'mssql_odbc':
+									case 'oracle':
+									case 'postgres':
+									case 'firebird':
+										$sql_data .= 'TRUNCATE TABLE ' . $table_name . ";\n";
+									break;
+									
+									case 'sqlite':
+										$sql_data .= 'DELETE FROM ' . $table_name . ";\n";
+									break;
+								}
+							}
 							// Now write the data for the first time. :)
 							if ($store == true)
 							{
@@ -211,7 +247,8 @@ class acp_database
 								{
 									case 'mysqli':
 
-										$sql = "SELECT * FROM $table_name";
+										$sql = "SELECT *
+											FROM $table_name";
 										$result = mysqli_query($db->db_connect_id, $sql, MYSQLI_USE_RESULT);
 										if ($result != false)
 										{
@@ -278,7 +315,8 @@ class acp_database
 									case 'mysql4':
 									case 'mysql':
 	
-										$sql = "SELECT * FROM $table_name";
+										$sql = "SELECT *
+											FROM $table_name";
 										$result = mysql_unbuffered_query($sql, $db->db_connect_id);
 
 										if ($result != false)
@@ -347,12 +385,48 @@ class acp_database
 									break;
 	
 									case 'sqlite':
+										// This is *not* my fault. The PHP guys forgot a call to finalize when they wrote this function. This forces all the tables to stay locked...
+										// They finally fixed it in 5.1.3 but 5.1.2 and under still have this so instead, we go and grab the column types by smashing open the sqlite_master table
+										// and grope around for things that remind us of datatypes...
+										if (version_compare(phpversion(), '5.1.3', '>='))
+										{
+											$col_types = sqlite_fetch_column_types($db->db_connect_id, $table_name);
+										}
+										else
+										{
+											$sql = "SELECT sql
+												FROM sqlite_master 
+												WHERE type = 'table' 
+													AND name = '" . $table_name . "'";
+											$table_data = sqlite_single_query($db->db_connect_id, $sql);
+											$table_data = preg_replace('#CREATE\s+TABLE\s+"?' . $table_name . '"?#i', '', $table_data);
+											$table_data = trim($table_data);
 
-										$col_types = sqlite_fetch_column_types($table_name, $db->db_connect_id);
-										$sql = "SELECT * FROM $table_name";
-										$result = $db->sql_query($sql);
+											preg_match('#\((.*)\)#s', $table_data, $matches);
 
-										while ($row = $db->sql_fetchrow($result))
+											$column_list = array();
+											$table_cols = explode(',', trim($matches[1]));
+											foreach($table_cols as $declaration)
+											{
+												$entities = preg_split('#\s+#', trim($declaration));
+												$column_name = preg_replace('/"?([^"]+)"?/', '\1', $entities[0]);
+
+												// Hit a primary key, those are not what we need :D
+												if (empty($entities[1]))
+												{
+													continue;
+												}
+												$col_types[$column_name] = $entities[1];
+											}
+										}
+
+										// Unbueffered query and the foreach make this ultra fast, we wait for nothing.
+										$sql = "SELECT *
+											FROM $table_name";
+										$result = sqlite_unbuffered_query($db->db_connect_id, $sql);
+										$rows = sqlite_fetch_all($result, SQLITE_ASSOC);
+
+										foreach ($rows as $row)
 										{
 											$names = $data = array();
 											foreach ($row as $row_name => $row_data)
@@ -405,7 +479,7 @@ class acp_database
 										
 										// Grab all of the data from current table.
 										$sql = "SELECT *
-											FROM {$table_name}";
+											FROM $table_name";
 										$result = $db->sql_query($sql);
 
 										$i_num_fields = pg_num_fields($result);
@@ -421,14 +495,14 @@ class acp_database
 												FROM pg_attrdef d, pg_class c
 												WHERE (c.relname = '{$table_name}')
 													AND (c.oid = d.adrelid)
-													AND d.adnum = " . strval($i+1);
+													AND d.adnum = " . strval($i + 1);
 											$result2 = $db->sql_query($sql);
 											if ($row = $db->sql_fetchrow($result2))
 											{
 												// Determine if we must reset the sequences
-												if (strpos($row['rowdefault'], 'nextval(\'') === 0)
+												if (strpos($row['rowdefault'], "nextval('") === 0)
 												{
-													$seq .= "SELECT SETVAL('{$table_name}_seq',(select case when max({$ary_name[$i]})>0 then max({$ary_name[$i]})+1 else 1 end from {$table_name}));\n";
+													$seq .= "SELECT SETVAL('{$table_name}_seq',(select case when max({$ary_name[$i]})>0 then max({$ary_name[$i]})+1 else 1 end FROM {$table_name}));\n";
 												}
 											}
 										}
@@ -476,7 +550,7 @@ class acp_database
 
 											// Take the ordered fields and their associated data and build it
 											// into a valid sql statement to recreate that field in the data.
-											$sql_data .= "INSERT INTO $table_name (" . implode(', ', $schema_fields) . ') VALUES(' . implode(', ', $schema_vals) . ");\n";
+											$sql_data .= "INSERT INTO $table_name (" . implode(', ', $schema_fields) . ') VALUES (' . implode(', ', $schema_vals) . ");\n";
 
 											if ($store == true)
 											{
@@ -526,7 +600,7 @@ class acp_database
 										
 										// Grab all of the data from current table.
 										$sql = "SELECT *
-											FROM {$table_name}";
+											FROM $table_name";
 										$result = $db->sql_query($sql);
 
 										$retrieved_data = odbc_num_rows($result);
@@ -534,8 +608,8 @@ class acp_database
 										if ($retrieved_data)
 										{
 											$sql = "SELECT 1 as has_identity
-														FROM INFORMATION_SCHEMA.COLUMNS
-														WHERE COLUMNPROPERTY(object_id('$table_name'), COLUMN_NAME, 'IsIdentity') = 1";
+												FROM INFORMATION_SCHEMA.COLUMNS
+												WHERE COLUMNPROPERTY(object_id('$table_name'), COLUMN_NAME, 'IsIdentity') = 1";
 											$result2 = $db->sql_query($sql);
 											$row2 = $db->sql_fetchrow($result2);
 											if (!empty($row2['has_identity']))
@@ -597,7 +671,7 @@ class acp_database
 
 											// Take the ordered fields and their associated data and build it
 											// into a valid sql statement to recreate that field in the data.
-											$sql_data .= "INSERT INTO $table_name (" . implode(', ', $schema_fields) . ') VALUES(' . implode(', ', $schema_vals) . ");\n";
+											$sql_data .= "INSERT INTO $table_name (" . implode(', ', $schema_fields) . ') VALUES (' . implode(', ', $schema_vals) . ");\n";
 
 											if ($store == true)
 											{
@@ -637,7 +711,7 @@ class acp_database
 										
 										// Grab all of the data from current table.
 										$sql = "SELECT *
-											FROM {$table_name}";
+											FROM $table_name";
 										$result = $db->sql_query($sql);
 
 										$retrieved_data = mssql_num_rows($result);
@@ -653,8 +727,8 @@ class acp_database
 										if ($retrieved_data)
 										{
 											$sql = "SELECT 1 as has_identity
-														FROM INFORMATION_SCHEMA.COLUMNS
-														WHERE COLUMNPROPERTY(object_id('$table_name'), COLUMN_NAME, 'IsIdentity') = 1";
+												FROM INFORMATION_SCHEMA.COLUMNS
+												WHERE COLUMNPROPERTY(object_id('$table_name'), COLUMN_NAME, 'IsIdentity') = 1";
 											$result2 = $db->sql_query($sql);
 											$row2 = $db->sql_fetchrow($result2);
 											if (!empty($row2['has_identity']))
@@ -708,7 +782,7 @@ class acp_database
 
 											// Take the ordered fields and their associated data and build it
 											// into a valid sql statement to recreate that field in the data.
-											$sql_data .= "INSERT INTO $table_name (" . implode(', ', $schema_fields) . ') VALUES(' . implode(', ', $schema_vals) . ");\n";
+											$sql_data .= "INSERT INTO $table_name (" . implode(', ', $schema_fields) . ') VALUES (' . implode(', ', $schema_vals) . ");\n";
 
 											if ($store == true)
 											{
@@ -748,7 +822,7 @@ class acp_database
 										
 										// Grab all of the data from current table.
 										$sql = "SELECT *
-											FROM {$table_name}";
+											FROM $table_name";
 										$result = $db->sql_query($sql);
 
 										$i_num_fields = ibase_num_fields($result);
@@ -803,7 +877,7 @@ class acp_database
 
 											// Take the ordered fields and their associated data and build it
 											// into a valid sql statement to recreate that field in the data.
-											$sql_data .= "INSERT INTO $table_name (" . implode(', ', $schema_fields) . ') VALUES(' . implode(', ', $schema_vals) . ");\n";
+											$sql_data .= "INSERT INTO $table_name (" . implode(', ', $schema_fields) . ') VALUES (' . implode(', ', $schema_vals) . ");\n";
 
 											if ($store == true)
 											{
@@ -833,7 +907,7 @@ class acp_database
 										
 										// Grab all of the data from current table.
 										$sql = "SELECT *
-											FROM {$table_name}";
+											FROM $table_name";
 										$result = $db->sql_query($sql);
 
 										$i_num_fields = ocinumcols($result);
@@ -887,7 +961,7 @@ class acp_database
 
 											// Take the ordered fields and their associated data and build it
 											// into a valid sql statement to recreate that field in the data.
-											$sql_data .= "INSERT INTO $table_name (" . implode(', ', $schema_fields) . ') VALUES(' . implode(', ', $schema_vals) . ");\n";
+											$sql_data .= "INSERT INTO $table_name (" . implode(', ', $schema_fields) . ') VALUES (' . implode(', ', $schema_vals) . ");\n";
 
 											if ($store == true)
 											{
@@ -987,9 +1061,9 @@ class acp_database
 							break;
 
 							case 'postgres':
-								$sql = "SELECT relname
+								$sql = 'SELECT relname
 									FROM pg_stat_user_tables
-									ORDER BY relname;";
+									ORDER BY relname';
 								$result = $db->sql_query($sql);
 								while ($row = $db->sql_fetchrow($result))
 								{
@@ -1088,7 +1162,7 @@ class acp_database
 						$delete = request_var('delete', '');
 						$file = request_var('file', '');
 
-						preg_match('#^(\d{10})\.(sql(?:\.(?:gz|bz2))?)$#', $file, $matches);
+						preg_match('#^(backup_\d{10,})\.(sql(?:\.(?:gz|bz2))?)$#', $file, $matches);
 						$file_name = $phpbb_root_path . 'store/' . $matches[0];
 
 						if (!(file_exists($file_name) && is_readable($file_name)))
@@ -1144,39 +1218,47 @@ class acp_database
 						{
 							// Strip out sql comments...
 							remove_remarks($data);
-							switch (SQL_LAYER)
+
+							// SQLite gets improved performance when you shove all of these disk write queries at once :D
+							if (SQL_LAYER == 'sqlite')
 							{
-								case 'firebird':
-									$delim = ';;';
-								break;
-
-								case 'mysql':
-								case 'mysql4':
-								case 'mysqli':
-								case 'sqlite':
-								case 'postgres':
-									$delim = ';';
-								break;
-
-								case 'oracle':
-									$delim = '/';
-								break;
-
-								case 'mssql':
-								case 'mssql-odbc':
-									$delim = 'GO';
-								break;
+								$db->sql_query($data);
 							}
-							$pieces = split_sql_file($data, $delim);
-
-							$sql_count = count($pieces);
-							for($i = 0; $i < $sql_count; $i++)
+							else
 							{
-								$sql = trim($pieces[$i]);
-
-								if (!empty($sql) && $sql[0] != '#')
+								switch (SQL_LAYER)
 								{
-									$db->sql_query($sql);
+									case 'firebird':
+										$delim = ';;';
+									break;
+
+									case 'mysql':
+									case 'mysql4':
+									case 'mysqli':
+									case 'postgres':
+										$delim = ';';
+									break;
+
+									case 'oracle':
+										$delim = '/';
+									break;
+
+									case 'mssql':
+									case 'mssql-odbc':
+										$delim = 'GO';
+									break;
+								}
+								$pieces = split_sql_file($data, $delim);
+
+								$sql_count = count($pieces);
+								for($i = 0; $i < $sql_count; $i++)
+								{
+									$sql = trim($pieces[$i]);
+
+									if (!empty($sql) && $sql[0] != '#')
+									{
+										$db->sql_query($sql);
+									}
 								}
 							}
 						}
@@ -1202,7 +1284,7 @@ class acp_database
 						$dh = opendir($dir);
 						while (($file = readdir($dh)) !== false)
 						{
-							if (preg_match('#^(\d{10})\.(sql(?:\.(?:gz|bz2))?)$#', $file, $matches))
+							if (preg_match('#^backup_(\d{10,})\.(sql(?:\.(?:gz|bz2))?)$#', $file, $matches))
 							{
 								$supported = in_array($matches[2], $methods);
 
@@ -1278,7 +1360,10 @@ class acp_database
 				}
 				$db->sql_freeresult($result);
 
-				$result = $db->sql_query("SHOW KEYS FROM $table_name");
+				$sql = "SHOW KEYS
+					FROM $table_name";
+
+				$result = $db->sql_query($sql);
 
 				$index = array();
 				while ($row = $db->sql_fetchrow($result))
@@ -1403,11 +1488,12 @@ class acp_database
 				// We don't even care about storing the results. We already know the answer if we get rows back.
 				if ($db->sql_fetchrow($result))
 				{
+					$sql_data .= "DROP SEQUENCE {$table_name}_seq;\n";
 					$sql_data .= "CREATE SEQUENCE {$table_name}_seq;\n";
 				}
 				$db->sql_freeresult($result);
 			
-				$field_query = "SELECT a.attnum, a.attname AS field, t.typname as type, a.attlen AS length, a.atttypmod as lengthvar, a.attnotnull as notnull
+				$field_query = "SELECT a.attnum, a.attname as field, t.typname as type, a.attlen as length, a.atttypmod as lengthvar, a.attnotnull as notnull
 					FROM pg_class c, pg_attribute a, pg_type t
 					WHERE c.relname = '" . $db->sql_escape($table_name) . "'
 						AND a.attnum > 0
@@ -1477,7 +1563,7 @@ class acp_database
 
 
 				// Get the listing of primary keys.
-				$sql_pri_keys = "SELECT ic.relname AS index_name, bc.relname AS tab_name, ta.attname AS column_name, i.indisunique AS unique_key, i.indisprimary AS primary_key
+				$sql_pri_keys = "SELECT ic.relname as index_name, bc.relname as tab_name, ta.attname as column_name, i.indisunique as unique_key, i.indisprimary as primary_key
 					FROM pg_class bc, pg_class ic, pg_index i, pg_attribute ta, pg_attribute ia
 					WHERE (bc.oid = i.indrelid)
 						AND (ic.oid = i.indexrelid)
@@ -1486,7 +1572,8 @@ class acp_database
 						AND (bc.relname = '" . $db->sql_escape($table_name) . "')
 						AND (ta.attrelid = i.indrelid)
 						AND (ta.attnum = i.indkey[ia.attnum-1])
-					ORDER BY index_name, tab_name, column_name ";
+					ORDER BY index_name, tab_name, column_name";
+
 				$result = $db->sql_query($sql_pri_keys);
 
 				$index_create = $index_rows = $primary_key = array();
@@ -1599,7 +1686,7 @@ class acp_database
 
 					if ($row['COLUMN_DEFAULT'])
 					{
-						$line .= ' CONSTRAINT [DF_' . $table_name . '_' . $row['COLUMN_NAME'] . '] DEFAULT ' . $row['COLUMN_DEFAULT'];
+						$line .= ' DEFAULT ' . $row['COLUMN_DEFAULT'];
 					}
 
 					$rows[] = $line;
@@ -1666,7 +1753,7 @@ class acp_database
 
 				$sql_data .= "\nCREATE TABLE $table_name (\n";
 
-				$sql  = 'SELECT DISTINCT R.RDB$FIELD_NAME AS FNAME, R.RDB$NULL_FLAG AS NFLAG, R.RDB$DEFAULT_SOURCE AS DSOURCE, F.RDB$FIELD_TYPE AS FTYPE, F.RDB$FIELD_SUB_TYPE AS STYPE, F.RDB$FIELD_LENGTH AS FLEN
+				$sql  = 'SELECT DISTINCT R.RDB$FIELD_NAME as FNAME, R.RDB$NULL_FLAG as NFLAG, R.RDB$DEFAULT_SOURCE as DSOURCE, F.RDB$FIELD_TYPE as FTYPE, F.RDB$FIELD_SUB_TYPE as STYPE, F.RDB$FIELD_LENGTH as FLEN
 					FROM RDB$RELATION_FIELDS R
 					JOIN RDB$FIELDS F ON R.RDB$FIELD_SOURCE=F.RDB$FIELD_NAME
 					LEFT JOIN RDB$FIELD_DIMENSIONS D ON R.RDB$FIELD_SOURCE = D.RDB$FIELD_NAME
@@ -1727,7 +1814,7 @@ class acp_database
 
 				$db->sql_freeresult($result);
 
-				$sql = 'SELECT I.RDB$INDEX_NAME AS INAME, I.RDB$UNIQUE_FLAG AS UFLAG, S.RDB$FIELD_NAME AS FNAME
+				$sql = 'SELECT I.RDB$INDEX_NAME as INAME, I.RDB$UNIQUE_FLAG as UFLAG, S.RDB$FIELD_NAME as FNAME
 					FROM RDB$INDICES I JOIN RDB$INDEX_SEGMENTS S ON S.RDB$INDEX_NAME=I.RDB$INDEX_NAME
 					WHERE (I.RDB$SYSTEM_FLAG IS NULL  OR  I.RDB$SYSTEM_FLAG=0)
 						AND I.RDB$FOREIGN_KEY IS NULL
@@ -1771,7 +1858,7 @@ class acp_database
 				$result = $db->sql_query($sql);
 				while ($row = $db->sql_fetchrow($result))
 				{
-					$sql = 'SELECT T1.RDB$DEPENDED_ON_NAME AS GEN, T1.RDB$FIELD_NAME, T1.RDB$DEPENDED_ON_TYPE
+					$sql = 'SELECT T1.RDB$DEPENDED_ON_NAME as GEN, T1.RDB$FIELD_NAME, T1.RDB$DEPENDED_ON_TYPE
 						FROM RDB$DEPENDENCIES T1
 						WHERE (T1.RDB$DEPENDENT_NAME = \'' . $row['dname'] . '\')
 							AND (T1.RDB$DEPENDENT_TYPE = 2 AND T1.RDB$DEPENDED_ON_TYPE = 14)
@@ -1800,7 +1887,9 @@ class acp_database
 			case 'oracle':
 				$sql_data .= "\nCREATE TABLE $table_name (\n";
 
-				$sql  = "SELECT COLUMN_NAME, DATA_TYPE, DATA_PRECISION, DATA_LENGTH, NULLABLE, DATA_DEFAULT from ALL_TAB_COLS where table_name = '{$table_name}'";
+				$sql  = "SELECT COLUMN_NAME, DATA_TYPE, DATA_PRECISION, DATA_LENGTH, NULLABLE, DATA_DEFAULT
+					FROM ALL_TAB_COLS
+					WHERE table_name = '{$table_name}'";
 				$result = $db->sql_query($sql);
 
 				$rows = array();

phpBB/includes/acp/acp_email.php

@@ -55,13 +55,11 @@ class acp_email
 			{
 				if ($usernames)
 				{
-					$usernames = implode(', ', preg_replace('#^[\s]*?(.*?)[\s]*?$#e', "\"'\" . \$db->sql_escape('\\1') . \"'\"", explode("\n", $usernames)));
-
 					$sql = 'SELECT username, user_email, user_jabber, user_notify_type, user_lang 
-						FROM ' . USERS_TABLE . " 
-						WHERE username IN ($usernames)
+						FROM ' . USERS_TABLE . '
+						WHERE ' . $db->sql_in_set('username', explode("\n", $usernames)) . '
 							AND user_allow_massemail = 1
-						ORDER BY user_lang, user_notify_type"; // , SUBSTRING(user_email FROM INSTR(user_email, '@'))
+						ORDER BY user_lang, user_notify_type'; // , SUBSTRING(user_email FROM INSTR(user_email, '@'))
 				}
 				else
 				{
@@ -85,10 +83,10 @@ class acp_email
 				}
 				$result = $db->sql_query($sql);
 				$row = $db->sql_fetchrow($result);
-				$db->sql_freeresult($result);
 
 				if (!$row)
 				{
+					$db->sql_freeresult($result);
 					trigger_error($user->lang['NO_USER'] . adm_back_link($this->u_action));
 				}
 	
@@ -121,7 +119,7 @@ class acp_email
 						$email_list[$j][$i]['jabber']	= $row['user_jabber'];
 						$i++;
 					}
-				} 
+				}
 				while ($row = $db->sql_fetchrow($result));
 				$db->sql_freeresult($result);
 
@@ -159,6 +157,7 @@ class acp_email
 					$messenger->assign_vars(array(
 						'SITENAME'		=> $config['sitename'],
 						'CONTACT_EMAIL' => $config['board_contact'],
+						'EMAIL_SIG'		=> str_replace('<br />', "\n", "-- \n" . $config['board_email_sig']),
 						'MESSAGE'		=> html_entity_decode($message))
 					);
 	

phpBB/includes/acp/acp_forums.php

@@ -99,10 +99,12 @@ class acp_forums
 						'forum_link_track'		=> request_var('forum_link_track', false),
 						'forum_desc'			=> request_var('forum_desc', '', true),
 						'forum_desc_uid'		=> '',
-						'forum_desc_bitfield'	=> 0,
+						'forum_desc_options'	=> 0,
+						'forum_desc_bitfield'	=> '',
 						'forum_rules'			=> request_var('forum_rules', '', true),
 						'forum_rules_uid'		=> '',
-						'forum_rules_bitfield'	=> 0,
+						'forum_rules_options'	=> 0,
+						'forum_rules_bitfield'	=> '',
 						'forum_rules_link'		=> request_var('forum_rules_link', ''),
 						'forum_image'			=> request_var('forum_image', ''),
 						'forum_style'			=> request_var('forum_style', 0),
@@ -111,6 +113,7 @@ class acp_forums
 						'enable_indexing'		=> request_var('enable_indexing',true), 
 						'enable_icons'			=> request_var('enable_icons', false),
 						'enable_prune'			=> request_var('enable_prune', false),
+						'enable_post_review'	=> request_var('enable_post_review', true),
 						'prune_days'			=> request_var('prune_days', 7),
 						'prune_viewed'			=> request_var('prune_viewed', 7),
 						'prune_freq'			=> request_var('prune_freq', 1),
@@ -126,13 +129,13 @@ class acp_forums
 					// Get data for forum rules if specified...
 					if ($forum_data['forum_rules'])
 					{
-						generate_text_for_storage($forum_data['forum_rules'], $forum_data['forum_rules_uid'], $forum_data['forum_rules_bitfield'], request_var('rules_parse_bbcode', false), request_var('rules_parse_urls', false), request_var('rules_parse_smilies', false));
+						generate_text_for_storage($forum_data['forum_rules'], $forum_data['forum_rules_uid'], $forum_data['forum_rules_bitfield'], $forum_data['forum_rules_options'], request_var('rules_parse_bbcode', false), request_var('rules_parse_urls', false), request_var('rules_parse_smilies', false));
 					}
 
 					// Get data for forum description if specified
 					if ($forum_data['forum_desc'])
 					{
-						generate_text_for_storage($forum_data['forum_desc'], $forum_data['forum_desc_uid'], $forum_data['forum_desc_bitfield'], request_var('desc_parse_bbcode', false), request_var('desc_parse_urls', false), request_var('desc_parse_smilies', false));
+						generate_text_for_storage($forum_data['forum_desc'], $forum_data['forum_desc_uid'], $forum_data['forum_desc_bitfield'], $forum_data['forum_desc_options'], request_var('desc_parse_bbcode', false), request_var('desc_parse_urls', false), request_var('desc_parse_smilies', false));
 					}
 
 					$errors = $this->update_forum_data($forum_data);
@@ -142,8 +145,20 @@ class acp_forums
 						$forum_perm_from = request_var('forum_perm_from', 0);
 
 						// Copy permissions?
-						if ($forum_perm_from && $action == 'add')
+						if ($forum_perm_from)
 						{
+							// if we edit a forum delete current permissions first
+							if ($action == 'edit')
+							{
+								$sql = 'DELETE FROM ' . ACL_USERS_TABLE . '
+									WHERE forum_id = ' . (int) $forum_data['forum_id'];
+								$db->sql_query($sql);
+	
+								$sql = 'DELETE FROM ' . ACL_GROUPS_TABLE . '
+									WHERE forum_id = ' . (int) $forum_data['forum_id'];
+								$db->sql_query($sql);
+							}
+
 							// From the mysql documentation:
 							// Prior to MySQL 4.0.14, the target table of the INSERT statement cannot appear in the FROM clause of the SELECT part of the query. This limitation is lifted in 4.0.14.
 							// Due to this we stay on the safe side if we do the insertion "the manual way"
@@ -281,7 +296,7 @@ class acp_forums
 					trigger_error($user->lang['NO_FORUM'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id));
 				}
 
-				$sql = 'SELECT forum_name
+				$sql = 'SELECT forum_name, forum_type
 					FROM ' . FORUMS_TABLE . "
 					WHERE forum_id = $forum_id";
 				$result = $db->sql_query($sql);
@@ -306,12 +321,13 @@ class acp_forums
 
 				if ($update)
 				{
-					$forum_data['forum_flags']	= 0;
-					$forum_data['forum_flags']	+= (request_var('forum_link_track', false)) ? 1 : 0;
-					$forum_data['forum_flags']	+= (request_var('prune_old_polls', false)) ? 2 : 0;
-					$forum_data['forum_flags']	+= (request_var('prune_announce', false)) ? 4 : 0;
-					$forum_data['forum_flags']	+= (request_var('prune_sticky', false)) ? 8 : 0;
-					$forum_data['forum_flags']	+= ($forum_data['show_active']) ? 16 : 0;
+					$forum_data['forum_flags'] = 0;
+					$forum_data['forum_flags'] += (request_var('forum_link_track', false)) ? 1 : 0;
+					$forum_data['forum_flags'] += (request_var('prune_old_polls', false)) ? 2 : 0;
+					$forum_data['forum_flags'] += (request_var('prune_announce', false)) ? 4 : 0;
+					$forum_data['forum_flags'] += (request_var('prune_sticky', false)) ? 8 : 0;
+					$forum_data['forum_flags'] += ($forum_data['show_active']) ? 16 : 0;
+					$forum_data['forum_flags'] += (request_var('enable_post_review', true)) ? 32 : 0;
 				}
 
 				// Show form to create/modify a forum
@@ -326,7 +342,20 @@ class acp_forums
 						$forum_data = $row;
 					}
 
-					$parents_list = make_forum_select($forum_data['parent_id'], $forum_id, false, false, false);
+					// Make sure there is no forum displayed for parents_list having the current forum id as a parent...
+					$sql = 'SELECT forum_id
+						FROM ' . FORUMS_TABLE . '
+						WHERE parent_id = ' . $forum_id;
+					$result = $db->sql_query($sql);
+
+					$exclude_forums = array($forum_id);
+					while ($row = $db->sql_fetchrow($result))
+					{
+						$exclude_forums[] = $row['forum_id'];
+					}
+					$db->sql_freeresult($result);
+
+					$parents_list = make_forum_select($forum_data['parent_id'], $exclude_forums, false, false, false);
 
 					$forum_data['forum_password_confirm'] = $forum_data['forum_password'];
 				}
@@ -390,16 +419,17 @@ class acp_forums
 					{
 						// Before we are able to display the preview and plane text, we need to parse our request_var()'d value...
 						$forum_data['forum_rules_uid'] = '';
-						$forum_data['forum_rules_bitfield'] = 0;
+						$forum_data['forum_rules_bitfield'] = '';
+						$forum_data['forum_rules_options'] = 0;
 
-						generate_text_for_storage($forum_data['forum_rules'], $forum_data['forum_rules_uid'], $forum_data['forum_rules_bitfield'], request_var('rules_allow_bbcode', false), request_var('rules_allow_urls', false), request_var('rules_allow_smiliess', false));
+						generate_text_for_storage($forum_data['forum_rules'], $forum_data['forum_rules_uid'], $forum_data['forum_rules_bitfield'], $forum_data['forum_rules_options'], request_var('rules_allow_bbcode', false), request_var('rules_allow_urls', false), request_var('rules_allow_smiliess', false));
 					}
 
 					// Generate preview content
-					$forum_rules_preview = generate_text_for_display($forum_data['forum_rules'], $forum_data['forum_rules_uid'], $forum_data['forum_rules_bitfield']);
+					$forum_rules_preview = generate_text_for_display($forum_data['forum_rules'], $forum_data['forum_rules_uid'], $forum_data['forum_rules_bitfield'], $forum_data['forum_rules_options']);
 
 					// decode...
-					$forum_rules_data = generate_text_for_edit($forum_data['forum_rules'], $forum_data['forum_rules_uid'], $forum_data['forum_rules_bitfield']);
+					$forum_rules_data = generate_text_for_edit($forum_data['forum_rules'], $forum_data['forum_rules_uid'], $forum_data['forum_rules_options']);
 				}
 
 				// Parse desciption if specified
@@ -409,13 +439,14 @@ class acp_forums
 					{
 						// Before we are able to display the preview and plane text, we need to parse our request_var()'d value...
 						$forum_data['forum_desc_uid'] = '';
-						$forum_data['forum_desc_bitfield'] = 0;
+						$forum_data['forum_desc_bitfield'] = '';
+						$forum_data['forum_desc_options'] = 0;
 
-						generate_text_for_storage($forum_data['forum_desc'], $forum_data['forum_desc_uid'], $forum_data['forum_desc_bitfield'], request_var('desc_allow_bbcode', false), request_var('desc_allow_urls', false), request_var('desc_allow_smiliess', false));
+						generate_text_for_storage($forum_data['forum_desc'], $forum_data['forum_desc_uid'], $forum_data['forum_desc_bitfield'], $forum_data['forum_desc_options'], request_var('desc_allow_bbcode', false), request_var('desc_allow_urls', false), request_var('desc_allow_smiliess', false));
 					}
 
 					// decode...
-					$forum_desc_data = generate_text_for_edit($forum_data['forum_desc'], $forum_data['forum_desc_uid'], $forum_data['forum_desc_bitfield']);
+					$forum_desc_data = generate_text_for_edit($forum_data['forum_desc'], $forum_data['forum_desc_uid'], $forum_data['forum_desc_options']);
 				}
 
 				$forum_type_options = '';
@@ -468,8 +499,9 @@ class acp_forums
 					'U_BACK'		=> $this->u_action . '&parent_id=' . $this->parent_id,
 					'U_EDIT_ACTION'	=> $this->u_action . "&parent_id={$this->parent_id}&action=$action&f=$forum_id",
 
-					'L_TITLE'				=> $user->lang[$this->page_title],
-					'ERROR_MSG'				=> (sizeof($errors)) ? implode('<br />', $errors) : '',
+					'L_COPY_PERMISSIONS_EXPLAIN'	=> $user->lang['COPY_PERMISSIONS_' . strtoupper($action) . '_EXPLAIN'],
+					'L_TITLE'						=> $user->lang[$this->page_title],
+					'ERROR_MSG'						=> (sizeof($errors)) ? implode('<br />', $errors) : '',
 
 					'FORUM_NAME'				=> $forum_data['forum_name'],
 					'FORUM_DATA_LINK'			=> $forum_data['forum_link'],
@@ -501,21 +533,22 @@ class acp_forums
 					'S_STATUS_OPTIONS'			=> $statuslist,
 					'S_PARENT_OPTIONS'			=> $parents_list,
 					'S_STYLES_OPTIONS'			=> $styles_list,
-					'S_FORUM_OPTIONS'			=> make_forum_select(false, false, false),
+					'S_FORUM_OPTIONS'			=> make_forum_select(($action == 'add') ? $forum_data['parent_id'] : false, false, false, false, false),
 					'S_SHOW_DISPLAY_ON_INDEX'	=> $s_show_display_on_index,
 					'S_FORUM_POST'				=> ($forum_data['forum_type'] == FORUM_POST) ? true : false,
 					'S_FORUM_ORIG_POST'			=> (isset($old_forum_type) && $old_forum_type == FORUM_POST) ? true : false,
 					'S_FORUM_LINK'				=> ($forum_data['forum_type'] == FORUM_LINK) ? true : false,
 					'S_FORUM_CAT'				=> ($forum_data['forum_type'] == FORUM_CAT) ? true : false,
-					'S_FORUM_LINK_TRACK'		=> ($forum_data['forum_flags'] & 1) ? true : false,
 					'S_ENABLE_INDEXING'			=> ($forum_data['enable_indexing']) ? true : false,
 					'S_TOPIC_ICONS'				=> ($forum_data['enable_icons']) ? true : false,
 					'S_DISPLAY_ON_INDEX'		=> ($forum_data['display_on_index']) ? true : false,
 					'S_PRUNE_ENABLE'			=> ($forum_data['enable_prune']) ? true : false,
+					'S_FORUM_LINK_TRACK'		=> ($forum_data['forum_flags'] & 1) ? true : false,
 					'S_PRUNE_OLD_POLLS'			=> ($forum_data['forum_flags'] & 2) ? true : false,
 					'S_PRUNE_ANNOUNCE'			=> ($forum_data['forum_flags'] & 4) ? true : false,
 					'S_PRUNE_STICKY'			=> ($forum_data['forum_flags'] & 8) ? true : false,
 					'S_DISPLAY_ACTIVE_TOPICS'	=> ($forum_data['forum_flags'] & 16) ? true : false,
+					'S_ENABLE_POST_REVIEW'		=> ($forum_data['forum_flags'] & 32) ? true : false,
 					)
 				);
 
@@ -645,7 +678,7 @@ class acp_forums
 				$template->assign_block_vars('forums', array(
 					'FOLDER_IMAGE'		=> $folder_image,
 					'FORUM_NAME'		=> $row['forum_name'],
-					'FORUM_DESCRIPTION'	=> generate_text_for_display($row['forum_desc'], $row['forum_desc_uid'], $row['forum_desc_bitfield']),
+					'FORUM_DESCRIPTION'	=> generate_text_for_display($row['forum_desc'], $row['forum_desc_uid'], $row['forum_desc_bitfield'], $row['forum_desc_options']),
 					'FORUM_TOPICS'		=> $row['forum_topics'],
 					'FORUM_POSTS'		=> $row['forum_posts'],
 
@@ -744,12 +777,14 @@ class acp_forums
 		// 4 = prune announcements
 		// 8 = prune stickies
 		// 16 = show active topics
+		// 32 = enable post review
 		$forum_data['forum_flags'] = 0;
 		$forum_data['forum_flags'] += ($forum_data['forum_link_track']) ? 1 : 0;
 		$forum_data['forum_flags'] += ($forum_data['prune_old_polls']) ? 2 : 0;
 		$forum_data['forum_flags'] += ($forum_data['prune_announce']) ? 4 : 0;
 		$forum_data['forum_flags'] += ($forum_data['prune_sticky']) ? 8 : 0;
 		$forum_data['forum_flags'] += ($forum_data['show_active']) ? 16 : 0;
+		$forum_data['forum_flags'] += ($forum_data['enable_post_review']) ? 32 : 0;
 
 		// Unset data that are not database fields
 		$forum_data_sql = $forum_data;
@@ -759,6 +794,7 @@ class acp_forums
 		unset($forum_data_sql['prune_announce']);
 		unset($forum_data_sql['prune_sticky']);
 		unset($forum_data_sql['show_active']);
+		unset($forum_data_sql['enable_post_review']);
 		unset($forum_data_sql['forum_password_confirm']);
 
 		// What are we going to do tonight Brain? The same thing we do everynight,
@@ -935,14 +971,14 @@ class acp_forums
 			$sql = 'UPDATE ' . FORUMS_TABLE . "
 				SET right_id = right_id + $diff, forum_parents = ''
 				WHERE " . $to_data['right_id'] . ' BETWEEN left_id AND right_id
-					AND forum_id NOT IN (' . implode(', ', $moved_ids) . ')';
+					AND ' . $db->sql_in_set('forum_id', $moved_ids, true);
 			$db->sql_query($sql);
 
 			// Resync the righthand side of the tree
 			$sql = 'UPDATE ' . FORUMS_TABLE . "
 				SET left_id = left_id + $diff, right_id = right_id + $diff, forum_parents = ''
 				WHERE left_id > " . $to_data['right_id'] . '
-					AND forum_id NOT IN (' . implode(', ', $moved_ids) . ')';
+					AND ' . $db->sql_in_set('forum_id', $moved_ids, true);
 			$db->sql_query($sql);
 
 			// Resync moved branch
@@ -961,7 +997,7 @@ class acp_forums
 		{
 			$sql = 'SELECT MAX(right_id) AS right_id
 				FROM ' . FORUMS_TABLE . '
-				WHERE forum_id NOT IN (' . implode(', ', $moved_ids) . ')';
+				WHERE ' . $db->sql_in_set('forum_id', $moved_ids, true);
 			$result = $db->sql_query($sql);
 			$row = $db->sql_fetchrow($result);
 			$db->sql_freeresult($result);
@@ -971,7 +1007,7 @@ class acp_forums
 
 		$sql = 'UPDATE ' . FORUMS_TABLE . "
 			SET left_id = left_id $diff, right_id = right_id $diff, forum_parents = ''
-			WHERE forum_id IN (" . implode(', ', $moved_ids) . ')';
+			WHERE " . $db->sql_in_set('forum_id', $moved_ids);
 		$db->sql_query($sql);
 	}
 
@@ -982,7 +1018,7 @@ class acp_forums
 	{
 		global $db;
 
-		$table_ary = array(LOG_TABLE, POSTS_TABLE, TOPICS_TABLE, DRAFTS_TABLE, TOPICS_TRACK_TABLE);
+		$table_ary = array(ACL_GROUPS_TABLE, ACL_USERS_TABLE, LOG_TABLE, POSTS_TABLE, TOPICS_TABLE, DRAFTS_TABLE, TOPICS_TRACK_TABLE);
 
 		foreach ($table_ary as $table)
 		{
@@ -1023,6 +1059,7 @@ class acp_forums
 
 		$errors = array();
 		$log_action_posts = $log_action_forums = $posts_to_name = $subforums_to_name = '';
+		$forum_ids = array($forum_id);
 
 		if ($action_posts == 'delete')
 		{
@@ -1066,8 +1103,6 @@ class acp_forums
 		if ($action_subforums == 'delete')
 		{
 			$log_action_forums = 'FORUMS';
-
-			$forum_ids = array($forum_id);
 			$rows = get_forum_branch($forum_id, 'children', 'descending', false);
 
 			foreach ($rows as $row)
@@ -1084,7 +1119,7 @@ class acp_forums
 			$diff = sizeof($forum_ids) * 2;
 
 			$sql = 'DELETE FROM ' . FORUMS_TABLE . '
-				WHERE forum_id IN (' . implode(', ', $forum_ids) . ')';
+				WHERE ' . $db->sql_in_set('forum_id', $forum_ids);
 			$db->sql_query($sql);
 		}
 		else if ($action_subforums == 'move')
@@ -1159,11 +1194,6 @@ class acp_forums
 			WHERE left_id > {$forum_data['right_id']}";
 		$db->sql_query($sql);
 
-		if (!isset($forum_ids) || !is_array($forum_ids))
-		{
-			$forum_ids = array($forum_id);
-		}
-
 		// Delete forum ids from extension groups table
 		$sql = 'SELECT group_id, allowed_forums 
 			FROM ' . EXTENSION_GROUPS_TABLE;
@@ -1332,11 +1362,10 @@ class acp_forums
 						if (sizeof($ids))
 						{
 							$start += sizeof($ids);
-							$id_list = implode(', ', $ids);
 
 							foreach ($tables as $table)
 							{
-								$db->sql_query("DELETE FROM $table WHERE $field IN ($id_list)");
+								$db->sql_query("DELETE FROM $table WHERE " . $db->sql_in_set($field, $id_list));
 							}
 						}
 					}
@@ -1364,6 +1393,43 @@ class acp_forums
 
 		$db->sql_transaction('commit');
 
+		// Make sure the overall post/topic count is correct...
+		$sql = 'SELECT COUNT(post_id) AS stat 
+			FROM ' . POSTS_TABLE . '
+			WHERE post_approved = 1';
+		$result = $db->sql_query($sql);
+		$row = $db->sql_fetchrow($result);
+		$db->sql_freeresult($result);
+
+		set_config('num_posts', (int) $row['stat'], true);
+
+		$sql = 'SELECT COUNT(topic_id) AS stat
+			FROM ' . TOPICS_TABLE . '
+			WHERE topic_approved = 1';
+		$result = $db->sql_query($sql);
+		$row = $db->sql_fetchrow($result);
+		$db->sql_freeresult($result);
+
+		set_config('num_topics', (int) $row['stat'], true);
+
+		$sql = 'SELECT COUNT(attach_id) as stat
+			FROM ' . ATTACHMENTS_TABLE;
+		$result = $db->sql_query($sql);
+		$row = $db->sql_fetchrow($result);
+		$db->sql_freeresult($result);
+
+		set_config('num_files', (int) $row['stat'], true);
+
+		$sql = 'SELECT SUM(filesize) as stat
+			FROM ' . ATTACHMENTS_TABLE;
+		$result = $db->sql_query($sql);
+		$row = $db->sql_fetchrow($result);
+		$db->sql_freeresult($result);
+
+		set_config('upload_dir_size', (int) $row['stat'], true);
+
+		add_log('admin', 'LOG_RESYNC_STATS');
+
 		return array();
 	}
 

phpBB/includes/acp/acp_groups.php

@@ -85,7 +85,7 @@ class acp_groups
 					break;
 				}
 
-				trigger_error($user->lang[$message] . adm_back_link($this->u_action));
+				trigger_error($user->lang[$message] . adm_back_link($this->u_action . '&action=list&g=' . $group_id));
 			break;
 
 			case 'default':
@@ -134,7 +134,7 @@ class acp_groups
 						group_user_attributes('default', $group_id, $mark_ary, false, $group_row['group_name'], $group_row);
 					}
 
-					trigger_error($user->lang['GROUP_DEFS_UPDATED'] . adm_back_link($this->u_action));
+					trigger_error($user->lang['GROUP_DEFS_UPDATED'] . adm_back_link($this->u_action . '&action=list&g=' . $group_id));
 				}
 				else
 				{
@@ -176,13 +176,15 @@ class acp_groups
 						break;
 					}
 
+					$back_link = ($action == 'delete') ? $this->u_action : $this->u_action . '&action=list&g=' . $group_id;
+
 					if ($error)
 					{
-						trigger_error($user->lang[$error] . adm_back_link($this->u_action));
+						trigger_error($user->lang[$error] . adm_back_link($back_link));
 					}
 
 					$message = ($action == 'delete') ? 'GROUP_DELETED' : 'GROUP_USERS_REMOVE';
-					trigger_error($user->lang[$message] . adm_back_link($this->u_action));
+					trigger_error($user->lang[$message] . adm_back_link($back_link));
 				}
 				else
 				{
@@ -204,7 +206,7 @@ class acp_groups
 
 				if (!$name_ary)
 				{
-					trigger_error($user->lang['NO_USERS'] . adm_back_link($this->u_action));
+					trigger_error($user->lang['NO_USERS'] . adm_back_link($this->u_action . '&action=list&g=' . $group_id));
 				}
 
 				$name_ary = array_unique(explode("\n", $name_ary));
@@ -212,11 +214,11 @@ class acp_groups
 				// Add user/s to group
 				if ($error = group_user_add($group_id, false, $name_ary, $group_row['group_name'], $default, $leader, 0, $group_row))
 				{
-					trigger_error($user->lang[$error] . adm_back_link($this->u_action));
+					trigger_error($user->lang[$error] . adm_back_link($this->u_action . '&action=list&g=' . $group_id));
 				}
 
 				$message = ($action == 'addleaders') ? 'GROUP_MODS_ADDED' : 'GROUP_USERS_ADDED';
-				trigger_error($user->lang[$message] . adm_back_link($this->u_action));
+				trigger_error($user->lang[$message] . adm_back_link($this->u_action . '&action=list&g=' . $group_id));
 			break;
 
 			case 'edit':
@@ -418,7 +420,7 @@ class acp_groups
 				else
 				{
 					$group_name = $group_row['group_name'];
-					$group_desc_data = generate_text_for_edit($group_row['group_desc'], $group_row['group_desc_uid'], $group_row['group_desc_bitfield']);
+					$group_desc_data = generate_text_for_edit($group_row['group_desc'], $group_row['group_desc_uid'], $group_row['group_desc_options']);
 					$group_type = $group_row['group_type'];
 					$group_rank = $group_row['group_rank'];
 				}
@@ -607,10 +609,12 @@ class acp_groups
 
 					'S_ON_PAGE'		=> on_page($total_members, $config['topics_per_page'], $start),
 					'PAGINATION'	=> generate_pagination($this->u_action . "&action=$action&g=$group_id", $total_members, $config['topics_per_page'], $start, true),
+					'GROUP_NAME'	=> ($group_row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $group_row['group_name']] : $group_row['group_name'],
 
 					'U_ACTION'			=> $this->u_action . "&g=$group_id",
 					'U_BACK'			=> $this->u_action,
-					'U_FIND_USERNAME'	=> append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=list&field=usernames'))
+					'U_FIND_USERNAME'	=> append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=list&field=usernames'),
+					'U_DEFAULT_ALL'		=> "{$this->u_action}&action=default&g=$group_id")
 				);
 
 				foreach ($group_data['leader'] as $row)
@@ -701,7 +705,6 @@ class acp_groups
 				
 				$template->assign_block_vars('groups', array(
 					'U_LIST'		=> "{$this->u_action}&action=list&g=$group_id",
-					'U_DEFAULT'		=> "{$this->u_action}&action=default&g=$group_id",
 					'U_EDIT'		=> "{$this->u_action}&action=edit&g=$group_id",
 					'U_DELETE'		=> ($auth->acl_get('a_groupdel')) ? "{$this->u_action}&action=delete&g=$group_id" : '',
 

phpBB/includes/acp/acp_icons.php

@@ -108,44 +108,41 @@ class acp_icons
 					ORDER BY {$fields}_order " . (($icon_id || $action == 'add') ? 'DESC' : 'ASC');
 				$result = $db->sql_query($sql);
 
-				if ($row = $db->sql_fetchrow($result))
+				while ($row = $db->sql_fetchrow($result))
 				{
-					do
+					if ($action == 'add')
 					{
-						if ($action == 'add')
-						{
-							unset($_images[$row[$fields . '_url']]);
-						}
+						unset($_images[$row[$fields . '_url']]);
+					}
 
-						if ($row[$fields . '_id'] == $icon_id)
+					if ($row[$fields . '_id'] == $icon_id)
+					{
+						$after = true;
+						$data[$row[$fields . '_url']] = $row;
+					}
+					else
+					{
+						if ($action == 'edit' && !$icon_id)
 						{
-							$after = true;
 							$data[$row[$fields . '_url']] = $row;
 						}
-						else
-						{
-							if ($action == 'edit' && !$icon_id)
-							{
-								$data[$row[$fields . '_url']] = $row;
-							}
-							
-							$selected = '';
-							if (!empty($after))
-							{
-								$selected = ' selected="selected"';
-								$after = false;
-							}
 
-							$after_txt = ($mode == 'smilies') ? $row['code'] : $row['icons_url'];
-							$order_list = '<option value="' . ($row[$fields . '_order']) . '"' . $selected . '>' . sprintf($user->lang['AFTER_' . $lang], ' -&gt; ' . htmlspecialchars($after_txt)) . '</option>' . $order_list;
+						$selected = '';
+						if (!empty($after))
+						{
+							$selected = ' selected="selected"';
+							$after = false;
 						}
+
+						$after_txt = ($mode == 'smilies') ? $row['code'] : $row['icons_url'];
+						$order_list = '<option value="' . ($row[$fields . '_order']) . '"' . $selected . '>' . sprintf($user->lang['AFTER_' . $lang], ' -&gt; ' . htmlspecialchars($after_txt)) . '</option>' . $order_list;
 					}
-					while ($row = $db->sql_fetchrow($result));
 				}
 				$db->sql_freeresult($result);
 
 				$order_list = '<option value="1"' . ((!isset($after)) ? ' selected="selected"' : '') . '>' . $user->lang['FIRST'] . '</option>' . $order_list;
 
+				$data = array();
 				if ($action == 'add')
 				{
 					$data = $_images;
@@ -231,20 +228,20 @@ class acp_icons
 						}
 
 						$img_sql = array(
-							$fields . '_url'	=>	$image,
-							$fields . '_width'	=>	$image_width[$image],
-							$fields . '_height'	=>	$image_height[$image],
-							'display_on_posting'=>	(isset($image_display_on_posting[$image])) ? 1 : 0,
+							$fields . '_url'		=> $image,
+							$fields . '_width'		=> $image_width[$image],
+							$fields . '_height'		=> $image_height[$image],
+							'display_on_posting'	=> (isset($image_display_on_posting[$image])) ? 1 : 0,
 						);
 
 						if ($mode == 'smilies')
 						{
 							$img_sql = array_merge($img_sql, array(
-								'emotion'	=>	$image_emotion[$image],
-								'code'		=>	$image_code[$image])
+								'emotion'	=> $image_emotion[$image],
+								'code'		=> $image_code[$image])
 							);
 						}
-						
+
 						if (!empty($image_order[$image]))
 						{
 							$img_sql = array_merge($img_sql, array(
@@ -351,7 +348,10 @@ class acp_icons
 						$cur_img = array();
 
 						$field_sql = ($mode == 'smilies') ? 'code' : 'icons_url';
-						$result = $db->sql_query("SELECT $field_sql FROM $table");
+
+						$sql = "SELECT $field_sql
+							FROM $table";
+						$result = $db->sql_query($sql);
 
 						while ($row = $db->sql_fetchrow($result))
 						{
@@ -371,8 +371,8 @@ class acp_icons
 						$data = array();
 						if (preg_match_all("#'(.*?)', #", $pak_entry, $data))
 						{
-							if ((sizeof($data[1]) != 3 && $mode == 'icons') || 
-								(sizeof($data[1]) != 5 && $mode == 'smilies'))
+							if ((sizeof($data[1]) != 4 && $mode == 'icons') || 
+								(sizeof($data[1]) != 6 && $mode == 'smilies'))
 							{
 								trigger_error($user->lang['WRONG_PAK_TYPE'] . adm_back_link($this->u_action));
 							}
@@ -381,11 +381,12 @@ class acp_icons
 							$img = stripslashes($data[1][0]);
 							$width = stripslashes($data[1][1]);
 							$height = stripslashes($data[1][2]);
+							$display_on_posting = stripslashes($data[1][3]);
 
-							if (isset($data[1][3]) && isset($data[1][4]))
+							if (isset($data[1][4]) && isset($data[1][5]))
 							{
-								$emotion = stripslashes($data[1][3]);
-								$code = stripslashes($data[1][4]);
+								$emotion = stripslashes($data[1][4]);
+								$code = stripslashes($data[1][5]);
 							}
 
 							if ($current == 'replace' && 
@@ -394,15 +395,16 @@ class acp_icons
 							{
 								$replace_sql = ($mode == 'smilies') ? $code : $img;
 								$sql = array(
-									$fields . '_url'	=>	$img,
-									$fields . '_height'	=>	(int) $height,
-									$fields . '_width'	=>	(int) $width,
+									$fields . '_url'		=> $img,
+									$fields . '_height'		=> (int) $height,
+									$fields . '_width'		=> (int) $width,
+									'display_on_posting'	=> (int) $display_on_posting,
 								);
 
 								if ($mode == 'smilies')
 								{
 									$sql = array_merge($sql, array(
-										'emotion'	=>	$emotion
+										'emotion'				=> $emotion,
 									));
 								}
 
@@ -415,17 +417,18 @@ class acp_icons
 								++$order;
 
 								$sql = array(
-									$fields . '_url'	=>	$img,
-									$fields . '_height'	=>	(int) $height,
-									$fields . '_width'	=>	(int) $width,
-									$fields . '_order'	=>	(int) $order,
+									$fields . '_url'	=> $img,
+									$fields . '_height'	=> (int) $height,
+									$fields . '_width'	=> (int) $width,
+									$fields . '_order'	=> (int) $order,
+									'display_on_posting'=> (int) $display_on_posting,
 								);
 
 								if ($mode == 'smilies')
 								{
 									$sql = array_merge($sql, array(
-										'code'		=>	$code,
-										'emotion'	=>	$emotion
+										'code'				=> $code,
+										'emotion'			=> $emotion,
 									));
 								}
 								$db->sql_query("INSERT INTO $table " . $db->sql_build_array('INSERT', $sql));
@@ -435,7 +438,7 @@ class acp_icons
 
 					$cache->destroy('icons');
 					$cache->destroy('sql', $table);
-	
+
 					trigger_error($user->lang[$lang . '_IMPORT_SUCCESS'] . adm_back_link($this->u_action));
 				}
 				else
@@ -476,7 +479,7 @@ class acp_icons
 				);
 
 				return;
-				
+
 			break;
 
 			case 'send':
@@ -492,6 +495,7 @@ class acp_icons
 					$pak .= "'" . addslashes($row[$fields . '_url']) . "', ";
 					$pak .= "'" . addslashes($row[$fields . '_width']) . "', ";
 					$pak .= "'" . addslashes($row[$fields . '_height']) . "', ";
+					$pak .= "'" . addslashes($row['display_on_posting']) . "', ";
 
 					if ($mode == 'smilies')
 					{
@@ -505,7 +509,7 @@ class acp_icons
 
 				if ($pak != '')
 				{
-					$db->sql_close();
+					garbage_collection();
 
 					header('Pragma: public');
 
@@ -519,15 +523,16 @@ class acp_icons
 				}
 				else
 				{
-					trigger_error($user->lang['NO_' . $fields . '_EXPORT'] . adm_back_link($this->u_action));
+					trigger_error($user->lang['NO_' . strtoupper($fields) . '_EXPORT'] . adm_back_link($this->u_action));
 				}
 
 			break;
 
 			case 'delete':
 
-				$db->sql_query("DELETE FROM $table 
-					WHERE {$fields}_id = $icon_id");
+				$sql = "DELETE FROM $table
+					WHERE {$fields}_id = $icon_id";
+				$db->sql_query($sql);
 
 				switch ($mode)
 				{
@@ -549,6 +554,9 @@ class acp_icons
 
 				$notice = $user->lang[$lang . '_DELETED'];
 
+				$cache->destroy('icons');
+				$cache->destroy('sql', $table);
+
 			break;
 
 			case 'move_up':

phpBB/includes/acp/acp_language.php

@@ -71,6 +71,10 @@ class acp_language
 					$transfer = new ftp(request_var('host', ''), request_var('username', ''), request_var('password', ''), request_var('root_path', ''), request_var('port', ''), request_var('timeout', ''));
 				break;
 
+				case 'ftp_fsock':
+					$transfer = new ftp_fsock(request_var('host', ''), request_var('username', ''), request_var('password', ''), request_var('root_path', ''), request_var('port', ''), request_var('timeout', ''));
+				break;
+
 				default:
 					trigger_error($user->lang['INVALID_UPLOAD_METHOD']);
 			}
@@ -97,23 +101,13 @@ class acp_language
 					));
 				}
 
-				$entry = $_POST['entry'];
-				foreach ($entry as $key => $value)
-				{
-					if (is_array($value))
-					{
-						foreach ($value as $key2 => $data)
-						{
-							$entry[$key][$key2] = htmlentities($data);
-						}
-					}
-					else
-					{
-						$entry[$key] = htmlentities($value);
-					}
-				}
-
-				$hidden_data = build_hidden_fields(array('file' => $this->language_file, 'dir' => $this->language_directory, 'method' => $method, 'entry' => $entry));
+				$hidden_data = build_hidden_fields(array(
+					'file'		=> $this->language_file,
+					'dir'		=> $this->language_directory,
+					'method'	=> $method,
+					'entry'		=> $_POST['entry']),
+					true
+				);
 
 				$template->assign_vars(array(
 					'S_UPLOAD'	=> true,
@@ -133,7 +127,8 @@ class acp_language
 					trigger_error($user->lang['NO_LANG_ID'] . adm_back_link($this->u_action));
 				}
 
-				$sql = 'SELECT * FROM ' . LANG_TABLE . "
+				$sql = 'SELECT *
+					FROM ' . LANG_TABLE . "
 					WHERE lang_id = $lang_id";
 				$result = $db->sql_query($sql);
 				$row = $db->sql_fetchrow($result);
@@ -168,7 +163,8 @@ class acp_language
 					trigger_error($user->lang['NO_FILE_SELECTED'] . adm_back_link($this->u_action));
 				}
 
-				$sql = 'SELECT * FROM ' . LANG_TABLE . "
+				$sql = 'SELECT *
+					FROM ' . LANG_TABLE . "
 					WHERE lang_id = $lang_id";
 				$result = $db->sql_query($sql);
 				$row = $db->sql_fetchrow($result);
@@ -210,8 +206,7 @@ class acp_language
 				if ($this->language_directory == 'email')
 				{
 					// Email Template
-					$entry = (STRIP) ? stripslashes($_POST['entry']) : $_POST['entry'];
-					$entry = preg_replace('#&(\#[0-9]+;)#', '&\1', $entry);
+					$entry = $this->prepare_lang_entry($_POST['entry'], false);
 					fwrite($fp, $entry);
 				}
 				else
@@ -229,23 +224,19 @@ class acp_language
 						{
 							if (!is_array($value))
 							{
+								continue;
 							}
-							else
-							{
-								$entry = "\tarray(\n";
+
+							$entry = "\tarray(\n";
 							
-								foreach ($value as $_key => $_value)
-								{
-									$_value = (STRIP) ? stripslashes($_value) : $_value;
-									$_value = preg_replace('#&(\#[0-9]+;)#', '&\1', $_value);
-									$entry .= "\t\t" . (int) $_key . "\t=> '" . str_replace("'", "\\'", $_value) . "',\n";
-								}
-								
-								$entry .= "\t),\n";
+							foreach ($value as $_key => $_value)
+							{
+								$entry .= "\t\t" . (int) $_key . "\t=> '" . $this->prepare_lang_entry($_value) . "',\n";
 							}
-											
+
+							$entry .= "\t),\n";
 							fwrite($fp, $entry);
-						}	
+						}
 					}
 					else
 					{
@@ -255,32 +246,13 @@ class acp_language
 
 						foreach ($_POST['entry'] as $key => $value)
 						{
-							if (!is_array($value))
-							{
-								$value = (STRIP) ? stripslashes($value) : $value;
-								$value = preg_replace('#&(\#[0-9]+;)#', '&\1', $value);
-								$entry = "\t'" . $key . "'\t=> '" . str_replace("'", "\\'", $value) . "',\n";
-							}
-							else
-							{
-								$entry = "\n\t'" . $key . "'\t=> array(\n";
-							
-								foreach ($value as $_key => $_value)
-								{
-									$_value = (STRIP) ? stripslashes($_value) : $_value;
-									$_value = preg_replace('#&(\#[0-9]+;)#', '&\1', $_value);
-									$entry .= "\t\t'" . $_key . "'\t=> '" . str_replace("'", "\\'", $_value) . "',\n";
-								}
-								
-								$entry .= "\t),\n\n";
-							}
-											
+							$entry = $this->format_lang_array($key, $value);
 							fwrite($fp, $entry);
-						}	
+						}
 					}
 
 					$footer = "));\n\n?>";
-					fwrite($fp, $footer);	
+					fwrite($fp, $footer);
 				}
 
 				fclose($fp);
@@ -302,7 +274,8 @@ class acp_language
 				}
 				else if ($action == 'upload_data')
 				{
-					$sql = 'SELECT lang_iso FROM ' . LANG_TABLE . "
+					$sql = 'SELECT lang_iso
+						FROM ' . LANG_TABLE . "
 						WHERE lang_id = $lang_id";
 					$result = $db->sql_query($sql);
 					$row = $db->sql_fetchrow($result);
@@ -322,6 +295,11 @@ class acp_language
 						case 'ftp':
 							$transfer = new ftp(request_var('host', ''), request_var('username', ''), request_var('password', ''), request_var('root_path', ''), request_var('port', ''), request_var('timeout', ''));
 						break;
+
+						case 'ftp_fsock':
+							$transfer = new ftp_fsock(request_var('host', ''), request_var('username', ''), request_var('password', ''), request_var('root_path', ''), request_var('port', ''), request_var('timeout', ''));
+						break;
+
 						default:
 							trigger_error($user->lang['INVALID_UPLOAD_METHOD']);
 					}
@@ -335,6 +313,9 @@ class acp_language
 					$transfer->copy_file('store/' . $lang_path . $file, $lang_path . $file);
 					$transfer->close_session();
 
+					// Remove from storage folder
+					@unlink($phpbb_root_path . 'store/' . $lang_path . $file);
+
 					add_log('admin', 'LOG_LANGUAGE_FILE_REPLACED', $file);
 
 					trigger_error($user->lang['UPLOAD_COMPLETED']);
@@ -353,7 +334,8 @@ class acp_language
 				
 				$this->page_title = 'LANGUAGE_PACK_DETAILS';
 
-				$sql = 'SELECT * FROM ' . LANG_TABLE . '
+				$sql = 'SELECT *
+					FROM ' . LANG_TABLE . '
 					WHERE lang_id = ' . $lang_id;
 				$result = $db->sql_query($sql);
 				$lang_entries = $db->sql_fetchrow($result);
@@ -665,7 +647,8 @@ class acp_language
 					trigger_error($user->lang['NO_LANG_ID'] . adm_back_link($this->u_action));
 				}
 				
-				$sql = 'SELECT * FROM ' . LANG_TABLE . '
+				$sql = 'SELECT *
+					FROM ' . LANG_TABLE . '
 					WHERE lang_id = ' . $lang_id;
 				$result = $db->sql_query($sql);
 				$row = $db->sql_fetchrow($result);
@@ -707,7 +690,8 @@ class acp_language
 				);
 				unset($file);
 
-				$sql = 'SELECT lang_iso FROM ' . LANG_TABLE . "
+				$sql = 'SELECT lang_iso
+					FROM ' . LANG_TABLE . "
 					WHERE lang_iso = '" . $db->sql_escape($lang_iso) . "'";
 				$result = $db->sql_query($sql);
 
@@ -746,7 +730,8 @@ class acp_language
 					trigger_error($user->lang['NO_LANG_ID'] . adm_back_link($this->u_action));
 				}
 
-				$sql = 'SELECT * FROM ' . LANG_TABLE . '
+				$sql = 'SELECT * 
+					FROM ' . LANG_TABLE . '
 					WHERE lang_id = ' . $lang_id;
 				$result = $db->sql_query($sql);
 				$row = $db->sql_fetchrow($result);
@@ -794,7 +779,7 @@ class acp_language
 
 				include_once($phpbb_root_path . 'includes/functions_compress.' . $phpEx);
 
-				if ($use_method == 'zip')
+				if ($use_method == '.zip')
 				{
 					$compress = new compress_zip('w', $phpbb_root_path . 'store/lang_' . $row['lang_iso'] . $use_method);
 				}
@@ -818,6 +803,17 @@ class acp_language
 				// Add main files
 				$this->add_to_archive($compress, $this->main_files, $row['lang_iso']);
 
+				// Add search files if they exist...
+				if (file_exists($phpbb_root_path . 'language/' . $row['lang_iso'] . '/search_ignore_words.' . $phpEx))
+				{
+					$this->add_to_archive($compress, array("search_ignore_words.$phpEx"), $row['lang_iso']);
+				}
+
+				if (file_exists($phpbb_root_path . 'language/' . $row['lang_iso'] . '/search_synonyms.' . $phpEx))
+				{
+					$this->add_to_archive($compress, array("search_synonyms.$phpEx"), $row['lang_iso']);
+				}
+
 				// Write files in folders
 				$this->add_to_archive($compress, $email_templates, $row['lang_iso'], 'email');
 				$this->add_to_archive($compress, $acp_files, $row['lang_iso'], 'acp');
@@ -862,7 +858,8 @@ class acp_language
 		$db->sql_freeresult($result);
 
 		$sql = 'SELECT *  
-			FROM ' . LANG_TABLE;
+			FROM ' . LANG_TABLE . '
+			ORDER BY lang_english_name';
 		$result = $db->sql_query($sql);
 
 		$installed = array();
@@ -975,8 +972,7 @@ $lang = array_merge($lang, array(
 ';
 
 		// Language files in language root directory
-		$this->main_files = array("common.$phpEx", "groups.$phpEx", "mcp.$phpEx", "memberlist.$phpEx", "posting.$phpEx", "search.$phpEx", "ucp.$phpEx", "viewforum.$phpEx", "viewtopic.$phpEx", "help_bbcode.$phpEx", "help_faq.$phpEx");
-	
+		$this->main_files = array("common.$phpEx", "groups.$phpEx", "install.$phpEx", "mcp.$phpEx", "memberlist.$phpEx", "posting.$phpEx", "search.$phpEx", "ucp.$phpEx", "viewforum.$phpEx", "viewtopic.$phpEx", "help_bbcode.$phpEx", "help_faq.$phpEx");
 	}
 
 	/**
@@ -1041,22 +1037,52 @@ $lang = array_merge($lang, array(
 
 				foreach ($value as $_key => $_value)
 				{
-					$tpl .= '
-						<tr>
-							<td class="row1" style="white-space: nowrap;">' . $key_prefix . '<b>' . $_key . '</b></td>
-							<td class="row2">';
-					
-					if ($input_field)
+					if (is_array($_value))
 					{
-						$tpl .= '<input type="text" name="entry[' . $key . '][' . $_key . ']" value="' . htmlspecialchars($_value) . '" size="50" />';
+						$tpl .= '
+							<tr>
+								<td class="row3" colspan="2">' . $key_prefix . '&nbsp; &nbsp;<b>' . $_key . '</b></td>
+							</tr>';
+
+						foreach ($_value as $__key => $__value)
+						{
+							$tpl .= '
+								<tr>
+									<td class="row1" style="white-space: nowrap;">' . $key_prefix . '<b>' . $__key . '</b></td>
+									<td class="row2">';
+
+							if ($input_field)
+							{
+								$tpl .= '<input type="text" name="entry[' . $key . '][' . $_key . '][' . $__key . ']" value="' . htmlspecialchars($__value) . '" size="50" />';
+							}
+							else
+							{
+								$tpl .= '<b>' . htmlspecialchars($__value) . '</b>';
+							}
+							
+							$tpl .= '</td>
+								</tr>';
+						}
 					}
 					else
 					{
-						$tpl .= '<b>' . htmlspecialchars($_value) . '</b>';
+						$tpl .= '
+							<tr>
+								<td class="row1" style="white-space: nowrap;">' . $key_prefix . '<b>' . $_key . '</b></td>
+								<td class="row2">';
+						
+						if ($input_field)
+						{
+							$tpl .= '<input type="text" name="entry[' . $key . '][' . $_key . ']" value="' . htmlspecialchars($_value) . '" size="50" />';
+						}
+						else
+						{
+							$tpl .= '<b>' . htmlspecialchars($_value) . '</b>';
+						}
+						
+						$tpl .= '</td>
+							</tr>';
 					}
-					
-					$tpl .= '</td>
-						</tr>';
 				}
 
 				$tpl .= '
@@ -1191,6 +1217,49 @@ $lang = array_merge($lang, array(
 
 		return $return_ary;
 	}
+
+	/**
+	* Return language string value for storage
+	*/
+	function prepare_lang_entry($text, $store = true)
+	{
+		$text = (STRIP) ? stripslashes($text) : $text;
+
+		// Adjust for storage...
+		if ($store)
+		{
+			$text = str_replace("'", "\\'", str_replace('\\', '\\\\', $text));
+		}
+
+		return $text;
+	}
+
+	/**
+	* Format language array for storage
+	*/
+	function format_lang_array($key, $value, $tabs = "\t")
+	{
+		$entry = '';
+
+		if (!is_array($value))
+		{
+			$entry .= "{$tabs}'{$key}'\t=> '" . $this->prepare_lang_entry($value) . "',\n";
+		}
+		else
+		{
+			$_tabs = $tabs . "\t";
+			$entry .= "\n{$tabs}'{$key}'\t=> array(\n";
+
+			foreach ($value as $_key => $_value)
+			{
+				$entry .= $this->format_lang_array($_key, $_value, $_tabs);
+			}
+
+			$entry .= "{$tabs}),\n\n";
+		}
+
+		return $entry;
+	}
 }
 
 ?>

phpBB/includes/acp/acp_logs.php

@@ -42,14 +42,15 @@ class acp_logs
 		if (($deletemark || $deleteall) && $auth->acl_get('a_clearlogs'))
 		{
 			$where_sql = '';
-			if ($deletemark && $marked)
+
+			if ($deletemark && sizeof($marked))
 			{
 				$sql_in = array();
 				foreach ($marked as $mark)
 				{
 					$sql_in[] = $mark;
 				}
-				$where_sql = ' AND log_id IN (' . implode(', ', $sql_in) . ')';
+				$where_sql = ' AND ' . $db->sql_in_set('log_id', $sql_in);
 				unset($sql_in);
 			}
 
@@ -67,7 +68,7 @@ class acp_logs
 		// Sorting
 		$limit_days = array(0 => $user->lang['ALL_ENTRIES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']);
 		$sort_by_text = array('u' => $user->lang['SORT_USERNAME'], 't' => $user->lang['SORT_DATE'], 'i' => $user->lang['SORT_IP'], 'o' => $user->lang['SORT_ACTION']);
-		$sort_by_sql = array('u' => 'l.user_id', 't' => 'l.log_time', 'i' => 'l.log_ip', 'o' => 'l.log_operation');
+		$sort_by_sql = array('u' => 'u.username', 't' => 'l.log_time', 'i' => 'l.log_ip', 'o' => 'l.log_operation');
 
 		$s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = '';
 		gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param);

phpBB/includes/acp/acp_main.php

@@ -21,9 +21,9 @@ class acp_main
 		global $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix;
 
 		$action = request_var('action', '');
-		$mark	= (isset($_REQUEST['mark'])) ? implode(', ', request_var('mark', array(0))) : '';
+		$mark	= (isset($_REQUEST['mark'])) ? request_var('mark', array(0)) : array();
 
-		if ($mark)
+		if (sizeof($mark))
 		{
 			switch ($action)
 			{
@@ -36,8 +36,8 @@ class acp_main
 					}
 
 					$sql = 'SELECT username 
-						FROM ' . USERS_TABLE . "
-						WHERE user_id IN ($mark)";
+						FROM ' . USERS_TABLE . '
+						WHERE ' . $db->sql_in_set('user_id', $mark);
 					$result = $db->sql_query($sql);
 				
 					$user_affected = array();
@@ -50,14 +50,13 @@ class acp_main
 					if ($action == 'activate')
 					{
 						include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx);
-						$mark_ary = explode(', ', $mark);
 
-						foreach ($mark_ary as $user_id)
+						foreach ($mark as $user_id)
 						{
 							user_active_flip($user_id, USER_INACTIVE);
 						}
 
-						set_config('num_users', $config['num_users'] + sizeof($mark_ary), true);
+						set_config('num_users', $config['num_users'] + sizeof($mark), true);
 
 						// Update latest username
 						update_last_username();
@@ -69,9 +68,9 @@ class acp_main
 							trigger_error($user->lang['NO_ADMIN']);
 						}
 
-						$sql = 'DELETE FROM ' . USER_GROUP_TABLE . " WHERE user_id IN ($mark)";
+						$sql = 'DELETE FROM ' . USER_GROUP_TABLE . ' WHERE ' . $db->sql_in_set('user_id', $mark);
 						$db->sql_query($sql);
-						$sql = 'DELETE FROM ' . USERS_TABLE . " WHERE user_id IN ($mark)";
+						$sql = 'DELETE FROM ' . USERS_TABLE . ' WHERE ' . $db->sql_in_set('user_id', $mark);
 						$db->sql_query($sql);
 	
 						add_log('admin', 'LOG_INDEX_' . strtoupper($action), implode(', ', $user_affected));
@@ -91,8 +90,8 @@ class acp_main
 					}
 
 					$sql = 'SELECT user_id, username, user_email, user_lang, user_jabber, user_notify_type, user_regdate, user_actkey 
-						FROM ' . USERS_TABLE . " 
-						WHERE user_id IN ($mark)";
+						FROM ' . USERS_TABLE . ' 
+						WHERE ' . $db->sql_in_set('user_id', $mark);
 					$result = $db->sql_query($sql);
 
 					if ($row = $db->sql_fetchrow($result))
@@ -209,39 +208,20 @@ class acp_main
 					trigger_error($user->lang['NO_ADMIN']);
 				}
 
-				$post_count_ary = $auth->acl_getf('f_postcount');
-				$forum_read_ary = $auth->acl_getf('f_read');
-				
-				$forum_ary = array();
-				foreach ($post_count_ary as $forum_id => $allowed)
-				{
-					if ($allowed['f_postcount'] && $forum_read_ary[$forum_id]['f_read'])
-					{
-						$forum_ary[] = $forum_id;
-					}
-				}
+				$sql = 'SELECT COUNT(post_id) AS num_posts, poster_id
+					FROM ' . POSTS_TABLE . '
+					WHERE post_postcount = 1
+					GROUP BY poster_id';
+				$result = $db->sql_query($sql);
 
-				if (!sizeof($forum_ary))
+				while ($row = $db->sql_fetchrow($result))
 				{
-					$db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_posts = 0');
-				}
-				else
-				{
-					$sql = 'SELECT COUNT(post_id) AS num_posts, poster_id
-						FROM ' . POSTS_TABLE . '
-						WHERE poster_id <> ' . ANONYMOUS . '
-							AND forum_id IN (' . implode(', ', $forum_ary) . ')
-						GROUP BY poster_id';
-					$result = $db->sql_query($sql);
-
-					while ($row = $db->sql_fetchrow($result))
-					{
-						$db->sql_query('UPDATE ' . USERS_TABLE . " SET user_posts = {$row['num_posts']} WHERE user_id = {$row['poster_id']}");
-					}
-					$db->sql_freeresult($result);
+					$db->sql_query('UPDATE ' . USERS_TABLE . " SET user_posts = {$row['num_posts']} WHERE user_id = {$row['poster_id']}");
 				}
+				$db->sql_freeresult($result);
 
 				add_log('admin', 'LOG_RESYNC_POSTCOUNTS');
+
 			break;
 	
 			case 'date':
@@ -412,8 +392,10 @@ class acp_main
 			'DBSIZE'			=> $dbsize,
 			'UPLOAD_DIR_SIZE'	=> $upload_dir_size,
 			'GZIP_COMPRESSION'	=> ($config['gzip_compress']) ? $user->lang['ON'] : $user->lang['OFF'],
+			'DATABASE_INFO'		=> $db->sql_server_info(),
 
 			'U_ACTION'			=> append_sid("{$phpbb_admin_path}index.$phpEx"),
+			'U_ADMIN_LOG'		=> append_sid("{$phpbb_admin_path}index.$phpEx", 'i=logs&amp;mode=admin'),
 
 			'S_ACTION_OPTIONS'	=> ($auth->acl_get('a_board')) ? $s_action_options : '',
 			)
@@ -439,7 +421,7 @@ class acp_main
 
 		if ($auth->acl_get('a_user'))
 		{
-			$sql = 'SELECT user_id, username, user_regdate
+			$sql = 'SELECT user_id, username, user_regdate, user_lastvisit
 				FROM ' . USERS_TABLE . ' 
 				WHERE user_type = ' . USER_INACTIVE . ' 
 				ORDER BY user_regdate ASC';
@@ -449,6 +431,7 @@ class acp_main
 			{
 				$template->assign_block_vars('inactive', array(
 					'DATE'			=> $user->format_date($row['user_regdate']),
+					'LAST_VISIT'	=> (!$row['user_lastvisit']) ? ' - ' : $user->format_date($row['user_lastvisit']),
 					'USER_ID'		=> $row['user_id'],
 					'USERNAME'		=> $row['username'],
 					'U_USER_ADMIN'	=> append_sid("{$phpbb_admin_path}index.$phpEx", "i=users&amp;mode=overview&amp;u={$row['user_id']}"))
@@ -473,6 +456,12 @@ class acp_main
 			$template->assign_var('S_DEBUG_EXTRA', true);
 		}
 
+		// Warn if install is still present
+		if (file_exists($phpbb_root_path . 'install'))
+		{
+			$template->assign_var('S_REMOVE_INSTALL', true);
+		}
+
 		$this->tpl_name = 'acp_main';
 		$this->page_title = 'ACP_MAIN';
 	}

phpBB/includes/acp/acp_modules.php

@@ -144,16 +144,16 @@ class acp_modules
 						break;
 					}
 
-					list($module_name, $module_mode) = explode('::', $quick_install);
+					list($module_basename, $module_mode) = explode('::', $quick_install);
 
 					// Check if module name and mode exist...
-					$fileinfo = $this->get_module_infos($module_name);
-					$fileinfo = $fileinfo[$module_name];
+					$fileinfo = $this->get_module_infos($module_basename);
+					$fileinfo = $fileinfo[$module_basename];
 
 					if (isset($fileinfo['modes'][$module_mode]))
 					{
 						$module_data = array(
-							'module_name'		=> $module_name,
+							'module_basename'	=> $module_basename,
 							'module_enabled'	=> 0,
 							'module_display'	=> (isset($fileinfo['modes'][$module_mode]['display'])) ? $fileinfo['modes'][$module_mode]['display'] : 1,
 							'parent_id'			=> $parent_id,
@@ -202,7 +202,7 @@ class acp_modules
 				if ($action == 'add')
 				{
 					$module_row = array(
-						'module_name'		=> '',
+						'module_basename'	=> '',
 						'module_enabled'	=> 0,
 						'module_display'	=> 1,
 						'parent_id'			=> 0,
@@ -214,7 +214,7 @@ class acp_modules
 				
 				$module_data = array();
 
-				$module_data['module_name'] = request_var('module_name', (string) $module_row['module_name']);
+				$module_data['module_basename'] = request_var('module_basename', (string) $module_row['module_basename']);
 				$module_data['module_enabled'] = request_var('module_enabled', (int) $module_row['module_enabled']);
 				$module_data['module_display'] = request_var('module_display', (int) $module_row['module_display']);
 				$module_data['parent_id'] = request_var('module_parent_id', (int) $module_row['parent_id']);
@@ -235,7 +235,7 @@ class acp_modules
 
 					if ($module_type == 'category')
 					{
-						$module_data['module_name'] = $module_data['module_mode'] = $module_data['module_auth'] = '';
+						$module_data['module_basename'] = $module_data['module_mode'] = $module_data['module_auth'] = '';
 						$module_data['module_display'] = 1;
 					}
 
@@ -245,10 +245,10 @@ class acp_modules
 					}
 
 					// Adjust auth row
-					if ($module_data['module_name'] && $module_data['module_mode'])
+					if ($module_data['module_basename'] && $module_data['module_mode'])
 					{
-						$fileinfo = $this->get_module_infos($module_data['module_name']);
-						$module_data['module_auth'] = $fileinfo[$module_data['module_name']]['modes'][$module_data['module_mode']]['auth'];
+						$fileinfo = $this->get_module_infos($module_data['module_basename']);
+						$module_data['module_auth'] = $fileinfo[$module_data['module_basename']]['modes'][$module_data['module_mode']]['auth'];
 					}
 
 					$errors = $this->update_module_data($module_data);
@@ -262,7 +262,7 @@ class acp_modules
 				}
 
 				// Category/not category?
-				$is_cat = (!$module_data['module_name']) ? true : false;
+				$is_cat = (!$module_data['module_basename']) ? true : false;
 
 				// Get module informations
 				$module_infos = $this->get_module_infos();
@@ -271,20 +271,20 @@ class acp_modules
 				$s_name_options = $s_mode_options = '';
 				foreach ($module_infos as $option => $values)
 				{
-					if (!$module_data['module_name'])
+					if (!$module_data['module_basename'])
 					{
-						$module_data['module_name'] = $option;
+						$module_data['module_basename'] = $option;
 					}
 
 					// Name options
-					$s_name_options .= '<option value="' . $option . '"' . (($option == $module_data['module_name']) ? ' selected="selected"' : '') . '>' . $this->lang_name($values['title']) . ' [' . $this->module_class . '_' . $option . ']</option>';
+					$s_name_options .= '<option value="' . $option . '"' . (($option == $module_data['module_basename']) ? ' selected="selected"' : '') . '>' . $this->lang_name($values['title']) . ' [' . $this->module_class . '_' . $option . ']</option>';
 
 					$template->assign_block_vars('m_names', array('NAME' => $option));
 
 					// Build module modes
 					foreach ($values['modes'] as $m_mode => $m_values)
 					{
-						if ($option == $module_data['module_name'])
+						if ($option == $module_data['module_basename'])
 						{
 							$s_mode_options .= '<option value="' . $m_mode . '"' . (($m_mode == $module_data['module_mode']) ? ' selected="selected"' : '') . '>' . $this->lang_name($m_values['title']) . '</option>';
 						}
@@ -387,7 +387,7 @@ class acp_modules
 				}
 				else
 				{
-					$module_image = (!$row['module_name'] || $row['left_id'] + 1 != $row['right_id']) ? '<img src="images/icon_subfolder.gif" width="46" height="25" alt="' . $user->lang['CATEGORY'] . '" />' : '<img src="images/icon_folder.gif" width="46" height="25" alt="' . $user->lang['MODULE'] . '" />';
+					$module_image = (!$row['module_basename'] || $row['left_id'] + 1 != $row['right_id']) ? '<img src="images/icon_subfolder.gif" width="46" height="25" alt="' . $user->lang['CATEGORY'] . '" />' : '<img src="images/icon_folder.gif" width="46" height="25" alt="' . $user->lang['MODULE'] . '" />';
 				}
 
 				$url = $this->u_action . '&amp;parent_id=' . $parent_id . '&amp;m=' . $row['module_id'];
@@ -551,22 +551,10 @@ class acp_modules
 	{
 		global $db, $user, $auth, $config;
 
-		switch (SQL_LAYER)
-		{
-			case 'firebird':
-				$sql = 'SELECT module_id, module_enabled, "module_name", parent_id, module_langname, left_id, right_id, module_auth
-					FROM ' . MODULES_TABLE . "
-					WHERE module_class = '" . $db->sql_escape($this->module_class) . "'
-					ORDER BY left_id ASC";
-			break;
-
-			default:
-				$sql = 'SELECT module_id, module_enabled, module_name, parent_id, module_langname, left_id, right_id, module_auth
-					FROM ' . MODULES_TABLE . "
-					WHERE module_class = '" . $db->sql_escape($this->module_class) . "'
-					ORDER BY left_id ASC";
-			break;
-		}
+		$sql = 'SELECT module_id, module_enabled, module_basename, parent_id, module_langname, left_id, right_id, module_auth
+			FROM ' . MODULES_TABLE . "
+			WHERE module_class = '" . $db->sql_escape($this->module_class) . "'
+			ORDER BY left_id ASC";
 		$result = $db->sql_query($sql);
 
 		$right = $iteration = 0;
@@ -607,13 +595,13 @@ class acp_modules
 			}
 
 			// empty category
-			if (!$row['module_name'] && ($row['left_id'] + 1 == $row['right_id']) && $ignore_emptycat)
+			if (!$row['module_basename'] && ($row['left_id'] + 1 == $row['right_id']) && $ignore_emptycat)
 			{
 				continue;
 			}
 
 			// ignore non-category?
-			if ($row['module_name'] && $ignore_noncat)
+			if ($row['module_basename'] && $ignore_noncat)
 			{
 				continue;
 			}
@@ -723,8 +711,10 @@ class acp_modules
 					WHERE module_class = '" . $db->sql_escape($this->module_class) . "'
 						AND module_id = {$module_data['parent_id']}";
 				$result = $db->sql_query($sql);
+				$row = $db->sql_fetchrow($result);
+				$db->sql_freeresult($result);
 
-				if (!$row = $db->sql_fetchrow($result))
+				if (!$row)
 				{
 					if ($run_inline)
 					{
@@ -733,7 +723,6 @@ class acp_modules
 
 					trigger_error($user->lang['PARENT_NO_EXIST']);
 				}
-				$db->sql_freeresult($result);
 
 				$sql = 'UPDATE ' . MODULES_TABLE . "
 					SET left_id = left_id + 2, right_id = right_id + 2
@@ -777,7 +766,7 @@ class acp_modules
 		{
 			$row = $this->get_module_row($module_data['module_id']);
 
-			if ($module_data['module_name'] && !$row['module_name'])
+			if ($module_data['module_basename'] && !$row['module_basename'])
 			{
 				// we're turning a category into a module
 				$branch = $this->get_module_branch($module_data['module_id'], 'children', 'descending', false);
@@ -792,9 +781,12 @@ class acp_modules
 			{
 				$this->move_module($module_data['module_id'], $module_data['parent_id']);
 			}
-		
+
+			$update_ary = $module_data;
+			unset($update_ary['module_id']);
+
 			$sql = 'UPDATE ' . MODULES_TABLE . '
-				SET ' . $db->sql_build_array('UPDATE', $module_data) . "
+				SET ' . $db->sql_build_array('UPDATE', $update_ary) . "
 				WHERE module_class = '" . $db->sql_escape($this->module_class) . "'
 					AND module_id = {$module_data['module_id']}";
 			$db->sql_query($sql);
@@ -849,7 +841,7 @@ class acp_modules
 				SET right_id = right_id + $diff
 				WHERE module_class = '" . $db->sql_escape($this->module_class) . "'
 					AND " . $to_data['right_id'] . ' BETWEEN left_id AND right_id
-					AND module_id NOT IN (' . implode(', ', $moved_ids) . ')';
+					AND ' . $db->sql_in_set('module_id', $moved_ids, true);
 			$db->sql_query($sql);
 
 			// Resync the righthand side of the tree
@@ -857,7 +849,7 @@ class acp_modules
 				SET left_id = left_id + $diff, right_id = right_id + $diff
 				WHERE module_class = '" . $db->sql_escape($this->module_class) . "'
 					AND left_id > " . $to_data['right_id'] . '
-					AND module_id NOT IN (' . implode(', ', $moved_ids) . ')';
+					AND ' . $db->sql_in_set('module_id', $moved_ids, true);
 			$db->sql_query($sql);
 
 			// Resync moved branch
@@ -876,7 +868,7 @@ class acp_modules
 			$sql = 'SELECT MAX(right_id) AS right_id
 				FROM ' . MODULES_TABLE . "
 				WHERE module_class = '" . $db->sql_escape($this->module_class) . "'
-					AND module_id NOT IN (" . implode(', ', $moved_ids) . ')';
+					AND " . $db->sql_in_set('module_id', $moved_ids, true);
 			$result = $db->sql_query($sql);
 			$row = $db->sql_fetchrow($result);
 			$db->sql_freeresult($result);
@@ -887,7 +879,7 @@ class acp_modules
 		$sql = 'UPDATE ' . MODULES_TABLE . "
 			SET left_id = left_id $diff, right_id = right_id $diff
 			WHERE module_class = '" . $db->sql_escape($this->module_class) . "'
-				AND module_id IN (" . implode(', ', $moved_ids) . ')';
+				AND " . $db->sql_in_set('module_id', $moved_ids);
 		$db->sql_query($sql);
 	}
 

phpBB/includes/acp/acp_permission_roles.php

@@ -239,7 +239,7 @@ class acp_permission_roles
 					$auth_options = array();
 					while ($row = $db->sql_fetchrow($result))
 					{
-						$auth_options[$row['auth_option']] = ACL_UNSET;
+						$auth_options[$row['auth_option']] = ACL_NO;
 					}
 					$db->sql_freeresult($result);
 				}
@@ -294,7 +294,7 @@ class acp_permission_roles
 					)
 				);
 
-				// We need to fill the auth options array with ACL_UNSET options ;)
+				// We need to fill the auth options array with ACL_NO options ;)
 				$sql = 'SELECT auth_option_id, auth_option
 					FROM ' . ACL_OPTIONS_TABLE . "
 					WHERE auth_option LIKE '{$permission_type}%'
@@ -306,7 +306,7 @@ class acp_permission_roles
 				{
 					if (!isset($auth_options[$row['auth_option']]))
 					{
-						$auth_options[$row['auth_option']] = ACL_UNSET;
+						$auth_options[$row['auth_option']] = ACL_NO;
 					}
 				}
 				$db->sql_freeresult($result);
@@ -447,17 +447,17 @@ class acp_permission_roles
 			$template->assign_block_vars('auth', array(
 				'CAT_NAME'	=> $user->lang['permission_cat'][$cat],
 
-				'S_YES'		=> ($cat_array['S_YES'] && !$cat_array['S_NO'] && !$cat_array['S_UNSET']) ? true : false,
-				'S_NO'		=> ($cat_array['S_NO'] && !$cat_array['S_YES'] && !$cat_array['S_UNSET']) ? true : false,
-				'S_UNSET'	=> ($cat_array['S_UNSET'] && !$cat_array['S_NO'] && !$cat_array['S_YES']) ? true : false)
+				'S_YES'		=> ($cat_array['S_YES'] && !$cat_array['S_NEVER'] && !$cat_array['S_NO']) ? true : false,
+				'S_NEVER'	=> ($cat_array['S_NEVER'] && !$cat_array['S_YES'] && !$cat_array['S_NO']) ? true : false,
+				'S_NO'		=> ($cat_array['S_NO'] && !$cat_array['S_NEVER'] && !$cat_array['S_YES']) ? true : false)
 			);
 
 			foreach ($cat_array['permissions'] as $permission => $allowed)
 			{
 				$template->assign_block_vars('auth.mask', array(
 					'S_YES'		=> ($allowed == ACL_YES) ? true : false,
+					'S_NEVER'	=> ($allowed == ACL_NEVER) ? true : false,
 					'S_NO'		=> ($allowed == ACL_NO) ? true : false,
-					'S_UNSET'	=> ($allowed == ACL_UNSET) ? true : false,
 
 					'FIELD_NAME'	=> $permission,
 					'PERMISSION'	=> $user->lang['acl_' . $permission]['lang'])
@@ -484,7 +484,7 @@ class acp_permission_roles
 		$auth_settings = array();
 		while ($row = $db->sql_fetchrow($result))
 		{
-			$auth_settings[$row['auth_option']] = ACL_UNSET;
+			$auth_settings[$row['auth_option']] = ACL_NO;
 		}
 		$db->sql_freeresult($result);
 

phpBB/includes/acp/acp_permissions.php

@@ -59,8 +59,8 @@ class acp_permissions
 		$subforum_id = request_var('subforum_id', 0);
 		$forum_id = request_var('forum_id', array(0));
 
-		$username = request_var('username', array(''), true);
-		$usernames = request_var('usernames', '', true);
+		$username = request_var('username', array(''));
+		$usernames = request_var('usernames', '');
 		$user_id = request_var('user_id', array(0));
 
 		$group_id = request_var('group_id', array(0));
@@ -70,7 +70,7 @@ class acp_permissions
 		if ($select_all_groups)
 		{
 			// Add default groups to selection
-			$sql_and = ($config['coppa_hide_groups']) ? " AND group_name NOT IN ('INACTIVE_COPPA', 'REGISTERED_COPPA')" : '';
+			$sql_and = (!$config['coppa_enable']) ? " AND group_name NOT IN ('INACTIVE_COPPA', 'REGISTERED_COPPA')" : '';
 
 			$sql = 'SELECT group_id
 				FROM ' . GROUPS_TABLE . '
@@ -213,7 +213,32 @@ class acp_permissions
 			switch ($action)
 			{
 				case 'delete':
-					$this->remove_permissions($mode, $permission_type, $auth_admin, $user_id, $group_id, $forum_id);
+					// All users/groups selected?
+					$all_users = (isset($_POST['all_users'])) ? true : false;
+					$all_groups = (isset($_POST['all_groups'])) ? true : false;
+
+					if ($all_users || $all_groups)
+					{
+						$items = $this->retrieve_defined_user_groups($permission_scope, $forum_id, $permission_type);
+
+						if ($all_users && sizeof($items['user_ids']))
+						{
+							$user_id = $items['user_ids'];
+						}
+						else if ($all_groups && sizeof($items['group_ids']))
+						{
+							$group_id = $items['group_ids'];
+						}
+					}
+
+					if (sizeof($user_id) || sizeof($group_id))
+					{
+						$this->remove_permissions($mode, $permission_type, $auth_admin, $user_id, $group_id, $forum_id);
+					}
+					else
+					{
+						trigger_error($user->lang['NO_USER_GROUP_SELECTED'] . adm_back_link($this->u_action));
+					}
 				break;
 
 				case 'apply_permissions':
@@ -273,7 +298,7 @@ class acp_permissions
 						continue 2;
 					}
 
-					$forum_list = make_forum_select(false, false, true, false, false, true);
+					$forum_list = make_forum_select(false, false, true, false, false, false, true);
 
 					// Build forum options
 					$s_forum_options = '';
@@ -343,99 +368,30 @@ class acp_permissions
 						continue 2;
 					}
 
-					$sql_forum_id = ($permission_scope == 'global') ? 'AND a.forum_id = 0' : ((sizeof($forum_id)) ? 'AND a.forum_id IN (' . implode(', ', $forum_id) . ')' : 'AND a.forum_id <> 0');
-					$sql_permission_option = "AND o.auth_option LIKE '" . $db->sql_escape($permission_type) . "%'";
-
-					$sql = $db->sql_build_query('SELECT_DISTINCT', array(
-						'SELECT'	=> 'u.username, u.user_regdate, u.user_id',
-
-						'FROM'		=> array(
-							USERS_TABLE			=> 'u',
-							ACL_OPTIONS_TABLE	=> 'o',
-							ACL_USERS_TABLE		=> 'a'
-						),
-
-						'LEFT_JOIN'	=> array(
-							array(
-								'FROM'	=> array(ACL_ROLES_DATA_TABLE => 'r'),
-								'ON'	=> 'a.auth_role_id = r.role_id'
-							)
-						),
-
-						'WHERE'		=> "(a.auth_option_id = o.auth_option_id OR r.auth_option_id = o.auth_option_id)
-							$sql_permission_option
-							$sql_forum_id
-							AND u.user_id = a.user_id",
-
-						'ORDER_BY'	=> 'u.username, u.user_regdate ASC'
-					));
-					$result = $db->sql_query($sql);
-
-					$s_defined_user_options = '';
-					$defined_user_ids = array();
-					while ($row = $db->sql_fetchrow($result))
-					{
-						$s_defined_user_options .= '<option value="' . $row['user_id'] . '">' . $row['username'] . '</option>';
-						$defined_user_ids[] = $row['user_id'];
-					}
-					$db->sql_freeresult($result);
-
-					$sql = $db->sql_build_query('SELECT_DISTINCT', array(
-						'SELECT'	=> 'g.group_type, g.group_name, g.group_id',
-
-						'FROM'		=> array(
-							GROUPS_TABLE		=> 'g',
-							ACL_OPTIONS_TABLE	=> 'o',
-							ACL_GROUPS_TABLE	=> 'a'
-						),
-
-						'LEFT_JOIN'	=> array(
-							array(
-								'FROM'	=> array(ACL_ROLES_DATA_TABLE => 'r'),
-								'ON'	=> 'a.auth_role_id = r.role_id'
-							)
-						),
-
-						'WHERE'		=> "(a.auth_option_id = o.auth_option_id OR r.auth_option_id = o.auth_option_id)
-							$sql_permission_option
-							$sql_forum_id
-							AND g.group_id = a.group_id",
-
-						'ORDER_BY'	=> 'g.group_type DESC, g.group_name ASC'
-					));
-					$result = $db->sql_query($sql);
-
-					$s_defined_group_options = '';
-					$defined_group_ids = array();
-					while ($row = $db->sql_fetchrow($result))
-					{
-						$s_defined_group_options .= '<option' . (($row['group_type'] == GROUP_SPECIAL) ? ' class="sep"' : '') . ' value="' . $row['group_id'] . '">' . (($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name']) . '</option>';
-						$defined_group_ids[] = $row['group_id'];
-					}
-					$db->sql_freeresult($result);
+					$items = $this->retrieve_defined_user_groups($permission_scope, $forum_id, $permission_type);
 
 					// Now we check the users... because the "all"-selection is different here (all defined users/groups)
 					$all_users = (isset($_POST['all_users'])) ? true : false;
 					$all_groups = (isset($_POST['all_groups'])) ? true : false;
 
-					if ($all_users && sizeof($defined_user_ids))
+					if ($all_users && sizeof($items['user_ids']))
 					{
-						$user_id = $defined_user_ids;
+						$user_id = $items['user_ids'];
 						continue 2;
 					}
 
-					if ($all_groups && sizeof($defined_group_ids))
+					if ($all_groups && sizeof($items['group_ids']))
 					{
-						$group_id = $defined_group_ids;
+						$group_id = $items['group_ids'];
 						continue 2;
 					}
 
 					$template->assign_vars(array(
 						'S_SELECT_USERGROUP'		=> ($victim == 'usergroup') ? true : false,
 						'S_SELECT_USERGROUP_VIEW'	=> ($victim == 'usergroup_view') ? true : false,
-						'S_DEFINED_USER_OPTIONS'	=> $s_defined_user_options,
-						'S_DEFINED_GROUP_OPTIONS'	=> $s_defined_group_options,
-						'S_ADD_GROUP_OPTIONS'		=> group_select_options(false, $defined_group_ids),
+						'S_DEFINED_USER_OPTIONS'	=> $items['user_ids_options'],
+						'S_DEFINED_GROUP_OPTIONS'	=> $items['group_ids_options'],
+						'S_ADD_GROUP_OPTIONS'		=> group_select_options(false, $items['group_ids']),
 						'U_FIND_USERNAME'			=> append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&amp;form=add_user&amp;field=username'))
 					);
 
@@ -457,7 +413,7 @@ class acp_permissions
 			{
 				$sql = 'SELECT forum_name
 					FROM ' . FORUMS_TABLE . '
-					WHERE forum_id IN (' . implode(', ', $forum_id) . ')
+					WHERE ' . $db->sql_in_set('forum_id', $forum_id) . '
 					ORDER BY forum_name ASC';
 				$result = $db->sql_query($sql);
 
@@ -497,7 +453,7 @@ class acp_permissions
 				'S_SETTING_PERMISSIONS'		=> true)
 			);
 
-			$hold_ary = $auth_admin->get_mask('set', (sizeof($user_id)) ? $user_id : false, (sizeof($group_id)) ? $group_id : false, (sizeof($forum_id)) ? $forum_id : false, $permission_type, $permission_scope, ACL_UNSET);
+			$hold_ary = $auth_admin->get_mask('set', (sizeof($user_id)) ? $user_id : false, (sizeof($group_id)) ? $group_id : false, (sizeof($forum_id)) ? $forum_id : false, $permission_type, $permission_scope, ACL_NO);
 			$auth_admin->display_mask('set', $permission_type, $hold_ary, ((sizeof($user_id)) ? 'user' : 'group'), (($permission_scope == 'local') ? true : false));
 		}
 		else
@@ -506,7 +462,7 @@ class acp_permissions
 				'S_VIEWING_PERMISSIONS'		=> true)
 			);
 
-			$hold_ary = $auth_admin->get_mask('view', (sizeof($user_id)) ? $user_id : false, (sizeof($group_id)) ? $group_id : false, (sizeof($forum_id)) ? $forum_id : false, $permission_type, $permission_scope, ACL_NO);
+			$hold_ary = $auth_admin->get_mask('view', (sizeof($user_id)) ? $user_id : false, (sizeof($group_id)) ? $group_id : false, (sizeof($forum_id)) ? $forum_id : false, $permission_type, $permission_scope, ACL_NEVER);
 			$auth_admin->display_mask('view', $permission_type, $hold_ary, ((sizeof($user_id)) ? 'user' : 'group'), (($permission_scope == 'local') ? true : false));
 		}
 	}
@@ -598,7 +554,7 @@ class acp_permissions
 
 		$sql = "SELECT $sql_id
 			FROM $table
-			WHERE $sql_id IN (" . implode(', ', $ids) . ')';
+			WHERE " . $db->sql_in_set($sql_id, $ids);
 		$result = $db->sql_query($sql);
 
 		$ids = array();
@@ -783,10 +739,10 @@ class acp_permissions
 		}
 		$db->sql_freeresult($result);
 
-		// We need to add any ACL_UNSET setting from auth_settings to compare correctly
+		// We need to add any ACL_NO setting from auth_settings to compare correctly
 		foreach ($auth_settings as $option => $setting)
 		{
-			if ($setting == ACL_UNSET)
+			if ($setting == ACL_NO)
 			{
 				$test_auth_settings[$option] = $setting;
 			}
@@ -847,8 +803,8 @@ class acp_permissions
 		}
 
 		// Logging ... first grab user or groupnames ...
-		$sql = ($ug_type == 'group') ? 'SELECT group_name as name, group_type FROM ' . GROUPS_TABLE . ' WHERE group_id' : 'SELECT username as name FROM ' . USERS_TABLE . ' WHERE user_id';
-		$sql .=  ' IN (' . implode(', ', array_map('intval', $ug_id)) . ')';
+		$sql = ($ug_type == 'group') ? 'SELECT group_name as name, group_type FROM ' . GROUPS_TABLE . ' WHERE ' : 'SELECT username as name FROM ' . USERS_TABLE . ' WHERE ';
+		$sql .=  $db->sql_in_set(($ug_type == 'group') ? 'group_id' : 'user_id', array_map('intval', $ug_id));
 		$result = $db->sql_query($sql);
 
 		$l_ug_list = '';
@@ -869,7 +825,7 @@ class acp_permissions
 			// Grab the forum details if non-zero forum_id
 			$sql = 'SELECT forum_name  
 				FROM ' . FORUMS_TABLE . '
-				WHERE forum_id IN (' . implode(', ', $forum_id) . ')';
+				WHERE ' . $db->sql_in_set('forum_id', $forum_id);
 			$result = $db->sql_query($sql);
 
 			$l_forum_list = '';
@@ -902,7 +858,7 @@ class acp_permissions
 		if (sizeof($perms))
 		{
 			$sql = 'DELETE FROM ' . ZEBRA_TABLE . ' 
-				WHERE zebra_id IN (' . implode(', ', array_unique($perms)) . ')
+				WHERE ' . $db->sql_in_set('zebra_id', array_unique($perms)) . '
 					AND foe = 1';
 			$db->sql_query($sql);
 		}
@@ -960,8 +916,8 @@ class acp_permissions
 			'WHO'			=> $user->lang['DEFAULT'],
 			'INFORMATION'	=> $user->lang['TRACE_DEFAULT'],
 
-			'S_SETTING_UNSET'	=> true,
-			'S_TOTAL_UNSET'		=> true)
+			'S_SETTING_NO'		=> true,
+			'S_TOTAL_NO'		=> true)
 		);
 
 		$sql = 'SELECT DISTINCT g.group_name, g.group_id, g.group_type
@@ -976,12 +932,13 @@ class acp_permissions
 		while ($row = $db->sql_fetchrow($result))
 		{
 			$groups[$row['group_id']] = array(
-				'auth_setting'		=> ACL_UNSET,
+				'auth_setting'		=> ACL_NO,
 				'group_name'		=> ($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name']
 			);
 		}
 		$db->sql_freeresult($result);
 
+		$total = ACL_NO;
 		if (sizeof($groups))
 		{
 			// Get group auth settings
@@ -993,23 +950,22 @@ class acp_permissions
 			}
 			unset($hold_ary);
 
-			$total = ACL_UNSET;
 			foreach ($groups as $id => $row)
 			{
 				switch ($row['auth_setting'])
 				{
-					case ACL_UNSET:
-						$information = $user->lang['TRACE_GROUP_UNSET'];
+					case ACL_NO:
+						$information = $user->lang['TRACE_GROUP_NO'];
 					break;
 
 					case ACL_YES:
-						$information = ($total == ACL_YES) ? $user->lang['TRACE_GROUP_YES_TOTAL_YES'] : (($total == ACL_NO) ? $user->lang['TRACE_GROUP_YES_TOTAL_NO'] : $user->lang['TRACE_GROUP_YES_TOTAL_UNSET']);
-						$total = ($total == ACL_UNSET) ? ACL_YES : $total;
+						$information = ($total == ACL_YES) ? $user->lang['TRACE_GROUP_YES_TOTAL_YES'] : (($total == ACL_NEVER) ? $user->lang['TRACE_GROUP_YES_TOTAL_NEVER'] : $user->lang['TRACE_GROUP_YES_TOTAL_NO']);
+						$total = ($total == ACL_NO) ? ACL_YES : $total;
 					break;
 
-					case ACL_NO:
-						$information = ($total == ACL_YES) ? $user->lang['TRACE_GROUP_NO_TOTAL_YES'] : (($total == ACL_NO) ? $user->lang['TRACE_GROUP_NO_TOTAL_NO'] : $user->lang['TRACE_GROUP_NO_TOTAL_UNSET']);
-						$total = ACL_NO;
+					case ACL_NEVER:
+						$information = ($total == ACL_YES) ? $user->lang['TRACE_GROUP_NEVER_TOTAL_YES'] : (($total == ACL_NEVER) ? $user->lang['TRACE_GROUP_NEVER_TOTAL_NEVER'] : $user->lang['TRACE_GROUP_NEVER_TOTAL_NO']);
+						$total = ACL_NEVER;
 					break;
 				}
 
@@ -1017,35 +973,35 @@ class acp_permissions
 					'WHO'			=> $row['group_name'],
 					'INFORMATION'	=> $information,
 
-					'S_SETTING_UNSET'	=> ($row['auth_setting'] == ACL_UNSET) ? true : false,
-					'S_SETTING_YES'		=> ($row['auth_setting'] == ACL_YES) ? true : false,
 					'S_SETTING_NO'		=> ($row['auth_setting'] == ACL_NO) ? true : false,
-					'S_TOTAL_UNSET'		=> ($total == ACL_UNSET) ? true : false,
+					'S_SETTING_YES'		=> ($row['auth_setting'] == ACL_YES) ? true : false,
+					'S_SETTING_NEVER'	=> ($row['auth_setting'] == ACL_NEVER) ? true : false,
+					'S_TOTAL_NO'		=> ($total == ACL_NO) ? true : false,
 					'S_TOTAL_YES'		=> ($total == ACL_YES) ? true : false,
-					'S_TOTAL_NO'		=> ($total == ACL_NO) ? true : false)
+					'S_TOTAL_NEVER'		=> ($total == ACL_NEVER) ? true : false)
 				);
 			}
 		}
 
 		// Get user specific permission...
 		$hold_ary = $auth->acl_user_raw_data($user_id, $permission, $forum_id);
-		$auth_setting = (!sizeof($hold_ary)) ? ACL_UNSET : $hold_ary[$user_id][$forum_id][$permission];
+		$auth_setting = (!sizeof($hold_ary)) ? ACL_NO : $hold_ary[$user_id][$forum_id][$permission];
 
 		switch ($auth_setting)
 		{
-			case ACL_UNSET:
-				$information = ($total == ACL_UNSET) ? $user->lang['TRACE_USER_UNSET_TOTAL_UNSET'] : $user->lang['TRACE_USER_KEPT'];
-				$total = ($total == ACL_UNSET) ? ACL_NO : $total;
+			case ACL_NO:
+				$information = ($total == ACL_NO) ? $user->lang['TRACE_USER_NO_TOTAL_NO'] : $user->lang['TRACE_USER_KEPT'];
+				$total = ($total == ACL_NO) ? ACL_NEVER : $total;
 			break;
 
 			case ACL_YES:
-				$information = ($total == ACL_YES) ? $user->lang['TRACE_USER_YES_TOTAL_YES'] : (($total == ACL_NO) ? $user->lang['TRACE_USER_YES_TOTAL_NO'] : $user->lang['TRACE_USER_YES_TOTAL_UNSET']);
-				$total = ($total == ACL_UNSET) ? ACL_YES : $total;
+				$information = ($total == ACL_YES) ? $user->lang['TRACE_USER_YES_TOTAL_YES'] : (($total == ACL_NEVER) ? $user->lang['TRACE_USER_YES_TOTAL_NEVER'] : $user->lang['TRACE_USER_YES_TOTAL_NO']);
+				$total = ($total == ACL_NO) ? ACL_YES : $total;
 			break;
 
-			case ACL_NO:
-				$information = ($total == ACL_YES) ? $user->lang['TRACE_USER_NO_TOTAL_YES'] : (($total == ACL_NO) ? $user->lang['TRACE_USER_NO_TOTAL_NO'] : $user->lang['TRACE_USER_NO_TOTAL_UNSET']);
-				$total = ACL_NO;
+			case ACL_NEVER:
+				$information = ($total == ACL_YES) ? $user->lang['TRACE_USER_NEVER_TOTAL_YES'] : (($total == ACL_NEVER) ? $user->lang['TRACE_USER_NEVER_TOTAL_NEVER'] : $user->lang['TRACE_USER_NEVER_TOTAL_NO']);
+				$total = ACL_NEVER;
 			break;
 		}
 
@@ -1053,12 +1009,12 @@ class acp_permissions
 			'WHO'			=> $userdata['username'],
 			'INFORMATION'	=> $information,
 
-			'S_SETTING_UNSET'	=> ($auth_setting == ACL_UNSET) ? true : false,
-			'S_SETTING_YES'		=> ($auth_setting == ACL_YES) ? true : false,
 			'S_SETTING_NO'		=> ($auth_setting == ACL_NO) ? true : false,
-			'S_TOTAL_UNSET'		=> false,
+			'S_SETTING_YES'		=> ($auth_setting == ACL_YES) ? true : false,
+			'S_SETTING_NEVER'	=> ($auth_setting == ACL_NEVER) ? true : false,
+			'S_TOTAL_NO'		=> false,
 			'S_TOTAL_YES'		=> ($total == ACL_YES) ? true : false,
-			'S_TOTAL_NO'		=> ($total == ACL_NO) ? true : false)
+			'S_TOTAL_NEVER'		=> ($total == ACL_NEVER) ? true : false)
 		);
 
 		// global permission might overwrite local permission
@@ -1077,24 +1033,24 @@ class acp_permissions
 
 			if ($auth_setting)
 			{
-				$information = ($total == ACL_YES) ? $user->lang['TRACE_USER_GLOBAL_YES_TOTAL_YES'] : $user->lang['TRACE_USER_GLOBAL_YES_TOTAL_NO'];
+				$information = ($total == ACL_YES) ? $user->lang['TRACE_USER_GLOBAL_YES_TOTAL_YES'] : $user->lang['TRACE_USER_GLOBAL_YES_TOTAL_NEVER'];
 				$total = ACL_YES;
 			}
 			else
 			{
-				$information = $user->lang['TRACE_USER_GLOBAL_NO_TOTAL_KEPT'];
+				$information = $user->lang['TRACE_USER_GLOBAL_NEVER_TOTAL_KEPT'];
 			}
 
 			$template->assign_block_vars('trace', array(
 				'WHO'			=> sprintf($user->lang['TRACE_GLOBAL_SETTING'], $userdata['username']),
 				'INFORMATION'	=> sprintf($information, '<a href="' . $this->u_action . "&amp;u=$user_id&amp;f=0&amp;auth=$permission&amp;back=$forum_id\">", '</a>'),
 
-				'S_SETTING_UNSET'	=> false,
+				'S_SETTING_NO'		=> false,
 				'S_SETTING_YES'		=> $auth_setting,
-				'S_SETTING_NO'		=> !$auth_setting,
-				'S_TOTAL_UNSET'		=> false,
+				'S_SETTING_NEVER'	=> !$auth_setting,
+				'S_TOTAL_NO'		=> false,
 				'S_TOTAL_YES'		=> ($total == ACL_YES) ? true : false,
-				'S_TOTAL_NO'		=> ($total == ACL_NO) ? true : false)
+				'S_TOTAL_NEVER'		=> ($total == ACL_NEVER) ? true : false)
 			);
 		}
 
@@ -1105,15 +1061,101 @@ class acp_permissions
 				'WHO'			=> $userdata['username'],
 				'INFORMATION'	=> $user->lang['TRACE_USER_FOUNDER'],
 
-				'S_SETTING_UNSET'	=> ($auth_setting == ACL_UNSET) ? true : false,
-				'S_SETTING_YES'		=> ($auth_setting == ACL_YES) ? true : false,
 				'S_SETTING_NO'		=> ($auth_setting == ACL_NO) ? true : false,
-				'S_TOTAL_UNSET'		=> false,
+				'S_SETTING_YES'		=> ($auth_setting == ACL_YES) ? true : false,
+				'S_SETTING_NEVER'	=> ($auth_setting == ACL_NEVER) ? true : false,
+				'S_TOTAL_NO'		=> false,
 				'S_TOTAL_YES'		=> true,
-				'S_TOTAL_NO'		=> false)
+				'S_TOTAL_NEVER'		=> false)
 			);
 		}
 	}
+
+	/**
+	* Get already assigned users/groups
+	*/
+	function retrieve_defined_user_groups($permission_scope, $forum_id, $permission_type)
+	{
+		global $db, $user;
+
+		$sql_forum_id = ($permission_scope == 'global') ? 'AND a.forum_id = 0' : ((sizeof($forum_id)) ? 'AND ' . $db->sql_in_set('a.forum_id', $forum_id) : 'AND a.forum_id <> 0');
+		$sql_permission_option = "AND o.auth_option LIKE '" . $db->sql_escape($permission_type) . "%'";
+
+		$sql = $db->sql_build_query('SELECT_DISTINCT', array(
+			'SELECT'	=> 'u.username, u.user_regdate, u.user_id',
+
+			'FROM'		=> array(
+				USERS_TABLE			=> 'u',
+				ACL_OPTIONS_TABLE	=> 'o',
+				ACL_USERS_TABLE		=> 'a'
+			),
+
+			'LEFT_JOIN'	=> array(
+				array(
+					'FROM'	=> array(ACL_ROLES_DATA_TABLE => 'r'),
+					'ON'	=> 'a.auth_role_id = r.role_id'
+				)
+			),
+
+			'WHERE'		=> "(a.auth_option_id = o.auth_option_id OR r.auth_option_id = o.auth_option_id)
+				$sql_permission_option
+				$sql_forum_id
+				AND u.user_id = a.user_id",
+
+			'ORDER_BY'	=> 'u.username, u.user_regdate ASC'
+		));
+		$result = $db->sql_query($sql);
+
+		$s_defined_user_options = '';
+		$defined_user_ids = array();
+		while ($row = $db->sql_fetchrow($result))
+		{
+			$s_defined_user_options .= '<option value="' . $row['user_id'] . '">' . $row['username'] . '</option>';
+			$defined_user_ids[] = $row['user_id'];
+		}
+		$db->sql_freeresult($result);
+
+		$sql = $db->sql_build_query('SELECT_DISTINCT', array(
+			'SELECT'	=> 'g.group_type, g.group_name, g.group_id',
+
+			'FROM'		=> array(
+				GROUPS_TABLE		=> 'g',
+				ACL_OPTIONS_TABLE	=> 'o',
+				ACL_GROUPS_TABLE	=> 'a'
+			),
+
+			'LEFT_JOIN'	=> array(
+				array(
+					'FROM'	=> array(ACL_ROLES_DATA_TABLE => 'r'),
+					'ON'	=> 'a.auth_role_id = r.role_id'
+				)
+			),
+
+			'WHERE'		=> "(a.auth_option_id = o.auth_option_id OR r.auth_option_id = o.auth_option_id)
+				$sql_permission_option
+				$sql_forum_id
+				AND g.group_id = a.group_id",
+
+			'ORDER_BY'	=> 'g.group_type DESC, g.group_name ASC'
+		));
+		$result = $db->sql_query($sql);
+
+		$s_defined_group_options = '';
+		$defined_group_ids = array();
+		while ($row = $db->sql_fetchrow($result))
+		{
+			$s_defined_group_options .= '<option' . (($row['group_type'] == GROUP_SPECIAL) ? ' class="sep"' : '') . ' value="' . $row['group_id'] . '">' . (($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name']) . '</option>';
+			$defined_group_ids[] = $row['group_id'];
+		}
+		$db->sql_freeresult($result);
+
+		return array(
+			'group_ids'			=> $defined_group_ids,
+			'group_ids_options'	=> $s_defined_group_options,
+			'user_ids'			=> $defined_user_ids,
+			'user_ids_options'	=> $s_defined_user_options
+		);
+	}
 }
 
 ?>

phpBB/includes/acp/acp_profile.php

@@ -50,7 +50,8 @@ class acp_profile
 		$lang_defs = array();
 
 		$sql = 'SELECT lang_id, lang_iso
-			FROM ' . LANG_TABLE;
+			FROM ' . LANG_TABLE . '
+			ORDER BY lang_english_name';
 		$result = $db->sql_query($sql);
 
 		while ($row = $db->sql_fetchrow($result))
@@ -63,7 +64,7 @@ class acp_profile
 
 		$sql = 'SELECT field_id, lang_id
 			FROM ' . PROFILE_LANG_TABLE . '
-				ORDER BY lang_id';
+			ORDER BY lang_id';
 		$result = $db->sql_query($sql);
 	
 		while ($row = $db->sql_fetchrow($result))
@@ -119,19 +120,19 @@ class acp_profile
 							$db->sql_freeresult($result);
 
 							// Create a temp table and populate it, destroy the existing one
-							$db->sql_query(preg_replace('#CREATE\s+TABLE\s+' . PROFILE_FIELDS_DATA_TABLE . '#i', 'CREATE TEMPORARY TABLE ' . PROFILE_FIELDS_DATA_TABLE . '_temp', $row['sql']));
+							$db->sql_query(preg_replace('#CREATE\s+TABLE\s+"?' . PROFILE_FIELDS_DATA_TABLE . '"?#i', 'CREATE TEMPORARY TABLE ' . PROFILE_FIELDS_DATA_TABLE . '_temp', $row['sql']));
 							$db->sql_query('INSERT INTO ' . PROFILE_FIELDS_DATA_TABLE . '_temp SELECT * FROM ' . PROFILE_FIELDS_DATA_TABLE);
 							$db->sql_query('DROP TABLE ' . PROFILE_FIELDS_DATA_TABLE);
 
 							preg_match('#\((.*)\)#s', $row['sql'], $matches);
 
-							$new_table_cols = $matches[1];
+							$new_table_cols = trim($matches[1]);
 							$old_table_cols = explode(',', $new_table_cols);
 							$column_list = array();
 							foreach($old_table_cols as $declaration)
 							{
-								$entities = preg_split('#\s+#', $declaration);
-								if ($entities[0] !== $field_ident)
+								$entities = preg_split('#\s+#', trim($declaration));
+								if ($entities[0] !== '_' . $field_ident)
 								{
 									$column_list[] = $entities[0];
 								}
@@ -139,7 +140,7 @@ class acp_profile
 
 							$columns = implode(',', $column_list);
 
-							$new_table_cols = preg_replace('/' . $field_ident . '[^,]+,/', '', $new_table_cols);
+							$new_table_cols = preg_replace('/' . '_' . $field_ident . '[^,]+,/', '', $new_table_cols);
 
 							// create a new table and fill it up. destroy the temp one
 							$db->sql_query('CREATE TABLE ' . PROFILE_FIELDS_DATA_TABLE . ' (' . $new_table_cols . ');');
@@ -148,7 +149,7 @@ class acp_profile
 						break;
 
 						default:
-							$db->sql_query('ALTER TABLE ' . PROFILE_FIELDS_DATA_TABLE . " DROP $field_ident");
+							$db->sql_query('ALTER TABLE ' . PROFILE_FIELDS_DATA_TABLE . " DROP _$field_ident");
 					}
 
 					$order = 0;
@@ -293,16 +294,17 @@ class acp_profile
 					$field_type = $field_row['field_type'];
 
 					// Get language entries
-					$sql = 'SELECT * FROM ' . PROFILE_FIELDS_LANG_TABLE . ' 
+					$sql = 'SELECT *
+						FROM ' . PROFILE_FIELDS_LANG_TABLE . ' 
 						WHERE lang_id = ' . $lang_defs['iso'][$config['default_lang']] . "
 							AND field_id = $field_id
-							ORDER BY option_id ASC";
+						ORDER BY option_id ASC";
 					$result = $db->sql_query($sql);
 
 					$lang_options = array();
 					while ($row = $db->sql_fetchrow($result))
 					{
-						$lang_options[$row['option_id']] = $row['value'];
+						$lang_options[$row['option_id']] = $row['lang_value'];
 					}
 					$db->sql_freeresult($result);
 
@@ -474,7 +476,8 @@ class acp_profile
 				if ($action == 'edit')
 				{
 					// Get language entries
-					$sql = 'SELECT * FROM ' . PROFILE_FIELDS_LANG_TABLE . ' 
+					$sql = 'SELECT *
+						FROM ' . PROFILE_FIELDS_LANG_TABLE . ' 
 						WHERE lang_id <> ' . $lang_defs['iso'][$config['default_lang']] . "
 							AND field_id = $field_id
 						ORDER BY option_id ASC";
@@ -483,12 +486,13 @@ class acp_profile
 					$l_lang_options = array();
 					while ($row = $db->sql_fetchrow($result))
 					{
-						$l_lang_options[$row['lang_id']][$row['option_id']] = $row['value'];
+						$l_lang_options[$row['lang_id']][$row['option_id']] = $row['lang_value'];
 					}
 					$db->sql_freeresult($result);
 
 		
-					$sql = 'SELECT lang_id, lang_name, lang_explain, lang_default_value FROM ' . PROFILE_LANG_TABLE . ' 
+					$sql = 'SELECT lang_id, lang_name, lang_explain, lang_default_value
+						FROM ' . PROFILE_LANG_TABLE . ' 
 						WHERE lang_id <> ' . $lang_defs['iso'][$config['default_lang']] . "
 							AND field_id = $field_id
 						ORDER BY lang_id ASC";
@@ -536,7 +540,7 @@ class acp_profile
 
 					if ($cp->vars['lang_name'] == '')
 					{
-						$error[] = $user->lang['EMPTY_USER_FIELD_IDENT'];
+						$error[] = $user->lang['EMPTY_USER_FIELD_NAME'];
 					}
 
 					if ($field_type == FIELD_BOOL || $field_type == FIELD_DROPDOWN)
@@ -545,7 +549,7 @@ class acp_profile
 						{
 							$error[] = $user->lang['NO_FIELD_ENTRIES'];
 						}
-					}	
+					}
 				}
 
 				$step = (isset($_REQUEST['next'])) ? $step + 1 : ((isset($_REQUEST['prev'])) ? $step - 1 : $step);
@@ -769,7 +773,8 @@ class acp_profile
 
 		$sql = 'SELECT lang_id, lang_iso 
 			FROM ' . LANG_TABLE . "
-			WHERE lang_iso <> '" . $config['default_lang'] . "'";
+			WHERE lang_iso <> '" . $config['default_lang'] . "'
+			ORDER BY lang_english_name";
 		$result = $db->sql_query($sql);
 
 		$languages = array();
@@ -928,278 +933,28 @@ class acp_profile
 				'field_active'		=> 1
 			);
 
-			$db->sql_query('INSERT INTO ' . PROFILE_FIELDS_TABLE . ' ' . $db->sql_build_array('INSERT', $profile_fields));
+			$sql = 'INSERT INTO ' . PROFILE_FIELDS_TABLE . ' ' . $db->sql_build_array('INSERT', $profile_fields);
+			$db->sql_query($sql);
 
 			$field_id = $db->sql_nextid();
 		}
 		else
 		{
-			$db->sql_query('UPDATE ' . PROFILE_FIELDS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $profile_fields) . "
-				WHERE field_id = $field_id");
+			$sql = 'UPDATE ' . PROFILE_FIELDS_TABLE . '
+				SET ' . $db->sql_build_array('UPDATE', $profile_fields) . "
+				WHERE field_id = $field_id";
+			$db->sql_query($sql);
 		}
 		
 		if ($action == 'create')
 		{
-			switch (SQL_LAYER)
-			{
-				case 'mysql':
-				case 'mysql4':
-				case 'mysqli':
-
-					// We are defining the biggest common value, because of the possibility to edit the min/max values of each field.
-					$sql = 'ALTER TABLE ' . PROFILE_FIELDS_DATA_TABLE . " ADD `$field_ident` ";
-					switch ($field_type)
-					{
-						case FIELD_STRING:
-							$sql .= ' VARCHAR(255) ';
-						break;
-
-						case FIELD_DATE:
-							$sql .= 'VARCHAR(10) ';
-						break;
-
-						case FIELD_TEXT:
-							$sql .= "TEXT";
-		//						ADD {$field_ident}_bbcode_uid VARCHAR(5) NOT NULL,
-		//						ADD {$field_ident}_bbcode_bitfield INT(11) UNSIGNED";
-						break;
-
-						case FIELD_BOOL:
-							$sql .= 'TINYINT(2) ';
-						break;
-				
-						case FIELD_DROPDOWN:
-							$sql .= 'MEDIUMINT(8) ';
-						break;
-
-						case FIELD_INT:
-							$sql .= 'BIGINT(20) ';
-						break;
-					}
-
-				break;
-
-				case 'sqlite':
-
-					switch ($field_type)
-					{
-						case FIELD_STRING:
-							$type = ' VARCHAR(255) ';
-						break;
-
-						case FIELD_DATE:
-							$type = 'VARCHAR(10) ';
-						break;
-
-						case FIELD_TEXT:
-							$type = "TEXT(65535)";
-		//						ADD {$field_ident}_bbcode_uid VARCHAR(5) NOT NULL,
-		//						ADD {$field_ident}_bbcode_bitfield INT(11) UNSIGNED";
-						break;
-
-						case FIELD_BOOL:
-							$type = 'TINYINT(2) ';
-						break;
-				
-						case FIELD_DROPDOWN:
-							$type = 'MEDIUMINT(8) ';
-						break;
-
-						case FIELD_INT:
-							$type = 'BIGINT(20) ';
-						break;
-					}
-
-					// We are defining the biggest common value, because of the possibility to edit the min/max values of each field.
-					if (version_compare(sqlite_libversion(), '3.0') == -1)
-					{
-						$sql = "SELECT sql
-							FROM sqlite_master 
-							WHERE type = 'table' 
-								AND name = '" . PROFILE_FIELDS_DATA_TABLE . "'
-							ORDER BY type DESC, name;";
-						$result = $db->sql_query($sql);
-						$row = $db->sql_fetchrow($result);
-						$db->sql_freeresult($result);
-
-						// Create a temp table and populate it, destroy the existing one
-						$db->sql_query(preg_replace('#CREATE\s+TABLE\s+' . PROFILE_FIELDS_DATA_TABLE . '#i', 'CREATE TEMPORARY TABLE ' . PROFILE_FIELDS_DATA_TABLE . '_temp', $row['sql']));
-						$db->sql_query('INSERT INTO ' . PROFILE_FIELDS_DATA_TABLE . '_temp SELECT * FROM ' . PROFILE_FIELDS_DATA_TABLE);
-						$db->sql_query('DROP TABLE ' . PROFILE_FIELDS_DATA_TABLE);
-
-						preg_match('#\((.*)\)#s', $row['sql'], $matches);
-
-						$new_table_cols = $matches[1];
-						$old_table_cols = explode(',', $new_table_cols);
-						$column_list = array();
-						foreach($old_table_cols as $declaration)
-						{
-							$entities = preg_split('#\s+#', $declaration);
-							$column_list[] = $entities[0];
-						}
-
-						$columns = implode(',', $column_list);
-
-						$new_table_cols = $field_ident . ' ' . $type . ',' . $new_table_cols;
-
-						// create a new table and fill it up. destroy the temp one
-						$db->sql_query('CREATE TABLE ' . PROFILE_FIELDS_DATA_TABLE . ' (' . $new_table_cols . ');');
-						$db->sql_query('INSERT INTO ' . PROFILE_FIELDS_DATA_TABLE . ' (' . $columns . ') SELECT ' . $columns . ' FROM ' . PROFILE_FIELDS_DATA_TABLE . '_temp;');
-						$db->sql_query('DROP TABLE ' . PROFILE_FIELDS_DATA_TABLE . '_temp');
-					}
-					else
-					{
-						$sql = 'ALTER TABLE ' . PROFILE_FIELDS_DATA_TABLE . " ADD $field_ident $type";
-					}
-
-
-				break;
-
-				case 'mssql':
-				case 'mssql_odbc':
-
-					// We are defining the biggest common value, because of the possibility to edit the min/max values of each field.
-					$sql = 'ALTER TABLE [' . PROFILE_FIELDS_DATA_TABLE . "] ADD $field_ident ";
-
-					switch ($field_type)
-					{
-						case FIELD_STRING:
-							$sql .= ' [VARCHAR] (255) ';
-						break;
-
-						case FIELD_DATE:
-							$sql .= '[VARCHAR] (10) ';
-						break;
-
-						case FIELD_TEXT:
-							$sql .= "[TEXT]";
-		//						ADD {$field_ident}_bbcode_uid [VARCHAR] (5) NOT NULL,
-		//						ADD {$field_ident}_bbcode_bitfield [INT] UNSIGNED";
-						break;
-
-						case FIELD_BOOL:
-						case FIELD_DROPDOWN:
-							$sql .= '[INT] ';
-						break;
-
-						case FIELD_INT:
-							$sql .= '[FLOAT] ';
-						break;
-					}
-
-				break;
-
-				case 'postgres':
-
-					// We are defining the biggest common value, because of the possibility to edit the min/max values of each field.
-					$sql = 'ALTER TABLE ' . PROFILE_FIELDS_DATA_TABLE . " ADD COLUMN $field_ident ";
-
-					switch ($field_type)
-					{
-						case FIELD_STRING:
-							$sql .= ' VARCHAR(255) ';
-						break;
-
-						case FIELD_DATE:
-							$sql .= 'VARCHAR(10) ';
-						break;
-
-						case FIELD_TEXT:
-							$sql .= "TEXT";
-		//						ADD {$field_ident}_bbcode_uid VARCHAR(5) NOT NULL,
-		//						ADD {$field_ident}_bbcode_bitfield INT4 UNSIGNED";
-						break;
-
-						case FIELD_BOOL:
-							$sql .= 'INT2 ';
-						break;
-				
-						case FIELD_DROPDOWN:
-							$sql .= 'INT4 ';
-						break;
-
-						case FIELD_INT:
-							$sql .= 'INT8 ';
-						break;
-					}
-
-				break;
-
-				case 'firebird':
-
-					// We are defining the biggest common value, because of the possibility to edit the min/max values of each field.
-					$sql = 'ALTER TABLE ' . PROFILE_FIELDS_DATA_TABLE . " ADD $field_ident ";
-
-					switch ($field_type)
-					{
-						case FIELD_STRING:
-							$sql .= ' VARCHAR(255) ';
-						break;
-
-						case FIELD_DATE:
-							$sql .= 'VARCHAR(10) ';
-						break;
-
-						case FIELD_TEXT:
-							$sql .= "BLOB SUB_TYPE TEXT";
-		//						ADD {$field_ident}_bbcode_uid VARCHAR(5) NOT NULL,
-		//						ADD {$field_ident}_bbcode_bitfield INTEGER UNSIGNED";
-						break;
-
-						case FIELD_BOOL:
-						case FIELD_DROPDOWN:
-							$sql .= 'INTEGER ';
-						break;
-
-						case FIELD_INT:
-							$sql .= 'DOUBLE PRECISION ';
-						break;
-					}
-
-				break;
-
-				case 'oracle':
-
-					// We are defining the biggest common value, because of the possibility to edit the min/max values of each field.
-					$sql = 'ALTER TABLE ' . PROFILE_FIELDS_DATA_TABLE . " ADD $field_ident ";
-					switch ($field_type)
-					{
-						case FIELD_STRING:
-							$sql .= ' VARCHAR2(255) ';
-						break;
-
-						case FIELD_DATE:
-							$sql .= 'VARCHAR2(10) ';
-						break;
-
-						case FIELD_TEXT:
-							$sql .= "CLOB";
-		//						ADD {$field_ident}_bbcode_uid VARCHAR2(5) NOT NULL,
-		//						ADD {$field_ident}_bbcode_bitfield NUMBER(11) UNSIGNED";
-						break;
-
-						case FIELD_BOOL:
-							$sql .= 'NUMBER(2) ';
-						break;
-				
-						case FIELD_DROPDOWN:
-							$sql .= 'NUMBER(8) ';
-						break;
-
-						case FIELD_INT:
-							$sql .= 'NUMBER(20) ';
-						break;
-					}
-
-				break;
-			}
-	
-			$profile_sql[] = $sql;
+			$field_ident = '_' . $field_ident;
+			$profile_sql[] = $this->add_field_ident($field_ident, $field_type);
 		}
 
 		$sql_ary = array(
-			'lang_name'		=> $cp->vars['lang_name'],
-			'lang_explain'	=> $cp->vars['lang_explain'],
+			'lang_name'				=> $cp->vars['lang_name'],
+			'lang_explain'			=> $cp->vars['lang_explain'],
 			'lang_default_value'	=> $cp->vars['lang_default_value']
 		);
 
@@ -1272,7 +1027,7 @@ class acp_profile
 			{
 				$sql_ary = array(
 					'field_type'	=> (int) $field_type,
-					'value'			=> $value
+					'lang_value'	=> $value
 				);
 
 				if ($action == 'create')
@@ -1286,9 +1041,9 @@ class acp_profile
 				else
 				{
 					$this->update_insert(PROFILE_FIELDS_LANG_TABLE, $sql_ary, array(
-						'field_id' => $field_id,
-						'lang_id' => (int) $default_lang_id,
-						'option_id' => (int) $option_id)
+						'field_id'	=> $field_id,
+						'lang_id'	=> (int) $default_lang_id,
+						'option_id'	=> (int) $option_id)
 					);
 				}
 			}
@@ -1327,7 +1082,7 @@ class acp_profile
 							'lang_id'		=> (int) $lang_id,
 							'option_id'		=> (int) $option_id,
 							'field_type'	=> (int) $field_type,
-							'value'			=> $value
+							'lang_value'	=> $value
 						);
 					}
 				}
@@ -1380,6 +1135,7 @@ class acp_profile
 			}
 		}
 
+
 		$db->sql_transaction('begin');
 
 		if ($action == 'create')
@@ -1399,7 +1155,7 @@ class acp_profile
 		}
 		else
 		{
-			add_log('admin', 'LOG_PROFILE_FIELD_CREATE', $field_ident . ':' . $cp->vars['lang_name']);
+			add_log('admin', 'LOG_PROFILE_FIELD_CREATE', substr($field_ident, 1) . ':' . $cp->vars['lang_name']);
 			trigger_error($user->lang['ADDED_PROFILE_FIELD'] . adm_back_link($this->u_action));
 		}
 	}
@@ -1451,6 +1207,276 @@ class acp_profile
 			}
 		}
 	}
+
+	/**
+	* Return sql statement for adding a new field ident (profile field) to the profile fields data table
+	*/
+	function add_field_ident($field_ident, $field_type)
+	{
+		global $db;
+
+		switch (SQL_LAYER)
+		{
+			case 'mysql':
+			case 'mysql4':
+			case 'mysqli':
+
+				// We are defining the biggest common value, because of the possibility to edit the min/max values of each field.
+				$sql = 'ALTER TABLE ' . PROFILE_FIELDS_DATA_TABLE . " ADD `$field_ident` ";
+
+				switch ($field_type)
+				{
+					case FIELD_STRING:
+						$sql .= ' VARCHAR(255) ';
+					break;
+
+					case FIELD_DATE:
+						$sql .= 'VARCHAR(10) ';
+					break;
+
+					case FIELD_TEXT:
+						$sql .= "TEXT";
+		//						ADD {$field_ident}_bbcode_uid VARCHAR(5) NOT NULL,
+		//						ADD {$field_ident}_bbcode_bitfield INT(11) UNSIGNED";
+					break;
+
+					case FIELD_BOOL:
+						$sql .= 'TINYINT(2) ';
+					break;
+				
+					case FIELD_DROPDOWN:
+						$sql .= 'MEDIUMINT(8) ';
+					break;
+
+					case FIELD_INT:
+						$sql .= 'BIGINT(20) ';
+					break;
+				}
+
+			break;
+
+			case 'sqlite':
+
+				switch ($field_type)
+				{
+					case FIELD_STRING:
+						$type = ' VARCHAR(255) ';
+					break;
+
+					case FIELD_DATE:
+						$type = 'VARCHAR(10) ';
+					break;
+
+					case FIELD_TEXT:
+						$type = "TEXT(65535)";
+		//						ADD {$field_ident}_bbcode_uid VARCHAR(5) NOT NULL,
+		//						ADD {$field_ident}_bbcode_bitfield INT(11) UNSIGNED";
+					break;
+
+					case FIELD_BOOL:
+						$type = 'TINYINT(2) ';
+					break;
+
+					case FIELD_DROPDOWN:
+						$type = 'MEDIUMINT(8) ';
+					break;
+
+					case FIELD_INT:
+						$type = 'BIGINT(20) ';
+					break;
+				}
+
+				// We are defining the biggest common value, because of the possibility to edit the min/max values of each field.
+				if (version_compare(sqlite_libversion(), '3.0') == -1)
+				{
+					$sql = "SELECT sql
+						FROM sqlite_master 
+						WHERE type = 'table' 
+							AND name = '" . PROFILE_FIELDS_DATA_TABLE . "'
+						ORDER BY type DESC, name;";
+					$result = $db->sql_query($sql);
+					$row = $db->sql_fetchrow($result);
+					$db->sql_freeresult($result);
+
+					// Create a temp table and populate it, destroy the existing one
+					$db->sql_query(preg_replace('#CREATE\s+TABLE\s+"?' . PROFILE_FIELDS_DATA_TABLE . '"?#i', 'CREATE TEMPORARY TABLE ' . PROFILE_FIELDS_DATA_TABLE . '_temp', $row['sql']));
+					$db->sql_query('INSERT INTO ' . PROFILE_FIELDS_DATA_TABLE . '_temp SELECT * FROM ' . PROFILE_FIELDS_DATA_TABLE);
+					$db->sql_query('DROP TABLE ' . PROFILE_FIELDS_DATA_TABLE);
+
+					preg_match('#\((.*)\)#s', $row['sql'], $matches);
+
+					$new_table_cols = trim($matches[1]);
+					$old_table_cols = explode(',', $new_table_cols);
+					$column_list = array();
+
+					foreach ($old_table_cols as $declaration)
+					{
+						$entities = preg_split('#\s+#', trim($declaration));
+						if ($entities == 'PRIMARY')
+						{
+							continue;
+						}
+						$column_list[] = $entities[0];
+					}
+
+					$columns = implode(',', $column_list);
+
+					$new_table_cols = $field_ident . ' ' . $type . ',' . $new_table_cols;
+
+					// create a new table and fill it up. destroy the temp one
+					$db->sql_query('CREATE TABLE ' . PROFILE_FIELDS_DATA_TABLE . ' (' . $new_table_cols . ');');
+					$db->sql_query('INSERT INTO ' . PROFILE_FIELDS_DATA_TABLE . ' (' . $columns . ') SELECT ' . $columns . ' FROM ' . PROFILE_FIELDS_DATA_TABLE . '_temp;');
+					$db->sql_query('DROP TABLE ' . PROFILE_FIELDS_DATA_TABLE . '_temp');
+				}
+				else
+				{
+					$sql = 'ALTER TABLE ' . PROFILE_FIELDS_DATA_TABLE . " ADD $field_ident [$type]";
+				}
+
+			break;
+
+			case 'mssql':
+			case 'mssql_odbc':
+
+				// We are defining the biggest common value, because of the possibility to edit the min/max values of each field.
+				$sql = 'ALTER TABLE [' . PROFILE_FIELDS_DATA_TABLE . "] ADD [$field_ident] ";
+
+				switch ($field_type)
+				{
+					case FIELD_STRING:
+						$sql .= ' [VARCHAR] (255) ';
+					break;
+
+					case FIELD_DATE:
+						$sql .= '[VARCHAR] (10) ';
+					break;
+
+					case FIELD_TEXT:
+						$sql .= "[TEXT]";
+		//						ADD {$field_ident}_bbcode_uid [VARCHAR] (5) NOT NULL,
+		//						ADD {$field_ident}_bbcode_bitfield [INT] UNSIGNED";
+					break;
+
+					case FIELD_BOOL:
+					case FIELD_DROPDOWN:
+						$sql .= '[INT] ';
+					break;
+
+					case FIELD_INT:
+						$sql .= '[FLOAT] ';
+					break;
+				}
+
+			break;
+
+			case 'postgres':
+
+				// We are defining the biggest common value, because of the possibility to edit the min/max values of each field.
+				$sql = 'ALTER TABLE ' . PROFILE_FIELDS_DATA_TABLE . " ADD COLUMN \"$field_ident\" ";
+
+				switch ($field_type)
+				{
+					case FIELD_STRING:
+						$sql .= ' VARCHAR(255) ';
+					break;
+
+					case FIELD_DATE:
+						$sql .= 'VARCHAR(10) ';
+					break;
+
+					case FIELD_TEXT:
+						$sql .= "TEXT";
+		//						ADD {$field_ident}_bbcode_uid VARCHAR(5) NOT NULL,
+		//						ADD {$field_ident}_bbcode_bitfield INT4 UNSIGNED";
+					break;
+
+					case FIELD_BOOL:
+						$sql .= 'INT2 ';
+					break;
+
+					case FIELD_DROPDOWN:
+						$sql .= 'INT4 ';
+					break;
+
+					case FIELD_INT:
+						$sql .= 'INT8 ';
+					break;
+				}
+
+			break;
+
+			case 'firebird':
+
+				// We are defining the biggest common value, because of the possibility to edit the min/max values of each field.
+				$sql = 'ALTER TABLE ' . PROFILE_FIELDS_DATA_TABLE . " ADD \"$field_ident\" ";
+
+				switch ($field_type)
+				{
+					case FIELD_STRING:
+						$sql .= ' VARCHAR(255) ';
+					break;
+
+					case FIELD_DATE:
+						$sql .= 'VARCHAR(10) ';
+					break;
+
+					case FIELD_TEXT:
+						$sql .= "BLOB SUB_TYPE TEXT";
+		//						ADD {$field_ident}_bbcode_uid VARCHAR(5) NOT NULL,
+		//						ADD {$field_ident}_bbcode_bitfield INTEGER UNSIGNED";
+					break;
+
+					case FIELD_BOOL:
+					case FIELD_DROPDOWN:
+						$sql .= 'INTEGER ';
+					break;
+
+					case FIELD_INT:
+						$sql .= 'DOUBLE PRECISION ';
+					break;
+				}
+
+			break;
+
+			case 'oracle':
+
+				// We are defining the biggest common value, because of the possibility to edit the min/max values of each field.
+				$sql = 'ALTER TABLE ' . PROFILE_FIELDS_DATA_TABLE . " ADD \"$field_ident\" ";
+
+				switch ($field_type)
+				{
+					case FIELD_STRING:
+						$sql .= ' VARCHAR2(255) ';
+					break;
+
+					case FIELD_DATE:
+						$sql .= 'VARCHAR2(10) ';
+					break;
+
+					case FIELD_TEXT:
+						$sql .= "CLOB";
+		//						ADD {$field_ident}_bbcode_uid VARCHAR2(5) NOT NULL,
+		//						ADD {$field_ident}_bbcode_bitfield NUMBER(11) UNSIGNED";
+					break;
+
+					case FIELD_BOOL:
+						$sql .= 'NUMBER(2) ';
+					break;
+
+					case FIELD_DROPDOWN:
+						$sql .= 'NUMBER(8) ';
+					break;
+
+					case FIELD_INT:
+						$sql .= 'NUMBER(20) ';
+					break;
+				}
+
+			break;
+		}
+
+		return $sql;
+	}
 }
 
 ?>

phpBB/includes/acp/acp_prune.php

@@ -68,7 +68,7 @@ class acp_prune
 				'S_PRUNED'		=> true)
 			);
 
-			$sql_forum = (sizeof($forum_id)) ? ' AND forum_id IN (' . implode(', ', $forum_id) . ')' : '';
+			$sql_forum = (sizeof($forum_id)) ? ' AND ' . $db->sql_in_set('forum_id', $forum_id) : '';
 
 			// Get a list of forum's or the data for the forum that we are pruning.
 			$sql = 'SELECT forum_id, forum_name 
@@ -148,7 +148,7 @@ class acp_prune
 		{
 			$sql = 'SELECT forum_id, forum_name 
 				FROM ' . FORUMS_TABLE . ' 
-				WHERE forum_id IN (' . implode(', ', $forum_id) . ')';
+				WHERE ' . $db->sql_in_set('forum_id', $forum_id);
 			$result = $db->sql_query($sql);
 			$row = $db->sql_fetchrow($result);
 
@@ -202,19 +202,11 @@ class acp_prune
 		
 				if ($users)
 				{
-					$users = explode("\n", $users);
-
-					$where_sql = '';
-		
-					foreach ($users as $username)
-					{
-						$where_sql .= (($where_sql != '') ? ', ' : '') . "'" . $db->sql_escape($username) . "'";
-					}
-					$where_sql = " AND username IN ($where_sql)";
+					$where_sql = ' AND ' . $db->sql_in_set('username', explode("\n", $users));
 				}
 				else
 				{
-					$username = request_var('username', '', true);
+					$username = request_var('username', '');
 					$email = request_var('email', '');
 
 					$joined_select = request_var('joined_select', 'lt');
@@ -317,7 +309,7 @@ class acp_prune
 					'prune'			=> 1,
 
 					'users'			=> request_var('users', ''),
-					'username'		=> request_var('username', '', true),
+					'username'		=> request_var('username', ''),
 					'email'			=> request_var('email', ''),
 					'joined_select'	=> request_var('joined_select', ''),
 					'joined'		=> request_var('joined', ''),

phpBB/includes/acp/acp_ranks.php

@@ -37,7 +37,7 @@ class acp_ranks
 				
 				$rank_title = request_var('title', '', true);
 				$special_rank = request_var('special_rank', 0);
-				$min_posts = ($special_rank) ? -1 : request_var('min_posts', 0);
+				$min_posts = ($special_rank) ? 0 : request_var('min_posts', 0);
 				$rank_image = request_var('rank_image', '');
 
 				// The rank image has to be a jpg, gif or png
@@ -130,7 +130,7 @@ class acp_ranks
 				{
 					foreach ($img_ary as $img)
 					{
-						$img = substr($path, 1) . (($path != '') ? '/' : '') . $img; 
+						$img = $path . $img; 
 
 						if (!in_array($img, $existing_imgs) || $action == 'edit')
 						{

phpBB/includes/acp/acp_reasons.php

@@ -76,7 +76,7 @@ class acp_reasons
 					{
 						$sql = 'SELECT reason_id
 							FROM ' . REPORTS_REASONS_TABLE . "
-							WHERE LOWER(reason_title) = '" . strtolower($reason_row['reason_title']) . "'";
+							WHERE LOWER(reason_title) = '" . strtolower($db->sql_escape($reason_row['reason_title'])) . "'";
 						$result = $db->sql_query($sql);
 						$row = $db->sql_fetchrow($result);
 						$db->sql_freeresult($result);
@@ -198,10 +198,38 @@ class acp_reasons
 					$other_reason_id = (int) $db->sql_fetchfield('reason_id');
 					$db->sql_freeresult($result);
 
-					// Change the reports using this reason to 'other'
-					$sql = 'UPDATE ' . REPORTS_TABLE . '
-						SET reason_id = ' . $other_reason_id . ", report_text = CONCAT('" . $db->sql_escape($reason_row['reason_description']) . "\n\n', report_text)
-						WHERE reason_id = $reason_id";
+					switch (SQL_LAYER)
+					{
+						// The ugly one!
+						case 'mysqli':
+						case 'mysql4':
+						case 'mysql':
+							// Change the reports using this reason to 'other'
+							$sql = 'UPDATE ' . REPORTS_TABLE . '
+								SET reason_id = ' . $other_reason_id . ", report_text = CONCAT('" . $db->sql_escape($reason_row['reason_description']) . "\n\n', report_text)
+								WHERE reason_id = $reason_id";
+						break;
+
+						// Nearly standard, not quite
+						case 'mssql':
+						case 'mssql_odbc':
+							// Change the reports using this reason to 'other'
+							$sql = 'UPDATE ' . REPORTS_TABLE . '
+								SET reason_id = ' . $other_reason_id . ", report_text = '" . $db->sql_escape($reason_row['reason_description']) . "\n\n' + report_text
+								WHERE reason_id = $reason_id";
+						break;
+
+						// Teh standard
+						case 'postgres':
+						case 'oracle':
+						case 'firebird':
+						case 'sqlite':
+							// Change the reports using this reason to 'other'
+							$sql = 'UPDATE ' . REPORTS_TABLE . '
+								SET reason_id = ' . $other_reason_id . ", report_text = '" . $db->sql_escape($reason_row['reason_description']) . "\n\n' || report_text
+								WHERE reason_id = $reason_id";
+						break;
+					}
 					$db->sql_query($sql);
 
 					$db->sql_query('DELETE FROM ' . REPORTS_REASONS_TABLE . ' WHERE reason_id = ' . $reason_id);

phpBB/includes/acp/acp_search.php

@@ -267,23 +267,24 @@ class acp_search
 				}
 				else
 				{
-					$sql = 'SELECT post_id, poster_id
+					$sql = 'SELECT post_id, poster_id, forum_id
 						FROM ' . POSTS_TABLE . '
 						WHERE post_id >= ' . (int) ($post_counter + 1) . '
 							AND post_id < ' . (int) ($post_counter + $this->batch_size);
 					$result = $db->sql_query($sql);
 	
 					$ids = $posters = array();
-					while (false !== ($row = $db->sql_fetchrow($result)))
+					while ($row = $db->sql_fetchrow($result))
 					{
 						$ids[] = $row['post_id'];
 						$posters[] = $row['poster_id'];
+						$forum_ids[] = $row['forum_id'];
 					}
 					$db->sql_freeresult($result);
 
 					if (sizeof($ids))
 					{
-						$this->search->index_remove($ids, $posters);
+						$this->search->index_remove($ids, $posters, $forum_ids);
 					}
 	
 					$post_counter += $this->batch_size;
@@ -318,15 +319,15 @@ class acp_search
 				}
 				else
 				{
-					$sql = 'SELECT post_id, post_subject, post_text, poster_id
+					$sql = 'SELECT post_id, post_subject, post_text, post_encoding, poster_id, forum_id
 						FROM ' . POSTS_TABLE . '
 						WHERE post_id >= ' . (int) ($post_counter + 1) . '
 							AND post_id < ' . (int) ($post_counter + $this->batch_size);
 					$result = $db->sql_query($sql);
 
-					while (false !== ($row = $db->sql_fetchrow($result)))
+					while ($row = $db->sql_fetchrow($result))
 					{
-						$this->search->index('post', $row['post_id'], $row['post_text'], $row['post_subject'], $row['poster_id']);
+						$this->search->index('post', $row['post_id'], $row['post_text'], $row['post_subject'], $row['post_encoding'], $row['poster_id'], $row['forum_id']);
 					}
 					$db->sql_freeresult($result);
 
@@ -523,6 +524,12 @@ class acp_search
 
 		include_once("{$phpbb_root_path}includes/search/$type.$phpEx");
 
+		if (!class_exists($type))
+		{
+			$error = $user->lang['NO_SUCH_SEARCH_MODULE'];
+			return $error;
+		}
+
 		$error = false;
 		$search = new $type($error);
 

phpBB/includes/acp/acp_styles.php

@@ -27,7 +27,14 @@ class acp_styles
 		global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx;
 
 		// Hardcoded template bitfield to add for new templates
-		define('TEMPLATE_BITFIELD', 6921);
+		$bitfield = new bitfield();
+		$bitfield->set(0);
+		$bitfield->set(3);
+		$bitfield->set(8);
+		$bitfield->set(9);
+		$bitfield->set(11);
+		$bitfield->set(12);
+		define('TEMPLATE_BITFIELD', $bitfield->get_base64());
 
 		$user->add_lang('acp/styles');
 
@@ -82,7 +89,32 @@ parse_css_file = {PARSE_CSS_FILE}
 pagination_sep = \'{PAGINATION_SEP}\'
 ';
 
-		$this->imageset_keys = 'site_logo, btn_post, btn_post_pm, btn_reply, btn_reply_pm, btn_locked, btn_profile, btn_pm, btn_delete, btn_info, btn_quote, btn_search, btn_edit, btn_report, btn_email, btn_www, btn_icq, btn_aim, btn_yim, btn_msnm, btn_jabber, btn_online, btn_offline, btn_friend, btn_foe, icon_unapproved, icon_reported, icon_attach, icon_post, icon_post_new, icon_post_latest, icon_post_newest, forum, forum_new, forum_locked, forum_link, sub_forum, sub_forum_new, folder, folder_moved, folder_posted, folder_new, folder_new_posted, folder_hot, folder_hot_posted, folder_hot_new, folder_hot_new_posted, folder_locked, folder_locked_posted, folder_locked_new, folder_locked_new_posted, folder_sticky, folder_sticky_posted, folder_sticky_new, folder_sticky_new_posted, folder_announce, folder_announce_posted, folder_announce_new, folder_announce_new_posted, folder_global, folder_global_posted, folder_global_new, folder_global_new_posted, poll_left, poll_center, poll_right, attach_progress_bar, user_icon1, user_icon2, user_icon3, user_icon4, user_icon5, user_icon6, user_icon7, user_icon8, user_icon9, user_icon10';
+		$this->imageset_keys = array(
+			'logos' => array(
+				'site_logo',
+			),
+			'buttons'	=> array(
+				'icon_contact_aim', 'icon_contact_email', 'icon_contact_icq', 'icon_contact_jabber', 'icon_contact_msnm', 'icon_contact_pm', 'icon_contact_yahoo', 'icon_contact_www', 'icon_post_delete', 'icon_post_edit', 'icon_post_info', 'icon_post_quote', 'icon_post_report', 'icon_user_online', 'icon_user_offline', 'icon_user_profile', 'icon_user_search', 'icon_user_warn', 'button_pm_forward', 'button_pm_new', 'button_pm_reply', 'button_topic_locked', 'button_topic_new', 'button_topic_reply',
+			),
+			'icons'		=> array(
+				'icon_post_target', 'icon_post_target_unread', 'icon_topic_attach', 'icon_topic_latest', 'icon_topic_newest', 'icon_topic_reported', 'icon_topic_unapproved', 'icon_friend', 'icon_foe',
+			),
+			'forums'	=> array(
+				'forum_link', 'forum_read', 'forum_read_locked', 'forum_read_subforum', 'forum_unread', 'forum_unread_locked', 'forum_unread_subforum',
+			),
+			'folders'	=> array(
+				'topic_moved', 'topic_read', 'topic_read_mine', 'topic_read_hot', 'topic_read_hot_mine', 'topic_read_locked', 'topic_read_locked_mine', 'topic_unread', 'topic_unread_mine', 'topic_unread_hot', 'topic_unread_hot_mine', 'topic_unread_locked', 'topic_unread_locked_mine', 'sticky_read', 'sticky_read_mine', 'sticky_read_locked', 'sticky_read_locked_mine', 'sticky_unread', 'sticky_unread_mine', 'sticky_unread_locked', 'sticky_unread_locked_mine', 'announce_read', 'announce_read_mine', 'announce_read_locked', 'announce_read_locked_mine', 'announce_unread', 'announce_unread_mine', 'announce_unread_locked', 'announce_unread_locked_mine', 'global_read', 'global_read_mine', 'global_read_locked', 'global_read_locked_mine', 'global_unread', 'global_unread_mine', 'global_unread_locked', 'global_unread_locked_mine', 'pm_read', 'pm_unread',
+			),
+			'polls'		=> array(
+				'poll_left', 'poll_center', 'poll_right',
+			),
+			'ui'		=> array(
+				'upload_bar',
+			),
+			'user'		=> array(
+				'user_icon1', 'user_icon2', 'user_icon3', 'user_icon4', 'user_icon5', 'user_icon6', 'user_icon7', 'user_icon8', 'user_icon9', 'user_icon10',
+			),
+		);
 
 		// Execute overall actions
 		switch ($action)
@@ -183,7 +215,7 @@ pagination_sep = \'{PAGINATION_SEP}\'
 					break;
 				}
 
-				$this->frontend('style', array('details', 'export', 'delete'));
+				$this->frontend('style', array('details'), array('export', 'delete'));
 			break;
 
 			case 'template':
@@ -260,7 +292,7 @@ pagination_sep = \'{PAGINATION_SEP}\'
 					break;
 				}
 
-				$this->frontend('template', array('cache', 'details', 'refresh', 'edit', 'export', 'delete'));
+				$this->frontend('template', array('edit', 'cache', 'details'), array('refresh', 'export', 'delete'));
 			break;
 
 			case 'theme':
@@ -303,6 +335,7 @@ pagination_sep = \'{PAGINATION_SEP}\'
 
 								$cache->destroy('sql', STYLES_THEME_TABLE);
 
+								add_log('admin', 'LOG_THEME_REFRESHED', $theme_row['theme_name']);
 								trigger_error($user->lang['THEME_REFRESHED'] . adm_back_link($this->u_action));
 							}
 						}
@@ -318,11 +351,74 @@ pagination_sep = \'{PAGINATION_SEP}\'
 					break;
 				}
 
-				$this->frontend('theme', array('details', 'refresh', 'edit', 'export', 'delete'));
+				$this->frontend('theme', array('edit', 'details'), array('refresh', 'export', 'delete'));
 			break;
 
 			case 'imageset':
-				$this->frontend('imageset', array('details', 'edit', 'delete', 'export'));
+
+				switch ($action)
+				{
+					case 'refresh':
+
+						$sql = 'SELECT *
+							FROM ' . STYLES_IMAGESET_TABLE . "
+							WHERE imageset_id = $style_id";
+						$result = $db->sql_query($sql);
+						$imageset_row = $db->sql_fetchrow($result);
+						$db->sql_freeresult($result);
+
+						if (!$imageset_row)
+						{
+							trigger_error($user->lang['NO_IMAGESET'] . adm_back_link($this->u_action));
+						}
+
+						if (confirm_box(true))
+						{
+							$sql_ary = array();
+
+							$cfg_data = parse_cfg_file("{$phpbb_root_path}styles/{$imageset_row['imageset_path']}/imageset/imageset.cfg");
+					
+							$imageset_definitions = array();
+							foreach ($this->imageset_keys as $topic => $key_array)
+							{
+								$imageset_definitions = array_merge($imageset_definitions, $key_array);
+							}
+				
+							foreach ($cfg_data as $key => $value)
+							{
+								if (strpos($key, 'img_') === 0)
+								{
+									$key = substr($key, 4);
+									if (in_array($key, $imageset_definitions))
+									{
+										$sql_ary[$key] = str_replace('{PATH}', "styles/{$imageset_row['imageset_path']}/imageset/", trim($value));
+									}
+								}
+							}
+							unset($cfg_data);
+
+							$sql = 'UPDATE ' . STYLES_IMAGESET_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
+								WHERE imageset_id = $style_id";
+							$db->sql_query($sql);
+
+							$cache->destroy('sql', STYLES_IMAGESET_TABLE);
+
+							add_log('admin', 'LOG_IMAGESET_REFRESHED', $imageset_row['imageset_name']);
+							trigger_error($user->lang['IMAGESET_REFRESHED'] . adm_back_link($this->u_action));
+						}
+						else
+						{
+							confirm_box(false, $user->lang['CONFIRM_IMAGESET_REFRESH'], build_hidden_fields(array(
+								'i'			=> $id,
+								'mode'		=> $mode,
+								'action'	=> $action,
+								'id'		=> $style_id
+							)));
+						}
+					break;
+				}
+
+				$this->frontend('imageset', array('edit', 'details'), array('refresh', 'export', 'delete'));
 			break;
 		}
 	}
@@ -330,7 +426,7 @@ pagination_sep = \'{PAGINATION_SEP}\'
 	/**
 	* Build Frontend with supplied options
 	*/
-	function frontend($mode, $options)
+	function frontend($mode, $options, $actions)
 	{
 		global $user, $template, $db, $config, $phpbb_root_path, $phpEx;
 
@@ -408,12 +504,19 @@ pagination_sep = \'{PAGINATION_SEP}\'
 				$s_options[] = '<a href="' . $this->u_action . "&amp;action=$option&amp;id=" . $row[$mode . '_id'] . '">' . $user->lang[strtoupper($option)] . '</a>';
 			}
 
+			$s_actions = array();
+			foreach ($actions as $option)
+			{
+				$s_actions[] = '<a href="' . $this->u_action . "&amp;action=$option&amp;id=" . $row[$mode . '_id'] . '">' . $user->lang[strtoupper($option)] . '</a>';
+			}
+
 			$template->assign_block_vars('installed', array(
 				'S_DEFAULT_STYLE'		=> ($mode == 'style' && $row['style_id'] == $config['default_style']) ? true : false,
 				'U_EDIT'				=> $this->u_action . '&amp;action=' . (($mode == 'style') ? 'details' : 'edit') . '&amp;id=' . $row[$mode . '_id'],
 				'U_STYLE_ACT_DEACT'		=> $this->u_action . '&amp;action=' . $stylevis . '&amp;id=' . $row[$mode . '_id'],
 				'L_STYLE_ACT_DEACT'		=> $user->lang['STYLE_' . strtoupper($stylevis)],
 				'S_OPTIONS'				=> implode(' | ', $s_options),
+				'S_ACTIONS'				=> implode(' | ', $s_actions),
 				'U_PREVIEW'				=> ($mode == 'style') ? append_sid("{$phpbb_root_path}index.$phpEx", "$mode=" . $row[$mode . '_id']) : '',
 
 				'NAME'					=> $row[$mode . '_name'],
@@ -483,16 +586,17 @@ pagination_sep = \'{PAGINATION_SEP}\'
 
 		$filelist = $filelist_cats = array();
 
-		$template_data	= (!empty($_POST['template_data'])) ? ((STRIP) ? stripslashes($_POST['template_data']) : $_POST['template_data']) : '';
+		// we want newlines no carriage returns!
+		$_POST['template_data'] = (isset($_POST['template_data']) && !empty($_POST['template_data'])) ? str_replace(array("\r\n", "\r"), array("\n", "\n"), $_POST['template_data']) : '';
+
+		$template_data	= (STRIP) ? stripslashes($_POST['template_data']) : $_POST['template_data'];
 		$template_file		= request_var('template_file', '');
 		$text_rows		= max(5, min(999, request_var('text_rows', 20)));
 		$save_changes	= (isset($_POST['save'])) ? true : false;
 
 		// make sure template_file path doesn't go upwards
 		$template_file = str_replace('..', '.', $template_file);
-		// we want newlines no carriage returns!
-		$template_data = str_replace(array("\n\r", "\r"), array("\n", "\n"), $template_data);
-
+		
 		// Retrieve some information about the template
 		$sql = 'SELECT template_storedb, template_path, template_name
 			FROM ' . STYLES_TEMPLATE_TABLE . "
@@ -728,7 +832,7 @@ pagination_sep = \'{PAGINATION_SEP}\'
 				'FILENAME'	=> str_replace('.', '/', $source) . '.html')
 			);
 
-			$code = str_replace(array("\n\r", "\r"), array("\n", "\n"), file_get_contents("{$phpbb_root_path}cache/{$cache_prefix}_$source.html.$phpEx"));
+			$code = str_replace(array("\r\n", "\r"), array("\n", "\n"), file_get_contents("{$phpbb_root_path}cache/{$cache_prefix}_$source.html.$phpEx"));
 
 			$conf = array('highlight.bg', 'highlight.comment', 'highlight.default', 'highlight.html', 'highlight.keyword', 'highlight.string');
 			foreach ($conf as $ini_var)
@@ -815,20 +919,20 @@ pagination_sep = \'{PAGINATION_SEP}\'
 
 		$this->page_title = 'EDIT_THEME';
 
+		// we want newlines no carriage returns!
+		$_POST['css_data'] = (isset($_POST['css_data']) && !empty($_POST['css_data'])) ? str_replace(array("\r\n", "\r"), array("\n", "\n"), $_POST['css_data']) : '';
+
 		// get user input
 		$text_rows		= max(5, min(999, request_var('text_rows', 20)));
 		$hide_css		= request_var('hidecss', false);
 		$show_css		= !$hide_css && request_var('showcss', false);
 		$edit_class		= request_var('css_class', '');
 		$custom_class	= request_var('custom_class', '');
-		$css_data		= (!empty($_POST['css_data'])) ? ((STRIP) ? stripslashes($_POST['css_data']) : $_POST['css_data']) : '';
+		$css_data		= (STRIP) ? stripslashes($_POST['css_data']) : $_POST['css_data'];
 		$submit			= isset($_POST['submit']) ? true : false;
 		$add_custom		= isset($_POST['add_custom']) ? true : false;
 		$matches		= array();
 
-		// we want newlines no carriage returns!
-		$css_data = str_replace(array("\n\r", "\r"), array("\n", "\n"), $css_data);
-
 		// Retrieve some information about the theme
 		$sql = 'SELECT theme_storedb, theme_path, theme_name, theme_data
 			FROM ' . STYLES_THEME_TABLE . "
@@ -943,7 +1047,7 @@ pagination_sep = \'{PAGINATION_SEP}\'
 			$css_elements = array_diff(array_map('trim', explode("\n", preg_replace("#;[\n]*#s", "\n", $css_data))), array(''));
 
 			// Grab list of potential images for the "images" type
-			$imglist = filelist($phpbb_root_path . 'styles/' . $theme_info['theme_name'] . '/theme');
+			$img_filelist = filelist($phpbb_root_path . 'styles/' . $theme_info['theme_name'] . '/theme');
 
 			foreach ($match_elements as $type => $match_ary)
 			{
@@ -1009,7 +1113,7 @@ pagination_sep = \'{PAGINATION_SEP}\'
 								$selected = ($unit_option == $unit) ? ' selected="selected"' : '';
 								$s_units .= "<option value=\"$unit_option\"$selected>$unit_option</option>";
 							}
-							$s_units = '<option value=""' . (($unit == '') ? ' selected="selected"' : '') . '>' . $user->lang['NONE'] . '</option>' . $s_units;
+							$s_units = '<option value=""' . (($unit == '') ? ' selected="selected"' : '') . '>' . $user->lang['NO_UNIT'] . '</option>' . $s_units;
 
 							$template->assign_vars(array(
 								strtoupper($var) => $value,
@@ -1020,7 +1124,7 @@ pagination_sep = \'{PAGINATION_SEP}\'
 						case 'images':
 							// generate a list of images for this setting
 							$s_imglist = '';
-							foreach ($imglist as $path => $img_ary)
+							foreach ($img_filelist as $path => $img_ary)
 							{
 								foreach ($img_ary as $img)
 								{
@@ -1030,7 +1134,7 @@ pagination_sep = \'{PAGINATION_SEP}\'
 									$s_imglist .= "<option value=\"$img\"$selected>$img</option>";
 								}
 							}
-							$s_imglist = '<option value=""' . (($value == '') ? ' selected="selected"' : '') . '>' . $user->lang['NONE'] . '</option>' . $s_imglist;
+							$s_imglist = '<option value=""' . (($value == '') ? ' selected="selected"' : '') . '>' . $user->lang['NO_IMAGE'] . '</option>' . $s_imglist;
 
 							$template->assign_vars(array(
 								'S_' . strtoupper($var) => $s_imglist)
@@ -1065,7 +1169,7 @@ pagination_sep = \'{PAGINATION_SEP}\'
 				$s_hidden_fields['cssother'] = implode(' ;; ', $css_elements);
 			}
 
-			unset($imglist, $css_elements);
+			unset($img_filelist, $css_elements);
 		}
 		// else if we are showing raw css or the user submitted data from the simple view
 		// then we need to turn the given information into raw css
@@ -1257,24 +1361,8 @@ pagination_sep = \'{PAGINATION_SEP}\'
 
 			// Check to see whether the selected image exists in the table
 			$valid_name = ($update) ? false : true;
-			$imglist = array(
-				'logos' => array(
-					'site_logo',
-				),
-				'buttons'	=> array(
-					'btn_post', 'btn_reply', 'btn_locked', 'btn_quote', 'btn_edit', 'btn_delete', 'btn_report', 'btn_post_pm', 'btn_reply_pm', 'btn_profile', 'btn_pm', 'btn_info', 'btn_search', 'btn_email', 'btn_www', 'btn_icq', 'btn_aim', 'btn_yim', 'btn_msnm', 'btn_jabber', 'btn_online', 'btn_offline',
-				),
-				'icons'		=> array(
-					'icon_unapproved', 'icon_reported', 'icon_attach', 'icon_post', 'icon_post_new', 'icon_post_latest', 'icon_post_newest',),
-				'forums'		=> array(
-					'forum', 'forum_new', 'forum_locked', 'forum_link', 'sub_forum', 'sub_forum_new',),
-				'folders'	=> array(
-					'folder', 'folder_posted', 'folder_new', 'folder_new_posted', 'folder_hot', 'folder_hot_posted', 'folder_hot_new', 'folder_hot_new_posted', 'folder_locked', 'folder_locked_posted', 'folder_locked_new', 'folder_locked_new_posted', 'folder_sticky', 'folder_sticky_posted', 'folder_sticky_new', 'folder_sticky_new_posted', 'folder_announce', 'folder_announce_posted', 'folder_announce_new', 'folder_announce_new_posted',),
-				'polls'		=> array(
-					'poll_left', 'poll_center', 'poll_right',),
-			);
 
-			foreach ($imglist as $category => $img_ary)
+			foreach ($this->imageset_keys as $category => $img_ary)
 			{
 				if (in_array($imgname, $img_ary))
 				{
@@ -1317,11 +1405,12 @@ pagination_sep = \'{PAGINATION_SEP}\'
 
 		// Generate list of image options
 		$img_options = '';
-		foreach ($imglist as $category => $img_ary)
+		foreach ($this->imageset_keys as $category => $img_ary)
 		{
 			$template->assign_block_vars('category', array(
 				'NAME'			=> $user->lang['IMG_CAT_' . strtoupper($category)]
 			));
+
 			foreach ($img_ary as $img)
 			{
 				$template->assign_block_vars('category.images', array(
@@ -1362,6 +1451,10 @@ pagination_sep = \'{PAGINATION_SEP}\'
 		}
 		closedir($dp);
 
+		// Make sure the list of possible images is sorted alphabetically
+		sort($imagesetlist['nolang']);
+		sort($imagesetlist['lang']);
+
 		$imagesetlist_options = '';
 		foreach ($imagesetlist as $type => $img_ary)
 		{
@@ -1395,7 +1488,7 @@ pagination_sep = \'{PAGINATION_SEP}\'
 			'IMAGE_OPTIONS'		=> $img_options,
 			'IMAGELIST_OPTIONS'	=> $imagesetlist_options,
 			'IMAGE_SIZE'		=> $imgsize_bool,
-			'IMAGE_REQUEST'		=> (!empty($imgname)) ? '../styles/' . $imageset_path . '/imageset/' . str_replace('{LANG}', $imglang, $img_info[0]) : '',
+			'IMAGE_REQUEST'		=> (!empty($img_info[0])) ? '../styles/' . $imageset_path . '/imageset/' . str_replace('{LANG}', $imglang, $img_info[0]) : '',
 			'U_ACTION'			=> $this->u_action . "&amp;action=edit&amp;id=$imageset_id",
 			'U_BACK'			=> $this->u_action,
 			'NAME'				=> $imageset_name,
@@ -1408,7 +1501,7 @@ pagination_sep = \'{PAGINATION_SEP}\'
 	*/
 	function remove($mode, $style_id)
 	{
-		global $db, $template, $user, $phpbb_root_path, $cache;
+		global $db, $template, $user, $phpbb_root_path, $cache, $config;
 
 		$new_id = request_var('new_id', 0);
 		$update = (isset($_POST['update'])) ? true : false;
@@ -1489,6 +1582,11 @@ pagination_sep = \'{PAGINATION_SEP}\'
 					SET forum_style = $new_id
 					WHERE forum_style = $style_id";
 				$db->sql_query($sql);
+
+				if ($style_id == $config['default_style'])
+				{
+					set_config('default_style', $new_id);
+				}
 			}
 			else
 			{
@@ -1741,11 +1839,12 @@ pagination_sep = \'{PAGINATION_SEP}\'
 			{
 				$imageset_cfg = str_replace(array('{MODE}', '{NAME}', '{COPYRIGHT}', '{VERSION}'), array($mode, $style_row['imageset_name'], $style_row['imageset_copyright'], $config['version']), $this->imageset_cfg);
 
-				$imageset_definitions = explode(', ', $this->imageset_keys);
-
-				foreach ($imageset_definitions as $key)
+				foreach ($this->imageset_keys as $topic => $key_array)
 				{
-					$imageset_cfg .= "\n" . $key . ' = ' . str_replace("styles/{$style_row['imageset_path']}/imageset/", '{PATH}', $style_row[$key]);
+					foreach ($key_array as $key)
+					{
+						$imageset_cfg .= "\n" . $key . ' = ' . str_replace("styles/{$style_row['imageset_path']}/imageset/", '{PATH}', $style_row[$key]);
+					}
 				}
 
 				$files[] = array(
@@ -1794,7 +1893,14 @@ pagination_sep = \'{PAGINATION_SEP}\'
 			{
 				include($phpbb_root_path . 'includes/functions_compress.' . $phpEx);
 
-				$path = $style_row[$mode . '_path'];
+				if ($mode == 'style')
+				{
+					$path = preg_replace('#[^\w-]+#', '_', $style_row['style_name']);
+				}
+				else
+				{
+					$path = $style_row[$mode . '_path'];
+				}
 
 				if ($format == 'zip')
 				{
@@ -2254,7 +2360,7 @@ pagination_sep = \'{PAGINATION_SEP}\'
 				// heck of a lot of data ...
 				$sql_ary = array(
 					'template_id'			=> $style_id,
-					'template_filename'		=> "$template_pathfile$file",
+					'template_filename'		=> "$pathfile$file",
 					'template_included'		=> (isset($includes[$file])) ? implode(':', $includes[$file]) . ':' : '',
 					'template_mtime'		=> filemtime("{$phpbb_root_path}styles/$template_path$pathfile$file"),
 					'template_data'			=> file_get_contents("{$phpbb_root_path}styles/$template_path$pathfile$file"),
@@ -2581,7 +2687,7 @@ pagination_sep = \'{PAGINATION_SEP}\'
 			{
 				$style_row['style_id'] = 0;
 
-				$this->install_style($error, 'add', '', $style_row['style_id'], $style_row['style_name'], $style_row['style_copyright'], $style_row['style_active'], $style_row['style_default'], $style_row);
+				$this->install_style($error, 'add', '', $style_row['style_id'], $style_row['style_name'], '', $style_row['style_copyright'], $style_row['style_active'], $style_row['style_default'], $style_row);
 			}
 
 			if (!sizeof($error))
@@ -2867,40 +2973,54 @@ pagination_sep = \'{PAGINATION_SEP}\'
 			$mode . '_path'			=> $path,
 		);
 
-		if ($mode != 'imageset')
+		switch ($mode)
 		{
-			switch ($mode)
-			{
-				case 'template':
-					// We set a pre-defined bitfield here which we may use further in 3.2
-					$sql_ary += array(
-						'bbcode_bitfield'	=> TEMPLATE_BITFIELD,
-						'template_storedb'	=> $store_db
-					);
-				break;
+			case 'template':
+				// We set a pre-defined bitfield here which we may use further in 3.2
+				$sql_ary += array(
+					'bbcode_bitfield'	=> TEMPLATE_BITFIELD,
+					'template_storedb'	=> $store_db
+				);
+			break;
 
-				case 'theme':
-					$sql_ary += array(
-						'theme_storedb'	=> $store_db,
-						'theme_data'	=> ($store_db) ? (($root_path) ? $this->db_theme_data($sql_ary, false, $root_path) : '') : '',
-						'theme_mtime'	=> filemtime("{$phpbb_root_path}styles/$path/theme/stylesheet.css")
-					);
-				break;
-			}
-		}
-		else
-		{
-			$cfg_data = parse_cfg_file("$root_path$mode/imageset.cfg");
+			case 'theme':
+				// We are only interested in the theme configuration for now
+				$theme_cfg = parse_cfg_file("{$phpbb_root_path}styles/$path/theme/theme.cfg");
 
-			foreach ($cfg_data as $key => $value)
-			{
-				if (strpos($key, 'img_') === 0)
+				if (isset($theme_cfg['parse_css_file']) && $theme_cfg['parse_css_file'])
 				{
-					$key = substr($key, 4);
-					$sql_ary[$key] = str_replace('{PATH}', "styles/$path/imageset/", trim($value));
+					$store_db = 1;
 				}
-			}
-			unset($cfg_data);
+
+				$sql_ary += array(
+					'theme_storedb'	=> $store_db,
+					'theme_data'	=> ($store_db) ? $this->db_theme_data($sql_ary, false, $root_path) : '',
+					'theme_mtime'	=> filemtime("{$phpbb_root_path}styles/$path/theme/stylesheet.css")
+				);
+			break;
+
+			case 'imageset':
+				$cfg_data = parse_cfg_file("$root_path$mode/imageset.cfg");
+	
+				$imageset_definitions = array();
+				foreach ($this->imageset_keys as $topic => $key_array)
+				{
+					$imageset_definitions = array_merge($imageset_definitions, $key_array);
+				}
+	
+				foreach ($cfg_data as $key => $value)
+				{
+					if (strpos($key, 'img_') === 0)
+					{
+						$key = substr($key, 4);
+						if (in_array($key, $imageset_definitions))
+						{
+							$sql_ary[$key] = str_replace('{PATH}', "styles/$path/imageset/", trim($value));
+						}
+					}
+				}
+				unset($cfg_data);
+			break;
 		}
 
 		$db->sql_transaction('begin');

phpBB/includes/acp/acp_users.php

@@ -14,6 +14,12 @@
 class acp_users
 {
 	var $u_action;
+	var $p_master;
+
+	function acp_users(&$p_master)
+	{
+		$this->p_master = &$p_master;
+	}
 
 	function main($id, $mode)
 	{
@@ -28,7 +34,7 @@ class acp_users
 		include($phpbb_root_path . 'includes/functions_profile_fields.' . $phpEx);
 
 		$error		= array();
-		$username	= request_var('username', '', true);
+		$username	= request_var('username', '');
 		$user_id	= request_var('u', 0);
 		$action		= request_var('action', '');
 
@@ -114,7 +120,7 @@ class acp_users
 
 		foreach ($forms_ary['modes'] as $value => $ary)
 		{
-			if (!$this->is_authed($ary['auth']))
+			if (!$this->p_master->module_auth($ary['auth']))
 			{
 				continue;
 			}
@@ -133,7 +139,7 @@ class acp_users
 		// Prevent normal users/admins change/view founders if they are not a founder by themselves
 		if ($user->data['user_type'] != USER_FOUNDER && $user_row['user_type'] == USER_FOUNDER)
 		{
-			trigger_error($user->lang['NOT_MANAGE_FOUNDER'] . adm_back_link($this->u_action));
+			trigger_error($user->lang['NOT_MANAGE_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id));
 		}
 
 		switch ($mode)
@@ -192,6 +198,12 @@ class acp_users
 						case 'banuser':
 						case 'banemail':
 						case 'banip':
+
+							if ($user_id == $user->data['user_id'])
+							{
+								trigger_error($user->lang['CANNOT_BAN_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id));
+							}
+
 							$ban = array();
 
 							switch ($action)
@@ -238,6 +250,11 @@ class acp_users
 
 						case 'reactivate':
 
+							if ($user_id == $user->data['user_id'])
+							{
+								trigger_error($user->lang['CANNOT_FORCE_REACT_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id));
+							}
+
 							if ($config['email_enable'])
 							{
 								include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
@@ -287,6 +304,12 @@ class acp_users
 
 						case 'active':
 
+							if ($user_id == $user->data['user_id'])
+							{
+								// It is only deactivation since the user is already activated (else he would not have reached this page)
+								trigger_error($user->lang['CANNOT_DEACTIVATE_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id));
+							}
+
 							user_active_flip($user_id, $user_row['user_type'], false, $user_row['username']);
 
 							$message = ($user_row['user_type'] == USER_INACTIVE) ? 'USER_ADMIN_ACTIVATED' : 'USER_ADMIN_DEACTIVED';
@@ -376,7 +399,7 @@ class acp_users
 								{
 									$sql = 'SELECT topic_id, topic_replies, topic_replies_real
 										FROM ' . TOPICS_TABLE . '
-										WHERE topic_id IN (' . implode(', ', array_keys($topic_id_ary)) . ')';
+										WHERE ' . $db->sql_in_set('topic_id', array_keys($topic_id_ary));
 									$result = $db->sql_query($sql);
 
 									$del_topic_ary = array();
@@ -392,7 +415,7 @@ class acp_users
 									if (sizeof($del_topic_ary))
 									{
 										$sql = 'DELETE FROM ' . TOPICS_TABLE . '
-											WHERE topic_id IN (' . implode(', ', $del_topic_ary) . ')';
+											WHERE ' . $db->sql_in_set('topic_id', $del_topic_ary);
 										$db->sql_query($sql);
 									}
 								}
@@ -478,7 +501,7 @@ class acp_users
 							{
 								$sql = 'SELECT topic_id, forum_id, topic_title, topic_replies, topic_replies_real
 									FROM ' . TOPICS_TABLE . '
-									WHERE topic_id IN (' . implode(', ', array_keys($topic_id_ary)) . ')';
+									WHERE ' . $db->sql_in_set('topic_id', array_keys($topic_id_ary));
 								$result = $db->sql_query($sql);
 
 								while ($row = $db->sql_fetchrow($result))
@@ -601,8 +624,8 @@ class acp_users
 
 					// Validation data
 					$var_ary = array(
-						'password_confirm'	=> array('string', true, $config['min_pass_chars'], $config['max_pass_chars']),
 						'user_password'		=> array('string', true, $config['min_pass_chars'], $config['max_pass_chars']),
+						'password_confirm'	=> array('string', true, $config['min_pass_chars'], $config['max_pass_chars']),
 						'warnings'			=> array('num'),
 					);
 
@@ -657,9 +680,34 @@ class acp_users
 								$sql_ary['user_warnings'] = $data['warnings'];
 							}
 
-							if (($user_row['user_type'] == USER_FOUNDER && !$data['user_founder']) || ($user_row['user_type'] != USER_FOUNDER && $data['user_founder']))
+							// Only allow founders updating the founder status...
+							if ($user->data['user_type'] == USER_FOUNDER)
 							{
-								$sql_ary['user_type'] = ($data['user_founder']) ? USER_FOUNDER : USER_NORMAL;
+								// Setting a normal member to be a founder
+								if ($data['user_founder'] && $user_row['user_type'] != USER_FOUNDER)
+								{
+									$sql_ary['user_type'] = USER_FOUNDER;
+								}
+								else if (!$data['user_founder'] && $user_row['user_type'] == USER_FOUNDER)
+								{
+									// Check if at least one founder is present
+									$sql = 'SELECT user_id
+										FROM ' . USERS_TABLE . '
+										WHERE user_type = ' . USER_FOUNDER . '
+											AND user_id <> ' . $user_id;
+									$result = $db->sql_query_limit($sql, 1);
+									$row = $db->sql_fetchrow($result);
+									$db->sql_freeresult($result);
+
+									if ($row)
+									{
+										$sql_ary['user_type'] = USER_NORMAL;
+									}
+									else
+									{
+										trigger_error($user->lang['AT_LEAST_ONE_FOUNDER'] . adm_back_link($this->u_action . '&amp;u=' . $user_id));
+									}
+								}
 							}
 						}
 
@@ -711,6 +759,9 @@ class acp_users
 							user_update_name($user_row['username'], $update_username);
 						}
 
+						// Let the users permissions being updated
+						$auth->acl_clear_prefetch($user_id);
+
 						add_log('admin', 'LOG_USER_USER_UPDATE', $data['username']);
 
 						trigger_error($user->lang['USER_OVERVIEW_UPDATED'] . adm_back_link($this->u_action . '&amp;u=' . $user_id));
@@ -721,11 +772,19 @@ class acp_users
 				}
 
 				$user_char_ary = array('.*' => 'USERNAME_CHARS_ANY', '[\w]+' => 'USERNAME_ALPHA_ONLY', '[\w_\+\. \-\[\]]+' => 'USERNAME_ALPHA_SPACERS');
-				$quick_tool_ary = array('banuser' => 'BAN_USER', 'banemail' => 'BAN_EMAIL', 'banip' => 'BAN_IP', 'active' => (($user_row['user_type'] == USER_INACTIVE) ? 'ACTIVATE' : 'DEACTIVATE'), 'delsig' => 'DEL_SIG', 'delavatar' => 'DEL_AVATAR', 'moveposts' => 'MOVE_POSTS', 'delposts' => 'DEL_POSTS', 'delattach' => 'DEL_ATTACH');
-				
-				if ($config['email_enable'])
+
+				if ($user_id == $user->data['user_id'])
 				{
-					$quick_tool_ary['reactivate'] = 'FORCE';
+					$quick_tool_ary = array('delsig' => 'DEL_SIG', 'delavatar' => 'DEL_AVATAR', 'moveposts' => 'MOVE_POSTS', 'delposts' => 'DEL_POSTS', 'delattach' => 'DEL_ATTACH');
+				}
+				else
+				{
+					$quick_tool_ary = array('banuser' => 'BAN_USER', 'banemail' => 'BAN_EMAIL', 'banip' => 'BAN_IP', 'active' => (($user_row['user_type'] == USER_INACTIVE) ? 'ACTIVATE' : 'DEACTIVATE'), 'delsig' => 'DEL_SIG', 'delavatar' => 'DEL_AVATAR', 'moveposts' => 'MOVE_POSTS', 'delposts' => 'DEL_POSTS', 'delattach' => 'DEL_ATTACH');
+					
+					if ($config['email_enable'])
+					{
+						$quick_tool_ary['reactivate'] = 'FORCE';
+					}
 				}
 
 				$s_action_options = '<option class="sep" value="">' . $user->lang['SELECT_OPTION'] . '</option>';
@@ -743,6 +802,7 @@ class acp_users
 					'S_USER_IP'			=> ($user_row['user_ip']) ? true : false,
 					'S_USER_FOUNDER'	=> ($user_row['user_type'] == USER_FOUNDER) ? true : false,
 					'S_ACTION_OPTIONS'	=> $s_action_options,
+					'S_OWN_ACCOUNT'		=> ($user_id == $user->data['user_id']) ? true : false,
 
 					'U_SHOW_IP'		=> $this->u_action . "&amp;u=$user_id&amp;ip=" . (($ip == 'ip') ? 'hostname' : 'ip'),
 					'U_WHOIS'		=> $this->u_action . "&amp;action=whois&amp;user_ip={$user_row['user_ip']}",
@@ -755,6 +815,7 @@ class acp_users
 					'USER_LASTACTIVE'	=> ($user_row['user_lastvisit']) ? $user->format_date($user_row['user_lastvisit']) : ' - ',
 					'USER_EMAIL'		=> $user_row['user_email'],
 					'USER_WARNINGS'		=> $user_row['user_warnings'],
+					'USER_POSTS'		=> $user_row['user_posts'],
 					)
 				);
 
@@ -787,7 +848,7 @@ class acp_users
 						{
 							$sql_in[] = $mark;
 						}
-						$where_sql = ' AND log_id IN (' . implode(', ', $sql_in) . ')';
+						$where_sql = ' AND ' . $db->sql_in_set('log_id', $sql_in);
 						unset($sql_in);
 					}
 
@@ -813,7 +874,7 @@ class acp_users
 				// Sorting
 				$limit_days = array(0 => $user->lang['ALL_ENTRIES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']);
 				$sort_by_text = array('u' => $user->lang['SORT_USERNAME'], 't' => $user->lang['SORT_DATE'], 'i' => $user->lang['SORT_IP'], 'o' => $user->lang['SORT_ACTION']);
-				$sort_by_sql = array('u' => 'l.user_id', 't' => 'l.log_time', 'i' => 'l.log_ip', 'o' => 'l.log_operation');
+				$sort_by_sql = array('u' => 'l.username', 't' => 'l.log_time', 'i' => 'l.log_ip', 'o' => 'l.log_operation');
 
 				$s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = '';
 				gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param);
@@ -943,6 +1004,34 @@ class acp_users
 						// Update Custom Fields
 						if (sizeof($cp_data))
 						{
+							switch (SQL_LAYER)
+							{
+								case 'oracle':
+								case 'firebird':
+								case 'postgres':
+									$right_delim = $left_delim = '"';
+								break;
+
+								case 'sqlite':
+								case 'mssql':
+								case 'mssql_odbc':
+									$right_delim = ']';
+									$left_delim = '[';
+								break;
+
+								case 'mysql':
+								case 'mysql4':
+								case 'mysqli':
+									$right_delim = $left_delim = '`';
+								break;
+							}
+
+							foreach ($cp_data as $key => $value)
+							{
+								$cp_data[$right_delim . $key . $left_delim] = $value;
+								unset($cp_data[$key]);
+							}
+
 							$sql = 'UPDATE ' . PROFILE_FIELDS_DATA_TABLE . '
 								SET ' . $db->sql_build_array('UPDATE', $cp_data) . "
 								WHERE user_id = $user_id";
@@ -1077,7 +1166,7 @@ class acp_users
 
 					$var_ary = array(
 						'dateformat'	=> array('string', false, 3, 30),
-						'lang'			=> array('match', false, '#^[a-z_]{2,}$#i'),
+						'lang'			=> array('match', false, '#^[a-z_\-]{2,}$#i'),
 						'tz'			=> array('num', false, -14, 14),
 
 						'topic_sk'		=> array('string', false, 1, 1),
@@ -1252,7 +1341,7 @@ class acp_users
 
 					'S_LANG_OPTIONS'	=> language_select($lang),
 					'S_STYLE_OPTIONS'	=> style_select($style),
-					'S_TZ_OPTIONS'		=> tz_select($tz),
+					'S_TZ_OPTIONS'		=> tz_select($tz, true),
 					)
 				);
 
@@ -1449,6 +1538,7 @@ class acp_users
 			case 'sig':
 			
 				include_once($phpbb_root_path . 'includes/functions_posting.' . $phpEx);
+				include_once($phpbb_root_path . 'includes/functions_display.' . $phpEx);
 
 				$enable_bbcode	= ($config['allow_sig_bbcode']) ? request_var('enable_bbcode', $this->optionget($user_row, 'bbcode')) : false;
 				$enable_smilies	= ($config['allow_sig_smilies']) ? request_var('enable_smilies', $this->optionget($user_row, 'smilies')) : false;
@@ -1520,9 +1610,14 @@ class acp_users
 					'L_SIGNATURE_EXPLAIN'	=> sprintf($user->lang['SIGNATURE_EXPLAIN'], $config['max_sig_chars']),
 
 					'S_BBCODE_ALLOWED'		=> $config['allow_sig_bbcode'], 
-					'S_SMILIES_ALLOWED'		=> $config['allow_sig_smilies'],)
+					'S_SMILIES_ALLOWED'		=> $config['allow_sig_smilies'],
+					'S_BBCODE_IMG'			=> ($config['allow_sig_img']) ? true : false,
+					'S_BBCODE_FLASH'		=> ($config['allow_sig_flash']) ? true : false)
 				);
 
+				// Assigning custom bbcodes
+				display_custom_bbcodes();
+
 			break;
 
 			case 'attach':
@@ -1541,7 +1636,7 @@ class acp_users
 					{
 						$sql = 'SELECT real_filename
 							FROM ' . ATTACHMENTS_TABLE . '
-							WHERE attach_id IN (' . implode(', ', $marked) . ')';
+							WHERE ' . $db->sql_in_set('attach_id', $marked);
 						$result = $db->sql_query($sql);
 
 						$log_attachments = array();
@@ -1623,7 +1718,7 @@ class acp_users
 
 					$template->assign_block_vars('attach', array(
 						'REAL_FILENAME'		=> $row['real_filename'],
-						'COMMENT'			=> nl2br($row['comment']),
+						'COMMENT'			=> nl2br($row['attach_comment']),
 						'EXTENSION'			=> $row['extension'],
 						'SIZE'				=> ($row['filesize'] >= 1048576) ? ($row['filesize'] >> 20) . ' ' . $user->lang['MB'] : (($row['filesize'] >= 1024) ? ($row['filesize'] >> 10) . ' ' . $user->lang['KB'] : $row['filesize'] . ' ' . $user->lang['BYTES']),
 						'DOWNLOAD_COUNT'	=> $row['download_count'],
@@ -1745,14 +1840,14 @@ class acp_users
 				// Select box for other groups
 				$sql = 'SELECT group_id, group_name, group_type
 					FROM ' . GROUPS_TABLE . '
-					' . ((sizeof($id_ary)) ? 'WHERE group_id NOT IN (' . implode(', ', $id_ary) . ')' : '') . '
+					' . ((sizeof($id_ary)) ? 'WHERE ' . $db->sql_in_set('group_id', $id_ary, true) : '') . '
 					ORDER BY group_type DESC, group_name ASC';
 				$result = $db->sql_query($sql);
 
 				$s_group_options = '';
 				while ($row = $db->sql_fetchrow($result))
 				{
-					if ($config['coppa_hide_groups'] && in_array($row['group_name'], array('INACTIVE_COPPA', 'REGISTERED_COPPA')))
+					if (!$config['coppa_enable'] && in_array($row['group_name'], array('INACTIVE_COPPA', 'REGISTERED_COPPA')))
 					{
 						continue;
 					}
@@ -1809,28 +1904,40 @@ class acp_users
 				// Select auth options
 				$sql = 'SELECT auth_option, is_local, is_global
 					FROM ' . ACL_OPTIONS_TABLE . "
-					WHERE auth_option LIKE '%\_'
-						AND is_global = 1
-					ORDER BY auth_option";
+					WHERE auth_option LIKE '%\_'";
+
+				if (SQL_LAYER == 'mssql' || SQL_LAYER == 'mssql_odbc')
+				{
+					$sql .= " ESCAPE '\\'";
+				}
+
+				$sql .= 'AND is_global = 1
+					ORDER BY auth_option';
 				$result = $db->sql_query($sql);
 
 				while ($row = $db->sql_fetchrow($result))
 				{
-					$hold_ary = $auth_admin->get_mask('view', $user_id, false, false, $row['auth_option'], 'global', ACL_NO);
+					$hold_ary = $auth_admin->get_mask('view', $user_id, false, false, $row['auth_option'], 'global', ACL_NEVER);
 					$auth_admin->display_mask('view', $row['auth_option'], $hold_ary, 'user', false, false);
 				}
 				$db->sql_freeresult($result);
 
 				$sql = 'SELECT auth_option, is_local, is_global
 					FROM ' . ACL_OPTIONS_TABLE . "
-					WHERE auth_option LIKE '%\_'
-						AND is_local = 1
-					ORDER BY is_global DESC, auth_option";
+					WHERE auth_option LIKE '%\_'";
+
+				if (SQL_LAYER == 'mssql' || SQL_LAYER == 'mssql_odbc')
+				{
+					$sql .= " ESCAPE '\\'";
+				}
+
+				$sql .= 'AND is_local = 1
+					ORDER BY is_global DESC, auth_option';
 				$result = $db->sql_query($sql);
 
 				while ($row = $db->sql_fetchrow($result))
 				{
-					$hold_ary = $auth_admin->get_mask('view', $user_id, false, false, $row['auth_option'], 'local', ACL_NO);
+					$hold_ary = $auth_admin->get_mask('view', $user_id, false, false, $row['auth_option'], 'local', ACL_NEVER);
 					$auth_admin->display_mask('view', $row['auth_option'], $hold_ary, 'user', true, false);
 				}
 				$db->sql_freeresult($result);
@@ -1895,26 +2002,6 @@ class acp_users
 		$var = ($data) ? $data : $user_row['user_options'];
 		return ($var & 1 << $user->keyoptions[$key]) ? true : false;
 	}
-
-	/**
-	* Check if user is allowed to call this user mode
-	*/
-	function is_authed($module_auth)
-	{
-		global $config, $auth;
-
-		$module_auth = trim($module_auth);
-
-		if (!$module_auth)
-		{
-			return true;
-		}
-
-		$is_auth = false;
-		eval('$is_auth = (int) (' . preg_replace(array('#acl_([a-z_]+)(,\$id)?#', '#\$id#', '#cfg_([a-z_]+)#'), array('(int) $auth->acl_get("\\1"\\2)', 'true', '(int) $config["\\1"]'), $module_auth) . ');');
-
-		return $is_auth;
-	}
 }
 
 ?>

phpBB/includes/acp/auth.php

@@ -81,9 +81,9 @@ class auth_admin extends auth
 	* @param mixed $forum_id forum_ids to search for. Defining a forum id also means getting local settings
 	* @param string $auth_option the auth_option defines the permission setting to look for (a_ for example)
 	* @param local|global $scope the scope defines the permission scope. If local, a forum_id is additionally required
-	* @param ACL_NO|ACL_UNSET|ACL_YES $acl_fill defines the mode those permissions not set are getting filled with
+	* @param ACL_NEVER|ACL_NO|ACL_YES $acl_fill defines the mode those permissions not set are getting filled with
 	*/
-	function get_mask($mode, $user_id = false, $group_id = false, $forum_id = false, $auth_option = false, $scope = false, $acl_fill = ACL_NO)
+	function get_mask($mode, $user_id = false, $group_id = false, $forum_id = false, $auth_option = false, $scope = false, $acl_fill = ACL_NEVER)
 	{
 		global $db, $user;
 
@@ -136,7 +136,7 @@ class auth_admin extends auth
 
 			$sql = 'SELECT user_id, user_permissions, user_type
 				FROM ' . USERS_TABLE . '
-				WHERE user_id IN (' . implode(',', $ug_id) . ')';
+				WHERE ' . $db->sql_in_set('user_id', $ug_id);
 			$result = $db->sql_query($sql);
 
 			while ($userdata = $db->sql_fetchrow($result))
@@ -292,14 +292,14 @@ class auth_admin extends auth
 		{
 			$sql = 'SELECT user_id as ug_id, username as ug_name
 				FROM ' . USERS_TABLE . '
-				WHERE user_id IN (' . implode(', ', array_keys($hold_ary)) . ')
+				WHERE ' . $db->sql_in_set('user_id', array_keys($hold_ary)) . '
 				ORDER BY username ASC';
 		}
 		else
 		{
 			$sql = 'SELECT group_id as ug_id, group_name as ug_name, group_type
 				FROM ' . GROUPS_TABLE . '
-				WHERE group_id IN (' . implode(', ', array_keys($hold_ary)) . ')
+				WHERE ' . $db->sql_in_set('group_id', array_keys($hold_ary)) . '
 				ORDER BY group_type DESC, group_name ASC';
 		}
 		$result = $db->sql_query($sql);
@@ -322,7 +322,7 @@ class auth_admin extends auth
 		$forum_names_ary = array();
 		if ($local)
 		{
-			$forum_names_ary = make_forum_select(false, false, true, false, false, true);
+			$forum_names_ary = make_forum_select(false, false, true, false, false, false, true);
 		}
 		else
 		{
@@ -361,7 +361,7 @@ class auth_admin extends auth
 			$sql = 'SELECT r.role_id, o.auth_option, r.auth_setting
 				FROM ' . ACL_ROLES_DATA_TABLE . ' r, ' . ACL_OPTIONS_TABLE . ' o
 				WHERE o.auth_option_id = r.auth_option_id
-					AND r.role_id IN (' . implode(', ', array_keys($roles)) . ')';
+					AND ' . $db->sql_in_set('r.role_id', array_keys($roles));
 			$result = $db->sql_query($sql);
 
 			while ($row = $db->sql_fetchrow($result))
@@ -584,7 +584,7 @@ class auth_admin extends auth
 		// Get forum names
 		$sql = 'SELECT forum_id, forum_name
 			FROM ' . FORUMS_TABLE . '
-			WHERE forum_id IN (' . implode(', ', array_keys($hold_ary)) . ')';
+			WHERE ' . $db->sql_in_set('forum_id', array_keys($hold_ary));
 		$result = $db->sql_query($sql);
 
 		$forum_names = array();
@@ -605,7 +605,7 @@ class auth_admin extends auth
 			{
 				$sql = 'SELECT user_id, username
 					FROM ' . USERS_TABLE . '
-					WHERE user_id IN (' . implode(', ', $auth_ary['users']) . ')
+					WHERE ' . $db->sql_in_set('user_id', $auth_ary['users']) . '
 					ORDER BY username';
 				$result = $db->sql_query($sql);
 
@@ -624,7 +624,7 @@ class auth_admin extends auth
 			{
 				$sql = 'SELECT group_id, group_name, group_type
 					FROM ' . GROUPS_TABLE . '
-					WHERE group_id IN (' . implode(', ', $auth_ary['groups']) . ')
+					WHERE ' . $db->sql_in_set('group_id', $auth_ary['groups']) . '
 					ORDER BY group_type ASC, group_name';
 				$result = $db->sql_query($sql);
 
@@ -768,12 +768,12 @@ class auth_admin extends auth
 			$ug_id = array($ug_id);
 		}
 
-		$ug_id_sql = 'IN (' . implode(', ', array_map('intval', $ug_id)) . ')';
-		$forum_sql = 'IN (' . implode(', ', array_map('intval', $forum_id)) . ') ';
+		$ug_id_sql = $db->sql_in_set($ug_type . '_id', array_map('intval', $ug_id));
+		$forum_sql = $db->sql_in_set('forum_id', array_map('intval', $forum_id));
 
 		// Instead of updating, inserting, removing we just remove all current settings and re-set everything...
 		$table = ($ug_type == 'user') ? ACL_USERS_TABLE : ACL_GROUPS_TABLE;
-		$id_field  = $ug_type . '_id';
+		$id_field = $ug_type . '_id';
 
 		// Get any flags as required
 		reset($auth);
@@ -797,8 +797,8 @@ class auth_admin extends auth
 		}
 
 		$sql = "DELETE FROM $table
-			WHERE forum_id $forum_sql
-				AND $id_field $ug_id_sql
+			WHERE $forum_sql
+				AND $ug_id_sql
 				AND auth_option_id IN ($any_option_id, " . implode(', ', $auth_option_ids) . ')';
 		$db->sql_query($sql);
 
@@ -818,17 +818,17 @@ class auth_admin extends auth
 		if (sizeof($role_ids))
 		{
 			$sql = "DELETE FROM $table
-				WHERE forum_id $forum_sql
-					AND $id_field $ug_id_sql
+				WHERE $forum_sql
+					AND $ug_id_sql
 					AND auth_option_id = 0
-					AND auth_role_id IN (" . implode(', ', $role_ids) . ')';
+					AND " . $db->sql_in_set('auth_role_id', $role_ids);
 			$db->sql_query($sql);
 		}
 
 		// Ok, include the any-flag if one or more auth options are set to yes...
 		foreach ($auth as $auth_option => $setting)
 		{
-			if ($setting == ACL_YES && (!isset($auth[$flag]) || $auth[$flag] == ACL_NO))
+			if ($setting == ACL_YES && (!isset($auth[$flag]) || $auth[$flag] == ACL_NEVER))
 			{
 				$auth[$flag] = ACL_YES;
 			}
@@ -858,7 +858,7 @@ class auth_admin extends auth
 				{
 					$auth_option_id = (int) $this->option_ids[$auth_option];
 
-					if ($setting != ACL_UNSET)
+					if ($setting != ACL_NO)
 					{
 						foreach ($ug_id as $id)
 						{
@@ -920,7 +920,7 @@ class auth_admin extends auth
 		// Re-set any flag...
 		foreach ($auth as $auth_option => $setting)
 		{
-			if ($setting == ACL_YES && (!isset($auth[$flag]) || $auth[$flag] == ACL_NO))
+			if ($setting == ACL_YES && (!isset($auth[$flag]) || $auth[$flag] == ACL_NEVER))
 			{
 				$auth[$flag] = ACL_YES;
 			}
@@ -931,7 +931,7 @@ class auth_admin extends auth
 		{
 			$auth_option_id = (int) $this->option_ids[$auth_option];
 
-			if ($setting != ACL_UNSET)
+			if ($setting != ACL_NO)
 			{
 				$sql_ary[] = array(
 					'role_id'			=> (int) $role_id,
@@ -941,13 +941,13 @@ class auth_admin extends auth
 			}
 		}
 
-		// If no data is there, we set the any-flag to ACL_NO...
+		// If no data is there, we set the any-flag to ACL_NEVER...
 		if (!sizeof($sql_ary))
 		{
 			$sql_ary[] = array(
 				'role_id'			=> (int) $role_id,
 				'auth_option_id'	=> $this->option_ids[$flag],
-				'auth_setting'		=> ACL_NO
+				'auth_setting'		=> ACL_NEVER
 			);
 		}
 
@@ -995,12 +995,12 @@ class auth_admin extends auth
 
 		if ($forum_id !== false)
 		{
-			$where_sql[] = (!is_array($forum_id)) ? 'forum_id = ' . (int) $forum_id : 'forum_id IN (' . implode(', ', array_map('intval', $forum_id)) . ')';
+			$where_sql[] = (!is_array($forum_id)) ? 'forum_id = ' . (int) $forum_id : $db->sql_in_set('forum_id', array_map('intval', $forum_id));
 		}
 
 		if ($ug_id !== false)
 		{
-			$where_sql[] = (!is_array($ug_id)) ? $id_field . ' = ' . (int) $ug_id : $id_field . ' IN (' . implode(', ', array_map('intval', $ug_id)) . ')';
+			$where_sql[] = (!is_array($ug_id)) ? $id_field . ' = ' . (int) $ug_id : $db->sql_in_set($id_field, array_map('intval', $ug_id));
 		}
 
 		// There seem to be auth options involved, therefore we need to go through the list and make sure we capture roles correctly
@@ -1016,7 +1016,7 @@ class auth_admin extends auth
 			while ($row = $db->sql_fetchrow($result))
 			{
 				$option_id_ary[] = $row['auth_option_id'];
-				$auth_id_ary[$row['auth_option']] = ACL_UNSET;
+				$auth_id_ary[$row['auth_option']] = ACL_NO;
 			}
 			$db->sql_freeresult($result);
 
@@ -1043,7 +1043,7 @@ class auth_admin extends auth
 				$sql = 'SELECT ao.auth_option, rd.role_id, rd.auth_setting
 					FROM ' . ACL_OPTIONS_TABLE . ' ao, ' . ACL_ROLES_DATA_TABLE . ' rd
 					WHERE ao.auth_option_id = rd.auth_option_id
-						AND rd.role_id IN (' . implode(', ', array_keys($cur_role_auth)) . ')';
+						AND ' . $db->sql_in_set('rd.role_id', array_keys($cur_role_auth));
 				$result = $db->sql_query($sql);
 
 				$auth_settings = array();
@@ -1072,7 +1072,7 @@ class auth_admin extends auth
 		// Now, normally remove permissions...
 		if ($permission_type !== false)
 		{
-			$where_sql[] = 'auth_option_id IN (' . implode(', ', array_map('intval', $option_id_ary)) . ')';
+			$where_sql[] = $db->sql_in_set('auth_option_id', array_map('intval', $option_id_ary));
 		}
 		
 		$sql = "DELETE FROM $table
@@ -1093,9 +1093,9 @@ class auth_admin extends auth
 		foreach ($category_array as $cat => $cat_array)
 		{
 			$template->assign_block_vars($tpl_cat, array(
-				'S_YES'		=> ($cat_array['S_YES'] && !$cat_array['S_NO'] && !$cat_array['S_UNSET']) ? true : false,
-				'S_NO'		=> ($cat_array['S_NO'] && !$cat_array['S_YES'] && !$cat_array['S_UNSET']) ? true : false,
-				'S_UNSET'	=> ($cat_array['S_UNSET'] && !$cat_array['S_NO'] && !$cat_array['S_YES']) ? true : false,
+				'S_YES'		=> ($cat_array['S_YES'] && !$cat_array['S_NEVER'] && !$cat_array['S_NO']) ? true : false,
+				'S_NEVER'	=> ($cat_array['S_NEVER'] && !$cat_array['S_YES'] && !$cat_array['S_NO']) ? true : false,
+				'S_NO'		=> ($cat_array['S_NO'] && !$cat_array['S_NEVER'] && !$cat_array['S_YES']) ? true : false,
 							
 				'CAT_NAME'	=> $user->lang['permission_cat'][$cat])
 			);
@@ -1104,8 +1104,8 @@ class auth_admin extends auth
 			{
 				$template->assign_block_vars($tpl_cat . '.' . $tpl_mask, array(
 					'S_YES'		=> ($allowed == ACL_YES) ? true : false,
+					'S_NEVER'	=> ($allowed == ACL_NEVER) ? true : false,
 					'S_NO'		=> ($allowed == ACL_NO) ? true : false,
-					'S_UNSET'	=> ($allowed == ACL_UNSET) ? true : false,
 
 					'UG_ID'			=> $ug_id,
 					'FORUM_ID'		=> $forum_id,
@@ -1166,15 +1166,15 @@ class auth_admin extends auth
 				{
 					$content_array[$forum_id][$cat] = array(
 						'S_YES'			=> false,
+						'S_NEVER'		=> false,
 						'S_NO'			=> false,
-						'S_UNSET'		=> false,
 						'permissions'	=> array(),
 					);
 				}
 
 				$content_array[$forum_id][$cat]['S_YES'] |= ($auth_setting == ACL_YES) ? true : false;
+				$content_array[$forum_id][$cat]['S_NEVER'] |= ($auth_setting == ACL_NEVER) ? true : false;
 				$content_array[$forum_id][$cat]['S_NO'] |= ($auth_setting == ACL_NO) ? true : false;
-				$content_array[$forum_id][$cat]['S_UNSET'] |= ($auth_setting == ACL_UNSET) ? true : false;
 
 				$content_array[$forum_id][$cat]['permissions'][$permission] = $auth_setting;
 			}
@@ -1211,7 +1211,7 @@ class auth_admin extends auth
 		{
 			if (strpos($opt, 'a_') === 0)
 			{
-				$hold_ary[0][$opt] = ACL_NO;
+				$hold_ary[0][$opt] = ACL_NEVER;
 			}
 		}
 

phpBB/includes/acp/info/acp_board.php

@@ -27,7 +27,6 @@ class acp_board_info
 				'post'			=> array('title' => 'ACP_POST_SETTINGS', 'auth' => 'acl_a_board', 'cat' => array('ACP_BOARD_CONFIGURATION')),
 				'signature'		=> array('title' => 'ACP_SIGNATURE_SETTINGS', 'auth' => 'acl_a_board', 'cat' => array('ACP_BOARD_CONFIGURATION')),
 				'registration'	=> array('title' => 'ACP_REGISTER_SETTINGS', 'auth' => 'acl_a_board', 'cat' => array('ACP_BOARD_CONFIGURATION')),
-				'visual'		=> array('title' => 'ACP_VC_SETTINGS', 'auth' => 'acl_a_board', 'cat' => array('ACP_BOARD_CONFIGURATION')),
 
 				'auth'		=> array('title' => 'ACP_AUTH_SETTINGS', 'auth' => 'acl_a_server', 'cat' => array('ACP_CLIENT_COMMUNICATION')),
 				'email'		=> array('title' => 'ACP_EMAIL_SETTINGS', 'auth' => 'acl_a_server', 'cat' => array('ACP_CLIENT_COMMUNICATION')),

phpBB/includes/acp/info/acp_captcha.php

@@ -0,0 +1,38 @@
+<?php
+/** 
+*
+* @package acp
+* @version $Id$
+* @copyright (c) 2005 phpBB Group 
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License 
+*
+*/
+
+/**
+* @package module_install
+*/
+class acp_captcha_info
+{
+	function module()
+	{
+		return array(
+			'filename'	=> 'acp_captcha',
+			'title'		=> 'ACP_CAPTCHA',
+			'version'	=> '1.0.0',
+			'modes'		=> array(
+				'visual'		=> array('title' => 'ACP_VC_SETTINGS', 'auth' => 'acl_a_board', 'cat' => array('ACP_BOARD_CONFIGURATION')),
+				'img'			=> array('title' => 'ACP_VC_CAPTCHA_DISPLAY', 'auth' => 'acl_a_board', 'cat' => array('ACP_BOARD_CONFIGURATION'), 'display' => false)
+			),
+		);
+	}
+
+	function install()
+	{
+	}
+
+	function uninstall()
+	{
+	}
+}
+
+?>

phpBB/includes/acp/info/acp_permission_roles.php

@@ -20,10 +20,10 @@ class acp_permission_roles_info
 			'title'		=> 'ACP_PERMISSION_ROLES',
 			'version'	=> '1.0.0',
 			'modes'		=> array(
-				'admin_roles'		=> array('title' => 'ACP_ADMIN_ROLES', 'auth' => 'acl_a_roles', 'cat' => array('ACP_PERMISSION_ROLES')),
-				'user_roles'		=> array('title' => 'ACP_USER_ROLES', 'auth' => 'acl_a_roles', 'cat' => array('ACP_PERMISSION_ROLES')),
-				'mod_roles'			=> array('title' => 'ACP_MOD_ROLES', 'auth' => 'acl_a_roles', 'cat' => array('ACP_PERMISSION_ROLES')),
-				'forum_roles'		=> array('title' => 'ACP_FORUM_ROLES', 'auth' => 'acl_a_roles', 'cat' => array('ACP_PERMISSION_ROLES')),
+				'admin_roles'		=> array('title' => 'ACP_ADMIN_ROLES', 'auth' => 'acl_a_roles && acl_a_aauth', 'cat' => array('ACP_PERMISSION_ROLES')),
+				'user_roles'		=> array('title' => 'ACP_USER_ROLES', 'auth' => 'acl_a_roles && acl_a_uauth', 'cat' => array('ACP_PERMISSION_ROLES')),
+				'mod_roles'			=> array('title' => 'ACP_MOD_ROLES', 'auth' => 'acl_a_roles && acl_a_mauth', 'cat' => array('ACP_PERMISSION_ROLES')),
+				'forum_roles'		=> array('title' => 'ACP_FORUM_ROLES', 'auth' => 'acl_a_roles && acl_a_fauth', 'cat' => array('ACP_PERMISSION_ROLES')),
 			),
 		);
 	}

phpBB/includes/auth.php

@@ -161,7 +161,7 @@ class auth
 				
 				if (sizeof($this->acl))
 				{
-					$sql .= ' WHERE forum_id NOT IN (' . implode(', ', array_keys($this->acl)) . ')';
+					$sql .= ' WHERE ' . $db->sql_in_set('forum_id', array_keys($this->acl), true);
 				}
 				$result = $db->sql_query($sql);
 
@@ -378,14 +378,14 @@ class auth
 
 						// If one option is allowed, the global permission for this option has to be allowed too
 						// example: if the user has the a_ permission this means he has one or more a_* permissions
-						if ($auth_ary[$opt] == ACL_YES && (!isset($bitstring[$this->acl_options[$ary_key][$option_key]]) || $bitstring[$this->acl_options[$ary_key][$option_key]] == ACL_NO))
+						if ($auth_ary[$opt] == ACL_YES && (!isset($bitstring[$this->acl_options[$ary_key][$option_key]]) || $bitstring[$this->acl_options[$ary_key][$option_key]] == ACL_NEVER))
 						{
 							$bitstring[$this->acl_options[$ary_key][$option_key]] = ACL_YES;
 						}
 					}
 					else
 					{
-						$bitstring[$id] = ACL_NO;
+						$bitstring[$id] = ACL_NEVER;
 					}
 				}
 
@@ -418,7 +418,13 @@ class auth
 	{
 		global $db;
 
-		$where_sql = ($user_id !== false) ? ' WHERE user_id ' . ((is_array($user_id)) ? ' IN (' . implode(', ', array_map('intval', $user_id)) . ')' : " = $user_id") : '';
+		$where_sql = '';
+
+		if ($user_id !== false)
+		{
+			$user_id = (!is_array($user_id)) ? $user_id = array((int) $user_id) : array_map('intval', $user_id);
+			$where_sql = ' WHERE ' . $db->sql_in_set('user_id', $user_id);
+		}
 
 		$sql = 'UPDATE ' . USERS_TABLE . "
 			SET user_permissions = '',
@@ -440,8 +446,8 @@ class auth
 
 		$sql_id = ($user_type == 'user') ? 'user_id' : 'group_id';
 
-		$sql_ug = ($ug_id !== false) ? ((!is_array($ug_id)) ? "AND a.$sql_id = $ug_id" : "AND a.$sql_id IN (" . implode(', ', $ug_id) . ')') : '';
-		$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND a.forum_id IN (' . implode(', ', $forum_id) . ')') : '';
+		$sql_ug = ($ug_id !== false) ? ((!is_array($ug_id)) ? "AND a.$sql_id = $ug_id" : 'AND ' . $db->sql_in_set("a.$sql_id", $ug_id)) : '';
+		$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND ' . $db->sql_in_set('a.forum_id', $forum_id)) : '';
 
 		// Grab assigned roles...
 		$sql = 'SELECT a.auth_role_id, a.' . $sql_id . ', a.forum_id
@@ -469,8 +475,8 @@ class auth
 	{
 		global $db;
 
-		$sql_user = ($user_id !== false) ? ((!is_array($user_id)) ? "user_id = $user_id" : 'user_id IN (' . implode(', ', $user_id) . ')') : '';
-		$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND a.forum_id IN (' . implode(', ', $forum_id) . ')') : '';
+		$sql_user = ($user_id !== false) ? ((!is_array($user_id)) ? "user_id = $user_id" : $db->sql_in_set('user_id', $user_id)) : '';
+		$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND ' . $db->sql_in_set('a.forum_id', $forum_id)) : '';
 
 		$sql_opts = '';
 
@@ -482,14 +488,14 @@ class auth
 			}
 			else
 			{
-				$sql_opts = 'AND ao.auth_option IN (' . implode(', ', preg_replace('#^\s*(.*)\s*$#e', "\"'\" . \$db->sql_escape('\\1') . \"'\"", $opts)) . ')';
+				$sql_opts = 'AND ' . $db->sql_in_set('ao.auth_option', $opts);
 			}
 		}
 
 		$hold_ary = array();
 
 		// First grab user settings ... each user has only one setting for each
-		// option ... so we shouldn't need any ACL_NO checks ... he says ...
+		// option ... so we shouldn't need any ACL_NEVER checks ... he says ...
 		// Grab assigned roles...
 		$sql = $db->sql_build_query('SELECT', array(
 			'SELECT'	=> 'ao.auth_option, a.auth_role_id, r.auth_setting as role_auth_setting, a.user_id, a.forum_id, a.auth_setting',
@@ -522,7 +528,7 @@ class auth
 		}
 		$db->sql_freeresult($result);
 
-		// Now grab group settings ... ACL_NO overrides ACL_YES so act appropriatley
+		// Now grab group settings ... ACL_NEVER overrides ACL_YES so act appropriatley
 		$sql = $db->sql_build_query('SELECT', array(
 			'SELECT'	=> 'ug.user_id, ao.auth_option, a.forum_id, a.auth_setting, a.auth_role_id, r.auth_setting as role_auth_setting',
 
@@ -552,13 +558,13 @@ class auth
 
 		while ($row = $db->sql_fetchrow($result))
 		{
-			if (!isset($hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']]) || (isset($hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']]) && $hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']] != ACL_NO))
+			if (!isset($hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']]) || (isset($hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']]) && $hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']] != ACL_NEVER))
 			{
 				$setting = ($row['auth_role_id']) ? $row['role_auth_setting'] : $row['auth_setting'];
 				$hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']] = $setting;
 
-				// Check for existence of ACL_YES if an option got set to NO
-				if ($setting == ACL_NO)
+				// Check for existence of ACL_YES if an option got set to ACL_NEVER
+				if ($setting == ACL_NEVER)
 				{
 					$flag = substr($row['auth_option'], 0, strpos($row['auth_option'], '_') + 1);
 
@@ -586,8 +592,8 @@ class auth
 	{
 		global $db;
 
-		$sql_user = ($user_id !== false) ? ((!is_array($user_id)) ? "user_id = $user_id" : 'user_id IN (' . implode(', ', $user_id) . ')') : '';
-		$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND a.forum_id IN (' . implode(', ', $forum_id) . ')') : '';
+		$sql_user = ($user_id !== false) ? ((!is_array($user_id)) ? "user_id = $user_id" : $db->sql_in_set('user_id', $user_id)) : '';
+		$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND ' . $db->sql_in_set('a.forum_id', $forum_id)) : '';
 
 		$sql_opts = '';
 
@@ -599,7 +605,7 @@ class auth
 			}
 			else
 			{
-				$sql_opts = 'AND ao.auth_option IN (' . implode(', ', preg_replace('#^\s*(.*)\s*$#e', "\"'\" . \$db->sql_escape('\\1') . \"'\"", $opts)) . ')';
+				$sql_opts = 'AND ' . $db->sql_in_set('ao.auth_option', $opts);
 			}
 		}
 
@@ -647,8 +653,8 @@ class auth
 	{
 		global $db;
 
-		$sql_group = ($group_id !== false) ? ((!is_array($group_id)) ? "group_id = $group_id" : 'group_id IN (' . implode(', ', $group_id) . ')') : '';
-		$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND a.forum_id IN (' . implode(', ', $forum_id) . ')') : '';
+		$sql_group = ($group_id !== false) ? ((!is_array($group_id)) ? "group_id = $group_id" : $db->sql_in_set('group_id', $group_id)) : '';
+		$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND ' . $db->sql_in_set('a.forum_id', $forum_id)) : '';
 
 		if ($opts !== false)
 		{
@@ -658,7 +664,7 @@ class auth
 			}
 			else
 			{
-				$sql_opts = 'AND ao.auth_option IN (' . implode(', ', preg_replace('#^\s*(.*)\s*$#e', "\"'\" . \$db->sql_escape('\\1') . \"'\"", $opts)) . ')';
+				$sql_opts = 'AND ' . $db->sql_in_set('ao.auth_option', $opts);
 			}
 		}
 
@@ -707,40 +713,70 @@ class auth
 		global $config, $db, $user, $phpbb_root_path, $phpEx;
 
 		$method = trim(basename($config['auth_method']));
+		include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx);
 
-		if (file_exists($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx))
+		$method = 'login_' . $method;
+		if (function_exists($method))
 		{
-			include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx);
+			$login = $method($username, $password);
 
-			$method = 'login_' . $method;
-			if (function_exists($method))
+			// If the auth module wants us to create an empty profile do so and then treat the status as LOGIN_SUCCESS
+			if ($login['status'] == LOGIN_SUCCESS_CREATE_PROFILE)
 			{
-				$login = $method($username, $password);
-
-				// If login succeeded, we will log the user in... else we pass the login array through...
-				if ($login['status'] == LOGIN_SUCCESS)
+				// we are going to use the user_add function so include functions_user.php if it wasn't defined yet
+				if (!function_exists('user_add'))
 				{
-					$result = $user->session_create($login['user_row']['user_id'], $admin, $autologin, $viewonline);
+					include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx);
+				}
 
-					// Successful session creation
-					if ($result === true)
-					{
-						return array(
-							'status'		=> LOGIN_SUCCESS,
-							'error_msg'		=> false,
-							'user_row'		=> $login['user_row'],
-						);
-					}
+				user_add($login['user_row'], (isset($login['cp_data'])) ? $login['cp_data'] : false);
 
+				$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type
+					FROM ' . USERS_TABLE . "
+					WHERE username = '" . $db->sql_escape($username) . "'";
+				$result = $db->sql_query($sql);
+				$row = $db->sql_fetchrow($result);
+				$db->sql_freeresult($result);
+
+				if (!$row)
+				{
 					return array(
-						'status'		=> LOGIN_BREAK,
-						'error_msg'		=> $result,
+						'status'		=> LOGIN_ERROR_EXTERNAL_AUTH,
+						'error_msg'		=> 'AUTH_NO_PROFILE_CREATED',
+						'user_row'		=> array('user_id' => ANONYMOUS),
+					);
+				}
+
+				$login = array(
+					'status'	=> LOGIN_SUCCESS,
+					'error_msg'	=> false,
+					'user_row'	=> $row,
+				);
+			}
+
+			// If login succeeded, we will log the user in... else we pass the login array through...
+			if ($login['status'] == LOGIN_SUCCESS)
+			{
+				$result = $user->session_create($login['user_row']['user_id'], $admin, $autologin, $viewonline);
+
+				// Successful session creation
+				if ($result === true)
+				{
+					return array(
+						'status'		=> LOGIN_SUCCESS,
+						'error_msg'		=> false,
 						'user_row'		=> $login['user_row'],
 					);
 				}
 
-				return $login;
+				return array(
+					'status'		=> LOGIN_BREAK,
+					'error_msg'		=> $result,
+					'user_row'		=> $login['user_row'],
+				);
 			}
+
+			return $login;
 		}
 
 		trigger_error('Authentication method not found', E_USER_ERROR);

phpBB/includes/auth/auth_apache.php

@@ -4,13 +4,6 @@
 *
 * Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him.
 *
-* This is for initial authentication via Apaches basic realm authentication methods,
-* user data is then obtained from the integrated user table
-*
-* You can do any kind of checking you like here ... the return data format is
-* either the resulting row of user information, an integer zero (indicating an
-* inactive user) or some error string
-*
 * @package login
 * @version $Id$
 * @copyright (c) 2005 phpBB Group 
@@ -18,6 +11,24 @@
 *
 */
 
+/**
+* Checks whether the user is identified to apache
+* Only allow changing authentication to apache if the user is identified
+* Called in acp_board while setting authentication plugins
+*
+* @return boolean|string false if the user is identified and else an error message
+*/
+function init_apache()
+{
+	global $user;
+
+	if (!isset($_SERVER['PHP_AUTH_USER']) || $user->data['username'] !== $_SERVER['PHP_AUTH_USER'])
+	{
+		return $user->lang['APACHE_SETUP_BEFORE_USE'];
+	}
+	return false;
+}
+
 /**
 * Login function
 */
@@ -25,11 +36,29 @@ function login_apache(&$username, &$password)
 {
 	global $db;
 
+	if (!isset($_SERVER['PHP_AUTH_USER']))
+	{
+		return array(
+			'status'		=> LOGIN_ERROR_EXTERNAL_AUTH,
+			'error_msg'		=> 'LOGIN_ERROR_EXTERNAL_AUTH_APACHE',
+			'user_row'		=> array('user_id' => ANONYMOUS),
+		);
+	}
+
 	$php_auth_user = $_SERVER['PHP_AUTH_USER'];
 	$php_auth_pw = $_SERVER['PHP_AUTH_PW'];
 
 	if (!empty($php_auth_user) && !empty($php_auth_pw))
 	{
+		if ($php_auth_user !== $username)
+		{
+			return array(
+				'status'	=> LOGIN_ERROR_USERNAME,
+				'error_msg'	=> 'LOGIN_ERROR_USERNAME',
+				'user_row'	=> array('user_id' => ANONYMOUS),
+			);
+		}
+
 		$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type 
 			FROM ' . USERS_TABLE . "
 			WHERE username = '" . $db->sql_escape($php_auth_user) . "'";
@@ -57,11 +86,11 @@ function login_apache(&$username, &$password)
 			);
 		}
 
-		// the user does not exist
+		// this is the user's first login so create an empty profile
 		return array(
-			'status'	=> LOGIN_ERROR_USERNAME,
-			'error_msg'	=> 'LOGIN_ERROR_USERNAME',
-			'user_row'	=> array('user_id' => ANONYMOUS),
+			'status'		=> LOGIN_SUCCESS_CREATE_PROFILE,
+			'error_msg'		=> false,
+			'user_row'		=> user_row_apache($php_auth_user, $php_auth_pw),
 		);
 	}
 
@@ -82,11 +111,19 @@ function autologin_apache()
 {
 	global $db;
 
+	if (!isset($_SERVER['PHP_AUTH_USER']))
+	{
+		return array();
+	}
+
 	$php_auth_user = $_SERVER['PHP_AUTH_USER'];
 	$php_auth_pw = $_SERVER['PHP_AUTH_PW'];
 
 	if (!empty($php_auth_user) && !empty($php_auth_pw))
 	{
+		set_var($php_auth_user, $php_auth_user, 'string');
+		set_var($php_auth_pw, $php_auth_pw, 'string');
+
 		$sql = 'SELECT *
 			FROM ' . USERS_TABLE . "
 			WHERE username = '" . $db->sql_escape($php_auth_user) . "'";
@@ -98,11 +135,57 @@ function autologin_apache()
 		{
 			return ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) ? array() : $row;
 		}
+
+		// create the user if he does not exist yet
+		user_add(user_row_apache($php_auth_user, $php_auth_pw));
+
+		$sql = 'SELECT *
+			FROM ' . USERS_TABLE . "
+			WHERE username = '" . $db->sql_escape($php_auth_user) . "'";
+		$result = $db->sql_query($sql);
+		$row = $db->sql_fetchrow($result);
+		$db->sql_freeresult($result);
+
+		if ($row)
+		{
+			return $row;
+		}
 	}
 
 	return array();
 }
 
+/**
+* This function generates an array which can be passed to the user_add function in order to create a user
+*/
+function user_row_apache($username, $password)
+{
+	global $db, $config, $user;
+	// first retrieve default group id
+	$sql = 'SELECT group_id
+		FROM ' . GROUPS_TABLE . "
+		WHERE group_name = '" . $db->sql_escape('REGISTERED') . "'
+			AND group_type = " . GROUP_SPECIAL;
+	$result = $db->sql_query($sql);
+	$row = $db->sql_fetchrow($result);
+	$db->sql_freeresult($result);
+
+	if (!$row)
+	{
+		trigger_error('NO_GROUP');
+	}
+
+	// generate user account data
+	return array(
+		'username'		=> $username,
+		'user_password'	=> $password,
+		'user_email'	=> '',
+		'group_id'		=> (int) $row['group_id'],
+		'user_type'		=> USER_NORMAL,
+		'user_ip'		=> $user->ip,
+	);
+}
+
 /**
 * The session validation function checks whether the user is still logged in
 *
@@ -110,7 +193,15 @@ function autologin_apache()
 */
 function validate_session_apache(&$user)
 {
-	return ($_SERVER['PHP_AUTH_USER'] === $user['username']) ? true : false;
+	if (!isset($_SERVER['PHP_AUTH_USER']))
+	{
+		return false;
+	}
+
+	$php_auth_user = '';
+	set_var($php_auth_user, $_SERVER['PHP_AUTH_USER'], 'string');
+
+	return ($php_auth_user === $user['username']) ? true : false;
 }
 
 ?>

phpBB/includes/auth/auth_db.php

@@ -6,10 +6,6 @@
 *
 * This is for authentication via the integrated user table
 *
-* You can do any kind of checking you like here ... the return data format is
-* either the resulting row of user information, an integer zero (indicating an
-* inactive user) or some error string
-*
 * @package login
 * @version $Id$
 * @copyright (c) 2005 phpBB Group 

phpBB/includes/auth/auth_ldap.php

@@ -5,13 +5,6 @@
 *
 * Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him.
 *
-* This is for initial authentication via an LDAP server, user information is then
-* obtained from the integrated user table
-*
-* You can do any kind of checking you like here ... the return data format is
-* either the resulting row of user information, an integer zero (indicating an
-* inactive user) or some error string
-*
 * @package login
 * @version $Id$
 * @copyright (c) 2005 phpBB Group 
@@ -39,9 +32,17 @@ function init_ldap()
 	}
 
 	@ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
+	@ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
 
 	// ldap_connect only checks whether the specified server is valid, so the connection might still fail
-	$search = @ldap_search($ldap, $config['ldap_base_dn'], $config['ldap_uid'] . '=' . $user->data['username'], array($config['ldap_uid']));
+	$search = @ldap_search(
+		$ldap,
+		$config['ldap_base_dn'],
+		'(' . $config['ldap_uid'] . '=' . ldap_escape(html_entity_decode($user->data['username'])) . ')',
+		(empty($config['ldap_email'])) ? array($config['ldap_uid']) : array($config['ldap_uid'], $config['ldap_email']),
+		0,
+		1
+	);
 
 	if ($search === false)
 	{
@@ -52,12 +53,18 @@ function init_ldap()
 
 	@ldap_close($ldap);
 
-	if (is_array($result) && sizeof($result) > 1)
+
+	if (!is_array($result) || sizeof($result) < 2)
 	{
-		return false;
+		return sprintf($user->lang['LDAP_NO_IDENTITY'], $user->data['username']);
 	}
 
-	return sprintf($user->lang['LDAP_NO_IDENTITY'], $user->data['username']);
+	if (!empty($config['ldap_email']) && !isset($result[0][$config['ldap_email']]))
+	{
+		return $user->lang['LDAP_NO_EMAIL'];
+	}
+
+	return false;
 }
 
 /**
@@ -65,7 +72,7 @@ function init_ldap()
 */
 function login_ldap(&$username, &$password)
 {
-	global $db, $config;
+	global $db, $config, $user;
 
 	if (!@extension_loaded('ldap'))
 	{
@@ -86,13 +93,22 @@ function login_ldap(&$username, &$password)
 	}
 
 	@ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
+	@ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
 
-	$search = @ldap_search($ldap, $config['ldap_base_dn'], $config['ldap_uid'] . '=' . $username, array($config['ldap_uid']));
-	$result = @ldap_get_entries($ldap, $search);
+	$search = @ldap_search(
+		$ldap,
+		$config['ldap_base_dn'],
+		'(' . $config['ldap_uid'] . '=' . ldap_escape(html_entity_decode($username)) . ')',
+		(empty($config['ldap_email'])) ? array($config['ldap_uid']) : array($config['ldap_uid'], $config['ldap_email']),
+		0,
+		1
+	);
 
-	if (is_array($result) && sizeof($result) > 1)
+	$ldap_result = @ldap_get_entries($ldap, $search);
+
+	if (is_array($ldap_result) && sizeof($ldap_result) > 1)
 	{
-		if (@ldap_bind($ldap, $result[0]['dn'], $password))
+		if (@ldap_bind($ldap, $ldap_result[0]['dn'], html_entity_decode($password)))
 		{
 			@ldap_close($ldap);
 
@@ -105,6 +121,8 @@ function login_ldap(&$username, &$password)
 
 			if ($row)
 			{
+				unset($ldap_result);
+
 				// User inactive...
 				if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE)
 				{
@@ -122,9 +140,45 @@ function login_ldap(&$username, &$password)
 					'user_row'		=> $row,
 				);
 			}
+			else
+			{
+				// retrieve default group id
+				$sql = 'SELECT group_id
+					FROM ' . GROUPS_TABLE . "
+					WHERE group_name = '" . $db->sql_escape('REGISTERED') . "'
+						AND group_type = " . GROUP_SPECIAL;
+				$result = $db->sql_query($sql);
+				$row = $db->sql_fetchrow($result);
+				$db->sql_freeresult($result);
+
+				if (!$row)
+				{
+					trigger_error('NO_GROUP');
+				}
+
+				// generate user account data
+				$ldap_user_row = array(
+					'username'		=> $username,
+					'user_password'	=> $password,
+					'user_email'	=> (!empty($config['ldap_email'])) ? $ldap_result[0][$config['ldap_email']][0] : '',
+					'group_id'		=> (int) $row['group_id'],
+					'user_type'		=> USER_NORMAL,
+					'user_ip'		=> $user->ip,
+				);
+
+				unset($ldap_result);
+
+				// this is the user's first login so create an empty profile
+				return array(
+					'status'		=> LOGIN_SUCCESS_CREATE_PROFILE,
+					'error_msg'		=> false,
+					'user_row'		=> $ldap_user_row,
+				);
+			}
 		}
 		else
 		{
+			unset($ldap_result);
 			@ldap_close($ldap);
 
 			// Give status about wrong password...
@@ -145,18 +199,22 @@ function login_ldap(&$username, &$password)
 	);
 }
 
+/**
+* Escapes an LDAP AttributeValue
+*/
+function ldap_escape($string)
+{
+	return str_replace(array('*', '\\', '(', ')'), array('\\*', '\\\\', '\\(', '\\)'), $string);
+}
+
 /**
 * This function is used to output any required fields in the authentication
 * admin panel. It also defines any required configuration table fields.
 */
-function admin_ldap(&$new)
+function acp_ldap(&$new)
 {
 	global $user;
 
-	/**
-	* @todo Using same approach as with cfg_build_template?
-	*/
-
 	$tpl = '
 
 	<dl>
@@ -171,27 +229,17 @@ function admin_ldap(&$new)
 		<dt><label for="ldap_uid">' . $user->lang['LDAP_UID'] . ':</label><br /><span>' . $user->lang['LDAP_UID_EXPLAIN'] . '</span></dt>
 		<dd><input type="text" id="ldap_uid" size="40" name="config[ldap_uid]" value="' . $new['ldap_uid'] . '" /></dd>
 	</dl>
+	<dl>
+		<dt><label for="ldap_uid">' . $user->lang['LDAP_EMAIL'] . ':</label><br /><span>' . $user->lang['LDAP_EMAIL_EXPLAIN'] . '</span></dt>
+		<dd><input type="text" id="ldap_uid" size="40" name="config[ldap_email]" value="' . $new['ldap_email'] . '" /></dd>
+	</dl>
 	';
 
 	// These are fields required in the config table
 	return array(
 		'tpl'		=> $tpl,
-		'config'	=> array('ldap_server', 'ldap_base_dn', 'ldap_uid')
+		'config'	=> array('ldap_server', 'ldap_base_dn', 'ldap_uid', 'ldap_email')
 	);
 }
 
-/**
-* Would be nice to allow syncing of 'appropriate' data when user updates
-* their username, password, etc. ... should be up to the plugin what data
-* is updated.
-*
-* @todo implement this functionality (probably 3.2)
-*
-* @param new|update|delete $mode defining the action to take on user updates
-*/
-function usercp_ldap($mode)
-{
-	global $db, $config;
-}
-
 ?>

phpBB/includes/bbcode.php

@@ -15,7 +15,7 @@
 class bbcode
 {
 	var $bbcode_uid = '';
-	var $bbcode_bitfield = 0;
+	var $bbcode_bitfield = '';
 	var $bbcode_cache = array();
 	var $bbcode_template = array();
 
@@ -28,7 +28,7 @@ class bbcode
 	* Constructor
 	* Init bbcode cache entries if bitfield is specified
 	*/
-	function bbcode($bitfield = 0)
+	function bbcode($bitfield = '')
 	{
 		if ($bitfield)
 		{
@@ -69,32 +69,31 @@ class bbcode
 		$str = array('search' => array(), 'replace' => array());
 		$preg = array('search' => array(), 'replace' => array());
 
-		$bitlen = strlen(decbin($this->bbcode_bitfield));
-		for ($bbcode_id = 0; $bbcode_id < $bitlen; ++$bbcode_id)
+		$bitfield = new bitfield($this->bbcode_bitfield);
+		$bbcodes_set = $bitfield->get_all_set();
+
+		foreach ($bbcodes_set as $bbcode_id)
 		{
-			if ($this->bbcode_bitfield & (1 << $bbcode_id))
+			if (!empty($this->bbcode_cache[$bbcode_id]))
 			{
-				if (!empty($this->bbcode_cache[$bbcode_id]))
+				foreach ($this->bbcode_cache[$bbcode_id] as $type => $array)
 				{
-					foreach ($this->bbcode_cache[$bbcode_id] as $type => $array)
+					foreach ($array as $search => $replace)
 					{
-						foreach ($array as $search => $replace)
-						{
-							${$type}['search'][] = str_replace('$uid', $this->bbcode_uid, $search);
-							${$type}['replace'][] = $replace;
-						}
+						${$type}['search'][] = str_replace('$uid', $this->bbcode_uid, $search);
+						${$type}['replace'][] = $replace;
+					}
 
-						if (sizeof($str['search']))
-						{
-							$message = str_replace($str['search'], $str['replace'], $message);
-							$str = array('search' => array(), 'replace' => array());
-						}
+					if (sizeof($str['search']))
+					{
+						$message = str_replace($str['search'], $str['replace'], $message);
+						$str = array('search' => array(), 'replace' => array());
+					}
 
-						if (sizeof($preg['search']))
-						{
-							$message = preg_replace($preg['search'], $preg['replace'], $message);
-							$preg = array('search' => array(), 'replace' => array());
-						}
+					if (sizeof($preg['search']))
+					{
+						$message = preg_replace($preg['search'], $preg['replace'], $message);
+						$preg = array('search' => array(), 'replace' => array());
 					}
 				}
 			}
@@ -125,13 +124,14 @@ class bbcode
 			}
 		}
 
-		$sql = '';
-		$bbcode_ids = $rowset = array();
-		$bitlen = strlen(decbin($this->bbcode_bitfield));
+		$bbcode_ids = $rowset = $sql = array();
 
-		for ($bbcode_id = 0; $bbcode_id < $bitlen; ++$bbcode_id)
+		$bitfield = new bitfield($this->bbcode_bitfield);
+		$bbcodes_set = $bitfield->get_all_set();
+
+		foreach ($bbcodes_set as $bbcode_id)
 		{
-			if (isset($this->bbcode_cache[$bbcode_id]) || !($this->bbcode_bitfield & (1 << $bbcode_id)))
+			if (isset($this->bbcode_cache[$bbcode_id]))
 			{
 				// do not try to re-cache it if it's already in
 				continue;
@@ -140,18 +140,18 @@ class bbcode
 
 			if ($bbcode_id > NUM_CORE_BBCODES)
 			{
-				$sql .= (($sql) ? ',' : '') . $bbcode_id;
+				$sql[] = $bbcode_id;
 			}
 		}
 
-		if ($sql)
+		if (sizeof($sql))
 		{
 			global $db;
 
 			$sql = 'SELECT *
-				FROM ' . BBCODES_TABLE . "
-				WHERE bbcode_id IN ($sql)";
-			$result = $db->sql_query($sql);
+				FROM ' . BBCODES_TABLE . '
+				WHERE ' . $db->sql_in_set('bbcode_id', $sql);
+			$result = $db->sql_query($sql, 3600);
 
 			while ($row = $db->sql_fetchrow($result))
 			{
@@ -232,7 +232,7 @@ class bbcode
 				case 6:
 					$this->bbcode_cache[$bbcode_id] = array(
 						'preg' => array(
-							'!\[color=(#[0-9A-F]{6}|[a-z\-]+):$uid\](.*?)\[/color:$uid\]!s'	=> $this->bbcode_tpl('color', $bbcode_id),
+							'!\[color=(#[0-9a-fA-F]{6}|[a-z\-]+):$uid\](.*?)\[/color:$uid\]!s'	=> $this->bbcode_tpl('color', $bbcode_id),
 						)
 					);
 				break;
@@ -312,9 +312,13 @@ class bbcode
 				break;
 
 				default:
+					if (!isset($template_bitfield))
+					{
+						$template_bitfield = new bitfield($this->template_bitfield);
+					}
 					if (isset($rowset[$bbcode_id]))
 					{
-						if ($this->template_bitfield & (1 << $bbcode_id))
+						if ($template_bitfield->get($bbcode_id))
 						{
 							// The bbcode requires a custom template to be loaded
 							if (!$bbcode_tpl = $this->bbcode_tpl($rowset[$bbcode_id]['bbcode_tag'], $bbcode_id))
@@ -390,9 +394,10 @@ class bbcode
 				'color'		=> '<span style="color: $1">$2</span>',
 				'email'		=> '<a href="mailto:$1">$2</a>'
 			);
+			$template_bitfield = new bitfield($this->template_bitfield);
 		}
 
-		if ($bbcode_id != -1 && !($this->template_bitfield & (1 << $bbcode_id)))
+		if ($bbcode_id != -1 && !$template_bitfield->get($bbcode_id))
 		{
 			return (isset($bbcode_hardtpl[$tpl_name])) ? $bbcode_hardtpl[$tpl_name] : false;
 		}
@@ -561,7 +566,7 @@ class bbcode
 				$code = str_replace('  ', ' &nbsp;', $code);
 
 				// remove newline at the beginning
-				if ($code{0} == "\n")
+				if (!empty($code) && $code{0} == "\n")
 				{
 					$code = substr($code, 1);
 				}

phpBB/includes/constants.php

@@ -31,14 +31,15 @@ define('USER_FOUNDER', 3);
 //define('USER_GUEST', 4);
 
 // ACL
-define('ACL_NO', 0);
+define('ACL_NEVER', 0);
 define('ACL_YES', 1);
-define('ACL_UNSET', -1);
+define('ACL_NO', -1);
 
 // Login error codes
 define('LOGIN_CONTINUE', 1);
 define('LOGIN_BREAK', 2);
 define('LOGIN_SUCCESS', 3);
+define('LOGIN_SUCCESS_CREATE_PROFILE', 20);
 define('LOGIN_ERROR_USERNAME', 10);
 define('LOGIN_ERROR_PASSWORD', 11);
 define('LOGIN_ERROR_ACTIVE', 12);
@@ -135,8 +136,8 @@ define('FIELD_DATE', 6);
 // Table names
 define('ACL_GROUPS_TABLE',			$table_prefix . 'acl_groups');
 define('ACL_OPTIONS_TABLE',			$table_prefix . 'acl_options');
-define('ACL_ROLES_TABLE',			$table_prefix . 'acl_roles');
 define('ACL_ROLES_DATA_TABLE',		$table_prefix . 'acl_roles_data');
+define('ACL_ROLES_TABLE',			$table_prefix . 'acl_roles');
 define('ACL_USERS_TABLE',			$table_prefix . 'acl_users');
 define('ATTACHMENTS_TABLE',			$table_prefix . 'attachments');
 define('BANLIST_TABLE',				$table_prefix . 'banlist');
@@ -145,10 +146,6 @@ define('BOOKMARKS_TABLE',			$table_prefix . 'bookmarks');
 define('BOTS_TABLE',				$table_prefix . 'bots');
 define('CONFIG_TABLE',				$table_prefix . 'config');
 define('CONFIRM_TABLE',				$table_prefix . 'confirm');
-define('PROFILE_FIELDS_TABLE',		$table_prefix . 'profile_fields');
-define('PROFILE_LANG_TABLE',		$table_prefix . 'profile_lang');
-define('PROFILE_FIELDS_DATA_TABLE',	$table_prefix . 'profile_fields_data');
-define('PROFILE_FIELDS_LANG_TABLE',	$table_prefix . 'profile_fields_lang');
 define('DISALLOW_TABLE',			$table_prefix . 'disallow');
 define('DRAFTS_TABLE',				$table_prefix . 'drafts');
 define('EXTENSIONS_TABLE',			$table_prefix . 'extensions');
@@ -163,11 +160,17 @@ define('LANG_TABLE',				$table_prefix . 'lang');
 define('LOG_TABLE',					$table_prefix . 'log');
 define('MODERATOR_CACHE_TABLE',		$table_prefix . 'moderator_cache');
 define('MODULES_TABLE',				$table_prefix . 'modules');
+define('POLL_OPTIONS_TABLE',		$table_prefix . 'poll_options');
+define('POLL_VOTES_TABLE',			$table_prefix . 'poll_votes');
 define('POSTS_TABLE',				$table_prefix . 'posts');
 define('PRIVMSGS_TABLE',			$table_prefix . 'privmsgs');
-define('PRIVMSGS_TO_TABLE',			$table_prefix . 'privmsgs_to');
 define('PRIVMSGS_FOLDER_TABLE',		$table_prefix . 'privmsgs_folder');
 define('PRIVMSGS_RULES_TABLE',		$table_prefix . 'privmsgs_rules');
+define('PRIVMSGS_TO_TABLE',			$table_prefix . 'privmsgs_to');
+define('PROFILE_FIELDS_TABLE',		$table_prefix . 'profile_fields');
+define('PROFILE_FIELDS_DATA_TABLE',	$table_prefix . 'profile_fields_data');
+define('PROFILE_FIELDS_LANG_TABLE',	$table_prefix . 'profile_fields_lang');
+define('PROFILE_LANG_TABLE',		$table_prefix . 'profile_lang');
 define('RANKS_TABLE',				$table_prefix . 'ranks');
 define('RATINGS_TABLE',				$table_prefix . 'ratings');
 define('REPORTS_TABLE',				$table_prefix . 'reports');
@@ -186,15 +189,13 @@ define('STYLES_THEME_TABLE',		$table_prefix . 'styles_theme');
 define('STYLES_IMAGESET_TABLE',		$table_prefix . 'styles_imageset');
 define('TOPICS_TABLE',				$table_prefix . 'topics');
 define('TOPICS_POSTED_TABLE',		$table_prefix . 'topics_posted');
-define('TOPICS_WATCH_TABLE',		$table_prefix . 'topics_watch');
 define('TOPICS_TRACK_TABLE',		$table_prefix . 'topics_track');
+define('TOPICS_WATCH_TABLE',		$table_prefix . 'topics_watch');
 define('USER_GROUP_TABLE',			$table_prefix . 'user_group');
 define('USERS_TABLE',				$table_prefix . 'users');
 define('USERS_NOTES_TABLE',			$table_prefix . 'users_notes');
 define('WARNINGS_TABLE',			$table_prefix . 'warnings');
 define('WORDS_TABLE',				$table_prefix . 'words');
-define('POLL_OPTIONS_TABLE',		$table_prefix . 'poll_options');
-define('POLL_VOTES_TABLE',			$table_prefix . 'poll_votes');
 define('ZEBRA_TABLE',				$table_prefix . 'zebra');
 
 // Additional tables

phpBB/includes/db/dbal.php

@@ -177,8 +177,6 @@ class dbal
 	* Idea for this from Ikonboard
 	* Possible query values: INSERT, INSERT_SELECT, MULTI_INSERT, UPDATE, SELECT
 	*
-	* If a key is 'module_name' and firebird used it gets adjusted to '"module_name"'
-	* on INSERT, INSERT_SELECT, UPDATE and SELECT
 	*/
 	function sql_build_array($query, $assoc_ary = false)
 	{
@@ -193,24 +191,16 @@ class dbal
 		{
 			foreach ($assoc_ary as $key => $var)
 			{
-				$fields[] = ($key == 'module_name' && SQL_LAYER == 'firebird') ? '"' . $key . '"' : $key;
+				$fields[] = $key;
 
-				if (is_null($var))
-				{
-					$values[] = 'NULL';
-				}
-				else if (is_string($var))
-				{
-					$values[] = "'" . $this->sql_escape($var) . "'";
-				}
-				else if (is_array($var) && is_string($var[0]))
+				if (is_array($var) && is_string($var[0]))
 				{
 					// This is used for INSERT_SELECT(s)
 					$values[] = $var[0];
 				}
 				else
 				{
-					$values[] = (is_bool($var)) ? intval($var) : $var;
+					$values[] = $this->_sql_validate_value($var);
 				}
 			}
 
@@ -224,18 +214,7 @@ class dbal
 				$values = array();
 				foreach ($sql_ary as $key => $var)
 				{
-					if (is_null($var))
-					{
-						$values[] = 'NULL';
-					}
-					else if (is_string($var))
-					{
-						$values[] = "'" . $this->sql_escape($var) . "'";
-					}
-					else
-					{
-						$values[] = (is_bool($var)) ? intval($var) : $var;
-					}
+					$values[] = $this->_sql_validate_value($var);
 				}
 				$ary[] = '(' . implode(', ', $values) . ')';
 			}
@@ -247,20 +226,7 @@ class dbal
 			$values = array();
 			foreach ($assoc_ary as $key => $var)
 			{
-				$key = ($key == 'module_name' && SQL_LAYER == 'firebird') ? '"' . $key . '"' : $key;
-
-				if (is_null($var))
-				{
-					$values[] = "$key = NULL";
-				}
-				else if (is_string($var))
-				{
-					$values[] = "$key = '" . $this->sql_escape($var) . "'";
-				}
-				else
-				{
-					$values[] = (is_bool($var)) ? "$key = " . intval($var) : "$key = $var";
-				}
+				$values[] = "$key = " . $this->_sql_validate_value($var);
 			}
 			$query = implode(($query == 'UPDATE') ? ', ' : ' AND ', $values);
 		}
@@ -268,6 +234,49 @@ class dbal
 		return $query;
 	}
 
+	function sql_in_set($field, $array, $negate = false)
+	{
+		if (!sizeof($array))
+		{
+			trigger_error('No values specified for SQL IN comparison', E_USER_ERROR);
+		}
+
+		$values = array();
+		foreach ($array as $var)
+		{
+			$values[] = $this->_sql_validate_value($var);
+		}
+
+		if (sizeof($values) == 1)
+		{
+			return $field . ($negate ? ' <> ' : ' = ') . $values[0];
+		}
+		else
+		{
+			return $field . ($negate ? ' NOT IN ' : ' IN ' ) . '(' . implode(', ', $values) . ')';
+		}
+	}
+
+	/**
+	* Function for validating values
+	* @access private
+	*/
+	function _sql_validate_value($var)
+	{
+		if (is_null($var))
+		{
+			return 'NULL';
+		}
+		else if (is_string($var))
+		{
+			return "'" . $this->sql_escape($var) . "'";
+		}
+		else
+		{
+			return (is_bool($var)) ? intval($var) : $var;
+		}
+	}
+
 	/**
 	* Build sql statement from array for select and select distinct statements
 	*
@@ -286,7 +295,17 @@ class dbal
 				$table_array = array();
 				foreach ($array['FROM'] as $table_name => $alias)
 				{
-					$table_array[] = $table_name . ' ' . $alias;
+					if (is_array($alias))
+					{
+						foreach ($alias as $multi_alias)
+						{
+							$table_array[] = $table_name . ' ' . $multi_alias;
+						}
+					}
+					else
+					{
+						$table_array[] = $table_name . ' ' . $alias;
+					}
 				}
 
 				$sql .= $this->_sql_custom_build('FROM', implode(', ', $table_array));
@@ -355,7 +374,7 @@ class dbal
 				// This could happen if the connection could not be established for example (then we are not able to grab the default language)
 				if (!isset($user->lang['SQL_ERROR_OCCURRED']))
 				{
-					$message .= '<br /><br />An sql error occurred while fetching this page. Please contact an administrator if this problem persist.';
+					$message .= '<br /><br />An sql error occurred while fetching this page. Please contact an administrator if this problem persists.';
 				}
 				else
 				{

phpBB/includes/db/firebird.php

@@ -22,7 +22,7 @@ if (!defined('SQL_LAYER'))
 {
 
 	define('SQL_LAYER', 'firebird');
-	include($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
+	include_once($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
 
 /**
 * Firebird/Interbase Database Abstraction Layer
@@ -32,6 +32,7 @@ if (!defined('SQL_LAYER'))
 class dbal_firebird extends dbal
 {
 	var $last_query_text = '';
+	var $service_handle = false;
 
 	/**
 	* Connect to server
@@ -45,9 +46,24 @@ class dbal_firebird extends dbal
 
 		$this->db_connect_id = ($this->persistency) ? @ibase_pconnect($this->server . ':' . $this->dbname, $this->user, $sqlpassword, false, false, 3) : @ibase_connect($this->server . ':' . $this->dbname, $this->user, $sqlpassword, false, false, 3);
 
+		$this->service_handle = (function_exists('ibase_service_attach')) ? @ibase_service_attach($this->server, $this->user, $sqlpassword) : false;
+
 		return ($this->db_connect_id) ? $this->db_connect_id : $this->sql_error('');
 	}
 
+	/**
+	* Version information about used database
+	*/
+	function sql_server_info()
+	{
+		if ($this->service_handle !== false && function_exists('ibase_server_info'))
+		{
+			return @ibase_server_info($this->service_handle, IBASE_SVC_SERVER_VERSION);
+		}
+
+		return 'Firebird/Interbase';
+	}
+
 	/**
 	* SQL Transaction
 	* @access: private
@@ -74,6 +90,12 @@ class dbal_firebird extends dbal
 
 	/**
 	* Base query method
+	*
+	* @param	string	$query		Contains the SQL query which shall be executed
+	* @param	int		$cache_ttl	Either 0 to avoid caching or the time in seconds which the result shall be kept in cache
+	* @return	mixed				When casted to bool the returned value returns true on success and false on failure
+	*
+	* @access	public
 	*/
 	function sql_query($query = '', $cache_ttl = 0)
 	{
@@ -94,7 +116,14 @@ class dbal_firebird extends dbal
 
 				if (!$this->transaction)
 				{
-					@ibase_commit_ret();
+					if (function_exists('ibase_commit_ret'))
+					{
+						@ibase_commit_ret();
+					}
+					else
+					{
+						@ibase_commit();
+					}
 				}
 
 				if ($cache_ttl && method_exists($cache, 'sql_save'))
@@ -141,6 +170,18 @@ class dbal_firebird extends dbal
 	*/
 	function sql_numrows($query_id = false)
 	{
+		global $cache;
+
+		if (!$query_id)
+		{
+			$query_id = $this->query_result;
+		}
+
+		if (isset($cache->sql_rowset[$query_id]))
+		{
+			return $cache->sql_numrows($query_id);
+		}
+
 		return false;
 	}
 
@@ -199,6 +240,8 @@ class dbal_firebird extends dbal
 	*/
 	function sql_fetchfield($field, $rownum = false, $query_id = false)
 	{
+		global $cache;
+
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
@@ -211,6 +254,11 @@ class dbal_firebird extends dbal
 				$this->sql_rowseek($rownum, $query_id);
 			}
 
+			if (isset($cache->sql_rowset[$query_id]))
+			{
+				return $cache->sql_fetchfield($query_id, $field);
+			}
+
 			$row = $this->sql_fetchrow($query_id);
 			return isset($row[$field]) ? $row[$field] : false;
 		}
@@ -224,11 +272,18 @@ class dbal_firebird extends dbal
 	*/
 	function sql_rowseek($rownum, $query_id = false)
 	{
+		global $cache;
+
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
 
+		if (isset($cache->sql_rowset[$query_id]))
+		{
+			return $cache->sql_rowseek($query_id, $rownum);
+		}
+
 		// We do not fetch the row for rownum == 0 because then the next resultset would be the second row
 		for ($i = 0; $i < $rownum; $i++)
 		{
@@ -274,11 +329,18 @@ class dbal_firebird extends dbal
 	*/
 	function sql_freeresult($query_id = false)
 	{
+		global $cache;
+
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
 
+		if (isset($cache->sql_rowset[$query_id]))
+		{
+			return $cache->sql_freeresult($query_id);
+		}
+
 		if (isset($this->open_queries[(int) $query_id]))
 		{
 			unset($this->open_queries[(int) $query_id]);
@@ -323,6 +385,11 @@ class dbal_firebird extends dbal
 	*/
 	function _sql_close()
 	{
+		if ($this->service_handle !== false)
+		{
+			@ibase_service_detach($this->service_handle);
+		}
+
 		return @ibase_close($this->db_connect_id);
 	}
 

phpBB/includes/db/mssql.php

@@ -22,7 +22,7 @@ if (!defined('SQL_LAYER'))
 {
 
 	define('SQL_LAYER', 'mssql');
-	include($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
+	include_once($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
 
 /**
 * MSSQL Database Abstraction Layer
@@ -55,6 +55,28 @@ class dbal_mssql extends dbal
 		return ($this->db_connect_id) ? $this->db_connect_id : $this->sql_error('');
 	}
 
+	/**
+	* Version information about used database
+	*/
+	function sql_server_info()
+	{
+		$result_id = @mssql_query("SELECT SERVERPROPERTY('productversion'), SERVERPROPERTY('productlevel'), SERVERPROPERTY('edition')", $this->db_connect_id);
+
+		$row = false;
+		if ($result_id)
+		{
+			$row = @mssql_fetch_assoc($result_id);
+			@mssql_free_result($result_id);
+		}
+
+		if ($row)
+		{
+			return 'MSSQL<br />' . implode(' ', $row);
+		}
+
+		return 'MSSQL';
+	}
+
 	/**
 	* SQL Transaction
 	* @access: private
@@ -81,6 +103,12 @@ class dbal_mssql extends dbal
 
 	/**
 	* Base query method
+	*
+	* @param	string	$query		Contains the SQL query which shall be executed
+	* @param	int		$cache_ttl	Either 0 to avoid caching or the time in seconds which the result shall be kept in cache
+	* @return	mixed				When casted to bool the returned value returns true on success and false on failure
+	*
+	* @access	public
 	*/
 	function sql_query($query = '', $cache_ttl = 0)
 	{
@@ -181,11 +209,18 @@ class dbal_mssql extends dbal
 	*/
 	function sql_numrows($query_id = false)
 	{
+		global $cache;
+
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
 
+		if (isset($cache->sql_rowset[$query_id]))
+		{
+			return $cache->sql_numrows($query_id);
+		}
+
 		return ($query_id) ? @mssql_num_rows($query_id) : false;
 	}
 
@@ -234,6 +269,8 @@ class dbal_mssql extends dbal
 	*/
 	function sql_fetchfield($field, $rownum = false, $query_id = false)
 	{
+		global $cache;
+
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
@@ -246,6 +283,11 @@ class dbal_mssql extends dbal
 				$this->sql_rowseek($rownum, $query_id);
 			}
 
+			if (isset($cache->sql_rowset[$query_id]))
+			{
+				return $cache->sql_fetchfield($query_id, $field);
+			}
+
 			$row = $this->sql_fetchrow($query_id);
 			return isset($row[$field]) ? $row[$field] : false;
 		}
@@ -259,11 +301,18 @@ class dbal_mssql extends dbal
 	*/
 	function sql_rowseek($rownum, $query_id = false)
 	{
+		global $cache;
+
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
 
+		if (isset($cache->sql_rowset[$query_id]))
+		{
+			return $cache->sql_rowseek($query_id, $rownum);
+		}
+
 		return ($query_id) ? @mssql_data_seek($query_id, $rownum) : false;
 	}
 
@@ -291,11 +340,18 @@ class dbal_mssql extends dbal
 	*/
 	function sql_freeresult($query_id = false)
 	{
+		global $cache;
+
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
 
+		if (isset($cache->sql_rowset[$query_id]))
+		{
+			return $cache->sql_freeresult($query_id);
+		}
+
 		if (isset($this->open_queries[$query_id]))
 		{
 			unset($this->open_queries[$query_id]);

phpBB/includes/db/mssql_odbc.php

@@ -22,7 +22,7 @@ if (!defined('SQL_LAYER'))
 {
 
 	define('SQL_LAYER', 'mssql_odbc');
-	include($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
+	include_once($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
 
 /**
 * Unified ODBC functions
@@ -49,6 +49,28 @@ class dbal_mssql_odbc extends dbal
 		return ($this->db_connect_id) ? $this->db_connect_id : $this->sql_error('');
 	}
 
+	/**
+	* Version information about used database
+	*/
+	function sql_server_info()
+	{
+		$result_id = @odbc_exec($this->db_connect_id, "SELECT SERVERPROPERTY('productversion'), SERVERPROPERTY('productlevel'), SERVERPROPERTY('edition')");
+
+		$row = false;
+		if ($result_id)
+		{
+			$row = @odbc_fetch_array($result_id);
+			@odbc_free_result($result_id);
+		}
+
+		if ($row)
+		{
+			return 'MSSQL (ODBC)<br />' . implode(' ', $row);
+		}
+
+		return 'MSSQL (ODBC)';
+	}
+
 	/**
 	* SQL Transaction
 	* @access: private
@@ -79,6 +101,12 @@ class dbal_mssql_odbc extends dbal
 
 	/**
 	* Base query method
+	*
+	* @param	string	$query		Contains the SQL query which shall be executed
+	* @param	int		$cache_ttl	Either 0 to avoid caching or the time in seconds which the result shall be kept in cache
+	* @return	mixed				When casted to bool the returned value returns true on success and false on failure
+	*
+	* @access	public
 	*/
 	function sql_query($query = '', $cache_ttl = 0)
 	{
@@ -183,11 +211,18 @@ class dbal_mssql_odbc extends dbal
 	*/
 	function sql_numrows($query_id = false)
 	{
+		global $cache;
+
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
 
+		if (isset($cache->sql_rowset[$query_id]))
+		{
+			return $cache->sql_numrows($query_id);
+		}
+
 		return ($query_id) ? @odbc_num_rows($query_id) : false;
 	}
 
@@ -225,6 +260,8 @@ class dbal_mssql_odbc extends dbal
 	*/
 	function sql_fetchfield($field, $rownum = false, $query_id = false)
 	{
+		global $cache;
+
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
@@ -237,6 +274,11 @@ class dbal_mssql_odbc extends dbal
 				$this->sql_rowseek($rownum, $query_id);
 			}
 
+			if (isset($cache->sql_rowset[$query_id]))
+			{
+				return $cache->sql_fetchfield($query_id, $field);
+			}
+
 			$row = $this->sql_fetchrow($query_id);
 			return isset($row[$field]) ? $row[$field] : false;
 		}
@@ -250,11 +292,18 @@ class dbal_mssql_odbc extends dbal
 	*/
 	function sql_rowseek($rownum, $query_id = false)
 	{
+		global $cache;
+
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
 
+		if (isset($cache->sql_rowset[$query_id]))
+		{
+			return $cache->sql_rowseek($query_id, $rownum);
+		}
+
 		$this->sql_freeresult($query_id);
 		$query_id = $this->sql_query($this->last_query_text);
 
@@ -301,11 +350,18 @@ class dbal_mssql_odbc extends dbal
 	*/
 	function sql_freeresult($query_id = false)
 	{
+		global $cache;
+
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
 
+		if (isset($cache->sql_rowset[$query_id]))
+		{
+			return $cache->sql_freeresult($query_id);
+		}
+
 		if (isset($this->open_queries[(int) $query_id]))
 		{
 			unset($this->open_queries[(int) $query_id]);

phpBB/includes/db/mysql.php

@@ -22,7 +22,7 @@ if (!defined('SQL_LAYER'))
 {
 
 	define('SQL_LAYER', 'mysql');
-	include($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
+	include_once($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
 
 /**
 * MySQL Database Abstraction Layer
@@ -55,6 +55,14 @@ class dbal_mysql extends dbal
 		return $this->sql_error('');
 	}
 
+	/**
+	* Version information about used database
+	*/
+	function sql_server_info()
+	{
+		return 'MySQL ' . @mysql_get_server_info($this->db_connect_id);
+	}
+
 	/**
 	* SQL Transaction
 	* @access: private
@@ -81,6 +89,12 @@ class dbal_mysql extends dbal
 
 	/**
 	* Base query method
+	*
+	* @param	string	$query		Contains the SQL query which shall be executed
+	* @param	int		$cache_ttl	Either 0 to avoid caching or the time in seconds which the result shall be kept in cache
+	* @return	mixed				When casted to bool the returned value returns true on success and false on failure
+	*
+	* @access	public
 	*/
 	function sql_query($query = '', $cache_ttl = 0)
 	{
@@ -163,11 +177,18 @@ class dbal_mysql extends dbal
 	*/
 	function sql_numrows($query_id = false)
 	{
+		global $cache;
+
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
 
+		if (isset($cache->sql_rowset[$query_id]))
+		{
+			return $cache->sql_numrows($query_id);
+		}
+
 		return ($query_id) ? @mysql_num_rows($query_id) : false;
 	}
 
@@ -205,6 +226,8 @@ class dbal_mysql extends dbal
 	*/
 	function sql_fetchfield($field, $rownum = false, $query_id = false)
 	{
+		global $cache;
+
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
@@ -214,11 +237,22 @@ class dbal_mysql extends dbal
 		{
 			if ($rownum === false)
 			{
+				if (isset($cache->sql_rowset[$query_id]))
+				{
+					return $cache->sql_fetchfield($query_id, $field);
+				}
+
 				$row = $this->sql_fetchrow($query_id);
 				return isset($row[$field]) ? $row[$field] : false;
 			}
 			else
 			{
+				if (isset($cache->sql_rowset[$query_id]))
+				{
+					$cache->sql_rowseek($query_id, $rownum);
+					return $cache->sql_fetchfield($query_id, $field);
+				}
+
 				return @mysql_result($query_id, $rownum, $field);
 			}
 		}
@@ -232,11 +266,18 @@ class dbal_mysql extends dbal
 	*/
 	function sql_rowseek($rownum, $query_id = false)
 	{
+		global $cache;
+
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
 
+		if (isset($cache->sql_rowset[$query_id]))
+		{
+			return $cache->sql_rowseek($query_id, $rownum);
+		}
+
 		return ($query_id) ? @mysql_data_seek($query_id, $rownum) : false;
 	}
 
@@ -253,11 +294,18 @@ class dbal_mysql extends dbal
 	*/
 	function sql_freeresult($query_id = false)
 	{
+		global $cache;
+
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
 
+		if (isset($cache->sql_rowset[$query_id]))
+		{
+			return $cache->sql_freeresult($query_id);
+		}
+
 		if (isset($this->open_queries[(int) $query_id]))
 		{
 			unset($this->open_queries[(int) $query_id]);

phpBB/includes/db/mysql4.php

@@ -22,7 +22,7 @@ if (!defined('SQL_LAYER'))
 {
 
 	define('SQL_LAYER', 'mysql4');
-	include($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
+	include_once($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
 
 /**
 * MySQL4 Database Abstraction Layer
@@ -57,6 +57,14 @@ class dbal_mysql4 extends dbal
 		return $this->sql_error('');
 	}
 
+	/**
+	* Version information about used database
+	*/
+	function sql_server_info()
+	{
+		return 'MySQL ' . @mysql_get_server_info($this->db_connect_id);
+	}
+
 	/**
 	* SQL Transaction
 	* @access: private
@@ -83,6 +91,12 @@ class dbal_mysql4 extends dbal
 
 	/**
 	* Base query method
+	*
+	* @param	string	$query		Contains the SQL query which shall be executed
+	* @param	int		$cache_ttl	Either 0 to avoid caching or the time in seconds which the result shall be kept in cache
+	* @return	mixed				When casted to bool the returned value returns true on success and false on failure
+	*
+	* @access	public
 	*/
 	function sql_query($query = '', $cache_ttl = 0)
 	{
@@ -166,11 +180,18 @@ class dbal_mysql4 extends dbal
 	*/
 	function sql_numrows($query_id = false)
 	{
+		global $cache;
+
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
 
+		if (isset($cache->sql_rowset[$query_id]))
+		{
+			return $cache->sql_numrows($query_id);
+		}
+
 		return ($query_id) ? @mysql_num_rows($query_id) : false;
 	}
 
@@ -208,6 +229,8 @@ class dbal_mysql4 extends dbal
 	*/
 	function sql_fetchfield($field, $rownum = false, $query_id = false)
 	{
+		global $cache;
+
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
@@ -217,11 +240,22 @@ class dbal_mysql4 extends dbal
 		{
 			if ($rownum === false)
 			{
+				if (isset($cache->sql_rowset[$query_id]))
+				{
+					return $cache->sql_fetchfield($query_id, $field);
+				}
+
 				$row = $this->sql_fetchrow($query_id);
 				return isset($row[$field]) ? $row[$field] : false;
 			}
 			else
 			{
+				if (isset($cache->sql_rowset[$query_id]))
+				{
+					$cache->sql_rowseek($query_id, $rownum);
+					return $cache->sql_fetchfield($query_id, $field);
+				}
+
 				return @mysql_result($query_id, $rownum, $field);
 			}
 		}
@@ -235,11 +269,18 @@ class dbal_mysql4 extends dbal
 	*/
 	function sql_rowseek($rownum, $query_id = false)
 	{
+		global $cache;
+
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
 
+		if (isset($cache->sql_rowset[$query_id]))
+		{
+			return $cache->sql_rowseek($query_id, $rownum);
+		}
+
 		return ($query_id) ? @mysql_data_seek($query_id, $rownum) : false;
 	}
 
@@ -256,11 +297,18 @@ class dbal_mysql4 extends dbal
 	*/
 	function sql_freeresult($query_id = false)
 	{
+		global $cache;
+
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
 
+		if (isset($cache->sql_rowset[$query_id]))
+		{
+			return $cache->sql_freeresult($query_id);
+		}
+
 		if (isset($this->open_queries[(int) $query_id]))
 		{
 			unset($this->open_queries[(int) $query_id]);

phpBB/includes/db/mysqli.php

@@ -22,7 +22,7 @@ if (!defined('SQL_LAYER'))
 {
 
 	define('SQL_LAYER', 'mysqli');
-	include($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
+	include_once($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
 
 /**
 * MySQLi Database Abstraction Layer
@@ -57,6 +57,14 @@ class dbal_mysqli extends dbal
 		return $this->sql_error('');
 	}
 
+	/**
+	* Version information about used database
+	*/
+	function sql_server_info()
+	{
+		return 'MySQL(i) ' . @mysqli_get_server_info($this->db_connect_id);
+	}
+
 	/**
 	* SQL Transaction
 	* @access: private
@@ -87,6 +95,12 @@ class dbal_mysqli extends dbal
 
 	/**
 	* Base query method
+	*
+	* @param	string	$query		Contains the SQL query which shall be executed
+	* @param	int		$cache_ttl	Either 0 to avoid caching or the time in seconds which the result shall be kept in cache
+	* @return	mixed				When casted to bool the returned value returns true on success and false on failure
+	*
+	* @access	public
 	*/
 	function sql_query($query = '', $cache_ttl = 0)
 	{
@@ -165,11 +179,18 @@ class dbal_mysqli extends dbal
 	*/
 	function sql_numrows($query_id = false)
 	{
+		global $cache;
+
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
 
+		if (!is_object($query_id) && isset($cache->sql_rowset[$query_id]))
+		{
+			return $cache->sql_numrows($query_id);
+		}
+
 		return ($query_id) ? @mysqli_num_rows($query_id) : false;
 	}
 
@@ -207,6 +228,8 @@ class dbal_mysqli extends dbal
 	*/
 	function sql_fetchfield($field, $rownum = false, $query_id = false)
 	{
+		global $cache;
+
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
@@ -219,6 +242,11 @@ class dbal_mysqli extends dbal
 				$this->sql_rowseek($rownum, $query_id);
 			}
 
+			if (!is_object($query_id) && isset($cache->sql_rowset[$query_id]))
+			{
+				return $cache->sql_fetchfield($query_id, $field);
+			}
+
 			$row = $this->sql_fetchrow($query_id);
 			return isset($row[$field]) ? $row[$field] : false;
 		}
@@ -232,11 +260,18 @@ class dbal_mysqli extends dbal
 	*/
 	function sql_rowseek($rownum, $query_id = false)
 	{
+		global $cache;
+
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
 
+		if (!is_object($query_id) && isset($cache->sql_rowset[$query_id]))
+		{
+			return $cache->sql_rowseek($query_id, $rownum);
+		}
+
 		return ($query_id) ? @mysqli_data_seek($query_id, $rownum) : false;
 	}
 
@@ -253,18 +288,19 @@ class dbal_mysqli extends dbal
 	*/
 	function sql_freeresult($query_id = false)
 	{
+		global $cache;
+
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
 
-		// Make sure it is not a cached query
-		if (is_object($this->query_result))
+		if (!is_object($query_id) && isset($cache->sql_rowset[$query_id]))
 		{
-			return @mysqli_free_result($query_id);
+			return $cache->sql_freeresult($query_id);
 		}
 
-		return false;
+		return @mysqli_free_result($query_id);
 	}
 
 	/**

phpBB/includes/db/oracle.php

@@ -22,7 +22,7 @@ if(!defined('SQL_LAYER'))
 {
 
 	define('SQL_LAYER', 'oracle');
-	include($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
+	include_once($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
 
 /**
 * Oracle Database Abstraction Layer
@@ -47,6 +47,14 @@ class dbal_oracle extends dbal
 		return ($this->db_connect_id) ? $this->db_connect_id : $this->sql_error('');
 	}
 
+	/**
+	* Version information about used database
+	*/
+	function sql_server_info()
+	{
+		return 'Oracle ' . @ociserverversion($this->db_connect_id);
+	}
+
 	/**
 	* SQL Transaction
 	* @access: private
@@ -73,6 +81,12 @@ class dbal_oracle extends dbal
 
 	/**
 	* Base query method
+	*
+	* @param	string	$query		Contains the SQL query which shall be executed
+	* @param	int		$cache_ttl	Either 0 to avoid caching or the time in seconds which the result shall be kept in cache
+	* @return	mixed				When casted to bool the returned value returns true on success and false on failure
+	*
+	* @access	public
 	*/
 	function sql_query($query = '', $cache_ttl = 0)
 	{
@@ -155,6 +169,52 @@ class dbal_oracle extends dbal
 		{
 			$this->query_result = false; 
 
+			// Any implicit columns exist?
+			if (strpos($query, '.*') !== false)
+			{
+				// This sucker does a few things for us. It grabs all the explicitly named columns and what tables are being used
+				preg_match('/SELECT (?:DISTINCT )?(.*?)FROM(.*?)(?:WHERE|(ORDER|GROUP) BY|$)/s', $query, $tables);
+
+				// The prefixes of the explicit columns don't matter, they simply get in the way
+				preg_match_all('/\.(\w+)/', trim($tables[1]), $columns);
+
+				// Flip lets us do an easy isset() call
+				$columns = array_flip($columns[1]);
+
+				$table_data = trim($tables[2]);
+
+				// Grab the implicitly named columns, they need expanding...
+				preg_match_all('/(\w)\.\*/', $query, $info);
+
+				$cols = array();
+
+				foreach ($info[1] as $table_alias)
+				{
+					// We need to get the name of the aliased table
+					preg_match('/(\w+) ' . $table_alias . '/', $table_data, $table_name);
+					$table_name = $table_name[1];
+
+					$sql  = "SELECT column_name
+						FROM all_tab_cols
+						WHERE table_name = '" . strtoupper($table_name) . "'";
+
+					$result = $this->sql_query($sql);
+					while ($row = $this->sql_fetchrow($result))
+					{
+						if (!isset($columns[strtolower($row['column_name'])]))
+						{
+							$cols[] = $table_alias . '.' . strtolower($row['column_name']);
+						}
+					}
+					$this->sql_freeresult($result);
+
+					// Remove the implicity .* with it's full expansion
+					$query = str_replace($table_alias . '.*', implode(', ', $cols), $query);
+
+					unset($cols);
+				}
+			}
+
 			$query = 'SELECT * FROM (SELECT /*+ FIRST_ROWS */ rownum AS xrownum, a.* FROM (' . $query . ') a WHERE rownum <= ' . ($offset + $total) . ') WHERE xrownum >= ' . $offset;
 
 			return $this->sql_query($query, $cache_ttl); 
@@ -171,11 +231,18 @@ class dbal_oracle extends dbal
 	*/
 	function sql_numrows($query_id = false)
 	{
+		global $cache;
+
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
 
+		if (isset($cache->sql_rowset[$query_id]))
+		{
+			return $cache->sql_numrows($query_id);
+		}
+
 		$result = @ocifetchstatement($query_id, $this->rowset);
 
 		// OCIFetchStatment kills our query result so we have to execute the statment again
@@ -224,7 +291,7 @@ class dbal_oracle extends dbal
 			// OCI->CLOB?
 			if (is_object($value))
 			{
-				$value = ($value->size()) ? $value->read($value->size()) : '';
+				$value = $value->load();
 			}
 			
 			$result_row[strtolower($key)] = $value;
@@ -239,6 +306,8 @@ class dbal_oracle extends dbal
 	*/
 	function sql_fetchfield($field, $rownum = false, $query_id = false)
 	{
+		global $cache;
+
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
@@ -251,6 +320,11 @@ class dbal_oracle extends dbal
 				$this->sql_rowseek($rownum, $query_id);
 			}
 
+			if (isset($cache->sql_rowset[$query_id]))
+			{
+				return $cache->sql_fetchfield($query_id, $field);
+			}
+
 			$row = $this->sql_fetchrow($query_id);
 			return isset($row[$field]) ? $row[$field] : false;
 		}
@@ -264,11 +338,18 @@ class dbal_oracle extends dbal
 	*/
 	function sql_rowseek($rownum, $query_id = false)
 	{
+		global $cache;
+
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
 
+		if (isset($cache->sql_rowset[$query_id]))
+		{
+			return $cache->sql_rowseek($query_id, $rownum);
+		}
+
 		if (!$query_id)
 		{
 			return false;
@@ -326,11 +407,18 @@ class dbal_oracle extends dbal
 	*/
 	function sql_freeresult($query_id = false)
 	{
+		global $cache;
+
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
 
+		if (isset($cache->sql_rowset[$query_id]))
+		{
+			return $cache->sql_freeresult($query_id);
+		}
+
 		if (isset($this->open_queries[(int) $query_id]))
 		{
 			unset($this->open_queries[(int) $query_id]);

phpBB/includes/db/postgres.php

@@ -22,7 +22,7 @@ if (!defined('SQL_LAYER'))
 {
 
 	define('SQL_LAYER', 'postgres');
-	include($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
+	include_once($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
 
 /**
 * PostgreSQL Database Abstraction Layer
@@ -84,6 +84,25 @@ class dbal_postgres extends dbal
 		return ($this->db_connect_id) ? $this->db_connect_id : $this->sql_error('');
 	}
 
+	/**
+	* Version information about used database
+	*/
+	function sql_server_info()
+	{
+		if (version_compare(phpversion(), '5.0.0', '>='))
+		{
+			$version = @pg_version($this->db_connect_id);
+			return 'PostgreSQL' . ((!empty($version)) ? ' ' . $version['client'] : '');
+		}
+		else
+		{
+			$query_id = @pg_query($this->db_connect_id, 'select version()');
+			$row = @pg_fetch_assoc($query_id, null);
+			$version = $row['version'];
+			return ((!empty($version)) ? ' ' . $version : '');
+		}
+	}
+
 	/**
 	* SQL Transaction
 	* @access: private
@@ -110,6 +129,12 @@ class dbal_postgres extends dbal
 
 	/**
 	* Base query method
+	*
+	* @param	string	$query		Contains the SQL query which shall be executed
+	* @param	int		$cache_ttl	Either 0 to avoid caching or the time in seconds which the result shall be kept in cache
+	* @return	mixed				When casted to bool the returned value returns true on success and false on failure
+	*
+	* @access	public
 	*/
 	function sql_query($query = '', $cache_ttl = 0)
 	{
@@ -202,11 +227,18 @@ class dbal_postgres extends dbal
 	*/
 	function sql_numrows($query_id = false)
 	{
+		global $cache;
+
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
 
+		if (isset($cache->sql_rowset[$query_id]))
+		{
+			return $cache->sql_numrows($query_id);
+		}
+
 		return ($query_id) ? @pg_num_rows($query_id) : false;
 	}
 
@@ -235,7 +267,16 @@ class dbal_postgres extends dbal
 			return $cache->sql_fetchrow($query_id);
 		}
 
-		return ($query_id) ? @pg_fetch_assoc($query_id, NULL) : false;
+		$row = @pg_fetch_assoc($query_id, null);
+		if ($row)
+		{
+			foreach ($row as $key => $value)
+			{
+				$row[$key] = (strpos($key, 'bitfield') === false) ? $value : pg_unescape_bytea($value);
+			}
+		}
+
+		return ($query_id) ? $row : false;
 	}
 
 	/**
@@ -244,6 +285,8 @@ class dbal_postgres extends dbal
 	*/
 	function sql_fetchfield($field, $rownum = false, $query_id = false)
 	{
+		global $cache;
+
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
@@ -256,6 +299,11 @@ class dbal_postgres extends dbal
 				$this->sql_rowseek($rownum, $query_id);
 			}
 
+			if (isset($cache->sql_rowset[$query_id]))
+			{
+				return $cache->sql_fetchfield($query_id, $field);
+			}
+
 			$row = $this->sql_fetchrow($query_id);
 			return isset($row[$field]) ? $row[$field] : false;
 		}
@@ -269,11 +317,18 @@ class dbal_postgres extends dbal
 	*/
 	function sql_rowseek($rownum, $query_id = false)
 	{
+		global $cache;
+
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
 
+		if (isset($cache->sql_rowset[$query_id]))
+		{
+			return $cache->sql_rowseek($query_id, $rownum);
+		}
+
 		return ($query_id) ? @pg_result_seek($query_id, $rownum) : false;
 	}
 
@@ -311,11 +366,18 @@ class dbal_postgres extends dbal
 	*/
 	function sql_freeresult($query_id = false)
 	{
+		global $cache;
+
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
 
+		if (isset($cache->sql_rowset[$query_id]))
+		{
+			return $cache->sql_freeresult($query_id);
+		}
+
 		if (isset($this->open_queries[(int) $query_id]))
 		{
 			unset($this->open_queries[(int) $query_id]);

phpBB/includes/db/sqlite.php

@@ -22,10 +22,11 @@ if (!defined('SQL_LAYER'))
 {
 
 	define('SQL_LAYER', 'sqlite');
-	include($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
+	include_once($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
 
 /**
 * Sqlite Database Abstraction Layer
+* Minimum Requirement: 2.8.2+
 * @package dbal
 */
 class dbal_sqlite extends dbal
@@ -47,10 +48,19 @@ class dbal_sqlite extends dbal
 		{
 			@sqlite_query('PRAGMA short_column_names = 1', $this->db_connect_id);
 		}
+
 		
 		return ($this->db_connect_id) ? true : array('message' => $error);
 	}
 
+	/**
+	* Version information about used database
+	*/
+	function sql_server_info()
+	{
+		return 'SQLite ' . @sqlite_libversion();
+	}
+
 	/**
 	* SQL Transaction
 	* @access: private
@@ -77,6 +87,12 @@ class dbal_sqlite extends dbal
 
 	/**
 	* Base query method
+	*
+	* @param	string	$query		Contains the SQL query which shall be executed
+	* @param	int		$cache_ttl	Either 0 to avoid caching or the time in seconds which the result shall be kept in cache
+	* @return	mixed				When casted to bool the returned value returns true on success and false on failure
+	*
+	* @access	public
 	*/
 	function sql_query($query = '', $cache_ttl = 0)
 	{
@@ -159,11 +175,18 @@ class dbal_sqlite extends dbal
 	*/
 	function sql_numrows($query_id = false)
 	{
+		global $cache;
+
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
 
+		if (isset($cache->sql_rowset[$query_id]))
+		{
+			return $cache->sql_numrows($query_id);
+		}
+
 		return ($query_id) ? @sqlite_num_rows($query_id) : false;
 	}
 
@@ -192,7 +215,9 @@ class dbal_sqlite extends dbal
 			return $cache->sql_fetchrow($query_id);
 		}
 
-		return ($query_id) ? @sqlite_fetch_array($query_id, SQLITE_ASSOC) : false;
+		$row = @sqlite_fetch_array($query_id, SQLITE_ASSOC);
+
+		return $row;
 	}
 
 	/**
@@ -201,6 +226,8 @@ class dbal_sqlite extends dbal
 	*/
 	function sql_fetchfield($field, $rownum = false, $query_id = false)
 	{
+		global $cache;
+
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
@@ -208,15 +235,17 @@ class dbal_sqlite extends dbal
 
 		if ($query_id)
 		{
-			if ($rownum === false)
-			{
-				return @sqlite_column($query_id, $field);
-			}
-			else
+			if ($rownum !== false)
 			{
 				$this->sql_rowseek($rownum, $query_id);
-				return @sqlite_column($query_id, $field);
 			}
+
+			if (isset($cache->sql_rowset[$query_id]))
+			{
+				return $cache->sql_fetchfield($query_id, $field);
+			}
+
+			return @sqlite_column($query_id, $field);
 		}
 
 		return false;
@@ -228,11 +257,18 @@ class dbal_sqlite extends dbal
 	*/
 	function sql_rowseek($rownum, $query_id = false)
 	{
+		global $cache;
+
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
 
+		if (isset($cache->sql_rowset[$query_id]))
+		{
+			return $cache->sql_rowseek($query_id, $rownum);
+		}
+
 		return ($query_id) ? @sqlite_seek($query_id, $rownum) : false;
 	}
 
@@ -249,6 +285,18 @@ class dbal_sqlite extends dbal
 	*/
 	function sql_freeresult($query_id = false)
 	{
+		global $cache;
+
+		if (!$query_id)
+		{
+			$query_id = $this->query_result;
+		}
+
+		if (isset($cache->sql_rowset[$query_id]))
+		{
+			return $cache->sql_freeresult($query_id);
+		}
+
 		return true;
 	}
 

phpBB/includes/functions.php

@@ -145,7 +145,7 @@ function unique_id($extra = 'c')
 
 	if ($dss_seeded !== true)
 	{
-		set_config('rand_seed', $config['rand_seed']);
+		set_config('rand_seed', $config['rand_seed'], true);
 		$dss_seeded = true;
 	}
 
@@ -376,6 +376,71 @@ if (!function_exists('stripos'))
 	}
 }
 
+if (!function_exists('realpath'))
+{
+	/**
+	* Replacement for realpath if it is disabled
+	* This function is from the php manual by nospam at savvior dot com
+	*/
+	function phpbb_realpath($path)
+	{
+		$translated_path = getenv('PATH_TRANSLATED');
+
+		$translated_path = str_replace('\\', '/', $translated_path);
+		$translated_path = str_replace(basename(getenv('PATH_INFO')), '', $translated_path);
+
+		$translated_path .= '/';
+
+		if ($path == '.' || $path == './')
+		{
+			return $translated_path;
+		}
+
+		// now check for back directory
+		$translated_path .= $path;
+
+		$dirs = explode('/', $translated_path);
+
+		foreach ($dirs as $key => $value)
+		{
+			if ($value == '..')
+			{
+				$dirs[$key] = '';
+				$dirs[$key - 2] = '';
+			}
+		}
+
+		$translated_path = '';
+
+		foreach ($dirs as $key => $value)
+		{
+			if (strlen($value) > 0)
+			{
+				$translated_path .= $value . '/';
+			}
+		}
+
+		$translated_path = substr($translated_path, 0, strlen($translated_path) - 1);
+
+		if (is_dir($translated_path) || is_file($translated_path))
+		{
+			return $translated_path;
+		}
+
+		return false;
+	}
+}
+else
+{
+	/**
+	* A wrapper for realpath
+	*/
+	function phpbb_realpath($path)
+	{
+		return realpath($path);
+	}
+}
+
 // functions used for building option fields
 
 /**
@@ -429,13 +494,18 @@ function style_select($default = '', $all = false)
 /**
 * Pick a timezone
 */
-function tz_select($default = '')
+function tz_select($default = '', $truncate = false)
 {
 	global $sys_timezone, $user;
 
 	$tz_select = '';
 	foreach ($user->lang['tz_zones'] as $offset => $zone)
 	{
+		if ($truncate)
+		{
+			$zone = (strlen($zone) > 70) ? substr($zone, 0, 70) . '...' : $zone;
+		}
+
 		if (is_numeric($offset))
 		{
 			$selected = ($offset == $default) ? ' selected="selected"' : '';
@@ -469,7 +539,7 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $
 				$db->sql_query('DELETE FROM ' . FORUMS_TRACK_TABLE . " WHERE user_id = {$user->data['user_id']}");
 				$db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_lastmark = ' . time() . " WHERE user_id = {$user->data['user_id']}");
 			}
-			else
+			else if ($config['load_anon_lastread'] || $user->data['is_registered'])
 			{
 				$tracking_topics = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : '';
 				$tracking_topics = ($tracking_topics) ? unserialize($tracking_topics) : array();
@@ -506,13 +576,13 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $
 		{
 			$sql = 'DELETE FROM ' . TOPICS_TRACK_TABLE . " 
 				WHERE user_id = {$user->data['user_id']}
-					AND forum_id IN (" . implode(', ', $forum_id) . ")";
+					AND " . $db->sql_in_set('forum_id', $forum_id);
 			$db->sql_query($sql);
 
 			$sql = 'SELECT forum_id
 				FROM ' . FORUMS_TRACK_TABLE . "
 				WHERE user_id = {$user->data['user_id']}
-					AND forum_id IN (" . implode(', ', $forum_id) . ')';
+					AND " . $db->sql_in_set('forum_id', $forum_id);
 			$result = $db->sql_query($sql);
 
 			$sql_update = array();
@@ -527,7 +597,7 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $
 				$sql = 'UPDATE ' . FORUMS_TRACK_TABLE . '
 					SET mark_time = ' . time() . "
 					WHERE user_id = {$user->data['user_id']}
-						AND forum_id IN (" . implode(', ', $sql_update) . ')';
+						AND " . $db->sql_in_set('forum_id', $sql_update);
 				$db->sql_query($sql);
 			}
 
@@ -563,7 +633,7 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $
 				}
 			}
 		}
-		else
+		else if ($config['load_anon_lastread'] || $user->data['is_registered'])
 		{
 			$tracking = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : '';
 			$tracking = ($tracking) ? unserialize($tracking) : array();
@@ -628,7 +698,7 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $
 				$db->sql_return_on_error(false);
 			}
 		}
-		else
+		else if ($config['load_anon_lastread'] || $user->data['is_registered'])
 		{
 			$tracking = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : '';
 			$tracking = ($tracking) ? unserialize($tracking) : array();
@@ -675,7 +745,8 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $
 
 				if ($user->data['is_registered'])
 				{
-					$db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_lastmark = ' . intval(base_convert(max($time_keys) + $config['board_startdate'], 36, 10)) . " WHERE user_id = {$user->data['user_id']}");
+					$user->data['user_lastmark'] = intval(base_convert(max($time_keys) + $config['board_startdate'], 36, 10));
+					$db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_lastmark = ' . $user->data['user_lastmark'] . " WHERE user_id = {$user->data['user_id']}");
 				}
 				else
 				{
@@ -817,7 +888,7 @@ function get_complete_topic_tracking($forum_id, $topic_ids, $global_announce_lis
 		$sql = 'SELECT topic_id, mark_time
 			FROM ' . TOPICS_TRACK_TABLE . "
 			WHERE user_id = {$user->data['user_id']}
-				AND topic_id IN (" . implode(', ', $topic_ids) . ")";
+				AND " . $db->sql_in_set('topic_id', $topic_ids);
 		$result = $db->sql_query($sql);
 
 		while ($row = $db->sql_fetchrow($result))
@@ -859,7 +930,7 @@ function get_complete_topic_tracking($forum_id, $topic_ids, $global_announce_lis
 			}
 		}
 	}
-	else
+	else if ($config['load_anon_lastread'] || $user->data['is_registered'])
 	{
 		global $tracking_topics;
 
@@ -925,6 +996,111 @@ function get_complete_topic_tracking($forum_id, $topic_ids, $global_announce_lis
 	return $last_read;
 }
 
+/**
+* Check for read forums and update topic tracking info accordingly
+*
+* @param int $forum_id the forum id to check
+* @param int $forum_last_post_time the forums last post time
+* @param int $f_mark_time the forums last mark time if user is registered and load_db_lastread enabled
+* @param int $mark_time_forum false if the mark time needs to be obtained, else the last users forum mark time
+*
+*/
+function update_forum_tracking_info($forum_id, $forum_last_post_time, $f_mark_time = false, $mark_time_forum = false)
+{
+	global $db, $tracking_topics, $user, $config;
+
+	// Determine the users last forum mark time if not given.
+	if ($mark_time_forum === false)
+	{
+		if ($config['load_db_lastread'] && $user->data['is_registered'])
+		{
+			$mark_time_forum = (!empty($f_mark_time)) ? $f_mark_time : $user->data['user_lastmark'];
+		}
+		else if ($config['load_anon_lastread'] || $user->data['is_registered'])
+		{
+			if (!isset($tracking_topics) || !sizeof($tracking_topics))
+			{
+				$tracking_topics = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : '';
+				$tracking_topics = ($tracking_topics) ? unserialize($tracking_topics) : array();
+			}
+
+			if (!$user->data['is_registered'])
+			{
+				$user->data['user_lastmark'] = (isset($tracking_topics['l'])) ? (int) (base_convert($tracking_topics['l'], 36, 10) + $config['board_startdate']) : 0;
+			}
+
+			$mark_time_forum = (isset($tracking_topics['f'][$forum_id])) ? (int) (base_convert($tracking_topics['f'][$forum_id], 36, 10) + $config['board_startdate']) : $user->data['user_lastmark'];
+		}
+	}
+
+	// Check the forum for any left unread topics.
+	// If there are none, we mark the forum as read.
+	if ($config['load_db_lastread'] && $user->data['is_registered'])
+	{
+		if ($mark_time_forum >= $forum_last_post_time)
+		{
+			// We do not need to mark read, this happened before. Therefore setting this to true
+			$row = true;
+		}
+		else
+		{
+			$sql = 'SELECT t.forum_id FROM ' . TOPICS_TABLE . ' t
+				LEFT JOIN ' . TOPICS_TRACK_TABLE . ' tt ON (tt.topic_id = t.topic_id AND tt.user_id = ' . $user->data['user_id'] . ')
+				WHERE t.forum_id = ' . $forum_id . '
+					AND t.topic_last_post_time > ' . $mark_time_forum . '
+					AND t.topic_moved_id = 0
+					AND tt.topic_id IS NULL
+				GROUP BY t.forum_id';
+			$result = $db->sql_query_limit($sql, 1);
+			$row = $db->sql_fetchrow($result);
+			$db->sql_freeresult($result);
+		}
+	}
+	else if ($config['load_anon_lastread'] || $user->data['is_registered'])
+	{
+		// Get information from cookie
+		$row = false;
+
+		if (!isset($tracking_topics['tf'][$forum_id]))
+		{
+			// We do not need to mark read, this happened before. Therefore setting this to true
+			$row = true;
+		}
+		else
+		{
+			$sql = 'SELECT topic_id
+				FROM ' . TOPICS_TABLE . '
+				WHERE forum_id = ' . $forum_id . '
+					AND topic_last_post_time > ' . $mark_time_forum . '
+					AND topic_moved_id = 0';
+			$result = $db->sql_query($sql);
+
+			$check_forum = $tracking_topics['tf'][$forum_id];
+			$unread = false;
+			while ($row = $db->sql_fetchrow($result))
+			{
+				if (!in_array(base_convert($row['topic_id'], 10, 36), array_keys($check_forum)))
+				{
+					$unread = true;
+					break;
+				}
+			}
+			$db->sql_freeresult($result);
+
+			$row = $unread;
+		}
+	}
+	else
+	{
+		$row = true;
+	}
+
+	if (!$row)
+	{
+		markread('topics', $forum_id);
+	}
+}
+
 // Pagination functions
 
 /**
@@ -1095,8 +1271,6 @@ function generate_board_url($without_script_path = false)
 	$server_name = (!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME');
 	$server_port = (!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT');
 
-	$url = (($config['cookie_secure']) ? 'https://' : 'http://') . $server_name;
-
 	// Forcing server vars is the only way to specify/override the protocol
 	if ($config['force_server_vars'] || !$server_name)
 	{
@@ -1106,6 +1280,12 @@ function generate_board_url($without_script_path = false)
 
 		$url = $server_protocol . $server_name;
 	}
+	else
+	{
+		// Do not rely on cookie_secure, users seem to think that it means a secured cookie instead of an encrypted connection
+		$cookie_secure = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 1 : 0;
+		$url = (($cookie_secure) ? 'https://' : 'http://') . $server_name;
+	}
 
 	if ($server_port && (($config['cookie_secure'] && $server_port <> 443) || (!$config['cookie_secure'] && $server_port <> 80)))
 	{
@@ -1128,15 +1308,12 @@ function redirect($url)
 {
 	global $db, $cache, $config, $user;
 
-	if (isset($db))
+	if (empty($user->lang))
 	{
-		$db->sql_close();
+		$user->add_lang('common');
 	}
 
-	if (isset($cache))
-	{
-		$cache->unload();
-	}
+	garbage_collection();
 
 	// Make sure no &amp;'s are in, this will break the redirect
 	$url = str_replace('&amp;', '&', $url);
@@ -1184,8 +1361,8 @@ function redirect($url)
 		else
 		{
 			// Get the realpath of dirname
-			$root_dirs = explode('/', str_replace('\\', '/', realpath('./')));
-			$page_dirs = explode('/', str_replace('\\', '/', realpath($pathinfo['dirname'])));
+			$root_dirs = explode('/', str_replace('\\', '/', phpbb_realpath('./')));
+			$page_dirs = explode('/', str_replace('\\', '/', phpbb_realpath($pathinfo['dirname'])));
 			$intersection = array_intersect_assoc($root_dirs, $page_dirs);
 
 			$root_dirs = array_diff_assoc($root_dirs, $intersection);
@@ -1445,13 +1622,17 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
 	if ($admin && !$auth->acl_get('a_'))
 	{
 		// Not authd
-		add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
+		// anonymous/inactive users are never able to go to the ACP even if they have the relevant permissions
+		if ($user->data['is_registered'])
+		{
+			add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
+		}
 		trigger_error('NO_AUTH_ADMIN');
 	}
 
 	if (isset($_POST['login']))
 	{
-		$username	= request_var('username', '', true);
+		$username	= request_var('username', '');
 		$password	= request_var('password', '');
 		$autologin	= (!empty($_POST['autologin'])) ? true : false;
 		$viewonline = (!empty($_POST['viewonline'])) ? 0 : 1;
@@ -1478,7 +1659,12 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
 			}
 			else
 			{
-				add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
+				// Only log the failed attempt if a real user tried to.
+				// anonymous/inactive users are never able to go to the ACP even if they have the relevant permissions
+				if ($user->data['is_registered'])
+				{
+					add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
+				}
 			}
 		}
 
@@ -1496,12 +1682,6 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
 			trigger_error($message . '<br /><br />' . sprintf($l_redirect, '<a href="' . $redirect . '">', '</a>'));
 		}
 
-		// The user wanted to re-authenticate, but something failed - log this
-		if ($admin)
-		{
-			add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
-		}
-
 		// Something failed, determine what...
 		if ($result['status'] == LOGIN_BREAK)
 		{
@@ -1625,13 +1805,13 @@ function login_forum_box($forum_data)
 			$sql_in = array();
 			do
 			{
-				$sql_in[] = "'" . $db->sql_escape($row['session_id']) . "'";
+				$sql_in[] = (string) $row['session_id'];
 			}
 			while ($row = $db->sql_fetchrow($result));
 
 			// Remove expired sessions
 			$sql = 'DELETE FROM ' . FORUMS_ACCESS_TABLE . '
-				WHERE session_id NOT IN (' . implode(', ', $sql_in) . ')';
+				WHERE ' . $db->sql_in_set('session_id', $sql_in, true);
 			$db->sql_query($sql);
 		}
 		$db->sql_freeresult($result);
@@ -1737,7 +1917,7 @@ function decode_message(&$message, $bbcode_uid = '')
 * For display of custom parsed text on user-facing pages
 * Expects $text to be the value directly from the database (stored value)
 */
-function generate_text_for_display($text, $uid, $bitfield)
+function generate_text_for_display($text, $uid, $bitfield, $flags)
 {
 	global $__bbcode;
 
@@ -1746,13 +1926,6 @@ function generate_text_for_display($text, $uid, $bitfield)
 		return '';
 	}
 
-	// Get flags... they are always allow_bbcode, allow_smilies and allow_urls
-	$flags = $bitfield;
-	if ($flags >> 3)
-	{
-		$flags = bindec(substr(decbin($flags), strlen(decbin($flags >> 3))));
-	}
-
 	// Parse bbcode if bbcode uid stored and bbcode enabled
 	if ($uid && ($flags & 1))
 	{
@@ -1764,11 +1937,11 @@ function generate_text_for_display($text, $uid, $bitfield)
 
 		if (empty($__bbcode))
 		{
-			$__bbcode = new bbcode($bitfield >> 3);
+			$__bbcode = new bbcode($bitfield);
 		}
 		else
 		{
-			$__bbcode->bbcode($bitfield >> 3);
+			$__bbcode->bbcode($bitfield);
 		}
 		
 		$__bbcode->bbcode_second_pass($text, $uid);
@@ -1785,12 +1958,12 @@ function generate_text_for_display($text, $uid, $bitfield)
 * This function additionally returns the uid and bitfield that needs to be stored.
 * Expects $text to be the value directly from request_var() and in it's non-parsed form
 */
-function generate_text_for_storage(&$text, &$uid, &$bitfield, $allow_bbcode = false, $allow_urls = false, $allow_smilies = false)
+function generate_text_for_storage(&$text, &$uid, &$bitfield, &$flags, $allow_bbcode = false, $allow_urls = false, $allow_smilies = false)
 {
 	global $phpbb_root_path, $phpEx;
 
 	$uid = '';
-	$bitfield = 0;
+	$bitfield = '';
 
 	if (!$text)
 	{
@@ -1815,7 +1988,7 @@ function generate_text_for_storage(&$text, &$uid, &$bitfield, $allow_bbcode = fa
 	}
 
 	$flags = (($allow_bbcode) ? 1 : 0) + (($allow_smilies) ? 2 : 0) + (($allow_urls) ? 4 : 0);
-	$bitfield = $flags + ($message_parser->bbcode_bitfield << 3);
+	$bitfield = $message_parser->bbcode_bitfield;
 
 	return;
 }
@@ -1824,17 +1997,10 @@ function generate_text_for_storage(&$text, &$uid, &$bitfield, $allow_bbcode = fa
 * For decoding custom parsed text for edits as well as extracting the flags
 * Expects $text to be the value directly from the database (pre-parsed content)
 */
-function generate_text_for_edit($text, $uid, $bitfield)
+function generate_text_for_edit($text, $uid, $flags)
 {
 	global $phpbb_root_path, $phpEx;
 
-	// Get forum flags...
-	$flags = $bitfield;
-	if ($flags >> 3)
-	{
-		$flags = bindec(substr(decbin($flags), strlen(decbin($flags >> 3))));
-	}
-
 	decode_message($text, $uid);
 
 	return array(
@@ -1880,7 +2046,7 @@ function make_clickable($text, $server_url = false)
 		$magic_url_replace[] = "'\$1<!-- w --><a href=\"http://\$2\" target=\"_blank\">' . ((strlen('\$2') > 55) ? substr(str_replace('&amp;', '&', '\$2'), 0, 39) . ' ... ' . substr(str_replace('&amp;', '&', '\$2'), -10) : '\$2') . '</a><!-- w -->'";
 
 		// matches an email@domain type address at the start of a line, or after a space or after what might be a BBCode.
-		$magic_url_match[] = '#(^|[\n ]|\()([a-z0-9&\-_.]+?@[\w\-]+\.(?:[\w\-\.]+\.)?[\w]+)#ie';
+		$magic_url_match[] = '/(^|[\n ]|\()(' . get_preg_expression('email') . ')/ie';
 		$magic_url_replace[] = "'\$1<!-- e --><a href=\"mailto:\$2\">' . ((strlen('\$2') > 55) ? substr('\$2', 0, 39) . ' ... ' . substr('\$2', -10) : '\$2') . '</a><!-- e -->'";
 	}
 
@@ -1999,26 +2165,41 @@ function extension_allowed($forum_id, $extension, &$extensions)
 
 // Little helpers
 
+/**
+* Little helper for the build_hidden_fields function
+*/
+function _build_hidden_fields($key, $value, $specialchar)
+{
+	$hidden_fields = '';
+
+	if (!is_array($value))
+	{
+		$key = ($specialchar) ? htmlspecialchars($key) : $key;
+		$value = ($specialchar) ? htmlspecialchars($value) : $value;
+
+		$hidden_fields .= '<input type="hidden" name="' . $key . '" value="' . $value . '" />' . "\n";
+	}
+	else
+	{
+		foreach ($value as $_key => $_value)
+		{
+			$hidden_fields .= _build_hidden_fields($key . '[' . $_key . ']', $_value, $specialchar);
+		}
+	}
+
+	return $hidden_fields;
+}
+
 /**
 * Build simple hidden fields from array
 */
-function build_hidden_fields($field_ary)
+function build_hidden_fields($field_ary, $specialchar = false)
 {
 	$s_hidden_fields = '';
 
 	foreach ($field_ary as $name => $vars)
 	{
-		if (is_array($vars))
-		{
-			foreach ($vars as $key => $value)
-			{
-				$s_hidden_fields .= '<input type="hidden" name="' . $name . '[' . $key . ']" value="' . $value . '" />';
-			}
-		}
-		else
-		{
-			$s_hidden_fields .= '<input type="hidden" name="' . $name . '" value="' . $vars . '" />';
-		}
+		$s_hidden_fields .= _build_hidden_fields($name, $vars, $specialchar);
 	}
 
 	return $s_hidden_fields;
@@ -2139,7 +2320,7 @@ function get_backtrace()
 
 	$output = '<div style="font-family: monospace;">';
 	$backtrace = debug_backtrace();
-	$path = realpath($phpbb_root_path);
+	$path = phpbb_realpath($phpbb_root_path);
 
 	foreach ($backtrace as $number => $trace)
 	{
@@ -2184,6 +2365,58 @@ function get_backtrace()
 	return $output;
 }
 
+/**
+* This function returns a regular expression pattern for commonly used expressions
+* Use with / as delimiter
+* mode can be: email|
+*/
+function get_preg_expression($mode)
+{
+	switch ($mode)
+	{
+		case 'email':
+			return '[a-z0-9&\'\.\-_\+]+@[a-z0-9\-]+\.([a-z0-9\-]+\.)*?[a-z]+';
+		break;
+	}
+
+	return '';
+}
+
+/**
+* Truncates string while retaining special characters if going over the max length
+* The default max length is 60 at the moment
+*/
+function truncate_string($string, $max_length = 60)
+{
+	$chars = array();
+
+	// split the multibyte characters first
+	$string_ary = preg_split('#(&\#[0-9]+;)#', $string, -1, PREG_SPLIT_DELIM_CAPTURE);
+
+	// Now go through the array and split the other characters
+	foreach ($string_ary as $key => $value)
+	{
+		if (strpos($value, '&#') === 0)
+		{
+			$chars[] = $value;
+			continue;
+		}
+
+		// decode html entities and put them back later
+		$_chars = str_split(html_entity_decode($value));
+		$chars = array_merge($chars, array_map('htmlspecialchars', $_chars));
+	}
+
+	// Now check the length ;)
+	if (sizeof($chars) <= $max_length)
+	{
+		return $string;
+	}
+
+	// Cut off the last elements from the array
+	return implode('', array_slice($chars, 0, $max_length));
+}
+
 // Handler, header and footer
 
 /**
@@ -2221,8 +2454,8 @@ function msg_handler($errno, $msg_text, $errfile, $errline)
 				if (strpos($errfile, 'cache') === false && strpos($errfile, 'template.') === false)
 				{
 					// remove complete path to installation, with the risk of changing backslashes meant to be there
-					$errfile = str_replace(array(realpath($phpbb_root_path), '\\'), array('', '/'), $errfile);
-					$msg_text = str_replace(array(realpath($phpbb_root_path), '\\'), array('', '/'), $msg_text);
+					$errfile = str_replace(array(phpbb_realpath($phpbb_root_path), '\\'), array('', '/'), $errfile);
+					$msg_text = str_replace(array(phpbb_realpath($phpbb_root_path), '\\'), array('', '/'), $msg_text);
 
 					echo '<b>[phpBB Debug] PHP Notice</b>: in file <b>' . $errfile . '</b> on line <b>' . $errline . '</b>: <b>' . $msg_text . '</b><br />' . "\n";
 				}
@@ -2232,16 +2465,8 @@ function msg_handler($errno, $msg_text, $errfile, $errline)
 
 		case E_USER_ERROR:
 
-			if (isset($db))
-			{
-				$db->sql_close();
-			}
+			garbage_collection();
 
-			if (isset($cache))
-			{
-				$cache->unload();
-			}
-			
 			echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">';
 			echo '<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr">';
 			echo '<head>';
@@ -2390,7 +2615,15 @@ function page_header($page_title = '', $display_online_list = true)
 		if (!empty($_REQUEST['f']))
 		{
 			$f = request_var('f', 0);
-			$reading_sql = " AND s.session_page LIKE '%f=$f%'";
+
+			// Do not change this (it is defined as _f_={forum_id}x within session.php)
+			$reading_sql = " AND s.session_page LIKE '%\_f\_={$f}x%'";
+
+			// Specify escape character for MSSQL
+			if (SQL_LAYER == 'mssql' || SQL_LAYER == 'mssql_odbc')
+			{
+				$reading_sql .= " ESCAPE '\\'";
+			}
 		}
 
 		// Get number of online guests
@@ -2463,7 +2696,7 @@ function page_header($page_title = '', $display_online_list = true)
 
 		if (!$online_userlist)
 		{
-			$online_userlist = $user->lang['NONE'];
+			$online_userlist = $user->lang['NO_ONLINE_USERS'];
 		}
 
 		if (empty($_REQUEST['f']))
@@ -2616,7 +2849,9 @@ function page_header($page_title = '', $display_online_list = true)
 		'U_RESTORE_PERMISSIONS'	=> ($user->data['user_perm_from'] && $auth->acl_get('a_switchperm')) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=restore_perm') : '',
 
 		'S_USER_LOGGED_IN'		=> ($user->data['user_id'] != ANONYMOUS) ? true : false,
+		'S_BOARD_DISABLED'		=> ($config['board_disable'] && !defined('IN_LOGIN') && $auth->acl_gets('a_', 'm_')) ? true : false,
 		'S_REGISTERED_USER'		=> $user->data['is_registered'],
+		'S_IS_BOT'				=> $user->data['is_bot'],
 		'S_USER_PM_POPUP'		=> $user->optionget('popuppm'),
 		'S_USER_LANG'			=> $user->data['user_lang'],
 		'S_USER_BROWSER'		=> (isset($user->data['session_browser'])) ? $user->data['session_browser'] : $user->lang['UNKNOWN_BROWSER'],
@@ -2653,7 +2888,7 @@ function page_header($page_title = '', $display_online_list = true)
 	{
 		header('Content-type: text/html; charset=' . $user->lang['ENCODING']);
 	}
-	header('Cache-Control: private, no-cache="set-cookie", pre-check=0, post-check=0');
+	header('Cache-Control: private, no-cache="set-cookie"');
 	header('Expires: 0');
 	header('Pragma: no-cache');
 
@@ -2726,7 +2961,6 @@ function page_footer()
 		else if (time() - $config['database_gc'] > $config['database_last_gc'])
 		{
 			// Tidy the database
-			// This includes recalculation binary trees, ...
 			$cron_type = 'tidy_database';
 		}
 		else if (time() - $config['search_gc'] > $config['search_last_gc'])
@@ -2770,4 +3004,101 @@ function garbage_collection()
 	$db->sql_close();
 }
 
+/**
+*/
+class bitfield
+{
+	var $data;
+
+	function bitfield($bitfield = '')
+	{
+		$this->data = base64_decode($bitfield);
+	}
+
+	/**
+	*/
+	function get($n)
+	{
+		// Get the ($n / 8)th char
+		$byte = $n >> 3;
+
+		if (!isset($this->data[$byte]))
+		{
+			// Of course, if it doesn't exist then the result if FALSE
+			return false;
+		}
+
+		$c = $this->data[$byte];
+
+		// Lookup the ($n % 8)th bit of the byte
+		$bit = 7 - ($n & 7);
+		return (bool) (ord($c) & (1 << $bit));
+	}
+
+	function set($n)
+	{
+		$byte = $n >> 3;
+		$bit = 7 - ($n & 7);
+
+		if (isset($this->data[$byte]))
+		{
+			$this->data[$byte] = $this->data[$byte] | chr(1 << $bit);
+		}
+		else
+		{
+			if ($byte - strlen($this->data) > 0)
+			{
+				$this->data .= str_repeat("\0", $byte - strlen($this->data));
+			}
+			$this->data .= chr(1 << $bit);
+		}
+	}
+
+	function clear($n)
+	{
+		$byte = $n >> 3;
+
+		if (!isset($this->data[$byte]))
+		{
+			return;
+		}
+
+		$bit = 7 - ($n & 7);
+		$this->data[$byte] = $this->data[$byte] &~ chr(1 << $bit);
+	}
+
+	function get_blob()
+	{
+		return $this->data;
+	}
+
+	function get_base64()
+	{
+		return base64_encode($this->data);
+	}
+
+	function get_bin()
+	{
+		$bin = '';
+		$len = strlen($this->data);
+
+		for ($i = 0; $i < $len; ++$i)
+		{
+			$bin .= str_pad(decbin(ord($this->data[$i])), 8, '0', STR_PAD_LEFT);
+		}
+
+		return $bin;
+	}
+
+	function get_all_set()
+	{
+		return array_keys(array_filter(str_split($this->get_bin())));
+	}
+
+	function merge($bitfield)
+	{
+		$this->data = $this->data | $bitfield->get_blob();
+	}
+}
+
 ?>

phpBB/includes/functions_admin.php

@@ -10,16 +10,10 @@
 
 /**
 * Recalculate Binary Tree
-*/
 function recalc_btree($sql_id, $sql_table, $module_class = '')
 {
 	global $db;
 
-	/* Init table, id's, etc...
-	$sql_id = 'module_id'; // 'forum_id'
-	$sql_table = MODULES_TABLE; // FORUMS_TABLE
-	*/
-
 	if (!$sql_id || !$sql_table)
 	{
 		return;
@@ -103,15 +97,16 @@ function recalc_btree($sql_id, $sql_table, $module_class = '')
 	}
 	$db->sql_freeresult($f_result);
 }
+*/
 
 /**
 * Simple version of jumpbox, just lists authed forums
 */
-function make_forum_select($select_id = false, $ignore_id = false, $ignore_acl = false, $ignore_nonpost = false, $ignore_emptycat = true, $return_array = false)
+function make_forum_select($select_id = false, $ignore_id = false, $ignore_acl = false, $ignore_nonpost = false, $ignore_emptycat = true, $only_acl_post = false, $return_array = false)
 {
 	global $db, $user, $auth;
 
-	$acl = ($ignore_acl) ? '' : array('f_list', 'a_forum', 'a_forumadd', 'a_forumdel');
+	$acl = ($ignore_acl) ? '' : (($only_acl_post) ? 'f_post' : array('f_list', 'a_forum', 'a_forumadd', 'a_forumdel'));
 
 	// This query is identical to the jumpbox one
 	$sql = 'SELECT forum_id, parent_id, forum_name, forum_type, forum_status, left_id, right_id
@@ -211,8 +206,8 @@ function group_select_options($group_id, $exclude_ids = false)
 {
 	global $db, $user, $config;
 
-	$exclude_sql = ($exclude_ids !== false && sizeof($exclude_ids)) ? 'WHERE group_id NOT IN (' . implode(', ', array_map('intval', $exclude_ids)) . ')' : '';
-	$sql_and = ($config['coppa_hide_groups']) ? (($exclude_sql) ? ' AND ' : ' WHERE ') . "group_name NOT IN ('INACTIVE_COPPA', 'REGISTERED_COPPA')" : '';
+	$exclude_sql = ($exclude_ids !== false && sizeof($exclude_ids)) ? 'WHERE ' . $db->sql_in_set('group_id', array_map('intval', $exclude_ids), true) : '';
+	$sql_and = (!$config['coppa_enable']) ? (($exclude_sql) ? ' AND ' : ' WHERE ') . "group_name NOT IN ('INACTIVE_COPPA', 'REGISTERED_COPPA')" : '';
 
 	$sql = 'SELECT group_id, group_name, group_type 
 		FROM ' . GROUPS_TABLE . "
@@ -245,7 +240,7 @@ function get_forum_list($acl_list = 'f_list', $id_only = true, $postable_only =
 		// This query is identical to the jumpbox one
 		$expire_time = ($no_cache) ? 0 : 120;
 
-		$sql = 'SELECT forum_id, parent_id, forum_name, forum_type, left_id, right_id
+		$sql = 'SELECT forum_id, forum_name, parent_id, forum_type, left_id, right_id
 			FROM ' . FORUMS_TABLE . '
 			ORDER BY left_id ASC';
 		$result = $db->sql_query($sql, $expire_time);
@@ -361,7 +356,7 @@ function filelist($rootdir, $dir = '', $type = 'gif|jpg|jpeg|png')
 	return $matches;
 }
 
-/*
+/**
 * Move topic(s)
 */
 function move_topics($topic_ids, $forum_id, $auto_sync = true)
@@ -381,7 +376,7 @@ function move_topics($topic_ids, $forum_id, $auto_sync = true)
 	}
 
 	$sql = 'DELETE FROM ' . TOPICS_TABLE . '
-		WHERE topic_moved_id IN (' . implode(', ', $topic_ids) . ')
+		WHERE ' . $db->sql_in_set('topic_moved_id', $topic_ids) . '
 			AND forum_id = ' . $forum_id;
 	$db->sql_query($sql);
 
@@ -389,7 +384,7 @@ function move_topics($topic_ids, $forum_id, $auto_sync = true)
 	{
 		$sql = 'SELECT DISTINCT forum_id
 			FROM ' . TOPICS_TABLE . '
-			WHERE topic_id ' . $sql_where;
+			WHERE ' . $db->sql_in_set('topic_id', $topic_ids);
 		$result = $db->sql_query($sql);
 
 		while ($row = $db->sql_fetchrow($result))
@@ -404,7 +399,7 @@ function move_topics($topic_ids, $forum_id, $auto_sync = true)
 	{
 		$sql = "UPDATE $table
 			SET forum_id = $forum_id
-			WHERE topic_id IN (" . implode(', ', $topic_ids) . ')';
+			WHERE " . $db->sql_in_set('topic_id', $topic_ids);
 		$db->sql_query($sql);
 	}
 	unset($table_ary);
@@ -433,7 +428,7 @@ function move_posts($post_ids, $topic_id, $auto_sync = true)
 
 	$sql = 'SELECT DISTINCT topic_id, forum_id
 		FROM ' . POSTS_TABLE . '
-		WHERE post_id IN (' . implode(', ', $post_ids) . ')';
+		WHERE ' . $db->sql_in_set('post_id', $post_ids);
 	$result = $db->sql_query($sql);
 
 	while ($row = $db->sql_fetchrow($result))
@@ -457,12 +452,12 @@ function move_posts($post_ids, $topic_id, $auto_sync = true)
 
 	$sql = 'UPDATE ' . POSTS_TABLE . '
 		SET forum_id = ' . $forum_row['forum_id'] . ", topic_id = $topic_id
-		WHERE post_id IN (" . implode(', ', $post_ids) . ')';
+		WHERE " . $db->sql_in_set('post_id', $post_ids);
 	$db->sql_query($sql);
 
 	$sql = 'UPDATE ' . ATTACHMENTS_TABLE . "
 		SET topic_id = $topic_id, in_message = 0
-		WHERE post_msg_id IN (" . implode(', ', $post_ids) . ')';
+		WHERE " . $db->sql_in_set('post_msg_id', $post_ids);
 	$db->sql_query($sql);
 
 	if ($auto_sync)
@@ -470,6 +465,7 @@ function move_posts($post_ids, $topic_id, $auto_sync = true)
 		$forum_ids[] = $forum_row['forum_id'];
 
 		sync('topic_reported', 'topic_id', $topic_ids);
+		sync('topic_attachment', 'topic_id', $topic_ids);
 		sync('topic', 'topic_id', $topic_ids, true);
 		sync('forum', 'forum_id', $forum_ids, true);
 	}
@@ -483,7 +479,7 @@ function move_posts($post_ids, $topic_id, $auto_sync = true)
 */
 function delete_topics($where_type, $where_ids, $auto_sync = true)
 {
-	global $db;
+	global $db, $config;
 
 	$forum_ids = $topic_ids = array();
 
@@ -491,6 +487,10 @@ function delete_topics($where_type, $where_ids, $auto_sync = true)
 	{
 		$where_ids = array_unique($where_ids);
 	}
+	else
+	{
+		$where_ids = array($where_ids);
+	}
 
 	if (!sizeof($where_ids))
 	{
@@ -498,12 +498,12 @@ function delete_topics($where_type, $where_ids, $auto_sync = true)
 	}
 
 	$return = array(
-		'posts'	=>	delete_posts($where_type, $where_ids, false, false)
+		'posts'	=>	delete_posts($where_type, $where_ids, false, true)
 	);
 
 	$sql = 'SELECT topic_id, forum_id
-		FROM ' . TOPICS_TABLE . "
-		WHERE $where_type " . ((!is_array($where_ids)) ? "= $where_ids" : 'IN (' . implode(', ', $where_ids) . ')');
+		FROM ' . TOPICS_TABLE . '
+		WHERE ' . $db->sql_in_set($where_type, $where_ids);
 	$result = $db->sql_query($sql);
 
 	while ($row = $db->sql_fetchrow($result))
@@ -520,8 +520,6 @@ function delete_topics($where_type, $where_ids, $auto_sync = true)
 		return $return;
 	}
 
-	$sql_where = ' IN (' . implode(', ', $topic_ids) . ')';
-
 	$db->sql_transaction('begin');
 
 	$table_ary = array(TOPICS_TRACK_TABLE, TOPICS_POSTED_TABLE, POLL_VOTES_TABLE, POLL_OPTIONS_TABLE, TOPICS_WATCH_TABLE, TOPICS_TABLE);
@@ -529,13 +527,13 @@ function delete_topics($where_type, $where_ids, $auto_sync = true)
 	foreach ($table_ary as $table)
 	{
 		$sql = "DELETE FROM $table 
-			WHERE topic_id $sql_where";
+			WHERE " . $db->sql_in_set('topic_id', $topic_ids);
 		$db->sql_query($sql);
 	}
 	unset($table_ary);
 
 	$sql = 'DELETE FROM ' . TOPICS_TABLE . ' 
-		WHERE topic_moved_id' . $sql_where;
+		WHERE ' . $db->sql_in_set('topic_moved_id', $topic_ids);
 	$db->sql_query($sql);
 
 	$db->sql_transaction('commit');
@@ -546,6 +544,8 @@ function delete_topics($where_type, $where_ids, $auto_sync = true)
 		sync('topic_reported', $where_type, $where_ids);
 	}
 
+	set_config('num_topics', $config['num_topics'] - sizeof($return['topics']), true);
+
 	return $return;
 }
 
@@ -560,17 +560,21 @@ function delete_posts($where_type, $where_ids, $auto_sync = true, $posted_sync =
 	{
 		$where_ids = array_unique($where_ids);
 	}
+	else
+	{
+		$where_ids = array($where_ids);
+	}
 
-	if (empty($where_ids))
+	if (!sizeof($where_ids))
 	{
 		return false;
 	}
 
-	$post_ids = $topic_ids = $forum_ids = array();
+	$post_ids = $topic_ids = $forum_ids = $post_counts = array();
 
-	$sql = 'SELECT post_id, poster_id, topic_id, forum_id
-		FROM ' . POSTS_TABLE . "
-		WHERE $where_type " . ((!is_array($where_ids)) ? '= ' . (int) $where_ids : 'IN (' . implode(', ', array_map('intval', $where_ids)) . ')');
+	$sql = 'SELECT post_id, poster_id, post_postcount, topic_id, forum_id
+		FROM ' . POSTS_TABLE . '
+		WHERE ' . $db->sql_in_set($where_type, array_map('intval', $where_ids));
 	$result = $db->sql_query($sql);
 
 	while ($row = $db->sql_fetchrow($result))
@@ -579,6 +583,11 @@ function delete_posts($where_type, $where_ids, $auto_sync = true, $posted_sync =
 		$poster_ids[] = $row['poster_id'];
 		$topic_ids[] = $row['topic_id'];
 		$forum_ids[] = $row['forum_id'];
+
+		if ($row['post_postcount'])
+		{
+			$post_counts[$row['poster_id']] = (!empty($post_counts[$row['poster_id']])) ? $post_counts[$row['poster_id']] + 1 : 1;
+		}
 	}
 	$db->sql_freeresult($result);
 
@@ -587,8 +596,6 @@ function delete_posts($where_type, $where_ids, $auto_sync = true, $posted_sync =
 		return false;
 	}
 
-	$sql_where = implode(', ', $post_ids);
-
 	$db->sql_transaction('begin');
 
 	$table_ary = array(POSTS_TABLE, REPORTS_TABLE);
@@ -596,11 +603,23 @@ function delete_posts($where_type, $where_ids, $auto_sync = true, $posted_sync =
 	foreach ($table_ary as $table)
 	{
 		$sql = "DELETE FROM $table 
-			WHERE post_id IN ($sql_where)";
+			WHERE " . $db->sql_in_set('post_id', $post_ids);
 		$db->sql_query($sql);
 	}
 	unset($table_ary);
 
+	// Adjust users post counts
+	if (sizeof($post_counts))
+	{
+		foreach ($post_counts as $poster_id => $substract)
+		{
+			$sql = 'UPDATE ' . USERS_TABLE . '
+				SET user_posts = user_posts - ' . $substract . '
+				WHERE user_id = ' . $poster_id;
+			$db->sql_query($sql);
+		}
+	}
+
 	// Remove the message from the search index
 	$search_type = basename($config['search_type']);
 
@@ -619,7 +638,7 @@ function delete_posts($where_type, $where_ids, $auto_sync = true, $posted_sync =
 		trigger_error($error);
 	}
 
-	$search->index_remove($post_ids, $poster_ids);
+	$search->index_remove($post_ids, $poster_ids, $forum_ids);
 
 	delete_attachments('post', $post_ids, false);
 
@@ -638,6 +657,8 @@ function delete_posts($where_type, $where_ids, $auto_sync = true, $posted_sync =
 		sync('forum', 'forum_id', $forum_ids, true);
 	}
 
+	set_config('num_posts', $config['num_posts'] - sizeof($post_ids), true);
+
 	return sizeof($post_ids);
 }
 
@@ -676,7 +697,7 @@ function delete_attachments($mode, $ids, $resync = true)
 	{
 		$sql = 'SELECT post_msg_id as post_id, topic_id, physical_filename, thumbnail, filesize
 			FROM ' . ATTACHMENTS_TABLE . '
-			WHERE ' . $sql_id . ' IN (' . implode(', ', $ids) . ')';
+			WHERE ' . $db->sql_in_set($sql_id, $ids);
 		$result = $db->sql_query($sql);
 
 		while ($row = $db->sql_fetchrow($result))
@@ -692,7 +713,7 @@ function delete_attachments($mode, $ids, $resync = true)
 	{
 		$sql = 'SELECT topic_id, physical_filename, thumbnail, filesize
 			FROM ' . ATTACHMENTS_TABLE . '
-			WHERE post_msg_id IN (' . implode(', ', $ids) . ')
+			WHERE ' . $db->sql_in_set('post_msg_id', $ids) . '
 				AND in_message = 0';
 		$result = $db->sql_query($sql);
 
@@ -706,7 +727,7 @@ function delete_attachments($mode, $ids, $resync = true)
 
 	// Delete attachments
 	$sql = 'DELETE FROM ' . ATTACHMENTS_TABLE . '
-		WHERE ' . $sql_id . ' IN (' . implode(', ', $ids) . ')';
+		WHERE ' . $db->sql_in_set($sql_id, $ids);
 	$db->sql_query($sql);
 	$num_deleted = $db->sql_affectedrows();
 
@@ -754,7 +775,7 @@ function delete_attachments($mode, $ids, $resync = true)
 		{
 			$sql = 'UPDATE ' . POSTS_TABLE . ' 
 				SET post_attachment = 0
-				WHERE post_id IN (' . implode(', ', $post_ids) . ')';
+				WHERE ' . $db->sql_in_set('post_id', $post_ids);
 			$db->sql_query($sql);
 		}
 
@@ -764,7 +785,7 @@ function delete_attachments($mode, $ids, $resync = true)
 
 			$sql = 'SELECT post_msg_id
 				FROM ' . ATTACHMENTS_TABLE . ' 
-				WHERE post_msg_id IN (' . implode(', ', $post_ids) . ')
+				WHERE ' . $db->sql_in_set('post_msg_id', $post_ids) . '
 					AND in_message = 0';
 			$result = $db->sql_query($sql);
 
@@ -780,7 +801,7 @@ function delete_attachments($mode, $ids, $resync = true)
 			{
 				$sql = 'UPDATE ' . POSTS_TABLE . ' 
 					SET post_attachment = 0
-					WHERE post_id IN (' . implode(', ', $unset_ids) . ')';
+					WHERE ' . $db->sql_in_set('post_id', $unset_ids);
 				$db->sql_query($sql);
 			}
 
@@ -788,7 +809,7 @@ function delete_attachments($mode, $ids, $resync = true)
 
 			$sql = 'SELECT post_msg_id
 				FROM ' . ATTACHMENTS_TABLE . ' 
-				WHERE post_msg_id IN (' . implode(', ', $post_ids) . ')
+				WHERE ' . $db->sql_in_set('post_msg_id', $post_ids) . '
 					AND in_message = 1';
 			$result = $db->sql_query($sql);
 
@@ -804,7 +825,7 @@ function delete_attachments($mode, $ids, $resync = true)
 			{
 				$sql = 'UPDATE ' . PRIVMSGS_TABLE . ' 
 					SET message_attachment = 0
-					WHERE msg_id IN (' . implode(', ', $unset_ids) . ')';
+					WHERE ' . $db->sql_in_set('msg_id', $unset_ids);
 				$db->sql_query($sql);
 			}
 		}
@@ -817,7 +838,7 @@ function delete_attachments($mode, $ids, $resync = true)
 		{
 			$sql = 'UPDATE ' . TOPICS_TABLE . '
 				SET topic_attachment = 0
-				WHERE topic_id IN (' . implode(', ', $topic_ids) . ')';
+				WHERE ' . $db->sql_in_set('topic_id', $topic_ids);
 			$db->sql_query($sql);
 		}
 
@@ -827,7 +848,7 @@ function delete_attachments($mode, $ids, $resync = true)
 
 			$sql = 'SELECT topic_id
 				FROM ' . ATTACHMENTS_TABLE . ' 
-				WHERE topic_id IN (' . implode(', ', $topic_ids) . ')';
+				WHERE ' . $db->sql_in_set('topic_id', $topic_ids);
 			$result = $db->sql_query($sql);
 
 			while ($row = $db->sql_fetchrow($result))
@@ -842,7 +863,7 @@ function delete_attachments($mode, $ids, $resync = true)
 			{
 				$sql = 'UPDATE ' . TOPICS_TABLE . ' 
 					SET topic_attachment = 0
-					WHERE topic_id IN (' . implode(', ', $unset_ids) . ')';
+					WHERE ' . $db->sql_in_set('topic_id', $unset_ids);
 				$db->sql_query($sql);
 			}
 		}
@@ -856,7 +877,7 @@ function delete_attachments($mode, $ids, $resync = true)
 */
 function delete_topic_shadows($max_age, $forum_id = '', $auto_sync = true)
 {
-	$where = (is_array($forum_id)) ? 'AND t.forum_id IN (' . implode(', ', array_map('intval', $forum_id)) . ')' : (($forum_id) ? 'AND t.forum_id = ' . (int) $forum_id : '');
+	$where = (is_array($forum_id)) ? 'AND ' . $db->sql_in_set('t.forum_id', array_map('intval', $forum_id)) : (($forum_id) ? 'AND t.forum_id = ' . (int) $forum_id : '');
 
 	switch (SQL_LAYER)
 	{
@@ -888,7 +909,7 @@ function delete_topic_shadows($max_age, $forum_id = '', $auto_sync = true)
 			if (sizeof($topic_ids))
 			{
 				$sql = 'DELETE FROM ' . TOPICS_TABLE . '
-					WHERE topic_id IN (' . implode(',', $topic_ids) . ')';
+					WHERE ' . $db->sql_in_set('topic_id', $topic_ids);
 				$db->sql_query($sql);
 			}
 		break;
@@ -915,13 +936,13 @@ function update_posted_info(&$topic_ids)
 
 	// First of all, let us remove any posted information for these topics
 	$sql = 'DELETE FROM ' . TOPICS_POSTED_TABLE . '
-		WHERE topic_id IN (' . implode(', ', $topic_ids) . ')';
+		WHERE ' . $db->sql_in_set('topic_id', $topic_ids);
 	$db->sql_query($sql);
 
 	// Now, let us collect the user/topic combos for rebuilding the information
 	$sql = 'SELECT poster_id, topic_id
 		FROM ' . POSTS_TABLE . '
-		WHERE topic_id IN (' . implode(', ', $topic_ids) . ')
+		WHERE ' . $db->sql_in_set('topic_id', $topic_ids) . '
 			AND poster_id <> ' . ANONYMOUS . '
 		GROUP BY poster_id, topic_id';
 	$result = $db->sql_query($sql);
@@ -1041,7 +1062,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 
 			// Limit the topics/forums we are syncing, use specific topic/forum IDs.
 			// $where_type contains the field for the where clause (forum_id, topic_id)
-			$where_sql = 'WHERE ' . $mode{0} . ".$where_type IN (" . implode(', ', $where_ids) . ')';
+			$where_sql = 'WHERE ' . $db->sql_in_set($mode{0} . '.' . $where_type, $where_ids);
 			$where_sql_and = $where_sql . "\n\tAND";
 		}
 	}
@@ -1053,7 +1074,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 		}
 
 		// $where_type contains the field for the where clause (forum_id, topic_id)
-		$where_sql = 'WHERE ' . $mode{0} . ".$where_type IN (" . implode(', ', $where_ids) . ')';
+		$where_sql = 'WHERE ' . $db->sql_in_set($mode{0} . '.' . $where_type, $where_ids);
 		$where_sql_and = $where_sql . "\n\tAND";
 	}
 
@@ -1091,7 +1112,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 					}
 
 					$sql = 'DELETE FROM ' . TOPICS_TABLE . '
-						WHERE topic_id IN (' . implode(', ', $topic_id_ary) . ')';
+						WHERE ' . $db->sql_in_set('topic_id', $topic_id_ary);
 					$db->sql_query($sql);
 
 				break;
@@ -1130,7 +1151,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 
 					$sql = 'UPDATE ' . TOPICS_TABLE . '
 						SET topic_approved = 1 - topic_approved
-						WHERE topic_id IN (' . implode(', ', $topic_ids) . ')';
+						WHERE ' . $db->sql_in_set('topic_id', $topic_ids);
 					$db->sql_query($sql);
 				break;
 			}
@@ -1157,7 +1178,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 
 			$sql = 'SELECT DISTINCT(post_id)
 				FROM ' . REPORTS_TABLE . '
-				WHERE post_id IN (' . implode(', ', $post_ids) . ')
+				WHERE ' . $db->sql_in_set('post_id', $post_ids) . '
 					AND report_closed = 0';
 			$result = $db->sql_query($sql);
 
@@ -1186,7 +1207,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 			{
 				$sql = 'UPDATE ' . POSTS_TABLE . '
 					SET post_reported = 1 - post_reported
-					WHERE post_id IN (' . implode(', ', $post_ids) . ')';
+					WHERE ' . $db->sql_in_set('post_id', $post_ids);
 				$db->sql_query($sql);
 			}
 		break;
@@ -1228,7 +1249,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 			{
 				$sql = 'UPDATE ' . TOPICS_TABLE . '
 					SET topic_reported = 1 - topic_reported
-					WHERE topic_id IN (' . implode(', ', $topic_ids) . ')';
+					WHERE ' . $db->sql_in_set('topic_id', $topic_ids);
 				$db->sql_query($sql);
 			}
 		break;
@@ -1254,7 +1275,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 
 			$sql = 'SELECT DISTINCT(post_msg_id)
 				FROM ' . ATTACHMENTS_TABLE . '
-				WHERE post_msg_id IN (' . implode(', ', $post_ids) . ')
+				WHERE ' . $db->sql_in_set('post_msg_id', $post_ids) . '
 					AND in_message = 0';
 			$result = $db->sql_query($sql);
 
@@ -1283,7 +1304,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 			{
 				$sql = 'UPDATE ' . POSTS_TABLE . '
 					SET post_attachment = 1 - post_attachment
-					WHERE post_id IN (' . implode(', ', $post_ids) . ')';
+					WHERE ' . $db->sql_in_set('post_id', $post_ids);
 				$db->sql_query($sql);
 			}
 		break;
@@ -1325,7 +1346,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 			{
 				$sql = 'UPDATE ' . TOPICS_TABLE . '
 					SET topic_attachment = 1 - topic_attachment
-					WHERE topic_id IN (' . implode(', ', $topic_ids) . ')';
+					WHERE ' . $db->sql_in_set('topic_id', $topic_ids);
 				$db->sql_query($sql);
 			}
 		break;
@@ -1360,10 +1381,15 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 			}
 			$db->sql_freeresult($result);
 
+			if (!sizeof($forum_ids))
+			{
+				break;
+			}
+
 			// 2: Get topic counts for each forum
 			$sql = 'SELECT forum_id, topic_approved, COUNT(topic_id) AS forum_topics
 				FROM ' . TOPICS_TABLE . '
-				WHERE forum_id IN (' . implode(', ', $forum_ids) . ')
+				WHERE ' . $db->sql_in_set('forum_id', $forum_ids) . '
 				GROUP BY forum_id, topic_approved';
 			$result = $db->sql_query($sql);
 
@@ -1382,7 +1408,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 			// 3: Get post count and last_post_id for each forum
 			$sql = 'SELECT forum_id, COUNT(post_id) AS forum_posts, MAX(post_id) AS last_post_id
 				FROM ' . POSTS_TABLE . '
-				WHERE forum_id IN (' . implode(', ', $forum_ids) . ')
+				WHERE ' . $db->sql_in_set('forum_id', $forum_ids) . '
 					AND post_approved = 1
 				GROUP BY forum_id';
 			$result = $db->sql_query($sql);
@@ -1403,7 +1429,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 			{
 				$sql = 'SELECT p.post_id, p.poster_id, p.post_time, p.post_username, u.username
 					FROM ' . POSTS_TABLE . ' p, ' . USERS_TABLE . ' u
-					WHERE p.post_id IN (' . implode(', ', $post_ids) . ')
+					WHERE ' . $db->sql_in_set('p.post_id', $post_ids) . '
 						AND p.poster_id = u.user_id';
 				$result = $db->sql_query($sql);
 
@@ -1469,15 +1495,21 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 		break;
 
 		case 'topic':
-			$topic_data = $post_ids = $approved_unapproved_ids = $resync_forums = $delete_topics = $delete_posts = array();
+			$topic_data = $post_ids = $approved_unapproved_ids = $resync_forums = $delete_topics = $delete_posts = $moved_topics = array();
 
-			$sql = 'SELECT t.topic_id, t.forum_id, t.topic_approved, ' . (($sync_extra) ? 't.topic_attachment, t.topic_reported, ' : '') . 't.topic_poster, t.topic_time, t.topic_replies, t.topic_replies_real, t.topic_first_post_id, t.topic_first_poster_name, t.topic_last_post_id, t.topic_last_poster_id, t.topic_last_poster_name, t.topic_last_post_time
+			$sql = 'SELECT t.topic_id, t.forum_id, t.topic_moved_id, t.topic_approved, ' . (($sync_extra) ? 't.topic_attachment, t.topic_reported, ' : '') . 't.topic_poster, t.topic_time, t.topic_replies, t.topic_replies_real, t.topic_first_post_id, t.topic_first_poster_name, t.topic_last_post_id, t.topic_last_poster_id, t.topic_last_poster_name, t.topic_last_post_time
 				FROM ' . TOPICS_TABLE . " t
 				$where_sql";
 			$result = $db->sql_query($sql);
 
 			while ($row = $db->sql_fetchrow($result))
 			{
+				if ($row['topic_moved_id'])
+				{
+					$moved_topics[] = $row['topic_id'];
+					continue;
+				}
+
 				$topic_id = (int) $row['topic_id'];
 				$topic_data[$topic_id] = $row;
 				$topic_data[$topic_id]['replies_real'] = -1;
@@ -1581,9 +1613,34 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 				unset($delete_topics, $delete_topic_ids);
 			}
 
+			// Make sure shadow topics do link to existing topics
+			if (sizeof($moved_topics))
+			{
+				$delete_topics = array();
+
+				$sql = 'SELECT t1.topic_id, t1.topic_moved_id
+					FROM ' . TOPICS_TABLE . ' t1
+					LEFT JOIN ' . TOPICS_TABLE . ' t2 ON (t2.topic_id = t1.topic_moved_id)
+					WHERE ' . $db->sql_in_set('t1.topic_id', $moved_topics) . '
+						AND t2.topic_id IS NULL';
+				$result = $db->sql_query($sql);
+
+				while ($row = $db->sql_fetchrow($result))
+				{
+					$delete_topics[] = $row['topic_id'];
+				}
+				$db->sql_freeresult($result);
+
+				if (sizeof($delete_topics))
+				{
+					delete_topics('topic_id', $delete_topics, false);
+				}
+				unset($delete_topics);
+			}
+
 			$sql = 'SELECT p.post_id, p.topic_id, p.post_approved, p.poster_id, p.post_username, p.post_time, u.username
 				FROM ' . POSTS_TABLE . ' p, ' . USERS_TABLE . ' u
-				WHERE p.post_id IN (' . implode(',', $post_ids) . ')
+				WHERE ' . $db->sql_in_set('p.post_id', $post_ids) . '
 					AND u.user_id = p.poster_id';
 			$result = $db->sql_query($sql);
 
@@ -1617,7 +1674,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 			{
 				$sql = 'UPDATE ' . TOPICS_TABLE . '
 					SET topic_approved = 1 - topic_approved
-					WHERE topic_id IN (' . implode(', ', $approved_unapproved_ids) . ')';
+					WHERE ' . $db->sql_in_set('topic_id', $approved_unapproved_ids);
 				$db->sql_query($sql);
 			}
 			unset($approved_unapproved_ids);
@@ -1704,9 +1761,18 @@ function prune($forum_id, $prune_mode, $prune_date, $prune_flags = 0, $auto_sync
 {
 	global $db;
 
-	$sql_forum = (is_array($forum_id)) ? ' IN (' . implode(', ', array_map('intval', $forum_id)) . ')' : ' = ' . (int) $forum_id;
+	if (!is_array($forum_id))
+	{
+		$forum_id = array($forum_id);
+	}
+
+	if (!sizeof($forum_id))
+	{
+		return;
+	}
 
 	$sql_and = '';
+
 	if (!($prune_flags & 4))
 	{
 		$sql_and .= ' AND topic_type <> ' . POST_ANNOUNCE;
@@ -1728,8 +1794,8 @@ function prune($forum_id, $prune_mode, $prune_date, $prune_flags = 0, $auto_sync
 	}
 
 	$sql = 'SELECT topic_id
-		FROM ' . TOPICS_TABLE . "
-		WHERE forum_id $sql_forum
+		FROM ' . TOPICS_TABLE . '
+		WHERE ' . $db->sql_in_set('forum_id', $forum_id) . "
 			AND poll_start = 0 
 			$sql_and";
 	$result = $db->sql_query($sql);
@@ -1744,8 +1810,8 @@ function prune($forum_id, $prune_mode, $prune_date, $prune_flags = 0, $auto_sync
 	if ($prune_flags & 2)
 	{
 		$sql = 'SELECT topic_id
-			FROM ' . TOPICS_TABLE . "
-			WHERE forum_id $sql_forum 
+			FROM ' . TOPICS_TABLE . '
+			WHERE ' . $db->sql_in_set('forum_id', $forum_id) . "
 				AND poll_start > 0 
 				AND poll_last_vote < $prune_date 
 				$sql_and";
@@ -1879,7 +1945,7 @@ function cache_moderators()
 	// Clear table
 	$db->sql_query(((SQL_LAYER != 'sqlite') ? 'TRUNCATE TABLE ' : 'DELETE FROM ') . MODERATOR_CACHE_TABLE);
 
-	// We add moderators who have forum moderator permissions without an explicit ACL_NO setting
+	// We add moderators who have forum moderator permissions without an explicit ACL_NEVER setting
 	$hold_ary = $ug_id_ary = $sql_ary = array();
 
 	// Grab all users having moderative options...
@@ -1909,12 +1975,13 @@ function cache_moderators()
 			),
 
 			'WHERE'		=> '(o.auth_option_id = a.auth_option_id OR o.auth_option_id = r.auth_option_id)
-				AND ((a.auth_setting = ' . ACL_NO . ' AND r.auth_setting IS NULL)
-					OR r.auth_setting = ' . ACL_NO . ')
+				AND ((a.auth_setting = ' . ACL_NEVER . ' AND r.auth_setting IS NULL)
+					OR r.auth_setting = ' . ACL_NEVER . ')
 				AND a.group_id = ug.group_id
-				AND ug.user_id IN (' . implode(', ', $ug_id_ary) . ")
+				AND ' . $db->sql_in_set('ug.user_id', $ug_id_ary) . "
 				AND ug.user_pending = 0
-				AND o.auth_option LIKE 'm\_%'",
+				AND o.auth_option LIKE 'm\_%'" . 
+				((SQL_LAYER == 'mssql' || SQL_LAYER == 'mssql_odbc') ? " ESCAPE '\\'" : ''),
 		));
 		$result = $db->sql_query($sql);
 
@@ -1932,7 +1999,7 @@ function cache_moderators()
 			// Get usernames...
 			$sql = 'SELECT user_id, username
 				FROM ' . USERS_TABLE . '
-				WHERE user_id IN (' . implode(', ', array_keys($hold_ary)) . ')';
+				WHERE ' . $db->sql_in_set('user_id', array_keys($hold_ary));
 			$result = $db->sql_query($sql);
 
 			$usernames_ary = array();
@@ -1967,7 +2034,7 @@ function cache_moderators()
 		// Make sure not hidden or special groups are involved...
 		$sql = 'SELECT group_name, group_id, group_type
 			FROM  ' . GROUPS_TABLE . '
-			WHERE group_id IN (' . implode(', ', $ug_id_ary) . ')';
+			WHERE ' . $db->sql_in_set('group_id', $ug_id_ary);
 		$result = $db->sql_query($sql);
 
 		$groupnames_ary = array();
@@ -2060,7 +2127,7 @@ function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id
 			}
 			else if (is_array($forum_id))
 			{
-				$sql_forum = 'AND l.forum_id IN (' . implode(', ', array_map('intval', $forum_id)) . ')';
+				$sql_forum = 'AND ' . $db->sql_in_set('l.forum_id', array_map('intval', $forum_id));
 			}
 			else
 			{
@@ -2131,12 +2198,8 @@ function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id
 
 			if (isset($user->lang[$row['log_operation']]))
 			{
-				foreach ($log_data_ary as $log_data)
-				{
-					$log_data = str_replace("\n", '<br />', censor_text($log_data));
-
-					$log[$i]['action'] = preg_replace('#%s#', $log_data, $log[$i]['action'], 1);
-				}
+				$log[$i]['action'] = vsprintf($log[$i]['action'], $log_data_ary);
+				$log[$i]['action'] = str_replace("\n", '<br />', censor_text($log[$i]['action']));
 			}
 			else
 			{
@@ -2156,7 +2219,7 @@ function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id
 		// although it's also used to determine if the topic still exists in the database
 		$sql = 'SELECT topic_id, forum_id
 			FROM ' . TOPICS_TABLE . '
-			WHERE topic_id IN (' . implode(', ', array_map('intval', $topic_id_list)) . ')';
+			WHERE ' . $db->sql_in_set('topic_id', array_map('intval', $topic_id_list));
 		$result = $db->sql_query($sql);
 
 		$default_forum_id = 0;
@@ -2454,9 +2517,8 @@ function tidy_warnings()
 	{
 		$db->sql_transaction('begin');
 
-		$sql_where = ' IN (' . implode(', ', $warning_list) . ')';
-		$sql = 'DELETE FROM ' . WARNINGS_TABLE . "
-			WHERE warning_id $sql_where";
+		$sql = 'DELETE FROM ' . WARNINGS_TABLE . '
+			WHERE ' . $db->sql_in_set('warning_id', $warning_list);
 		$db->sql_query($sql);
 	
 		foreach ($user_list as $user_id => $value)
@@ -2479,20 +2541,7 @@ function tidy_database()
 {
 	global $db;
 
-	// Recalculate binary tree for forums
-	recalc_btree('forum_id', FORUMS_TABLE);
 
-	// Recalculate binary tree for modules
-	$sql = 'SELECT module_class
-		FROM ' . MODULES_TABLE . '
-		GROUP BY module_class';
-	$result = $db->sql_query($sql);
-
-	while ($row = $db->sql_fetchrow($result))
-	{	
-		recalc_btree('module_id', MODULES_TABLE, $row['module_class']);
-	}
-	$db->sql_freeresult($result);
 
 	set_config('database_last_gc', time(), true);
 }

phpBB/includes/functions_display.php

@@ -46,16 +46,16 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 	// Display list of active topics for this category?
 	$show_active = (isset($root_data['forum_flags']) && $root_data['forum_flags'] & 16) ? true : false;
 
+	$sql_from = FORUMS_TABLE . ' f ';
+	$lastread_select = $sql_lastread = '';
+
 	if ($config['load_db_lastread'] && $user->data['is_registered'])
 	{
 		$sql_from = FORUMS_TABLE . ' f LEFT JOIN ' . FORUMS_TRACK_TABLE . ' ft ON (ft.user_id = ' . $user->data['user_id'] . ' AND ft.forum_id = f.forum_id)';
 		$lastread_select = ', ft.mark_time ';
 	}
-	else
+	else if ($config['load_anon_lastread'] || $user->data['is_registered'])
 	{
-		$sql_from = FORUMS_TABLE . ' f ';
-		$lastread_select = $sql_lastread = '';
-
 		$tracking_topics = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : '';
 		$tracking_topics = ($tracking_topics) ? unserialize($tracking_topics) : array();
 
@@ -116,7 +116,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 		{
 			$forum_tracking_info[$forum_id] = (!empty($row['mark_time'])) ? $row['mark_time'] : $user->data['user_lastmark'];
 		}
-		else
+		else if ($config['load_anon_lastread'] || $user->data['is_registered'])
 		{
 			if (!$user->data['is_registered'])
 			{
@@ -156,7 +156,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 			$parent_id = $forum_id;
 			$forum_rows[$forum_id] = $row;
 
-			if (!$row['parent_id'] && $row['forum_type'] == FORUM_CAT && $row['parent_id'] == $root_data['forum_id'])
+			if ($row['forum_type'] == FORUM_CAT && $row['parent_id'] == $root_data['forum_id'])
 			{
 				$branch_root_id = $forum_id;
 			}
@@ -228,13 +228,13 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 	foreach ($forum_rows as $row)
 	{
 		// Empty category
-		if (!$row['parent_id'] && $row['forum_type'] == FORUM_CAT)
+		if ($row['parent_id'] == $root_data['forum_id'] && $row['forum_type'] == FORUM_CAT)
 		{
 			$template->assign_block_vars('forumrow', array(
 				'S_IS_CAT'				=> true,
 				'FORUM_ID'				=> $row['forum_id'],
 				'FORUM_NAME'			=> $row['forum_name'],
-				'FORUM_DESC'			=> generate_text_for_display($row['forum_desc'], $row['forum_desc_uid'], $row['forum_desc_bitfield']),
+				'FORUM_DESC'			=> generate_text_for_display($row['forum_desc'], $row['forum_desc_uid'], $row['forum_desc_bitfield'], $row['forum_desc_options']),
 				'FORUM_FOLDER_IMG'		=> ($row['forum_image']) ? '<img src="' . $phpbb_root_path . $row['forum_image'] . '" alt="' . $user->lang['FORUM_CAT'] . '" />' : '',
 				'FORUM_FOLDER_IMG_SRC'	=> ($row['forum_image']) ? $phpbb_root_path . $row['forum_image'] : '',
 				'U_VIEWFORUM'			=> append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $row['forum_id']))
@@ -273,14 +273,14 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 			}
 
 			$l_subforums = (sizeof($subforums[$forum_id]) == 1) ? $user->lang['SUBFORUM'] . ': ' : $user->lang['SUBFORUMS'] . ': ';
-			$folder_image = ($forum_unread) ? 'sub_forum_new' : 'sub_forum';
+			$folder_image = ($forum_unread) ? 'forum_unread_subforum' : 'forum_read_subforum';
 		}
 		else
 		{
 			switch ($row['forum_type'])
 			{
 				case FORUM_POST:
-					$folder_image = ($forum_unread) ? 'forum_new' : 'forum';
+					$folder_image = ($forum_unread) ? 'forum_unread' : 'forum_read';
 				break;
 
 				case FORUM_LINK:
@@ -292,7 +292,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 		// Which folder should we display?
 		if ($row['forum_status'] == ITEM_LOCKED)
 		{
-			$folder_image = 'forum_locked';
+			$folder_image = ($forum_unread) ? 'forum_unread_locked' : 'forum_read_locked';
 			$folder_alt = 'FORUM_LOCKED';
 		}
 		else
@@ -334,7 +334,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 
 			'FORUM_ID'				=> $row['forum_id'],
 			'FORUM_NAME'			=> $row['forum_name'],
-			'FORUM_DESC'			=> generate_text_for_display($row['forum_desc'], $row['forum_desc_uid'], $row['forum_desc_bitfield']),
+			'FORUM_DESC'			=> generate_text_for_display($row['forum_desc'], $row['forum_desc_uid'], $row['forum_desc_bitfield'], $row['forum_desc_options']),
 			'TOPICS'				=> $row['forum_topics'],
 			$l_post_click_count		=> $post_click_count,
 			'FORUM_FOLDER_IMG'		=> ($row['forum_image']) ? '<img src="' . $phpbb_root_path . $row['forum_image'] . '" alt="' . $user->lang[$folder_alt] . '" />' : $user->img($folder_image, $folder_alt),
@@ -358,7 +358,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 		'U_MARK_FORUMS'		=> append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $root_data['forum_id'] . '&amp;mark=forums'),
 		'S_HAS_SUBFORUM'	=> ($visible_forums) ? true : false,
 		'L_SUBFORUM'		=> ($visible_forums == 1) ? $user->lang['SUBFORUM'] : $user->lang['SUBFORUMS'],
-		'LAST_POST_IMG'		=> $user->img('icon_post_latest', 'VIEW_LATEST_POST'))
+		'LAST_POST_IMG'		=> $user->img('icon_topic_latest', 'VIEW_LATEST_POST'))
 	);
 
 	if ($return_moderators)
@@ -383,7 +383,7 @@ function generate_forum_rules(&$forum_data)
 
 	if ($forum_data['forum_rules'])
 	{
-		$forum_data['forum_rules'] = generate_text_for_display($forum_data['forum_rules'], $forum_data['forum_rules_uid'], $forum_data['forum_rules_bitfield']);
+		$forum_data['forum_rules'] = generate_text_for_display($forum_data['forum_rules'], $forum_data['forum_rules_uid'], $forum_data['forum_rules_bitfield'], $forum_data['forum_rules_options']);
 	}
 
 	$template->assign_vars(array(
@@ -443,7 +443,7 @@ function generate_forum_nav(&$forum_data)
 	$template->assign_vars(array(
 		'FORUM_ID' 		=> $forum_data['forum_id'],
 		'FORUM_NAME'	=> $forum_data['forum_name'],
-		'FORUM_DESC'	=> generate_text_for_display($forum_data['forum_desc'], $forum_data['forum_desc_uid'], $forum_data['forum_desc_bitfield']))
+		'FORUM_DESC'	=> generate_text_for_display($forum_data['forum_desc'], $forum_data['forum_desc_uid'], $forum_data['forum_desc_bitfield'], $forum_data['forum_desc_options']))
 	);
 
 	return;
@@ -556,18 +556,22 @@ function get_moderators(&$forum_moderators, $forum_id = false)
 		return;
 	}
 
-	if ($forum_id !== false && is_array($forum_id))
+	$forum_sql = '';
+
+	if ($forum_id !== false)
 	{
+		if (!is_array($forum_id))
+		{
+			$forum_id = array($forum_id);
+		}
+
 		// If we don't have a forum then we can't have a moderator
 		if (!sizeof($forum_id))
 		{
 			return;
 		}
-		$forum_sql = 'AND forum_id IN (' . implode(', ', $forum_id) . ')';
-	}
-	else
-	{
-		$forum_sql = ($forum_id !== false) ? 'AND forum_id = ' . $forum_id : '';
+
+		$forum_sql = 'AND ' . $db->sql_in_set('forum_id', $forum_id);
 	}
 
 	$sql = 'SELECT *
@@ -626,7 +630,7 @@ function topic_status(&$topic_row, $replies, $unread_topic, &$folder_img, &$fold
 	if ($topic_row['topic_status'] == ITEM_MOVED)
 	{
 		$topic_type = $user->lang['VIEW_TOPIC_MOVED'];
-		$folder_img = 'folder_moved';
+		$folder_img = 'topic_moved';
 		$folder_alt = 'VIEW_TOPIC_MOVED';
 	}
 	else
@@ -634,28 +638,32 @@ function topic_status(&$topic_row, $replies, $unread_topic, &$folder_img, &$fold
 		switch ($topic_row['topic_type'])
 		{
 			case POST_GLOBAL:
+				$topic_type = $user->lang['VIEW_TOPIC_GLOBAL'];
+				$folder = 'global_read';
+				$folder_new = 'global_unread';
+			break;
+
 			case POST_ANNOUNCE:
 				$topic_type = $user->lang['VIEW_TOPIC_ANNOUNCEMENT'];
-				$folder = 'folder_announce';
-				$folder_new = 'folder_announce_new';
+				$folder = 'announce_read';
+				$folder_new = 'announce_unread';
 			break;
 
 			case POST_STICKY:
 				$topic_type = $user->lang['VIEW_TOPIC_STICKY'];
-				$folder = 'folder_sticky';
-				$folder_new = 'folder_sticky_new';
+				$folder = 'sticky_read';
+				$folder_new = 'sticky_unread';
 			break;
 
 			default:
-				if ($replies >= $config['hot_threshold'])
+				$topic_type = '';
+				$folder = 'topic_read';
+				$folder_new = 'topic_unread';
+
+				if ($config['hot_threshold'] && $replies >= $config['hot_threshold'])
 				{
-					$folder = 'folder_hot';
-					$folder_new = 'folder_hot_new';
-				}
-				else
-				{
-					$folder = 'folder';
-					$folder_new = 'folder_new';
+					$folder .= '_hot';
+					$folder_new .= '_hot';
 				}
 			break;
 		}
@@ -663,17 +671,18 @@ function topic_status(&$topic_row, $replies, $unread_topic, &$folder_img, &$fold
 		if ($topic_row['topic_status'] == ITEM_LOCKED)
 		{
 			$topic_type = $user->lang['VIEW_TOPIC_LOCKED'];
-			$folder = 'folder_locked';
-			$folder_new = 'folder_locked_new';
+			$folder .= '_locked';
+			$folder_new .= '_locked';
 		}
 
+
 		$folder_img = ($unread_topic) ? $folder_new : $folder;
 		$folder_alt = ($unread_topic) ? 'NEW_POSTS' : (($topic_row['topic_status'] == ITEM_LOCKED) ? 'TOPIC_LOCKED' : 'NO_NEW_POSTS');
 
 		// Posted image?
 		if (!empty($topic_row['topic_posted']) && $topic_row['topic_posted'])
 		{
-			$folder_img .= '_posted';
+			$folder_img .= '_mine';
 		}
 	}
 
@@ -719,9 +728,9 @@ function display_attachments($forum_id, $blockname, &$attachment_data, &$update_
 
 		if (isset($extensions[$attachment['extension']]))
 		{
-			if ($user->img('icon_attach', '') && !$extensions[$attachment['extension']]['upload_icon'])
+			if ($user->img('icon_topic_attach', '') && !$extensions[$attachment['extension']]['upload_icon'])
 			{
-				$upload_icon = $user->img('icon_attach', '');
+				$upload_icon = $user->img('icon_topic_attach', '');
 			}
 			else if ($extensions[$attachment['extension']]['upload_icon'])
 			{
@@ -733,7 +742,7 @@ function display_attachments($forum_id, $blockname, &$attachment_data, &$update_
 		$size_lang = ($filesize >= 1048576) ? $user->lang['MB'] : ( ($filesize >= 1024) ? $user->lang['KB'] : $user->lang['BYTES'] );
 		$filesize = ($filesize >= 1048576) ? round((round($filesize / 1048576 * 100) / 100), 2) : (($filesize >= 1024) ? round((round($filesize / 1024 * 100) / 100), 2) : $filesize);
 
-		$comment = str_replace("\n", '<br />', censor_text($attachment['comment']));
+		$comment = str_replace("\n", '<br />', censor_text($attachment['attach_comment']));
 
 		$block_array += array(
 			'UPLOAD_ICON'		=> $upload_icon,
@@ -784,12 +793,13 @@ function display_attachments($forum_id, $blockname, &$attachment_data, &$update_
 				}
 			}
 
+			$download_link = (!$force_physical && $attachment['attach_id']) ? append_sid("{$phpbb_root_path}download.$phpEx", 'id=' . $attachment['attach_id'] . '&amp;f=' . $forum_id) : $filename;
+
 			switch ($display_cat)
 			{
 				// Images
 				case ATTACHMENT_CATEGORY_IMAGE:
 					$l_downloaded_viewed = $user->lang['VIEWED'];
-					$download_link = $filename;
 
 					$block_array += array(
 						'S_IMAGE'		=> true,
@@ -801,17 +811,24 @@ function display_attachments($forum_id, $blockname, &$attachment_data, &$update_
 				// Images, but display Thumbnail
 				case ATTACHMENT_CATEGORY_THUMB:
 					$l_downloaded_viewed = $user->lang['VIEWED'];
-					$download_link = (!$force_physical && $attachment['attach_id']) ? append_sid("{$phpbb_root_path}download.$phpEx", 'id=' . $attachment['attach_id']) : $filename;
+					$thumbnail_link = (!$force_physical && $attachment['attach_id']) ? append_sid("{$phpbb_root_path}download.$phpEx", 'id=' . $attachment['attach_id'] . '&amp;t=1&amp;f=' . $forum_id) : $thumbnail_filename;
 
 					$block_array += array(
 						'S_THUMBNAIL'		=> true,
-						'THUMB_IMAGE'		=> $thumbnail_filename,
+						'THUMB_IMAGE'		=> $thumbnail_link,
 					);
 				break;
 
 				// Windows Media Streams
 				case ATTACHMENT_CATEGORY_WM:
 					$l_downloaded_viewed = $user->lang['VIEWED'];
+
+					// The download link is slightly different, because somehow phpBB is not able to get the correct results if called
+					// within the wmp object (cookies are not present).
+					// $download_link = (!$force_physical && $attachment['attach_id']) ? generate_board_url() . append_sid("/download.$phpEx", 'id=' . $attachment['attach_id'] . '&f=' . $forum_id, false, $user->session_id) : $filename;
+
+					// Giving the filename directly because within the wm object all variables are in local context making it impossible
+					// to validate against a valid session (all params can differ)
 					$download_link = $filename;
 
 					$block_array += array(
@@ -825,7 +842,6 @@ function display_attachments($forum_id, $blockname, &$attachment_data, &$update_
 				// Real Media Streams
 				case ATTACHMENT_CATEGORY_RM:
 					$l_downloaded_viewed = $user->lang['VIEWED'];
-					$download_link = $filename;
 
 					$block_array += array(
 						'S_RM_FILE'		=> true,
@@ -856,7 +872,6 @@ function display_attachments($forum_id, $blockname, &$attachment_data, &$update_
 */
 				default:
 					$l_downloaded_viewed = $user->lang['DOWNLOADED'];
-					$download_link = (!$force_physical && $attachment['attach_id']) ? append_sid("{$phpbb_root_path}download.$phpEx", 'id=' . $attachment['attach_id']) : $filename;
 
 					$block_array += array(
 						'S_FILE'		=> true,
@@ -892,6 +907,40 @@ function display_attachments($forum_id, $blockname, &$attachment_data, &$update_
 	return $return_tpl;
 }
 
+/**
+* Assign/Build custom bbcodes for display in screens supporting using of bbcodes
+* The custom bbcodes buttons will be placed within the template block 'custom_codes'
+*/
+function display_custom_bbcodes()
+{
+	global $db, $template;
+
+	// Start counting from 22 for the bbcode ids (every bbcode takes two ids - opening/closing)
+	$num_predefined_bbcodes = 22;
+
+	/*
+	* @todo while adjusting custom bbcodes, think about caching this query as well as correct ordering
+	*/
+	$sql = 'SELECT bbcode_id, bbcode_tag, bbcode_helpline
+		FROM ' . BBCODES_TABLE . '
+		WHERE display_on_posting = 1';
+	$result = $db->sql_query($sql);
+
+	$i = 0;
+	while ($row = $db->sql_fetchrow($result))
+	{
+		$template->assign_block_vars('custom_tags', array(
+			'BBCODE_NAME'		=> "'[{$row['bbcode_tag']}]', '[/" . str_replace('=', '', $row['bbcode_tag']) . "]'",
+			'BBCODE_ID'			=> $num_predefined_bbcodes + ($i * 2),
+			'BBCODE_TAG'		=> $row['bbcode_tag'],
+			'BBCODE_HELPLINE'	=> $row['bbcode_helpline'])
+		);
+
+		$i++;
+	}
+	$db->sql_freeresult($result);
+}
+
 /**
 * Display reasons
 */
@@ -967,7 +1016,7 @@ function display_user_activity(&$userdata)
 	}
 
 	$forum_ary = array_unique($forum_ary);
-	$post_count_sql = (sizeof($forum_ary)) ? 'AND f.forum_id NOT IN (' . implode(', ', $forum_ary) . ')' : '';
+	$post_count_sql = (sizeof($forum_ary)) ? 'AND ' . $db->sql_in_set('f.forum_id', $forum_ary, true) : '';
 
 	// Firebird does not support ORDER BY on aliased columns
 	// MySQL does not support ORDER BY on functions
@@ -1073,10 +1122,10 @@ function display_user_activity(&$userdata)
 	$template->assign_vars(array(
 		'ACTIVE_FORUM'			=> $active_f_name,
 		'ACTIVE_FORUM_POSTS'	=> ($active_f_count == 1) ? sprintf($user->lang['USER_POST'], 1) : sprintf($user->lang['USER_POSTS'], $active_f_count),
-		'ACTIVE_FORUM_PCT'		=> sprintf($user->lang['POST_PCT'], $active_f_pct),
+		'ACTIVE_FORUM_PCT'		=> sprintf($user->lang['POST_PCT_ACTIVE'], $active_f_pct),
 		'ACTIVE_TOPIC'			=> censor_text($active_t_name),
 		'ACTIVE_TOPIC_POSTS'	=> ($active_t_count == 1) ? sprintf($user->lang['USER_POST'], 1) : sprintf($user->lang['USER_POSTS'], $active_t_count),
-		'ACTIVE_TOPIC_PCT'		=> sprintf($user->lang['POST_PCT'], $active_t_pct),
+		'ACTIVE_TOPIC_PCT'		=> sprintf($user->lang['POST_PCT_ACTIVE'], $active_t_pct),
 		'U_ACTIVE_FORUM'		=> append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $active_f_id),
 		'U_ACTIVE_TOPIC'		=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", 't=' . $active_t_id))
 	);

phpBB/includes/functions_messenger.php

@@ -352,8 +352,8 @@ class messenger
 		$headers .= "Content-transfer-encoding: 8bit\n";
 		$headers .= "X-Priority: {$this->mail_priority}\n";
 		$headers .= 'X-MSMail-Priority: ' . (($this->mail_priority == MAIL_LOW_PRIORITY) ? 'Low' : (($this->mail_priority == MAIL_NORMAL_PRIORITY) ? 'Normal' : 'High')) . "\n";
-		$headers .= "X-Mailer: PhpBB\n";
-		$headers .= "X-MimeOLE: phpBB\n";
+		$headers .= "X-Mailer: PhpBB3\n";
+		$headers .= "X-MimeOLE: phpBB3\n";
 		$headers .= "X-phpBB-Origin: phpbb://" . str_replace(array('http://', 'https://'), array('', ''), generate_board_url()) . "\n";
 		$headers .= ($this->extra_headers != '') ? $this->extra_headers : '';
 
@@ -363,7 +363,14 @@ class messenger
 			$mail_to = ($to == '') ? 'Undisclosed-Recipient:;' : $to;
 			$err_msg = '';
 
-			$result = ($config['smtp_delivery']) ? smtpmail($this->addresses, $this->subject, wordwrap($this->msg), $err_msg, $this->encoding, $headers) : @$config['email_function_name']($mail_to, $this->subject, implode("\n", preg_split("/\r?\n/", wordwrap($this->msg))), $headers);
+			if ($config['smtp_delivery'])
+			{
+				$result = smtpmail($this->addresses, $this->subject, wordwrap($this->msg), $err_msg, $this->encoding, $headers);
+			}
+			else
+			{
+				$result = @$config['email_function_name']($mail_to, $this->subject, implode("\n", preg_split("/\r?\n/", wordwrap($this->msg))), $headers);
+			}
 
 			if (!$result)
 			{
@@ -808,8 +815,11 @@ function smtpmail($addresses, $subject, $message, &$err_msg, $encoding, $headers
 
 	$smtp = new smtp_class;
 
+	$errno = 0;
+	$errstr = '';
+
 	// Ok we have error checked as much as we can to this point let's get on it already.
-	if (!$smtp->socket = fsockopen($config['smtp_host'], $config['smtp_port'], $errno, $errstr, 20))
+	if (!$smtp->socket = @fsockopen($config['smtp_host'], $config['smtp_port'], $errno, $errstr, 20))
 	{
 		$err_msg = (isset($user->lang['NO_CONNECT_TO_SMTP_HOST'])) ? sprintf($user->lang['NO_CONNECT_TO_SMTP_HOST'], $errno, $errstr) : "Could not connect to smtp host : $errno : $errstr";
 		return false;

phpBB/includes/functions_module.php

@@ -20,8 +20,8 @@ class p_master
 	var $p_mode;
 	var $p_parent;
 
+	var $active_module = false;
 	var $acl_forum_id = false;
-
 	var $module_ary = array();
 
 	/**
@@ -86,7 +86,7 @@ class p_master
 			}
 
 			// Category with no members, ignore
-			if (!$row['module_name'] && ($row['left_id'] + 1 == $row['right_id']))
+			if (!$row['module_basename'] && ($row['left_id'] + 1 == $row['right_id']))
 			{
 				unset($this->module_cache['modules'][$key]);
 				continue;
@@ -135,7 +135,7 @@ class p_master
 			}
 
 			// Category with no members on their way down (we have to check every level)
-			if (!$row['module_name'])
+			if (!$row['module_basename'])
 			{
 				$empty_category = true;
 
@@ -145,7 +145,7 @@ class p_master
 					if ($temp_row['left_id'] > $row['left_id'] && $temp_row['left_id'] < $row['right_id'])
 					{
 						// Module there
-						if ($temp_row['module_name'] && $temp_row['module_enabled'])
+						if ($temp_row['module_basename'] && $temp_row['module_enabled'])
 						{
 							$empty_category = false;
 							break;
@@ -168,15 +168,15 @@ class p_master
 			// We need to prefix the functions to not create a naming conflict
 			
 			// Function for building 'url_extra'
-			$url_func = '_module_' . $row['module_name'] . '_url';
+			$url_func = '_module_' . $row['module_basename'] . '_url';
 
 			// Function for building the language name
-			$lang_func = '_module_' . $row['module_name'] . '_lang';
+			$lang_func = '_module_' . $row['module_basename'] . '_lang';
 
 			// Custom function for calling parameters on module init (for example assigning template variables)
-			$custom_func = '_module_' . $row['module_name'];
+			$custom_func = '_module_' . $row['module_basename'];
 
-			$names[$row['module_name'] . '_' . $row['module_mode']][] = true;
+			$names[$row['module_basename'] . '_' . $row['module_mode']][] = true;
 			
 			$module_row = array(
 				'depth'		=> $depth,
@@ -185,15 +185,15 @@ class p_master
 				'parent'	=> (int) $row['parent_id'],
 				'cat'		=> ($row['right_id'] > $row['left_id'] + 1) ? true : false,
 
-				'is_duplicate'	=> ($row['module_name'] && sizeof($names[$row['module_name'] . '_' . $row['module_mode']]) > 1) ? true : false,
+				'is_duplicate'	=> ($row['module_basename'] && sizeof($names[$row['module_basename'] . '_' . $row['module_mode']]) > 1) ? true : false,
 
-				'name'		=> (string) $row['module_name'],
+				'name'		=> (string) $row['module_basename'],
 				'mode'		=> (string) $row['module_mode'],
 				'display'	=> (int) $row['module_display'],
 
 				'url_extra'	=> (function_exists($url_func)) ? $url_func($row['module_mode']) : '',
 				
-				'lang'		=> ($row['module_name'] && function_exists($lang_func)) ? $lang_func($row['module_mode'], $row['module_langname']) : ((!empty($user->lang[$row['module_langname']])) ? $user->lang[$row['module_langname']] : $row['module_langname']),
+				'lang'		=> ($row['module_basename'] && function_exists($lang_func)) ? $lang_func($row['module_mode'], $row['module_langname']) : ((!empty($user->lang[$row['module_langname']])) ? $user->lang[$row['module_langname']] : $row['module_langname']),
 				'langname'	=> $row['module_langname'],
 
 				'left'		=> $row['left_id'],
@@ -239,6 +239,7 @@ class p_master
 	function set_active($id = false, $mode = false)
 	{
 		$icat = false;
+		$this->active_module = false;
 
 		if (request_var('icat', ''))
 		{
@@ -247,20 +248,20 @@ class p_master
 		}
 
 		$category = false;
-		foreach ($this->module_ary as $row_id => $itep_ary)
+		foreach ($this->module_ary as $row_id => $item_ary)
 		{
 			// If this is a module and it's selected, active
 			// If this is a category and the module is the first within it, active
 			// If this is a module and no mode selected, select first mode
 			// If no category or module selected, go active for first module in first category
 			if (
-				(($itep_ary['name'] === $id || $itep_ary['id'] === (int) $id) && (($itep_ary['mode'] == $mode && !$itep_ary['cat']) || ($icat && $itep_ary['cat']))) ||
-				($itep_ary['parent'] === $category && !$itep_ary['cat'] && !$icat) ||
-				(($itep_ary['name'] === $id || $itep_ary['id'] === (int) $id) && !$mode && !$itep_ary['cat']) ||
-				(!$id && !$mode && !$itep_ary['cat'])
+				(($item_ary['name'] === $id || $item_ary['id'] === (int) $id) && (($item_ary['mode'] == $mode && !$item_ary['cat']) || ($icat && $item_ary['cat']))) ||
+				($item_ary['parent'] === $category && !$item_ary['cat'] && !$icat) ||
+				(($item_ary['name'] === $id || $item_ary['id'] === (int) $id) && !$mode && !$item_ary['cat']) ||
+				(!$id && !$mode && !$item_ary['cat'])
 				)
 			{
-				if ($itep_ary['cat'])
+				if ($item_ary['cat'])
 				{
 					$id = $icat;
 					$icat = false;
@@ -268,20 +269,21 @@ class p_master
 					continue;
 				}
 
-				$this->p_id		= $itep_ary['id'];
-				$this->p_parent	= $itep_ary['parent'];
-				$this->p_name	= $itep_ary['name'];
-				$this->p_mode 	= $itep_ary['mode'];
-				$this->p_left	= $itep_ary['left'];
-				$this->p_right	= $itep_ary['right'];
+				$this->p_id		= $item_ary['id'];
+				$this->p_parent	= $item_ary['parent'];
+				$this->p_name	= $item_ary['name'];
+				$this->p_mode 	= $item_ary['mode'];
+				$this->p_left	= $item_ary['left'];
+				$this->p_right	= $item_ary['right'];
 
 				$this->module_cache['parents'] = $this->module_cache['parents'][$this->p_id];
+				$this->active_module = $item_ary['id'];
 
 				break;
 			}
-			else if (($itep_ary['cat'] && $itep_ary['id'] === (int) $id) || ($itep_ary['parent'] === $category && $itep_ary['cat']))
+			else if (($item_ary['cat'] && $item_ary['id'] === (int) $id) || ($item_ary['parent'] === $category && $item_ary['cat']))
 			{
-				$category = $itep_ary['id'];
+				$category = $item_ary['id'];
 			}
 		}
 	}
@@ -298,6 +300,11 @@ class p_master
 		$module_path = $phpbb_root_path . 'includes/' . $this->p_class;
 		$icat = request_var('icat', '');
 
+		if ($this->active_module === false)
+		{
+			trigger_error('Module not accessible', E_USER_ERROR);
+		}
+
 		if (!class_exists("{$this->p_class}_$this->p_name"))
 		{
 			if (!file_exists("$module_path/{$this->p_class}_$this->p_name.$phpEx"))
@@ -464,10 +471,10 @@ class p_master
 		// 1) In a linear fashion
 		// 2) In a combined tabbed + linear fashion ... tabs for the categories
 		//    and a linear list for subcategories/items
-		foreach ($this->module_ary as $row_id => $itep_ary)
+		foreach ($this->module_ary as $row_id => $item_ary)
 		{
 			// Skip hidden modules
-			if (!$itep_ary['display'])
+			if (!$item_ary['display'])
 			{
 				continue;
 			}
@@ -475,7 +482,7 @@ class p_master
 			// Skip branch
 			if ($right_id !== false)
 			{
-				if ($itep_ary['left'] < $right_id)
+				if ($item_ary['left'] < $right_id)
 				{
 					continue;
 				}
@@ -484,14 +491,14 @@ class p_master
 			}
 
 			// Category with no members on their way down (we have to check every level)
-			if (!$itep_ary['name'])
+			if (!$item_ary['name'])
 			{
 				$empty_category = true;
 
 				// We go through the branch and look for an activated module
 				foreach (array_slice($this->module_ary, $row_id + 1) as $temp_row)
 				{
-					if ($temp_row['left'] > $itep_ary['left'] && $temp_row['left'] < $itep_ary['right'])
+					if ($temp_row['left'] > $item_ary['left'] && $temp_row['left'] < $item_ary['right'])
 					{
 						// Module there and displayed?
 						if ($temp_row['name'] && $temp_row['display'])
@@ -507,18 +514,18 @@ class p_master
 				// Skip the branch
 				if ($empty_category)
 				{
-					$right_id = $itep_ary['right'];
+					$right_id = $item_ary['right'];
 					continue;
 				}
 			}
 
 			// Select first id we can get
-			if (!$current_id && (in_array($itep_ary['id'], array_keys($this->module_cache['parents'])) || $itep_ary['id'] == $this->p_id))
+			if (!$current_id && (in_array($item_ary['id'], array_keys($this->module_cache['parents'])) || $item_ary['id'] == $this->p_id))
 			{
-				$current_id = $itep_ary['id'];
+				$current_id = $item_ary['id'];
 			}
 
-			$depth = $itep_ary['depth'];
+			$depth = $item_ary['depth'];
 
 			if ($depth > $current_depth)
 			{
@@ -534,30 +541,30 @@ class p_master
 				}
 			}
 
-			$u_title = $module_url . $delim . 'i=' . (($itep_ary['cat']) ? $itep_ary['id'] : $itep_ary['name'] . (($itep_ary['is_duplicate']) ? '&amp;icat=' . $current_id : '') . '&amp;mode=' . $itep_ary['mode']);
-			$u_title .= (!$itep_ary['cat'] && isset($itep_ary['url_extra'])) ? $itep_ary['url_extra'] : '';
+			$u_title = $module_url . $delim . 'i=' . (($item_ary['cat']) ? $item_ary['id'] : $item_ary['name'] . (($item_ary['is_duplicate']) ? '&amp;icat=' . $current_id : '') . '&amp;mode=' . $item_ary['mode']);
+			$u_title .= (!$item_ary['cat'] && isset($item_ary['url_extra'])) ? $item_ary['url_extra'] : '';
 
 			// Only output a categories items if it's currently selected
-			if (!$depth || ($depth && (in_array($itep_ary['parent'], array_values($this->module_cache['parents'])) || $itep_ary['parent'] == $this->p_parent)))
+			if (!$depth || ($depth && (in_array($item_ary['parent'], array_values($this->module_cache['parents'])) || $item_ary['parent'] == $this->p_parent)))
 			{
 				$use_tabular_offset = (!$depth) ? 't_block1' : $tabular_offset;
 
 				$tpl_ary = array(
-					'L_TITLE'		=> $itep_ary['lang'],
-					'S_SELECTED'	=> (in_array($itep_ary['id'], array_keys($this->module_cache['parents'])) || $itep_ary['id'] == $this->p_id) ? true : false,
+					'L_TITLE'		=> $item_ary['lang'],
+					'S_SELECTED'	=> (in_array($item_ary['id'], array_keys($this->module_cache['parents'])) || $item_ary['id'] == $this->p_id) ? true : false,
 					'U_TITLE'		=> $u_title
 				);
 
-				$template->assign_block_vars($use_tabular_offset, array_merge($tpl_ary, array_change_key_case($itep_ary, CASE_UPPER)));
+				$template->assign_block_vars($use_tabular_offset, array_merge($tpl_ary, array_change_key_case($item_ary, CASE_UPPER)));
 			}
 
 			$tpl_ary = array(
-				'L_TITLE'		=> $itep_ary['lang'],
-				'S_SELECTED'	=> (in_array($itep_ary['id'], array_keys($this->module_cache['parents'])) || $itep_ary['id'] == $this->p_id) ? true : false,
+				'L_TITLE'		=> $item_ary['lang'],
+				'S_SELECTED'	=> (in_array($item_ary['id'], array_keys($this->module_cache['parents'])) || $item_ary['id'] == $this->p_id) ? true : false,
 				'U_TITLE'		=> $u_title
 			);
 
-			$template->assign_block_vars($linear_offset, array_merge($tpl_ary, array_change_key_case($itep_ary, CASE_UPPER)));
+			$template->assign_block_vars($linear_offset, array_merge($tpl_ary, array_change_key_case($item_ary, CASE_UPPER)));
 
 			$current_depth = $depth;
 		}
@@ -593,7 +600,10 @@ class p_master
 	{
 		$this->p_class = $class;
 		$this->p_name = $name;
-		
+
+		// Set active module to true instead of using the id
+		$this->active_module = true;
+
 		$this->load_active($mode);
 	}
 
@@ -633,9 +643,9 @@ class p_master
 	*/
 	function set_display($id, $mode = false, $display = true)
 	{
-		foreach ($this->module_ary as $row_id => $itep_ary)
+		foreach ($this->module_ary as $row_id => $item_ary)
 		{
-			if (($itep_ary['name'] === $id || $itep_ary['id'] === (int) $id) && (!$mode || $itep_ary['mode'] === $mode))
+			if (($item_ary['name'] === $id || $item_ary['id'] === (int) $id) && (!$mode || $item_ary['mode'] === $mode))
 			{
 				$this->module_ary[$row_id]['display'] = (int) $display;
 			}

phpBB/includes/functions_posting.php

@@ -114,9 +114,9 @@ function update_post_information($type, $ids, $return_update_sql = false)
 	$update_sql = $empty_forums = array();
 
 	$sql = 'SELECT ' . $type . '_id, MAX(post_id) as last_post_id
-		FROM ' . POSTS_TABLE . "
+		FROM ' . POSTS_TABLE . '
 		WHERE post_approved = 1
-			AND {$type}_id IN (" . implode(', ', $ids) . ")
+			AND ' . $db->sql_in_set($type . '_id', $ids) . "
 		GROUP BY {$type}_id";
 	$result = $db->sql_query($sql);
 
@@ -150,7 +150,7 @@ function update_post_information($type, $ids, $return_update_sql = false)
 		$sql = 'SELECT p.' . $type . '_id, p.post_id, p.post_time, p.poster_id, p.post_username, u.user_id, u.username
 			FROM ' . POSTS_TABLE . ' p, ' . USERS_TABLE . ' u
 			WHERE p.poster_id = u.user_id
-				AND p.post_id IN (' . implode(', ', $last_post_ids) . ')';
+				AND ' . $db->sql_in_set('p.post_id', $last_post_ids);
 		$result = $db->sql_query($sql);
 
 		while ($row = $db->sql_fetchrow($result))
@@ -339,9 +339,18 @@ function upload_attachment($form_name, $forum_id, $local = false, $local_storage
 		$file->upload->set_allowed_dimensions(0, 0, $config['img_max_width'], $config['img_max_height']);		
 	}
 
+	// Admins and mods are allowed to exceed the allowed filesize
 	if (!$auth->acl_get('a_') && !$auth->acl_get('m_', $forum_id))
 	{
-		$allowed_filesize = ($extensions[$file->get('extension')]['max_filesize'] != 0) ? $extensions[$file->get('extension')]['max_filesize'] : (($is_message) ? $config['max_filesize_pm'] : $config['max_filesize']);
+		if (!empty($extensions[$file->get('extension')]['max_filesize']))
+		{
+			$allowed_filesize = $extensions[$file->get('extension')]['max_filesize'];
+		}
+		else
+		{
+			$allowed_filesize = ($is_message) ? $config['max_filesize_pm'] : $config['max_filesize'];
+		}
+
 		$file->upload->set_max_filesize($allowed_filesize);
 	}
 
@@ -521,9 +530,10 @@ function create_thumbnail($source, $destination, $mimetype)
 
 	$used_imagick = false;
 
-	if ($config['img_imagick']) 
+	// Only use imagemagick if defined and the passthru function not disabled
+	if ($config['img_imagick'] && function_exists('passthru'))
 	{
-		passthru($config['img_imagick'] . 'convert' . ((defined('PHP_OS') && preg_match('#win#i', PHP_OS)) ? '.exe' : '') . ' -quality 85 -antialias -sample ' . $new_width . 'x' . $new_height . ' "' . str_replace('\\', '/', $source) . '" +profile "*" "' . str_replace('\\', '/', $destination) . '"');
+		passthru(escapeshellcmd($config['img_imagick']) . 'convert' . ((defined('PHP_OS') && preg_match('#^win#i', PHP_OS)) ? '.exe' : '') . ' -quality 85 -antialias -sample ' . $new_width . 'x' . $new_height . ' "' . str_replace('\\', '/', $source) . '" +profile "*" "' . str_replace('\\', '/', $destination) . '"');
 		if (file_exists($destination))
 		{
 			$used_imagick = true;
@@ -572,6 +582,12 @@ function create_thumbnail($source, $destination, $mimetype)
 				imagecopyresampled($new_image, $image, 0, 0, 0, 0, $new_width, $new_height, $width, $height);
 			}
 
+			// If we are in safe mode create the destination file prior to using the gd functions to circumvent a PHP bug
+			if (@ini_get('safe_mode') || @strtolower(ini_get('safe_mode')) == 'on')
+			{
+				@touch($destination);
+			}
+
 			switch ($type['format'])
 			{
 				case IMG_GIF:
@@ -666,7 +682,7 @@ function posting_gen_attachment_entry(&$attachment_data, &$filename_data)
 			$template->assign_block_vars('attach_row', array(
 				'FILENAME'			=> basename($attach_row['real_filename']),
 				'ATTACH_FILENAME'	=> basename($attach_row['physical_filename']),
-				'FILE_COMMENT'		=> $attach_row['comment'],
+				'FILE_COMMENT'		=> $attach_row['attach_comment'],
 				'ATTACH_ID'			=> $attach_row['attach_id'],
 				'ASSOC_INDEX'		=> $count,
 
@@ -741,7 +757,7 @@ function load_drafts($topic_id = 0, $forum_id = 0, $id = 0)
 	{
 		$sql = 'SELECT topic_id, forum_id, topic_title
 			FROM ' . TOPICS_TABLE . '
-			WHERE topic_id IN (' . implode(',', array_unique($topic_ids)) . ')';
+			WHERE ' . $db->sql_in_set('topic_id', array_unique($topic_ids));
 		$result = $db->sql_query($sql);
 
 		while ($row = $db->sql_fetchrow($result))
@@ -822,11 +838,11 @@ function topic_review($topic_id, $forum_id, $mode = 'topic_review', $cur_post_id
 		return false;
 	}
 
-	$bbcode_bitfield = 0;
+	$bbcode_bitfield = '';
 	do
 	{
 		$rowset[] = $row;
-		$bbcode_bitfield |= $row['bbcode_bitfield'];
+		$bbcode_bitfield = $bbcode_bitfield | base64_decode($row['bbcode_bitfield']);
 	}
 	while ($row = $db->sql_fetchrow($result));
 	$db->sql_freeresult($result);
@@ -876,7 +892,7 @@ function topic_review($topic_id, $forum_id, $mode = 'topic_review', $cur_post_id
 		$template->assign_block_vars($mode . '_row', array(
 			'POSTER_NAME'		=> $poster,
 			'POST_SUBJECT'		=> $post_subject,
-			'MINI_POST_IMG'		=> $user->img('icon_post', $user->lang['POST']),
+			'MINI_POST_IMG'		=> $user->img('icon_post_target', $user->lang['POST']),
 			'POST_DATE'			=> $user->format_date($row['post_time']),
 			'MESSAGE'			=> str_replace("\n", '<br />', $message), 
 			'DECODED_MESSAGE'	=> $decoded_message,
@@ -891,7 +907,7 @@ function topic_review($topic_id, $forum_id, $mode = 'topic_review', $cur_post_id
 
 	if ($mode == 'topic_review')
 	{
-		$template->assign_var('QUOTE_IMG', $user->img('btn_quote', $user->lang['REPLY_WITH_QUOTE']));
+		$template->assign_var('QUOTE_IMG', $user->img('icon_post_quote', $user->lang['REPLY_WITH_QUOTE']));
 	}
 
 	return true;
@@ -1093,7 +1109,7 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id
 		$sql = 'UPDATE ' . TOPICS_WATCH_TABLE . "
 			SET notify_status = 1
 			WHERE topic_id = $topic_id
-				AND user_id IN (" . implode(', ', $update_notification['topic']) . ")";
+				AND " . $db->sql_in_set('user_id', $update_notification['topic']);
 		$db->sql_query($sql);
 	}
 
@@ -1102,7 +1118,7 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id
 		$sql = 'UPDATE ' . FORUMS_WATCH_TABLE . "
 			SET notify_status = 1
 			WHERE forum_id = $forum_id
-				AND user_id IN (" . implode(', ', $update_notification['forum']) . ")";
+				AND " . $db->sql_in_set('user_id', $update_notification['forum']);
 		$db->sql_query($sql);
 	}
 
@@ -1111,7 +1127,7 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id
 	{
 		$sql = 'DELETE FROM ' . TOPICS_WATCH_TABLE . "
 			WHERE topic_id = $topic_id
-				AND user_id IN (" . implode(', ', $delete_ids['topic']) . ")";
+				AND " . $db->sql_in_set('user_id', $delete_ids['topic']);
 		$db->sql_query($sql);
 	}
 
@@ -1119,7 +1135,7 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id
 	{
 		$sql = 'DELETE FROM ' . FORUMS_WATCH_TABLE . "
 			WHERE forum_id = $forum_id
-				AND user_id IN (" . implode(', ', $delete_ids['forum']) . ")";
+				AND " . $db->sql_in_set('user_id', $delete_ids['forum']);
 		$db->sql_query($sql);
 	}
 
@@ -1165,7 +1181,6 @@ function delete_post($forum_id, $topic_id, $post_id, &$data)
 	{
 		case 'delete_topic':
 			delete_topics('topic_id', array($topic_id), false);
-			set_config('num_topics', $config['num_topics'] - 1, true);
 
 			if ($data['topic_type'] != POST_GLOBAL)
 			{
@@ -1258,8 +1273,7 @@ function delete_post($forum_id, $topic_id, $post_id, &$data)
 		break;
 	}
 
-	$sql_data[USERS_TABLE] = ($auth->acl_get('f_postcount', $forum_id)) ? 'user_posts = user_posts - 1' : '';
-	set_config('num_posts', $config['num_posts'] - 1, true);
+//	$sql_data[USERS_TABLE] = ($data['post_postcount']) ? 'user_posts = user_posts - 1' : '';
 
 	$db->sql_transaction('begin');
 
@@ -1338,6 +1352,11 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 		$post_mode = ($data['topic_first_post_id'] == $data['topic_last_post_id']) ? 'edit_topic' : (($data['topic_first_post_id'] == $data['post_id']) ? 'edit_first_post' : (($data['topic_last_post_id'] == $data['post_id']) ? 'edit_last_post' : 'edit'));
 	}
 
+	// First of all make sure the subject and topic title are having the correct length.
+	// To achive this without cutting off between special chars we convert to an array and then count the elements.
+	$subject = truncate_string($subject);
+	$data['topic_title'] = truncate_string($data['topic_title']);
+
 	// Collect some basic informations about which tables and which rows to update/insert
 	$sql_data = array();
 	$poster_id = ($mode == 'edit') ? $data['poster_id'] : (int) $user->data['user_id'];
@@ -1366,6 +1385,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 				'post_attachment'	=> (isset($data['filename_data']['physical_filename']) && sizeof($data['filename_data'])) ? 1 : 0,
 				'bbcode_bitfield'	=> $data['bbcode_bitfield'],
 				'bbcode_uid'		=> $data['bbcode_uid'],
+				'post_postcount'	=> ($auth->acl_get('f_postcount', $data['forum_id'])) ? 1 : 0,
 				'post_edit_locked'	=> $data['post_edit_locked']
 			);
 		break;
@@ -1529,8 +1549,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 			);
 		}
 
-		$sql = 'INSERT INTO ' . POSTS_TABLE . ' ' .
-			$db->sql_build_array('INSERT', $sql_data[POSTS_TABLE]['sql']);
+		$sql = 'INSERT INTO ' . POSTS_TABLE . ' ' .	$db->sql_build_array('INSERT', $sql_data[POSTS_TABLE]['sql']);
 		$db->sql_query($sql);
 		$data['post_id'] = $db->sql_nextid();
 
@@ -1695,7 +1714,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 			{
 				// update entry in db if attachment already stored in db and filespace
 				$sql = 'UPDATE ' . ATTACHMENTS_TABLE . "
-					SET comment = '" . $db->sql_escape($attach_row['comment']) . "'
+					SET attach_comment = '" . $db->sql_escape($attach_row['attach_comment']) . "'
 					WHERE attach_id = " . (int) $attach_row['attach_id'];
 				$db->sql_query($sql);
 			}
@@ -1714,7 +1733,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 					'poster_id'			=> $poster_id,
 					'physical_filename'	=> basename($attach_row['physical_filename']),
 					'real_filename'		=> basename($attach_row['real_filename']),
-					'comment'			=> $attach_row['comment'],
+					'attach_comment'	=> $attach_row['attach_comment'],
 					'extension'			=> $attach_row['extension'],
 					'mimetype'			=> $attach_row['mimetype'],
 					'filesize'			=> $attach_row['filesize'],
@@ -1843,7 +1862,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 			trigger_error($error);
 		}
 
-		$search->index($mode, $data['post_id'], $data['message'], $subject, $poster_id);
+		$search->index($mode, $data['post_id'], $data['message'], $subject, $user->lang['ENCODING'], $poster_id, ($topic_type == POST_GLOBAL) ? 0 : $data['forum_id']);
 	}
 
 	$db->sql_transaction('commit');
@@ -1886,6 +1905,35 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 	// We do not use post_time here, this is intended (post_time can have a date in the past if editing a message)
 	markread('topic', $data['forum_id'], $data['topic_id'], time());
 
+	//
+	if ($config['load_db_lastread'] && $user->data['is_registered'])
+	{
+		$sql = 'SELECT mark_time
+			FROM ' . FORUMS_TRACK_TABLE . '
+			WHERE user_id = ' . $user->data['user_id'] . '
+				AND forum_id = ' . $data['forum_id'];
+		$result = $db->sql_query($sql);
+		$f_mark_time = (int) $db->sql_fetchfield('mark_time');
+		$db->sql_freeresult($result);
+	}
+	else if ($config['load_anon_lastread'] || $user->data['is_registered'])
+	{
+		$f_mark_time = false;
+	}
+
+	if ($config['load_db_lastread'] || $config['load_anon_lastread'] || $user->data['is_registered'])
+	{
+		// Update forum info
+		$sql = 'SELECT forum_last_post_time
+			FROM ' . FORUMS_TABLE . '
+			WHERE forum_id = ' . $data['forum_id'];
+		$result = $db->sql_query($sql);
+		$forum_last_post_time = (int) $db->sql_fetchfield('forum_last_post_time');
+		$db->sql_freeresult($result);
+
+		update_forum_tracking_info($data['forum_id'], $forum_last_post_time, $f_mark_time, false);
+	}
+
 	// Send Notifications
 	if ($mode != 'edit' && $mode != 'delete' && ($auth->acl_get('f_noapprove', $data['forum_id']) || $auth->acl_get('m_approve', $data['forum_id'])))
 	{

phpBB/includes/functions_privmsgs.php

@@ -86,8 +86,8 @@ $global_privmsgs_rules = array(
 	),
 
 	CHECK_STATUS	=> array(
-		RULE_ANSWERED		=> array('check0' => 'replied', 'function' => '{CHECK0} == 1'),
-		RULE_FORWARDED		=> array('check0' => 'forwarded', 'function' => '{CHECK0} == 1'),
+		RULE_ANSWERED		=> array('check0' => 'pm_replied', 'function' => '{CHECK0} == 1'),
+		RULE_FORWARDED		=> array('check0' => 'pm_forwarded', 'function' => '{CHECK0} == 1'),
 	),
 
 	CHECK_TO		=> array(
@@ -121,7 +121,7 @@ function get_folder($user_id, $folder_id = false)
 	$folder = array();
 
 	// Get folder informations
-	$sql = 'SELECT folder_id, COUNT(msg_id) as num_messages, SUM(unread) as num_unread
+	$sql = 'SELECT folder_id, COUNT(msg_id) as num_messages, SUM(pm_unread) as num_unread
 		FROM ' . PRIVMSGS_TO_TABLE . "
 		WHERE user_id = $user_id
 			AND folder_id <> " . PRIVMSGS_NO_BOX . '
@@ -262,7 +262,7 @@ function check_rule(&$rules, &$rule_row, &$message_row, $user_id)
 	// Replace Rule Literals
 	$evaluate = preg_replace('/{(STRING|USER_ID|GROUP_ID)}/', '$rule_row["rule_" . strtolower("\1")]', $evaluate);
 
-	// Eval Statement
+	// Evil Statement
 	$result = false;
 	eval('$result = (' . $evaluate . ') ? true : false;');
 
@@ -280,7 +280,7 @@ function check_rule(&$rules, &$rule_row, &$message_row, $user_id)
 		case ACTION_MARK_AS_READ:
 		case ACTION_MARK_AS_IMPORTANT:
 		case ACTION_DELETE_MESSAGE:
-			return array('action' => $rule_row['rule_action'], 'unread' => $message_row['unread'], 'marked' => $message_row['marked']);
+			return array('action' => $rule_row['rule_action'], 'pm_unread' => $message_row['pm_unread'], 'pm_marked' => $message_row['pm_marked']);
 		break;
 		
 		default:
@@ -387,7 +387,7 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false)
 		{
 			$sql = 'SELECT *
 				FROM ' . USER_GROUP_TABLE . ' 
-				WHERE user_id IN (' . implode(', ', $user_ids) . ')
+				WHERE ' . $db->sql_in_set('user_id', $user_ids) . '
 					AND user_pending = 0';
 			$result = $db->sql_query($sql);
 
@@ -447,18 +447,24 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false)
 			switch ($rule_ary['action'])
 			{
 				case ACTION_PLACE_INTO_FOLDER:
+					// Folder actions have precedence, so we will remove any other ones
 					$folder_action = true;
 					$_folder_id = (int) $rule_ary['folder_id'];
+					$move_into_folder = array();
 					$move_into_folder[$_folder_id][] = $msg_id;
 					$num_new++;
 				break;
 
 				case ACTION_MARK_AS_READ:
-					if ($rule_ary['unread'])
+					if ($rule_ary['pm_unread'])
 					{
 						$unread_ids[] = $msg_id;
 					}
-					$move_into_folder[PRIVMSGS_INBOX][] = $msg_id;
+
+					if (!$folder_action)
+					{
+						$move_into_folder[PRIVMSGS_INBOX][] = $msg_id;
+					}
 				break;
 
 				case ACTION_DELETE_MESSAGE:
@@ -466,11 +472,15 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false)
 				break;
 
 				case ACTION_MARK_AS_IMPORTANT:
-					if (!$rule_ary['marked'])
+					if (!$rule_ary['pm_marked'])
 					{
 						$important_ids[] = $msg_id;
 					}
-					$move_into_folder[PRIVMSGS_INBOX][] = $msg_id;
+
+					if (!$folder_action)
+					{
+						$move_into_folder[PRIVMSGS_INBOX][] = $msg_id;
+					}
 				break;
 			}
 		}
@@ -495,8 +505,8 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false)
 	if (sizeof($unread_ids))
 	{
 		$sql = 'UPDATE ' . PRIVMSGS_TO_TABLE . ' 
-			SET unread = 0
-			WHERE msg_id IN (' . implode(', ', $unread_ids) . ")
+			SET pm_unread = 0
+			WHERE ' . $db->sql_in_set('msg_id', $unread_ids) . "
 				AND user_id = $user_id
 				AND folder_id = " . PRIVMSGS_NO_BOX;
 		$db->sql_query($sql);
@@ -506,10 +516,10 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false)
 	if (sizeof($important_ids))
 	{
 		$sql = 'UPDATE ' . PRIVMSGS_TO_TABLE . '
-			SET marked = !marked
+			SET pm_marked = !pm_marked
 			WHERE folder_id = ' . PRIVMSGS_NO_BOX . "
 				AND user_id = $user_id
-				AND msg_id IN (" . implode(', ', $important_ids) . ')';
+				AND " . $db->sql_in_set('msg_id', $important_ids);
 		$db->sql_query($sql);
 	}
 
@@ -520,10 +530,16 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false)
 	{
 		// Determine Full Folder Action - we need the move to folder id later eventually
 		$full_folder_action = ($user->data['user_full_folder'] == FULL_FOLDER_NONE) ? ($config['full_folder_action'] - (FULL_FOLDER_NONE*(-1))) : $user->data['user_full_folder'];
-		
+
+		$sql_folder = array_keys($move_into_folder);
+		if ($full_folder_action >= 0)
+		{
+			$sql_folder[] = $full_folder_action;
+		}
+
 		$sql = 'SELECT folder_id, pm_count 
 			FROM ' . PRIVMSGS_FOLDER_TABLE . '
-			WHERE folder_id IN (' . implode(', ', array_keys($move_into_folder)) . (($full_folder_action >= 0) ? ', ' . $full_folder_action : '') . ")
+			WHERE ' . $db->sql_in_set('folder_id', $sql_folder) . "
 				AND user_id = $user_id";
 		$result = $db->sql_query($sql);
 
@@ -533,6 +549,8 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false)
 		}
 		$db->sql_freeresult($result);
 
+		unset($sql_folder);
+
 		if (in_array(PRIVMSGS_INBOX, array_keys($move_into_folder)))
 		{
 			$sql = 'SELECT folder_id, COUNT(msg_id) as num_messages
@@ -586,6 +604,7 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false)
 					$delete_ids[] = $row['msg_id'];
 				}
 				$db->sql_freeresult($result);
+
 				delete_pm($user_id, $delete_ids, $dest_folder);
 			}
 		}
@@ -594,21 +613,22 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false)
 		if ($full_folder_action == FULL_FOLDER_HOLD)
 		{
 			$num_not_moved += sizeof($msg_ary);
+
 			$sql = 'UPDATE ' . PRIVMSGS_TO_TABLE . ' 
 				SET folder_id = ' . PRIVMSGS_HOLD_BOX . '
 				WHERE folder_id = ' . PRIVMSGS_NO_BOX . "
 					AND user_id = $user_id
-					AND msg_id IN (" . implode(', ', $msg_ary) . ')';
+					AND " . $db->sql_in_set('msg_id', $msg_ary);
 			$db->sql_query($sql);
 		}
 		else
 		{
 			$sql = 'UPDATE ' . PRIVMSGS_TO_TABLE . " 
-				SET folder_id = $dest_folder, new = 0
+				SET folder_id = $dest_folder, pm_new = 0
 				WHERE folder_id = " . PRIVMSGS_NO_BOX . "
 					AND user_id = $user_id
-					AND new = 1
-					AND msg_id IN (" . implode(', ', $msg_ary) . ')';
+					AND pm_new = 1
+					AND " . $db->sql_in_set('msg_id', $msg_ary);
 			$db->sql_query($sql);
 
 			if ($dest_folder != PRIVMSGS_INBOX)
@@ -633,7 +653,7 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false)
 		$sql = 'UPDATE ' . PRIVMSGS_TO_TABLE . ' 
 			SET folder_id = ' . PRIVMSGS_SENTBOX . '
 			WHERE folder_id = ' . PRIVMSGS_OUTBOX . '
-				AND msg_id IN (' . implode(', ', array_keys($action_ary)) . ')';
+				AND ' . $db->sql_in_set('msg_id', array_keys($action_ary));
 		$db->sql_query($sql);
 	}
 
@@ -718,7 +738,7 @@ function move_pm($user_id, $message_limit, $move_msg_ids, $dest_folder, $cur_fol
 			SET folder_id = $dest_folder
 			WHERE folder_id = $cur_folder_id
 				AND user_id = $user_id
-				AND msg_id IN (" . implode(', ', $move_msg_ids) . ')';
+				AND " . $db->sql_in_set('msg_id', $move_msg_ids);
 		$db->sql_query($sql);
 		$num_moved = $db->sql_affectedrows();
 
@@ -761,7 +781,7 @@ function update_unread_status($unread, $msg_id, $user_id, $folder_id)
 	global $db;
 
 	$sql = 'UPDATE ' . PRIVMSGS_TO_TABLE . " 
-		SET unread = 0
+		SET pm_unread = 0
 		WHERE msg_id = $msg_id
 			AND user_id = $user_id
 			AND folder_id = $folder_id";
@@ -794,10 +814,10 @@ function handle_mark_actions($user_id, $mark_action)
 		case 'mark_important':
 
 			$sql = 'UPDATE ' . PRIVMSGS_TO_TABLE . "
-				SET marked = !marked
+				SET pm_marked = !pm_marked
 				WHERE folder_id = $cur_folder_id
 					AND user_id = $user_id
-					AND msg_id IN (" . implode(', ', $msg_ids) . ')';
+					AND " . $db->sql_in_set('msg_id', $msg_ids);
 			$db->sql_query($sql);
 
 		break;
@@ -865,9 +885,9 @@ function delete_pm($user_id, $msg_ids, $folder_id)
 	}
 
 	// Get PM Informations for later deleting
-	$sql = 'SELECT msg_id, unread, new
+	$sql = 'SELECT msg_id, pm_unread, pm_new
 		FROM ' . PRIVMSGS_TO_TABLE . '
-		WHERE msg_id IN (' . implode(', ', array_map('intval', $msg_ids)) . ")
+		WHERE ' . $db->sql_in_set('msg_id', array_map('intval', $msg_ids)) . "
 			AND folder_id = $folder_id
 			AND user_id = $user_id";
 	$result = $db->sql_query($sql);
@@ -876,8 +896,8 @@ function delete_pm($user_id, $msg_ids, $folder_id)
 	$num_unread = $num_new = $num_deleted = 0;
 	while ($row = $db->sql_fetchrow($result))
 	{
-		$num_unread += (int) $row['unread'];
-		$num_new += (int) $row['new'];
+		$num_unread += (int) $row['pm_unread'];
+		$num_new += (int) $row['pm_new'];
 
 		$delete_rows[$row['msg_id']] = 1;
 	}
@@ -896,19 +916,19 @@ function delete_pm($user_id, $msg_ids, $folder_id)
 		// Remove PM from Outbox
 		$sql = 'DELETE FROM ' . PRIVMSGS_TO_TABLE . "
 			WHERE user_id = $user_id AND folder_id = " . PRIVMSGS_OUTBOX . '
-				AND msg_id IN (' . implode(', ', array_keys($delete_rows)) . ')';
+				AND ' . $db->sql_in_set('msg_id', array_keys($delete_rows));
 		$db->sql_query($sql);
 
 		// Update PM Information for safety
 		$sql = 'UPDATE ' . PRIVMSGS_TABLE . " SET message_text = ''
-			WHERE msg_id IN (" . implode(', ', array_keys($delete_rows)) . ')';
+			WHERE " . $db->sql_in_set('msg_id', array_keys($delete_rows));
 		$db->sql_query($sql);
 
 		// Set delete flag for those intended to receive the PM
 		// We do not remove the message actually, to retain some basic informations (sent time for example)
 		$sql = 'UPDATE ' . PRIVMSGS_TO_TABLE . '
-			SET deleted = 1
-			WHERE msg_id IN (' . implode(', ', array_keys($delete_rows)) . ')';
+			SET pm_deleted = 1
+			WHERE ' . $db->sql_in_set('msg_id', array_keys($delete_rows));
 		$db->sql_query($sql);
 
 		$num_deleted = $db->sql_affectedrows();
@@ -919,7 +939,7 @@ function delete_pm($user_id, $msg_ids, $folder_id)
 		$sql = 'DELETE FROM ' . PRIVMSGS_TO_TABLE . "
 			WHERE user_id = $user_id
 				AND folder_id = $folder_id
-				AND msg_id IN (" . implode(', ', array_keys($delete_rows)) . ')';
+				AND " . $db->sql_in_set('msg_id', array_keys($delete_rows));
 		$db->sql_query($sql);
 		$num_deleted = $db->sql_affectedrows();
 	}
@@ -949,7 +969,7 @@ function delete_pm($user_id, $msg_ids, $folder_id)
 	// Now we have to check which messages we can delete completely	
 	$sql = 'SELECT msg_id 
 		FROM ' . PRIVMSGS_TO_TABLE . '
-		WHERE msg_id IN (' . implode(', ', array_keys($delete_rows)) . ')';
+		WHERE ' . $db->sql_in_set('msg_id', array_keys($delete_rows));
 	$result = $db->sql_query($sql);
 
 	while ($row = $db->sql_fetchrow($result))
@@ -958,12 +978,12 @@ function delete_pm($user_id, $msg_ids, $folder_id)
 	}
 	$db->sql_freeresult($result);
 
-	$delete_ids = implode(', ', array_keys($delete_rows));
+	$delete_ids = array_keys($delete_rows);
 
-	if ($delete_ids)
+	if (sizeof($delete_ids))
 	{
 		$sql = 'DELETE FROM ' . PRIVMSGS_TABLE . '
-			WHERE msg_id IN (' . $delete_ids . ')';
+			WHERE ' . $db->sql_in_set('msg_id', $delete_ids);
 		$db->sql_query($sql);
 	}
 
@@ -1039,7 +1059,7 @@ function write_pm_addresses($check_ary, $author_id, $plaintext = false)
 		{
 			$sql = 'SELECT user_id, username, user_colour 
 				FROM ' . USERS_TABLE . '
-				WHERE user_id IN (' . implode(', ', $u) . ')
+				WHERE ' . $db->sql_in_set('user_id', $u) . '
 					AND user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')';
 			$result = $db->sql_query($sql);
 
@@ -1066,7 +1086,7 @@ function write_pm_addresses($check_ary, $author_id, $plaintext = false)
 			{
 				$sql = 'SELECT group_name, group_type
 					FROM ' . GROUPS_TABLE . ' 
-						WHERE group_id IN (' . implode(', ', $g) . ')';
+						WHERE ' . $db->sql_in_set('group_id', $g);
 				$result = $db->sql_query($sql);
 		
 				while ($row = $db->sql_fetchrow($result))
@@ -1082,7 +1102,7 @@ function write_pm_addresses($check_ary, $author_id, $plaintext = false)
 			{
 				$sql = 'SELECT g.group_id, g.group_name, g.group_colour, g.group_type, ug.user_id
 					FROM ' . GROUPS_TABLE . ' g, ' . USER_GROUP_TABLE . ' ug
-						WHERE g.group_id IN (' . implode(', ', $g) . ')
+						WHERE ' . $db->sql_in_set('g.group_id', $g) . '
 						AND g.group_id = ug.group_id
 						AND ug.user_pending = 0';
 				$result = $db->sql_query($sql);
@@ -1222,7 +1242,7 @@ function submit_pm($mode, $subject, &$data, $update_message, $put_in_outbox = tr
 		{
 			$sql = 'SELECT group_id, user_id
 				FROM ' . USER_GROUP_TABLE . '
-				WHERE group_id IN (' . implode(', ', array_keys($data['address_list']['g'])) . ')
+				WHERE ' . $db->sql_in_set('group_id', array_keys($data['address_list']['g'])) . '
 					AND user_pending = 0';
 			$result = $db->sql_query($sql);
 	
@@ -1250,7 +1270,7 @@ function submit_pm($mode, $subject, &$data, $update_message, $put_in_outbox = tr
 
 			// Set message_replied switch for this user
 			$sql = 'UPDATE ' . PRIVMSGS_TO_TABLE . '
-				SET replied = 1
+				SET pm_replied = 1
 				WHERE user_id = ' . $data['from_user_id'] . '
 					AND msg_id = ' . $data['reply_from_msg_id'];
 
@@ -1300,6 +1320,8 @@ function submit_pm($mode, $subject, &$data, $update_message, $put_in_outbox = tr
 
 	if (sizeof($sql_data))
 	{
+		$query = '';
+
 		if ($mode == 'post' || $mode == 'reply' || $mode == 'quote' || $mode == 'quotepost' || $mode == 'forward')
 		{
 			$db->sql_query('INSERT INTO ' . PRIVMSGS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_data));
@@ -1328,13 +1350,13 @@ function submit_pm($mode, $subject, &$data, $update_message, $put_in_outbox = tr
 		foreach ($recipients as $user_id => $type)
 		{
 			$sql_ary[] = array(
-				'msg_id'	=> (int) $data['msg_id'],
-				'user_id'	=> (int) $user_id,
-				'author_id'	=> (int) $data['from_user_id'],
-				'folder_id'	=> PRIVMSGS_NO_BOX,
-				'new'		=> 1,
-				'unread'	=> 1,
-				'forwarded'	=> ($mode == 'forward') ? 1 : 0
+				'msg_id'		=> (int) $data['msg_id'],
+				'user_id'		=> (int) $user_id,
+				'author_id'		=> (int) $data['from_user_id'],
+				'folder_id'		=> PRIVMSGS_NO_BOX,
+				'pm_new'		=> 1,
+				'pm_unread'		=> 1,
+				'pm_forwarded'	=> ($mode == 'forward') ? 1 : 0
 			);
 		}
 
@@ -1359,20 +1381,20 @@ function submit_pm($mode, $subject, &$data, $update_message, $put_in_outbox = tr
 
 		$sql = 'UPDATE ' . USERS_TABLE . ' 
 			SET user_new_privmsg = user_new_privmsg + 1, user_unread_privmsg = user_unread_privmsg + 1, user_last_privmsg = ' . time() . '
-			WHERE user_id IN (' . implode(', ', array_keys($recipients)) . ')';
+			WHERE ' . $db->sql_in_set('user_id', array_keys($recipients));
 		$db->sql_query($sql);
 
 		// Put PM into outbox
 		if ($put_in_outbox)
 		{
 			$db->sql_query('INSERT INTO ' . PRIVMSGS_TO_TABLE . ' ' . $db->sql_build_array('INSERT', array(
-				'msg_id'	=> (int) $data['msg_id'],
-				'user_id'	=> (int) $data['from_user_id'],
-				'author_id'	=> (int) $data['from_user_id'],
-				'folder_id'	=> PRIVMSGS_OUTBOX,
-				'new'		=> 0,
-				'unread'	=> 0,
-				'forwarded'	=> ($mode == 'forward') ? 1 : 0))
+				'msg_id'		=> (int) $data['msg_id'],
+				'user_id'		=> (int) $data['from_user_id'],
+				'author_id'		=> (int) $data['from_user_id'],
+				'folder_id'		=> PRIVMSGS_OUTBOX,
+				'pm_new'		=> 0,
+				'pm_unread'		=> 0,
+				'pm_forwarded'	=> ($mode == 'forward') ? 1 : 0))
 			);
 		}
 
@@ -1401,7 +1423,7 @@ function submit_pm($mode, $subject, &$data, $update_message, $put_in_outbox = tr
 			{
 				// update entry in db if attachment already stored in db and filespace
 				$sql = 'UPDATE ' . ATTACHMENTS_TABLE . " 
-					SET comment = '" . $db->sql_escape($attach_row['comment']) . "' 
+					SET attach_comment = '" . $db->sql_escape($attach_row['attach_comment']) . "' 
 					WHERE attach_id = " . (int) $attach_row['attach_id'];
 				$db->sql_query($sql);
 			}
@@ -1415,7 +1437,7 @@ function submit_pm($mode, $subject, &$data, $update_message, $put_in_outbox = tr
 					'poster_id'			=> $data['from_user_id'],
 					'physical_filename'	=> basename($attach_row['physical_filename']),
 					'real_filename'		=> basename($attach_row['real_filename']),
-					'comment'			=> $attach_row['comment'],
+					'attach_comment'	=> $attach_row['attach_comment'],
 					'extension'			=> $attach_row['extension'],
 					'mimetype'			=> $attach_row['mimetype'],
 					'filesize'			=> $attach_row['filesize'],
@@ -1477,19 +1499,23 @@ function pm_notification($mode, $author, $recipients, $subject, $message)
 
 	$subject = censor_text($subject);
 
+	unset($recipients[ANONYMOUS], $recipients[$user->data['user_id']]);
+
+	if (!sizeof($recipients))
+	{
+		return;
+	}
+
 	// Get banned User ID's
 	$sql = 'SELECT ban_userid 
-		FROM ' . BANLIST_TABLE;
+		FROM ' . BANLIST_TABLE . '
+		WHERE ' . $db->sql_in_set('ban_userid', array_map('intval', array_keys($recipients))) . '
+			AND ban_exclude = 0';
 	$result = $db->sql_query($sql);
 
-	unset($recipients[ANONYMOUS], $recipients[$user->data['user_id']]);
-	
 	while ($row = $db->sql_fetchrow($result))
 	{
-		if (isset($row['ban_userid']))
-		{
-			unset($recipients[$row['ban_userid']]);
-		}
+		unset($recipients[$row['ban_userid']]);
 	}
 	$db->sql_freeresult($result);
 
@@ -1498,11 +1524,9 @@ function pm_notification($mode, $author, $recipients, $subject, $message)
 		return;
 	}
 
-	$recipient_list = implode(', ', array_keys($recipients));
-
 	$sql = 'SELECT user_id, username, user_email, user_lang, user_notify_pm, user_notify_type, user_jabber 
-		FROM ' . USERS_TABLE . "
-		WHERE user_id IN ($recipient_list)";
+		FROM ' . USERS_TABLE . '
+		WHERE ' . $db->sql_in_set('user_id', array_map('intval', array_keys($recipients)));
 	$result = $db->sql_query($sql);
 
 	$msg_list_ary = array();

phpBB/includes/functions_profile_fields.php

@@ -230,7 +230,7 @@ class custom_profile
 		}
 		else
 		{
-			$sql = 'SELECT option_id, value
+			$sql = 'SELECT option_id, lang_value
 				FROM ' . PROFILE_FIELDS_LANG_TABLE . "
 					WHERE field_id = $field_id
 					AND lang_id = $lang_id
@@ -240,7 +240,7 @@ class custom_profile
 
 			while ($row = $db->sql_fetchrow($result))
 			{
-				$this->options_lang[$field_id][$lang_id][($row['option_id'] + 1)] = $row['value'];
+				$this->options_lang[$field_id][$lang_id][($row['option_id'] + 1)] = $row['lang_value'];
 			}
 			$db->sql_freeresult($result);
 		}
@@ -286,8 +286,8 @@ class custom_profile
 
 		while ($row = $db->sql_fetchrow($result))
 		{
-			$cp_data[$row['field_ident']] = $this->get_profile_field($row);
-			$check_value = $cp_data[$row['field_ident']];
+			$cp_data['_' . $row['field_ident']] = $this->get_profile_field($row);
+			$check_value = $cp_data['_' . $row['field_ident']];
 
 			if (($cp_result = $this->validate_profile_field($row['field_type'], $check_value, $row)) !== false)
 			{
@@ -358,14 +358,14 @@ class custom_profile
 				$this->build_cache();
 			}
 
-			if (!implode(', ', $user_id))
+			if (!sizeof($user_id))
 			{
 				return array();
 			}
 
 			$sql = 'SELECT *
 				FROM ' . PROFILE_FIELDS_DATA_TABLE . '
-				WHERE user_id IN (' . implode(', ', array_map('intval', $user_id)) . ')';
+				WHERE ' . $db->sql_in_set('user_id', array_map('intval', $user_id));
 			$result = $db->sql_query($sql);
 
 			$field_data = array();
@@ -382,7 +382,7 @@ class custom_profile
 			{
 				foreach ($field_data as $user_id => $row)
 				{
-					$user_fields[$user_id][$used_ident]['value'] = $row[$used_ident];
+					$user_fields[$user_id][$used_ident]['value'] = $row['_' . $used_ident];
 					$user_fields[$user_id][$used_ident]['data'] = $this->profile_cache[$used_ident];
 				}
 			}
@@ -494,7 +494,15 @@ class custom_profile
 					return NULL;
 				}
 
-				return $this->options_lang[$field_id][$lang_id][(int) $value];
+				$value = (int) $value;
+
+				// User not having a value assigned
+				if (!isset($this->options_lang[$field_id][$lang_id][$value]))
+				{
+					return NULL;
+				}
+
+				return $this->options_lang[$field_id][$lang_id][$value];
 			break;
 
 			case 'bool':
@@ -534,7 +542,7 @@ class custom_profile
 		global $user;
 
 		$profile_row['field_ident'] = (isset($profile_row['var_name'])) ? $profile_row['var_name'] : 'pf_' . $profile_row['field_ident'];
-		$user_ident = str_replace('pf_', '', $profile_row['field_ident']);
+		$user_ident = '_' . str_replace('pf_', '', $profile_row['field_ident']);
 
 		// checkbox - only testing for isset
 		if ($profile_row['field_type'] == FIELD_BOOL && $profile_row['field_length'] == 2)
@@ -601,7 +609,7 @@ class custom_profile
 		global $user, $template;
 
 		$profile_row['field_ident'] = (isset($profile_row['var_name'])) ? $profile_row['var_name'] : 'pf_' . $profile_row['field_ident'];
-		$user_ident = str_replace('pf_', '', $profile_row['field_ident']);
+		$user_ident = '_' . str_replace('pf_', '', $profile_row['field_ident']);
 
 		$now = getdate();
 
@@ -779,13 +787,13 @@ class custom_profile
 		$sql_not_in = array();
 		foreach ($cp_data as $key => $null)
 		{
-			$sql_not_in[] = "'" . $db->sql_escape($key) . "'";
+			$sql_not_in[] = (strncmp($key, '_', 1) === 0) ? substr($key, 1) : $key;
 		}
 
 		$sql = 'SELECT f.field_type, f.field_ident, f.field_default_value, l.lang_default_value
 			FROM ' . PROFILE_LANG_TABLE . ' l, ' . PROFILE_FIELDS_TABLE . ' f 
 			WHERE l.lang_id = ' . $user->get_iso_lang_id() . ' 
-				' . ((sizeof($sql_not_in)) ? ' AND f.field_ident NOT IN (' . implode(', ', $sql_not_in) . ')' : '') . '
+				' . ((sizeof($sql_not_in)) ? ' AND ' . $db->sql_in_set('f.field_ident', $sql_not_in, true) : '') . '
 				AND l.field_id = f.field_id';
 		$result = $db->sql_query($sql);
 
@@ -796,7 +804,8 @@ class custom_profile
 				$now = getdate();
 				$row['field_default_value'] = sprintf('%2d-%2d-%4d', $now['mday'], $now['mon'], $now['year']);
 			}
-			$cp_data[$row['field_ident']] = (in_array($row['field_type'], array(FIELD_TEXT, FIELD_STRING))) ? $row['lang_default_value'] : $row['field_default_value'];
+
+			$cp_data['_' . $row['field_ident']] = (in_array($row['field_type'], array(FIELD_TEXT, FIELD_STRING))) ? $row['lang_default_value'] : $row['field_default_value'];
 		}
 		$db->sql_freeresult($result);
 		

phpBB/includes/functions_template.php

@@ -68,6 +68,89 @@ class template_compile
 		$this->compile_write($handle, $this->template->compiled_code[$handle]);
 	}
 
+	/**
+	* Straight-forward strategy: use PHP's tokenizer to escape everything that
+	* looks like a PHP tag.
+	*
+	* We open/close PHP tags at the beginning of the template to clearly indicate
+	* that we are in HTML mode. If we find a PHP tag, we escape it then we reiterate
+	* over the whole file. That can become quite slow if the file is stuffed with
+	* <?php tags, but there's only so much we can do.
+	*
+	* Known issue: templates need to be rechecked everytime the value of the php.ini
+	* settings asp_tags or short_tags are changed
+	*/
+	function remove_php_tags(&$code)
+	{
+		if (!function_exists('token_get_all'))
+		{
+			/**
+			* If the tokenizer extension is not available, try to load it and if
+			* it's still not available we fall back to some pattern replacement.
+			*
+			* Note that the pattern replacement may affect the well-formedness
+			* of the HTML if a PHP tag is found because even if we escape PHP
+			* opening tags we do NOT escape PHP closing tags and cannot do so
+			* reliably without the use of a full-blown tokenizer.
+			*
+			* The bottom line is, a template should NEVER contain PHP because it
+			* would comprise the security of the installation, that's why we
+			* prevent it from being executed. Our job is to secure the installation,
+			* not fix unsecure templates. if a template contains some PHP then it
+			* should not be used at all.
+			*/
+			@dl('tokenizer');
+
+			if (!function_exists('token_get_all'))
+			{
+				$match = array(
+					'\\?php[\n\r\s\t]+',
+					'[\\?%]=',
+					'[\\?%][^\w]',
+					'script[\n\r\s\t]+language[\n\r\s\t]*=[\n\r\s\t]*[\'"]php[\'"]'
+				);
+
+				$code = preg_replace('#<(' . implode('|', $match) . ')#is', '&lt;$1', $code);
+				return;
+			}
+		}
+
+		do
+		{
+			$tokens = token_get_all('<?php ?>' . $code);
+			$code = '';
+			$php_found = false;
+
+			foreach ($tokens as $i => $token)
+			{
+				if (!is_array($token))
+				{
+					$code .= $token;
+				}
+				else if ($token[0] == T_OPEN_TAG || $token[0] == T_OPEN_TAG_WITH_ECHO || $token[0] == T_CLOSE_TAG)
+				{
+					if ($i > 1)
+					{
+						$code .= htmlspecialchars($token[1]);
+						$php_found = true;
+					}
+				}
+				else
+				{
+					$code .= $token[1];
+				}
+			}
+			unset($tokens);
+
+			// Fix for a tokenizer oddity
+			if (!strncmp($code, '<?php ?&gt;', 11))
+			{
+				$code = substr($code, 11);
+			}
+		}
+		while ($php_found);
+	}
+
 	/**
 	* The all seeing all doing compile method. Parts are inspired by or directly from Smarty
 	* @access: private
@@ -86,8 +169,13 @@ class template_compile
 		// php is a no-no. There is a potential issue here in that non-php
 		// content may be removed ... however designers should use entities
 		// if they wish to display < and >
-		$match_php_tags = array('#\<\?php .*?\?\>#is', '#\<\script language="php"\>.*?\<\/script\>#is', '#\<\?.*?\?\>#s', '#\<%.*?%\>#s');
+/*
+		$match_php_tags = array('#\<\?php.*?\?\>#is', '#<[^\w<]*(script)(((?:"[^"]*"|\'[^\']*\'|[^<>\'"])+)?(language[^<>\'"]+("[^"]*php[^"]*"|\'[^\']*php[^\']*\'))((?:"[^"]*"|\'[^\']*\'|[^<>\'"])+)?)?>.*?</script>#is', '#\<\?.*?\?\>#s', '#\<%.*?%\>#s');
 		$code = preg_replace($match_php_tags, '', $code);
+*/
+
+		// An alternative to the above would be calling this function which would be the ultimate solution but also has its drawbacks.
+		$this->remove_php_tags($code);
 
 		// Pull out all block/statement level elements and seperate plain text
 		preg_match_all('#<!-- PHP -->(.*?)<!-- ENDPHP -->#s', $code, $matches);
@@ -464,7 +552,7 @@ class template_compile
 	{
 		preg_match('#^((?:[a-z0-9\-_]+\.)+)?\$(?=[A-Z])([A-Z0-9_\-]*)(?: = (\'?)([^\']*)(\'?))?$#', $tag_args, $match);
 
-		if (empty($match[2]) || (empty($match[4]) && $op))
+		if (empty($match[2]) || (!isset($match[4]) && $op))
 		{
 			return;
 		}

phpBB/includes/functions_transfer.php

@@ -245,7 +245,7 @@ class ftp extends transfer
 
 		// Make sure $this->root_path is layed out the same way as the $user->page['root_script_path'] value (/ at the end)
 		$this->root_path	= str_replace('\\', '/', $this->root_path);
-		$this->root_path	= (($root_path{0} != '/' ) ? '/' : '') . ((substr($root_path, -1, 1) == '/') ? '' : '/') . $root_path;
+		$this->root_path	= (($root_path{0} != '/' ) ? '/' : '') . $root_path . ((substr($root_path, -1, 1) == '/') ? '' : '/');
 
 		// Init some needed values
 		transfer::transfer();
@@ -321,7 +321,7 @@ class ftp extends transfer
 	}
 
 	/**
-	* Remove directory (RMDIR)
+	* Rename file
 	* @access: private
 	*/
 	function _rename($old_handle, $new_handle)
@@ -460,7 +460,7 @@ class ftp_fsock extends transfer
 
 		// Make sure $this->root_path is layed out the same way as the $user->page['root_script_path'] value (prefixed with / and no / at the end)
 		$this->root_path	= str_replace('\\', '/', $this->root_path);
-		$this->root_path	= (($root_path{0} != '/' ) ? '/' : '') . ((substr($root_path, -1, 1) == '/') ? '' : '/') . $root_path;
+		$this->root_path	= (($root_path{0} != '/' ) ? '/' : '') . $root_path . ((substr($root_path, -1, 1) == '/') ? '' : '/');
 
 		// Init some needed values
 		transfer::transfer();
@@ -542,6 +542,16 @@ class ftp_fsock extends transfer
 		return $this->_send_command('RMD', $dir);
 	}
 
+	/**
+	* Rename File
+	* @access: private
+	*/
+	function _rename($old_handle, $new_handle)
+	{
+		$this->_send_command('RNFR', $old_handle);
+		return $this->_send_command('RNTO', $new_handle);
+	}
+
 	/**
 	* Change current working directory (CHDIR)
 	* @access: private
@@ -562,7 +572,7 @@ class ftp_fsock extends transfer
 	*/
 	function _chmod($file, $perms)
 	{
-		return $this->_send_command('SITE CHMOD', $perms . ' ' . $file);;
+		return $this->_send_command('SITE CHMOD', $perms . ' ' . $file);
 	}
 
 	/**
@@ -579,19 +589,19 @@ class ftp_fsock extends transfer
 			return false;
 		}
 
-		$this->_putcmd('STOR', $to_file, false);
-
 		// open the connection to send file over
 		if (!$this->_open_data_connection())
 		{
 			return false;
 		}
 
+		$this->_send_command('STOR', $to_file, false);
+
 		// send the file
 		$fp = @fopen($from_file, 'rb');
 		while (!@feof($fp))
 		{
-			@fwrite($$this->data_connection, @fread($fp, 4096));
+			@fwrite($this->data_connection, @fread($fp, 4096));
 		}
 		@fclose($fp);
 
@@ -710,7 +720,7 @@ class ftp_fsock extends transfer
 		{
 			return false;
 		}
-		@stream_set_timeout($$this->data_connection, $this->timeout);
+		@stream_set_timeout($this->data_connection, $this->timeout);
 
 		return true;
 	}
@@ -721,7 +731,7 @@ class ftp_fsock extends transfer
 	*/
 	function _close_data_connection()
 	{
-		return @fclose($this->data_connecton);
+		return @fclose($this->data_connection);
 	}
 
 	/**

phpBB/includes/functions_user.php

@@ -34,14 +34,16 @@ function user_get_id_name(&$user_id_ary, &$username_ary)
 		$$which_ary = array($$which_ary);
 	}
 
-	$sql_in = ($which_ary == 'user_id_ary') ? array_map('intval', $$which_ary) : preg_replace('#^\s*(.*)\s*$#e', "\"'\" . \$db->sql_escape('\\1') . \"'\"", $$which_ary);
+	$sql_in = ($which_ary == 'user_id_ary') ? array_map('intval', $$which_ary) : $$which_ary;
 	unset($$which_ary);
 
+	$user_id_ary = $username_ary = array();
+
 	// Grab the user id/username records
 	$sql_where = ($which_ary == 'user_id_ary') ? 'user_id' : 'username';
 	$sql = 'SELECT user_id, username
-		FROM ' . USERS_TABLE . "
-		WHERE $sql_where IN (" . implode(', ', $sql_in) . ')';
+		FROM ' . USERS_TABLE . '
+		WHERE ' . $db->sql_in_set($sql_where, $sql_in);
 	$result = $db->sql_query($sql);
 
 	if (!($row = $db->sql_fetchrow($result)))
@@ -50,7 +52,6 @@ function user_get_id_name(&$user_id_ary, &$username_ary)
 		return 'NO_USERS';
 	}
 
-	$user_id_ary = $username_ary = array();
 	do
 	{
 		$username_ary[$row['user_id']] = $row['username'];
@@ -115,7 +116,7 @@ function user_update_name($old_name, $new_name)
 
 	if ($config['newest_username'] == $old_name)
 	{
-		set_config('newest_username', $new_name);
+		set_config('newest_username', $new_name, true);
 	}
 }
 
@@ -140,10 +141,14 @@ function user_add($user_row, $cp_data = false)
 		'user_type'			=> $user_row['user_type'],
 	);
 
+	/**
+	* @todo user_allow_email is not used anywhere. Think about removing it.
+	*/
+
 	// These are the additional vars able to be specified
 	$additional_vars = array(
 		'user_permissions'	=> '',
-		'user_timezone'		=> 0,
+		'user_timezone'		=> $config['board_timezone'],
 		'user_dateformat'	=> $config['default_dateformat'],
 		'user_lang'			=> $config['default_lang'],
 		'user_style'		=> $config['default_style'],
@@ -181,7 +186,7 @@ function user_add($user_row, $cp_data = false)
 
 		'user_sig'					=> '',
 		'user_sig_bbcode_uid'		=> '',
-		'user_sig_bbcode_bitfield'	=> 0,
+		'user_sig_bbcode_bitfield'	=> '',
 	);
 
 	// Now fill the sql array with not required variables
@@ -202,8 +207,6 @@ function user_add($user_row, $cp_data = false)
 		}
 	}
 
-	$db->sql_transaction('begin');
-
 	$sql = 'INSERT INTO ' . USERS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
 	$db->sql_query($sql);
 
@@ -232,7 +235,16 @@ function user_add($user_row, $cp_data = false)
 	);
 	$db->sql_query($sql);
 
-	$db->sql_transaction('commit');
+	// Now make it the users default group...
+	group_set_user_default($user_row['group_id'], array($user_id));
+
+	// set the newest user and adjust the user count if the user is a normal user and no activation mail is sent
+	if ($user_row['user_type'] == USER_NORMAL)
+	{
+		set_config('newest_user_id', $user_id, true);
+		set_config('newest_username', $user_row['username'], true);
+		set_config('num_users', $config['num_users'] + 1, true);
+	}
 
 	return $user_id;
 }
@@ -295,7 +307,7 @@ function user_delete($mode, $user_id, $post_username = false)
 			{
 				$sql = 'SELECT topic_id, topic_replies, topic_replies_real
 					FROM ' . TOPICS_TABLE . '
-					WHERE topic_id IN (' . implode(', ', array_keys($topic_id_ary)) . ')';
+					WHERE ' . $db->sql_in_set('topic_id', array_keys($topic_id_ary));
 				$result = $db->sql_query($sql);
 
 				$del_topic_ary = array();
@@ -311,7 +323,7 @@ function user_delete($mode, $user_id, $post_username = false)
 				if (sizeof($del_topic_ary))
 				{
 					$sql = 'DELETE FROM ' . TOPICS_TABLE . '
-						WHERE topic_id IN (' . implode(', ', $del_topic_ary) . ')';
+						WHERE ' . $db->sql_in_set('topic_id', $del_topic_ary);
 					$db->sql_query($sql);
 				}
 			}
@@ -322,7 +334,7 @@ function user_delete($mode, $user_id, $post_username = false)
 		break;
 	}
 
-	$table_ary = array(USERS_TABLE, USER_GROUP_TABLE, TOPICS_WATCH_TABLE, FORUMS_WATCH_TABLE, ACL_USERS_TABLE, TOPICS_TRACK_TABLE, TOPICS_POSTED_TABLE, FORUMS_TRACK_TABLE);
+	$table_ary = array(USERS_TABLE, USER_GROUP_TABLE, TOPICS_WATCH_TABLE, FORUMS_WATCH_TABLE, ACL_USERS_TABLE, TOPICS_TRACK_TABLE, TOPICS_POSTED_TABLE, FORUMS_TRACK_TABLE, PROFILE_FIELDS_DATA_TABLE);
 
 	foreach ($table_ary as $table)
 	{
@@ -339,6 +351,9 @@ function user_delete($mode, $user_id, $post_username = false)
 
 	set_config('num_users', $config['num_users'] - 1, true);
 
+	// Adjust last post info...
+
+
 	$db->sql_transaction('commit');
 
 	return false;
@@ -369,10 +384,12 @@ function user_active_flip($user_id, $user_type, $user_actkey = false, $username
 		WHERE user_id = $user_id";
 	$result = $db->sql_query($sql);
 
+	$group_name = ($user_type == USER_NORMAL) ? 'REGISTERED' : 'INACTIVE';
 	while ($row = $db->sql_fetchrow($result))
 	{
-		if ($group_name = array_search($row['group_id'], $group_id_ary))
+		if ($name = array_search($row['group_id'], $group_id_ary))
 		{
+			$group_name = $name;
 			break;
 		}
 	}
@@ -472,6 +489,23 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
 		$ban_end = 0;
 	}
 
+	$founder = array();
+
+	if (!$ban_exclude)
+	{
+		// Create a list of founder...
+		$sql = 'SELECT user_id, user_email
+			FROM ' . USERS_TABLE . '
+			WHERE user_type = ' . USER_FOUNDER;
+		$result = $db->sql_query($sql);
+
+		while ($row = $db->sql_fetchrow($result))
+		{
+			$founder[$row['user_id']] = $row['user_email'];
+		}
+		$db->sql_freeresult($result);
+	}
+
 	$banlist_ary = array();
 
 	switch ($mode)
@@ -494,14 +528,25 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
 					$username = trim($username);
 					if ($username != '')
 					{
-						$sql_usernames[] = "'" . $db->sql_escape($username) . "'";
+						$sql_usernames[] = strtolower($username);
 					}
 				}
-				$sql_usernames = implode(', ', $sql_usernames);
+
+				// Make sure we have been given someone to ban
+				if (!sizeof($sql_usernames))
+				{
+					trigger_error($user->lang['NO_USER_SPECIFIED']);
+				}
 
 				$sql = 'SELECT user_id
 					FROM ' . USERS_TABLE . '
-					WHERE username IN (' . $sql_usernames . ')';
+					WHERE ' . $db->sql_in_set('LOWER(username)', $sql_usernames);
+
+				if (sizeof($founder))
+				{
+					$sql .= ' AND ' . $db->sql_in_set('user_id', array_keys($founder), true);
+				}
+
 				$result = $db->sql_query($sql);
 
 				if ($row = $db->sql_fetchrow($result))
@@ -618,9 +663,14 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
 
 			foreach ($ban_list as $ban_item)
 			{
-				if (preg_match('#^.*?@*|(([a-z0-9\-]+\.)+([a-z]{2,3}))$#i', trim($ban_item)))
+				$ban_item = trim($ban_item);
+
+				if (preg_match('#^.*?@*|(([a-z0-9\-]+\.)+([a-z]{2,3}))$#i', $ban_item))
 				{
-					$banlist_ary[] = trim($ban_item);
+					if (!sizeof($founder) || !in_array($ban_item, $founder))
+					{
+						$banlist_ary[] = $ban_item;
+					}
 				}
 			}
 
@@ -711,17 +761,11 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
 			switch ($mode)
 			{
 				case 'user':
-					$sql_where = (in_array('*', $banlist_ary)) ? '' : 'WHERE session_user_id IN (' . implode(', ', $banlist_ary) . ')';
+					$sql_where = (in_array('*', $banlist_ary)) ? '' : 'WHERE ' . $db->sql_in_set('session_user_id', $banlist_ary);
 				break;
 
 				case 'ip':
-					$banlist_ary_sql = array();
-
-					foreach ($banlist_ary as $ban_entry)
-					{
-						$banlist_ary_sql[] = "'" . $db->sql_escape($ban_entry) . "'";
-					}
-					$sql_where = 'WHERE session_ip IN (' . implode(', ', $banlist_ary_sql) . ')';
+					$sql_where = 'WHERE ' . $db->sql_in_set('session_ip', $banlist_ary);
 				break;
 
 				case 'email':
@@ -729,12 +773,12 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
 
 					foreach ($banlist_ary as $ban_entry)
 					{
-						$banlist_ary_sql[] = "'" . $db->sql_escape(str_replace('*', '%', $ban_entry)) . "'";
+						$banlist_ary_sql[] = (string) str_replace('*', '%', $ban_entry);
 					}
 
 					$sql = 'SELECT user_id
 						FROM ' . USERS_TABLE . '
-						WHERE user_email IN (' . implode(', ', $banlist_ary_sql) . ')';
+						WHERE ' . $db->sql_in_set('user_email', $banlist_ary_sql);
 					$result = $db->sql_query($sql);
 
 					$sql_in = array();
@@ -747,7 +791,7 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
 						}
 						while ($row = $db->sql_fetchrow($result));
 
-						$sql_where = 'WHERE session_user_id IN (' . implode(', ', $sql_in) . ")";
+						$sql_where = 'WHERE ' . $db->sql_in_set('session_user_id', $sql_in);
 					}
 					$db->sql_freeresult($result);
 				break;
@@ -758,12 +802,19 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
 				$sql = 'DELETE FROM ' . SESSIONS_TABLE . "
 					$sql_where";
 				$db->sql_query($sql);
+
+				if ($mode == 'user')
+				{
+					$sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . ' ' . ((in_array('*', $banlist_ary)) ? '' : 'WHERE ' . $db->sql_in_set('user_id', $banlist_ary));
+					$db->sql_query($sql);
+				}
 			}
 		}
 
 		// Update log
 		$log_entry = ($ban_exclude) ? 'LOG_BAN_EXCLUDE_' : 'LOG_BAN_';
 		add_log('admin', $log_entry . strtoupper($mode), $ban_reason, $ban_list_log);
+
 		return true;
 	}
 
@@ -789,30 +840,30 @@ function user_unban($mode, $ban)
 		$ban = array($ban);
 	}
 
-	$unban_sql = implode(', ', array_map('intval', $ban));
+	$unban_sql = array_map('intval', $ban);
 
-	if ($unban_sql)
+	if (sizeof($unban_sql))
 	{
 		// Grab details of bans for logging information later
 		switch ($mode)
 		{
 			case 'user':
 				$sql = 'SELECT u.username AS unban_info
-					FROM ' . USERS_TABLE . ' u, ' . BANLIST_TABLE . " b
-					WHERE b.ban_id IN ($unban_sql)
-						AND u.user_id = b.ban_userid";
+					FROM ' . USERS_TABLE . ' u, ' . BANLIST_TABLE . ' b
+					WHERE ' . $db->sql_in_set('b.ban_id', $unban_sql) . '
+						AND u.user_id = b.ban_userid';
 			break;
 
 			case 'email':
 				$sql = 'SELECT ban_email AS unban_info
-					FROM ' . BANLIST_TABLE . "
-					WHERE ban_id IN ($unban_sql)";
+					FROM ' . BANLIST_TABLE . '
+					WHERE ' . $db->sql_in_set('ban_id', $unban_sql);
 			break;
 
 			case 'ip':
 				$sql = 'SELECT ban_ip AS unban_info
-					FROM ' . BANLIST_TABLE . "
-					WHERE ban_id IN ($unban_sql)";
+					FROM ' . BANLIST_TABLE . '
+					WHERE ' . $db->sql_in_set('ban_id', $unban_sql);
 			break;
 		}
 		$result = $db->sql_query($sql);
@@ -824,8 +875,8 @@ function user_unban($mode, $ban)
 		}
 		$db->sql_freeresult($result);
 
-		$sql = 'DELETE FROM ' . BANLIST_TABLE . "
-			WHERE ban_id IN ($unban_sql)";
+		$sql = 'DELETE FROM ' . BANLIST_TABLE . '
+			WHERE ' . $db->sql_in_set('ban_id', $unban_sql);
 		$db->sql_query($sql);
 
 		add_log('admin', 'LOG_UNBAN_' . strtoupper($mode), $l_unban_list);
@@ -912,6 +963,8 @@ function validate_data($data, $val_ary)
 
 /**
 * Validate String
+*
+* @return	boolean|string	Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
 */
 function validate_string($string, $optional = false, $min = 0, $max = 0)
 {
@@ -934,6 +987,8 @@ function validate_string($string, $optional = false, $min = 0, $max = 0)
 
 /**
 * Validate Number
+*
+* @return	boolean|string	Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
 */
 function validate_num($num, $optional = false, $min = 0, $max = 1E99)
 {
@@ -956,6 +1011,8 @@ function validate_num($num, $optional = false, $min = 0, $max = 1E99)
 
 /**
 * Validate Match
+*
+* @return	boolean|string	Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
 */
 function validate_match($string, $optional = false, $match)
 {
@@ -976,6 +1033,8 @@ function validate_match($string, $optional = false, $match)
 * Check to see if the username has been taken, or if it is disallowed.
 * Also checks if it includes the " character, which we don't allow in usernames.
 * Used for registering, changing names, and posting anonymously with a username
+*
+* @return	boolean|string	Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
 */
 function validate_username($username)
 {
@@ -1048,6 +1107,8 @@ function validate_username($username)
 
 /**
 * Check to see if email address is banned or already present in the DB
+*
+* @return	boolean|string	Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
 */
 function validate_email($email)
 {
@@ -1058,12 +1119,12 @@ function validate_email($email)
 		return false;
 	}
 
-	if (!preg_match('#^[a-z0-9\.\-_\+]+?@(.*?\.)*?[a-z0-9\-_]+?\.[a-z]{2,4}$#i', $email))
+	if (!preg_match('/^' . get_preg_expression('email') . '$/i', $email))
 	{
 		return 'EMAIL_INVALID';
 	}
 
-	if ($user->check_ban('', '', $email, true) == true)
+	if ($user->check_ban(false, false, $email, true) == true)
 	{
 		return 'EMAIL_BANNED';
 	}
@@ -1122,7 +1183,7 @@ function avatar_remote($data, &$error)
 	// Make sure getimagesize works...
 	if (($image_data = @getimagesize($data['remotelink'])) === false)
 	{
-		$error[] = $user->lang['AVATAR_URL_INVALID'];
+		$error[] = $user->lang['UNABLE_GET_IMAGE_SIZE'];
 		return false;
 	}
 
@@ -1202,7 +1263,7 @@ function avatar_gallery($category, $avatar_select, $items_per_column, $block_var
 
 	if (!file_exists($path) || !is_dir($path))
 	{
-		$avatar_list = array($user->lang['NONE'] => array());
+		$avatar_list = array($user->lang['NO_AVATAR_CATEGORY'] => array());
 	}
 	else
 	{
@@ -1242,7 +1303,7 @@ function avatar_gallery($category, $avatar_select, $items_per_column, $block_var
 
 	if (!sizeof($avatar_list))
 	{
-		$avatar_list = array($user->lang['NONE'] => array());
+		$avatar_list = array($user->lang['NO_AVATAR_CATEGORY'] => array());
 	}
 
 	@ksort($avatar_list);
@@ -1336,14 +1397,14 @@ function group_create(&$group_id, $type, $name, $desc, $group_attributes, $allow
 			'group_name'			=> (string) $name,
 			'group_desc'			=> (string) $desc,
 			'group_desc_uid'		=> '',
-			'group_desc_bitfield'	=> 0,
+			'group_desc_bitfield'	=> '',
 			'group_type'			=> (int) $type,
 		);
 
 		// Parse description
 		if ($desc)
 		{
-			generate_text_for_storage($sql_ary['group_desc'], $sql_ary['group_desc_uid'], $sql_ary['group_desc_bitfield'], $allow_desc_bbcode, $allow_desc_urls, $allow_desc_smilies);
+			generate_text_for_storage($sql_ary['group_desc'], $sql_ary['group_desc_uid'], $sql_ary['group_desc_bitfield'], $sql_ary['group_desc_options'], $allow_desc_bbcode, $allow_desc_urls, $allow_desc_smilies);
 		}
 
 		if (sizeof($group_attributes))
@@ -1361,6 +1422,8 @@ function group_create(&$group_id, $type, $name, $desc, $group_attributes, $allow
 		// Setting the log message before we set the group id (if group gets added)
 		$log = ($group_id) ? 'LOG_GROUP_UPDATED' : 'LOG_GROUP_CREATED';
 
+		$query = '';
+
 		if ($group_id)
 		{
 			$sql = 'UPDATE ' . GROUPS_TABLE . '
@@ -1484,6 +1547,9 @@ function group_delete($group_id, $group_name = false)
 		WHERE group_id = $group_id";
 	$db->sql_query($sql);
 
+	// Re-cache moderators
+	cache_moderators();
+
 	add_log('admin', 'LOG_GROUP_DELETE', $group_name);
 
 	return 'GROUP_DELETED';
@@ -1497,9 +1563,9 @@ function group_user_add($group_id, $user_id_ary = false, $username_ary = false,
 	global $db, $auth;
 
 	// We need both username and user_id info
-	user_get_id_name($user_id_ary, $username_ary);
+	$result = user_get_id_name($user_id_ary, $username_ary);
 
-	if (!sizeof($user_id_ary))
+	if (!sizeof($user_id_ary) || $result !== false)
 	{
 		return 'NO_USER';
 	}
@@ -1507,7 +1573,7 @@ function group_user_add($group_id, $user_id_ary = false, $username_ary = false,
 	// Remove users who are already members of this group
 	$sql = 'SELECT user_id, group_leader
 		FROM ' . USER_GROUP_TABLE . '
-		WHERE user_id IN (' . implode(', ', $user_id_ary) . ")
+		WHERE ' . $db->sql_in_set('user_id', $user_id_ary) . "
 			AND group_id = $group_id";
 	$result = $db->sql_query($sql);
 
@@ -1563,7 +1629,7 @@ function group_user_add($group_id, $user_id_ary = false, $username_ary = false,
 	{
 		$sql = 'UPDATE ' . USER_GROUP_TABLE . '
 			SET group_leader = 1
-			WHERE user_id IN (' . implode(', ', $update_id_ary) . ")
+			WHERE ' . $db->sql_in_set('user_id', $update_id_ary) . "
 				AND group_id = $group_id";
 		$db->sql_query($sql);
 	}
@@ -1600,16 +1666,16 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false,
 	$group_order = array('ADMINISTRATORS', 'GLOBAL_MODERATORS', 'REGISTERED_COPPA', 'REGISTERED', 'BOTS', 'GUESTS');
 
 	// We need both username and user_id info
-	user_get_id_name($user_id_ary, $username_ary);
+	$result = user_get_id_name($user_id_ary, $username_ary);
 
-	if (!sizeof($user_id_ary))
+	if (!sizeof($user_id_ary) || $result !== false)
 	{
 		return 'NO_USER';
 	}
 
 	$sql = 'SELECT *
 		FROM ' . GROUPS_TABLE . '
-		WHERE group_name IN (' . implode(', ', preg_replace('#^(.*)$#', "'\\1'", $group_order)) . ')';
+		WHERE ' . $db->sql_in_set('group_name', $group_order);
 	$result = $db->sql_query($sql);
 
 	$group_order_id = $special_group_data = array();
@@ -1638,7 +1704,7 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false,
 	// Get users default groups - we only need to reset default group membership if the group from which the user gets removed is set as default
 	$sql = 'SELECT user_id, group_id
 		FROM ' . USERS_TABLE . '
-		WHERE user_id IN (' . implode(', ', $user_id_ary) . ")";
+		WHERE ' . $db->sql_in_set('user_id', $user_id_ary);
 	$result = $db->sql_query($sql);
 
 	$default_groups = array();
@@ -1651,7 +1717,7 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false,
 	// What special group memberships exist for these users?
 	$sql = 'SELECT g.group_id, g.group_name, ug.user_id
 		FROM ' . USER_GROUP_TABLE . ' ug, ' . GROUPS_TABLE . ' g
-		WHERE ug.user_id IN (' . implode(', ', $user_id_ary) . ")
+		WHERE ' . $db->sql_in_set('ug.user_id', $user_id_ary) . "
 			AND g.group_id = ug.group_id
 			AND g.group_id <> $group_id
 			AND g.group_type = " . GROUP_SPECIAL . '
@@ -1687,7 +1753,7 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false,
 				// Ok, get the original avatar data from users having an uploaded one (we need to remove these from the filesystem)
 				$sql = 'SELECT user_id, user_avatar
 					FROM ' . USERS_TABLE . '
-					WHERE user_id IN (' . implode(', ', $sql_where_ary[$gid]) . ')
+					WHERE ' . $db->sql_in_set('user_id', $sql_where_ary[$gid]) . '
 						AND user_avatar_type = ' . AVATAR_UPLOAD;
 				$result = $db->sql_query($sql);
 
@@ -1699,7 +1765,7 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false,
 			}
 
 			$sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $special_group_data[$gid]) . '
-				WHERE user_id IN (' . implode(', ', $sql_where_ary[$gid]) . ')';
+				WHERE ' . $db->sql_in_set('user_id', $sql_where_ary[$gid]);
 			$db->sql_query($sql);
 		}
 	}
@@ -1707,7 +1773,7 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false,
 
 	$sql = 'DELETE FROM ' . USER_GROUP_TABLE . "
 		WHERE group_id = $group_id
-			AND user_id IN (" . implode(', ', $user_id_ary) . ')';
+			AND " . $db->sql_in_set('user_id', $user_id_ary);
 	$db->sql_query($sql);
 
 	// Clear permissions cache of relevant users
@@ -1733,9 +1799,9 @@ function group_user_attributes($action, $group_id, $user_id_ary = false, $userna
 	global $db, $auth, $phpbb_root_path, $phpEx, $config;
 
 	// We need both username and user_id info
-	user_get_id_name($user_id_ary, $username_ary);
+	$result = user_get_id_name($user_id_ary, $username_ary);
 
-	if (!sizeof($user_id_ary))
+	if (!sizeof($user_id_ary) || $result !== false)
 	{
 		return false;
 	}
@@ -1752,7 +1818,7 @@ function group_user_attributes($action, $group_id, $user_id_ary = false, $userna
 			$sql = 'UPDATE ' . USER_GROUP_TABLE . '
 				SET group_leader = ' . (($action == 'promote') ? 1 : 0) . "
 				WHERE group_id = $group_id
-					AND user_id IN (" . implode(', ', $user_id_ary) . ')';
+					AND " . $db->sql_in_set('user_id', $user_id_ary);
 			$db->sql_query($sql);
 
 			$log = ($action == 'promote') ? 'LOG_GROUP_PROMOTED' : 'LOG_GROUP_DEMOTED';
@@ -1765,7 +1831,7 @@ function group_user_attributes($action, $group_id, $user_id_ary = false, $userna
 				WHERE ug.group_id = ' . $group_id . '
 					AND ug.user_pending = 1
 					AND ug.user_id = u.user_id
-					AND ug.user_id IN (' . implode(', ', $user_id_ary) . ')';
+					AND ' . $db->sql_in_set('ug.user_id', $user_id_ary);
 			$result = $db->sql_query($sql);
 
 			$user_id_ary = $email_users = array();
@@ -1784,7 +1850,7 @@ function group_user_attributes($action, $group_id, $user_id_ary = false, $userna
 			$sql = 'UPDATE ' . USER_GROUP_TABLE . "
 				SET user_pending = 0
 				WHERE group_id = $group_id
-					AND user_id IN (" . implode(', ', $user_id_ary) . ')';
+					AND " . $db->sql_in_set('user_id', $user_id_ary);
 			$db->sql_query($sql);
 
 			// Send approved email to users...
@@ -1840,7 +1906,7 @@ function group_set_user_default($group_id, $user_id_ary, $group_attributes = fal
 {
 	global $db;
 
-	if (!$user_id_ary)
+	if (empty($user_id_ary))
 	{
 		return;
 	}
@@ -1890,7 +1956,7 @@ function group_set_user_default($group_id, $user_id_ary, $group_attributes = fal
 		// Ok, get the original avatar data from users having an uploaded one (we need to remove these from the filesystem)
 		$sql = 'SELECT user_id, user_avatar
 			FROM ' . USERS_TABLE . '
-			WHERE user_id IN (' . implode(', ', $user_id_ary) . ')
+			WHERE ' . $db->sql_in_set('user_id', $user_id_ary) . '
 				AND user_avatar_type = ' . AVATAR_UPLOAD;
 		$result = $db->sql_query($sql);
 
@@ -1902,7 +1968,7 @@ function group_set_user_default($group_id, $user_id_ary, $group_attributes = fal
 	}
 
 	$sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
-		WHERE user_id IN (' . implode(', ', $user_id_ary) . ')';
+		WHERE ' . $db->sql_in_set('user_id', $user_id_ary);
 	$db->sql_query($sql);
 }
 
@@ -1943,22 +2009,29 @@ function group_memberships($group_id_ary = false, $user_id_ary = false, $return_
 		return true;
 	}
 
+	if ($user_id_ary)
+	{
+		$user_id_ary = (!is_array($user_id_ary)) ? array($user_id_ary) : $user_id_ary;
+	}
+
+	if ($group_id_ary)
+	{
+		$group_id_ary = (!is_array($group_id_ary)) ? array($group_id_ary) : $group_id_ary;
+	}
+
 	$sql = 'SELECT ug.*, u.username, u.user_email
 		FROM ' . USER_GROUP_TABLE . ' ug, ' . USERS_TABLE . ' u
 		WHERE ug.user_id = u.user_id AND ';
 
-	if ($group_id_ary && $user_id_ary)
+	if ($group_id_ary)
 	{
-		$sql .= " ug.group_id " . ((is_array($group_id_ary)) ? ' IN (' . implode(', ', $group_id_ary) . ')' : " = $group_id_ary") . "
-				AND ug.user_id " . ((is_array($user_id_ary)) ? ' IN (' . implode(', ', $user_id_ary) . ')' : " = $user_id_ary");
+		$sql .= ' ' . $db->sql_in_set('ug.group_id', $group_id_ary);
 	}
-	else if ($group_id_ary)
+
+	if ($user_id_ary)
 	{
-		$sql .= " ug.group_id " . ((is_array($group_id_ary)) ? ' IN (' . implode(', ', $group_id_ary) . ')' : " = $group_id_ary");
-	}
-	else if ($user_id_ary)
-	{
-		$sql .= " ug.user_id " . ((is_array($user_id_ary)) ? ' IN (' . implode(', ', $user_id_ary) . ')' : " = $user_id_ary");
+		$sql .= ($group_id_ary) ? ' AND ' : ' ';
+		$sql .= $db->sql_in_set('ug.user_id', $user_id_ary);
 	}
 
 	$result = ($return_bool) ? $db->sql_query_limit($sql, 1) : $db->sql_query($sql);

phpBB/includes/mcp/mcp_forum.php

@@ -16,6 +16,8 @@ function mcp_forum_view($id, $mode, $action, $forum_info)
 	global $template, $db, $user, $auth, $cache;
 	global $phpEx, $phpbb_root_path, $config;
 
+	include_once($phpbb_root_path . 'includes/functions_display.' . $phpEx);
+
 	$url = append_sid("{$phpbb_root_path}mcp.$phpEx?" . extra_url());
 
 	if ($action == 'merge_select')
@@ -61,10 +63,10 @@ function mcp_forum_view($id, $mode, $action, $forum_info)
 
 	$template->assign_vars(array(
 		'FORUM_NAME'			=> $forum_info['forum_name'],
-		'FORUM_DESCRIPTION'		=> generate_text_for_display($forum_info['forum_desc'], $forum_info['forum_desc_uid'], $forum_info['forum_desc_bitfield']),
+		'FORUM_DESCRIPTION'		=> generate_text_for_display($forum_info['forum_desc'], $forum_info['forum_desc_uid'], $forum_info['forum_desc_bitfield'], $forum_info['forum_desc_options']),
 
-		'REPORTED_IMG'			=> $user->img('icon_reported', 'TOPIC_REPORTED'),
-		'UNAPPROVED_IMG'		=> $user->img('icon_unapproved', 'TOPIC_UNAPPROVED'),
+		'REPORTED_IMG'			=> $user->img('icon_topic_reported', 'TOPIC_REPORTED'),
+		'UNAPPROVED_IMG'		=> $user->img('icon_topic_unapproved', 'TOPIC_UNAPPROVED'),
 
 		'S_CAN_DELETE'			=> $auth->acl_get('m_delete', $forum_id),
 		'S_CAN_MOVE'			=> $auth->acl_get('m_move', $forum_id),
@@ -107,56 +109,11 @@ function mcp_forum_view($id, $mode, $action, $forum_info)
 	{
 		$topic_title = '';
 
-		if ($row['topic_status'] == ITEM_LOCKED)
-		{
-			$folder_img = 'folder_locked';
-			$folder_alt = 'VIEW_TOPIC_LOCKED';
-		}
-		else
-		{
-			if ($row['topic_type'] == POST_ANNOUNCE || $row['topic_type'] == POST_GLOBAL)
-			{
-				$folder_img = 'folder_announce';
-				$folder_alt = 'VIEW_TOPIC_ANNOUNCEMENT';
-			}
-			else if ($row['topic_type'] == POST_STICKY)
-			{
-				$folder_img = 'folder_sticky';
-				$folder_alt = 'VIEW_TOPIC_STICKY';
-			}
-			else if ($row['topic_status'] == ITEM_MOVED)
-			{
-				$folder_img = 'folder_moved';
-				$folder_alt = 'VIEW_TOPIC_MOVED';
-			}
-			else
-			{
-				$folder_img = 'folder';
-				$folder_alt = 'NO_NEW_POSTS';
-			}
-		}
+		$replies = ($auth->acl_get('m_approve', $forum_id)) ? $row['topic_replies_real'] : $row['topic_replies'];
 
-		if ($row['topic_type'] == POST_ANNOUNCE || $row['topic_type'] == POST_GLOBAL)
-		{
-			$topic_type = $user->lang['VIEW_TOPIC_ANNOUNCEMENT'] . ' ';
-		}
-		else if ($row['topic_type'] == POST_STICKY)
-		{
-			$topic_type = $user->lang['VIEW_TOPIC_STICKY'] . ' ';
-		}
-		else if ($row['topic_status'] == ITEM_MOVED)
-		{
-			$topic_type = $user->lang['VIEW_TOPIC_MOVED'] . ' ';
-		}
-		else
-		{
-			$topic_type = '';
-		}
-
-		if (intval($row['poll_start']))
-		{
-			$topic_type .= $user->lang['VIEW_TOPIC_POLL'] . ' ';
-		}
+		// Get folder img, topic status/type related informations
+		$folder_img = $folder_alt = $topic_type = '';
+		topic_status($row, $replies, false, $folder_img, $folder_alt, $topic_type);
 
 		$topic_title = censor_text($row['topic_title']);
 
@@ -172,13 +129,13 @@ function mcp_forum_view($id, $mode, $action, $forum_info)
 			'U_MCP_QUEUE'		=> $u_mcp_queue,
 			'U_MCP_REPORT'		=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=main&mode=topic_view&t=' . $row['topic_id'] . '&action=reports'),
 
-			'ATTACH_ICON_IMG'		=> ($auth->acl_gets('f_download', 'u_download', $row['forum_id']) && $row['topic_attachment']) ? $user->img('icon_attach', $user->lang['TOTAL_ATTACHMENTS']) : '',
+			'ATTACH_ICON_IMG'		=> ($auth->acl_gets('f_download', 'u_download', $row['forum_id']) && $row['topic_attachment']) ? $user->img('icon_topic_attach', $user->lang['TOTAL_ATTACHMENTS']) : '',
 			'TOPIC_FOLDER_IMG'		=> $user->img($folder_img, $folder_alt),
 			'TOPIC_FOLDER_IMG_SRC'	=> $user->img($folder_img, $folder_alt, false, '', 'src'),
 			'TOPIC_ICON_IMG'		=> (!empty($icons[$row['icon_id']])) ? $icons[$row['icon_id']]['img'] : '',
 			'TOPIC_ICON_IMG_WIDTH'	=> (!empty($icons[$row['icon_id']])) ? $icons[$row['icon_id']]['width'] : '',
 			'TOPIC_ICON_IMG_HEIGHT'	=> (!empty($icons[$row['icon_id']])) ? $icons[$row['icon_id']]['height'] : '',
-			'UNAPPROVED_IMG'		=> ($topic_unapproved || $posts_unapproved) ? $user->img('icon_unapproved', ($topic_unapproved) ? 'TOPIC_UNAPPROVED' : 'POSTS_UNAPPROVED') : '',
+			'UNAPPROVED_IMG'		=> ($topic_unapproved || $posts_unapproved) ? $user->img('icon_topic_unapproved', ($topic_unapproved) ? 'TOPIC_UNAPPROVED' : 'POSTS_UNAPPROVED') : '',
 
 			'TOPIC_TYPE'		=> $topic_type,
 			'TOPIC_TITLE'		=> $topic_title,
@@ -220,7 +177,7 @@ function mcp_resync_topics($topic_ids)
 
 	$sql = 'SELECT topic_id, forum_id, topic_title
 		FROM ' . TOPICS_TABLE . '
-		WHERE topic_id IN (' . implode(', ', $topic_ids) . ')';
+		WHERE ' . $db->sql_in_set('topic_id', $topic_ids);
 	$result = $db->sql_query($sql);
 
 	// Log this action

phpBB/includes/mcp/mcp_front.php

@@ -41,7 +41,7 @@ function mcp_front_view($id, $mode, $action)
 
 			$sql = 'SELECT forum_id, forum_name
 				FROM ' . FORUMS_TABLE . '
-				WHERE forum_id IN (' . implode(', ', $forum_list) . ')';
+				WHERE ' . $db->sql_in_set('forum_id', $forum_list);
 			$result = $db->sql_query($sql);
 
 			while ($row = $db->sql_fetchrow($result))
@@ -54,7 +54,7 @@ function mcp_front_view($id, $mode, $action)
 				FROM ' . POSTS_TABLE . '
 				WHERE forum_id IN (0, ' . implode(', ', $forum_list) . ')
 					AND post_approved = 0
-				ORDER BY post_id DESC';
+				ORDER BY post_time DESC';
 			$result = $db->sql_query_limit($sql, 5);
 
 			while ($row = $db->sql_fetchrow($result))
@@ -65,10 +65,10 @@ function mcp_front_view($id, $mode, $action)
 
 			$sql = 'SELECT p.post_id, p.post_subject, p.post_time, p.poster_id, p.post_username, u.username, t.topic_id, t.topic_title, t.topic_first_post_id, p.forum_id
 				FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t,  ' . USERS_TABLE . ' u
-				WHERE p.post_id IN (' . implode(', ', $post_list) . ')
+				WHERE ' . $db->sql_in_set('p.post_id', $post_list) . '
 					AND t.topic_id = p.topic_id
 					AND p.poster_id = u.user_id
-				ORDER BY p.post_id DESC';
+				ORDER BY p.post_time DESC';
 			$result = $db->sql_query($sql);
 
 			while ($row = $db->sql_fetchrow($result))
@@ -158,7 +158,7 @@ function mcp_front_view($id, $mode, $action)
 					AND r.user_id = u.user_id
 					AND p.forum_id IN (0, ' . implode(', ', $forum_list) . ')',
 
-				'ORDER_BY'	=> 'p.post_id DESC'
+				'ORDER_BY'	=> 'p.post_time DESC'
 			));
 			$result = $db->sql_query_limit($sql, 5);
 

phpBB/includes/mcp/mcp_logs.php

@@ -43,8 +43,8 @@ class mcp_logs
 
 		// Set up general vars
 		$start		= request_var('start', 0);
-		$deletemark = (isset($_POST['del_marked'])) ? true : false;
-		$deleteall	= (isset($_POST['del_all'])) ? true : false;
+		$deletemark = ($action == 'del_marked') ? true : false;
+		$deleteall	= ($action == 'del_all') ? true : false;
 		$marked		= request_var('mark', array(0));
 
 		// Sort keys
@@ -84,14 +84,14 @@ class mcp_logs
 					$sql_in[] = $mark;
 				}
 
-				$where_sql = ' AND log_id IN (' . implode(', ', $sql_in) . ')';
+				$where_sql = ' AND ' . $db->sql_in_set('log_id', $sql_in);
 				unset($sql_in);
 			}
 
 			if ($where_sql || $deleteall)
 			{
 				$sql = 'DELETE FROM ' . LOG_TABLE . '
-					WHERE log_type = ' . LOD_MOD . "
+					WHERE log_type = ' . LOG_MOD . "
 					$where_sql";
 				$db->sql_query($sql);
 
@@ -102,7 +102,7 @@ class mcp_logs
 		// Sorting
 		$limit_days = array(0 => $user->lang['ALL_ENTRIES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']);
 		$sort_by_text = array('u' => $user->lang['SORT_USERNAME'], 't' => $user->lang['SORT_DATE'], 'i' => $user->lang['SORT_IP'], 'o' => $user->lang['SORT_ACTION']);
-		$sort_by_sql = array('u' => 'l.user_id', 't' => 'l.log_time', 'i' => 'l.log_ip', 'o' => 'l.log_operation');
+		$sort_by_sql = array('u' => 'u.username', 't' => 'l.log_time', 'i' => 'l.log_ip', 'o' => 'l.log_operation');
 
 		$s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = '';
 		gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param);
@@ -121,6 +121,8 @@ class mcp_logs
 			'TOTAL'				=> ($log_count == 1) ? $user->lang['TOTAL_LOG'] : sprintf($user->lang['TOTAL_LOGS'], $log_count),
 			'PAGINATION'		=> generate_pagination($this->u_action . "&$u_sort_param", $log_count, $config['topics_per_page'], $start),
 
+			'L_TITLE'			=> $user->lang['MCP_LOGS'],
+
 			'U_POST_ACTION'			=> $this->u_action,
 			'S_CLEAR_ALLOWED'		=> ($auth->acl_get('a_clearlogs')) ? true : false,
 			'S_SELECT_SORT_DIR'		=> $s_sort_dir,

phpBB/includes/mcp/mcp_main.php

@@ -224,8 +224,8 @@ function lock_unlock($action, $ids)
 	if (confirm_box(true))
 	{
 		$sql = "UPDATE $table
-			SET $set_id = " . (($action == 'lock' || $action == 'lock_post') ? ITEM_LOCKED : ITEM_UNLOCKED) . "
-			WHERE $sql_id IN (" . implode(', ', $ids) . ")";
+			SET $set_id = " . (($action == 'lock' || $action == 'lock_post') ? ITEM_LOCKED : ITEM_UNLOCKED) . '
+			WHERE ' . $db->sql_in_set($sql_id, $ids);
 		$db->sql_query($sql);
 
 		$data = ($action == 'lock' || $action == 'unlock') ? get_topic_data($ids) : get_post_data($ids);
@@ -311,7 +311,7 @@ function change_topic_type($action, $topic_ids)
 		{
 			$sql = 'UPDATE ' . TOPICS_TABLE . "
 				SET topic_type = $new_topic_type
-				WHERE topic_id IN (" . implode(', ', $topic_ids) . ')
+				WHERE " . $db->sql_in_set('topic_id', $topic_ids) . '
 					AND forum_id <> 0';
 			$db->sql_query($sql);
 
@@ -320,26 +320,68 @@ function change_topic_type($action, $topic_ids)
 			{
 				$sql = 'UPDATE ' . TOPICS_TABLE . "
 					SET topic_type = $new_topic_type, forum_id = $forum_id
-						WHERE topic_id IN (" . implode(', ', $topic_ids) . ')
+					WHERE " . $db->sql_in_set('topic_id', $topic_ids) . '
 						AND forum_id = 0';
 				$db->sql_query($sql);
+
+				// Update forum_ids for all posts
+				$sql = 'UPDATE ' . POSTS_TABLE . "
+					SET forum_id = $forum_id
+					WHERE " . $db->sql_in_set('topic_id', $topic_ids) . '
+						AND forum_id = 0';
+				$db->sql_query($sql);
+
+				sync('forum', 'forum_id', $forum_id);
 			}
 		}
 		else
 		{
-			$sql = 'UPDATE ' . TOPICS_TABLE . "
-				SET topic_type = $new_topic_type, forum_id = 0
-				WHERE topic_id IN (" . implode(', ', $topic_ids) . ")";
-			$db->sql_query($sql);
+			// Get away with those topics already being a global announcement by re-calculating $topic_ids
+			$sql = 'SELECT topic_id
+				FROM ' . TOPICS_TABLE . '
+				WHERE ' . $db->sql_in_set('topic_id', $topic_ids) . '
+					AND forum_id <> 0';
+			$result = $db->sql_query($sql);
+
+			$topic_ids = array();
+			while ($row = $db->sql_fetchrow($result))
+			{
+				$topic_ids[] = $row['topic_id'];
+			}
+			$db->sql_freeresult($result);
+
+			if (sizeof($topic_ids))
+			{
+				// Delete topic shadows for global announcements
+				$sql = 'DELETE FROM ' . TOPICS_TABLE . '
+					WHERE ' . $db->sql_in_set('topic_moved_id', $topic_ids);
+				$db->sql_query($sql);
+
+				$sql = 'UPDATE ' . TOPICS_TABLE . "
+					SET topic_type = $new_topic_type, forum_id = 0
+						WHERE " . $db->sql_in_set('topic_id', $topic_ids);
+				$db->sql_query($sql);
+
+				// Update forum_ids for all posts
+				$sql = 'UPDATE ' . POSTS_TABLE . '
+					SET forum_id = 0
+					WHERE ' . $db->sql_in_set('topic_id', $topic_ids);
+				$db->sql_query($sql);
+
+				sync('forum', 'forum_id', $forum_id);
+			}
 		}
 
 		$success_msg = (sizeof($topic_ids) == 1) ? 'TOPIC_TYPE_CHANGED' : 'TOPICS_TYPE_CHANGED';
 
-		$data = get_topic_data($topic_ids);
-
-		foreach ($data as $topic_id => $row)
+		if (sizeof($topic_ids))
 		{
-			add_log('mod', $forum_id, $topic_id, 'LOG_TOPIC_TYPE_CHANGED', $row['topic_title']);
+			$data = get_topic_data($topic_ids);
+
+			foreach ($data as $topic_id => $row)
+			{
+				add_log('mod', $forum_id, $topic_id, 'LOG_TOPIC_TYPE_CHANGED', $row['topic_title']);
+			}
 		}
 	}
 	else
@@ -480,7 +522,7 @@ function mcp_move_topic($topic_ids)
 	else
 	{
 		$template->assign_vars(array(
-			'S_FORUM_SELECT'		=> make_forum_select($to_forum_id, $forum_id, false, true, true),
+			'S_FORUM_SELECT'		=> make_forum_select($to_forum_id, $forum_id, false, true, true, true),
 			'S_CAN_LEAVE_SHADOW'	=> true,
 			'ADDITIONAL_MSG'		=> $additional_msg)
 		);
@@ -541,11 +583,7 @@ function mcp_delete_topic($topic_ids)
 			add_log('mod', $forum_id, 0, 'LOG_TOPIC_DELETED', $row['topic_title']);
 		}
 
-		$return = delete_topics('topic_id', $topic_ids, true);
-
-		/**
-		* @todo Adjust total post count (mcp_delete_topic)
-		*/
+		$return = delete_topics('topic_id', $topic_ids);
 	}
 	else
 	{
@@ -602,7 +640,7 @@ function mcp_delete_post($post_ids)
 
 		$sql = 'SELECT DISTINCT topic_id
 			FROM ' . POSTS_TABLE . '
-			WHERE post_id IN (' . implode(', ', $post_ids) . ')';
+			WHERE ' . $db->sql_in_set('post_id', $post_ids);
 		$result = $db->sql_query($sql);
 
 		$topic_id_list = array();
@@ -625,7 +663,7 @@ function mcp_delete_post($post_ids)
 
 		$sql = 'SELECT COUNT(topic_id) AS topics_left
 			FROM ' . TOPICS_TABLE . '
-			WHERE topic_id IN (' . implode(', ', $topic_id_list) . ')';
+			WHERE ' . $db->sql_in_set('topic_id', $topic_id_list);
 		$result = $db->sql_query_limit($sql, 1);
 
 		$deleted_topics = ($row = $db->sql_fetchrow($result)) ? ($affected_topics - $row['topics_left']) : $affected_topics;
@@ -809,7 +847,7 @@ function mcp_fork_topic($topic_ids)
 			$sql = 'SELECT *
 				FROM ' . POSTS_TABLE . "
 				WHERE topic_id = $topic_id
-				ORDER BY post_id ASC";
+				ORDER BY post_time ASC";
 			$result = $db->sql_query($sql);
 
 			$post_rows = array();
@@ -848,7 +886,7 @@ function mcp_fork_topic($topic_ids)
 					'post_checksum'		=> (string) $row['post_checksum'],
 					'post_encoding'		=> (string) $row['post_encoding'],
 					'post_attachment'	=> (int) $row['post_attachment'],
-					'bbcode_bitfield'	=> (int) $row['bbcode_bitfield'],
+					'bbcode_bitfield'	=> $row['bbcode_bitfield'],
 					'bbcode_uid'		=> (string) $row['bbcode_uid'],
 					'post_edit_time'	=> (int) $row['post_edit_time'],
 					'post_edit_count'	=> (int) $row['post_edit_count'],
@@ -880,7 +918,7 @@ function mcp_fork_topic($topic_ids)
 							'physical_filename'	=> (string) basename($attach_row['physical_filename']),
 							'real_filename'		=> (string) basename($attach_row['real_filename']),
 							'download_count'	=> (int) $attach_row['download_count'],
-							'comment'			=> (string) $attach_row['comment'],
+							'attach_comment'	=> (string) $attach_row['attach_comment'],
 							'extension'			=> (string) $attach_row['extension'],
 							'mimetype'			=> (string) $attach_row['mimetype'],
 							'filesize'			=> (int) $attach_row['filesize'],
@@ -898,8 +936,8 @@ function mcp_fork_topic($topic_ids)
 		// Sync new topics, parent forums and board stats
 		sync('topic', 'topic_id', $new_topic_id_list, true);
 		sync('forum', 'forum_id', $to_forum_id, true);
-		set_config('num_topics', $config['num_topics'] + sizeof($new_topic_id_list));
-		set_config('num_posts', $config['num_posts'] + $total_posts);
+		set_config('num_topics', $config['num_topics'] + sizeof($new_topic_id_list), true);
+		set_config('num_posts', $config['num_posts'] + $total_posts, true);
 
 		foreach ($new_topic_id_list as $topic_id => $new_topic_id)
 		{

phpBB/includes/mcp/mcp_notes.php

@@ -68,7 +68,7 @@ class mcp_notes
 		global $template, $db, $user, $auth;
 
 		$user_id = request_var('u', 0);
-		$username = request_var('username', '', true);
+		$username = request_var('username', '');
 		$start = request_var('start', 0);
 		$st	= request_var('st', 0);
 		$sk	= request_var('sk', 'b');
@@ -106,7 +106,7 @@ class mcp_notes
 				{
 					$sql_in[] = $mark;
 				}
-				$where_sql = ' AND log_id IN (' . implode(', ', $sql_in) . ')';
+				$where_sql = ' AND ' . $db->sql_in_set('log_id', $sql_in);
 				unset($sql_in);
 			}
 
@@ -161,7 +161,7 @@ class mcp_notes
 
 		$limit_days = array(0 => $user->lang['ALL_ENTRIES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']);
 		$sort_by_text = array('a' => $user->lang['SORT_USERNAME'], 'b' => $user->lang['SORT_DATE'], 'c' => $user->lang['SORT_IP'], 'd' => $user->lang['SORT_ACTION']);
-		$sort_by_sql = array('a' => 'l.user_id', 'b' => 'l.log_time', 'c' => 'l.log_ip', 'd' => 'l.log_operation');
+		$sort_by_sql = array('a' => 'l.username', 'b' => 'l.log_time', 'c' => 'l.log_ip', 'd' => 'l.log_operation');
 
 		$s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = '';
 		gen_sort_selects($limit_days, $sort_by_text, $st, $sk, $sd, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param);
@@ -184,6 +184,7 @@ class mcp_notes
 					'REPORT_BY'		=> $row['username'],
 					'REPORT_AT'		=> $user->format_date($row['time']),
 					'ACTION'		=> $row['action'],
+					'IP'			=> $row['ip'],
 					'ID'			=> $row['id'])
 				);
 			}

phpBB/includes/mcp/mcp_post.php

@@ -59,7 +59,7 @@ function mcp_post_details($id, $mode, $action)
 
 			if ($action == 'chgposter')
 			{
-				$username = request_var('username', '', true);
+				$username = request_var('username', '');
 				$sql_where = "username = '" . $db->sql_escape($username) . "'";
 			}
 			else
@@ -125,13 +125,15 @@ function mcp_post_details($id, $mode, $action)
 		'U_MCP_REPORT'			=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=reports&mode=report_details&f=' . $post_info['forum_id'] . '&p=' . $post_id),
 		'U_MCP_USER_NOTES'		=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=notes&mode=user_notes&u=' . $post_info['user_id']),
 		'U_MCP_WARN_USER'		=> ($auth->acl_getf_global('m_warn')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=warn&mode=warn_user&u=' . $post_info['user_id']) : '',
+		'U_VIEW_POST'			=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $post_info['forum_id'] . '&p=' . $post_info['post_id'] . '#p' . $post_info['post_id']),
 		'U_VIEW_PROFILE'		=> ($post_info['user_id'] != ANONYMOUS) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $post_info['user_id']) : '',
+		'U_VIEW_TOPIC'			=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $post_info['forum_id'] . '&t=' . $post_info['topic_id']),
 		
 		'RETURN_TOPIC'			=> sprintf($user->lang['RETURN_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f={$post_info['forum_id']}&amp;p=$post_id") . "#p$post_id\">", '</a>'),
 		'RETURN_FORUM'			=> sprintf($user->lang['RETURN_FORUM'], '<a href="' . append_sid("{$phpbb_root_path}viewforum.$phpEx", "f={$post_info['forum_id']}&amp;start={$start}") . '">', '</a>'),
-		'REPORTED_IMG'			=> $user->img('icon_reported', $user->lang['POST_REPORTED']),
-		'UNAPPROVED_IMG'		=> $user->img('icon_unapproved', $user->lang['POST_UNAPPROVED']),
-		'EDIT_IMG'				=> $user->img('btn_edit', $user->lang['EDIT_POST']),
+		'REPORTED_IMG'			=> $user->img('icon_topic_reported', $user->lang['POST_REPORTED']),
+		'UNAPPROVED_IMG'		=> $user->img('icon_topic_unapproved', $user->lang['POST_UNAPPROVED']),
+		'EDIT_IMG'				=> $user->img('icon_post_edit', $user->lang['EDIT_POST']),
 
 		'POSTER_NAME'			=> $poster,
 		'POST_PREVIEW'			=> $message,
@@ -334,31 +336,20 @@ function change_poster(&$post_info, $userdata)
 	$db->sql_query($sql);
 
 	// Resync topic/forum if needed
-	if ($post_info['topic_last_post_id'] == $post_id || $post_info['forum_last_post_id'] == $post_id)
+	if ($post_info['topic_last_post_id'] == $post_id || $post_info['forum_last_post_id'] == $post_id || $post_info['topic_first_post_id'] == $post_id)
 	{
 		sync('topic', 'topic_id', $post_info['topic_id'], false, false);
 		sync('forum', 'forum_id', $post_info['forum_id'], false, false);
 	}
 
 	// Adjust post counts
-	$auth_user_from = new auth();
-	$auth_user_from->acl($post_info);
-
-	$auth_user_to = new auth();
-	$auth_user_to->acl($userdata);
-
-	// Decrease post count by one for the old user
-	if ($auth_user_from->acl_get('f_postcount', $post_info['forum_id']))
+	if ($post_info['post_postcount'])
 	{
 		$sql = 'UPDATE ' . USERS_TABLE . '
 			SET user_posts = user_posts - 1
 			WHERE user_id = ' . $post_info['user_id'];
 		$db->sql_query($sql);
-	}
 
-	// Increase post count by one for the new user
-	if ($auth_user_to->acl_get('f_postcount', $post_info['forum_id']))
-	{
 		$sql = 'UPDATE ' . USERS_TABLE . '
 			SET user_posts = user_posts + 1
 			WHERE user_id = ' . $userdata['user_id'];

phpBB/includes/mcp/mcp_queue.php

@@ -131,12 +131,14 @@ class mcp_queue
 					'U_MCP_REPORT'			=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=reports&mode=report_details&f=' . $post_info['forum_id'] . '&p=' . $post_id),
 					'U_MCP_USER_NOTES'		=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=notes&mode=user_notes&u=' . $post_info['user_id']),
 					'U_MCP_WARN_USER'		=> ($auth->acl_getf_global('m_warn')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=warn&mode=warn_user&u=' . $post_info['user_id']) : '',
+					'U_VIEW_POST'			=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $post_info['forum_id'] . '&p=' . $post_info['post_id'] . '#p' . $post_info['post_id']),
 					'U_VIEW_PROFILE'		=> ($post_info['user_id'] != ANONYMOUS) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $post_info['user_id']) : '',
+					'U_VIEW_TOPIC'			=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $post_info['forum_id'] . '&t=' . $post_info['topic_id']),
 
 					'RETURN_QUEUE'			=> sprintf($user->lang['RETURN_QUEUE'], '<a href="' . append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue' . (($topic_id) ? '&amp;mode=unapproved_topics' : '&amp;mode=unapproved_posts')) . "&amp;start=$start\">", '</a>'),
-					'REPORTED_IMG'			=> $user->img('icon_reported', $user->lang['POST_REPORTED']),
-					'UNAPPROVED_IMG'		=> $user->img('icon_unapproved', $user->lang['POST_UNAPPROVED']),
-					'EDIT_IMG'				=> $user->img('btn_edit', $user->lang['EDIT_POST']),
+					'REPORTED_IMG'			=> $user->img('icon_topic_reported', $user->lang['POST_REPORTED']),
+					'UNAPPROVED_IMG'		=> $user->img('icon_topic_unapproved', $user->lang['POST_UNAPPROVED']),
+					'EDIT_IMG'				=> $user->img('icon_post_edit', $user->lang['EDIT_POST']),
 
 					'POSTER_NAME'			=> $poster,
 					'POST_PREVIEW'			=> $message,
@@ -179,6 +181,8 @@ class mcp_queue
 						$forum_list[] = $row['forum_id'];
 					}
 
+					$global_id = $forum_list[0];
+
 					if (!($forum_list = implode(', ', $forum_list)))
 					{
 						trigger_error('NOT_MODERATOR');
@@ -190,8 +194,6 @@ class mcp_queue
 					$result = $db->sql_query($sql);
 					$forum_info['forum_topics'] = (int) $db->sql_fetchfield('sum_forum_topics');
 					$db->sql_freeresult($result);
-
-					$global_id = $forum_list[0];
 				}
 				else
 				{
@@ -248,11 +250,11 @@ class mcp_queue
 
 					if (sizeof($post_ids))
 					{
-						$sql = 'SELECT t.topic_id, t.topic_title, t.forum_id, p.post_id, p.post_username, p.poster_id, p.post_time, u.username
-							FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . USERS_TABLE . " u
-							WHERE p.post_id IN (" . implode(', ', $post_ids) . ")
+						$sql = 'SELECT t.topic_id, t.topic_title, t.forum_id, p.post_id, p.post_subject, p.post_username, p.poster_id, p.post_time, u.username
+							FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . USERS_TABLE . ' u
+							WHERE ' . $db->sql_in_set('p.post_id', $post_ids) . '
 								AND t.topic_id = p.topic_id
-								AND u.user_id = p.poster_id";
+								AND u.user_id = p.poster_id';
 						$result = $db->sql_query($sql);
 
 						$post_data = $rowset = array();
@@ -279,7 +281,7 @@ class mcp_queue
 				}
 				else
 				{
-					$sql = 'SELECT t.forum_id, t.topic_id, t.topic_title, t.topic_time AS post_time, t.topic_poster AS poster_id, t.topic_first_post_id AS post_id, t.topic_first_poster_name AS username
+					$sql = 'SELECT t.forum_id, t.topic_id, t.topic_title, t.topic_title AS post_subject, t.topic_time AS post_time, t.topic_poster AS poster_id, t.topic_first_post_id AS post_id, t.topic_first_poster_name AS username
 						FROM ' . TOPICS_TABLE . " t
 						WHERE topic_approved = 0
 							AND forum_id IN (0, $forum_list)
@@ -304,7 +306,7 @@ class mcp_queue
 					// Select the names for the forum_ids
 					$sql = 'SELECT forum_id, forum_name
 						FROM ' . FORUMS_TABLE . '
-						WHERE forum_id IN (' . implode(',', $forum_names) . ')';
+						WHERE ' . $db->sql_in_set('forum_id', $forum_names);
 					$result = $db->sql_query($sql, 3600);
 
 					$forum_names = array();
@@ -334,15 +336,13 @@ class mcp_queue
 
 					$template->assign_block_vars('postrow', array(
 						'U_VIEWFORUM'		=> (!$global_topic) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $row['forum_id']) : '',
-						// Q: Why accessing the topic by a post_id instead of its topic_id?
-						// A: To prevent the post from being hidden because of wrong encoding or different charset
-						'U_VIEWTOPIC'		=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $row['forum_id'] . '&amp;p=' . $row['post_id']) . (($mode == 'unapproved_posts') ? '#p' . $row['post_id'] : ''),
+						'U_VIEWPOST'		=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $row['forum_id'] . '&amp;p=' . $row['post_id']) . (($mode == 'unapproved_posts') ? '#p' . $row['post_id'] : ''),
 						'U_VIEW_DETAILS'	=> append_sid("{$phpbb_root_path}mcp.$phpEx", "i=queue&amp;start=$start&amp;mode=approve_details&amp;f={$row['forum_id']}&amp;p={$row['post_id']}" . (($mode == 'unapproved_topics') ? "&amp;t={$row['topic_id']}" : '')),
 						'U_VIEWPROFILE'		=> ($row['poster_id'] != ANONYMOUS) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&amp;u=' . $row['poster_id']) : '',
 
 						'POST_ID'		=> $row['post_id'],
 						'FORUM_NAME'	=> (!$global_topic) ? $forum_names[$row['forum_id']] : $user->lang['GLOBAL_ANNOUNCEMENT'],
-						'TOPIC_TITLE'	=> $row['topic_title'],
+						'POST_SUBJECT'	=> $row['post_subject'],
 						'POSTER'		=> $poster,
 						'POST_TIME'		=> $user->format_date($row['post_time']))
 					);
@@ -358,6 +358,7 @@ class mcp_queue
 
 					'S_FORUM_OPTIONS'		=> $forum_options,
 					'S_MCP_ACTION'			=> build_url(array('t', 'f', 'sd', 'st', 'sk')),
+					'S_TOPICS'				=> ($mode == 'unapproved_posts') ? false : true,
 
 					'PAGINATION'			=> generate_pagination($this->u_action . "&amp;f=$forum_id", $total, $config['topics_per_page'], $start),
 					'PAGE_NUMBER'			=> on_page($total, $config['topics_per_page'], $start),
@@ -448,7 +449,7 @@ function approve_post($post_id_list, $mode)
 		{
 			$sql = 'UPDATE ' . TOPICS_TABLE . '
 				SET topic_approved = 1
-				WHERE topic_id IN (' . implode(', ', $topic_approve_sql) . ')';
+				WHERE ' . $db->sql_in_set('topic_id', $topic_approve_sql);
 			$db->sql_query($sql);
 		}
 
@@ -456,7 +457,7 @@ function approve_post($post_id_list, $mode)
 		{
 			$sql = 'UPDATE ' . POSTS_TABLE . '
 				SET post_approved = 1
-				WHERE post_id IN (' . implode(', ', $post_approve_sql) . ')';
+				WHERE ' . $db->sql_in_set('post_id', $post_approve_sql);
 			$db->sql_query($sql);
 		}
 

phpBB/includes/mcp/mcp_reports.php

@@ -61,20 +61,14 @@ class mcp_reports
 
 				$post_id = request_var('p', 0);
 
-				$post_info = get_post_data(array($post_id), 'm_approve');
+				// closed reports are accessed by report id
+				$report_id = request_var('r', 0);
 
-				if (!sizeof($post_info))
-				{
-					trigger_error('NO_POST_SELECTED');
-				}
-
-				$post_info = $post_info[$post_id];
-
-				$sql = 'SELECT r.user_id, r.report_closed, report_time, r.report_text, rr.reason_title, rr.reason_description, u.username
-					FROM ' . REPORTS_TABLE . ' r, ' . REPORTS_REASONS_TABLE . ' rr, ' . USERS_TABLE . " u
-					WHERE r.post_id = $post_id
+				$sql = 'SELECT r.post_id, r.user_id, r.report_closed, report_time, r.report_text, rr.reason_title, rr.reason_description, u.username
+					FROM ' . REPORTS_TABLE . ' r, ' . REPORTS_REASONS_TABLE . ' rr, ' . USERS_TABLE . ' u
+					WHERE ' . (($report_id) ? 'r.report_id = ' . $report_id : "r.post_id = $post_id AND r.report_closed = 0") . '
 						AND rr.reason_id = r.reason_id
-						AND r.user_id = u.user_id";
+						AND r.user_id = u.user_id';
 				$result = $db->sql_query($sql);
 				$report = $db->sql_fetchrow($result);
 				$db->sql_freeresult($result);
@@ -84,6 +78,20 @@ class mcp_reports
 					trigger_error('NO_POST_REPORT');
 				}
 
+				if ($report_id)
+				{
+					$post_id = $report['post_id'];
+				}
+
+				$post_info = get_post_data(array($post_id), 'm_report');
+
+				if (!sizeof($post_info))
+				{
+					trigger_error('NO_POST_SELECTED');
+				}
+
+				$post_info = $post_info[$post_id];
+
 				$reason = array('title' => $report['reason_title'], 'description' => $report['reason_description']);
 				if (isset($user->lang['report_reasons']['TITLE'][strtoupper($reason['title'])]) && isset($user->lang['report_reasons']['DESCRIPTION'][strtoupper($reason['title'])]))
 				{
@@ -134,14 +142,16 @@ class mcp_reports
 					'U_MCP_USER_NOTES'			=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=notes&mode=user_notes&u=' . $post_info['user_id']),
 					'U_MCP_WARN_REPORTER'		=> ($auth->acl_getf_global('m_warn')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=warn&mode=warn_user&u=' . $report['user_id']) : '',
 					'U_MCP_WARN_USER'			=> ($auth->acl_getf_global('m_warn')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=warn&mode=warn_user&u=' . $post_info['user_id']) : '',
+					'U_VIEW_POST'				=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $post_info['forum_id'] . '&p=' . $post_info['post_id'] . '#p' . $post_info['post_id']),
 					'U_VIEW_PROFILE'			=> ($post_info['user_id'] != ANONYMOUS) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $post_info['user_id']) : '',
 					'U_VIEW_REPORTER_PROFILE'	=> ($report['user_id'] != ANONYMOUS) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $report['user_id']) : '',
+					'U_VIEW_TOPIC'				=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $post_info['forum_id'] . '&t=' . $post_info['topic_id']),
 
-					'EDIT_IMG'				=> $user->img('btn_edit', $user->lang['EDIT_POST']),
-					'UNAPPROVED_IMG'		=> $user->img('icon_unapproved', $user->lang['POST_UNAPPROVED']),
+					'EDIT_IMG'				=> $user->img('icon_post_edit', $user->lang['EDIT_POST']),
+					'UNAPPROVED_IMG'		=> $user->img('icon_topic_unapproved', $user->lang['POST_UNAPPROVED']),
 
 					'RETURN_REPORTS'			=> sprintf($user->lang['RETURN_REPORTS'], '<a href="' . append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=reports' . (($post_info['post_reported']) ? '&amp;mode=reports' : '&amp;mode=reports_closed') . '&amp;start=' . $start) . '">', '</a>'),
-					'REPORTED_IMG'				=> $user->img('icon_reported', $user->lang['POST_REPORTED']),
+					'REPORTED_IMG'				=> $user->img('icon_topic_reported', $user->lang['POST_REPORTED']),
 					'REPORT_REASON_TITLE'		=> $reason['title'],
 					'REPORT_REASON_DESCRIPTION'	=> $reason['description'],
 					'REPORTER_NAME'				=> ($report['user_id'] == ANONYMOUS) ? $user->lang['GUEST'] : $report['username'],
@@ -181,22 +191,25 @@ class mcp_reports
 					$forum_id = $topic_info['forum_id'];
 				}
 
+				$forum_list = array();
+
 				if (!$forum_id)
 				{
-					$forum_list = array();
 					foreach ($forum_list_reports as $row)
 					{
 						$forum_list[] = $row['forum_id'];
 					}
 
-					if (!($forum_list = implode(', ', $forum_list)))
+					$global_id = $forum_list[0];
+
+					if (!sizeof($forum_list))
 					{
 						trigger_error('NOT_MODERATOR');
 					}
 
 					$sql = 'SELECT SUM(forum_topics) as sum_forum_topics
-						FROM ' . FORUMS_TABLE . "
-						WHERE forum_id IN ($forum_list)";
+						FROM ' . FORUMS_TABLE . '
+						WHERE ' . $db->sql_in_set('forum_id', $forum_list);
 					$result = $db->sql_query($sql);
 					$forum_info['forum_topics'] = (int) $db->sql_fetchfield('sum_forum_topics');
 					$db->sql_freeresult($result);
@@ -211,10 +224,11 @@ class mcp_reports
 					}
 
 					$forum_info = $forum_info[$forum_id];
-					$forum_list = $forum_id;
+					$forum_list = array($forum_id);
+					$global_id = $forum_id;
 				}
 
-				$forum_list .= ', 0';
+				$forum_list[] = 0;
 				$forum_data = array();
 
 				$forum_options = '<option value="0"' . (($forum_id == 0) ? ' selected="selected"' : '') . '>' . $user->lang['ALL_FORUMS'] . '</option>';
@@ -242,9 +256,9 @@ class mcp_reports
 					$report_state = 'AND r.report_closed = 1';
 				}
 
-				$sql = 'SELECT p.post_id
-					FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . REPORTS_TABLE . ' r ' . (($sort_order_sql[0] == 'u') ? ', ' . USERS_TABLE . ' u' : '') . (($sort_order_sql[0] == 'r') ? ', ' . USERS_TABLE . ' ru' : '') . "
-					WHERE p.forum_id IN ($forum_list)
+				$sql = 'SELECT r.report_id
+					FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . REPORTS_TABLE . ' r ' . (($sort_order_sql[0] == 'u') ? ', ' . USERS_TABLE . ' u' : '') . (($sort_order_sql[0] == 'r') ? ', ' . USERS_TABLE . ' ru' : '') . '
+					WHERE ' . $db->sql_in_set('p.forum_id', $forum_list) . "
 						$report_state
 						AND r.post_id = p.post_id
 						" . (($sort_order_sql[0] == 'u') ? 'AND u.user_id = p.poster_id' : '') . '
@@ -256,36 +270,28 @@ class mcp_reports
 				$result = $db->sql_query_limit($sql, $config['topics_per_page'], $start);
 
 				$i = 0;
-				$post_ids = array();
+				$report_ids = array();
 				while ($row = $db->sql_fetchrow($result))
 				{
-					$post_ids[] = $row['post_id'];
-					$row_num[$row['post_id']] = $i++;
+					$report_ids[] = $row['report_id'];
+					$row_num[$row['report_id']] = $i++;
 				}
 				$db->sql_freeresult($result);
 
-				if (sizeof($post_ids))
+				if (sizeof($report_ids))
 				{
-					$sql = 'SELECT t.forum_id, t.topic_id, t.topic_title, p.post_id, p.post_subject, p.post_username, p.poster_id, p.post_time, u.username, r.user_id as reporter_id, ru.username as reporter_name, r.report_time
-						FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . REPORTS_TABLE . ' r, ' . USERS_TABLE . ' u, ' . USERS_TABLE . " ru
-						WHERE p.post_id IN (" . implode(', ', $post_ids) . ")
+					$sql = 'SELECT t.forum_id, t.topic_id, t.topic_title, p.post_id, p.post_subject, p.post_username, p.poster_id, p.post_time, u.username, r.user_id as reporter_id, ru.username as reporter_name, r.report_time, r.report_id
+						FROM ' . REPORTS_TABLE . ' r, ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . USERS_TABLE . ' u, ' . USERS_TABLE . ' ru
+						WHERE ' . $db->sql_in_set('r.report_id', $report_ids) . '
 							AND t.topic_id = p.topic_id
 							AND r.post_id = p.post_id
 							AND u.user_id = p.poster_id
-							AND ru.user_id = r.user_id";
+							AND ru.user_id = r.user_id';
 					$result = $db->sql_query($sql);
 
-					$post_data = $rowset = array();
+					$report_data = $rowset = array();
 					while ($row = $db->sql_fetchrow($result))
 					{
-						$post_data[$row['post_id']] = $row;
-					}
-					$db->sql_freeresult($result);
-
-					foreach ($post_ids as $post_id)
-					{
-						$row = $post_data[$post_id];
-
 						if ($row['poster_id'] == ANONYMOUS)
 						{
 							$poster = (!empty($row['post_username'])) ? $row['post_username'] : $user->lang['GUEST'];
@@ -295,16 +301,20 @@ class mcp_reports
 							$poster = $row['username'];
 						}
 
+						$global_topic = ($row['forum_id']) ? false : true;
+						if ($global_topic)
+						{
+							$row['forum_id'] = $global_id;
+						}
+
 						$template->assign_block_vars('postrow', array(
-							'U_VIEWFORUM'				=> append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $row['forum_id']),
-							// Q: Why accessing the topic by a post_id instead of its topic_id?
-							// A: To prevent the post from being hidden because of wrong encoding or different charset
-							'U_VIEWTOPIC'				=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $row['forum_id'] . '&amp;p=' . $row['post_id']) . '#p' . $row['post_id'],
-							'U_VIEW_DETAILS'			=> append_sid("{$phpbb_root_path}mcp.$phpEx", "i=reports&amp;start=$start&amp;mode=report_details&amp;f={$forum_id}&amp;p={$row['post_id']}"),
+							'U_VIEWFORUM'				=> (!$global_topic) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $row['forum_id']) : '',
+							'U_VIEWPOST'				=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $row['forum_id'] . '&amp;p=' . $row['post_id']) . '#p' . $row['post_id'],
+							'U_VIEW_DETAILS'			=> append_sid("{$phpbb_root_path}mcp.$phpEx", "i=reports&amp;start=$start&amp;mode=report_details&amp;f={$row['forum_id']}&amp;r={$row['report_id']}"),
 							'U_VIEW_POSTER_PROFILE'		=> ($row['poster_id'] != ANONYMOUS) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&amp;u=' . $row['poster_id']) : '',
 							'U_VIEW_REPORTER_PROFILE'	=> ($row['reporter_id'] != ANONYMOUS) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&amp;u=' . $row['reporter_id']) : '',
 
-							'FORUM_NAME'	=> ($row['forum_id']) ? $forum_data[$row['forum_id']]['forum_name'] : $user->lang['ALL_FORUMS'],
+							'FORUM_NAME'	=> (!$global_topic) ? $forum_data[$row['forum_id']]['forum_name'] : $user->lang['GLOBAL_ANNOUNCEMENT'],
 							'POSTER'		=> $poster,
 							'POST_ID'		=> $row['post_id'],
 							'POST_SUBJECT'	=> $row['post_subject'],
@@ -314,7 +324,8 @@ class mcp_reports
 							'TOPIC_TITLE'	=> $row['topic_title'])
 						);
 					}
-					unset($post_data, $post_ids, $row);
+					$db->sql_freeresult($result);
+					unset($report_ids, $row);
 				}
 
 				// Now display the page
@@ -377,7 +388,7 @@ function close_report($post_id_list, $mode, $action)
 
 		$sql = 'SELECT r.post_id, r.report_closed, r.user_id, r.user_notify, u.username, u.user_email, u.user_jabber, u.user_lang, u.user_notify_type
 			FROM ' . REPORTS_TABLE . ' r, ' . USERS_TABLE . ' u
-			WHERE r.post_id IN (' . implode(',', array_keys($post_info)) . ')
+			WHERE ' . $db->sql_in_set('r.post_id', array_keys($post_info)) . '
 				' . (($action == 'close') ? 'AND r.report_closed = 0' : '') . '
 				AND r.user_id = u.user_id';
 		$result = $db->sql_query($sql);
@@ -411,9 +422,9 @@ function close_report($post_id_list, $mode, $action)
 			// Get a list of topics that still contain reported posts
 			$sql = 'SELECT DISTINCT topic_id
 				FROM ' . POSTS_TABLE . '
-				WHERE topic_id IN (' . implode(', ', $close_report_topics) . ')
+				WHERE ' . $db->sql_in_set('topic_id', $close_report_topics) . '
 					AND post_reported = 1
-					AND post_id NOT IN (' . implode(', ', $close_report_posts) . ')';
+					AND ' . $db->sql_in_set('post_id', $close_report_posts, true);
 			$result = $db->sql_query($sql);
 
 			$keep_report_topics = array();
@@ -432,24 +443,27 @@ function close_report($post_id_list, $mode, $action)
 			{
 				$sql = 'UPDATE ' . REPORTS_TABLE . '
 					SET report_closed = 1
-					WHERE post_id IN (' . implode(', ', $close_report_posts) . ')';
+					WHERE ' . $db->sql_in_set('post_id', $close_report_posts);
 			}
 			else
 			{
 				$sql = 'DELETE FROM ' . REPORTS_TABLE . '
-					WHERE post_id IN (' . implode(', ', $close_report_posts) . ')';
+					WHERE ' . $db->sql_in_set('post_id', $close_report_posts);
 			}
 			$db->sql_query($sql);
 
 			$sql = 'UPDATE ' . POSTS_TABLE . '
 				SET post_reported = 0
-				WHERE post_id IN (' . implode(', ', $close_report_posts) . ')';
+				WHERE ' . $db->sql_in_set('post_id', $close_report_posts);
 			$db->sql_query($sql);
 
-			$sql = 'UPDATE ' . TOPICS_TABLE . '
-				SET topic_reported = 0
-				WHERE topic_id IN (' . implode(', ', $close_report_topics) . ')';
-			$db->sql_query($sql);
+			if (sizeof($close_report_topics))
+			{
+				$sql = 'UPDATE ' . TOPICS_TABLE . '
+					SET topic_reported = 0
+					WHERE ' . $db->sql_in_set('topic_id', $close_report_topics);
+				$db->sql_query($sql);
+			}
 
 			$db->sql_transaction('commit');
 		}

phpBB/includes/mcp/mcp_topic.php

@@ -88,11 +88,11 @@ function mcp_topic_view($id, $mode, $action)
 	$result = $db->sql_query_limit($sql, $posts_per_page, $start);
 
 	$rowset = array();
-	$bbcode_bitfield = 0;
+	$bbcode_bitfield = '';
 	while ($row = $db->sql_fetchrow($result))
 	{
 		$rowset[] = $row;
-		$bbcode_bitfield |= $row['bbcode_bitfield'];
+		$bbcode_bitfield = $bbcode_bitfield | base64_decode($row['bbcode_bitfield']);
 	}
 	$db->sql_freeresult($result);
 
@@ -132,7 +132,7 @@ function mcp_topic_view($id, $mode, $action)
 			'POST_ID'		=> $row['post_id'],
 			'RETURN_TOPIC'	=> sprintf($user->lang['RETURN_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", 't=' . $topic_id) . '">', '</a>'),
 
-			'MINI_POST_IMG'		=> ($row['post_time'] > $user->data['user_lastvisit'] && $user->data['is_registered']) ? $user->img('icon_post_new', $user->lang['NEW_POST']) : $user->img('icon_post', $user->lang['POST']),
+			'MINI_POST_IMG'		=> ($row['post_time'] > $user->data['user_lastvisit'] && $user->data['is_registered']) ? $user->img('icon_post_target_unread', $user->lang['NEW_POST']) : $user->img('icon_post_target', $user->lang['POST']),
 
 			'S_POST_REPORTED'	=> ($row['post_reported']) ? true : false,
 			'S_POST_UNAPPROVED'	=> ($row['post_approved']) ? false : true,
@@ -186,11 +186,11 @@ function mcp_topic_view($id, $mode, $action)
 		'POSTS_PER_PAGE'	=> $posts_per_page,
 		'ACTION'			=> $action,
 
-		'REPORTED_IMG'		=> $user->img('icon_reported', 'POST_REPORTED', false, true),
-		'UNAPPROVED_IMG'	=> $user->img('icon_unapproved', 'POST_UNAPPROVED', false, true),
+		'REPORTED_IMG'		=> $user->img('icon_topic_reported', 'POST_REPORTED', false, true),
+		'UNAPPROVED_IMG'	=> $user->img('icon_topic_unapproved', 'POST_UNAPPROVED', false, true),
 
 		'S_MCP_ACTION'		=> "$url&amp;i=$id&amp;mode=$mode&amp;action=$action&amp;start=$start",
-		'S_FORUM_SELECT'	=> '<select name="to_forum_id">' . (($to_forum_id) ? make_forum_select($to_forum_id) : make_forum_select($topic_info['forum_id'])) . '</select>',
+		'S_FORUM_SELECT'	=> ($to_forum_id) ? make_forum_select($to_forum_id, false, false, true, true, true) : make_forum_select($topic_info['forum_id'], false, false, true, true, true),
 		'S_CAN_SPLIT'		=> ($auth->acl_get('m_split', $topic_info['forum_id'])) ? true : false,
 		'S_CAN_MERGE'		=> ($auth->acl_get('m_merge', $topic_info['forum_id'])) ? true : false,
 		'S_CAN_DELETE'		=> ($auth->acl_get('m_delete', $topic_info['forum_id'])) ? true : false,

phpBB/includes/mcp/mcp_warn.php

@@ -188,6 +188,7 @@ function mcp_warn_post_view($id, $mode, $action)
 	global $template, $db, $user, $auth;
 
 	$post_id = request_var('p', 0);
+	$forum_id = request_var('f', 0);
 	$notify = (isset($_REQUEST['notify_user'])) ? true : false;
 	$warning = request_var('warning', '', true);
 
@@ -210,6 +211,12 @@ function mcp_warn_post_view($id, $mode, $action)
 		trigger_error($user->lang['CANNOT_WARN_ANONYMOUS']);
 	}
 
+	// Prevent someone from warning themselves
+	if ($userrow['user_id'] == $user->data['user_id'])
+	{
+		trigger_error($user->lang['CANNOT_WARN_SELF']);
+	}
+
 	// Check if there is already a warning for this post to prevent multiple
 	// warnings for the same offence
 	$sql = 'SELECT post_id
@@ -290,6 +297,8 @@ function mcp_warn_post_view($id, $mode, $action)
 
 		'AVATAR_IMG'		=> $avatar_img,
 		'RANK_IMG'			=> $rank_img,
+
+		'L_WARNING_POST_DEFAULT'	=> sprintf($user->lang['WARNING_POST_DEFAULT'], generate_board_url() . "/viewtopic.$phpEx?f=$forum_id&p=$post_id"),
 		)
 	);
 }
@@ -303,7 +312,7 @@ function mcp_warn_user_view($id, $mode, $action)
 	global $template, $db, $user, $auth;
 
 	$user_id = request_var('u', 0);
-	$username = request_var('username', '', true);
+	$username = request_var('username', '');
 	$notify = (isset($_REQUEST['notify_user'])) ? true : false;
 	$warning = request_var('warning', '', true);
 
@@ -321,6 +330,12 @@ function mcp_warn_user_view($id, $mode, $action)
 		trigger_error('NO_USER');
 	}
 
+	// Prevent someone from warning themselves
+	if ($userrow['user_id'] == $user->data['user_id'])
+	{
+		trigger_error($user->lang['CANNOT_WARN_SELF']);
+	}
+
 	$user_id = $userrow['user_id'];
 
 	if ($warning && $action == 'add_warning')
@@ -401,7 +416,7 @@ function add_warning($userrow, $warning, $send_pm = true, $post_id = 0)
 			'enable_smilies'		=> true,
 			'enable_urls'			=> false,
 			'icon_id'				=> 0,
-			'bbcode_bitfield'		=> (int) $message_parser->bbcode_bitfield,
+			'bbcode_bitfield'		=> $message_parser->bbcode_bitfield,
 			'bbcode_uid'			=> $message_parser->bbcode_uid,
 			'message'				=> $message_parser->message,
 			'address_list'			=> array('u' => array($userrow['user_id'] => 'to')),

phpBB/includes/message_parser.php

@@ -43,7 +43,9 @@ class bbcode_firstpass extends bbcode
 		}
 
 		global $user;
-		$this->bbcode_bitfield = 0;
+
+		$this->bbcode_bitfield = '';
+		$bitfield = new bitfield();
 
 		$size = strlen($this->message);
 		foreach ($this->bbcodes as $bbcode_name => $bbcode_data)
@@ -72,10 +74,29 @@ class bbcode_firstpass extends bbcode
 			$new_size = strlen($this->message);
 			if ($size != $new_size)
 			{
-				$this->bbcode_bitfield |= (1 << $bbcode_data['bbcode_id']);
+				$bitfield->set($bbcode_data['bbcode_id']);
 				$size = $new_size;
 			}
 		}
+
+		$this->bbcode_bitfield = $bitfield->get_base64();
+	}
+
+	/**
+	* Prepare some bbcodes for better parsing
+	*/
+	function prepare_bbcodes()
+	{
+		// Add newline at the end and in front of each quote block to prevent parsing errors (urls, smilies, etc.)
+		if (strpos($this->message, '[quote') !== false)
+		{
+			$in = str_replace("\r\n", "\n", $this->message);
+
+			$this->message = preg_replace(array('#\[quote(=&quot;.*?&quot;)?\]([^\n])#is', '#([^\n])\[\/quote\]#is'), array("[quote\\1]\n\\2", "\\1\n[/quote]"), $this->message);
+			$this->message = preg_replace(array('#\[quote(=&quot;.*?&quot;)?\]([^\n])#is', '#([^\n])\[\/quote\]#is'), array("[quote\\1]\n\\2", "\\1\n[/quote]"), $this->message);
+		}
+
+		// Add other checks which needs to be placed before actually parsing anything (be it bbcodes, smilies, urls...)
 	}
 
 	/**
@@ -97,7 +118,7 @@ class bbcode_firstpass extends bbcode
 			'url'			=> array('bbcode_id' => 3,	'regexp' => array('#\[url(=(.*))?\](.*)\[/url\]#iUe' => "\$this->validate_url('\$2', '\$3')")),
 			'img'			=> array('bbcode_id' => 4,	'regexp' => array('#\[img\](https?://)([a-z0-9\-\.,\?!%\*_:;~\\&$@/=\+]+)\[/img\]#ie' => "\$this->bbcode_img('\$1\$2')")),
 			'size'			=> array('bbcode_id' => 5,	'regexp' => array('#\[size=([\-\+]?[1-2]?[0-9])\](.*?)\[/size\]#ise' => "\$this->bbcode_size('\$1', '\$2')")),
-			'color'			=> array('bbcode_id' => 6,	'regexp' => array('!\[color=(#[0-9A-F]{6}|[a-z\-]+)\](.*?)\[/color\]!ise' => "\$this->bbcode_color('\$1', '\$2')")),
+			'color'			=> array('bbcode_id' => 6,	'regexp' => array('!\[color=(#[0-9A-Fa-f]{6}|[a-z\-]+)\](.*?)\[/color\]!ise' => "\$this->bbcode_color('\$1', '\$2')")),
 			'u'				=> array('bbcode_id' => 7,	'regexp' => array('#\[u\](.*?)\[/u\]#ise' => "\$this->bbcode_underline('\$1')")),
 			'list'			=> array('bbcode_id' => 9,	'regexp' => array('#\[list(=[a-z|0-9|(?:disc|circle|square))]+)?\].*\[/list\]#ise' => "\$this->bbcode_parse_list('\$0')")),
 			'email'			=> array('bbcode_id' => 10,	'regexp' => array('#\[email=?(.*?)?\](.*?)\[/email\]#ise' => "\$this->validate_email('\$1', '\$2')")),
@@ -147,7 +168,7 @@ class bbcode_firstpass extends bbcode
 		$in = str_replace("\r\n", "\n", str_replace('\"', '"', $in));
 
 		// Trimming here to make sure no empty bbcodes are parsed accidently
-		if (!trim($in))
+		if (trim($in) == '')
 		{
 			return false;
 		}
@@ -389,12 +410,11 @@ class bbcode_firstpass extends bbcode
 			switch (strtolower($stx))
 			{
 				case 'php':
-					$code = trim($code);
 
 					$remove_tags = false;
 					$code = str_replace(array('&lt;', '&gt;'), array('<', '>'), $code);
 
-					if (!preg_match('/^\<\?.*?\?\>/is', $code))
+					if (!preg_match('/\<\?.*?\?\>/is', $code))
 					{
 						$remove_tags = true;
 						$code = "<?php $code ?>";
@@ -417,7 +437,7 @@ class bbcode_firstpass extends bbcode
 					{
 						$str_from[] = '<span class="syntaxdefault">&lt;?php </span>';
 						$str_to[] = '';
-						$str_from[] = '<span class="syntaxdefault">&lt;?php ';
+						$str_from[] = '<span class="syntaxdefault">&lt;?php&nbsp;';
 						$str_to[] = '<span class="syntaxdefault">';
 					}
 
@@ -432,6 +452,12 @@ class bbcode_firstpass extends bbcode
 					$code = preg_replace('#^<span class="[a-z]+"><span class="([a-z]+)">(.*)</span></span>#s', '<span class="$1">$2</span>', $code);
 					$code = preg_replace('#(?:[\n\r\s\t]|&nbsp;)*</span>$#', '</span>', $code);
 
+					// remove newline at the end
+					if (!empty($code) && $code{strlen($code)-1} == "\n")
+					{
+						$code = substr($code, 0, -1);
+					}
+
 					$out .= "[code=$stx:" . $this->bbcode_uid . ']' . $code . '[/code:' . $this->bbcode_uid . ']';
 				break;
 
@@ -565,12 +591,6 @@ class bbcode_firstpass extends bbcode
 		$tok = ']';
 		$out = '[';
 
-		// Add newline at the end and in front of each quote block to prevent parsing errors (urls, smilies, etc.)
-		$in = preg_replace(array('#\[quote(=&quot;.*?&quot;)?\]([^\n])#is', '#([^\n])\[\/quote\]#is'), array("[quote\\1]\n\\2", "\\1\n[/quote]"), $in);
-		$in = preg_replace(array('#\[quote(=&quot;.*?&quot;)?\]([^\n])#is', '#([^\n])\[\/quote\]#is'), array("[quote\\1]\n\\2", "\\1\n[/quote]"), $in);
-
-		$in = str_replace("\r\n", "\n", str_replace('\"', '"', trim($in)));
-
 		$in = substr($in, 1);
 		$close_tags = $error_ary = array();
 		$buffer = '';
@@ -677,7 +697,8 @@ class bbcode_firstpass extends bbcode
 			else
 			{
 				$out .= $buffer . $tok;
-				$tok = ($tok == '[') ? ']' : '[]';
+				// $tok = ($tok == '[') ? ']' : '[]';
+				$tok = '[]';
 				$buffer = '';
 			}
 		}
@@ -709,7 +730,7 @@ class bbcode_firstpass extends bbcode
 
 		$validated = true;
 
-		if (!preg_match('!([a-z0-9]+[a-z0-9\-\._]*@(?:(?:[0-9]{1,3}\.){3,5}[0-9]{1,3}|[a-z0-9]+[a-z0-9\-\._]*\.[a-z]+))!i', $email))
+		if (!preg_match('/^' . get_preg_expression('email') . '$/i', $email))
 		{
 			$validated = false;
 		}
@@ -792,8 +813,10 @@ class bbcode_firstpass extends bbcode
 	{
 		global $config, $phpEx, $user;
 
+		$check_path = ($user->page['root_script_path'] != '/') ? substr($user->page['root_script_path'], 0, -1) : '/';
+
 		// Is the user trying to link to a php file in this domain and script path?
-		if (strpos($url, ".{$phpEx}") !== false && strpos($url, substr($user->page['root_script_path'], 0, -1)) !== false)
+		if (strpos($url, ".{$phpEx}") !== false && strpos($url, $check_path) !== false)
 		{
 			$server_name = (!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME');
 
@@ -805,7 +828,7 @@ class bbcode_firstpass extends bbcode
 
 			// Check again in correct order...
 			$pos_ext = strpos($url, ".{$phpEx}");
-			$pos_path = strpos($url, substr($user->page['root_script_path'], 0, -1));
+			$pos_path = strpos($url, $check_path);
 			$pos_domain = strpos($url, $server_name);
 
 			if ($pos_domain !== false && $pos_path >= $pos_domain && $pos_ext >= $pos_path)
@@ -897,15 +920,7 @@ class parse_message extends bbcode_firstpass
 			}
 		}
 
-		// Parse smilies
-		if ($allow_smilies)
-		{
-			$this->smilies($config['max_' . $mode . '_smilies']);
-		}
-
-		$num_urls = 0;
-
-		// Parse BBCode
+		// Prepare BBcode (just prepares some tags for better parsing)
 		if ($allow_bbcode && strpos($this->message, '[') !== false)
 		{
 			$this->bbcode_init();
@@ -917,8 +932,22 @@ class parse_message extends bbcode_firstpass
 					$this->bbcodes[$bool]['disabled'] = true;
 				}
 			}
-			$this->parse_bbcode();
 
+			$this->prepare_bbcodes();
+		}
+
+		// Parse smilies
+		if ($allow_smilies)
+		{
+			$this->smilies($config['max_' . $mode . '_smilies']);
+		}
+
+		$num_urls = 0;
+
+		// Parse BBCode
+		if ($allow_bbcode && strpos($this->message, '[') !== false)
+		{
+			$this->parse_bbcode();
 			$num_urls += $this->parsed_items['url'];
 		}
 
@@ -1129,7 +1158,7 @@ class parse_message extends bbcode_firstpass
 				{
 					$new_entry = array(
 						'physical_filename'	=> $filedata['physical_filename'],
-						'comment'			=> $this->filename_data['filecomment'],
+						'attach_comment'	=> $this->filename_data['filecomment'],
 						'real_filename'		=> $filedata['real_filename'],
 						'extension'			=> $filedata['extension'],
 						'mimetype'			=> $filedata['mimetype'],
@@ -1199,7 +1228,7 @@ class parse_message extends bbcode_firstpass
 
 					$edit_comment = request_var('edit_comment', array(0 => ''));
 					$edit_comment = key($edit_comment);
-					$this->attachment_data[$edit_comment]['comment'] = $actual_comment_list[$edit_comment];
+					$this->attachment_data[$edit_comment]['attach_comment'] = $actual_comment_list[$edit_comment];
 				}
 
 				if (($add_file || $preview) && $upload_file)
@@ -1213,7 +1242,7 @@ class parse_message extends bbcode_firstpass
 						{
 							$new_entry = array(
 								'physical_filename'	=> $filedata['physical_filename'],
-								'comment'			=> $this->filename_data['filecomment'],
+								'attach_comment'	=> $this->filename_data['filecomment'],
 								'real_filename'		=> $filedata['real_filename'],
 								'extension'			=> $filedata['extension'],
 								'mimetype'			=> $filedata['mimetype'],
@@ -1279,7 +1308,7 @@ class parse_message extends bbcode_firstpass
 			// Get the data from the attachments
 			$sql = 'SELECT attach_id, physical_filename, real_filename, extension, mimetype, filesize, filetime, thumbnail
 				FROM ' . ATTACHMENTS_TABLE . '
-				WHERE attach_id IN (' . implode(', ', array_keys($attach_ids)) . ')
+				WHERE ' . $db->sql_in_set('attach_id', array_keys($attach_ids)) . '
 					AND poster_id = ' . $check_user_id;
 			$result = $db->sql_query($sql);
 
@@ -1289,7 +1318,7 @@ class parse_message extends bbcode_firstpass
 				{
 					$pos = $attach_ids[$row['attach_id']];
 					$this->attachment_data[$pos] = $row;
-					set_var($this->attachment_data[$pos]['comment'], $_POST['attachment_data'][$pos]['comment'], 'string', true);
+					set_var($this->attachment_data[$pos]['attach_comment'], $_POST['attachment_data'][$pos]['attach_comment'], 'string', true);
 
 					unset($attach_ids[$row['attach_id']]);
 				}
@@ -1308,8 +1337,8 @@ class parse_message extends bbcode_firstpass
 			include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx);
 
 			$sql = 'SELECT attach_id
-				FROM ' . ATTACHMENTS_TABLE . "
-				WHERE LOWER(physical_filename) IN ('" . implode("', '", array_map('strtolower', $filenames)) . "')";
+				FROM ' . ATTACHMENTS_TABLE . '
+				WHERE ' . $db->sql_in_set('LOWER(physical_filename)', array_map('strtolower', $filenames));
 			$result = $db->sql_query_limit($sql, 1);
 			$row = $db->sql_fetchrow($result);
 			$db->sql_freeresult($result);
@@ -1329,7 +1358,7 @@ class parse_message extends bbcode_firstpass
 					'thumbnail'			=> (file_exists($phpbb_root_path . $config['upload_path'] . '/thumb_' . $physical_filename)) ? 1 : 0,
 				);
 
-				set_var($this->attachment_data[$pos]['comment'], $_POST['attachment_data'][$pos]['comment'], 'string', true);
+				set_var($this->attachment_data[$pos]['attach_comment'], $_POST['attachment_data'][$pos]['attach_comment'], 'string', true);
 				set_var($this->attachment_data[$pos]['real_filename'], $_POST['attachment_data'][$pos]['real_filename'], 'string', true);
 				set_var($this->attachment_data[$pos]['filetime'], $_POST['attachment_data'][$pos]['filetime'], 'int');
 
@@ -1357,21 +1386,21 @@ class parse_message extends bbcode_firstpass
 		// Parse Poll Option text ;)
 		$tmp_message = $this->message;
 		$this->message = $poll['poll_option_text'];
-		$bbcode_bitfield = $this->bbcode_bitfield;
+
 
 		$poll['poll_option_text'] = $this->parse($poll['enable_bbcode'], $poll['enable_urls'], $poll['enable_smilies'], $poll['img_status'], false, false, false);
 
-		$this->bbcode_bitfield |= $bbcode_bitfield;
+
 		$this->message = $tmp_message;
 
 		// Parse Poll Title
 		$tmp_message = $this->message;
 		$this->message = $poll['poll_title'];
-		$bbcode_bitfield = $this->bbcode_bitfield;
+
 
 		$poll['poll_title'] = $this->parse($poll['enable_bbcode'], $poll['enable_urls'], $poll['enable_smilies'], $poll['img_status'], false, false, false);
 
-		$this->bbcode_bitfield |= $bbcode_bitfield;
+
 		$this->message = $tmp_message;
 
 		unset($tmp_message);

phpBB/includes/search/fulltext_mysql.php

@@ -27,8 +27,11 @@ include_once($phpbb_root_path . 'includes/search/search.' . $phpEx);
 */
 class fulltext_mysql extends search_backend
 {
-	var $stats;
-	var $word_length;
+	var $stats = array();
+	var $word_length = array();
+	var $split_words = array();
+	var $search_query;
+	var $common_words = array();
 
 	function fulltext_mysql(&$error)
 	{
@@ -98,6 +101,7 @@ class fulltext_mysql extends search_backend
 
 	/**
 	* Splits keywords entered by a user into an array of words stored in $this->split_words
+	* Stores the tidied search query in $this->search_query
 	*
 	* @param string $keywords Contains the keyword as entered by the user
 	* @param string $terms is either 'all' or 'any'
@@ -157,6 +161,8 @@ class fulltext_mysql extends search_backend
 			}
 		}
 
+		$this->search_query = implode(' ', $this->split_words);
+
 		if (sizeof($this->split_words))
 		{
 			$this->split_words = array_values($this->split_words);
@@ -306,19 +312,19 @@ class fulltext_mysql extends search_backend
 		}
 		else
 		{
-			$m_approve_fid_sql = ' AND (p.post_approved = 1 OR p.forum_id NOT IN (' . implode(', ', $m_approve_fid_ary) . '))';
+			$m_approve_fid_sql = ' AND (p.post_approved = 1 OR ' . $db->sql_in_set('p.forum_id', $m_approve_fid_ary, true) . ')';
 		}
 
 		$sql_select			= (!$result_count) ? 'SQL_CALC_FOUND_ROWS ' : '';
 		$sql_select			= ($type == 'posts') ? $sql_select . 'p.post_id' : 'DISTINCT ' . $sql_select . 't.topic_id';
 		$sql_from			= ($join_topic) ? TOPICS_TABLE . ' t, ' : '';
 		$field				= ($type == 'posts') ? 'post_id' : 'topic_id';
-		$sql_author			= (sizeof($author_ary) == 1) ? ' = ' . $author_ary[0] : 'IN (' . implode(',', $author_ary) . ')';
+		$sql_author			= (sizeof($author_ary) == 1) ? ' = ' . $author_ary[0] : 'IN (' . implode(', ', $author_ary) . ')';
 
 		$sql_where_options = $sql_sort_join;
 		$sql_where_options .= ($topic_id) ? ' AND p.topic_id = ' . $topic_id : '';
 		$sql_where_options .= ($join_topic) ? ' AND t.topic_id = p.topic_id' : '';
-		$sql_where_options .= (sizeof($ex_fid_ary)) ? ' AND p.forum_id NOT IN (' . implode(',', $ex_fid_ary) . ')' : '';
+		$sql_where_options .= (sizeof($ex_fid_ary)) ? ' AND ' . $db->sql_in_set('p.forum_id', $ex_fid_ary, true) : '';
 		$sql_where_options .= $m_approve_fid_sql;
 		$sql_where_options .= (sizeof($author_ary)) ? ' AND p.poster_id ' . $sql_author : '';
 		$sql_where_options .= ($sort_days) ? ' AND p.post_time >= ' . (time() - ($sort_days * 86400)) : '';
@@ -445,8 +451,8 @@ class fulltext_mysql extends search_backend
 		$id_ary = array();
 
 		// Create some display specific sql strings
-		$sql_author		= 'p.poster_id ' . ((sizeof($author_ary) > 1) ? 'IN (' . implode(',', $author_ary) . ')' : '= ' . $author_ary[0]);
-		$sql_fora		= (sizeof($ex_fid_ary)) ? ' AND p.forum_id NOT IN (' . implode(',', $ex_fid_ary) . ')' : '';
+		$sql_author		= $db->sql_in_set('p.poster_id', $author_ary);
+		$sql_fora		= (sizeof($ex_fid_ary)) ? ' AND ' . $db->sql_in_set('p.forum_id', $ex_fid_ary, true) : '';
 		$sql_topic_id	= ($topic_id) ? ' AND p.topic_id = ' . (int) $topic_id : '';
 		$sql_time		= ($sort_days) ? ' AND p.post_time >= ' . (time() - ($sort_days * 86400)) : '';
 
@@ -481,7 +487,7 @@ class fulltext_mysql extends search_backend
 		}
 		else
 		{
-			$m_approve_fid_sql = ' AND (p.post_approved = 1 OR p.forum_id IN (' . implode($m_approve_fid_ary) . '))';
+			$m_approve_fid_sql = ' AND (p.post_approved = 1 OR ' . $db->sql_in_set('p.forum_id', $m_approve_fid_ary, true) . ')';
 		}
 
 		// If the cache was completely empty count the results
@@ -555,7 +561,7 @@ class fulltext_mysql extends search_backend
 	*
 	* @param string $mode contains the post mode: edit, post, reply, quote ...
 	*/
-	function index($mode, $post_id, &$message, &$subject, $poster_id)
+	function index($mode, $post_id, &$message, &$subject, $encoding, $poster_id, $forum_id)
 	{
 		global $db;
 
@@ -606,7 +612,7 @@ class fulltext_mysql extends search_backend
 	/**
 	* Destroy cached results, that might be outdated after deleting a post
 	*/
-	function index_remove($post_ids, $author_ids)
+	function index_remove($post_ids, $author_ids, $forum_ids)
 	{
 		$this->destroy_cache(array(), $author_ids);
 	}
@@ -637,7 +643,7 @@ class fulltext_mysql extends search_backend
 			return $error;
 		}
 
-		if (!is_array($this->stats))
+		if (empty($this->stats))
 		{
 			$this->get_stats();
 		}
@@ -670,7 +676,7 @@ class fulltext_mysql extends search_backend
 			return $error;
 		}
 
-		if (!is_array($this->stats))
+		if (empty($this->stats))
 		{
 			$this->get_stats();
 		}
@@ -695,7 +701,7 @@ class fulltext_mysql extends search_backend
 	*/
 	function index_created()
 	{
-		if (!is_array($this->stats))
+		if (empty($this->stats))
 		{
 			$this->get_stats();
 		}
@@ -710,7 +716,7 @@ class fulltext_mysql extends search_backend
 	{
 		global $user;
 
-		if (!is_array($this->stats))
+		if (empty($this->stats))
 		{
 			$this->get_stats();
 		}

phpBB/includes/search/search.php

@@ -33,8 +33,6 @@ class search_backend
 	var $ignore_words = array();
 	var $match_synonym = array();
 	var $replace_synonym = array();
-	var $split_words = array();
-	var $common_words = array();
 
 	function search_backend(&$error)
 	{
@@ -196,7 +194,7 @@ class search_backend
 				}
 				$db->sql_freeresult($result);
 			}
-			//set_config('last_search_time', time());
+
 			$sql = 'UPDATE ' . USERS_TABLE . '
 				SET user_last_search = ' . time() . '
 				WHERE user_id = ' . $user->data['user_id'];

phpBB/includes/session.php

@@ -51,7 +51,7 @@ class session
 		// Now, remove the sid and let us get a clean query string...
 		foreach ($args as $key => $argument)
 		{
-			if (strpos($argument, 'sid=') === 0)
+			if (strpos($argument, 'sid=') === 0 || strpos($argument, '_f_=') === 0)
 			{
 				unset($args[$key]);
 				break;
@@ -67,8 +67,8 @@ class session
 		$page_name = htmlspecialchars(basename($script_name));
 
 		// current directory within the phpBB root (for example: adm)
-		$root_dirs = explode('/', str_replace('\\', '/', realpath($root_path)));
-		$page_dirs = explode('/', str_replace('\\', '/', realpath('./')));
+		$root_dirs = explode('/', str_replace('\\', '/', phpbb_realpath($root_path)));
+		$page_dirs = explode('/', str_replace('\\', '/', phpbb_realpath('./')));
 		$intersection = array_intersect_assoc($root_dirs, $page_dirs);
 
 		$root_dirs = array_diff_assoc($root_dirs, $intersection);
@@ -106,8 +106,8 @@ class session
 			'page_dir'			=> $page_dir,
 
 			'query_string'		=> $query_string,
-			'script_path'		=> htmlspecialchars($script_path),
-			'root_script_path'	=> htmlspecialchars($root_script_path),
+			'script_path'		=> str_replace(' ', '%20', htmlspecialchars($script_path)),
+			'root_script_path'	=> str_replace(' ', '%20', htmlspecialchars($root_script_path)),
 
 			'page'				=> $page
 		);
@@ -143,7 +143,8 @@ class session
 		$this->host					= (!empty($_SERVER['HTTP_HOST'])) ? (string) $_SERVER['HTTP_HOST'] : 'localhost';
 		$this->page					= $this->extract_current_page($phpbb_root_path);
 
-		$this->page['page'] .= (isset($_POST['f'])) ? ((strpos($this->page['page'], '?') !== false) ? '&' : '?') . 'f=' . intval($_POST['f']) : '';
+		// Add forum to the page for tracking online users - also adding a "x" to the end to properly identify the number
+		$this->page['page'] .= (isset($_REQUEST['f'])) ? ((strpos($this->page['page'], '?') !== false) ? '&' : '?') . '_f_=' . (int) $_REQUEST['f'] . 'x' : '';
 
 		if (isset($_COOKIE[$config['cookie_name'] . '_sid']) || isset($_COOKIE[$config['cookie_name'] . '_u']))
 		{
@@ -156,6 +157,13 @@ class session
 
 			$SID = (defined('NEED_SID')) ? '?sid=' . $this->session_id : '?sid=';
 			$_SID = (defined('NEED_SID')) ? $this->session_id : '';
+
+			if (empty($this->session_id))
+			{
+				$this->session_id = $_SID = request_var('sid', '');
+				$SID = '?sid=' . $this->session_id;
+				$this->cookie_data = array('u' => 0, 'k' => '');
+			}
 		}
 		else
 		{
@@ -171,17 +179,10 @@ class session
 		// Load limit check (if applicable)
 		if ($config['limit_load'])
 		{
-			if (@file_exists('/proc/loadavg') && @is_readable('/proc/loadavg'))
+			if ($load = @file_get_contents('/proc/loadavg'))
 			{
-				if ($load = @file_get_contents('/proc/loadavg'))
-				{
-					$this->load = array_slice(explode(' ', $load), 0, 1);
-					$this->load = floatval($this->load[0]);
-				}
-				else
-				{
-					set_config('limit_load', '0');
-				}
+				$this->load = array_slice(explode(' ', $load), 0, 1);
+				$this->load = floatval($this->load[0]);
 			}
 			else
 			{
@@ -206,7 +207,7 @@ class session
 				// Validate IP length according to admin ... enforces an IP
 				// check on bots if admin requires this
 //				$quadcheck = ($config['ip_check_bot'] && $this->data['user_type'] & USER_BOT) ? 4 : $config['ip_check'];
-
+				
 				$s_ip = implode('.', array_slice(explode('.', $this->data['session_ip']), 0, $config['ip_check']));
 				$u_ip = implode('.', array_slice(explode('.', $this->ip), 0, $config['ip_check']));
 
@@ -219,18 +220,14 @@ class session
 
 					// Check whether the session is still valid if we have one
 					$method = basename(trim($config['auth_method']));
+					include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx);
 
-					if (file_exists($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx))
+					$method = 'validate_session_' . $method;
+					if (function_exists($method))
 					{
-						include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx);
-
-						$method = 'validate_session_' . $method;
-						if (function_exists($method))
+						if (!$method($this->data))
 						{
-							if (!$method($this->data))
-							{
-								$session_expired = true;
-							}
+							$session_expired = true;
 						}
 					}
 
@@ -356,21 +353,17 @@ class session
 		}
 
 		$method = basename(trim($config['auth_method']));
+		include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx);
 
-		if (file_exists($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx))
+		$method = 'autologin_' . $method;
+		if (function_exists($method))
 		{
-			include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx);
+			$this->data = $method();
 
-			$method = 'autologin_' . $method;
-			if (function_exists($method))
+			if (sizeof($this->data))
 			{
-				$this->data = $method();
-
-				if (sizeof($this->data))
-				{
-					$this->cookie_data['k'] = '';
-					$this->cookie_data['u'] = $this->data['user_id'];
-				}
+				$this->cookie_data['k'] = '';
+				$this->cookie_data['u'] = $this->data['user_id'];
 			}
 		}
 
@@ -420,7 +413,7 @@ class session
 			$db->sql_freeresult($result);
 		}
 
-		if ($this->data['user_id'] != ANONYMOUS)
+		if ($this->data['user_id'] != ANONYMOUS && !$bot)
 		{
 			$this->data['session_last_visit'] = (isset($this->data['session_time']) && $this->data['session_time']) ? $this->data['session_time'] : (($this->data['user_lastvisit']) ? $this->data['user_lastvisit'] : time());
 		}
@@ -437,7 +430,7 @@ class session
 		// @todo Change to !$this->data['user_type'] & USER_FOUNDER && !$this->data['user_type'] & USER_BOT in time
 		if ($this->data['user_type'] != USER_FOUNDER)
 		{
-			$this->check_ban();
+			$this->check_ban($this->data['user_id'], $this->ip);
 		}
 
 		//
@@ -470,8 +463,10 @@ class session
 
 		$db->sql_return_on_error(true);
 
-		$sql = 'UPDATE ' . SESSIONS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
-			WHERE session_id = '" . $db->sql_escape($this->session_id) . "'";
+		$sql = 'DELETE
+			FROM ' . SESSIONS_TABLE . '
+			WHERE session_id = \'' . $db->sql_escape($this->session_id) . '\'
+				AND session_user_id = ' . ANONYMOUS;
 
 		if (!$this->session_id || !$db->sql_query($sql) || !$db->sql_affectedrows())
 		{
@@ -490,15 +485,16 @@ class session
 					trigger_error('BOARD_UNAVAILABLE');
 				}
 			}
-
-			$this->session_id = $this->data['session_id'] = md5(unique_id());
-
-			$sql_ary['session_id'] = (string) $this->session_id;
-			$sql_ary['session_page'] = (string) substr($this->page['page'], 0, 199);
-
-			$sql = 'INSERT INTO ' . SESSIONS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
-			$db->sql_query($sql);
 		}
+
+		$this->session_id = $this->data['session_id'] = md5(unique_id());
+
+		$sql_ary['session_id'] = (string) $this->session_id;
+		$sql_ary['session_page'] = (string) substr($this->page['page'], 0, 199);
+
+		$sql = 'INSERT INTO ' . SESSIONS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
+		$db->sql_query($sql);
+
 		$db->sql_return_on_error(false);
 
 		// Regenerate autologin/persistent login key
@@ -507,8 +503,8 @@ class session
 			$this->set_login_key();
 		}
 
-		$SID = '?sid=';
-		$_SID = '';
+		$SID = '?sid=' . $this->session_id;
+		$_SID = $this->session_id;
 
 		if (!$bot)
 		{
@@ -518,9 +514,6 @@ class session
 			$this->set_cookie('k', $this->cookie_data['k'], $cookie_expire);
 			$this->set_cookie('sid', $this->session_id, $cookie_expire);
 
-			$SID = '?sid=' . $this->session_id;
-			$_SID = $this->session_id;
-
 			unset($cookie_expire);
 		}
 
@@ -546,16 +539,12 @@ class session
 
 		// Allow connecting logout with external auth method logout
 		$method = basename(trim($config['auth_method']));
+		include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx);
 
-		if (file_exists($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx))
+		$method = 'logout_' . $method;
+		if (function_exists($method))
 		{
-			include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx);
-
-			$method = 'logout_' . $method;
-			if (function_exists($method))
-			{
-				$method($this->data);
-			}
+			$method($this->data);
 		}
 
 		if ($this->data['user_id'] != ANONYMOUS)
@@ -657,7 +646,7 @@ class session
 					WHERE session_time < ' . (int) ($this->time_now - $config['session_length']);
 				$db->sql_query($sql);
 
-				set_config('session_last_gc', $this->time_now);
+				set_config('session_last_gc', $this->time_now, true);
 			break;
 
 			default:
@@ -669,33 +658,30 @@ class session
 					GROUP BY session_user_id, session_page';
 				$result = $db->sql_query_limit($sql, 5);
 
-				$del_user_id = '';
+				$del_user_id = array();
 				$del_sessions = 0;
-				if ($row = $db->sql_fetchrow($result))
-				{
-					do
-					{
-						if ($row['session_user_id'] != ANONYMOUS)
-						{
-							$sql = 'UPDATE ' . USERS_TABLE . '
-								SET user_lastvisit = ' . $row['recent_time'] . ", user_lastpage = '" . $db->sql_escape($row['session_page']) . "'
-								WHERE user_id = " . $row['session_user_id'];
-							$db->sql_query($sql);
-						}
 
-						$del_user_id .= (($del_user_id != '') ? ', ' : '') . (int) $row['session_user_id'];
-						$del_sessions++;
+				while ($row = $db->sql_fetchrow($result));
+				{
+					if ($row['session_user_id'] != ANONYMOUS)
+					{
+						$sql = 'UPDATE ' . USERS_TABLE . '
+							SET user_lastvisit = ' . (int) $row['recent_time'] . ", user_lastpage = '" . $db->sql_escape($row['session_page']) . "'
+							WHERE user_id = " . (int) $row['session_user_id'];
+						$db->sql_query($sql);
 					}
-					while ($row = $db->sql_fetchrow($result));
+
+					$del_user_id[] = (int) $row['session_user_id'];
+					$del_sessions++;
 				}
 				$db->sql_freeresult($result);
 
-				if ($del_user_id)
+				if (sizeof($del_user_id))
 				{
 					// Delete expired sessions
-					$sql = 'DELETE FROM ' . SESSIONS_TABLE . "
-						WHERE session_user_id IN ($del_user_id)
-							AND session_time < " . ($this->time_now - $config['session_length']);
+					$sql = 'DELETE FROM ' . SESSIONS_TABLE . '
+						WHERE ' . $db->sql_in_set('session_user_id', $del_user_id) . '
+							AND session_time < ' . ($this->time_now - $config['session_length']);
 					$db->sql_query($sql);
 				}
 
@@ -755,16 +741,44 @@ class session
 	{
 		global $config, $db;
 
-		$user_id = ($user_id === false) ? $this->data['user_id'] : $user_id;
-		$user_ip = ($user_ip === false) ? $this->ip : $user_ip;
-		$user_email = ($user_email === false) ? $this->data['user_email'] : $user_email;
-
 		$banned = false;
 
 		$sql = 'SELECT ban_ip, ban_userid, ban_email, ban_exclude, ban_give_reason, ban_end
 			FROM ' . BANLIST_TABLE . '
-			WHERE ban_end >= ' . time() . '
-				OR ban_end = 0';
+			WHERE (ban_end >= ' . time() . ' OR ban_end = 0)';
+
+		// Determine which entries to check, only return those
+		if ($user_email === false)
+		{
+			$sql .= " AND ban_email = ''";
+		}
+
+		if ($user_ip === false)
+		{
+			$sql .= " AND (ban_ip = '' OR (ban_ip <> '' AND ban_exclude = 1))";
+		}
+
+		if ($user_id === false)
+		{
+			$sql .= ' AND (ban_userid = 0 OR (ban_userid <> 0 AND ban_exclude = 1))';
+		}
+		else
+		{
+			$sql .= ' AND (ban_userid = ' . $user_id;
+
+			if ($user_email !== false)
+			{
+				$sql .= " OR ban_email <> ''";
+			}
+
+			if ($user_ip !== false)
+			{
+				$sql .= " OR ban_ip <> ''";
+			}
+
+			$sql .= ')';
+		}
+
 		$result = $db->sql_query($sql);
 
 		while ($row = $db->sql_fetchrow($result))
@@ -1066,8 +1080,33 @@ class user extends session
 		{
 			$this->theme['theme_storedb'] = 1;
 
+			$stylesheet = file_get_contents("{$phpbb_root_path}styles/{$this->theme['theme_path']}/theme/stylesheet.css");
+			// Match CSS imports
+			$matches = array();
+			preg_match_all('/@import url\(["\'](.*)["\']\);/i', $stylesheet, $matches);
+	
+			if (sizeof($matches))
+			{
+				$content = '';
+				foreach ($matches[0] as $idx => $match)
+				{
+					if ($content = @file_get_contents("{$phpbb_root_path}styles/{$this->theme['theme_path']}/theme/" . $matches[1][$idx]))
+					{
+						$content = trim($content);
+					}
+					else
+					{
+						$content = '';
+					}
+					$stylesheet = str_replace($match, $content, $stylesheet);
+				}
+				unset ($content);
+			}
+
+			$stylesheet = str_replace('./', 'styles/' . $this->theme['theme_path'] . '/theme/', $stylesheet);
+
 			$sql_ary = array(
-				'theme_data'	=> implode('', file("{$phpbb_root_path}styles/" . $this->theme['theme_path'] . '/theme/stylesheet.css')),
+				'theme_data'	=> $stylesheet,
 				'theme_mtime'	=> time(),
 				'theme_storedb'	=> 1
 			);
@@ -1102,9 +1141,9 @@ class user extends session
 
 		// Does the user need to change their password? If so, redirect to the
 		// ucp profile reg_details page ... of course do not redirect if we're already in the ucp
-		if (!defined('IN_ADMIN') && $config['chg_passforce'] && $this->data['user_passchg'] < time() - ($config['chg_passforce'] * 86400))
+		if (!defined('IN_ADMIN') && $config['chg_passforce'] && $this->data['is_registered'] && $this->data['user_passchg'] < time() - ($config['chg_passforce'] * 86400))
 		{
-			if (strpos($this->page['query_string'], 'mode=reg_details') !== false && $this->page['page_name'] == "ucp.$phpEx")
+			if (strpos($this->page['query_string'], 'mode=reg_details') === false && $this->page['page_name'] != "ucp.$phpEx")
 			{
 				redirect(append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=profile&amp;mode=reg_details'));
 			}
@@ -1205,17 +1244,18 @@ class user extends session
 	*/
 	function format_date($gmepoch, $format = false, $forcedate = false)
 	{
-		static $lang_dates, $midnight;
+		static $midnight;
 
-		if (empty($lang_dates))
+		$lang_dates = $this->lang['datetime'];
+		$format = (!$format) ? $this->date_format : $format;
+
+		// Short representation of month in format
+		if ((strpos($format, '\M') === false && strpos($format, 'M') !== false) || (strpos($format, '\r') === false && strpos($format, 'r') !== false))
 		{
-			foreach ($this->lang['datetime'] as $match => $replace)
-			{
-				$lang_dates[$match] = $replace;
-			}
+			$lang_dates['May'] = $lang_dates['May_short'];
 		}
 
-		$format = (!$format) ? $this->date_format : $format;
+		unset($lang_dates['May_short']);
 
 		if (!$midnight)
 		{