This commit was manufactured by cvs2svn to create tag

'release_3_0_RC4'.

git-svn-id: file:///svn/phpbb/tags/release_3_0_RC4@7975 89ea8834-ac86-4346-8a33-228a782c2dd0

phpBB/adm/index.php

@@ -15,7 +15,7 @@ define('ADMIN_START', true);
 define('NEED_SID', true);
 
 // Include files
-$phpbb_root_path = './../';
+$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './../';
 $phpEx = substr(strrchr(__FILE__, '.'), 1);
 require($phpbb_root_path . 'common.' . $phpEx);
 require($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
@@ -27,12 +27,6 @@ $auth->acl($user->data);
 $user->setup('acp/common');
 // End session management
 
-// Did user forget to login? Give 'em a chance to here ...
-if ($user->data['user_id'] == ANONYMOUS)
-{
-	login_box('', $user->lang['LOGIN_ADMIN'], $user->lang['LOGIN_ADMIN_SUCCESS'], true);
-}
-
 // Have they authenticated (again) as an admin for this session?
 if (!isset($user->data['session_admin']) || !$user->data['session_admin'])
 {
@@ -43,7 +37,7 @@ if (!isset($user->data['session_admin']) || !$user->data['session_admin'])
 // check specific permissions but this is a catchall
 if (!$auth->acl_get('a_'))
 {
-	trigger_error($user->lang['NO_ADMIN']);
+	trigger_error('NO_ADMIN');
 }
 
 // We define the admin variables now, because the user is now able to use the admin related features...
@@ -147,6 +141,8 @@ function adm_page_header($page_title)
 		'S_USER_LANG'			=> $user->lang['USER_LANG'],
 		'S_CONTENT_DIRECTION'	=> $user->lang['DIRECTION'],
 		'S_CONTENT_ENCODING'	=> 'UTF-8',
+		'S_CONTENT_FLOW_BEGIN'	=> ($user->lang['DIRECTION'] == 'ltr') ? 'left' : 'right',
+		'S_CONTENT_FLOW_END'	=> ($user->lang['DIRECTION'] == 'ltr') ? 'right' : 'left',
 	));
 
 	// application/xhtml+xml not used because of IE

phpBB/adm/style/acp_attachments.html

@@ -3,7 +3,7 @@
 <a name="maincontent"></a>
 
 <!-- IF U_BACK -->
-	<a href="{U_BACK}" style="float: right">&laquo; {L_BACK}</a>
+	<a href="{U_BACK}" style="float: {S_CONTENT_FLOW_END};">&laquo; {L_BACK}</a>
 <!-- ENDIF -->
 
 <h1>{L_TITLE}</h1>

phpBB/adm/style/acp_ban.html

@@ -71,14 +71,19 @@
 	<input class="button1" type="submit" id="bansubmit" name="bansubmit" value="{L_SUBMIT}" />&nbsp;
 	<input class="button2" type="reset" id="banreset" name="banreset" value="{L_RESET}" />
 </p>
+
 </fieldset>
 
+</form>
+
 <br /><br />
 
 <h1>{L_UNBAN_TITLE}</h1>
 
 <p>{L_UNBAN_EXPLAIN}</p>
 
+<form id="acp_unban" method="post" action="{U_ACTION}">
+
 <fieldset>
 	<legend>{L_UNBAN_TITLE}</legend>
 

phpBB/adm/style/acp_bbcodes.html

@@ -4,7 +4,7 @@
 
 <!-- IF S_EDIT_BBCODE -->
 
-	<a href="{U_BACK}" style="float: right">&laquo; {L_BACK}</a>
+	<a href="{U_BACK}" style="float: {S_CONTENT_FLOW_END};">&laquo; {L_BACK}</a>
 
 	<h1>{L_ACP_BBCODES}</h1>
 

phpBB/adm/style/acp_board.html

@@ -37,12 +37,12 @@
 		{auth_tpl.TPL}
 	<!-- END auth_tpl -->
 <!-- ENDIF -->
-</fieldset>
 
-<fieldset class="submit-buttons">
-	<legend>{L_SUBMIT}</legend>
-	<input class="button1" type="submit" id="submit" name="submit" value="{L_SUBMIT}" />&nbsp;
-	<input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" />
+	<p class="submit-buttons">
+		<input class="button1" type="submit" id="submit" name="submit" value="{L_SUBMIT}" />&nbsp;
+		<input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" />
+	</p>
+
 </fieldset>
 
 </form>

phpBB/adm/style/acp_bots.html

@@ -4,7 +4,7 @@
 
 <!-- IF S_EDIT_BOT -->
 
-	<a href="{U_BACK}" style="float: right">&laquo; {L_BACK}</a>
+	<a href="{U_BACK}" style="float: {S_CONTENT_FLOW_END};">&laquo; {L_BACK}</a>
 
 	<h1>{L_TITLE}</h1>
 
@@ -85,11 +85,11 @@
 	</tbody>
 	</table>
 
-	<fieldset class="quick" style="float: left;">
+	<fieldset class="quick" style="float: {S_CONTENT_FLOW_BEGIN};">
 		<input class="button2" name="add" type="submit" value="{L_BOT_ADD}" />
 	</fieldset>
 
-	<fieldset class="quick" style="float: right;">
+	<fieldset class="quick" style="float: {S_CONTENT_FLOW_END};">
 		<select name="action">{S_BOT_OPTIONS}</select>
 		<input class="button2" name="submit" type="submit" value="{L_SUBMIT}" />
 		<p class="small"><a href="#" onclick="marklist('acp_bots', 'mark', true);">{L_MARK_ALL}</a> &bull; <a href="#" onclick="marklist('acp_bots', 'mark', false);">{L_UNMARK_ALL}</a></p>

phpBB/adm/style/acp_forums.html

@@ -95,7 +95,7 @@
 	//-->
 	</script>
 
-	<a href="{U_BACK}" style="float: right">&laquo; {L_BACK}</a>
+	<a href="{U_BACK}" style="float: {S_CONTENT_FLOW_END};">&laquo; {L_BACK}</a>
 
 	<h1>{L_TITLE} :: {FORUM_NAME}</h1>
 
@@ -120,8 +120,8 @@
 	<div id="type_actions">
 		<dl>
 			<dt><label for="type_action">{L_DECIDE_MOVE_DELETE_CONTENT}:</label></dt>
-			<dd><label><input type="radio" class="radio" id="type_action" name="type_action" value="delete" checked="checked" /> {L_DELETE_ALL_POSTS}</label></dd>
-			<!-- IF S_MOVE_FORUM_OPTIONS --><dd><label><input type="radio" class="radio" name="type_action" value="move" /> {L_MOVE_POSTS_TO}</label> <select name="to_forum_id">{S_MOVE_FORUM_OPTIONS}</select></dd><!-- ENDIF -->
+			<dd><label><input type="radio" class="radio" name="type_action" value="delete"<!-- IF not S_MOVE_FORUM_OPTIONS --> checked="checked" id="type_action"<!-- ENDIF --> /> {L_DELETE_ALL_POSTS}</label></dd>
+			<!-- IF S_MOVE_FORUM_OPTIONS --><dd><label><input type="radio" class="radio" name="type_action" id="type_action" value="move" checked="checked" /> {L_MOVE_POSTS_TO}</label> <select name="to_forum_id">{S_MOVE_FORUM_OPTIONS}</select></dd><!-- ENDIF -->
 		</dl>
 	</div>
 	<!-- ENDIF -->
@@ -316,7 +316,7 @@
 
 <!-- ELSEIF S_DELETE_FORUM -->
 
-	<a href="{U_BACK}" style="float: right">&laquo; {L_BACK}</a>
+	<a href="{U_BACK}" style="float: {S_CONTENT_FLOW_END};">&laquo; {L_BACK}</a>
 
 	<h1>{L_FORUM_DELETE}</h1>
 
@@ -431,7 +431,7 @@
 			<tr>
 				<td style="width: 5%; text-align: center;">{forums.FOLDER_IMAGE}</td>
 				<td>
-					<!-- IF forums.FORUM_IMAGE --><div style="float: left; margin-right: 5px;">{forums.FORUM_IMAGE}</div><!-- ENDIF -->
+					<!-- IF forums.FORUM_IMAGE --><div style="float: {S_CONTENT_FLOW_BEGIN}; margin-right: 5px;">{forums.FORUM_IMAGE}</div><!-- ENDIF -->
 					<strong><!-- IF forums.S_FORUM_LINK -->{forums.FORUM_NAME}<!-- ELSE --><a href="{forums.U_FORUM}">{forums.FORUM_NAME}</a><!-- ENDIF --></strong>
 					<!-- IF forums.FORUM_DESCRIPTION --><br /><span>{forums.FORUM_DESCRIPTION}</span><!-- ENDIF -->
 					<!-- IF forums.S_FORUM_POST --><br /><br /><span>{L_TOPICS}: <strong>{forums.FORUM_TOPICS}</strong> / {L_POSTS}: <b>{forums.FORUM_POSTS}</b></span><!-- ENDIF -->

phpBB/adm/style/acp_groups.html

@@ -4,7 +4,7 @@
 
 <!-- IF S_EDIT -->
 
-	<a href="{U_BACK}" style="float: right">&laquo; {L_BACK}</a>
+	<a href="{U_BACK}" style="float: {S_CONTENT_FLOW_END};">&laquo; {L_BACK}</a>
 
 	<h1>{L_ACP_GROUPS_MANAGE}</h1>
 
@@ -160,7 +160,7 @@
 
 <!-- ELSEIF S_LIST -->
 
-	<a href="{U_BACK}" style="float: right">&laquo; {L_BACK}</a>
+	<a href="{U_BACK}" style="float: {S_CONTENT_FLOW_END};">&laquo; {L_BACK}</a>
 
 	<h1>{L_GROUP_MEMBERS} :: {GROUP_NAME}</h1>
 

phpBB/adm/style/acp_icons.html

@@ -41,7 +41,7 @@
 		</script>
 	<!-- ENDIF -->
 
-	<a href="{U_BACK}" style="float: right">&laquo; {L_BACK}</a>
+	<a href="{U_BACK}" style="float: {S_CONTENT_FLOW_END};">&laquo; {L_BACK}</a>
 
 	<h1>{L_TITLE}</h1>
 
@@ -137,7 +137,7 @@
 
 <!-- ELSEIF S_CHOOSE_PAK -->
 
-	<a href="{U_BACK}" style="float: right">&laquo; {L_BACK}</a>
+	<a href="{U_BACK}" style="float: {S_CONTENT_FLOW_END};">&laquo; {L_BACK}</a>
 
 	<h1>{L_TITLE}</h1>
 

phpBB/adm/style/acp_language.html

@@ -4,7 +4,7 @@
 
 <!-- IF S_SELECT_METHOD -->
 
-	<a href="{U_BACK}" style="float: right">&laquo; {L_BACK}</a>
+	<a href="{U_BACK}" style="float: {S_CONTENT_FLOW_END};">&laquo; {L_BACK}</a>
 
 	<h1>{L_SELECT_DOWNLOAD_FORMAT}</h1>
 
@@ -26,7 +26,7 @@
 
 <!-- ELSEIF S_DETAILS -->
 
-	<a href="{U_BACK}" style="float: right">&laquo; {L_BACK}</a>
+	<a href="{U_BACK}" style="float: {S_CONTENT_FLOW_END};">&laquo; {L_BACK}</a>
 
 	<h1>{L_LANGUAGE_PACK_DETAILS}</h1>
 
@@ -107,12 +107,12 @@
 	<form id="lang_entries" method="post" action="{U_ENTRY_ACTION}">
 
 	<!-- IF S_FROM_STORE -->
-		<fieldset class="quick" style="float: left;">
+		<fieldset class="quick" style="float: {S_CONTENT_FLOW_BEGIN};">
 			<input type="submit" name="remove_store" value="{L_REMOVE_FROM_STORAGE_FOLDER}" class="button2" /> 
 		</fieldset>
 	<!-- ENDIF -->
 
-	<fieldset class="quick" style="float: right;">
+	<fieldset class="quick" style="float: {S_CONTENT_FLOW_END};">
 		<select name="language_file">{S_LANG_OPTIONS}</select>&nbsp;<input type="submit" class="button2" name="change" value="{L_SELECT}" />
 	</fieldset>
 
@@ -166,7 +166,7 @@
 
 <!-- ELSEIF S_UPLOAD -->
 
-	<a href="{U_BACK}" style="float: right">&laquo; {L_BACK}</a>
+	<a href="{U_BACK}" style="float: {S_CONTENT_FLOW_END};">&laquo; {L_BACK}</a>
 
 	<h1>{L_UPLOAD_SETTINGS}</h1>
 

phpBB/adm/style/acp_logs.html

@@ -72,8 +72,8 @@
 
 <!-- IF S_CLEARLOGS -->
 	<fieldset class="quick">
-		<input class="button2" type="submit" name="delmarked" value="{L_DELETE_MARKED}" />&nbsp;
-		<input class="button2" type="submit" name="delall" value="{L_DELETE_ALL}" /><br />
+		<input class="button2" type="submit" name="delall" value="{L_DELETE_ALL}" />&nbsp;
+		<input class="button2" type="submit" name="delmarked" value="{L_DELETE_MARKED}" /><br />
 		<p class="small"><a href="#" onclick="marklist('list', 'mark', true); return false;">{L_MARK_ALL}</a> &bull; <a href="#" onclick="marklist('list', 'mark', false); return false;">{L_UNMARK_ALL}</a></p>
 	</fieldset>
 <!-- ENDIF -->

phpBB/adm/style/acp_main.html

@@ -77,14 +77,17 @@
 		<td>{L_GZIP_COMPRESSION}: </td>
 		<td><strong>{GZIP_COMPRESSION}</strong></td>
 	</tr>
-	<!-- IF S_TOTAL_ORPHAN -->
 	<tr>
-		<td>&nbsp;</td>
-		<td>&nbsp;</td>
+		<td>{L_BOARD_VERSION}: </td>
+		<td><strong>{BOARD_VERSION}</strong></td>
+	<!-- IF S_TOTAL_ORPHAN -->
 		<td>{L_NUMBER_ORPHAN}: </td>
 		<td><strong>{TOTAL_ORPHAN}</strong></td>
-	</tr>
+	<!-- ELSE -->
+		<td>&nbsp;</td>
+		<td>&nbsp;</td>
 	<!-- ENDIF -->
+	</tr>
 	</tbody>
 	</table>
 

phpBB/adm/style/acp_modules.html

@@ -55,7 +55,7 @@
 	//-->
 	</script>
 
-	<a href="{U_BACK}" style="float: right">&laquo; {L_BACK}</a>
+	<a href="{U_BACK}" style="float: {S_CONTENT_FLOW_END};">&laquo; {L_BACK}</a>
 
 	<h1>{L_TITLE} :: {MODULENAME}</h1>
 
@@ -177,7 +177,7 @@
 
 	<form id="quick" method="post" action="{U_ACTION}">
 
-	<fieldset class="quick" style="float: right;">
+	<fieldset class="quick" style="float: {S_CONTENT_FLOW_END};">
 		<input type="hidden" name="action" value="quickadd" />
 
 		<select name="quick_install">{S_INSTALL_OPTIONS}</select>
@@ -188,7 +188,7 @@
 
 	<form id="module" method="post" action="{U_ACTION}">
 
-	<fieldset class="quick" style="float: left;">
+	<fieldset class="quick" style="float: {S_CONTENT_FLOW_BEGIN};">
 		<input type="hidden" name="action" value="add" />
 		<input type="hidden" name="module_parent_id" value="{PARENT_ID}" />
 
@@ -198,7 +198,7 @@
 
 	</form>
 
-	<div class="clearfix">&nbsp;</div>
+	<div class="clearfix">&nbsp;</div><br style="clear: both;" />
 	
 	<form id="mselect" method="post" action="{U_SEL_ACTION}">
 	<fieldset class="quick">

phpBB/adm/style/acp_permission_roles.html

@@ -22,7 +22,7 @@
 
 	<script type="text/javascript" src="style/permissions.js"></script>
 
-	<a href="{U_BACK}" style="float: right">&laquo; {L_BACK}</a>
+	<a href="{U_BACK}" style="float: {S_CONTENT_FLOW_END};">&laquo; {L_BACK}</a>
 
 	<h1>{L_TITLE}</h1>
 

phpBB/adm/style/acp_permissions.html

@@ -108,7 +108,7 @@
 
 		<!-- ELSEIF S_SELECT_USERGROUP -->
 
-		<div style="float: left; width: 48%;">
+		<div style="float: {S_CONTENT_FLOW_BEGIN}; width: 48%;">
 
 		<!-- IF S_CAN_SELECT_USER -->
 
@@ -138,7 +138,7 @@
 				<p>{L_USERNAMES_EXPLAIN}</p>
 			<dl>
 				<dd class="full"><textarea id="username" name="usernames" rows="5" cols="5" style="width: 100%; height: 60px;"></textarea></dd>
-				<dd class="full" style="text-align: left;"><div style="float: right;">[ <a href="{U_FIND_USERNAME}" onclick="find_username(); return false;">{L_FIND_USERNAME}</a> ]</div><label><input type="checkbox" class="radio" id="anonymous" name="user_id[]" value="{ANONYMOUS_USER_ID}" /> {L_SELECT_ANONYMOUS}</label></dd>
+				<dd class="full" style="text-align: left;"><div style="float: {S_CONTENT_FLOW_END};">[ <a href="{U_FIND_USERNAME}" onclick="find_username(); return false;">{L_FIND_USERNAME}</a> ]</div><label><input type="checkbox" class="radio" id="anonymous" name="user_id[]" value="{ANONYMOUS_USER_ID}" /> {L_SELECT_ANONYMOUS}</label></dd>
 			</dl>
 			</fieldset>
 
@@ -153,7 +153,7 @@
 
 		</div>
 
-		<div style="float: right; width: 48%">
+		<div style="float: {S_CONTENT_FLOW_END}; width: 48%">
 			
 		<!-- IF S_CAN_SELECT_GROUP -->
 
@@ -198,7 +198,7 @@
 
 	<!-- ELSEIF S_SELECT_USERGROUP_VIEW -->
 
-		<div style="float: left; width: 48%;">
+		<div style="float: {S_CONTENT_FLOW_BEGIN}; width: 48%;">
 		
 			<h1>{L_USERS}</h1>
 
@@ -239,7 +239,7 @@
 
 		</div>
 
-		<div style="float: right; width: 48%">
+		<div style="float: {S_CONTENT_FLOW_END}; width: 48%">
 			
 			<h1>{L_USERGROUPS}</h1>
 
@@ -305,14 +305,14 @@
 
 	<br />
 
-	<fieldset class="quick" style="float: right;">
+	<fieldset class="quick" style="float: {S_CONTENT_FLOW_END};">
 		<strong>&raquo; {L_PERMISSION_TYPE}</strong>
 	</fieldset>
 
 	<!-- IF S_PERMISSION_DROPDOWN -->
 		<form id="pselect" method="post" action="{U_ACTION}">
 	
-		<fieldset class="quick" style="float: left;">
+		<fieldset class="quick" style="float: {S_CONTENT_FLOW_BEGIN};">
 			{S_HIDDEN_FIELDS}
 			{L_SELECT_TYPE}: <select name="type">{S_PERMISSION_DROPDOWN}</select> 
 
@@ -340,7 +340,7 @@
 
 	<br /><br />
 
-	<fieldset class="quick" style="float: right;">
+	<fieldset class="quick" style="float: {S_CONTENT_FLOW_END};">
 		<input class="button1" type="submit" name="action[apply_all_permissions]" value="{L_APPLY_ALL_PERMISSIONS}" />
 		<input class="button2" type="button" name="cancel" value="{L_RESET}" onclick="document.forms['set-permissions'].reset(); init_colours(active_pmask + active_fmask);" />
 	</fieldset>

phpBB/adm/style/acp_php_info.html

@@ -6,7 +6,7 @@
 
 <p>{L_ACP_PHP_INFO_EXPLAIN}</p>
 
-<div style="overflow: auto; width: 99%;">
+<div class="phpinfo">
 	{PHPINFO}
 </div>
 

phpBB/adm/style/acp_profile.html

@@ -4,7 +4,7 @@
 
 <!-- IF S_EDIT -->
 
-	<a href="{U_BACK}" style="float: right">&laquo; {L_BACK}</a>
+	<a href="{U_BACK}" style="float: {S_CONTENT_FLOW_END};">&laquo; {L_BACK}</a>
 
 	<h1>{L_TITLE}</h1>
 
@@ -123,11 +123,11 @@
 		<!-- END option -->
 		</fieldset>
 
-		<fieldset class="quick" style="float: left;">
+		<fieldset class="quick" style="float: {S_CONTENT_FLOW_BEGIN};">
 			<input class="button1" type="submit" name="prev" value="{L_PROFILE_BASIC_OPTIONS}" />
 		</fieldset>
 		
-		<fieldset class="quick" style="float: right">
+		<fieldset class="quick" style="float: {S_CONTENT_FLOW_END};">
 			{S_HIDDEN_FIELDS}
 			<input class="button1" type="submit" name="next" value="{L_NEXT_STEP}" />
 		</fieldset>
@@ -146,11 +146,11 @@
 			</fieldset>
 		<!-- END options -->
 
-		<fieldset class="quick" style="float: left;">
+		<fieldset class="quick" style="float: {S_CONTENT_FLOW_BEGIN};">
 			<input class="button1" type="submit" name="prev" value="{L_PROFILE_TYPE_OPTIONS}" />
 		</fieldset>
 		
-		<fieldset class="quick" style="float: right;">
+		<fieldset class="quick" style="float: {S_CONTENT_FLOW_END};">
 			{S_HIDDEN_FIELDS}
 			<input class="button1" type="submit" name="save" value="{L_SAVE}" />
 		</fieldset>

phpBB/adm/style/acp_prune_forums.html

@@ -44,7 +44,7 @@
 		<p>{L_LOOK_UP_FORUMS_EXPLAIN}</p>
 	<dl>
 		<dt><label for="forum">{L_LOOK_UP_FORUM}:</label></dt>
-		<dd><select name="f[]" multiple="multiple" size="5">{S_FORUM_OPTIONS}</select></dd>
+		<dd><select name="f[]" multiple="multiple" size="10">{S_FORUM_OPTIONS}</select></dd>
 		<dd><label><input type="checkbox" class="radio" name="all_forums" value="1" /> {L_ALL_FORUMS}</label></dd>
 	</dl>
 	
@@ -57,7 +57,7 @@
 
 <!-- ELSE -->
 
-	<a href="{U_BACK}" style="float: right">&laquo; {L_BACK}</a>
+	<a href="{U_BACK}" style="float: {S_CONTENT_FLOW_END};">&laquo; {L_BACK}</a>
 
 	<h1>{L_ACP_PRUNE_FORUMS}</h1>
 

phpBB/adm/style/acp_ranks.html

@@ -4,7 +4,7 @@
 
 <!-- IF S_EDIT -->
 
-	<a href="{U_BACK}" style="float: right">&laquo; {L_BACK}</a>
+	<a href="{U_BACK}" style="float: {S_CONTENT_FLOW_END};">&laquo; {L_BACK}</a>
 
 	<script type="text/javascript">
 	<!--

phpBB/adm/style/acp_reasons.html

@@ -4,7 +4,7 @@
 
 <!-- IF S_EDIT_REASON -->
 
-	<a href="{U_BACK}" style="float: right">&laquo; {L_BACK}</a>
+	<a href="{U_BACK}" style="float: {S_CONTENT_FLOW_END};">&laquo; {L_BACK}</a>
 
 	<h1>{L_TITLE}</h1>
 
@@ -40,7 +40,7 @@
 	<!-- ENDIF -->
 	<dl>
 		<dt><label for="reason_description">{L_REASON_DESCRIPTION}:</label></dt>
-		<dd><textarea name="reason_description" id="reason_description" rows="8">{REASON_DESCRIPTION}</textarea></dd>
+		<dd><textarea name="reason_description" id="reason_description" rows="8" cols="80">{REASON_DESCRIPTION}</textarea></dd>
 	</dl>
 	<!-- IF S_TRANSLATED -->
 	<dl>
@@ -81,7 +81,7 @@
 		<!-- BEGIN reasons -->
 			<tr>
 				<td>
-					<i style="float: right; font-size: .9em;"><!-- IF reasons.S_TRANSLATED -->{L_IS_TRANSLATED}<!-- ELSE -->{L_IS_NOT_TRANSLATED}<!-- ENDIF --></i>
+					<i style="float: {S_CONTENT_FLOW_END}; font-size: .9em;"><!-- IF reasons.S_TRANSLATED -->{L_IS_TRANSLATED}<!-- ELSE -->{L_IS_NOT_TRANSLATED}<!-- ENDIF --></i>
 					<strong>{reasons.REASON_TITLE}<!-- IF reasons.S_OTHER_REASON --> *<!-- ENDIF --></strong>
 					<br /><span>{reasons.REASON_DESCRIPTION}</span>
 				</td>

phpBB/adm/style/acp_styles.html

@@ -4,7 +4,7 @@
 
 <!-- IF S_DELETE -->
 
-	<a href="{U_BACK}" style="float: right">&laquo; {L_BACK}</a>
+	<a href="{U_BACK}" style="float: {S_CONTENT_FLOW_END};">&laquo; {L_BACK}</a>
 
 	<h1>{L_TITLE}</h1>
 
@@ -32,7 +32,7 @@
 
 <!-- ELSEIF S_EDIT_IMAGESET -->
 
-	<a href="{U_BACK}" style="float: right">&laquo; {L_BACK}</a>
+	<a href="{U_BACK}" style="float: {S_CONTENT_FLOW_END};">&laquo; {L_BACK}</a>
 
 	<h1>{L_TITLE}</h1>
 
@@ -180,7 +180,7 @@
 	//-->
 	</script>
 
-	<a href="{U_BACK}" style="float: right">&laquo; {L_BACK}</a>
+	<a href="{U_BACK}" style="float: {S_CONTENT_FLOW_END};">&laquo; {L_BACK}</a>
 
 	<h1>{L_EDIT}</h1>
 
@@ -280,7 +280,7 @@
 	//-->
 	</script>
 
-	<a href="{U_BACK}" style="float: right">&laquo; {L_BACK}</a>
+	<a href="{U_BACK}" style="float: {S_CONTENT_FLOW_END};">&laquo; {L_BACK}</a>
 	
 	<h1>{L_TEMPLATE_CACHE}</h1>
 	
@@ -328,7 +328,7 @@
 
 <!-- ELSEIF S_EXPORT -->
 
-	<a href="{U_BACK}" style="float: right">&laquo; {L_BACK}</a>
+	<a href="{U_BACK}" style="float: {S_CONTENT_FLOW_END};">&laquo; {L_BACK}</a>
 
 	<h1>{L_TITLE}</h1>
 
@@ -455,7 +455,7 @@
 
 <!-- ELSEIF S_DETAILS -->
 
-	<a href="{U_BACK}" style="float: right">&laquo; {L_BACK}</a>
+	<a href="{U_BACK}" style="float: {S_CONTENT_FLOW_END};">&laquo; {L_BACK}</a>
 
 	<h1>{L_TITLE}</h1>
 

phpBB/adm/style/acp_users.html

@@ -28,7 +28,7 @@
 
 <!-- ELSEIF S_SELECT_FORUM -->
 
-	<a href="{U_BACK}" style="float: right">&laquo; {L_BACK}</a>
+	<a href="{U_BACK}" style="float: {S_CONTENT_FLOW_END};">&laquo; {L_BACK}</a>
 
 	<h1>{L_USER_ADMIN}</h1>
 
@@ -52,7 +52,7 @@
 
 <!-- ELSE -->
 
-	<a href="{U_BACK}" style="float: right">&laquo; {L_BACK}</a>
+	<a href="{U_BACK}" style="float: {S_CONTENT_FLOW_END};">&laquo; {L_BACK}</a>
 
 	<h1>{L_USER_ADMIN} :: {MANAGED_USERNAME}</h1>
 
@@ -207,7 +207,7 @@
 
 <!-- ELSEIF S_PERMISSIONS -->
 
-	<div style="float: right;">
+	<div style="float: {S_CONTENT_FLOW_END};">
 		<a href="{U_USER_PERMISSIONS}">&raquo; {L_SET_USERS_PERMISSIONS}</a><br />
 		<a href="{U_USER_FORUM_PERMISSIONS}">&raquo; {L_SET_USERS_FORUM_PERMISSIONS}</a>
 	</div>

phpBB/adm/style/acp_users_feedback.html

@@ -52,8 +52,8 @@
 
 	<!-- IF S_CLEARLOGS -->
 		<fieldset class="quick">
-			<input class="button2" type="submit" name="delmarked" value="{L_DELETE_MARKED}" />&nbsp;
-			<input class="button2" type="submit" name="delall" value="{L_DELETE_ALL}" />
+			<input class="button2" type="submit" name="delall" value="{L_DELETE_ALL}" />&nbsp;
+			<input class="button2" type="submit" name="delmarked" value="{L_DELETE_MARKED}" />
 			<p class="small"><a href="#" onclick="marklist('list', 'mark', true);">{L_MARK_ALL}</a> &bull; <a href="#" onclick="marklist('list', 'mark', false);">{L_UNMARK_ALL}</a></p>
 		</fieldset>
 	<!-- ENDIF -->

phpBB/adm/style/acp_words.html

@@ -4,7 +4,7 @@
 
 <!-- IF S_EDIT_WORD -->
 
-	<a href="{U_BACK}" style="float: right">&laquo; {L_BACK}</a>
+	<a href="{U_BACK}" style="float: {S_CONTENT_FLOW_END};">&laquo; {L_BACK}</a>
 
 	<h1>{L_ACP_WORDS}</h1>
 

phpBB/adm/style/admin.css

@@ -1322,11 +1322,23 @@ fieldset.permissions .permissions-switch {
 	float: left;
 }
 
+fieldset.permissions .padding {
+}
+
 .permissions-switch a {
 	text-decoration: underline;
 	font-size: 0.90em;
 }
 
+.permissions-reset {
+	margin-top: -6px;
+	padding-bottom: 10px;
+}
+
+.permissions-reset a {
+	font-size: .8em;
+}
+
 /* Tabbed menu */
 .permissions-category {
 	line-height: normal;
@@ -1602,3 +1614,16 @@ fieldset.permissions .permissions-switch {
 	margin: 0;
 	padding: 0;
 }
+
+/* Classes for additional tasks
+---------------------------------------- */
+
+.phpinfo {
+	overflow: auto;
+	width: 99%;
+	direction: ltr;
+}
+
+.phpinfo td, .phpinfo th, .phpinfo h2, .phpinfo h1 {
+	text-align: left;
+}

phpBB/adm/style/install_footer.html

@@ -18,7 +18,7 @@
 	// -->
 	
 	<div id="page-footer">
-		Powered by phpBB {VERSION} &copy; 2000, 2002, 2005, 2007 <a href="http://www.phpbb.com/">phpBB Group</a>
+		Powered by phpBB &copy; 2000, 2002, 2005, 2007 <a href="http://www.phpbb.com/">phpBB Group</a>
 	</div>
 </div>
 

phpBB/adm/style/install_update.html

@@ -2,20 +2,30 @@
 
 <script type="text/javascript">
 <!--
-	function popup(url, width, height)
+	function diff_popup(url)
 	{
-		window.open(url.replace(/&amp;/g, '&'), 'diff', 'height=' + height + ',resizable=yes,scrollbars=yes,width=' + width);
+		window.open(url.replace(/&amp;/g, '&'), 'diff', 'height=600,resizable=yes,scrollbars=yes,width=950');
 		return false;
 	}
 //-->
 </script>
 
 <!-- IF S_ERROR -->
-	<h1>{L_NOTICE}</h1>
-	<p style="color: red;">{ERROR_MSG}</p>
+	<div class="errorbox" style="margin-top: 0;">
+		<h3>{L_NOTICE}</h3>
+		<p>{ERROR_MSG}</p>
+	</div>
 <!-- ENDIF -->
 
 <!-- IF S_INTRO -->
+
+	<!-- IF S_WARNING -->
+	<div class="successbox" style="margin-top: 0;">
+		<h3>{L_NOTICE}</h3>
+		<p>{WARNING_MSG}</p>
+	</div>
+	<!-- ENDIF -->
+
 	<form id="install_update" method="post" action="{U_ACTION}">
 
 	<h1>{L_UPDATE_INSTALLATION}</h1>
@@ -68,6 +78,12 @@
 		<dt><label>{L_LATEST_VERSION}</label></dt>
 		<dd><strong>{LATEST_VERSION}</strong></dd>
 	</dl>
+	<!-- IF PACKAGE_VERSION and not S_UP_TO_DATE -->
+	<dl>
+		<dt><label>{L_PACKAGE_UPDATES_TO}</label></dt>
+		<dd><strong>{PACKAGE_VERSION}</strong></dd>
+	</dl>
+	<!-- ENDIF -->
 	</fieldset>
 
 	<!-- IF not S_UP_TO_DATE -->
@@ -185,28 +201,52 @@
 								<br /><span>{L_NUM_CONFLICTS}: {files.NUM_CONFLICTS}</span>
 								<!-- ENDIF -->
 							</dt>
-							<dd style="margin-left: 60%;"><!-- IF not files.S_BINARY -->[ <a href="{files.U_SHOW_DIFF}" onclick="popup('{files.U_SHOW_DIFF}', 700, 500); return false;">{files.L_SHOW_DIFF}</a> ]<!-- ELSE -->{L_BINARY_FILE}<!-- ENDIF --></dd>
+							<dd style="margin-left: 60%;"><!-- IF files.STATUS eq 'modified' -->&nbsp;<!-- ELSE --><!-- IF not files.S_BINARY -->[ <a href="{files.U_SHOW_DIFF}" onclick="diff_popup('{files.U_SHOW_DIFF}'); return false;">{files.L_SHOW_DIFF}</a> ]<!-- ELSE -->{L_BINARY_FILE}<!-- ENDIF --><!-- ENDIF --></dd>
 							<!-- IF files.S_CUSTOM -->
 								<dd style="margin-left: 60%;"><label><input type="checkbox" name="no_update[]" value="{files.FILENAME}" class="radio" /> {L_DO_NOT_UPDATE}</label></dd>
 							<!-- ENDIF -->
+							
+							<!-- IF files.STATUS eq 'modified' -->
+							</dl>
+							<dl>
+								<dt style="width: 60%"><label><input type="radio" class="radio" name="modified[{files.FILENAME}]" value="0" checked="checked" /> {L_MERGE_MODIFICATIONS_OPTION}</label></dt>
+								<dd style="margin-left: 60%;"><!-- IF not files.S_BINARY -->[ <a href="{files.U_SHOW_DIFF}" onclick="diff_popup('{files.U_SHOW_DIFF}'); return false;">{files.L_SHOW_DIFF}</a> ]<!-- ELSE -->{L_BINARY_FILE}<!-- ENDIF --></dd>
+							</dl>
+							<dl>
+								<dt style="width: 60%"><label><input type="radio" class="radio" name="modified[{files.FILENAME}]" value="1" /> {L_MERGE_NO_MERGE_NEW_OPTION}</label></dt>
+								<dd style="margin-left: 60%;"><!-- IF not files.S_BINARY -->[<a href="{files.U_VIEW_NO_MERGE_NEW}" onclick="diff_popup('{files.U_VIEW_NO_MERGE_NEW}'); return false;">{L_SHOW_DIFF_FINAL}</a>]<!-- ELSE -->&nbsp;<!-- ENDIF --></dd>
+							</dl>
+							<dl>
+								<dt style="width: 60%"><label><input type="radio" class="radio" name="modified[{files.FILENAME}]" value="2" /> {L_MERGE_NO_MERGE_MOD_OPTION}</label></dt>
+								<dd style="margin-left: 60%;"><!-- IF not files.S_BINARY -->[<a href="{files.U_VIEW_NO_MERGE_MOD}" onclick="diff_popup('{files.U_VIEW_NO_MERGE_MOD}'); return false;">{L_SHOW_DIFF_FINAL}</a>]<!-- ELSE -->&nbsp;<!-- ENDIF --></dd>
+							</dl>
+							<!-- IF not files.S_LAST_ROW -->
+							</fieldset>
+
+							<fieldset>
+								<legend><img src="{T_IMAGE_PATH}file_{files.STATUS}.gif" alt="{files.L_STATUS}" /></legend>
+							<!-- ENDIF -->
+
+							<!-- ENDIF -->
+
 							<!-- IF files.STATUS eq 'conflict' -->
 							</dl>
 							<dl>
 								<dt style="width: 60%"><label><input type="radio" class="radio" name="conflict[{files.FILENAME}]" value="1" checked="checked" /> {L_MERGE_NO_MERGE_NEW_OPTION}</label></dt>
-								<dd style="margin-left: 60%;"><!-- IF not files.S_BINARY -->[<a href="{files.U_VIEW_NO_MERGE_NEW}" onclick="popup('{files.U_VIEW_NO_MERGE_NEW}', 700, 500); return false;">{L_SHOW_DIFF_FINAL}</a>]<!-- ELSE -->&nbsp;<!-- ENDIF --></dd>
+								<dd style="margin-left: 60%;"><!-- IF not files.S_BINARY -->[<a href="{files.U_VIEW_NO_MERGE_NEW}" onclick="diff_popup('{files.U_VIEW_NO_MERGE_NEW}'); return false;">{L_SHOW_DIFF_FINAL}</a>]<!-- ELSE -->&nbsp;<!-- ENDIF --></dd>
 							</dl>
 							<dl>
 								<dt style="width: 60%"><label><input type="radio" class="radio" name="conflict[{files.FILENAME}]" value="2" /> {L_MERGE_NO_MERGE_MOD_OPTION}</label></dt>
-								<dd style="margin-left: 60%;"><!-- IF not files.S_BINARY -->[<a href="{files.U_VIEW_NO_MERGE_MOD}" onclick="popup('{files.U_VIEW_NO_MERGE_MOD}', 700, 500); return false;">{L_SHOW_DIFF_FINAL}</a>]<!-- ELSE -->&nbsp;<!-- ENDIF --></dd>
+								<dd style="margin-left: 60%;"><!-- IF not files.S_BINARY -->[<a href="{files.U_VIEW_NO_MERGE_MOD}" onclick="diff_popup('{files.U_VIEW_NO_MERGE_MOD}'); return false;">{L_SHOW_DIFF_FINAL}</a>]<!-- ELSE -->&nbsp;<!-- ENDIF --></dd>
 							</dl>
 								<!-- IF not files.S_BINARY -->
 									<dl>
 										<dt style="width: 60%"><label><input type="radio" class="radio" name="conflict[{files.FILENAME}]" value="3" /> {L_MERGE_NEW_FILE_OPTION}</label></dt>
-										<dd style="margin-left: 60%;">[<a href="{files.U_VIEW_NEW_FILE}" onclick="popup('{files.U_VIEW_NEW_FILE}', 700, 500); return false;">{L_SHOW_DIFF_FINAL}</a>]</dd>
+										<dd style="margin-left: 60%;">[<a href="{files.U_VIEW_NEW_FILE}" onclick="diff_popup('{files.U_VIEW_NEW_FILE}'); return false;">{L_SHOW_DIFF_FINAL}</a>]</dd>
 									</dl>
 									<dl>
 										<dt style="width: 60%"><label><input type="radio" class="radio" name="conflict[{files.FILENAME}]" value="4" /> {L_MERGE_MOD_FILE_OPTION}</label></dt>
-										<dd style="margin-left: 60%;">[<a href="{files.U_VIEW_MOD_FILE}" onclick="popup('{files.U_VIEW_MOD_FILE}', 700, 500); return false;">{L_SHOW_DIFF_FINAL}</a>]</dd>
+										<dd style="margin-left: 60%;">[<a href="{files.U_VIEW_MOD_FILE}" onclick="diff_popup('{files.U_VIEW_MOD_FILE}'); return false;">{L_SHOW_DIFF_FINAL}</a>]</dd>
 									</dl>
 								<!-- ENDIF -->
 							<!-- IF not files.S_LAST_ROW -->
@@ -218,7 +258,7 @@
 
 							<!-- ENDIF -->
 						<!-- ENDIF -->
-					<!-- IF files.STATUS neq 'conflict' --></dl><!-- ENDIF -->
+					<!-- IF files.STATUS neq 'conflict' and files.STATUS neq 'modified' --></dl><!-- ENDIF -->
 				<!-- ENDIF -->
 			<!-- END files -->
 

phpBB/adm/style/install_update_diff.html

@@ -42,11 +42,16 @@ function resize_panel()
 	width: 99%;
 }
 
+#diff_content {
+	padding: 30px 10px 10px;
+}
+
 <!-- IF DIFF_MODE neq 'side_by_side' and DIFF_MODE neq 'raw' -->
 div#codepanel {
 	overflow: auto;
 	width: 100%;
 	height: 350px;
+	display: inline-block;
 }
 <!-- ELSE -->
 div#codepanel {	
@@ -230,11 +235,11 @@ table.hrdiff caption span {
 		<div id="acp">
 		<div class="panel" id="codepanel">
 			<span class="corners-top"><span></span></span>
-				<div id="content">
+				<div id="diff_content">
 					<div id="main">
 
 <!-- IF S_DIFF_CONFLICT_FILE -->
-		<div style="float: right;"><strong>{L_NUM_CONFLICTS}: {NUM_CONFLICTS}</strong></div>
+		<div style="float: {S_CONTENT_FLOW_END};"><strong>{L_NUM_CONFLICTS}: {NUM_CONFLICTS}</strong></div>
 <!-- ENDIF -->
 						{DIFF_CONTENT}
 					</div>

phpBB/adm/style/overall_footer.html

@@ -19,7 +19,7 @@
 	
 	<div id="page-footer">
 		<!-- IF S_COPYRIGHT_HTML -->
-			Powered by phpBB {VERSION} &copy; 2000, 2002, 2005, 2007 <a href="http://www.phpbb.com/">phpBB Group</a>
+			Powered by phpBB &copy; 2000, 2002, 2005, 2007 <a href="http://www.phpbb.com/">phpBB Group</a>
 			<!-- IF TRANSLATION_INFO --><br />{TRANSLATION_INFO}<!-- ENDIF -->
 		<!-- ENDIF -->
 

phpBB/adm/style/overall_header.html

@@ -193,7 +193,7 @@ function switch_menu()
 						<a id="toggle-handle" accesskey="m" title="{L_MENU_TOGGLE}" onclick="switch_menu(); return false;" href="#"></a></div>
 					<!-- ENDIF -->
 					<div id="menu">
-						<p>{L_LOGGED_IN_AS}<br /><strong>{USERNAME}</strong> [&nbsp;<a href="{U_LOGOUT}">{L_LOGOUT}</a>&nbsp;]</p>						
+						<p>{L_LOGGED_IN_AS}<br /><strong>{USERNAME}</strong> [&nbsp;<a href="{U_LOGOUT}">{L_LOGOUT}</a>&nbsp;]</p>
 						<ul>
 						<!-- BEGIN l_block1 -->
 							<!-- IF l_block1.S_SELECTED -->

phpBB/adm/style/permission_mask.html

@@ -18,7 +18,7 @@
 
 <!-- BEGIN p_mask -->
 <div class="clearfix"></div>
-<h3>{p_mask.PADDING}{p_mask.NAME}<!-- IF p_mask.S_LOCAL --> <span class="small"> [{p_mask.L_ACL_TYPE}]</span><!-- ENDIF --></h3>
+<h3>{p_mask.NAME}<!-- IF p_mask.S_LOCAL --> <span class="small"> [{p_mask.L_ACL_TYPE}]</span><!-- ENDIF --></h3>
 
 <!-- BEGIN f_mask -->
 <div class="clearfix"></div>
@@ -28,11 +28,14 @@
 			<input type="checkbox" style="display: none;" class="permissions-checkbox" name="inherit[{p_mask.f_mask.UG_ID}][{p_mask.f_mask.FORUM_ID}]" id="checkbox{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}" value="1" onclick="toggle_opacity('{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}')" /> 
 		<!-- ELSE -->
 		<!-- ENDIF -->
-		<!-- {p_mask.f_mask.PADDING} -->{p_mask.f_mask.NAME}
+		<!-- IF p_mask.f_mask.PADDING --><span class="padding">{p_mask.f_mask.PADDING}{p_mask.f_mask.PADDING}</span><!-- ENDIF -->{p_mask.f_mask.NAME}
 	</legend>
 	<!-- IF not p_mask.S_VIEW -->
 		<div class="permissions-switch">
-			<a href="#" onclick="swap_options('{p_mask.S_ROW_COUNT}', '{p_mask.f_mask.S_ROW_COUNT}', '0', true); return false;">{L_ADVANCED_PERMISSIONS}</a>
+			<div class="permissions-reset">
+				<a href="#" onclick="mark_options('perm{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}', 'y'); reset_role('role{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}'); init_colours('{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}'); return false;">{L_ALL_YES}</a> &middot; <a href="#" onclick="mark_options('perm{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}', 'u'); reset_role('role{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}'); init_colours('{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}'); return false;">{L_ALL_NO}</a> &middot; <a href="#" onclick="mark_options('perm{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}', 'n'); reset_role('role{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}'); init_colours('{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}'); return false;">{L_ALL_NEVER}</a>
+			</div>
+			<a href="#" onclick="swap_options('{p_mask.S_ROW_COUNT}', '{p_mask.f_mask.S_ROW_COUNT}', '0', true); return false;">{L_ADVANCED_PERMISSIONS}</a><!-- IF not p_mask.S_VIEW and p_mask.f_mask.S_CUSTOM --> *<!-- ENDIF -->
 		</div>
 		<dl class="permissions-simple">
 			<dt style="width: 20%"><label for="role{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}">{L_ROLE}:</label></dt>
@@ -46,7 +49,11 @@
 
 	<!-- BEGIN category -->
 		<!-- IF p_mask.f_mask.category.S_FIRST_ROW -->
-			<div class="permissions-advanced" id="advanced{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}"<!-- IF not p_mask.S_VIEW --> style="display: none;"<!-- ENDIF -->>
+			<!-- IF not p_mask.S_VIEW -->
+				<div class="permissions-advanced" id="advanced{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}" style="display: none;">
+			<!-- ELSE -->
+				<div class="permissions-advanced" id="advanced{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}">
+			<!-- ENDIF -->
 
 			<div class="permissions-category">
 				<ul>

phpBB/adm/style/permission_trace.html

@@ -2,7 +2,7 @@
 
 <div style="background-color: #fff; padding: 10px; margin-top: 10px;" class="permissions">
 
-	<!-- IF U_BACK --><a href="{U_BACK}" style="float: right">&laquo; {L_BACK}</a><!-- ENDIF -->
+	<!-- IF U_BACK --><a href="{U_BACK}" style="float: {S_CONTENT_FLOW_END};">&laquo; {L_BACK}</a><!-- ENDIF -->
 
 	<h3>{L_TRACE_FOR}: {PERMISSION_USERNAME} / <!-- IF FORUM_NAME -->{FORUM_NAME} / <!-- ENDIF -->{PERMISSION} </h3>
 
@@ -41,6 +41,13 @@
 		<td>{trace.INFORMATION}</td>
 	</tr>
 	<!-- END trace -->
+	<tr class="row2">
+		<td style="white-space: nowrap;"><strong>{L_TRACE_RESULT}</strong></td>
+		<td colspan="2" style="text-align: center;" class="<!-- IF S_RESULT_NEVER -->never<!-- ELSEIF S_RESULT_YES -->yes<!-- ELSE -->no<!-- ENDIF -->">
+		<!-- IF S_RESULT_NEVER -->{L_ACL_NEVER}<!-- ELSEIF S_RESULT_YES -->{L_ACL_YES}<!-- ELSE -->{L_ACL_NO}<!-- ENDIF -->
+		</td>
+		<td>{L_RESULTING_PERMISSION}</td>
+	</tr>
 	</tbody>
 	</table>
 

phpBB/adm/style/simple_footer.html

@@ -16,7 +16,7 @@
 <div id="page-footer">
 
 	<!-- IF S_COPYRIGHT_HTML -->
-		<br />Powered by phpBB {VERSION} &copy; 2000, 2002, 2005, 2007 <a href="http://www.phpbb.com/">phpBB Group</a>
+		<br />Powered by phpBB &copy; 2000, 2002, 2005, 2007 <a href="http://www.phpbb.com/">phpBB Group</a>
 		<!-- IF TRANSLATION_INFO --><br />{TRANSLATION_INFO}<!-- ENDIF -->
 	<!-- ENDIF -->
 

phpBB/adm/swatch.php

@@ -12,7 +12,7 @@
 * @ignore
 */
 define('IN_PHPBB', true);
-$phpbb_root_path = './../';
+$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './../';
 $phpEx = substr(strrchr(__FILE__, '.'), 1);
 include($phpbb_root_path . 'common.' . $phpEx);
 

phpBB/cron.php

@@ -12,7 +12,7 @@
 */
 define('IN_PHPBB', true);
 define('IN_CRON', true);
-$phpbb_root_path = './';
+$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './';
 $phpEx = substr(strrchr(__FILE__, '.'), 1);
 include($phpbb_root_path . 'common.' . $phpEx);
 
@@ -30,7 +30,35 @@ header('Content-length: 43');
 
 echo base64_decode('R0lGODlhAQABAIAAAP///wAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw==');
 
-flush();
+// test without flush ;)
+// flush();
+
+// make sure cron doesn't run multiple times in parallel
+if ($config['cron_lock'])
+{
+	// if the other process is running more than an hour already we have to assume it
+	// aborted without cleaning the lock
+	$time = explode(' ', $config['cron_lock']);
+	$time = $time[0];
+
+	if ($time + 3600 >= time())
+	{
+		exit;
+	}
+}
+
+define('CRON_ID', time() . ' ' . unique_id());
+
+$sql = 'UPDATE ' . CONFIG_TABLE . "
+	SET config_value = '" . $db->sql_escape(CRON_ID) . "'
+	WHERE config_name = 'cron_lock' AND config_value = '" . $db->sql_escape($config['cron_lock']) . "'";
+$db->sql_query($sql);
+
+// another cron process altered the table between script start and UPDATE query so exit
+if ($db->sql_affectedrows() != 1)
+{
+	exit;
+}
 
 /**
 * Run cron-like action
@@ -226,6 +254,11 @@ else
 	garbage_collection();
 }
 
+$sql = 'UPDATE ' . CONFIG_TABLE . "
+	SET config_value = '0'
+	WHERE config_name = 'cron_lock' AND config_value = '" . $db->sql_escape(CRON_ID) . "'";
+$db->sql_query($sql);
+
 exit;
 
 ?>

phpBB/develop/create_schema_files.php

@@ -14,7 +14,7 @@
 
 die("Please read the first lines of this script for instructions on how to enable it");
 
-set_time_limit(0);
+@set_time_limit(0);
 
 $schema_path = './../install/schemas/';
 
@@ -1028,7 +1028,7 @@ function get_schema_struct()
 			'forum_desc_uid'		=> array('VCHAR:5', ''),
 			'forum_link'			=> array('VCHAR_UNI', ''),
 			'forum_password'		=> array('VCHAR_UNI:40', ''),
-			'forum_style'			=> array('TINT:4', 0),
+			'forum_style'			=> array('USINT', 0),
 			'forum_image'			=> array('VCHAR', ''),
 			'forum_rules'			=> array('TEXT_UNI', ''),
 			'forum_rules_link'		=> array('VCHAR_UNI', ''),
@@ -1107,9 +1107,9 @@ function get_schema_struct()
 			'group_desc_uid'		=> array('VCHAR:5', ''),
 			'group_display'			=> array('BOOL', 0),
 			'group_avatar'			=> array('VCHAR', ''),
-			'group_avatar_type'		=> array('TINT:4', 0),
-			'group_avatar_width'	=> array('TINT:4', 0),
-			'group_avatar_height'	=> array('TINT:4', 0),
+			'group_avatar_type'		=> array('TINT:2', 0),
+			'group_avatar_width'	=> array('USINT', 0),
+			'group_avatar_height'	=> array('USINT', 0),
 			'group_rank'			=> array('UINT', 0),
 			'group_colour'			=> array('VCHAR:6', ''),
 			'group_sig_chars'		=> array('UINT', 0),
@@ -1556,13 +1556,13 @@ function get_schema_struct()
 
 	$schema_data['phpbb_styles'] = array(
 		'COLUMNS'		=> array(
-			'style_id'				=> array('TINT:4', NULL, 'auto_increment'),
+			'style_id'				=> array('USINT', NULL, 'auto_increment'),
 			'style_name'			=> array('VCHAR_UNI:255', ''),
 			'style_copyright'		=> array('VCHAR_UNI', ''),
 			'style_active'			=> array('BOOL', 1),
-			'template_id'			=> array('TINT:4', 0),
-			'theme_id'				=> array('TINT:4', 0),
-			'imageset_id'			=> array('TINT:4', 0),
+			'template_id'			=> array('USINT', 0),
+			'theme_id'				=> array('USINT', 0),
+			'imageset_id'			=> array('USINT', 0),
 		),
 		'PRIMARY_KEY'	=> 'style_id',
 		'KEYS'			=> array(
@@ -1575,7 +1575,7 @@ function get_schema_struct()
 
 	$schema_data['phpbb_styles_template'] = array(
 		'COLUMNS'		=> array(
-			'template_id'			=> array('TINT:4', NULL, 'auto_increment'),
+			'template_id'			=> array('USINT', NULL, 'auto_increment'),
 			'template_name'			=> array('VCHAR_UNI:255', ''),
 			'template_copyright'	=> array('VCHAR_UNI', ''),
 			'template_path'			=> array('VCHAR:100', ''),
@@ -1590,7 +1590,7 @@ function get_schema_struct()
 
 	$schema_data['phpbb_styles_template_data'] = array(
 		'COLUMNS'		=> array(
-			'template_id'			=> array('TINT:4', NULL, 'auto_increment'),
+			'template_id'			=> array('USINT', NULL, 'auto_increment'),
 			'template_filename'		=> array('VCHAR:100', ''),
 			'template_included'		=> array('TEXT', ''),
 			'template_mtime'		=> array('TIMESTAMP', 0),
@@ -1604,7 +1604,7 @@ function get_schema_struct()
 
 	$schema_data['phpbb_styles_theme'] = array(
 		'COLUMNS'		=> array(
-			'theme_id'				=> array('TINT:4', NULL, 'auto_increment'),
+			'theme_id'				=> array('USINT', NULL, 'auto_increment'),
 			'theme_name'			=> array('VCHAR_UNI:255', ''),
 			'theme_copyright'		=> array('VCHAR_UNI', ''),
 			'theme_path'			=> array('VCHAR:100', ''),
@@ -1620,7 +1620,7 @@ function get_schema_struct()
 
 	$schema_data['phpbb_styles_imageset'] = array(
 		'COLUMNS'		=> array(
-			'imageset_id'				=> array('TINT:4', NULL, 'auto_increment'),
+			'imageset_id'				=> array('USINT', NULL, 'auto_increment'),
 			'imageset_name'				=> array('VCHAR_UNI:255', ''),
 			'imageset_copyright'		=> array('VCHAR_UNI', ''),
 			'imageset_path'				=> array('VCHAR:100', ''),
@@ -1639,7 +1639,7 @@ function get_schema_struct()
 			'image_lang'			=> array('VCHAR:30', ''),
 			'image_height'			=> array('USINT', 0),
 			'image_width'			=> array('USINT', 0),
-			'imageset_id'			=> array('TINT:4', 0),
+			'imageset_id'			=> array('USINT', 0),
 		),
 		'PRIMARY_KEY'		=> 'image_id',
 		'KEYS'				=> array(
@@ -1777,7 +1777,7 @@ function get_schema_struct()
 			'user_timezone'				=> array('DECIMAL', 0),
 			'user_dst'					=> array('BOOL', 0),
 			'user_dateformat'			=> array('VCHAR_UNI:30', 'd M Y H:i'),
-			'user_style'				=> array('TINT:4', 0),
+			'user_style'				=> array('USINT', 0),
 			'user_rank'					=> array('UINT', 0),
 			'user_colour'				=> array('VCHAR:6', ''),
 			'user_new_privmsg'			=> array('TINT:4', 0),

phpBB/develop/generate_utf_confusables.php

@@ -0,0 +1,240 @@
+<?php
+/** 
+*
+* @package phpBB3
+* @version $Id$
+* @copyright (c) 2005 phpBB Group 
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License 
+*
+*/
+
+if (php_sapi_name() != 'cli')
+{
+	die("This program must be run from the command line.\n");
+}
+
+//
+// Security message:
+//
+// This script is potentially dangerous.
+// Remove or comment the next line (die(".... ) to enable this script.
+// Do NOT FORGET to either remove this script or disable it after you have used it.
+//
+die("Please read the first lines of this script for instructions on how to enable it");
+
+set_time_limit(0);
+
+define('IN_PHPBB', true);
+$phpbb_root_path = '../';
+$phpEx = substr(strrchr(__FILE__, '.'), 1);
+
+echo "Checking for required files\n";
+download('http://unicode.org/reports/tr39/data/confusables.txt');
+download('http://unicode.org/Public/UNIDATA/CaseFolding.txt');
+echo "\n";
+
+
+/**
+* Load the confusables table
+*/
+echo "Loading confusables\n";
+$unidata = file_get_contents('confusables.txt');
+
+/**
+* Load the CaseFolding table
+*/
+echo "Loading CaseFolding\n";
+$casefolds = file_get_contents('CaseFolding.txt');
+
+
+function utf8_chr($cp)
+{
+    if ($cp > 0xFFFF)
+    {
+        return chr(0xF0 | ($cp >> 18)) . chr(0x80 | (($cp >> 12) & 0x3F)) . chr(0x80 | (($cp >> 6) & 0x3F)) . chr(0x80 | ($cp & 0x3F));
+    }
+    else if ($cp > 0x7FF)
+    {
+        return chr(0xE0 | ($cp >> 12)) . chr(0x80 | (($cp >> 6) & 0x3F)) . chr(0x80 | ($cp & 0x3F));
+    }
+    else if ($cp > 0x7F)
+    {
+        return chr(0xC0 | ($cp >> 6)) . chr(0x80 | ($cp & 0x3F));
+    }
+    else
+    {
+        return chr($cp);
+    }
+}
+
+preg_match_all('/^([0-9A-F]+) ;\s((?:[0-9A-F]+ )*);.*?$/im', $unidata, $array, PREG_SET_ORDER);
+preg_match_all('/^([0-9A-F]+); ([CFS]); ([0-9A-F]+(?: [0-9A-F]+)*);/im', $casefolds, $casefold_array);
+
+// some that we defined ourselves
+$uniarray = array(
+		"\xC2\xA1"			=>	"\x69",	// EXCLAMATION MARK, INVERTED => LATIN SMALL LETTER I
+		"\xC7\x83"			=>	"\x21",	// LATIN LETTER RETROFLEX CLICK => EXCLAMATION MARK
+		"\xCE\xB1"			=>	"\x61",	// GREEK SMALL LETTER ALPHA => LATIN SMALL LETTER A
+		"\xE1\x9A\x80"		=>	"\x20",	// OGHAM SPACE MARK
+
+		"\xC2\xAD"			=>	'',		// HYPHEN, SOFT => empty string
+		"\xDB\x9D"			=>	'',		// ARABIC END OF AYAH
+		"\xDC\x8F"			=>	'',		// SYRIAC ABBREVIATION MARK
+		"\xE1\xA0\x86"		=>	'',		// MONGOLIAN TODO SOFT HYPHEN
+		"\xE1\xA0\x8E"		=>	'',		// MONGOLIAN VOWEL SEPARATOR
+		"\xE2\x80\x8B"		=>	'',		// ZERO WIDTH SPACE
+		"\xE2\x80\x8C"		=>	'',		// ZERO WIDTH NON-JOINER
+		"\xE2\x80\x8D"		=>	'',		// ZERO WIDTH JOINER
+		"\xE2\x80\xA8"		=>	'',		// LINE SEPARATOR
+		"\xE2\x80\xA9"		=>	'',		// PARAGRAPH SEPARATOR
+		"\xE2\x81\xA0"		=>	'',		// WORD JOINER
+		"\xE2\x81\xA1"		=>	'',		// FUNCTION APPLICATION
+		"\xE2\x81\xA2"		=>	'',		// INVISIBLE TIMES
+		"\xE2\x81\xA3"		=>	'',		// INVISIBLE SEPARATOR
+		"\xE2\x81\xAA"		=>	'',		// [CONTROL CHARACTERS]
+		"\xE2\x81\xAB"		=>	'',		// [CONTROL CHARACTERS]
+		"\xE2\x81\xAC"		=>	'',		// [CONTROL CHARACTERS]
+		"\xE2\x81\xAD"		=>	'',		// [CONTROL CHARACTERS]
+		"\xE2\x81\xAE"		=>	'',		// [CONTROL CHARACTERS]
+		"\xE2\x81\xAF"		=>	'',		// [CONTROL CHARACTERS]
+		"\xEF\xBB\xBF"		=>	'',		// ZERO WIDTH NO-BREAK SPACE
+		"\xEF\xBF\xB9"		=>	'',		// [CONTROL CHARACTERS]
+		"\xEF\xBF\xBA"		=>	'',		// [CONTROL CHARACTERS]
+		"\xEF\xBF\xBB"		=>	'',		// [CONTROL CHARACTERS]
+		"\xEF\xBF\xBC"		=>	'',		// [CONTROL CHARACTERS]
+		"\xF0\x9D\x85\xB3"	=>	'',		// [MUSICAL CONTROL CHARACTERS]
+		"\xF0\x9D\x85\xB4"	=>	'',		// [MUSICAL CONTROL CHARACTERS]
+		"\xF0\x9D\x85\xB5"	=>	'',		// [MUSICAL CONTROL CHARACTERS]
+		"\xF0\x9D\x85\xB6"	=>	'',		// [MUSICAL CONTROL CHARACTERS]
+		"\xF0\x9D\x85\xB7"	=>	'',		// [MUSICAL CONTROL CHARACTERS]
+		"\xF0\x9D\x85\xB8"	=>	'',		// [MUSICAL CONTROL CHARACTERS]
+		"\xF0\x9D\x85\xB9"	=>	'',		// [MUSICAL CONTROL CHARACTERS]
+		"\xF0\x9D\x85\xBA"	=>	'',		// [MUSICAL CONTROL CHARACTERS]
+);
+
+$copy = $uniarray;
+
+foreach ($array as $value)
+{
+	$temp_hold = implode(array_map('utf8_chr', array_map('hexdec', explode(' ', trim($value[2])))));
+	
+	if (isset($copy[utf8_chr(hexdec((string)$value[1]))]))
+	{
+		$num = '';
+		$string = utf8_chr(hexdec((string)$value[1]));
+		for ($i = 0; $i < strlen($string); $i++)
+		{
+			$num .= '\x' . str_pad(base_convert(ord($string[$i]), 10, 16), 2, '0', STR_PAD_LEFT);
+		}
+		echo $num . "\n";
+		if ($uniarray[$string] != $temp_hold)
+		{
+			echo "  --> $string\n";
+			echo "  --> " . $temp_hold . "\n";
+		}
+	}
+
+	// do some tests for things that transform into something with the number one
+	if (strpos($temp_hold, utf8_chr(0x0031)) !== false)
+	{
+		// any kind of letter L?
+		if (strpos($value[0], 'LETTER L') !== false || strpos($value[0], 'IOTA') !== false || strpos($value[0], 'SMALL L ') !== false || preg_match('/SMALL LIGATURE [^L]*L /', $value[0]))
+		{
+			// replace all of the mappings that transform some sort of letter l to number one instead to some sort of letter l to latin small letter l
+			$temp_hold = str_replace(utf8_chr(0x0031), utf8_chr(0x006C), $temp_hold);
+		}
+	}
+
+	// uppercased chars that were folded do not exist in this universe,
+	// no amount of normalization could ever "trick" this into not working
+	if (in_array($value[1], $casefold_array[1]))
+	{
+		continue;
+	}
+
+	$uniarray[utf8_chr(hexdec((string)$value[1]))] = $temp_hold;
+}
+
+echo "Writing to confusables.$phpEx\n";
+
+$fp = fopen($phpbb_root_path . 'includes/utf/data/confusables.' . $phpEx, 'wb');
+fwrite($fp, '<?php return ' . my_var_export($uniarray) . ';');
+fclose($fp);
+
+/**
+* Return a parsable string representation of a variable
+*
+* This is function is limited to array/strings/integers
+*
+* @param	mixed	$var		Variable
+* @return	string				PHP code representing the variable
+*/
+function my_var_export($var)
+{
+	if (is_array($var))
+	{
+		$lines = array();
+
+		foreach ($var as $k => $v)
+		{
+			$lines[] = my_var_export($k) . '=>' . my_var_export($v);
+		}
+
+		return 'array(' . implode(',', $lines) . ')';
+	}
+	else if (is_string($var))
+	{
+		return "'" . str_replace(array('\\', "'"), array('\\\\', "\\'"), $var) . "'";
+	}
+	else
+	{
+		return $var;
+	}
+}
+
+/**
+* Download a file to the develop/ dir
+*
+* @param	string	$url		URL of the file to download
+* @return	void
+*/
+function download($url)
+{
+	global $phpbb_root_path;
+
+	if (file_exists($phpbb_root_path . 'develop/' . basename($url)))
+	{
+		return;
+	}
+
+	echo 'Downloading from ', $url, ' ';
+
+	if (!$fpr = fopen($url, 'rb'))
+	{
+		die("Can't download from $url\nPlease download it yourself and put it in the develop/ dir, kthxbai");
+	}
+
+	if (!$fpw = fopen($phpbb_root_path . 'develop/' . basename($url), 'wb'))
+	{
+		die("Can't open develop/" . basename($url) . " for output... please check your permissions or something");
+	}
+
+	$i = 0;
+	$chunk = 32768;
+	$done = '';
+
+	while (!feof($fpr))
+	{
+		$i += fwrite($fpw, fread($fpr, $chunk));
+		echo str_repeat("\x08", strlen($done));
+
+		$done = ($i >> 10) . ' KiB';
+		echo $done;
+	}
+	fclose($fpr);
+	fclose($fpw);
+
+	echo "\n";
+}
+
+?>

phpBB/develop/unicode_testing.php

@@ -0,0 +1,120 @@
+<?php
+//
+// This file provides some useful functions for debugging the unicode/UTF-8 library
+// It requires utf_tools.php to be loaded
+//
+die("Please read the first lines of this script for instructions on how to enable it");
+
+if (!headers_sent())
+{
+	header('Content-type: text/html; charset=UTF-8');
+}
+
+/**
+ * Converts unicode escape sequences (\u0123) into UTF-8 characters
+ *
+ * @param	string	A unicode sequence
+ * @return	string	UTF-8 representation of the given unicode sequence
+ */
+function unicode_to_utf8($string)
+{
+	$utf8 = '';
+	$chars = array();
+	for ($i = 0; $i < strlen($string); $i++)
+	{
+		if (isset($string[$i + 5]) && substr($string, $i, 2) == '\\u' && ctype_xdigit(substr($string, $i + 2, 4)))
+		{
+			$utf8 .= utf8_from_unicode(array(base_convert(substr($string, $i + 2, 4), 16, 10)));
+			$i += 5;
+		}
+		else
+		{
+			$utf8 .= $string[$i];
+		}
+	}
+	return $utf8;
+}
+
+/**
+ * Takes an array of ints representing the Unicode characters and returns
+ * a UTF-8 string.
+ *
+ * @param array $array array of unicode code points representing a string
+ * @return string UTF-8 character string
+ */
+function utf8_from_unicode($array)
+{
+	$str = '';
+	foreach ($array as $value)
+	{
+		$str .= utf8_chr($value);
+	}
+	return $str;
+}
+
+/**
+* Converts a UTF-8 string to unicode code points
+*
+* @param	string	$text		UTF-8 string
+* @return	string				Unicode code points
+*/
+function utf8_to_unicode($text)
+{
+	return preg_replace_callback(
+		'#[\\xC2-\\xF4][\\x80-\\xBF]?[\\x80-\\xBF]?[\\x80-\\xBF]#',
+		'utf8_to_unicode_callback',
+		preg_replace_callback(
+			'#[\\x00-\\x7f]#',
+			'utf8_to_unicode_callback',
+			$text
+		)
+	);
+}
+
+/**
+* Takes a UTF-8 char and replaces it with its unicode escape sequence. Attention, $m is an array
+*
+* @param	array	$m			0-based numerically indexed array passed by preg_replace_callback()
+* @return	string				A unicode escape sequence
+*/
+function utf8_to_unicode_callback($m)
+{
+	return '\u' . str_pad(base_convert(utf8_ord($m[0]), 10, 16), 4, '0', STR_PAD_LEFT) . '';
+}
+
+/**
+* A wrapper function for the normalizer which takes care of including the class if required and modifies the passed strings
+* to be in NFKC
+*
+* @param	mixed	$strings	a string or an array of strings to normalize
+* @return	mixed				the normalized content, preserving array keys if array given.
+*/
+function utf8_normalize_nfkc($strings)
+{
+	if (empty($strings))
+	{
+		return $strings;
+	}
+
+	if (!class_exists('utf_normalizer'))
+	{
+		global $phpbb_root_path, $phpEx;
+		include($phpbb_root_path . 'includes/utf/utf_normalizer.' . $phpEx);
+	}
+
+	if (!is_array($strings))
+	{
+		utf_normalizer::nfkc($strings);
+	}
+	else if (is_array($strings))
+	{
+		foreach ($strings as $key => $string)
+		{
+			utf_normalizer::nfkc($strings[$key]);
+		}
+	}
+
+	return $strings;
+}
+
+?>

phpBB/docs/CHANGELOG.html

@@ -169,6 +169,7 @@ p a {
 <ol class="menu">
 	<li><a href="#changelog">Changelog</a>
 	<ol type="i">
+		<li><a href="#v30rc3">Changes since RC-3</a></li>
 		<li><a href="#v30rc2">Changes since RC-2</a></li>
 		<li><a href="#v30rc1">Changes since RC-1</a></li>
 	</ol>
@@ -180,7 +181,126 @@ p a {
 
 <a name="changelog"></a><h1>1. Changelog</h1>
 
-	<a name="v30rc2"></a><b>1.i. Changes since 3.0.RC2</b>
+	<a name="v30rc3"></a><b>1.i. Changes since 3.0.RC3</b>
+	<br /><br />
+	<div class="paragraph">
+
+	<p>These fixes/changes are currently only present within CVS and will appear within the next phpBB3 version.</p>
+
+	<ul class="menu">
+		<li>[Fix] Fixing some subsilver2 and prosilver style issues</li>
+		<li>[Fix] Parse error in MCP ban (Bug #13109)</li>
+		<li>[Fix] Correctly hide online status in the profile (Bug #13059)</li>
+		<li>[Feature] Let the user choose how to update modified files (merging, using new file or using old file) within automatic updater</li>
+		<li>[Fix] An extra \ in an Oracle SQL regex was corrected (Bug #13151)</li>
+		<li>[Fix] Added a missing global to get_file() (Bug #13149)</li>
+		<li>[Fix] Hide autologin box when autologin is disabled (Bug #13093)</li>
+		<li>[Fix] Account for the forum id not being part of the request uri in prosilver (Bug #13121)</li>
+		<li>[Fix] Properly alter PostgreSQL tables</li>
+		<li>[Fix] Properly cache template files that were stored in the database (Bug #12675)</li>
+		<li>[Fix] Do not count the deletion of an unapproved topic as a decrease in normally viewable posts (Bug #13167)</li>
+		<li>[Fix] Allow column_exists() to return true if the column exists but no data is in the table</li>
+		<li>[Fix] Allow setting the smiley order via the select. Also allow to add smileys at the top. (Bug #13199)</li>
+		<li>[Fix] Fix php notice on sending jabber messages (Bug #13201)</li>
+		<li>[Fix] Make the window showing file differences a little wider (Bug #13157)</li>
+		<li>[Fix] Preserve preview style on search form (Bug #13205)</li>
+		<li>[Fix] Place attachment filename in new line in posting editor (Bug #9726)</li>
+		<li>[Fix] Don't allow caching to occur in the update sequence (Bug #13207)</li>
+		<li>[Fix] Enforce the max password length for automatically generated password created by the password sender (Bug #13181)</li>
+		<li>[Fix] Handle phpinfo() when expose_php is false (Bug #12777)</li>
+		<li>[Fix] Allow managing of forum roles without global users (Bug #13249)</li>
+		<li>[Change] Do not run cron script if board is disabled</li>
+		<li>[Fix] Correctly destroy sql cache for some query combinations (Bug #13237)</li>
+		<li>[Fix] Allow link forums being password protected (Bug #12967)</li>
+		<li>[Fix] Allow wrapping topic/post icons in posting editor (Bug #12843)</li>
+		<li>[Fix] Display L_RANK only once in template if rank title and image defined (Bug #13231)</li>
+		<li>[Fix] Make sure selected transfer method exists before calling (Bug #13265)</li>
+		<li>[Fix] Correctly escape language keys in language editor (Bug #13279)</li>
+		<li>[Fix] Correctly hide post/reply buttons if permissions are not given (related to Bug #12809)</li>
+		<li>[Fix] Remove orphan/wrong permission entries for non-existent forums - self-repairing permissions if conversions went &quot;crazy&quot;</li>
+		<li>[Feature] Allow &quot;older&quot; updates applied with the automatic updater. This allows people using it for updating, say, from 3.0.0 to 3.0.1 (with the correct package of course) and then from 3.0.1 to 3.0.2 if the latest version at this time is 3.0.2. These changes take effect beginning with RC4 or people replacing install/install_update.php manually prior doing the updates.</li>
+		<li>[Fix] Present correct error message if user tries to edit already read private message (Bug #13271)</li>
+		<li>[Fix] Also display board disabled notice for admins/mods if board got disabled due to exceeding the load limit (Bug #13267)</li>
+		<li>[Fix] Correctly deliver avatar if readfile function has been disabled (Bug #13309)</li>
+		<li>[Fix] Display php information page with the correct direction (Bug #12557)</li>
+		<li>[Fix] Increased the number of style objects (styles, templates, themes and imagesets) possible from 127 to 65535 for MySQL (Bug #13179)</li>
+		<li>[Fix] Although theoretically impossible in our code, removed the chance of trying to open a file that does not exist (Bug #13327)</li>
+		<li>[Fix] Although theoretically impossible in our code, changed the handling of non-existent language files (Bug #13329, #13331)</li>
+		<li>[Fix] Removed extra ampersand from ACP link (Bug #13315)</li>
+		<li>[Fix] used cleaned up version of given field identification for pre-filling a new custom profile field (Bug #13319)</li>
+		<li>[Fix] Correctly convert 2.0 website profile fields. (Bug #13379)</li>
+		<li>[Fix] Fixed the "Alphanumeric" and "Alphanumeric and spacers" username selection limitations (Bug #13391)</li>
+		<li>[Fix] Make sure filelist() is only returning array types (Bug #13385)</li>
+		<li>[Fix] Correctly mark forums read if using cookie based topic tracking (Bug #13245)</li>
+		<li>[Change] Put custom profile fields into top box and signature into separate box in members profile view (Bug #13357)</li>
+		<li>[Fix] Only show moderator log entries for forums the user is having moderation rights in (Bug #12481)</li>
+		<li>[Feature] Show resulting permission alone in trace window (Bug #10952) - thanks to dark/rain for the proposal</li>
+		<li>[Fix] Fixed bug in realpath replacement letting it actually work again</li>
+		<li>[Change] Try to be a bit more specific regarding global/local permission trace (Bug #11032)</li>
+		<li>[Fix] Fixed some strangeness in password validation due to mb_ereg()</li>
+		<li>[Fix] Subforums of a forum would overwrite the latest post information even if they did not contain the latest post (Bug #11931)</li>
+		<li>[Fix] Use global username display function on several places (Bug #11080, #11098) - patch by HoL</li>
+		<li>[Fix] Several viewonline fixes and feature changes. Also displaying the users browser in viewonline list to let the admin easier spot additional search bots, connected to a_user permission (Bug #11088) - patch and suggestions provided by HoL</li>
+		<li>[Change] u_viewprofile permission also affecting viewonline list now</li>
+		<li>[Fix] Do not display return to search link in prosilver if search is not allowed (Bug #11393)</li>
+		<li>[Fix] Use global url validation for img bbcode tag (Bug #11935)</li>
+		<li>[Fix] Added proper unicode support to style names (Bug #12165)</li>
+		<li>[Fix] Search result extract should not end in the middle of a multibyte character (Bug #11863)</li>
+		<li>[Fix] Missing localisation for an imageset no longer triggers a lot of "imageset refreshed" log messages (Bug #12027)</li>
+		<li>[Fix] Explain that themes which need parsing cannot be stored on the filesystem (Bug #11134)</li>
+		<li>[Fix] Normalize usernames</li>
+		<li>[Change] Improved utf8_clean_string with a more complete list of homographs and NFKC normalization</li>
+		<li>[Fix] Fixed error messages that ACP Database can give (Bug #13463)</li>
+		<li>[Fix] Fixed potential issues with databases that use tables names is uppercase</li>
+		<li>[Fix] Handle forum links/redirects within viewforum if no read permission given (to display login box or error message) (Bug #13467)</li>
+		<li>[Fix] Prevent changing postable forum having subforums to link forum without moving subforums out first</li>
+		<li>[Fix] Do not display version in admin template (Bug #13495)</li>
+		<li>[Fix] Allow manual specification of remote avatar dimensions if getimagesize is disabled (Bug #13531)</li>
+		<li>[Fix] Make viewonline use the session page's added forum parameter (Bug #13597)</li>
+		<li>[Fix] Correcting BBCode FAQ (Bug #11180)</li>
+		<li>[Fix] Make to/bcc line in view private message display consistent with other username displays in prosilver (Bug #11989)</li>
+		<li>[Fix] Send out activation email if admin activation is enabled and user activated through inactive users panel upon registration (Bug #12065)</li>
+		<li>[Change] Re-implemented All Yes/No/Never links in permission panels for easier changing all categories at once</li>
+		<li>[Change] Advanced permission link now &quot;marked&quot; if no role is assigned and custom permissions set. With this an admin can instantly see if the object is not set at all or having custom permissions, something you only saw if advanced permissions were viewed before.</li>
+		<li>[Fix] Change misleading custom BBCodes explanation, regarding tokens and useable template variables (Bug #12403, #5660)</li>
+		<li>[Feature] Ability to disable birthdays completely with new board features setting</li>
+		<li>[Fix] Fix disallowed username check (Bug #13511)</li>
+		<li>[Fix] Allow for unicode usernames to be pruned (Bug #13643)</li>
+		<li>[Fix] Do not copy forum permissions from self (Bug #13663)</li>
+		<li>[Fix] Allow for polls to work during preview (Bug #13657) - thanks to Thatbitextra</li>
+		<li>[Fix] Finer error conditions for sending IM messages (Bugs #13681, #13683)</li>
+		<li>[Fix] Add a confirmation for log deletion in the MCP (Bug #13693)</li>
+		<li>[Fix] Do not erase ranks and avatars when changing default groups (Bugs #13701, #13697)</li>
+		<li>[Fix] Limit author searches to firstpost, if selected (Bug #13579)</li>
+		<li>[Fix] Properly resync user post counts for users that have no posts (Bug #13581)</li>
+		<li>[Fix] Do not require space after , in smiley pak files (Bug #13647)</li>
+		<li>[Fix] Properly display the subscribe link in topic and forum display for Oracle (Bug #13583)</li>
+		<li>[Change] Add version number to ACP index (Bug #13703)</li>
+		<li>[Fix] Several fixes for custom profile fields on multi-lingual boards (Bugs #13763, #13527, #13525, #11515)</li>
+		<li>[Fix] Return to the mode previously selected after disaproving a post (Bug #13796)</li>
+		<li>[Fix] Cron now uses a locking variable to make sure it does not spawn too many webserver processes (Bug #12741)</li>
+		<li>[Fix] Cached stylesheet now supporting gzip compression</li>
+		<li>[Fix] Added link to inbox for deleted PMs (Bug #13813)</li>
+		<li>[Fix] Re-syncing the board stats also refreshes the newest user (Bug #13831)</li>
+		<li>[Feature] Ability to externally set $phpbb_root_path if wrapping phpBB3 by defining constant PHPBB_ROOT_PATH</li>
+		<li>[Fix] Implemented correct left/right floating within ACP in regard to RTL languages (Bug #13777)</li>
+		<li>[Fix] Fixing session problems when using MySQL strict mode in conjunction with very long browser agent string (Bug #13827)</li>
+		<li>[Fix] Disallow post/pm subjects entirely made up from non-printable chars and whitespaces (Bug #13800)</li>
+		<li>[Fix] Allow moving private messages from the sentbox (Bug #13791)</li>
+		<li>[Fix] Properly export localized imagesets</li>
+		<li>[Feature] Show the size of Firebird databases</li>
+		<li>[Fix] Show error when moving topic into a category via quickmod (Bug #11611)</li>
+		<li>[Fix] Allow Oracle to install on a database without specify the database name</li>
+
+	</ul>
+
+	</div>
+	<a href="#top">Top</a>
+	<br /><br />
+
+	<hr />
+
+	<a name="v30rc2"></a><b>1.ii. Changes since 3.0.RC2</b>
 	<br /><br />
 	<div class="paragraph">
 
@@ -192,7 +312,7 @@ p a {
 		<li>[Fix] Correct approval of posts in global announcements (Bug #12699)</li>
 		<li>[Sec] Do not allow setup spiders/robots to post, even if permissions are given. We see no reason why this should be possible. (Thanks to Frank Rizzo for convincing us regarding this)</li>
 		<li>[Sec] Do not display the last active column within the memberlist if u_viewonline permission is not given (Bug #12797)</li>
-		<li>[Fix] Display custom profile field &quotdate&quot; based on users language (Bug #12787)</li>
+		<li>[Fix] Display custom profile field &quot;date&quot; based on users language (Bug #12787)</li>
 		<li>[Fix] Allow adding of help language files within subdirectories (Bug #12783)</li>
 		<li>[Fix] Correctly apply smileys on posting having # within their emotion code</li>
 		<li>[Fix] Correctly convert smileys having double quotes within their emotion code (Bug #12731)</li>
@@ -234,7 +354,7 @@ p a {
 
 	<hr />
 
-	<a name="v30rc1"></a><b>1.ii. Changes since 3.0.RC1</b>
+	<a name="v30rc1"></a><b>1.iii. Changes since 3.0.RC1</b>
 	<br /><br />
 	<div class="paragraph">
 

phpBB/docs/FAQ.html

@@ -298,7 +298,7 @@ p a {
 
 <div class="paragraph">
 
-<p>phpBB categorises gallery avatars and it does this by reading through folders contained in the location you specified as being the gallery path. For example, if you set the gallery path to <samp>images/avatars/gallery</samp> phpBB will expect to find a series of folders within that path, eg. <samp>images/avatars/gallery/moviestars</samp>, <samp>images/avatars/gallery/cartoons</samp>, <samp>images/avatars/gallery/misc</samp>, etc. Placing images directly in <samp>images/avatars/gallery/</samp> will result in nothing being listed in your gallery.</p>
+<p>phpBB categorises gallery avatars and it does this by reading through folders contained in the location you specified as being the gallery path. For example, if you set the gallery path to <samp>images/avatars/gallery</samp> phpBB will expect to find a series of folders within that path, e.g. <samp>images/avatars/gallery/moviestars</samp>, <samp>images/avatars/gallery/cartoons</samp>, <samp>images/avatars/gallery/misc</samp>, etc. Placing images directly in <samp>images/avatars/gallery/</samp> will result in nothing being listed in your gallery.</p>
 
 </div>
 <a href="#top">Top</a>
@@ -324,7 +324,7 @@ p a {
 
 <p>If you (or your users) are, after attempting a login, being returned to the index (or other page) without appearing to be logged in the most likely problem is incorrect cookie settings. phpBB uses cookies to store a session id and a small amount of user data. For this data to be stored correctly the cookie domain, name, path and secure settings must be correct. You can check this in <code>Admin-&gt;General-&gt;Server Configuration-&gt;Cookie Settings</code>. Typically the cookie domain can be left blank and the cookie path set to <samp>/</samp> (a single forward slash). Do <strong>not</strong> set the cookie as being secure unless your board is running over a secure sockets layer connection, ie. https://</p>
 
-<p>If you still have problems try setting the cookie domain to your full domain name, eg. <samp>www.mysystem.tld</samp>, <samp>www.something.mydomain.tld</samp>. You <strong>must</strong> ensure the domain name contains at least two dots or browsers will be unlikely to recognise the cookie, eg. <samp>.mydomain.com</samp>, <samp>mydomain.com</samp>. Do <strong>not</strong> add http:// or anything else to the domain name!</p>
+<p>If you still have problems try setting the cookie domain to your full domain name, e.g. <samp>www.mysystem.tld</samp>, <samp>www.something.mydomain.tld</samp>. You <strong>must</strong> ensure the domain name contains at least two dots or browsers will be unlikely to recognise the cookie, e.g. <samp>.mydomain.com</samp>, <samp>mydomain.com</samp>. Do <strong>not</strong> add http:// or anything else to the domain name!</p>
 
 </div>
 <a href="#top">Top</a>

phpBB/docs/README.html

@@ -360,9 +360,9 @@ p a {
 	<p>If you do post a new bug (i.e. one that isn't already listed in the bug tracker) firstly make sure you have logged in (your username and password are the same as for the community forums) then please include the following details:</p>
 
 	<ul class="menu">
-		<li>Your server type/version, eg. Apache 1.3.28, IIS 4, Sambar, etc.</li>
-		<li>PHP version and mode of operation, eg. PHP 5.1.1 as a module, PHP 4.4.4 running as CGI, etc.</li>
-		<li>DB type/version, eg. MySQL 4.0.1, PostgreSQL 7.3.2, MSSQL Server 2000 SP1, etc.</li>
+		<li>Your server type/version, e.g. Apache 1.3.28, IIS 4, Sambar, etc.</li>
+		<li>PHP version and mode of operation, e.g. PHP 5.1.1 as a module, PHP 4.4.4 running as CGI, etc.</li>
+		<li>DB type/version, e.g. MySQL 4.0.1, PostgreSQL 7.3.2, MSSQL Server 2000 SP1, etc.</li>
 	</ul>
 
 	<p>The relevant database type/version is listed within the administration control panel</p>

phpBB/download.php

@@ -12,7 +12,7 @@
 * @ignore
 */
 define('IN_PHPBB', true);
-$phpbb_root_path = './';
+$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './';
 $phpEx = substr(strrchr(__FILE__, '.'), 1);
 
 if (isset($_GET['avatar']))
@@ -322,7 +322,20 @@ function send_avatar_to_browser($file)
 			header("Content-Length: $size");
 		}
 
-		readfile($file_path);
+		if (@readfile($file_path) === false)
+		{
+			$fp = @fopen($file_path, 'rb');
+
+			if ($fp !== false)
+			{
+				while (!feof($fp))
+				{
+					echo fread($fp, 8192);
+				}
+				fclose($fp);
+			}
+		}
+
 		flush();
 	}
 	else
@@ -447,6 +460,10 @@ function send_file_to_browser($attachment, $upload_dir, $category)
 		}
 		fclose($fp);
 	}
+	else
+	{
+		@readfile($filename);
+	}
 
 	flush();
 	exit;

phpBB/faq.php

@@ -12,7 +12,7 @@
 * @ignore
 */
 define('IN_PHPBB', true);
-$phpbb_root_path = './';
+$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './';
 $phpEx = substr(strrchr(__FILE__, '.'), 1);
 include($phpbb_root_path . 'common.' . $phpEx);
 

phpBB/includes/acm/acm_file.php

@@ -39,7 +39,7 @@ class acm
 		global $phpEx;
 		if (file_exists($this->cache_dir . 'data_global.' . $phpEx))
 		{
-			include($this->cache_dir . 'data_global.' . $phpEx);
+			@include($this->cache_dir . 'data_global.' . $phpEx);
 		}
 		else
 		{
@@ -159,7 +159,7 @@ class acm
 				return false;
 			}
 
-			include($this->cache_dir . "data{$var_name}.$phpEx");
+			@include($this->cache_dir . "data{$var_name}.$phpEx");
 			return (isset($data)) ? $data : false;
 		}
 		else
@@ -256,7 +256,12 @@ class acm
 				}
 
 				// The following method is more failproof than simply assuming the query is on line 3 (which it should be)
-				$check_line = file_get_contents($this->cache_dir . $entry);
+				$check_line = @file_get_contents($this->cache_dir . $entry);
+
+				if (empty($check_line))
+				{
+					continue;
+				}
 
 				// Now get the contents between /* and */
 				$check_line = substr($check_line, strpos($check_line, '/* ') + 3, strpos($check_line, ' */') - strpos($check_line, '/* ') - 3);
@@ -264,7 +269,8 @@ class acm
 				$found = false;
 				foreach ($table as $check_table)
 				{
-					if (strpos($check_line, $check_table . ' ') !== false)
+					// Better catch partial table names than no table names. ;)
+					if (strpos($check_line, $check_table) !== false)
 					{
 						$found = true;
 						break;

phpBB/includes/acp/acp_attachments.php

@@ -441,7 +441,7 @@ class acp_attachments
 						$ext_row = array();
 					}
 
-					$group_name = request_var('group_name', '', true);
+					$group_name = utf8_normalize_nfc(request_var('group_name', '', true));
 					$new_group_name = ($action == 'add') ? $group_name : (($ext_row['group_name'] != $group_name) ? $group_name : '');
 
 					if (!$group_name)
@@ -618,7 +618,7 @@ class acp_attachments
 						if ($action == 'add')
 						{
 							$ext_group_row = array(
-								'group_name'	=> request_var('group_name', '', true),
+								'group_name'	=> utf8_normalize_nfc(request_var('group_name', '', true)),
 								'cat_id'		=> 0,
 								'allow_group'	=> 1,
 								'allow_in_pm'	=> 1,

phpBB/includes/acp/acp_ban.php

@@ -33,12 +33,12 @@ class acp_ban
 		if ($bansubmit)
 		{
 			// Grab the list of entries
-			$ban				= request_var('ban', '', true);
+			$ban				= utf8_normalize_nfc(request_var('ban', '', true));
 			$ban_len			= request_var('banlength', 0);
 			$ban_len_other		= request_var('banlengthother', '');
 			$ban_exclude		= request_var('banexclude', 0);
-			$ban_reason			= request_var('banreason', '', true);
-			$ban_give_reason	= request_var('bangivereason', '', true);
+			$ban_reason			= utf8_normalize_nfc(request_var('banreason', '', true));
+			$ban_give_reason	= utf8_normalize_nfc(request_var('bangivereason', '', true));
 
 			if ($ban)
 			{

phpBB/includes/acp/acp_bbcodes.php

@@ -75,8 +75,8 @@ class acp_bbcodes
 				$display_on_posting = request_var('display_on_posting', 0);
 
 				$bbcode_match = request_var('bbcode_match', '');
-				$bbcode_tpl = htmlspecialchars_decode(request_var('bbcode_tpl', '', true));
-				$bbcode_helpline = request_var('bbcode_helpline', '', true);
+				$bbcode_tpl = htmlspecialchars_decode(utf8_normalize_nfc(request_var('bbcode_tpl', '', true)));
+				$bbcode_helpline = utf8_normalize_nfc(request_var('bbcode_helpline', '', true));
 			break;
 		}
 

phpBB/includes/acp/acp_board.php

@@ -73,9 +73,10 @@ class acp_board
 						'allow_sig'				=> array('lang' => 'ALLOW_SIG',				'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
 						'allow_nocensors'		=> array('lang' => 'ALLOW_NO_CENSORS',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'allow_bookmarks'		=> array('lang' => 'ALLOW_BOOKMARKS',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
+						'allow_birthdays'		=> array('lang' => 'ALLOW_BIRTHDAYS',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 
 						'legend2'				=> 'ACP_LOAD_SETTINGS',
-						'load_birthdays'		=> array('lang' => 'YES_BIRTHDAYS',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
+						'load_birthdays'		=> array('lang' => 'YES_BIRTHDAYS',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'load_moderators'		=> array('lang' => 'YES_MODERATORS',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
 						'load_jumpbox'			=> array('lang' => 'YES_JUMPBOX',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
 						'load_cpf_memberlist'	=> array('lang' => 'LOAD_CPF_MEMBERLIST',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
@@ -250,7 +251,7 @@ class acp_board
 						'load_online'			=> array('lang' => 'YES_ONLINE',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'load_online_guests'	=> array('lang' => 'YES_ONLINE_GUESTS',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'load_onlinetrack'		=> array('lang' => 'YES_ONLINE_TRACK',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
-						'load_birthdays'		=> array('lang' => 'YES_BIRTHDAYS',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
+						'load_birthdays'		=> array('lang' => 'YES_BIRTHDAYS',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'load_moderators'		=> array('lang' => 'YES_MODERATORS',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
 						'load_jumpbox'			=> array('lang' => 'YES_JUMPBOX',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
 						'load_user_activity'	=> array('lang' => 'LOAD_USER_ACTIVITY',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),

phpBB/includes/acp/acp_bots.php

@@ -129,7 +129,7 @@ class acp_bots
 				include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx);
 
 				$bot_row = array(
-					'bot_name'		=> request_var('bot_name', '', true),
+					'bot_name'		=> utf8_normalize_nfc(request_var('bot_name', '', true)),
 					'bot_agent'		=> request_var('bot_agent', ''),
 					'bot_ip'		=> request_var('bot_ip', ''),
 					'bot_active'	=> request_var('bot_active', true),

phpBB/includes/acp/acp_database.php

@@ -48,7 +48,7 @@ class acp_database
 
 						if (!sizeof($table))
 						{
-							trigger_error($user->lang['TABLE_SELECT_ERROR'] . adm_back_link($this->u_action));
+							trigger_error($user->lang['TABLE_SELECT_ERROR'] . adm_back_link($this->u_action), E_USER_WARNING);
 						}
 
 						$store = $download = $structure = $schema_data = false;
@@ -165,7 +165,7 @@ class acp_database
 						$tables = get_tables($db);
 						foreach ($tables as $table_name)
 						{
-							if (strlen($table_prefix) === 0 || strpos($table_name, $table_prefix) === 0)
+							if (strlen($table_prefix) === 0 || stripos($table_name, $table_prefix) === 0)
 							{
 								$template->assign_block_vars('tables', array(
 									'TABLE'	=> $table_name
@@ -343,7 +343,7 @@ class acp_database
 											{
 												if ($sub === false)
 												{
-													trigger_error($user->lang['RESTORE_FAILURE'] . adm_back_link($this->u_action));
+													trigger_error($user->lang['RESTORE_FAILURE'] . adm_back_link($this->u_action), E_USER_WARNING);
 												}
 												pg_put_line($db->db_connect_id, $sub . "\n");
 											}

phpBB/includes/acp/acp_disallow.php

@@ -33,7 +33,7 @@ class acp_disallow
 
 		if ($disallow)
 		{
-			$disallowed_user = str_replace('*', '%', request_var('disallowed_user', '', true));
+			$disallowed_user = str_replace('*', '%', utf8_normalize_nfc(request_var('disallowed_user', '', true)));
 
 			if (!$disallowed_user)
 			{

phpBB/includes/acp/acp_email.php

@@ -30,8 +30,8 @@ class acp_email
 
 		$usernames	= request_var('usernames', '', true);
 		$group_id	= request_var('g', 0);
-		$subject	= request_var('subject', '', true);
-		$message	= request_var('message', '', true);
+		$subject	= utf8_normalize_nfc(request_var('subject', '', true));
+		$message	= utf8_normalize_nfc(request_var('message', '', true));
 
 		// Do the job ...
 		if ($submit)
@@ -178,7 +178,7 @@ class acp_email
 				if ($usernames)
 				{
 					$usernames = explode("\n", $usernames);
-					add_log('admin', 'LOG_MASS_EMAIL', implode(', ', $usernames));
+					add_log('admin', 'LOG_MASS_EMAIL', implode(', ', utf8_normalize_nfc($usernames)));
 				}
 				else
 				{

phpBB/includes/acp/acp_forums.php

@@ -103,14 +103,14 @@ class acp_forums
 						'type_action'			=> request_var('type_action', ''),
 						'forum_status'			=> request_var('forum_status', ITEM_UNLOCKED),
 						'forum_parents'			=> '',
-						'forum_name'			=> request_var('forum_name', '', true),
+						'forum_name'			=> utf8_normalize_nfc(request_var('forum_name', '', true)),
 						'forum_link'			=> request_var('forum_link', ''),
 						'forum_link_track'		=> request_var('forum_link_track', false),
-						'forum_desc'			=> request_var('forum_desc', '', true),
+						'forum_desc'			=> utf8_normalize_nfc(request_var('forum_desc', '', true)),
 						'forum_desc_uid'		=> '',
 						'forum_desc_options'	=> 7,
 						'forum_desc_bitfield'	=> '',
-						'forum_rules'			=> request_var('forum_rules', '', true),
+						'forum_rules'			=> utf8_normalize_nfc(request_var('forum_rules', '', true)),
 						'forum_rules_uid'		=> '',
 						'forum_rules_options'	=> 7,
 						'forum_rules_bitfield'	=> '',
@@ -163,7 +163,7 @@ class acp_forums
 						$forum_perm_from = request_var('forum_perm_from', 0);
 
 						// Copy permissions?
-						if ($forum_perm_from)
+						if ($forum_perm_from && !empty($forum_perm_from) && $forum_perm_from != $forum_data['forum_id'])
 						{
 							// if we edit a forum delete current permissions first
 							if ($action == 'edit')
@@ -445,7 +445,7 @@ class acp_forums
 							'parent_id'				=> $this->parent_id,
 							'forum_type'			=> FORUM_POST,
 							'forum_status'			=> ITEM_UNLOCKED,
-							'forum_name'			=> request_var('forum_name', '', true),
+							'forum_name'			=> utf8_normalize_nfc(request_var('forum_name', '', true)),
 							'forum_link'			=> '',
 							'forum_link_track'		=> false,
 							'forum_desc'			=> '',
@@ -638,7 +638,7 @@ class acp_forums
 					'S_STATUS_OPTIONS'			=> $statuslist,
 					'S_PARENT_OPTIONS'			=> $parents_list,
 					'S_STYLES_OPTIONS'			=> $styles_list,
-					'S_FORUM_OPTIONS'			=> make_forum_select(($action == 'add') ? $forum_data['parent_id'] : false, false, false, false, false),
+					'S_FORUM_OPTIONS'			=> make_forum_select(($action == 'add') ? $forum_data['parent_id'] : false, ($action == 'edit') ? $forum_data['forum_id'] : false, false, false, false),
 					'S_SHOW_DISPLAY_ON_INDEX'	=> $s_show_display_on_index,
 					'S_FORUM_POST'				=> ($forum_data['forum_type'] == FORUM_POST) ? true : false,
 					'S_FORUM_ORIG_POST'			=> (isset($old_forum_type) && $old_forum_type == FORUM_POST) ? true : false,
@@ -991,6 +991,13 @@ class acp_forums
 
 			if ($row['forum_type'] == FORUM_POST && $row['forum_type'] != $forum_data_sql['forum_type'])
 			{
+				// Has subforums and want to change into a link?
+				if ($row['right_id'] - $row['left_id'] > 1 && $forum_data_sql['forum_type'] == FORUM_LINK)
+				{
+					$errors[] = $user->lang['FORUM_WITH_SUBFORUMS_NOT_TO_LINK'];
+					return $errors;
+				}
+
 				// we're turning a postable forum into a non-postable forum
 				if ($forum_data_sql['type_action'] == 'move')
 				{

phpBB/includes/acp/acp_groups.php

@@ -258,8 +258,8 @@ class acp_groups
 				// Did we submit?
 				if ($update)
 				{
-					$group_name	= request_var('group_name', '', true);
-					$group_desc = request_var('group_desc', '', true);
+					$group_name	= utf8_normalize_nfc(request_var('group_name', '', true));
+					$group_desc = utf8_normalize_nfc(request_var('group_desc', '', true));
 					$group_type	= request_var('group_type', GROUP_FREE);
 
 					$allow_desc_bbcode	= request_var('desc_parse_bbcode', false);
@@ -450,7 +450,7 @@ class acp_groups
 				}
 				else if (!$group_id)
 				{
-					$group_name = request_var('group_name', '', true);
+					$group_name = utf8_normalize_nfc(request_var('group_name', '', true));
 					$group_desc_data = array(
 						'text'			=> '',
 						'allow_bbcode'	=> true,

phpBB/includes/acp/acp_icons.php

@@ -189,6 +189,7 @@ class acp_icons
 				$db->sql_freeresult($result);
 
 				$order_list = '<option value="1"' . ((!isset($after)) ? ' selected="selected"' : '') . '>' . $user->lang['FIRST'] . '</option>' . $order_list;
+				$add_order_list = '<option value="1">' . $user->lang['FIRST'] . '</option>' . $add_order_list;
 
 				if ($action == 'add')
 				{
@@ -275,16 +276,16 @@ class acp_icons
 				$image_width	= (isset($_POST['width'])) ? request_var('width', array('' => 0)) : array();
 				$image_height	= (isset($_POST['height'])) ? request_var('height', array('' => 0)) : array();
 				$image_add		= (isset($_POST['add_img'])) ? request_var('add_img', array('' => 0)) : array();
-				$image_emotion	= request_var('emotion', array('' => ''), true);
-				$image_code		= request_var('code', array('' => ''), true);
+				$image_emotion	= utf8_normalize_nfc(request_var('emotion', array('' => ''), true));
+				$image_code		= utf8_normalize_nfc(request_var('code', array('' => ''), true));
 				$image_display_on_posting = (isset($_POST['display_on_posting'])) ? request_var('display_on_posting', array('' => 0)) : array();
 
 				// Ok, add the relevant bits if we are adding new codes to existing emoticons...
 				if (!empty($_POST['add_additional_code']))
 				{
 					$add_image			= request_var('add_image', '');
-					$add_code			= request_var('add_code', '', true);
-					$add_emotion		= request_var('add_emotion', '', true);
+					$add_code			= utf8_normalize_nfc(request_var('add_code', '', true));
+					$add_emotion		= utf8_normalize_nfc(request_var('add_emotion', '', true));
 
 					if ($add_image && $add_emotion && $add_code)
 					{
@@ -336,7 +337,7 @@ class acp_icons
 						}
 
 						// Image_order holds the 'new' order value
-						if (!empty($image_order[$image]) && !empty($$image_id[$image]))
+						if (!empty($image_order[$image]))
 						{
 							$img_sql = array_merge($img_sql, array(
 								$fields . '_order'	=>	$image_order[$image])
@@ -363,19 +364,19 @@ class acp_icons
 							}
 						}
 
-						if ($action == 'modify')
+						if ($action == 'modify'  && !empty($image_id[$image]))
 						{
 							$sql = "UPDATE $table
 								SET " . $db->sql_build_array('UPDATE', $img_sql) . " 
 								WHERE {$fields}_id = " . $image_id[$image];
 							$db->sql_query($sql);
 						}
-						else
+						else if ($action !== 'modify')
 						{
 							$sql = "INSERT INTO $table " . $db->sql_build_array('INSERT', $img_sql);
 							$db->sql_query($sql);
 						}
-					}
+ 					}
 				}
 				
 				$cache->destroy('_icons');
@@ -409,7 +410,7 @@ class acp_icons
 					// Make sure the pak_ary is valid
 					foreach ($pak_ary as $pak_entry)
 					{
-						if (preg_match_all("#'(.*?)', #", $pak_entry, $data))
+						if (preg_match_all("#'(.*?)', ?#", $pak_entry, $data))
 						{
 							if ((sizeof($data[1]) != 4 && $mode == 'icons') || 
 								(sizeof($data[1]) != 6 && $mode == 'smilies'))
@@ -472,7 +473,7 @@ class acp_icons
 					foreach ($pak_ary as $pak_entry)
 					{
 						$data = array();
-						if (preg_match_all("#'(.*?)', #", $pak_entry, $data))
+						if (preg_match_all("#'(.*?)', ?#", $pak_entry, $data))
 						{
 							if ((sizeof($data[1]) != 4 && $mode == 'icons') || 
 								(sizeof($data[1]) != 6 && $mode == 'smilies'))

phpBB/includes/acp/acp_inactive.php

@@ -60,7 +60,50 @@ class acp_inactive
 
 					if ($action == 'activate')
 					{
+						if ($config['require_activation'] == USER_ACTIVATION_ADMIN)
+						{
+							// Get those 'being activated'...
+							$sql = 'SELECT user_id, username, user_email, user_lang
+								FROM ' . USERS_TABLE . '
+								WHERE ' . $db->sql_in_set('user_id', $mark) . '
+									AND user_type = ' . USER_INACTIVE;
+							$result = $db->sql_query($sql);
+
+							$inactive_users = array();
+							while ($row = $db->sql_fetchrow($result))
+							{
+								$inactive_users[] = $row;
+							}
+							$db->sql_freeresult($result);
+						}
+
 						user_active_flip('activate', $mark);
+
+						if ($config['require_activation'] == USER_ACTIVATION_ADMIN && !empty($inactive_users))
+						{
+							include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
+
+							$messenger = new messenger();
+
+							foreach ($inactive_users as $row)
+							{
+								$messenger->template('admin_welcome_activated', $row['user_lang']);
+
+								$messenger->to($row['user_email'], $row['username']);
+
+								$messenger->headers('X-AntiAbuse: Board servername - ' . $config['server_name']);
+								$messenger->headers('X-AntiAbuse: User_id - ' . $user->data['user_id']);
+								$messenger->headers('X-AntiAbuse: Username - ' . $user->data['username']);
+
+								$messenger->assign_vars(array(
+									'USERNAME'	=> htmlspecialchars_decode($row['username']))
+								);
+
+								$messenger->send(NOTIFY_EMAIL);
+							}
+
+							$messenger->save_queue();
+						}
 					}
 					else if ($action == 'delete')
 					{

phpBB/includes/acp/acp_language.php

@@ -93,6 +93,11 @@ class acp_language
 
 				$method = request_var('method', '');
 
+				if (!class_exists($method))
+				{
+					trigger_error('Method does not exist.', E_USER_ERROR);
+				}
+
 				$requested_data = call_user_func(array($method, 'data'));
 				foreach ($requested_data as $data => $default)
 				{
@@ -141,8 +146,8 @@ class acp_language
 
 				$sql_ary	= array(
 					'lang_english_name'		=> request_var('lang_english_name', $row['lang_english_name']),
-					'lang_local_name'		=> request_var('lang_local_name', $row['lang_local_name'], true),
-					'lang_author'			=> request_var('lang_author', $row['lang_author'], true),
+					'lang_local_name'		=> utf8_normalize_nfc(request_var('lang_local_name', $row['lang_local_name'], true)),
+					'lang_author'			=> utf8_normalize_nfc(request_var('lang_author', $row['lang_author'], true)),
 				);
 
 				$db->sql_query('UPDATE ' . LANG_TABLE . ' 
@@ -201,7 +206,7 @@ class acp_language
 
 				// Get target filename for storage folder
 				$filename = $this->get_filename($row['lang_iso'], $this->language_directory, $this->language_file, true, true);
-				$fp = fopen($phpbb_root_path . $filename, 'wb');
+				$fp = @fopen($phpbb_root_path . $filename, 'wb');
 
 				if (!$fp)
 				{
@@ -271,7 +276,7 @@ class acp_language
 					header('Content-Type: application/octetstream; name="' . $this->language_file . '"');
 					header('Content-disposition: attachment; filename=' . $this->language_file);
 
-					$fp = fopen($phpbb_root_path . $filename, 'rb');
+					$fp = @fopen($phpbb_root_path . $filename, 'rb');
 					while ($buffer = fread($fp, 1024))
 					{
 						echo $buffer;
@@ -329,7 +334,10 @@ class acp_language
 					$transfer->close_session();
 
 					// Remove from storage folder
-					@unlink($phpbb_root_path . 'store/' . $lang_path . $file);
+					if (file_exists($phpbb_root_path . 'store/' . $lang_path . $file))
+					{
+						@unlink($phpbb_root_path . 'store/' . $lang_path . $file);
+					}
 
 					add_log('admin', 'LOG_LANGUAGE_FILE_REPLACED', $file);
 
@@ -406,7 +414,11 @@ class acp_language
 				if (isset($_POST['remove_store']))
 				{
 					$store_filename = $this->get_filename($lang_iso, $this->language_directory, $this->language_file, true, true);
-					@unlink($phpbb_root_path . $store_filename);
+
+					if (file_exists($phpbb_root_path . $store_filename))
+					{
+						@unlink($phpbb_root_path . $store_filename);
+					}
 				}
 
 				include_once($phpbb_root_path . 'includes/functions_transfer.' . $phpEx);
@@ -788,12 +800,12 @@ class acp_language
 								if (in_array($image_name, $valid_localized))
 								{
 									$sql_ary[] = array(
-										'image_name'		=> $image_name,
-										'image_filename'	=> $image_filename,
-										'image_height'		=> $image_height,
-										'image_width'		=> $image_width,
-										'imageset_id'		=> $imageset_row['imageset_id'],
-										'image_lang'		=> $lang_pack['iso'],
+										'image_name'		=> (string) $image_name,
+										'image_filename'	=> (string) $image_filename,
+										'image_height'		=> (int) $image_height,
+										'image_width'		=> (int) $image_width,
+										'imageset_id'		=> (int) $imageset_row['imageset_id'],
+										'image_lang'		=> (string) $lang_pack['iso'],
 									);
 								}
 							}
@@ -1323,12 +1335,12 @@ $lang = array_merge($lang, array(
 
 		if (!is_array($value))
 		{
-			$entry .= "{$tabs}'{$key}'\t=> '" . $this->prepare_lang_entry($value) . "',\n";
+			$entry .= "{$tabs}'" . $this->prepare_lang_entry($key) . "'\t=> '" . $this->prepare_lang_entry($value) . "',\n";
 		}
 		else
 		{
 			$_tabs = $tabs . "\t";
-			$entry .= "\n{$tabs}'{$key}'\t=> array(\n";
+			$entry .= "\n{$tabs}'" . $this->prepare_lang_entry($key) . "'\t=> array(\n";
 
 			foreach ($value as $_key => $_value)
 			{

phpBB/includes/acp/acp_main.php

@@ -18,7 +18,7 @@ class acp_main
 	function main($id, $mode)
 	{
 		global $config, $db, $user, $auth, $template;
-		global $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix;
+		global $phpbb_root_path, $phpbb_admin_path, $phpEx;
 
 		// Show restore permissions notice
 		if ($user->data['user_perm_from'] && $auth->acl_get('a_switchperm'))
@@ -151,6 +151,12 @@ class acp_main
 						$result = $db->sql_query($sql);
 						set_config('upload_dir_size', (int) $db->sql_fetchfield('stat'), true);
 						$db->sql_freeresult($result);
+						
+						if (!function_exists('update_last_username'))
+						{
+							include($phpbb_root_path . "includes/functions_user.$phpEx");
+						}
+						update_last_username();
 
 						add_log('admin', 'LOG_RESYNC_STATS');
 					break;
@@ -161,15 +167,15 @@ class acp_main
 							trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING);
 						}
 
-						$sql = 'SELECT COUNT(post_id) AS num_posts, poster_id
-							FROM ' . POSTS_TABLE . '
-							WHERE post_postcount = 1
-							GROUP BY poster_id';
+						$sql = 'SELECT COUNT(p.post_id) AS num_posts, u.user_id
+							FROM ' . USERS_TABLE . ' u
+							LEFT JOIN  ' . POSTS_TABLE . ' p ON (u.user_id = p.poster_id AND p.post_postcount = 1)
+							GROUP BY u.user_id';
 						$result = $db->sql_query($sql);
 
 						while ($row = $db->sql_fetchrow($result))
 						{
-							$db->sql_query('UPDATE ' . USERS_TABLE . " SET user_posts = {$row['num_posts']} WHERE user_id = {$row['poster_id']}");
+							$db->sql_query('UPDATE ' . USERS_TABLE . " SET user_posts = {$row['num_posts']} WHERE user_id = {$row['user_id']}");
 						}
 						$db->sql_freeresult($result);
 
@@ -245,8 +251,8 @@ class acp_main
 								foreach ($topic_row as $topic_id)
 								{
 									$sql_ary[] = array(
-										'user_id'		=> $user_id,
-										'topic_id'		=> $topic_id,
+										'user_id'		=> (int) $user_id,
+										'topic_id'		=> (int) $topic_id,
 										'topic_posted'	=> 1,
 									);
 								}
@@ -375,6 +381,7 @@ class acp_main
 			'S_TOTAL_ORPHAN'	=> ($total_orphan === false) ? false : true,
 			'GZIP_COMPRESSION'	=> ($config['gzip_compress']) ? $user->lang['ON'] : $user->lang['OFF'],
 			'DATABASE_INFO'		=> $db->sql_server_info(),
+			'BOARD_VERSION'		=> $config['version'],
 
 			'U_ACTION'			=> append_sid("{$phpbb_admin_path}index.$phpEx"),
 			'U_ADMIN_LOG'		=> append_sid("{$phpbb_admin_path}index.$phpEx", 'i=logs&mode=admin'),

phpBB/includes/acp/acp_modules.php

@@ -29,7 +29,7 @@ class acp_modules
 
 	function main($id, $mode)
 	{
-		global $db, $user, $auth, $template;
+		global $db, $user, $auth, $template, $module;
 		global $config, $phpbb_admin_path, $phpbb_root_path, $phpEx;
 
 		// Set a global define for modules we might include (the author is able to prevent execution of code by checking this constant)
@@ -50,6 +50,11 @@ class acp_modules
 			$user->add_lang('mcp');
 		}
 
+		if ($module->p_class != $this->module_class)
+		{
+			$module->add_mod_info($this->module_class);
+		}
+
 		$this->page_title = strtoupper($this->module_class);
 
 		$this->parent_id = request_var('parent_id', 0);
@@ -232,7 +237,7 @@ class acp_modules
 						'module_enabled'	=> 0,
 						'module_display'	=> 1,
 						'parent_id'			=> 0,
-						'module_langname'	=> request_var('module_langname', '', true),
+						'module_langname'	=> utf8_normalize_nfc(request_var('module_langname', '', true)),
 						'module_mode'		=> '',
 						'module_auth'		=> '',
 					);
@@ -245,7 +250,7 @@ class acp_modules
 				$module_data['module_display'] = request_var('module_display', (int) $module_row['module_display']);
 				$module_data['parent_id'] = request_var('module_parent_id', (int) $module_row['parent_id']);
 				$module_data['module_class'] = $this->module_class;
-				$module_data['module_langname'] = request_var('module_langname', (string) $module_row['module_langname'], true);
+				$module_data['module_langname'] = utf8_normalize_nfc(request_var('module_langname', (string) $module_row['module_langname'], true));
 				$module_data['module_mode'] = request_var('module_mode', (string) $module_row['module_mode']);
 
 				$submit = (isset($_POST['submit'])) ? true : false;
@@ -740,7 +745,7 @@ class acp_modules
 				$sql = 'SELECT left_id, right_id
 					FROM ' . MODULES_TABLE . "
 					WHERE module_class = '" . $db->sql_escape($module_data['module_class']) . "'
-						AND module_id = {$module_data['parent_id']}";
+						AND module_id = " . (int) $module_data['parent_id'];
 				$result = $db->sql_query($sql);
 				$row = $db->sql_fetchrow($result);
 				$db->sql_freeresult($result);
@@ -823,7 +828,7 @@ class acp_modules
 			$sql = 'UPDATE ' . MODULES_TABLE . '
 				SET ' . $db->sql_build_array('UPDATE', $update_ary) . "
 				WHERE module_class = '" . $db->sql_escape($module_data['module_class']) . "'
-					AND module_id = {$module_data['module_id']}";
+					AND module_id = " . (int) $module_data['module_id'];
 			$db->sql_query($sql);
 
 			if (!$run_inline)
@@ -856,15 +861,15 @@ class acp_modules
 		$sql = 'UPDATE ' . MODULES_TABLE . "
 			SET right_id = right_id - $diff
 			WHERE module_class = '" . $db->sql_escape($this->module_class) . "'
-				AND left_id < " . $from_data['right_id'] . "
-				AND right_id > " . $from_data['right_id'];
+				AND left_id < " . (int) $from_data['right_id'] . '
+				AND right_id > ' . (int) $from_data['right_id'];
 		$db->sql_query($sql);
 
 		// Resync righthand side of tree
 		$sql = 'UPDATE ' . MODULES_TABLE . "
 			SET left_id = left_id - $diff, right_id = right_id - $diff
 			WHERE module_class = '" . $db->sql_escape($this->module_class) . "'
-				AND left_id > " . $from_data['right_id'];
+				AND left_id > " . (int) $from_data['right_id'];
 		$db->sql_query($sql);
 
 		if ($to_parent_id > 0)
@@ -875,7 +880,7 @@ class acp_modules
 			$sql = 'UPDATE ' . MODULES_TABLE . "
 				SET right_id = right_id + $diff
 				WHERE module_class = '" . $db->sql_escape($this->module_class) . "'
-					AND " . $to_data['right_id'] . ' BETWEEN left_id AND right_id
+					AND " . (int) $to_data['right_id'] . ' BETWEEN left_id AND right_id
 					AND ' . $db->sql_in_set('module_id', $moved_ids, true);
 			$db->sql_query($sql);
 
@@ -883,7 +888,7 @@ class acp_modules
 			$sql = 'UPDATE ' . MODULES_TABLE . "
 				SET left_id = left_id + $diff, right_id = right_id + $diff
 				WHERE module_class = '" . $db->sql_escape($this->module_class) . "'
-					AND left_id > " . $to_data['right_id'] . '
+					AND left_id > " . (int) $to_data['right_id'] . '
 					AND ' . $db->sql_in_set('module_id', $moved_ids, true);
 			$db->sql_query($sql);
 
@@ -908,7 +913,7 @@ class acp_modules
 			$row = $db->sql_fetchrow($result);
 			$db->sql_freeresult($result);
 
-			$diff = '+ ' . ($row['right_id'] - $from_data['left_id'] + 1);
+			$diff = '+ ' . (int) ($row['right_id'] - $from_data['left_id'] + 1);
 		}
 
 		$sql = 'UPDATE ' . MODULES_TABLE . "
@@ -941,6 +946,9 @@ class acp_modules
 				AND module_id = $module_id";
 		$db->sql_query($sql);
 
+		$row['right_id'] = (int) $row['right_id'];
+		$row['left_id'] = (int) $row['left_id'];
+
 		// Resync tree
 		$sql = 'UPDATE ' . MODULES_TABLE . "
 			SET right_id = right_id - $diff
@@ -976,8 +984,8 @@ class acp_modules
 		$sql = 'SELECT module_id, left_id, right_id, module_langname
 			FROM ' . MODULES_TABLE . "
 			WHERE module_class = '" . $db->sql_escape($this->module_class) . "'
-				AND parent_id = {$module_row['parent_id']}
-				AND " . (($action == 'move_up') ? "right_id < {$module_row['right_id']} ORDER BY right_id DESC" : "left_id > {$module_row['left_id']} ORDER BY left_id ASC");
+				AND parent_id = " . (int) $module_row['parent_id'] . '
+				AND ' . (($action == 'move_up') ? 'right_id < ' . (int) $module_row['right_id'] . ' ORDER BY right_id DESC' : 'left_id > ' . (int) $module_row['left_id'] . ' ORDER BY left_id ASC');
 		$result = $db->sql_query_limit($sql, $steps);
 
 		$target = array();
@@ -1002,25 +1010,25 @@ class acp_modules
 		*/
 		if ($action == 'move_up')
 		{
-			$left_id = $target['left_id'];
-			$right_id = $module_row['right_id'];
+			$left_id = (int) $target['left_id'];
+			$right_id = (int) $module_row['right_id'];
 
-			$diff_up = $module_row['left_id'] - $target['left_id'];
-			$diff_down = $module_row['right_id'] + 1 - $module_row['left_id'];
+			$diff_up = (int) ($module_row['left_id'] - $target['left_id']);
+			$diff_down = (int) ($module_row['right_id'] + 1 - $module_row['left_id']);
 
-			$move_up_left = $module_row['left_id'];
-			$move_up_right = $module_row['right_id'];
+			$move_up_left = (int) $module_row['left_id'];
+			$move_up_right = (int) $module_row['right_id'];
 		}
 		else
 		{
-			$left_id = $module_row['left_id'];
-			$right_id = $target['right_id'];
+			$left_id = (int) $module_row['left_id'];
+			$right_id = (int) $target['right_id'];
 
-			$diff_up = $module_row['right_id'] + 1 - $module_row['left_id'];
-			$diff_down = $target['right_id'] - $module_row['right_id'];
+			$diff_up = (int) ($module_row['right_id'] + 1 - $module_row['left_id']);
+			$diff_down = (int) ($target['right_id'] - $module_row['right_id']);
 
-			$move_up_left = $module_row['right_id'] + 1;
-			$move_up_right = $target['right_id'];
+			$move_up_left = (int) ($module_row['right_id'] + 1);
+			$move_up_right = (int) $target['right_id'];
 		}
 
 		// Now do the dirty job

phpBB/includes/acp/acp_permission_roles.php

@@ -134,8 +134,8 @@ class acp_permission_roles
 
 				case 'add':
 
-					$role_name = request_var('role_name', '', true);
-					$role_description = request_var('role_description', '', true);
+					$role_name = utf8_normalize_nfc(request_var('role_name', '', true));
+					$role_description = utf8_normalize_nfc(request_var('role_description', '', true));
 					$auth_settings = request_var('setting', array('' => 0));
 
 					if (!$role_name)
@@ -214,8 +214,8 @@ class acp_permission_roles
 				$options_from = request_var('options_from', 0);
 
 				$role_row = array(
-					'role_name'			=> request_var('role_name', '', true),
-					'role_description'	=> request_var('role_description', '', true),
+					'role_name'			=> utf8_normalize_nfc(request_var('role_name', '', true)),
+					'role_description'	=> utf8_normalize_nfc(request_var('role_description', '', true)),
 					'role_type'			=> $permission_type,
 				);
 

phpBB/includes/acp/acp_permissions.php

@@ -448,7 +448,7 @@ class acp_permissions
 		}
 
 		$template->assign_vars(array(
-			'S_PERMISSION_DROPDOWN'		=> (sizeof($this->permission_dropdown) > 1) ? $this->build_permission_dropdown($this->permission_dropdown, $permission_type) : false,
+			'S_PERMISSION_DROPDOWN'		=> (sizeof($this->permission_dropdown) > 1) ? $this->build_permission_dropdown($this->permission_dropdown, $permission_type, $permission_scope) : false,
 			'L_PERMISSION_TYPE'			=> $user->lang['ACL_TYPE_' . strtoupper($permission_type)],
 
 			'U_ACTION'					=> $this->u_action,
@@ -522,7 +522,7 @@ class acp_permissions
 	/**
 	* Build dropdown field for changing permission types
 	*/
-	function build_permission_dropdown($options, $default_option)
+	function build_permission_dropdown($options, $default_option, $permission_scope)
 	{
 		global $user, $auth;
 		
@@ -533,8 +533,10 @@ class acp_permissions
 			{
 				continue;
 			}
+
 			$selected = ($setting == $default_option) ? ' selected="selected"' : '';
-			$s_dropdown_options .= '<option value="' . $setting . '"' . $selected . '>' . $user->lang['permission_type'][$setting] . '</option>';
+			$l_setting = (isset($user->lang['permission_type'][$permission_scope][$setting])) ? $user->lang['permission_type'][$permission_scope][$setting] : $user->lang['permission_type'][$setting];
+			$s_dropdown_options .= '<option value="' . $setting . '"' . $selected . '>' . $l_setting . '</option>';
 		}
 
 		return $s_dropdown_options;
@@ -899,7 +901,10 @@ class acp_permissions
 			'PERMISSION'			=> $user->lang['acl_' . $permission]['lang'],
 			'PERMISSION_USERNAME'	=> $userdata['username'],
 			'FORUM_NAME'			=> $forum_name,
-			'U_BACK'					=> ($back) ? build_url(array('f', 'back')) . "&amp;f=$back" : '')
+
+			'S_GLOBAL_TRACE'		=> ($forum_id) ? false : true,
+
+			'U_BACK'				=> ($back) ? build_url(array('f', 'back')) . "&amp;f=$back" : '')
 		);
 
 		$template->assign_block_vars('trace', array(
@@ -929,6 +934,8 @@ class acp_permissions
 		$db->sql_freeresult($result);
 
 		$total = ACL_NO;
+		$add_key = (($forum_id) ? '_LOCAL' : '');
+
 		if (sizeof($groups))
 		{
 			// Get group auth settings
@@ -945,16 +952,16 @@ class acp_permissions
 				switch ($row['auth_setting'])
 				{
 					case ACL_NO:
-						$information = $user->lang['TRACE_GROUP_NO'];
+						$information = $user->lang['TRACE_GROUP_NO' . $add_key];
 					break;
 
 					case ACL_YES:
-						$information = ($total == ACL_YES) ? $user->lang['TRACE_GROUP_YES_TOTAL_YES'] : (($total == ACL_NEVER) ? $user->lang['TRACE_GROUP_YES_TOTAL_NEVER'] : $user->lang['TRACE_GROUP_YES_TOTAL_NO']);
+						$information = ($total == ACL_YES) ? $user->lang['TRACE_GROUP_YES_TOTAL_YES' . $add_key] : (($total == ACL_NEVER) ? $user->lang['TRACE_GROUP_YES_TOTAL_NEVER' . $add_key] : $user->lang['TRACE_GROUP_YES_TOTAL_NO' . $add_key]);
 						$total = ($total == ACL_NO) ? ACL_YES : $total;
 					break;
 
 					case ACL_NEVER:
-						$information = ($total == ACL_YES) ? $user->lang['TRACE_GROUP_NEVER_TOTAL_YES'] : (($total == ACL_NEVER) ? $user->lang['TRACE_GROUP_NEVER_TOTAL_NEVER'] : $user->lang['TRACE_GROUP_NEVER_TOTAL_NO']);
+						$information = ($total == ACL_YES) ? $user->lang['TRACE_GROUP_NEVER_TOTAL_YES' . $add_key] : (($total == ACL_NEVER) ? $user->lang['TRACE_GROUP_NEVER_TOTAL_NEVER' . $add_key] : $user->lang['TRACE_GROUP_NEVER_TOTAL_NO' . $add_key]);
 						$total = ACL_NEVER;
 					break;
 				}
@@ -973,24 +980,24 @@ class acp_permissions
 			}
 		}
 
-		// Get user specific permission...
+		// Get user specific permission... globally or for this forum
 		$hold_ary = $auth->acl_user_raw_data($user_id, $permission, $forum_id);
 		$auth_setting = (!sizeof($hold_ary)) ? ACL_NO : $hold_ary[$user_id][$forum_id][$permission];
 
 		switch ($auth_setting)
 		{
 			case ACL_NO:
-				$information = ($total == ACL_NO) ? $user->lang['TRACE_USER_NO_TOTAL_NO'] : $user->lang['TRACE_USER_KEPT'];
+				$information = ($total == ACL_NO) ? $user->lang['TRACE_USER_NO_TOTAL_NO' . $add_key] : $user->lang['TRACE_USER_KEPT' . $add_key];
 				$total = ($total == ACL_NO) ? ACL_NEVER : $total;
 			break;
 
 			case ACL_YES:
-				$information = ($total == ACL_YES) ? $user->lang['TRACE_USER_YES_TOTAL_YES'] : (($total == ACL_NEVER) ? $user->lang['TRACE_USER_YES_TOTAL_NEVER'] : $user->lang['TRACE_USER_YES_TOTAL_NO']);
+				$information = ($total == ACL_YES) ? $user->lang['TRACE_USER_YES_TOTAL_YES' . $add_key] : (($total == ACL_NEVER) ? $user->lang['TRACE_USER_YES_TOTAL_NEVER' . $add_key] : $user->lang['TRACE_USER_YES_TOTAL_NO' . $add_key]);
 				$total = ($total == ACL_NO) ? ACL_YES : $total;
 			break;
 
 			case ACL_NEVER:
-				$information = ($total == ACL_YES) ? $user->lang['TRACE_USER_NEVER_TOTAL_YES'] : (($total == ACL_NEVER) ? $user->lang['TRACE_USER_NEVER_TOTAL_NEVER'] : $user->lang['TRACE_USER_NEVER_TOTAL_NO']);
+				$information = ($total == ACL_YES) ? $user->lang['TRACE_USER_NEVER_TOTAL_YES' . $add_key] : (($total == ACL_NEVER) ? $user->lang['TRACE_USER_NEVER_TOTAL_NEVER' . $add_key] : $user->lang['TRACE_USER_NEVER_TOTAL_NO' . $add_key]);
 				$total = ACL_NEVER;
 			break;
 		}
@@ -1007,8 +1014,7 @@ class acp_permissions
 			'S_TOTAL_NEVER'		=> ($total == ACL_NEVER) ? true : false)
 		);
 
-		// global permission might overwrite local permission
-		if (($forum_id != 0) && isset($auth->acl_options['global'][$permission]))
+		if ($forum_id != 0 && isset($auth->acl_options['global'][$permission]))
 		{
 			if ($user_id != $user->data['user_id'])
 			{
@@ -1031,17 +1037,21 @@ class acp_permissions
 				$information = $user->lang['TRACE_USER_GLOBAL_NEVER_TOTAL_KEPT'];
 			}
 
-			$template->assign_block_vars('trace', array(
-				'WHO'			=> sprintf($user->lang['TRACE_GLOBAL_SETTING'], $userdata['username']),
-				'INFORMATION'	=> sprintf($information, '<a href="' . $this->u_action . "&amp;u=$user_id&amp;f=0&amp;auth=$permission&amp;back=$forum_id\">", '</a>'),
+			// If there is no auth information we do not need to worry the user by showing non-relevant data.
+			if ($auth_setting)
+			{
+				$template->assign_block_vars('trace', array(
+					'WHO'			=> sprintf($user->lang['TRACE_GLOBAL_SETTING'], $userdata['username']),
+					'INFORMATION'	=> sprintf($information, '<a href="' . $this->u_action . "&amp;u=$user_id&amp;f=0&amp;auth=$permission&amp;back=$forum_id\">", '</a>'),
 
-				'S_SETTING_NO'		=> false,
-				'S_SETTING_YES'		=> $auth_setting,
-				'S_SETTING_NEVER'	=> !$auth_setting,
-				'S_TOTAL_NO'		=> false,
-				'S_TOTAL_YES'		=> ($total == ACL_YES) ? true : false,
-				'S_TOTAL_NEVER'		=> ($total == ACL_NEVER) ? true : false)
-			);
+					'S_SETTING_NO'		=> false,
+					'S_SETTING_YES'		=> $auth_setting,
+					'S_SETTING_NEVER'	=> !$auth_setting,
+					'S_TOTAL_NO'		=> false,
+					'S_TOTAL_YES'		=> ($total == ACL_YES) ? true : false,
+					'S_TOTAL_NEVER'		=> ($total == ACL_NEVER) ? true : false)
+				);
+			}
 		}
 
 		// Take founder status into account, overwriting the default values
@@ -1058,7 +1068,16 @@ class acp_permissions
 				'S_TOTAL_YES'		=> true,
 				'S_TOTAL_NEVER'		=> false)
 			);
+
+			$total = ACL_YES;
 		}
+
+		// Total value...
+		$template->assign_vars(array(
+			'S_RESULT_NO'		=> ($total == ACL_NO) ? true : false,
+			'S_RESULT_YES'		=> ($total == ACL_YES) ? true : false,
+			'S_RESULT_NEVER'	=> ($total == ACL_NEVER) ? true : false,
+		));
 	}
 
 	/**

phpBB/includes/acp/acp_php_info.php

@@ -45,7 +45,16 @@ class acp_php_info
 		}
 
 		$output = $output[1][0];
-		$output = preg_replace('#<tr class="v"><td>(.*?<a[^>]*><img[^>]*></a>)(.*?)</td></tr>#s', '<tr class="row1"><td><table class="type2"><tr><td>\2</td><td>\1</td></tr></table></td></tr>', $output);
+
+		// expose_php can make the image not exist
+		if (preg_match('#<a[^>]*><img[^>]*></a>#', $output))
+		{
+			$output = preg_replace('#<tr class="v"><td>(.*?<a[^>]*><img[^>]*></a>)(.*?)</td></tr>#s', '<tr class="row1"><td><table class="type2"><tr><td>\2</td><td>\1</td></tr></table></td></tr>', $output);
+		}
+		else
+		{
+			$output = preg_replace('#<tr class="v"><td>(.*?)</td></tr>#s', '<tr class="row1"><td><table class="type2"><tr><td>\1</td></tr></table></td></tr>', $output);
+		}
 		$output = preg_replace('#<table[^>]+>#i', '<table>', $output);
 		$output = preg_replace('#<img border="0"#i', '<img', $output);
 		$output = str_replace(array('class="e"', 'class="v"', 'class="h"', '<hr />', '<font', '</font>'), array('class="row1"', 'class="row2"', '', '', '<span', '</span>'), $output);

phpBB/includes/acp/acp_profile.php

@@ -349,12 +349,12 @@ class acp_profile
 					}
 
 					$field_row = array_merge($default_values[$field_type], array(
-						'field_ident'		=> request_var('field_ident', ''),
+						'field_ident'		=> utf8_clean_string(request_var('field_ident', '', true)),
 						'field_required'	=> 0,
 						'field_hide'		=> 0,
 						'field_no_view'		=> 0,
 						'field_show_on_reg'	=> 0,
-						'lang_name'			=> '',
+						'lang_name'			=> utf8_normalize_nfc(request_var('field_ident', '', true)),
 						'lang_explain'		=> '',
 						'lang_default_value'=> '')
 					);
@@ -381,10 +381,10 @@ class acp_profile
 					$exclude[1][] = 'lang_options';
 				}
 
-				$cp->vars['field_ident']		= request_var('field_ident', $field_row['field_ident']);
-				$cp->vars['lang_name']			= request_var('lang_name', $field_row['lang_name'], true);
-				$cp->vars['lang_explain']		= request_var('lang_explain', $field_row['lang_explain'], true);
-				$cp->vars['lang_default_value']	= request_var('lang_default_value', $field_row['lang_default_value'], true);
+				$cp->vars['field_ident']		= ($action == 'create' && $step == 1) ? utf8_clean_string(request_var('field_ident', $field_row['field_ident'], true)) : request_var('field_ident', $field_row['field_ident']);
+				$cp->vars['lang_name']			= utf8_normalize_nfc(request_var('lang_name', $field_row['lang_name'], true));
+				$cp->vars['lang_explain']		= utf8_normalize_nfc(request_var('lang_explain', $field_row['lang_explain'], true));
+				$cp->vars['lang_default_value']	= utf8_normalize_nfc(request_var('lang_default_value', $field_row['lang_default_value'], true));
 
 				// Field option...
 				if (isset($_REQUEST['field_option']))
@@ -409,11 +409,11 @@ class acp_profile
 				// A boolean field expects an array as the lang options
 				if ($field_type == FIELD_BOOL)
 				{
-					$options = request_var('lang_options', array(''), true);
+					$options = utf8_normalize_nfc(request_var('lang_options', array(''), true));
 				}
 				else
 				{
-					$options = request_var('lang_options', '', true);
+					$options = utf8_normalize_nfc(request_var('lang_options', '', true));
 				}
 
 				// If the user has submitted a form with options (i.e. dropdown field)
@@ -441,13 +441,13 @@ class acp_profile
 				// step 2
 				foreach ($exclude[2] as $key)
 				{
-					$var = request_var($key, $field_row[$key], true);
+					$var = utf8_normalize_nfc(request_var($key, $field_row[$key], true));
 
 					// Manipulate the intended variables a little bit if needed
 					if ($field_type == FIELD_DROPDOWN && $key == 'field_maxlen')
 					{
 						// Get the number of options if this key is 'field_maxlen'
-						$var = sizeof(explode("\n", request_var('lang_options', '', true)));
+						$var = sizeof(explode("\n", utf8_normalize_nfc(request_var('lang_options', '', true))));
 					}
 					else if ($field_type == FIELD_TEXT && $key == 'field_length')
 					{
@@ -491,6 +491,11 @@ class acp_profile
 								list($cp->vars['field_default_value_day'], $cp->vars['field_default_value_month'], $cp->vars['field_default_value_year']) = explode('-', $var);
 							}
 						}	
+					} 
+					else if ($field_type == FIELD_BOOL && $key == 'field_default_value')
+					{
+						// Get the number of options if this key is 'field_maxlen'
+						$var = request_var('field_default_value', 0);
 					}
 
 					$cp->vars[$key] = $var;
@@ -534,7 +539,7 @@ class acp_profile
 		
 				foreach ($exclude[3] as $key)
 				{
-					$cp->vars[$key] = request_var($key, array(0 => ''), true);
+					$cp->vars[$key] = utf8_normalize_nfc(request_var($key, array(0 => ''), true));
 
 					if (!$cp->vars[$key] && $action == 'edit')
 					{
@@ -542,7 +547,7 @@ class acp_profile
 					}
 					else if ($key == 'l_lang_options' && $field_type == FIELD_BOOL)
 					{
-						$cp->vars[$key] = request_var($key, array(0 => array('')), true);
+						$cp->vars[$key] = utf8_normalize_nfc(request_var($key, array(0 => array('')), true));
 					}
 					else if ($key == 'l_lang_options' && is_array($cp->vars[$key]))
 					{
@@ -631,10 +636,25 @@ class acp_profile
 							$cp->vars['columns'] = request_var('columns', 0);
 							$_new_key_ary[$key] = $cp->vars['rows'] . '|' . $cp->vars['columns'];
 						}
-						if ($field_type == FIELD_BOOL && $key == 'l_lang_options' && isset($_REQUEST['l_lang_options']))
+						else if ($field_type == FIELD_DATE && $key == 'field_default_value')
 						{
-							$_new_key_ary[$key] = request_var($key, array(array('')), true);
+							$always_now = request_var('always_now', 0);
 
+							if ($always_now)
+							{
+								$_new_key_ary[$key] = 'now';
+							}
+							else if (isset($_REQUEST['field_default_value_day']))
+							{
+								$cp->vars['field_default_value_day'] = request_var('field_default_value_day', 0);
+								$cp->vars['field_default_value_month'] = request_var('field_default_value_month', 0);
+								$cp->vars['field_default_value_year'] = request_var('field_default_value_year', 0);
+								$_new_key_ary[$key]  = sprintf('%2d-%2d-%4d', $cp->vars['field_default_value_day'], $cp->vars['field_default_value_month'], $cp->vars['field_default_value_year']);
+							}
+						}
+						else if ($field_type == FIELD_BOOL && $key == 'l_lang_options' && isset($_REQUEST['l_lang_options']))
+						{
+							$_new_key_ary[$key] = utf8_normalize_nfc(request_var($key, array(array('')), true));
 						}
 						else
 						{
@@ -644,7 +664,7 @@ class acp_profile
 							}
 							else
 							{
-								$_new_key_ary[$key] = (is_array($_REQUEST[$key])) ? request_var($key, array(''), true) : request_var($key, '', true);
+								$_new_key_ary[$key] = (is_array($_REQUEST[$key])) ? utf8_normalize_nfc(request_var($key, array(''), true)) : utf8_normalize_nfc(request_var($key, '', true));
 							}
 						}
 					}
@@ -744,7 +764,7 @@ class acp_profile
 						
 						$template->assign_vars(array(
 							'S_STEP_TWO'		=> true,
-							'L_NEXT'			=> (sizeof($this->lang_defs['iso']) == 1) ? $user->lang['SAVE'] : $user->lang['PROFILE_LANG_OPTIONS'])
+							'L_NEXT_STEP'			=> (sizeof($this->lang_defs['iso']) == 1) ? $user->lang['SAVE'] : $user->lang['PROFILE_LANG_OPTIONS'])
 						);
 
 						// Build options based on profile type
@@ -915,11 +935,10 @@ class acp_profile
 			$lang_options[$lang_id]['lang_iso'] = $lang_iso;
 			foreach ($options as $field => $field_type)
 			{
-				$value = ($action == 'create') ? request_var('l_' . $field, array(0 => ''), true) : $cp->vars['l_' . $field];
-				
+				$value = ($action == 'create') ? utf8_normalize_nfc(request_var('l_' . $field, array(0 => ''), true)) : $cp->vars['l_' . $field];
 				if ($field == 'lang_options')
 				{
-					$var = ($action == 'create' || !is_array($cp->vars['l_lang_options'][$lang_id])) ? $cp->vars['lang_options'] : $cp->vars['lang_options'][$lang_id];
+					$var = (!isset($cp->vars['l_lang_options'][$lang_id]) || !is_array($cp->vars['l_lang_options'][$lang_id])) ? $cp->vars['lang_options'] : $cp->vars['l_lang_options'][$lang_id];
 					
 					switch ($field_type)
 					{
@@ -934,10 +953,10 @@ class acp_profile
 						break;
 
 						case 'optionfield':
-
+							$value = ((isset($value[$lang_id])) ? ((is_array($value[$lang_id])) ?  implode("\n", $value[$lang_id]) : $value[$lang_id]) : implode("\n", $var));
 							$lang_options[$lang_id]['fields'][$field] = array(
 								'TITLE'		=> $user->lang['CP_' . strtoupper($field)],
-								'FIELD'		=> '<dd><textarea name="l_' . $field . '[' . $lang_id . ']" rows="7" cols="80">' . ((isset($value[$lang_id])) ? implode("\n", $value[$lang_id]) : implode("\n", $var)) . '</textarea></dd>'
+								'FIELD'		=> '<dd><textarea name="l_' . $field . '[' . $lang_id . ']" rows="7" cols="80">' . $value . '</textarea></dd>'
 							);
 						break;
 					}
@@ -1087,17 +1106,23 @@ class acp_profile
 		}
 
 		// These are always arrays because the key is the language id...
-		$cp->vars['l_lang_name']			= request_var('l_lang_name', array(0 => ''), true);
-		$cp->vars['l_lang_explain']			= request_var('l_lang_explain', array(0 => ''), true);
-		$cp->vars['l_lang_default_value']	= request_var('l_lang_default_value', array(0 => ''), true);
+		$cp->vars['l_lang_name']			= utf8_normalize_nfc(request_var('l_lang_name', array(0 => ''), true));
+		$cp->vars['l_lang_explain']			= utf8_normalize_nfc(request_var('l_lang_explain', array(0 => ''), true));
+		$cp->vars['l_lang_default_value']	= utf8_normalize_nfc(request_var('l_lang_default_value', array(0 => ''), true));
+
 		if ($field_type != FIELD_BOOL)
 		{
-			$cp->vars['l_lang_options']			= request_var('l_lang_options', array(0 => ''), true);
+			$cp->vars['l_lang_options']			= utf8_normalize_nfc(request_var('l_lang_options', array(0 => ''), true));
 		}
 		else
 		{
+			/**
+			* @todo check if this line is correct...
 			$cp->vars['l_lang_default_value']	= request_var('l_lang_default_value', array(0 => array('')), true);
+			*/
+			$cp->vars['l_lang_options']	= utf8_normalize_nfc(request_var('l_lang_options', array(0 => array('')), true));
 		}
+
 		if ($cp->vars['lang_options'])
 		{
 			if (!is_array($cp->vars['lang_options']))

phpBB/includes/acp/acp_prune.php

@@ -307,7 +307,7 @@ class acp_prune
 					'mode'			=> $mode,
 					'prune'			=> 1,
 
-					'users'			=> request_var('users', ''),
+					'users'			=> request_var('users', '', true),
 					'username'		=> request_var('username', '', true),
 					'email'			=> request_var('email', ''),
 					'joined_select'	=> request_var('joined_select', ''),

phpBB/includes/acp/acp_ranks.php

@@ -35,7 +35,7 @@ class acp_ranks
 		{
 			case 'save':
 				
-				$rank_title = request_var('title', '', true);
+				$rank_title = utf8_normalize_nfc(request_var('title', '', true));
 				$special_rank = request_var('special_rank', 0);
 				$min_posts = ($special_rank) ? 0 : request_var('min_posts', 0);
 				$rank_image = request_var('rank_image', '');
@@ -143,11 +143,12 @@ class acp_ranks
 				$db->sql_freeresult($result);
 
 				$imglist = filelist($phpbb_root_path . $config['ranks_path'], '');
-
 				$edit_img = $filename_list = '';
 
 				foreach ($imglist as $path => $img_ary)
 				{
+					sort($img_ary);
+
 					foreach ($img_ary as $img)
 					{
 						$img = $path . $img; 
@@ -202,7 +203,7 @@ class acp_ranks
 
 		$sql = 'SELECT *
 			FROM ' . RANKS_TABLE . '
-			ORDER BY rank_min ASC, rank_special ASC, rank_title ASC';
+			ORDER BY rank_special DESC, rank_min ASC, rank_title ASC';
 		$result = $db->sql_query($sql);
 
 		while ($row = $db->sql_fetchrow($result))

phpBB/includes/acp/acp_reasons.php

@@ -38,8 +38,8 @@ class acp_reasons
 			case 'edit':
 
 				$reason_row = array(
-					'reason_title'			=> request_var('reason_title', '', true),
-					'reason_description'	=> request_var('reason_description', '', true)
+					'reason_title'			=> utf8_normalize_nfc(request_var('reason_title', '', true)),
+					'reason_description'	=> utf8_normalize_nfc(request_var('reason_description', '', true)),
 				);
 
 				if ($submit)

phpBB/includes/acp/acp_styles.php

@@ -412,11 +412,11 @@ parse_css_file = {PARSE_CSS_FILE}
 									if (in_array($image_name, $imageset_definitions))
 									{
 										$sql_ary[] = array(
-											'image_name'		=> $image_name,
-											'image_filename'	=> $image_filename,
+											'image_name'		=> (string) $image_name,
+											'image_filename'	=> (string) $image_filename,
 											'image_height'		=> (int) $image_height,
 											'image_width'		=> (int) $image_width,
-											'imageset_id'		=> $style_id,
+											'imageset_id'		=> (int) $style_id,
 											'image_lang'		=> '',
 										);
 									}
@@ -458,12 +458,12 @@ parse_css_file = {PARSE_CSS_FILE}
 											if (in_array($image_name, $imageset_definitions))
 											{
 												$sql_ary[] = array(
-													'image_name'		=> $image_name,
-													'image_filename'	=> $image_filename,
-													'image_height'		=> $image_height,
-													'image_width'		=> $image_width,
-													'imageset_id'		=> $style_id,
-													'image_lang'		=> $row['lang_dir'],
+													'image_name'		=> (string) $image_name,
+													'image_filename'	=> (string) $image_filename,
+													'image_height'		=> (int) $image_height,
+													'image_width'		=> (int) $image_width,
+													'imageset_id'		=> (int) $style_id,
+													'image_lang'		=> (string) $row['lang_dir'],
 												);
 											}
 										}
@@ -670,7 +670,7 @@ parse_css_file = {PARSE_CSS_FILE}
 		$_POST['template_data'] = (isset($_POST['template_data']) && !empty($_POST['template_data'])) ? str_replace(array("\r\n", "\r"), array("\n", "\n"), $_POST['template_data']) : '';
 
 		$template_data	= (STRIP) ? stripslashes($_POST['template_data']) : $_POST['template_data'];
-		$template_file	= request_var('template_file', '', true);
+		$template_file	= utf8_normalize_nfc(request_var('template_file', '', true));
 		$text_rows		= max(5, min(999, request_var('text_rows', 20)));
 		$save_changes	= (isset($_POST['save'])) ? true : false;
 
@@ -700,7 +700,7 @@ parse_css_file = {PARSE_CSS_FILE}
 			// If the template is stored on the filesystem try to write the file else store it in the database
 			if (!$safe_mode && !$template_info['template_storedb'] && file_exists($file) && @is_writable($file))
 			{
-				if (!($fp = fopen($file, 'wb')))
+				if (!($fp = @fopen($file, 'wb')))
 				{
 					trigger_error($user->lang['NO_TEMPLATE'] . adm_back_link($this->u_action), E_USER_WARNING);
 				}
@@ -1025,7 +1025,7 @@ parse_css_file = {PARSE_CSS_FILE}
 		$_POST['template_data'] = (isset($_POST['template_data']) && !empty($_POST['template_data'])) ? str_replace(array("\r\n", "\r"), array("\n", "\n"), $_POST['template_data']) : '';
 
 		$theme_data	= (STRIP) ? stripslashes($_POST['template_data']) : $_POST['template_data'];
-		$theme_file	= request_var('template_file', '', true);
+		$theme_file	= utf8_normalize_nfc(request_var('template_file', '', true));
 		$text_rows		= max(5, min(999, request_var('text_rows', 20)));
 		$save_changes	= (isset($_POST['save'])) ? true : false;
 
@@ -1055,7 +1055,7 @@ parse_css_file = {PARSE_CSS_FILE}
 			// If the theme is stored on the filesystem try to write the file else store it in the database
 			if (!$safe_mode && !$theme_info['theme_storedb'] && file_exists($file) && @is_writable($file))
 			{
-				if (!($fp = fopen($file, 'wb')))
+				if (!($fp = @fopen($file, 'wb')))
 				{
 					trigger_error($user->lang['NO_THEME'] . adm_back_link($this->u_action), E_USER_WARNING);
 				}
@@ -1351,7 +1351,7 @@ parse_css_file = {PARSE_CSS_FILE}
 		{
 			while (($file = readdir($dp)) !== false)
 			{
-				if (!is_file($dir . '/' . $file) && !is_link($dir . '/' . $file) && $file[0] != '.' && strtoupper($file) != 'CVS')
+				if ($file[0] != '.' && strtoupper($file) != 'CVS' && !is_file($dir . '/' . $file) && !is_link($dir . '/' . $file))
 				{
 					$langs[] = $file;
 				}
@@ -1847,6 +1847,54 @@ parse_css_file = {PARSE_CSS_FILE}
 					'prefix'	=> 'imageset/imageset.cfg'
 				);
 
+				end($data);
+
+				$imageset_root = "{$phpbb_root_path}styles/{$style_row['imageset_path']}/imageset/";
+
+				$dh = @opendir($imageset_root);
+				while (($fname = readdir($dh)) !== false)
+				{
+					if ($fname[0] != '.' && $fname != 'CVS' && is_dir("$imageset_root$fname"))
+					{
+						$files[key($files)]['exclude'] .= ',' . $fname . '/imageset.cfg';
+					}
+				}
+				@closedir($dh);
+
+				$imageset_lang = array();
+
+				$sql = 'SELECT image_filename, image_name, image_height, image_width, image_lang
+					FROM ' . STYLES_IMAGESET_DATA_TABLE . "
+					WHERE imageset_id = $style_id
+						AND image_lang <> ''";
+				$result = $db->sql_query($sql);
+				while ($row = $db->sql_fetchrow($result))
+				{
+					$imageset_lang[$row['image_lang']][$row['image_name']] = $row['image_filename'] . ($row['image_height'] ? '*' . $row['image_height']: '') . ($row['image_width'] ? '*' . $row['image_width']: '');
+				}
+				$db->sql_freeresult($result);
+
+				foreach ($imageset_lang as $lang => $imageset_localized)
+				{
+					$imageset_cfg = str_replace(array('{MODE}', '{NAME}', '{COPYRIGHT}', '{VERSION}'), array($mode, $style_row['imageset_name'], $style_row['imageset_copyright'], $config['version']), $this->imageset_cfg);
+
+					foreach ($this->imageset_keys as $topic => $key_array)
+					{
+						foreach ($key_array as $key)
+						{
+							if (isset($imageset_localized[$key]))
+							{
+								$imageset_cfg .= "\nimg_" . $key . ' = ' . str_replace("styles/{$style_row['imageset_path']}/imageset/", '{PATH}', $imageset_localized[$key]);
+							}
+						}
+					}
+
+					$data[] = array(
+						'src'		=> trim($imageset_cfg),
+						'prefix'	=> 'imageset/' . $lang . '/imageset.cfg'
+					);
+				}
+
 				unset($imageset_cfg);
 			}
 
@@ -2016,8 +2064,8 @@ parse_css_file = {PARSE_CSS_FILE}
 
 		if ($update)
 		{
-			$name = request_var('name', '');
-			$copyright = request_var('copyright', '', true);
+			$name = utf8_normalize_nfc(request_var('name', '', true));
+			$copyright = utf8_normalize_nfc(request_var('copyright', '', true));
 
 			$template_id = request_var('template_id', 0);
 			$theme_id = request_var('theme_id', 0);
@@ -2051,6 +2099,18 @@ parse_css_file = {PARSE_CSS_FILE}
 					$error[] = $user->lang['EDIT_' . strtoupper($mode) . '_STORED_DB'];
 					$store_db = 1;
 				}
+
+				// themes which have to be parsed have to go into db
+				if ($mode == 'theme')
+				{
+					$cfg = parse_cfg_file("{$phpbb_root_path}styles/" . $style_row["{$mode}_path"] . "/theme/theme.cfg");
+
+					if (isset($cfg['parse_css_file']) && $cfg['parse_css_file'])
+					{
+						$error[] = $user->lang['EDIT_THEME_STORE_PARSED'];
+						$store_db = 1;
+					}
+				}
 			}
 			
 			if (!sizeof($error))
@@ -2344,7 +2404,7 @@ parse_css_file = {PARSE_CSS_FILE}
 		{
 			foreach ($file_ary as $file)
 			{
-				if (!($fp = fopen("{$phpbb_root_path}styles/$template_path$pathfile$file", 'r')))
+				if (!($fp = @fopen("{$phpbb_root_path}styles/$template_path$pathfile$file", 'r')))
 				{
 					trigger_error("Could not open {$phpbb_root_path}styles/$template_path$pathfile$file", E_USER_ERROR);
 				}
@@ -2417,6 +2477,11 @@ parse_css_file = {PARSE_CSS_FILE}
 		$file_ary = array();
 		while ($file = readdir($dp))
 		{
+			if ($file[0] == '.')
+			{
+				continue;
+			}
+
 			if (is_file($phpbb_root_path . 'cache/' . $file) && (strpos($file, $cache_prefix) === 0))
 			{
 				$file_ary[] = str_replace('.', '/', preg_replace('#^' . preg_quote($cache_prefix, '#') . '_(.*?)\.html\.' . $phpEx . '$#i', '\1', $file));
@@ -2635,8 +2700,8 @@ parse_css_file = {PARSE_CSS_FILE}
 		$error = array();
 
 		$style_row = array(
-			$mode . '_name'			=> request_var('name', ''),
-			$mode . '_copyright'	=> request_var('copyright', '', true),
+			$mode . '_name'			=> utf8_normalize_nfc(request_var('name', '', true)),
+			$mode . '_copyright'	=> utf8_normalize_nfc(request_var('copyright', '', true)),
 			'template_id'			=> 0,
 			'theme_id'				=> 0,
 			'imageset_id'			=> 0,

phpBB/includes/acp/acp_users.php

@@ -30,11 +30,8 @@ class acp_users
 		$this->tpl_name = 'acp_users';
 		$this->page_title = 'ACP_USER_' . strtoupper($mode);
 
-		include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
-		include($phpbb_root_path . 'includes/functions_profile_fields.' . $phpEx);
-
 		$error		= array();
-		$username	= request_var('username', '', true);
+		$username	= utf8_normalize_nfc(request_var('username', '', true));
 		$user_id	= request_var('u', 0);
 		$action		= request_var('action', '');
 
@@ -43,6 +40,8 @@ class acp_users
 		// Whois (special case)
 		if ($action == 'whois')
 		{
+			include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
+
 			$this->page_title = 'WHOIS';
 			$this->tpl_name = 'simple_body';
 
@@ -148,6 +147,8 @@ class acp_users
 		{
 			case 'overview':
 
+				include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
+
 				$user->add_lang('acp/ban');
 
 				$delete			= request_var('delete', 0);
@@ -248,8 +249,8 @@ class acp_users
 								break;
 							}
 
-							$ban_reason = request_var('ban_reason', $user->lang[$reason], true);
-							$ban_give_reason = request_var('ban_give_reason', '', true);
+							$ban_reason = utf8_normalize_nfc(request_var('ban_reason', $user->lang[$reason], true));
+							$ban_give_reason = utf8_normalize_nfc(request_var('ban_give_reason', '', true));
 
 							// Log not used at the moment, we simply utilize the ban function.
 							$result = user_ban(substr($action, 3), $ban, 0, 0, 0, $ban_reason, $ban_give_reason);
@@ -598,7 +599,7 @@ class acp_users
 
 					// Handle registration info updates
 					$data = array(
-						'username'			=> request_var('user', $user_row['username'], true),
+						'username'			=> utf8_normalize_nfc(request_var('user', $user_row['username'], true)),
 						'user_founder'		=> request_var('user_founder', ($user_row['user_type'] == USER_FOUNDER) ? 1 : 0),
 						'email'				=> strtolower(request_var('user_email', $user_row['user_email'])),
 						'email_confirm'		=> strtolower(request_var('email_confirm', '')),
@@ -867,7 +868,7 @@ class acp_users
 				$deletemark = (isset($_POST['delmarked'])) ? true : false;
 				$deleteall	= (isset($_POST['delall'])) ? true : false;
 				$marked		= request_var('mark', array(0));
-				$message	= request_var('message', '', true);
+				$message	= utf8_normalize_nfc(request_var('message', '', true));
 
 				// Sort keys
 				$sort_days	= request_var('st', 0);
@@ -952,6 +953,9 @@ class acp_users
 
 			case 'profile':
 
+				include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
+				include($phpbb_root_path . 'includes/functions_profile_fields.' . $phpEx);
+
 				$cp = new custom_profile();
 
 				$cp_data = $cp_error = array();
@@ -1147,8 +1151,10 @@ class acp_users
 
 			case 'prefs':
 
+				include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
+
 				$data = array(
-					'dateformat'		=> request_var('dateformat', $user_row['user_dateformat'], true),
+					'dateformat'		=> utf8_normalize_nfc(request_var('dateformat', $user_row['user_dateformat'], true)),
 					'lang'				=> basename(request_var('lang', $user_row['user_lang'])),
 					'tz'				=> request_var('tz', (float) $user_row['user_timezone']),
 					'style'				=> request_var('style', $user_row['user_style']),
@@ -1352,6 +1358,7 @@ class acp_users
 			case 'avatar':
 
 				include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
+				include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
 
 				$can_upload = (file_exists($phpbb_root_path . $config['avatar_path']) && @is_writable($phpbb_root_path . $config['avatar_path']) && $file_uploads) ? true : false;
 
@@ -1546,10 +1553,9 @@ class acp_users
 
 						delete_attachments('attach', $marked);
 
-						$log = (sizeof($log_attachments) == 1) ? 'ATTACHMENT_DELETED' : 'ATTACHMENTS_DELETED';
 						$message = (sizeof($log_attachments) == 1) ? $user->lang['ATTACHMENT_DELETED'] : $user->lang['ATTACHMENTS_DELETED'];
 
-						add_log('admin', $log, implode(', ', $log_attachments));
+						add_log('admin', 'LOG_ATTACHMENTS_DELETED', implode(', ', $log_attachments));
 						trigger_error($message . adm_back_link($this->u_action . '&u=' . $user_id));
 					}
 					else
@@ -1653,6 +1659,8 @@ class acp_users
 		
 			case 'groups':
 
+				include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
+
 				$user->add_lang(array('groups', 'acp/groups'));
 				$group_id = request_var('g', 0);
 

phpBB/includes/acp/auth.php

@@ -469,13 +469,16 @@ class auth_admin extends auth
 					'S_GROUP_MODE'	=> ($user_mode == 'group') ? true : false)
 				);
 
-				foreach ($content_array as $ug_id => $ug_array)
+				@reset($content_array);
+				while (list($ug_id, $ug_array) = each($content_array))
 				{
 					// Build role dropdown options
 					$current_role_id = (isset($cur_roles[$ug_id][$forum_id])) ? $cur_roles[$ug_id][$forum_id] : 0;
 
 					$s_role_options = '';
-					foreach ($roles as $role_id => $role_row)
+
+					@reset($roles);
+					while (list($role_id, $role_row) = each($roles))
 					{
 						$role_description = (!empty($user->lang[$role_row['role_description']])) ? $user->lang[$role_row['role_description']] : nl2br($role_row['role_description']);
 						$role_name = (!empty($user->lang[$role_row['role_name']])) ? $user->lang[$role_row['role_name']] : $role_row['role_name'];
@@ -489,10 +492,29 @@ class auth_admin extends auth
 						$s_role_options = '<option value="0"' . ((!$current_role_id) ? ' selected="selected"' : '') . ' title="' . htmlspecialchars($user->lang['NO_ROLE_ASSIGNED_EXPLAIN']) . '">' . $user->lang['NO_ROLE_ASSIGNED'] . '</option>' . $s_role_options;
 					}
 
+					if (!$current_role_id && $mode != 'view')
+					{
+						$s_custom_permissions = false;
+
+						foreach ($ug_array as $key => $value)
+						{
+							if ($value['S_NEVER'] || $value['S_YES'])
+							{
+								$s_custom_permissions = true;
+								break;
+							}
+						}
+					}
+					else
+					{
+						$s_custom_permissions = false;
+					}
+
 					$template->assign_block_vars($tpl_pmask . '.' . $tpl_fmask, array(
 						'NAME'				=> $ug_names_ary[$ug_id],
 						'S_ROLE_OPTIONS'	=> $s_role_options,
 						'UG_ID'				=> $ug_id,
+						'S_CUSTOM'			=> $s_custom_permissions,
 						'FORUM_ID'			=> $forum_id)
 					);
 
@@ -556,10 +578,29 @@ class auth_admin extends auth
 						$s_role_options = '<option value="0"' . ((!$current_role_id) ? ' selected="selected"' : '') . ' title="' . htmlspecialchars($user->lang['NO_ROLE_ASSIGNED_EXPLAIN']) . '">' . $user->lang['NO_ROLE_ASSIGNED'] . '</option>' . $s_role_options;
 					}
 
+					if (!$current_role_id && $mode != 'view')
+					{
+						$s_custom_permissions = false;
+
+						foreach ($forum_array as $key => $value)
+						{
+							if ($value['S_NEVER'] || $value['S_YES'])
+							{
+								$s_custom_permissions = true;
+								break;
+							}
+						}
+					}
+					else
+					{
+						$s_custom_permissions = false;
+					}
+
 					$template->assign_block_vars($tpl_pmask . '.' . $tpl_fmask, array(
 						'NAME'				=> ($forum_id == 0) ? $forum_names_ary[0] : $forum_names_ary[$forum_id]['forum_name'],
 						'PADDING'			=> ($forum_id == 0) ? '' : $forum_names_ary[$forum_id]['padding'],
 						'S_ROLE_OPTIONS'	=> $s_role_options,
+						'S_CUSTOM'			=> $s_custom_permissions,
 						'UG_ID'				=> $ug_id,
 						'FORUM_ID'			=> $forum_id)
 					);
@@ -591,13 +632,14 @@ class auth_admin extends auth
 			ORDER BY left_id';
 		$result = $db->sql_query($sql);
 
-		$forum_names = array(0 => '');
+		// If the role is used globally, then reflect that
+		$forum_names = (isset($hold_ary[0])) ? array(0 => '') : array();
 		while ($row = $db->sql_fetchrow($result))
 		{
 			$forum_names[$row['forum_id']] = $row['forum_name'];
 		}
 		$db->sql_freeresult($result);
-
+ 
 		foreach ($forum_names as $forum_id => $forum_name)
 		{
 			$auth_ary = $hold_ary[$forum_id];
@@ -723,7 +765,7 @@ class auth_admin extends auth
 			foreach ($option_ary as $option)
 			{
 				$sql_ary[] = array(
-					'auth_option'	=> $option,
+					'auth_option'	=> (string) $option,
 					'is_global'		=> ($type == 'global' || $type == 'local_global') ? 1 : 0,
 					'is_local'		=> ($type == 'local' || $type == 'local_global') ? 1 : 0
 				);
@@ -779,7 +821,7 @@ class auth_admin extends auth
 		}
 
 		// Remove current auth options...
-		$auth_option_ids = array();
+		$auth_option_ids = array((int)$any_option_id);
 		foreach ($auth as $auth_option => $auth_setting)
 		{
 			$auth_option_ids[] = (int) $this->option_ids[$auth_option];
@@ -788,7 +830,7 @@ class auth_admin extends auth
 		$sql = "DELETE FROM $table
 			WHERE $forum_sql
 				AND $ug_id_sql
-				AND auth_option_id IN ($any_option_id, " . implode(', ', $auth_option_ids) . ')';
+				AND " . $db->sql_in_set('auth_option_id', $auth_option_ids);
 		$db->sql_query($sql);
 
 		// Remove those having a role assigned... the correct type of course...
@@ -837,7 +879,7 @@ class auth_admin extends auth
 						'forum_id'			=> (int) $forum,
 						'auth_option_id'	=> 0,
 						'auth_setting'		=> 0,
-						'auth_role_id'		=> $role_id
+						'auth_role_id'		=> (int) $role_id,
 					);
 				}
 			}
@@ -918,7 +960,7 @@ class auth_admin extends auth
 		{
 			$sql_ary[] = array(
 				'role_id'			=> (int) $role_id,
-				'auth_option_id'	=> $this->option_ids[$flag],
+				'auth_option_id'	=> (int) $this->option_ids[$flag],
 				'auth_setting'		=> ACL_NEVER
 			);
 		}

phpBB/includes/auth.php

@@ -345,6 +345,37 @@ class auth
 			}
 		}
 
+		// Sometimes, it can happen $hold_ary holding forums which do not exist.
+		// Since this function is not called that often (we are caching the data) we check for this inconsistency.
+		$sql = 'SELECT forum_id
+			FROM ' . FORUMS_TABLE . '
+			WHERE ' . $db->sql_in_set('forum_id', array_keys($hold_ary));
+		$result = $db->sql_query($sql);
+
+		$forum_ids = (isset($hold_ary[0])) ? array(0) : array();
+		while ($row = $db->sql_fetchrow($result))
+		{
+			$forum_ids[] = $row['forum_id'];
+		}
+		$db->sql_freeresult($result);
+
+		// Now determine forums which do not exist and remove the unneeded information (for modding purposes it is clearly the wrong place. ;))
+		$missing_forums = array_diff(array_keys($hold_ary), $forum_ids);
+
+		if (sizeof($missing_forums))
+		{
+			foreach ($missing_forums as $forum_id)
+			{
+				unset($hold_ary[$forum_id]);
+			}
+
+			$sql = 'DELETE FROM ' . ACL_GROUPS_TABLE . ' WHERE ' . $db->sql_in_set('forum_id', $missing_forums);
+			$db->sql_query($sql);
+
+			$sql = 'DELETE FROM ' . ACL_USERS_TABLE . ' WHERE ' . $db->sql_in_set('forum_id', $missing_forums);
+			$db->sql_query($sql);
+		}
+
 		$hold_str = $this->build_bitstring($hold_ary);
 
 		if ($hold_str)

phpBB/includes/db/dbal.php

@@ -534,7 +534,7 @@ class dbal
 			// Show complete SQL error and path to administrators only
 			// Additionally show complete error on installation or if extended debug mode is enabled
 			// The DEBUG_EXTRA constant is for development only!
-			if (isset($auth) && ($auth->acl_get('a_') || defined('IN_INSTALL') || defined('DEBUG_EXTRA')))
+			if ((isset($auth) && $auth->acl_get('a_')) || defined('IN_INSTALL') || defined('DEBUG_EXTRA'))
 			{
 				// Print out a nice backtrace...
 				$backtrace = get_backtrace();

phpBB/includes/db/oracle.php

@@ -239,7 +239,7 @@ class dbal_oracle extends dbal
 						if (strlen($regs[3]) > 4000)
 						{
 							$cols = explode(', ', $regs[2]);
-							preg_match_all('/\'(?:[^\']++|\'\')*+\'|\[\d-.]+/', $regs[3], $vals, PREG_PATTERN_ORDER);
+							preg_match_all('/\'(?:[^\']++|\'\')*+\'|[\d-.]+/', $regs[3], $vals, PREG_PATTERN_ORDER);
 
 							$inserts = $vals[0];
 							unset($vals);

phpBB/includes/functions.php

@@ -577,7 +577,7 @@ if (!function_exists('realpath'))
 			$bits = explode('/', $path);
 
 			// Remove any . in the path, renumber array for the loop below
-			$bits = array_keys(array_diff($bits, array('.')));
+			$bits = array_values(array_diff($bits, array('.')));
 
 			// Lets get looping, run over and resolve any .. (up directory)
 			for ($i = 0, $max = sizeof($bits); $i < $max; $i++)
@@ -789,6 +789,8 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $
 				$tracking_topics['l'] = base_convert(time() - $config['board_startdate'], 10, 36);
 	
 				$user->set_cookie('track', tracking_serialize($tracking_topics), time() + 31536000);
+				$_COOKIE[$config['cookie_name'] . '_track'] = (STRIP) ? addslashes(tracking_serialize($tracking_topics)) : tracking_serialize($tracking_topics);
+
 				unset($tracking_topics);
 
 				if ($user->data['is_registered'])
@@ -846,8 +848,8 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $
 				foreach ($sql_insert as $f_id)
 				{
 					$sql_ary[] = array(
-						'user_id'	=> $user->data['user_id'],
-						'forum_id'	=> $f_id,
+						'user_id'	=> (int) $user->data['user_id'],
+						'forum_id'	=> (int) $f_id,
 						'mark_time'	=> time()
 					);
 				}
@@ -882,7 +884,14 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $
 				$tracking['f'][$f_id] = base_convert(time() - $config['board_startdate'], 10, 36);
 			}
 
+			if (isset($tracking['tf']) && empty($tracking['tf']))
+			{
+				unset($tracking['tf']);
+			}
+
 			$user->set_cookie('track', tracking_serialize($tracking), time() + 31536000);
+			$_COOKIE[$config['cookie_name'] . '_track'] = (STRIP) ? addslashes(tracking_serialize($tracking)) : tracking_serialize($tracking);
+
 			unset($tracking);
 		}
 
@@ -909,10 +918,10 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $
 				$db->sql_return_on_error(true);
 
 				$sql_ary = array(
-					'user_id'		=> $user->data['user_id'],
-					'topic_id'		=> $topic_id,
+					'user_id'		=> (int) $user->data['user_id'],
+					'topic_id'		=> (int) $topic_id,
 					'forum_id'		=> (int) $forum_id,
-					'mark_time'		=> ($post_time) ? $post_time : time(),
+					'mark_time'		=> ($post_time) ? (int) $post_time : time(),
 				);
 
 				$db->sql_query('INSERT INTO ' . TOPICS_TRACK_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary));
@@ -977,6 +986,7 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $
 			}
 
 			$user->set_cookie('track', tracking_serialize($tracking), time() + 31536000);
+			$_COOKIE[$config['cookie_name'] . '_track'] = (STRIP) ? addslashes(tracking_serialize($tracking)) : tracking_serialize($tracking);
 		}
 
 		return;
@@ -995,8 +1005,8 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $
 			$db->sql_return_on_error(true);
 
 			$sql_ary = array(
-				'user_id'		=> $use_user_id,
-				'topic_id'		=> $topic_id,
+				'user_id'		=> (int) $use_user_id,
+				'topic_id'		=> (int) $topic_id,
 				'topic_posted'	=> 1
 			);
 
@@ -1241,11 +1251,8 @@ function update_forum_tracking_info($forum_id, $forum_last_post_time, $f_mark_ti
 		}
 		else if ($config['load_anon_lastread'] || $user->data['is_registered'])
 		{
-			if (!isset($tracking_topics) || !sizeof($tracking_topics))
-			{
-				$tracking_topics = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : '';
-				$tracking_topics = ($tracking_topics) ? tracking_unserialize($tracking_topics) : array();
-			}
+			$tracking_topics = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : '';
+			$tracking_topics = ($tracking_topics) ? tracking_unserialize($tracking_topics) : array();
 
 			if (!$user->data['is_registered'])
 			{
@@ -1300,6 +1307,7 @@ function update_forum_tracking_info($forum_id, $forum_last_post_time, $f_mark_ti
 
 			$check_forum = $tracking_topics['tf'][$forum_id];
 			$unread = false;
+
 			while ($row = $db->sql_fetchrow($result))
 			{
 				if (!in_array(base_convert($row['topic_id'], 10, 36), array_keys($check_forum)))
@@ -2235,7 +2243,6 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
 		'U_PRIVACY'				=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=privacy'),
 
 		'S_DISPLAY_FULL_LOGIN'	=> ($s_display) ? true : false,
-		'S_AUTOLOGIN_ENABLED'	=> ($config['allow_autologin']) ? true : false,
 		'S_LOGIN_ACTION'		=> (!$admin) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=login') : append_sid("index.$phpEx", false, true, $user->session_id), // Needs to stay index.$phpEx because we are within the admin directory
 		'S_HIDDEN_FIELDS' 		=> $s_hidden_fields,
 
@@ -2387,7 +2394,7 @@ function get_context($text, $words, $length = 400)
 			{
 				if (preg_match('#(?:[^\w]|^)(' . $word . ')(?:[^\w]|$)#i', $text, $match))
 				{
-					$pos = strpos($text, $match[1]);
+					$pos = utf8_strpos($text, $match[1]);
 					if ($pos !== false)
 					{
 						$word_indizes[] = $pos;
@@ -2410,21 +2417,21 @@ function get_context($text, $words, $length = 400)
 			$final_text_index = -1;
 
 			// cycle through every character in the original text
-			for ($i = $word_indizes[$word], $n = strlen($text); $i < $n; $i++)
+			for ($i = $word_indizes[$word], $n = utf8_strlen($text); $i < $n; $i++)
 			{
 				// if the current position is the start of one of the words then append $sequence_length characters to the final text
 				if (isset($word_indizes[$word]) && ($i == $word_indizes[$word]))
 				{
 					if ($final_text_index < $i - $sequence_length - 1)
 					{
-						$final_text .= '... ' . preg_replace('#^([^ ]*)#', '', substr($text, $i - $sequence_length, $sequence_length));
+						$final_text .= '... ' . preg_replace('#^([^ ]*)#', '', utf8_substr($text, $i - $sequence_length, $sequence_length));
 					}
 					else
 					{
 						// if the final text is already nearer to the current word than $sequence_length we only append the text
 						// from its current index on and distribute the unused length to all other sequenes
 						$sequence_length += (int) (($final_text_index - $i + $sequence_length + 1) / (2 * $wordnum));
-						$final_text .= substr($text, $final_text_index + 1, $i - $final_text_index - 1);
+						$final_text .= utf8_substr($text, $final_text_index + 1, $i - $final_text_index - 1);
 					}
 					$final_text_index = $i - 1;
 
@@ -2436,17 +2443,17 @@ function get_context($text, $words, $length = 400)
 				if ($j > 0)
 				{
 					// add the character to the final text and increment the sequence counter
-					$final_text .= $text[$i];
+					$final_text .= utf8_substr($text, $i, 1);
 					$final_text_index++;
 					$j++;
 
 					// if this is a whitespace then check whether we are done with this sequence
-					if ($text[$i] == ' ')
+					if (utf8_substr($text, $i, 1) == ' ')
 					{
 						// only check whether we have to exit the context generation completely if we haven't already reached the end anyway
 						if ($i + 4 < $n)
 						{
-							if (($j > $sequence_length && $word >= $wordnum) || strlen($final_text) > $length)
+							if (($j > $sequence_length && $word >= $wordnum) || utf8_strlen($final_text) > $length)
 							{
 								$final_text .= ' ...';
 								break;
@@ -2472,7 +2479,7 @@ function get_context($text, $words, $length = 400)
 
 	if (!sizeof($words) || !sizeof($word_indizes))
 	{
-		return (strlen($text) >= $length + 3) ? substr($text, 0, $length) . '...' : $text;
+		return (utf8_strlen($text) >= $length + 3) ? utf8_substr($text, 0, $length) . '...' : $text;
 	}
 }
 
@@ -4117,7 +4124,7 @@ function page_header($page_title = '', $display_online_list = true)
 		'UA_POPUP_PM'			=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&mode=popup', false),
 		'U_MEMBERLIST'			=> append_sid("{$phpbb_root_path}memberlist.$phpEx"),
 		'U_MEMBERSLIST'			=> append_sid("{$phpbb_root_path}memberlist.$phpEx"),
-		'U_VIEWONLINE'			=> append_sid("{$phpbb_root_path}viewonline.$phpEx"),
+		'U_VIEWONLINE'			=> ($auth->acl_gets('u_viewprofile', 'a_user', 'a_useradd', 'a_userdel')) ? append_sid("{$phpbb_root_path}viewonline.$phpEx") : '',
 		'U_LOGIN_LOGOUT'		=> $u_login_logout,
 		'U_INDEX'				=> append_sid("{$phpbb_root_path}index.$phpEx"),
 		'U_SEARCH'				=> append_sid("{$phpbb_root_path}search.$phpEx"),
@@ -4134,6 +4141,7 @@ function page_header($page_title = '', $display_online_list = true)
 		'U_RESTORE_PERMISSIONS'	=> ($user->data['user_perm_from'] && $auth->acl_get('a_switchperm')) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=restore_perm') : '',
 
 		'S_USER_LOGGED_IN'		=> ($user->data['user_id'] != ANONYMOUS) ? true : false,
+		'S_AUTOLOGIN_ENABLED'	=> ($config['allow_autologin']) ? true : false,
 		'S_BOARD_DISABLED'		=> ($config['board_disable']) ? true : false,
 		'S_REGISTERED_USER'		=> $user->data['is_registered'],
 		'S_IS_BOT'				=> $user->data['is_bot'],
@@ -4169,79 +4177,6 @@ function page_header($page_title = '', $display_online_list = true)
 		'SITE_LOGO_IMG'			=> $user->img('site_logo'))
 	);
 
-	// Once used, we do not want to have the whole theme data twice in memory...
-	if ($user->theme['theme_storedb'])
-	{
-		// Parse Theme Data
-		$replace = array(
-			'{T_THEME_PATH}'			=> "{$phpbb_root_path}styles/" . $user->theme['theme_path'] . '/theme',
-			'{T_TEMPLATE_PATH}'			=> "{$phpbb_root_path}styles/" . $user->theme['template_path'] . '/template',
-			'{T_IMAGESET_PATH}'			=> "{$phpbb_root_path}styles/" . $user->theme['imageset_path'] . '/imageset',
-			'{T_IMAGESET_LANG_PATH}'	=> "{$phpbb_root_path}styles/" . $user->theme['imageset_path'] . '/imageset/' . $user->data['user_lang'],
-			'{T_STYLESHEET_NAME}'		=> $user->theme['theme_name'],
-			'{S_USER_LANG}'				=> $user->data['user_lang']
-		);
-
-		$user->theme['theme_data'] = str_replace(array_keys($replace), array_values($replace), $user->theme['theme_data']);
-
-		$matches = array();
-		if (strpos($user->theme['theme_data'], '{IMG_') !== false)
-		{
-			preg_match_all('#\{IMG_([A-Za-z0-9_]*?)_(WIDTH|HEIGHT|SRC)\}#', $user->theme['theme_data'], $matches);
-
-			$imgs = $find = $replace = array();
-			if (isset($matches[0]) && sizeof($matches[0]))
-			{
-				foreach ($matches[1] as $i => $img)
-				{
-					$img = strtolower($img);
-					if (!isset($img_array[$img]))
-					{
-						continue;
-					}
-
-					if (!isset($imgs[$img]))
-					{
-						$img_data = &$img_array[$img];
-						$imgsrc = ($img_data['image_lang'] ? $img_data['image_lang'] . '/' : '') . $img_data['image_filename'];
-						$imgs[$img] = array(
-							'src'		=> $phpbb_root_path . 'styles/' . $user->theme['imageset_path'] . '/imageset/' . $imgsrc,
-							'width'		=> $img_data['image_width'],
-							'height'	=> $img_data['image_height'],
-						);
-					}
-
-					switch ($matches[2][$i])
-					{
-						case 'SRC':
-							$replace[] = $imgs[$img]['src'];
-						break;
-						
-						case 'WIDTH':
-							$replace[] = $imgs[$img]['width'];
-						break;
-			
-						case 'HEIGHT':
-							$replace[] = $imgs[$img]['height'];
-						break;
-
-						default:
-							continue;
-					}
-					$find[] = $matches[0][$i];
-				}
-
-				if (sizeof($find))
-				{
-					$user->theme['theme_data'] = str_replace($find, $replace, $user->theme['theme_data']);
-				}
-			}
-		}
-
-		$template->assign_var('T_THEME_DATA', $user->theme['theme_data']);
-		$user->theme['theme_data'] = '';
-	}
-
 	// application/xhtml+xml not used because of IE
 	header('Content-type: text/html; charset=UTF-8');
 
@@ -4294,11 +4229,11 @@ function page_footer($run_cron = true)
 		'DEBUG_OUTPUT'			=> (defined('DEBUG')) ? $debug_output : '',
 		'TRANSLATION_INFO'		=> (!empty($user->lang['TRANSLATION_INFO'])) ? $user->lang['TRANSLATION_INFO'] : '',
 
-		'U_ACP' => ($auth->acl_get('a_') && $user->data['is_registered']) ? append_sid("{$phpbb_root_path}adm/index.$phpEx", '', true, $user->session_id) : '')
+		'U_ACP' => ($auth->acl_get('a_') && $user->data['is_registered']) ? append_sid("{$phpbb_root_path}adm/index.$phpEx", false, true, $user->session_id) : '')
 	);
 
 	// Call cron-type script
-	if (!defined('IN_CRON') && $run_cron)
+	if (!defined('IN_CRON') && $run_cron && !$config['board_disable'])
 	{
 		$cron_type = '';
 	

phpBB/includes/functions_admin.php

@@ -365,14 +365,14 @@ function filelist($rootdir, $dir = '', $type = 'gif|jpg|jpeg|png')
 
 	if (!is_dir($rootdir . $dir))
 	{
-		return false;
+		return $matches;
 	}
 
 	$dh = @opendir($rootdir . $dir);
 
 	if (!$dh)
 	{
-		return false;
+		return $matches;
 	}
 
 	while (($fname = readdir($dh)) !== false)
@@ -1079,8 +1079,8 @@ function update_posted_info(&$topic_ids)
 		foreach ($topic_row as $topic_id)
 		{
 			$sql_ary[] = array(
-				'user_id'		=> $user_id,
-				'topic_id'		=> $topic_id,
+				'user_id'		=> (int) $user_id,
+				'topic_id'		=> (int) $topic_id,
 				'topic_posted'	=> 1,
 			);
 		}
@@ -2244,9 +2244,9 @@ function cache_moderators()
 				foreach ($forum_id_ary as $forum_id => $auth_ary)
 				{
 					$sql_ary[] = array(
-						'forum_id'		=> $forum_id,
-						'user_id'		=> $user_id,
-						'username'		=> $usernames_ary[$user_id],
+						'forum_id'		=> (int) $forum_id,
+						'user_id'		=> (int) $user_id,
+						'username'		=> (string) $usernames_ary[$user_id],
 						'group_id'		=> 0,
 						'group_name'	=> ''
 					);
@@ -2307,11 +2307,11 @@ function cache_moderators()
 				}
 
 				$sql_ary[] = array(
-					'forum_id'		=> $forum_id,
+					'forum_id'		=> (int) $forum_id,
 					'user_id'		=> 0,
 					'username'		=> '',
-					'group_id'		=> $group_id,
-					'group_name'	=> $groupnames_ary[$group_id]
+					'group_id'		=> (int) $group_id,
+					'group_name'	=> (string) $groupnames_ary[$group_id]
 				);
 			}
 		}
@@ -2423,7 +2423,8 @@ function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id
 
 			if (isset($user->lang[$row['log_operation']]))
 			{
-				$log[$i]['action'] = vsprintf($log[$i]['action'], $log_data_ary);
+				// We supress the warning about inappropiate number of passed parameters here due to possible changes within LOG strings from one version to another.
+				$log[$i]['action'] = @vsprintf($log[$i]['action'], $log_data_ary);
 
 				// If within the admin panel we do not censor text out
 				if (defined('IN_ADMIN'))
@@ -2791,6 +2792,17 @@ function get_database_size()
 			}
 		break;
 
+		case 'firebird':
+			global $dbname;
+
+			// if it on the local machine, we can get lucky
+			if (file_exists($dbname))
+			{
+				$database_size = filesize($dbname);
+			}
+
+		break;
+
 		case 'sqlite':
 			global $dbhost;
 

phpBB/includes/functions_compress.php

@@ -12,7 +12,7 @@
 * Class for handling archives (compression/decompression)
 * @package phpBB3
 */
-class compress 
+class compress
 {
 	var $fp = 0;
 
@@ -434,12 +434,15 @@ class compress_zip extends compress
 		header("Content-Type: $mimetype; name=\"$download_name.zip\"");
 		header("Content-disposition: attachment; filename=$download_name.zip");
 
-		$fp = fopen("{$phpbb_root_path}store/$filename.zip", 'rb');
-		while ($buffer = fread($fp, 1024))
+		$fp = @fopen("{$phpbb_root_path}store/$filename.zip", 'rb');
+		if ($fp)
 		{
-			echo $buffer;
+			while ($buffer = fread($fp, 1024))
+			{
+				echo $buffer;
+			}
+			fclose($fp);
 		}
-		fclose($fp);
 	}
 }
 
@@ -546,8 +549,8 @@ class compress_tar extends compress
 		{
 			$fzwrite = ($this->isbz && function_exists('bzwrite')) ? 'bzwrite' : (($this->isgz && @extension_loaded('zlib')) ? 'gzwrite' : 'fwrite');
 
-			// Symbolizes that there are no more files
-			$fzwrite($this->fp, str_repeat("\0", 512));
+			// The end of a tar archive ends in two records of all NULLs (1024 bytes of \0)
+			$fzwrite($this->fp, str_repeat("\0", 1024));
 		}
 
 		$fzclose($this->fp);
@@ -648,12 +651,15 @@ class compress_tar extends compress
 		header("Content-Type: $mimetype; name=\"$download_name$this->type\"");
 		header("Content-disposition: attachment; filename=$download_name$this->type");
 
-		$fp = fopen("{$phpbb_root_path}store/$filename$this->type", 'rb');
-		while ($buffer = fread($fp, 1024))
+		$fp = @fopen("{$phpbb_root_path}store/$filename$this->type", 'rb');
+		if ($fp)
 		{
-			echo $buffer;
+			while ($buffer = fread($fp, 1024))
+			{
+				echo $buffer;
+			}
+			fclose($fp);
 		}
-		fclose($fp);
 	}
 }
 

phpBB/includes/functions_convert.php

@@ -224,13 +224,15 @@ function make_uid($timestamp)
 */
 function validate_website($url)
 {
-	if ($url === 'http://'){
+	if ($url === 'http://')
+	{
 		return '';
 	}
 	else if (strpos(strtolower($url), 'http://') !== 0)
 	{
 		return 'http://' . $url;
 	}
+	return $url;
 }
 
 /**
@@ -1479,18 +1481,21 @@ function mass_auth($ug_type, $forum_id, $ug_id, $acl_list, $setting = ACL_NO)
 	// Role based permissions are the simplest to handle so check for them first
 	if ($ug_type == 'user_role' || $ug_type == 'group_role')
 	{
-		$sql = 'SELECT role_id
-			FROM ' . ACL_ROLES_TABLE . "
-			WHERE role_name = 'ROLE_" . $db->sql_escape($acl_list) . "'";
-		$result = $db->sql_query_limit($sql, 1);
-		$row = $db->sql_fetchrow($result);
-		$db->sql_freeresult($result);
-
-		// If we have no role id there is something wrong here
-		if ($row)
+		if (is_numeric($forum_id))
 		{
-			$sql = "INSERT INTO $table ($id_field, forum_id, auth_role_id) VALUES ($ug_id, $forum_id, " . $row['role_id'] . ')';
-			$db->sql_query($sql);
+			$sql = 'SELECT role_id
+				FROM ' . ACL_ROLES_TABLE . "
+				WHERE role_name = 'ROLE_" . $db->sql_escape($acl_list) . "'";
+			$result = $db->sql_query_limit($sql, 1);
+			$row = $db->sql_fetchrow($result);
+			$db->sql_freeresult($result);
+
+			// If we have no role id there is something wrong here
+			if ($row)
+			{
+				$sql = "INSERT INTO $table ($id_field, forum_id, auth_role_id) VALUES ($ug_id, $forum_id, " . $row['role_id'] . ')';
+				$db->sql_query($sql);
+			}
 		}
 
 		return;
@@ -1540,7 +1545,7 @@ function mass_auth($ug_type, $forum_id, $ug_id, $acl_list, $setting = ACL_NO)
 		$db->sql_freeresult($result);
 	}
 
-	$sql_forum = 'AND a.forum_id IN (' . implode(', ', array_map('intval', $forum_id)) . ')';
+	$sql_forum = 'AND ' . $db->sql_in_set('a.forum_id', array_map('intval', $forum_id), false, true);
 
 	$sql = ($ug_type == 'user') ? 'SELECT o.auth_option_id, o.auth_option, a.forum_id, a.auth_setting FROM ' . ACL_USERS_TABLE . ' a, ' . ACL_OPTIONS_TABLE . " o WHERE a.auth_option_id = o.auth_option_id $sql_forum AND a.user_id = $ug_id" : 'SELECT o.auth_option_id, o.auth_option, a.forum_id, a.auth_setting FROM ' . ACL_GROUPS_TABLE . ' a, ' . ACL_OPTIONS_TABLE . " o WHERE a.auth_option_id = o.auth_option_id $sql_forum AND a.group_id = $ug_id";
 	$result = $db->sql_query($sql);
@@ -1682,8 +1687,8 @@ function add_default_groups()
 	);
 
 	$sql = 'SELECT *
-		FROM ' . GROUPS_TABLE . "
-		WHERE group_name IN ('" . implode("', '", array_keys($default_groups)) . "')";
+		FROM ' . GROUPS_TABLE . '
+		WHERE ' . $db->sql_in_set('group_name', array_keys($default_groups));
 	$result = $db->sql_query($sql);
 
 	while ($row = $db->sql_fetchrow($result))
@@ -1702,9 +1707,9 @@ function add_default_groups()
 			'group_desc_uid'		=> '',
 			'group_desc_bitfield'	=> '',
 			'group_type'			=> GROUP_SPECIAL,
-			'group_colour'			=> $data[0],
-			'group_legend'			=> $data[1],
-			'group_founder_manage'	=> $data[2]
+			'group_colour'			=> (string) $data[0],
+			'group_legend'			=> (int) $data[1],
+			'group_founder_manage'	=> (int) $data[2]
 		);
 	}
 
@@ -2060,7 +2065,7 @@ function fix_empty_primary_groups()
 	if (sizeof($user_ids))
 	{
 		$db->sql_query('UPDATE ' . USERS_TABLE . ' SET group_id = ' . get_group_id('administrators') . '
-			WHERE group_id = 0 AND user_id IN (' . implode(', ', $user_ids) . ')');
+			WHERE group_id = 0 AND ' . $db->sql_in_set('user_id', $user_ids));
 	}
 
 	$sql = 'SELECT user_id FROM ' . USER_GROUP_TABLE . ' WHERE group_id = ' . get_group_id('global_moderators');
@@ -2075,7 +2080,7 @@ function fix_empty_primary_groups()
 	if (sizeof($user_ids))
 	{
 		$db->sql_query('UPDATE ' . USERS_TABLE . ' SET group_id = ' . get_group_id('global_moderators') . '
-			WHERE group_id = 0 AND user_id IN (' . implode(', ', $user_ids) . ')');
+			WHERE group_id = 0 AND ' . $db->sql_in_set('user_id', $user_ids));
 	}
 
 	// Set user colour

phpBB/includes/functions_display.php

@@ -216,10 +216,6 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 				$forum_rows[$parent_id]['forum_last_poster_colour'] = $row['forum_last_poster_colour'];
 				$forum_rows[$parent_id]['forum_id_last_post'] = $forum_id;
 			}
-			else
-			{
-				$forum_rows[$parent_id]['forum_id_last_post'] = $forum_id;
-			}
 		}
 	}
 	$db->sql_freeresult($result);
@@ -372,6 +368,24 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 		$s_subforums_list = (string) implode(', ', $s_subforums_list);
 		$catless = ($row['parent_id'] == $root_data['forum_id']) ? true : false;
 
+		if ($row['forum_type'] != FORUM_LINK)
+		{
+			$u_viewforum = append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $row['forum_id']);
+		}
+		else
+		{
+			// If the forum is a link and we count redirects we need to visit it
+			// If the forum is having a password or no read access we do not expose the link, but instead handle it in viewforum
+			if (($row['forum_flags'] & FORUM_FLAG_LINK_TRACK) || $row['forum_password'] || !$auth->acl_get('f_read', $forum_id))
+			{
+				$u_viewforum = append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $row['forum_id']);
+			}
+			else
+			{
+				$u_viewforum = $row['forum_link'];
+			}
+		}
+
 		$template->assign_block_vars('forumrow', array(
 			'S_IS_CAT'			=> false,
 			'S_NO_CAT'			=> $catless && !$last_catless,
@@ -401,7 +415,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 			'L_FORUM_FOLDER_ALT'	=> $folder_alt,
 			'L_MODERATOR_STR'		=> $l_moderator,
 
-			'U_VIEWFORUM'		=> ($row['forum_type'] != FORUM_LINK || ($row['forum_flags'] & FORUM_FLAG_LINK_TRACK)) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $row['forum_id']) : $row['forum_link'],
+			'U_VIEWFORUM'		=> $u_viewforum,
 			'U_LAST_POSTER'		=> get_username_string('profile', $row['forum_last_poster_id'], $row['forum_last_poster_name'], $row['forum_last_poster_colour']),
 			'U_LAST_POST'		=> $last_post_url)
 		);
@@ -665,7 +679,7 @@ function get_moderators(&$forum_moderators, $forum_id = false)
 		}
 		else
 		{
-			$forum_moderators[$row['forum_id']][] = '<a' . (($row['group_colour']) ? ' style="color:#' . $row['group_colour'] . ';font-weight:bold;"' : '') . ' href="' . append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=group&amp;g=' . $row['group_id']) . '">' . (($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name']) . '</a>';
+			$forum_moderators[$row['forum_id']][] = '<a' . (($row['group_colour']) ? ' style="color:#' . $row['group_colour'] . ';"' : '') . ' href="' . append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=group&amp;g=' . $row['group_id']) . '">' . (($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name']) . '</a>';
 		}
 	}
 	$db->sql_freeresult($result);

phpBB/includes/functions_install.php

@@ -258,7 +258,7 @@ function connect_check_db($error_connect, &$error, $dbms, $table_prefix, $dbhost
 	$db->sql_return_on_error(true);
 
 	// Check that we actually have a database name before going any further.....
-	if ($dbms['DRIVER'] != 'sqlite' && $dbname === '')
+	if ($dbms['DRIVER'] != 'sqlite' && $dbms['DRIVER'] != 'oracle' && $dbname === '')
 	{
 		$error[] = $lang['INST_ERR_DB_NO_NAME'];
 		return false;
@@ -324,6 +324,7 @@ function connect_check_db($error_connect, &$error, $dbms, $table_prefix, $dbhost
 			$table_ary = array($temp_prefix . 'attachments', $temp_prefix . 'config', $temp_prefix . 'sessions', $temp_prefix . 'topics', $temp_prefix . 'users');
 
 			$tables = get_tables($db);
+			$tables = array_map('strtolower', $tables);
 			$table_intersect = array_intersect($tables, $table_ary);
 
 			if (sizeof($table_intersect))

phpBB/includes/functions_jabber.php

@@ -394,7 +394,7 @@ class jabber
 				}
 
 				// go on with authentication?
-				if (isset($this->features['stream:features'][0]['#']['bind']) || $this->session['tls'])
+				if (isset($this->features['stream:features'][0]['#']['bind']) || !empty($this->session['tls']))
 				{
 					return $this->response($this->features);
 				}

phpBB/includes/functions_messenger.php

@@ -26,7 +26,9 @@ class messenger
 	*/
 	function messenger($use_queue = true)
 	{
-		$this->use_queue = $use_queue;
+		global $config;
+
+		$this->use_queue = (!$config['email_package_size']) ? false : $use_queue;
 		$this->subject = '';
 	}
 
@@ -287,6 +289,7 @@ class messenger
 		if ($config['email_package_size'] && $this->use_queue && !empty($this->queue))
 		{
 			$this->queue->save();
+			return;
 		}
 	}
 
@@ -819,7 +822,11 @@ function smtpmail($addresses, $subject, $message, &$err_msg, $headers = '')
 	$smtp->add_backtrace('Connecting to ' . $config['smtp_host'] . ':' . $config['smtp_port']);
 
 	// Ok we have error checked as much as we can to this point let's get on it already.
-	if (!$smtp->socket = @fsockopen($config['smtp_host'], $config['smtp_port'], $errno, $errstr, 20))
+	ob_start();
+	$smtp->socket = fsockopen($config['smtp_host'], $config['smtp_port'], $errno, $errstr, 20);
+	$error_contents = ob_get_clean();
+
+	if (!$smtp->socket)
 	{
 		if ($errstr)
 		{
@@ -827,6 +834,7 @@ function smtpmail($addresses, $subject, $message, &$err_msg, $headers = '')
 		}
 
 		$err_msg = (isset($user->lang['NO_CONNECT_TO_SMTP_HOST'])) ? sprintf($user->lang['NO_CONNECT_TO_SMTP_HOST'], $errno, $errstr) : "Could not connect to smtp host : $errno : $errstr";
+		$err_msg .= ($error_contents) ? '<br /><br />' . htmlspecialchars($error_contents) : '';
 		return false;
 	}
 

phpBB/includes/functions_module.php

@@ -124,20 +124,7 @@ class p_master
 		$this->module_cache['modules'] = array_merge($this->module_cache['modules']);
 
 		// Include MOD _info files for populating language entries within the menus
-		if (file_exists($user->lang_path . 'mods'))
-		{
-			$add_files = array();
-
-			foreach (glob($user->lang_path . 'mods/info_' . strtolower($this->p_class) . '_*.' . $phpEx, GLOB_NOSORT) as $file)
-			{
-				$add_files[] = 'mods/' . substr(basename($file), 0, -(strlen($phpEx) + 1));
-			}
-
-			if (sizeof($add_files))
-			{
-				$user->add_lang($add_files);
-			}
-		}
+		$this->add_mod_info($this->p_class);
 
 		// Now build the module array, but exclude completely empty categories...
 		$right_id = false;
@@ -815,6 +802,38 @@ class p_master
 			}
 		}
 	}
+
+	/**
+	* Add custom MOD info language file
+	*/
+	function add_mod_info($module_class)
+	{
+		global $user, $phpEx;
+
+		if (file_exists($user->lang_path . 'mods'))
+		{
+			$add_files = array();
+
+			$dir = @opendir($user->lang_path . 'mods');
+
+			if ($dir)
+			{
+				while (($entry = readdir($dir)) !== false)
+				{
+					if (strpos($entry, 'info_' . strtolower($module_class) . '_') === 0 && substr(strrchr($entry, '.'), 1) == $phpEx)
+					{
+						$add_files[] = 'mods/' . substr(basename($entry), 0, -(strlen($phpEx) + 1));
+					}
+				}
+				closedir($dir);
+			}
+
+			if (sizeof($add_files))
+			{
+				$user->add_lang($add_files);
+			}
+		}
+	}
 }
 
 ?>

phpBB/includes/functions_posting.php

@@ -757,7 +757,7 @@ function posting_gen_attachment_entry($attachment_data, &$filename_data)
 				$hidden .= '<input type="hidden" name="attachment_data[' . $count . '][' . $key . ']" value="' . $value . '" />';
 			}
 
-			$download_link = append_sid("{$phpbb_root_path}download.$phpEx", 'mode=view&amp;id=' . (int) $attach_row['attach_id'], false, ($attach_row['is_orphan']) ? $user->session_id : false);
+			$download_link = append_sid("{$phpbb_root_path}download.$phpEx", 'mode=view&amp;id=' . (int) $attach_row['attach_id'], true, ($attach_row['is_orphan']) ? $user->session_id : false);
 
 			$template->assign_block_vars('attach_row', array(
 				'FILENAME'			=> basename($attach_row['real_filename']),
@@ -1368,8 +1368,8 @@ function delete_post($forum_id, $topic_id, $post_id, &$data)
 
 			if ($data['topic_type'] != POST_GLOBAL)
 			{
-				$sql_data[FORUMS_TABLE] .= 'forum_posts = forum_posts - 1, forum_topics_real = forum_topics_real - 1';
-				$sql_data[FORUMS_TABLE] .= ($data['topic_approved']) ? ', forum_topics = forum_topics - 1' : '';
+				$sql_data[FORUMS_TABLE] .= 'forum_topics_real = forum_topics_real - 1';
+				$sql_data[FORUMS_TABLE] .= ($data['topic_approved']) ? ', forum_posts = forum_posts - 1, forum_topics = forum_topics - 1' : '';
 			}
 
 			$update_sql = update_post_information('forum', $forum_id, true);
@@ -1392,7 +1392,7 @@ function delete_post($forum_id, $topic_id, $post_id, &$data)
 
 			if ($data['topic_type'] != POST_GLOBAL)
 			{
-				$sql_data[FORUMS_TABLE] = 'forum_posts = forum_posts - 1';
+				$sql_data[FORUMS_TABLE] = ($data['post_approved']) ? 'forum_posts = forum_posts - 1' : '';
 			}
 
 			$sql_data[TOPICS_TABLE] = 'topic_first_post_id = ' . intval($row['post_id']) . ", topic_first_poster_colour = '" . $db->sql_escape($row['user_colour']) . "', topic_first_poster_name = '" . (($row['poster_id'] == ANONYMOUS) ? $db->sql_escape($row['post_username']) : $db->sql_escape($row['username'])) . "'";
@@ -1406,7 +1406,7 @@ function delete_post($forum_id, $topic_id, $post_id, &$data)
 		case 'delete_last_post':
 			if ($data['topic_type'] != POST_GLOBAL)
 			{
-				$sql_data[FORUMS_TABLE] = 'forum_posts = forum_posts - 1';
+				$sql_data[FORUMS_TABLE] = ($data['post_approved']) ? 'forum_posts = forum_posts - 1' : '';
 			}
 
 			$update_sql = update_post_information('forum', $forum_id, true);
@@ -1451,7 +1451,7 @@ function delete_post($forum_id, $topic_id, $post_id, &$data)
 
 			if ($data['topic_type'] != POST_GLOBAL)
 			{
-				$sql_data[FORUMS_TABLE] = 'forum_posts = forum_posts - 1';
+				$sql_data[FORUMS_TABLE] = ($data['post_approved']) ? 'forum_posts = forum_posts - 1' : '';
 			}
 
 			$sql_data[TOPICS_TABLE] = 'topic_replies_real = topic_replies_real - 1' . (($data['post_approved']) ? ', topic_replies = topic_replies - 1' : '');
@@ -2231,7 +2231,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 			$row = $db->sql_fetchrow($result);
 			$db->sql_freeresult($result);
 
-			// salvation, a post is found! jam it into the forums table
+			// salvation, a post is found! jam it into the topics table
 			$sql_data[TOPICS_TABLE]['stat'][] = 'topic_last_post_id = ' . (int) $row['post_id'];
 			$sql_data[TOPICS_TABLE]['stat'][] = "topic_last_post_subject = '" . $db->sql_escape($row['post_subject']) . "'";
 			$sql_data[TOPICS_TABLE]['stat'][] = 'topic_last_post_time = ' . (int) $row['post_time'];
@@ -2276,6 +2276,19 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 		$db->sql_query($sql);
 	}
 
+	// Committing the transaction before updating search index
+	$db->sql_transaction('commit');
+
+	// Delete draft if post was loaded...
+	$draft_id = request_var('draft_loaded', 0);
+	if ($draft_id)
+	{
+		$sql = 'DELETE FROM ' . DRAFTS_TABLE . "
+			WHERE draft_id = $draft_id
+				AND user_id = {$user->data['user_id']}";
+		$db->sql_query($sql);
+	}
+
 	// Index message contents
 	if ($update_message && $data['enable_indexing'])
 	{
@@ -2303,16 +2316,6 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 		$search->index($mode, $data['post_id'], $data['message'], $subject, $poster_id, ($topic_type == POST_GLOBAL) ? 0 : $data['forum_id']);
 	}
 
-	// Delete draft if post was loaded...
-	$draft_id = request_var('draft_loaded', 0);
-	if ($draft_id)
-	{
-		$sql = 'DELETE FROM ' . DRAFTS_TABLE . "
-			WHERE draft_id = $draft_id
-				AND user_id = {$user->data['user_id']}";
-		$db->sql_query($sql);
-	}
-
 	// Topic Notification, do not change if moderator is changing other users posts...
 	if ($user->data['user_id'] == $poster_id)
 	{
@@ -2331,8 +2334,6 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 		}
 	}
 
-	$db->sql_transaction('commit');
-
 	if ($mode == 'post' || $mode == 'reply' || $mode == 'quote')
 	{
 		// Mark this topic as posted to

phpBB/includes/functions_privmsgs.php

@@ -760,7 +760,7 @@ function move_pm($user_id, $message_limit, $move_msg_ids, $dest_folder, $cur_fol
 	}
 
 	if (sizeof($move_msg_ids) && !in_array($dest_folder, array(PRIVMSGS_NO_BOX, PRIVMSGS_OUTBOX, PRIVMSGS_SENTBOX)) && 
-		!in_array($cur_folder_id, array(PRIVMSGS_NO_BOX, PRIVMSGS_OUTBOX, PRIVMSGS_SENTBOX)) && $cur_folder_id != $dest_folder)
+		!in_array($cur_folder_id, array(PRIVMSGS_NO_BOX, PRIVMSGS_OUTBOX)) && $cur_folder_id != $dest_folder)
 	{
 		// We have to check the destination folder ;)
 		if ($dest_folder != PRIVMSGS_INBOX)
@@ -832,6 +832,10 @@ function move_pm($user_id, $message_limit, $move_msg_ids, $dest_folder, $cur_fol
 				$db->sql_query($sql);
 			}
 		}
+	} 
+	else if (in_array($cur_folder_id, array(PRIVMSGS_NO_BOX, PRIVMSGS_OUTBOX)))
+	{
+		trigger_error('CANNOT_MOVE_SPECIAL');
 	}
 
 	return $num_moved;
@@ -864,6 +868,17 @@ function update_unread_status($unread, $msg_id, $user_id, $folder_id)
 	if ($user->data['user_id'] == $user_id)
 	{
 		$user->data['user_unread_privmsg']--;
+
+		// Try to cope with previous wrong conversions...
+		if ($user->data['user_unread_privmsg'] < 0)
+		{
+			$sql = 'UPDATE ' . USERS_TABLE . " 
+				SET user_unread_privmsg = 0
+				WHERE user_id = $user_id";
+			$db->sql_query($sql);
+
+			$user->data['user_unread_privmsg'] = 0;
+		}
 	}
 }
 

phpBB/includes/functions_profile_fields.php

@@ -14,7 +14,7 @@
 */
 class custom_profile
 {
-	var $profile_types = array(1 => 'int', 2 => 'string', 3 => 'text', 4 => 'bool', 5 => 'dropdown', 6 => 'date');
+	var $profile_types = array(FIELD_INT => 'int', FIELD_STRING => 'string', FIELD_TEXT => 'text', FIELD_BOOL => 'bool', FIELD_DROPDOWN => 'dropdown', FIELD_DATE => 'date');
 	var $profile_cache = array();
 	var $options_lang = array();
 
@@ -69,7 +69,7 @@ class custom_profile
 				'LANG_NAME'		=> $row['lang_name'],
 				'LANG_EXPLAIN'	=> $row['lang_explain'],
 				'FIELD'			=> $tpl_snippet,
-				'FIELD_ID'		=> ($type == 6 || ($type == 4 && $row['field_length'] == '1')) ? '' : 'pf_' . $row['field_ident'],
+				'FIELD_ID'		=> ($type == FIELD_DATE || ($type == FIELD_BOOL && $row['field_length'] == '1')) ? '' : 'pf_' . $row['field_ident'],
 				'S_REQUIRED'	=> ($row['field_required']) ? true : false)
 			);
 		}
@@ -528,7 +528,7 @@ class custom_profile
 				}
 				else
 				{
-					return $this->options_lang[$field_id][$lang_id][(int) ($value + 1)];
+					return $this->options_lang[$field_id][$lang_id][(int) ($value) + 1];
 				}
 			break;
 
@@ -547,8 +547,7 @@ class custom_profile
 		global $user;
 
 		$profile_row['field_ident'] = (isset($profile_row['var_name'])) ? $profile_row['var_name'] : 'pf_' . $profile_row['field_ident'];
-		$user_ident = 'pf_' . str_replace('pf_', '', $profile_row['field_ident']);
-
+		$user_ident = $profile_row['field_ident'];
 		// checkbox - only testing for isset
 		if ($profile_row['field_type'] == FIELD_BOOL && $profile_row['field_length'] == 2)
 		{
@@ -619,7 +618,7 @@ class custom_profile
 		global $user, $template;
 
 		$profile_row['field_ident'] = (isset($profile_row['var_name'])) ? $profile_row['var_name'] : 'pf_' . $profile_row['field_ident'];
-		$user_ident = 'pf_' . str_replace('pf_', '', $profile_row['field_ident']);
+		$user_ident = $profile_row['field_ident'];
 
 		$now = getdate();
 
@@ -994,7 +993,7 @@ class custom_profile_admin extends custom_profile
 		);
 
 		$options = array(
-			0 => array('TITLE' => $user->lang['FIELD_TYPE'], 'EXPLAIN' => $user->lang['BOOL_TYPE_EXPLAIN'], 'FIELD' => '<label><input type="radio" class="radio" name="field_length" value="1"' . (($this->vars['field_length'] == 1) ? ' checked="checked"' : '') . ' />' . $user->lang['RADIO_BUTTONS'] . '</label><label><input type="radio" class="radio" name="field_length" value="2"' . (($this->vars['field_length'] == 2) ? ' checked="checked"' : '') . ' />' . $user->lang['CHECKBOX'] . '</label>'),
+			0 => array('TITLE' => $user->lang['FIELD_TYPE'], 'EXPLAIN' => $user->lang['BOOL_TYPE_EXPLAIN'], 'FIELD' => '<label><input type="radio" class="radio" name="field_length" value="1"' . (($this->vars['field_length'] == 1) ? ' checked="checked"' : '') . ' onchange="document.getElementById(\'add_profile_field\').submit();" /> ' . $user->lang['RADIO_BUTTONS'] . '</label><label><input type="radio" class="radio" name="field_length" value="2"' . (($this->vars['field_length'] == 2) ? ' checked="checked"' : '') . ' onchange="document.getElementById(\'add_profile_field\').submit();" /> ' . $user->lang['CHECKBOX'] . '</label>'),
 			1 => array('TITLE' => $user->lang['DEFAULT_VALUE'], 'FIELD' => $this->process_field_row('preview', $profile_row))
 		);
 

phpBB/includes/functions_user.php

@@ -368,40 +368,47 @@ function user_delete($mode, $user_id, $post_username = false)
 				$post_username = $user->lang['GUEST'];
 			}
 
-			$sql = 'UPDATE ' . FORUMS_TABLE . '
-				SET forum_last_poster_id = ' . ANONYMOUS . ", forum_last_poster_name = '" . $db->sql_escape($post_username) . "', forum_last_poster_colour = ''
-				WHERE forum_last_poster_id = $user_id";
-			$db->sql_query($sql);
-
-			$sql = 'UPDATE ' . POSTS_TABLE . '
-				SET poster_id = ' . ANONYMOUS . ", post_username = '" . $db->sql_escape($post_username) . "'
-				WHERE poster_id = $user_id";
-			$db->sql_query($sql);
-
-			$sql = 'UPDATE ' . POSTS_TABLE . '
-				SET post_edit_user = ' . ANONYMOUS . "
-				WHERE post_edit_user = $user_id";
-			$db->sql_query($sql);
-
-			$sql = 'UPDATE ' . TOPICS_TABLE . '
-				SET topic_poster = ' . ANONYMOUS . ", topic_first_poster_name = '" . $db->sql_escape($post_username) . "', topic_first_poster_colour = ''
-				WHERE topic_poster = $user_id";
-			$db->sql_query($sql);
-
-			$sql = 'UPDATE ' . TOPICS_TABLE . '
-				SET topic_last_poster_id = ' . ANONYMOUS . ", topic_last_poster_name = '" . $db->sql_escape($post_username) . "', topic_last_poster_colour = ''
-				WHERE topic_last_poster_id = $user_id";
-			$db->sql_query($sql);
-
-			// Since we change every post by this author, we need to count this amount towards the anonymous user
-
-			// Update the post count for the anonymous user
-			if ($user_row['user_posts'])
+			// If the user is inactive and newly registered we assume no posts from this user being there...
+			if ($user_row['user_type'] == USER_INACTIVE && $user_row['user_inactive_reason'] == INACTIVE_REGISTER && !$user_row['user_posts'])
 			{
-				$sql = 'UPDATE ' . USERS_TABLE . '
-					SET user_posts = user_posts + ' . $user_row['user_posts'] . '
-					WHERE user_id = ' . ANONYMOUS;
+			}
+			else
+			{
+				$sql = 'UPDATE ' . FORUMS_TABLE . '
+					SET forum_last_poster_id = ' . ANONYMOUS . ", forum_last_poster_name = '" . $db->sql_escape($post_username) . "', forum_last_poster_colour = ''
+					WHERE forum_last_poster_id = $user_id";
 				$db->sql_query($sql);
+
+				$sql = 'UPDATE ' . POSTS_TABLE . '
+					SET poster_id = ' . ANONYMOUS . ", post_username = '" . $db->sql_escape($post_username) . "'
+					WHERE poster_id = $user_id";
+				$db->sql_query($sql);
+
+				$sql = 'UPDATE ' . POSTS_TABLE . '
+					SET post_edit_user = ' . ANONYMOUS . "
+					WHERE post_edit_user = $user_id";
+				$db->sql_query($sql);
+
+				$sql = 'UPDATE ' . TOPICS_TABLE . '
+					SET topic_poster = ' . ANONYMOUS . ", topic_first_poster_name = '" . $db->sql_escape($post_username) . "', topic_first_poster_colour = ''
+					WHERE topic_poster = $user_id";
+				$db->sql_query($sql);
+
+				$sql = 'UPDATE ' . TOPICS_TABLE . '
+					SET topic_last_poster_id = ' . ANONYMOUS . ", topic_last_poster_name = '" . $db->sql_escape($post_username) . "', topic_last_poster_colour = ''
+					WHERE topic_last_poster_id = $user_id";
+				$db->sql_query($sql);
+
+				// Since we change every post by this author, we need to count this amount towards the anonymous user
+
+				// Update the post count for the anonymous user
+				if ($user_row['user_posts'])
+				{
+					$sql = 'UPDATE ' . USERS_TABLE . '
+						SET user_posts = user_posts + ' . $user_row['user_posts'] . '
+						WHERE user_id = ' . ANONYMOUS;
+					$db->sql_query($sql);
+				}
 			}
 		break;
 
@@ -671,7 +678,7 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
 			}
 			else
 			{
-				trigger_error($user->lang['LENGTH_BAN_INVALID']);
+				trigger_error('LENGTH_BAN_INVALID');
 			}
 		}
 	}
@@ -723,11 +730,11 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
 						$clean_name = utf8_clean_string($username);
 						if ($clean_name == $user->data['username_clean'])
 						{
-							trigger_error($user->lang['CANNOT_BAN_YOURSELF']);
+							trigger_error('CANNOT_BAN_YOURSELF', E_USER_WARNING);
 						}
 						if (in_array($clean_name, $founder_names))
 						{
-							trigger_error($user->lang['CANNOT_BAN_FOUNDER']);
+							trigger_error('CANNOT_BAN_FOUNDER', E_USER_WARNING);
 						}
 						$sql_usernames[] = $clean_name;
 					}
@@ -736,7 +743,7 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
 				// Make sure we have been given someone to ban
 				if (!sizeof($sql_usernames))
 				{
-					trigger_error($user->lang['NO_USER_SPECIFIED']);
+					trigger_error('NO_USER_SPECIFIED');
 				}
 
 				$sql = 'SELECT user_id
@@ -759,13 +766,13 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
 				{
 					do
 					{
-						$banlist_ary[] = $row['user_id'];
+						$banlist_ary[] = (int) $row['user_id'];
 					}
 					while ($row = $db->sql_fetchrow($result));
 				}
 				else
 				{
-					trigger_error($user->lang['NO_USERS']);
+					trigger_error('NO_USERS');
 				}
 				$db->sql_freeresult($result);
 			}
@@ -842,7 +849,7 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
 				else if (preg_match('#^\*$#', trim($ban_item)))
 				{
 					// Ban all IPs
-					$banlist_ary[] = "*";
+					$banlist_ary[] = '*';
 				}
 				else if (preg_match('#^([\w\-_]\.?){2,}$#is', trim($ban_item)))
 				{
@@ -952,11 +959,11 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
 		{
 			$sql_ary[] = array(
 				$type				=> $ban_entry,
-				'ban_start'			=> $current_time,
-				'ban_end'			=> $ban_end,
-				'ban_exclude'		=> $ban_exclude,
-				'ban_reason'		=> $ban_reason,
-				'ban_give_reason'	=> $ban_give_reason,
+				'ban_start'			=> (int) $current_time,
+				'ban_end'			=> (int) $ban_end,
+				'ban_exclude'		=> (int) $ban_exclude,
+				'ban_reason'		=> (string) $ban_reason,
+				'ban_give_reason'	=> (string) $ban_give_reason,
 			);
 		}
 		
@@ -1277,7 +1284,7 @@ function validate_username($username, $allowed_username = false)
 	$mbstring = $pcre = false;
 
 	// generic UTF-8 character types supported?
-	if (version_compare(PHP_VERSION, '5.1.0', '>=') || (version_compare(PHP_VERSION, '5.0.0-dev', '<=') && version_compare(PHP_VERSION, '4.4.0', '>=')))
+	if ((version_compare(PHP_VERSION, '5.1.0', '>=') || (version_compare(PHP_VERSION, '5.0.0-dev', '<=') && version_compare(PHP_VERSION, '4.4.0', '>='))) && @preg_match('/\p{L}/u', 'a') !== false)
 	{
 		$pcre = true;
 	}
@@ -1296,12 +1303,12 @@ function validate_username($username, $allowed_username = false)
 
 		case 'USERNAME_ALPHA_ONLY':
 			$pcre = true;
-			$regex = '[A-Za-z]+';
+			$regex = '[A-Za-z0-9]+';
 		break;
 
 		case 'USERNAME_ALPHA_SPACERS':
 			$pcre = true;
-			$regex = '[A-Za-z-\]_+ ]+';
+			$regex = '[A-Za-z0-9-[\]_+ ]+';
 		break;
 
 		case 'USERNAME_LETTER_NUM':
@@ -1388,7 +1395,7 @@ function validate_username($username, $allowed_username = false)
 
 	foreach ($bad_usernames as $bad_username)
 	{
-		if (preg_match('#^' . $bad_username . '#', $clean_username))
+		if (preg_match('#^' . $bad_username . '$#', $clean_username))
 		{
 			return 'USERNAME_DISALLOWED';
 		}
@@ -1428,7 +1435,7 @@ function validate_password($password)
 	$pcre = $mbstring = false;
 
 	// generic UTF-8 character types supported?
-	if (version_compare(PHP_VERSION, '5.1.0', '>=') || (version_compare(PHP_VERSION, '5.0.0-dev', '<=') && version_compare(PHP_VERSION, '4.4.0', '>=')))
+	if ((version_compare(PHP_VERSION, '5.1.0', '>=') || (version_compare(PHP_VERSION, '5.0.0-dev', '<=') && version_compare(PHP_VERSION, '4.4.0', '>='))) && @preg_match('/\p{L}/u', 'a') !== false)
 	{
 		$upp = '\p{Lu}';
 		$low = '\p{Ll}';
@@ -1493,7 +1500,7 @@ function validate_password($password)
 	{
 		foreach ($chars as $char)
 		{
-			if (!mb_ereg_match($char, $password))
+			if (mb_ereg($char, $password) === false)
 			{
 				return 'INVALID_CHARS';
 			}
@@ -1813,13 +1820,13 @@ function avatar_remote($data, &$error)
 	}
 
 	// Make sure getimagesize works...
-	if (($image_data = @getimagesize($data['remotelink'])) === false)
+	if (($image_data = @getimagesize($data['remotelink'])) === false && (empty($data['width']) || empty($data['height'])))
 	{
 		$error[] = $user->lang['UNABLE_GET_IMAGE_SIZE'];
 		return false;
 	}
 
-	if ($image_data[0] < 2 || $image_data[1] < 2)
+	if (!empty($image_data) && ($image_data[0] < 2 || $image_data[1] < 2))
 	{
 		$error[] = $user->lang['AVATAR_NO_SIZE'];
 		return false;
@@ -1839,7 +1846,7 @@ function avatar_remote($data, &$error)
 	$types = fileupload::image_types();
 	$extension = strtolower(filespec::get_extension($data['remotelink']));
 
-	if (!isset($types[$image_data[2]]) || !in_array($extension, $types[$image_data[2]]))
+	if (!empty($image_data) && (!isset($types[$image_data[2]]) || !in_array($extension, $types[$image_data[2]])))
 	{
 		if (!isset($types[$image_data[2]]))
 		{
@@ -2389,7 +2396,7 @@ function group_create(&$group_id, $type, $name, $desc, $group_attributes, $allow
 
 			if (sizeof($user_ary))
 			{
-				group_set_user_default($group_id, $user_ary, $sql_ary);
+				group_set_user_default($group_id, $user_ary, $sql_ary, false, true);
 			}
 		}
 
@@ -2567,10 +2574,10 @@ function group_user_add($group_id, $user_id_ary = false, $username_ary = false,
 		foreach ($add_id_ary as $user_id)
 		{
 			$sql_ary[] = array(
-				'user_id'		=> $user_id,
-				'group_id'		=> $group_id,
-				'group_leader'	=> $leader,
-				'user_pending'	=> $pending,
+				'user_id'		=> (int) $user_id,
+				'group_id'		=> (int) $group_id,
+				'group_leader'	=> (int) $leader,
+				'user_pending'	=> (int) $pending,
 			);
 		}
 
@@ -2886,7 +2893,7 @@ function group_validate_groupname($group_id, $group_name)
 *
 * @private
 */
-function group_set_user_default($group_id, $user_id_ary, $group_attributes = false, $update_listing = false)
+function group_set_user_default($group_id, $user_id_ary, $group_attributes = false, $update_listing = false, $same_group = false)
 {
 	global $db;
 
@@ -2923,8 +2930,8 @@ function group_set_user_default($group_id, $user_id_ary, $group_attributes = fal
 	{
 		if (isset($group_attributes[$attribute]))
 		{
-			// If we are about to set an avatar, we will not overwrite user avatars if no group avatar is set...
-			if (strpos($attribute, 'group_avatar') === 0 && !$group_attributes[$attribute])
+			// If we are about to set an avatar or rank, we will not overwrite with empty, unless we are not actually changing the default group
+			if (!$same_group && (strpos($attribute, 'group_avatar') === 0 || strpos($attribute, 'group_rank') === 0) && !$group_attributes[$attribute])
 			{
 				continue;
 			}

phpBB/includes/mcp/mcp_ban.php

@@ -37,12 +37,18 @@ class mcp_ban
 		{
 			 
 			// Grab the list of entries
-			$ban				= request_var('ban', '', ($mode === 'user') true ? false);
+			$ban				= request_var('ban', '', ($mode === 'user') ? true : false);
+
+			if ($mode === 'user')
+			{
+				$ban = utf8_normalize_nfc($ban);
+			}
+
 			$ban_len			= request_var('banlength', 0);
 			$ban_len_other		= request_var('banlengthother', '');
 			$ban_exclude		= request_var('banexclude', 0);
-			$ban_reason			= request_var('banreason', '', true);
-			$ban_give_reason	= request_var('bangivereason', '', true);
+			$ban_reason			= utf8_normalize_nfc(request_var('banreason', '', true));
+			$ban_give_reason	= utf8_normalize_nfc(request_var('bangivereason', '', true));
 			
 
 			if ($ban)

phpBB/includes/mcp/mcp_forum.php

@@ -276,7 +276,7 @@ function mcp_resync_topics($topic_ids)
 
 	if (!sizeof($topic_ids))
 	{
-		trigger_error($user->lang['NO_TOPIC_SELECTED']);
+		trigger_error('NO_TOPIC_SELECTED');
 	}
 
 	if (!check_ids($topic_ids, TOPICS_TABLE, 'topic_id', array('m_')))
@@ -396,7 +396,7 @@ function merge_topics($forum_id, $topic_ids, $to_topic_id)
 		// If the topic no longer exist, we will update the topic watch table.
 		// To not let it error out on users watching both topics, we just return on an error...
 		$db->sql_return_on_error(true);
-		$db->sql_query('UPDATE ' . TOPICS_WATCH_TABLE . ' SET topic_id = ' . $to_topic_id . ' WHERE ' . $db->sql_in_set('topic_id', $topic_ids));
+		$db->sql_query('UPDATE ' . TOPICS_WATCH_TABLE . ' SET topic_id = ' . (int) $to_topic_id . ' WHERE ' . $db->sql_in_set('topic_id', $topic_ids));
 		$db->sql_return_on_error(false);
 
 		$db->sql_query('DELETE FROM ' . TOPICS_WATCH_TABLE . ' WHERE ' . $db->sql_in_set('topic_id', $topic_ids));

phpBB/includes/mcp/mcp_front.php

@@ -227,7 +227,7 @@ function mcp_front_view($id, $mode, $action)
 	// Latest 5 logs
 	if ($module->loaded('logs'))
 	{
-		$forum_list = get_forum_list(array('m_', 'a_'));
+		$forum_list = get_forum_list('m_');
 
 		if (!empty($forum_list))
 		{

phpBB/includes/mcp/mcp_logs.php

@@ -55,54 +55,92 @@ class mcp_logs
 		$this->tpl_name = 'mcp_logs';
 		$this->page_title = 'MCP_LOGS';
 
+		$forum_list = get_forum_list('m_');
+		$forum_list[] = 0;
+
 		$forum_id = $topic_id = 0;
+
 		switch ($mode)
 		{
 			case 'front':
-				$where_sql = '';
 			break;
 
 			case 'forum_logs':
 				$forum_id = request_var('f', 0);
-				$where_sql = " AND forum_id = $forum_id";
+
+				if (!in_array($forum_id, $forum_list))
+				{
+					trigger_error('NOT_AUTHORISED');
+				}
+
+				$forum_list = array($forum_id);
 			break;
 
 			case 'topic_logs':
 				$topic_id = request_var('t', 0);
-				$where_sql = " AND topic_id = $topic_id";
+
+				$sql = 'SELECT forum_id
+					FROM ' . TOPICS_TABLE . '
+					WHERE topic_id = ' . $topic_id;
+				$result = $db->sql_query($sql);
+				$forum_id = (int) $db->sql_fetchfield('forum_id');
+				$db->sql_freeresult($result);
+
+				if (!in_array($forum_id, $forum_list))
+				{
+					trigger_error('NOT_AUTHORISED');
+				}
+
+				$forum_list = array($forum_id);
 			break;
 		}
 
 		// Delete entries if requested and able
 		if (($deletemark || $deleteall) && $auth->acl_get('a_clearlogs'))
 		{
-			if ($deletemark)
+			if (confirm_box(true))
 			{
-				if (!sizeof($marked))
+				if ($deletemark && sizeof($marked))
 				{
-					$where_sql = '';
-				}
-				else
-				{
-					$sql_in = array();
-					foreach ($marked as $mark)
-					{
-						$sql_in[] = $mark;
-					}
+					$sql = 'DELETE FROM ' . LOG_TABLE . '
+						WHERE log_type = ' . LOG_MOD . '
+							AND ' . $db->sql_in_set('forum_id', $forum_list) . '
+							AND ' . $db->sql_in_set('log_id', $marked);
+					$db->sql_query($sql);
 
-					$where_sql = ' AND ' . $db->sql_in_set('log_id', $sql_in);
-					unset($sql_in);
+					add_log('admin', 'LOG_CLEAR_MOD');
+				}
+				else if ($deleteall)
+				{
+					$sql = 'DELETE FROM ' . LOG_TABLE . '
+						WHERE log_type = ' . LOG_MOD . '
+							AND ' . $db->sql_in_set('forum_id', $forum_list);
+
+					if ($mode == 'topic_logs')
+					{
+						$sql .= ' AND topic_id = ' . $topic_id;
+					}
+					$db->sql_query($sql);
+
+					add_log('admin', 'LOG_CLEAR_MOD');
 				}
 			}
-
-			if ($where_sql || $deleteall)
+			else
 			{
-				$sql = 'DELETE FROM ' . LOG_TABLE . '
-					WHERE log_type = ' . LOG_MOD . "
-					$where_sql";
-				$db->sql_query($sql);
-
-				add_log('admin', 'LOG_CLEAR_MOD');
+				confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
+					'f'			=> $forum_id,
+					't'			=> $topic_id,
+					'start'		=> $start,
+					'delmarked'	=> $deletemark,
+					'delall'	=> $deleteall,
+					'mark'		=> $marked,
+					'st'		=> $sort_days,
+					'sk'		=> $sort_key,
+					'sd'		=> $sort_dir,
+					'i'			=> $id,
+					'mode'		=> $mode,
+					'action'	=> request_var('action', array('' => ''))))
+				);
 			}
 		}
 
@@ -121,7 +159,7 @@ class mcp_logs
 		// Grab log data
 		$log_data = array();
 		$log_count = 0;
-		view_log('mod', $log_data, $log_count, $config['topics_per_page'], $start, $forum_id, $topic_id, 0, $sql_where, $sql_sort);
+		view_log('mod', $log_data, $log_count, $config['topics_per_page'], $start, $forum_list, $topic_id, 0, $sql_where, $sql_sort);
 
 		$template->assign_vars(array(
 			'PAGE_NUMBER'		=> on_page($log_count, $config['topics_per_page'], $start),

phpBB/includes/mcp/mcp_main.php

@@ -570,10 +570,15 @@ function mcp_move_topic($topic_ids)
 			}
 		}
 	}
+	else if (isset($_POST['confirm']))
+	{
+		$additional_msg = $user->lang['FORUM_NOT_EXIST'];
+	}
 
 	if (!$to_forum_id || $additional_msg)
 	{
 		unset($_POST['confirm']);
+		unset($_REQUEST['confirm_key']);
 	}
 
 	if (confirm_box(true))
@@ -964,10 +969,15 @@ function mcp_fork_topic($topic_ids)
 			}
 		}
 	}
+	else if (isset($_POST['confirm']))
+	{
+		$additional_msg = $user->lang['FORUM_NOT_EXIST'];
+	}
 
-	if (!$to_forum_id || $additional_msg)
+	if ($additional_msg)
 	{
 		unset($_POST['confirm']);
+		unset($_REQUEST['confirm_key']);
 	}
 
 	if (confirm_box(true))
@@ -1132,9 +1142,9 @@ function mcp_fork_topic($topic_ids)
 			while ($row = $db->sql_fetchrow($result))
 			{
 				$sql_ary[] = array(
-					'topic_id'		=> $new_topic_id,
-					'user_id'		=> $row['user_id'],
-					'notify_status'	=> $row['notify_status'],
+					'topic_id'		=> (int) $new_topic_id,
+					'user_id'		=> (int) $row['user_id'],
+					'notify_status'	=> (int) $row['notify_status'],
 				);
 			}
 			$db->sql_freeresult($result);

phpBB/includes/mcp/mcp_notes.php

@@ -86,7 +86,7 @@ class mcp_notes
 
 		if (!$userrow)
 		{
-			trigger_error($user->lang['NO_USER']);
+			trigger_error('NO_USER');
 		}
 
 		$user_id = $userrow['user_id'];
@@ -103,7 +103,7 @@ class mcp_notes
 		$deletemark = ($action == 'del_marked') ? true : false;
 		$deleteall	= ($action == 'del_all') ? true : false;
 		$marked		= request_var('marknote', array(0));
-		$usernote	= request_var('usernote', '', true);
+		$usernote	= utf8_normalize_nfc(request_var('usernote', '', true));
 
 		// Handle any actions
 		if (($deletemark || $deleteall) && $auth->acl_get('a_clearlogs'))

phpBB/includes/mcp/mcp_post.php

@@ -26,7 +26,7 @@ function mcp_post_details($id, $mode, $action)
 
 	if (!sizeof($post_info))
 	{
-		trigger_error($user->lang['POST_NOT_EXIST']);
+		trigger_error('POST_NOT_EXIST');
 	}
 
 	$post_info = $post_info[$post_id];
@@ -79,7 +79,7 @@ function mcp_post_details($id, $mode, $action)
 
 			if (!$row)
 			{
-				trigger_error($user->lang['NO_USER']);
+				trigger_error('NO_USER');
 			}
 
 			if ($auth->acl_get('m_chgposter', $post_info['forum_id']))
@@ -473,7 +473,7 @@ function change_poster(&$post_info, $userdata)
 
 	if (!sizeof($post_info))
 	{
-		trigger_error($user->lang['POST_NOT_EXIST']);
+		trigger_error('POST_NOT_EXIST');
 	}
 
 	$post_info = $post_info[$post_id];

phpBB/includes/mcp/mcp_queue.php

@@ -224,7 +224,7 @@ class mcp_queue
 
 					if (!sizeof($topic_info))
 					{
-						trigger_error($user->lang['TOPIC_NOT_EXIST']);
+						trigger_error('TOPIC_NOT_EXIST');
 					}
 
 					$topic_info = $topic_info[$topic_id];
@@ -733,8 +733,8 @@ function disapprove_post($post_id_list, $id, $mode)
 		trigger_error('NOT_AUTHORISED');
 	}
 
-	$redirect = request_var('redirect', build_url(array('t', 'mode', '_f_', 'quickmod')) . '&mode=unapproved_topics');
-	$reason = request_var('reason', '', true);
+	$redirect = request_var('redirect', build_url(array('t', 'mode', '_f_', 'quickmod')) . "&mode=$mode");
+	$reason = utf8_normalize_nfc(request_var('reason', '', true));
 	$reason_id = request_var('reason_id', 0);
 	$success_msg = $additional_msg = '';
 

phpBB/includes/mcp/mcp_reports.php

@@ -242,7 +242,7 @@ class mcp_reports
 
 					if (!sizeof($topic_info))
 					{
-						trigger_error($user->lang['TOPIC_NOT_EXIST']);
+						trigger_error('TOPIC_NOT_EXIST');
 					}
 
 					$topic_info = $topic_info[$topic_id];

phpBB/includes/mcp/mcp_topic.php

@@ -25,7 +25,7 @@ function mcp_topic_view($id, $mode, $action)
 
 	if (!sizeof($topic_info))
 	{
-		trigger_error($user->lang['TOPIC_NOT_EXIST']);
+		trigger_error('TOPIC_NOT_EXIST');
 	}
 
 	$topic_info = $topic_info[$topic_id];
@@ -34,6 +34,7 @@ function mcp_topic_view($id, $mode, $action)
 	$icon_id		= request_var('icon', 0);
 	$subject		= utf8_normalize_nfc(request_var('subject', '', true));
 	$start			= request_var('start', 0);
+	$forum_id		= request_var('f', 0);
 	$to_topic_id	= request_var('to_topic_id', 0);
 	$to_forum_id	= request_var('to_forum_id', 0);
 	$post_id_list	= request_var('post_id_list', array(0));
@@ -215,7 +216,7 @@ function mcp_topic_view($id, $mode, $action)
 			'S_CHECKED'			=> ($post_id_list && in_array(intval($row['post_id']), $post_id_list)) ? true : false,
 			'S_HAS_ATTACHMENTS'	=> (!empty($attachments[$row['post_id']])) ? true : false,
 
-			'U_POST_DETAILS'	=> "$url&i=$id&p={$row['post_id']}&mode=post_details",
+			'U_POST_DETAILS'	=> "$url&i=$id&p={$row['post_id']}&mode=post_details" . (($forum_id) ? "&f=$forum_id" : ''),
 			'U_MCP_APPROVE'		=> ($auth->acl_get('m_approve', $topic_info['forum_id'])) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue&mode=approve_details&f=' . $topic_info['forum_id'] . '&p=' . $row['post_id']) : '',
 			'U_MCP_REPORT'		=> ($auth->acl_get('m_report', $topic_info['forum_id'])) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=reports&mode=report_details&f=' . $topic_info['forum_id'] . '&p=' . $row['post_id']) : '')
 		);
@@ -439,7 +440,7 @@ function split_topic($action, $topic_id, $to_forum_id, $subject)
 
 		if (!sizeof($post_id_list))
 		{
-			trigger_error($user->lang['NO_POST_SELECTED']);
+			trigger_error('NO_POST_SELECTED');
 		}
 
 		$icon_id = request_var('icon', 0);
@@ -571,10 +572,10 @@ function merge_posts($topic_id, $to_topic_id)
 			// If the topic no longer exist, we will update the topic watch table.
 			// To not let it error out on users watching both topics, we just return on an error...
 			$db->sql_return_on_error(true);
-			$db->sql_query('UPDATE ' . TOPICS_WATCH_TABLE . ' SET topic_id = ' . $to_topic_id . ' WHERE topic_id = ' . $topic_id);
+			$db->sql_query('UPDATE ' . TOPICS_WATCH_TABLE . ' SET topic_id = ' . (int) $to_topic_id . ' WHERE topic_id = ' . (int) $topic_id);
 			$db->sql_return_on_error(false);
 
-			$db->sql_query('DELETE FROM ' . TOPICS_WATCH_TABLE . ' WHERE topic_id = ' . $topic_id);
+			$db->sql_query('DELETE FROM ' . TOPICS_WATCH_TABLE . ' WHERE topic_id = ' . (int) $topic_id);
 		}
 
 		// Link to the new topic

phpBB/includes/mcp/mcp_warn.php

@@ -191,7 +191,7 @@ class mcp_warn
 		$post_id = request_var('p', 0);
 		$forum_id = request_var('f', 0);
 		$notify = (isset($_REQUEST['notify_user'])) ? true : false;
-		$warning = request_var('warning', '', true);
+		$warning = utf8_normalize_nfc(request_var('warning', '', true));
 
 		$sql = 'SELECT u.*, p.*
 			FROM ' . POSTS_TABLE . ' p, ' . USERS_TABLE . " u 
@@ -203,19 +203,19 @@ class mcp_warn
 
 		if (!$user_row)
 		{
-			trigger_error($user->lang['NO_POST']);
+			trigger_error('NO_POST');
 		}
 
 		// There is no point issuing a warning to ignored users (ie anonymous and bots)
 		if ($user_row['user_type'] == USER_IGNORE)
 		{
-			trigger_error($user->lang['CANNOT_WARN_ANONYMOUS']);
+			trigger_error('CANNOT_WARN_ANONYMOUS');
 		}
 
 		// Prevent someone from warning themselves
 		if ($user_row['user_id'] == $user->data['user_id'])
 		{
-			trigger_error($user->lang['CANNOT_WARN_SELF']);
+			trigger_error('CANNOT_WARN_SELF');
 		}
 
 		// Check if there is already a warning for this post to prevent multiple
@@ -229,7 +229,7 @@ class mcp_warn
 
 		if ($row)
 		{
-			trigger_error($user->lang['ALREADY_WARNED']);
+			trigger_error('ALREADY_WARNED');
 		}
 
 		$user_id = $user_row['user_id'];
@@ -306,7 +306,7 @@ class mcp_warn
 		$user_id = request_var('u', 0);
 		$username = request_var('username', '', true);
 		$notify = (isset($_REQUEST['notify_user'])) ? true : false;
-		$warning = request_var('warning', '', true);
+		$warning = utf8_normalize_nfc(request_var('warning', '', true));
 
 		$sql_where = ($user_id) ? "user_id = $user_id" : "username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
 
@@ -325,7 +325,7 @@ class mcp_warn
 		// Prevent someone from warning themselves
 		if ($user_row['user_id'] == $user->data['user_id'])
 		{
-			trigger_error($user->lang['CANNOT_WARN_SELF']);
+			trigger_error('CANNOT_WARN_SELF');
 		}
 
 		$user_id = $user_row['user_id'];

phpBB/includes/message_parser.php

@@ -116,7 +116,7 @@ class bbcode_firstpass extends bbcode
 			'b'				=> array('bbcode_id' => 1,	'regexp' => array('#\[b\](.*?)\[/b\]#ise' => "\$this->bbcode_strong('\$1')")),
 			'i'				=> array('bbcode_id' => 2,	'regexp' => array('#\[i\](.*?)\[/i\]#ise' => "\$this->bbcode_italic('\$1')")),
 			'url'			=> array('bbcode_id' => 3,	'regexp' => array('#\[url(=(.*))?\](.*)\[/url\]#iUe' => "\$this->validate_url('\$2', '\$3')")),
-			'img'			=> array('bbcode_id' => 4,	'regexp' => array('#\[img\](https?://)([a-z0-9\-\.,\?!%\*_:;~\\&$@/=\+]+)\[/img\]#ie' => "\$this->bbcode_img('\$1\$2')")),
+			'img'			=> array('bbcode_id' => 4,	'regexp' => array('#\[img\](.*)\[/img\]#iUe' => "\$this->bbcode_img('\$1')")),
 			'size'			=> array('bbcode_id' => 5,	'regexp' => array('#\[size=([\-\+]?\d+)\](.*?)\[/size\]#ise' => "\$this->bbcode_size('\$1', '\$2')")),
 			'color'			=> array('bbcode_id' => 6,	'regexp' => array('!\[color=(#[0-9a-f]{6}|[a-z\-]+)\](.*?)\[/color\]!ise' => "\$this->bbcode_color('\$1', '\$2')")),
 			'u'				=> array('bbcode_id' => 7,	'regexp' => array('#\[u\](.*?)\[/u\]#ise' => "\$this->bbcode_underline('\$1')")),
@@ -278,6 +278,20 @@ class bbcode_firstpass extends bbcode
 		$in = trim($in);
 		$error = false;
 
+		$in = str_replace(' ', '%20', $in);
+
+		// Checking urls
+		if (!preg_match('#^' . get_preg_expression('url') . '$#i', $in) && !preg_match('#^' . get_preg_expression('www_url') . '$#i', $in))
+		{
+			return '[img]' . $in . '[/img]';
+		}
+
+		// Try to cope with a common user error... not specifying a protocol but only a subdomain
+		if (!preg_match('#^[a-z0-9]+://#i', $in))
+		{
+			$in = 'http://' . $in;
+		}
+
 		if ($config['max_' . $this->mode . '_img_height'] || $config['max_' . $this->mode . '_img_width'])
 		{
 			$stats = @getimagesize($in);
@@ -1228,6 +1242,11 @@ class parse_message extends bbcode_firstpass
 
 			while ($row = $db->sql_fetchrow($result))
 			{
+				if (empty($row['code']))
+				{
+					continue;
+				}
+
 				// (assertion)
 				$match[] = '(?<=^|[\n .])' . preg_quote($row['code'], '#') . '(?![^<>]*>)';
 				$replace[] = '<!-- s' . $row['code'] . ' --><img src="{SMILIES_PATH}/' . $row['smiley_url'] . '" alt="' . $row['code'] . '" title="' . $row['emotion'] . '" /><!-- s' . $row['code'] . ' -->';
@@ -1496,7 +1515,7 @@ class parse_message extends bbcode_firstpass
 
 		if (sizeof($not_orphan))
 		{
-			trigger_error($user->lang['NO_ACCESS_ATTACHMENT'], E_USER_ERROR);
+			trigger_error('NO_ACCESS_ATTACHMENT', E_USER_ERROR);
 		}
 
 		// Regenerate newly uploaded attachments
@@ -1522,7 +1541,7 @@ class parse_message extends bbcode_firstpass
 
 		if (sizeof($orphan))
 		{
-			trigger_error($user->lang['NO_ACCESS_ATTACHMENT'], E_USER_ERROR);
+			trigger_error('NO_ACCESS_ATTACHMENT', E_USER_ERROR);
 		}
 
 		ksort($this->attachment_data);

phpBB/includes/search/fulltext_mysql.php

@@ -43,7 +43,11 @@ class fulltext_mysql extends search_backend
 
 		if (version_compare(PHP_VERSION, '5.1.0', '>=') || (version_compare(PHP_VERSION, '5.0.0-dev', '<=') && version_compare(PHP_VERSION, '4.4.0', '>=')))
 		{
-			$this->pcre_properties = true;
+			// While this is the proper range of PHP versions, PHP may not be linked with the bundled PCRE lib and instead with an older version
+			if (@preg_match('/\p{L}/u', 'a') !== false)
+			{
+				$this->pcre_properties = true;
+			}
 		}
 
 		if (function_exists('mb_ereg'))
@@ -490,7 +494,7 @@ class fulltext_mysql extends search_backend
 	* @param int $per_page number of ids each page is supposed to contain
 	* @return total number of results
 	*/
-	function author_search($type, &$sort_by_sql, &$sort_key, &$sort_dir, &$sort_days, &$ex_fid_ary, &$m_approve_fid_ary, &$topic_id, &$author_ary, &$id_ary, $start, $per_page)
+	function author_search($type, $firstpost_only, &$sort_by_sql, &$sort_key, &$sort_dir, &$sort_days, &$ex_fid_ary, &$m_approve_fid_ary, &$topic_id, &$author_ary, &$id_ary, $start, $per_page)
 	{
 		global $config, $db;
 
@@ -504,6 +508,7 @@ class fulltext_mysql extends search_backend
 		$search_key = md5(implode('#', array(
 			'',
 			$type,
+			($firstpost_only) ? 'firstpost' : '',
 			'',
 			'',
 			$sort_days,
@@ -528,6 +533,7 @@ class fulltext_mysql extends search_backend
 		$sql_fora		= (sizeof($ex_fid_ary)) ? ' AND ' . $db->sql_in_set('p.forum_id', $ex_fid_ary, true) : '';
 		$sql_topic_id	= ($topic_id) ? ' AND p.topic_id = ' . (int) $topic_id : '';
 		$sql_time		= ($sort_days) ? ' AND p.post_time >= ' . (time() - ($sort_days * 86400)) : '';
+		$sql_firstpost = ($firstpost_only) ? ' AND p.post_id = t.topic_first_post_id' : '';
 
 		// Build sql strings for sorting
 		$sql_sort = $sort_by_sql[$sort_key] . (($sort_dir == 'a') ? ' ASC' : ' DESC');
@@ -570,9 +576,10 @@ class fulltext_mysql extends search_backend
 		if ($type == 'posts')
 		{
 			$sql = "SELECT {$calc_results}p.post_id
-				FROM " . $sql_sort_table . POSTS_TABLE . " p
+				FROM " . $sql_sort_table . POSTS_TABLE . ' p' . (($firstpost_only) ? ', ' . TOPICS_TABLE . ' t ' : ' ') . "
 				WHERE $sql_author
 					$sql_topic_id
+					$sql_firstpost
 					$m_approve_fid_sql
 					$sql_fora
 					$sql_sort_join
@@ -586,6 +593,7 @@ class fulltext_mysql extends search_backend
 				FROM " . $sql_sort_table . TOPICS_TABLE . ' t, ' . POSTS_TABLE . " p
 				WHERE $sql_author
 					$sql_topic_id
+					$sql_firstpost
 					$m_approve_fid_sql
 					$sql_fora
 					AND t.topic_id = p.topic_id

phpBB/includes/search/fulltext_native.php

@@ -744,6 +744,7 @@ class fulltext_native extends search_backend
 	* Performs a search on an author's posts without caring about message contents. Depends on display specific params
 	*
 	* @param	string		$type				contains either posts or topics depending on what should be searched for
+	* @param	boolean		$firstpost_only		if true, only topic starting posts will be considered
 	* @param	array		&$sort_by_sql		contains SQL code for the ORDER BY part of a query
 	* @param	string		&$sort_key			is the key of $sort_by_sql for the selected sorting
 	* @param	string		&$sort_dir			is either a or d representing ASC and DESC
@@ -759,7 +760,7 @@ class fulltext_native extends search_backend
 	*
 	* @access	public
 	*/
-	function author_search($type, &$sort_by_sql, &$sort_key, &$sort_dir, &$sort_days, &$ex_fid_ary, &$m_approve_fid_ary, &$topic_id, &$author_ary, &$id_ary, $start, $per_page)
+	function author_search($type, $firstpost_only, &$sort_by_sql, &$sort_key, &$sort_dir, &$sort_days, &$ex_fid_ary, &$m_approve_fid_ary, &$topic_id, &$author_ary, &$id_ary, $start, $per_page)
 	{
 		global $config, $db;
 
@@ -773,6 +774,7 @@ class fulltext_native extends search_backend
 		$search_key = md5(implode('#', array(
 			'',
 			$type,
+			($firstpost_only) ? 'firstpost' : '',
 			'',
 			'',
 			$sort_days,
@@ -797,6 +799,7 @@ class fulltext_native extends search_backend
 		$sql_fora		= (sizeof($ex_fid_ary)) ? ' AND ' . $db->sql_in_set('p.forum_id', $ex_fid_ary, true) : '';
 		$sql_time		= ($sort_days) ? ' AND p.post_time >= ' . (time() - ($sort_days * 86400)) : '';
 		$sql_topic_id	= ($topic_id) ? ' AND p.topic_id = ' . (int) $topic_id : '';
+		$sql_firstpost = ($firstpost_only) ? ' AND p.post_id = t.topic_first_post_id' : '';
 
 		// Build sql strings for sorting
 		$sql_sort = $sort_by_sql[$sort_key] . (($sort_dir == 'a') ? ' ASC' : ' DESC');
@@ -850,9 +853,10 @@ class fulltext_native extends search_backend
 					if ($type == 'posts')
 					{
 						$sql = 'SELECT COUNT(p.post_id) as total_results
-							FROM ' . POSTS_TABLE . " p
+							FROM ' . POSTS_TABLE . ' p' . (($firstpost_only) ? ', ' . TOPICS_TABLE . ' t ' : ' ') . "
 							WHERE $sql_author
 								$sql_topic_id
+								$sql_firstpost
 								$m_approve_fid_sql
 								$sql_fora
 								$sql_time";
@@ -872,6 +876,7 @@ class fulltext_native extends search_backend
 						$sql .= ' FROM ' . TOPICS_TABLE . ' t, ' . POSTS_TABLE . " p
 							WHERE $sql_author
 								$sql_topic_id
+								$sql_firstpost
 								$m_approve_fid_sql
 								$sql_fora
 								AND t.topic_id = p.topic_id
@@ -894,9 +899,10 @@ class fulltext_native extends search_backend
 		if ($type == 'posts')
 		{
 			$sql = "SELECT $select
-				FROM " . $sql_sort_table . POSTS_TABLE . ' p' . (($topic_id) ? ', ' . TOPICS_TABLE . ' t' : '') . "
+				FROM " . $sql_sort_table . POSTS_TABLE . ' p' . (($topic_id || $firstpost_only) ? ', ' . TOPICS_TABLE . ' t' : '') . "
 				WHERE $sql_author
 					$sql_topic_id
+					$sql_firstpost
 					$m_approve_fid_sql
 					$sql_fora
 					$sql_sort_join
@@ -910,6 +916,7 @@ class fulltext_native extends search_backend
 				FROM " . $sql_sort_table . TOPICS_TABLE . ' t, ' . POSTS_TABLE . " p
 				WHERE $sql_author
 					$sql_topic_id
+					$sql_firstpost
 					$m_approve_fid_sql
 					$sql_fora
 					AND t.topic_id = p.topic_id
@@ -1127,7 +1134,7 @@ class fulltext_native extends search_backend
 
 				foreach ($new_words as $word)
 				{
-					$sql_ary[] = array('word_text' => $word, 'word_count' => 0);
+					$sql_ary[] = array('word_text' => (string) $word, 'word_count' => 0);
 				}
 				$db->sql_return_on_error(true);
 				$db->sql_multi_insert(SEARCH_WORDLIST_TABLE, $sql_ary);
@@ -1176,9 +1183,9 @@ class fulltext_native extends search_backend
 
 			if (sizeof($word_ary))
 			{
-				$sql = 'INSERT INTO ' . SEARCH_WORDMATCH_TABLE . " (post_id, word_id, title_match)
-					SELECT $post_id, word_id, $title_match
-					FROM " . SEARCH_WORDLIST_TABLE . '
+				$sql = 'INSERT INTO ' . SEARCH_WORDMATCH_TABLE . ' (post_id, word_id, title_match)
+					SELECT ' . (int) $post_id . ', word_id, ' . (int) $title_match . '
+					FROM ' . SEARCH_WORDLIST_TABLE . '
 					WHERE ' . $db->sql_in_set('word_text', $word_ary);
 				$db->sql_query($sql);
 

phpBB/includes/session.php

@@ -43,7 +43,7 @@ class session
 		if (!$script_name)
 		{
 			$script_name = (!empty($_SERVER['REQUEST_URI'])) ? $_SERVER['REQUEST_URI'] : getenv('REQUEST_URI');
-			$script_name = (($pos = strpos($script_name, '?')) !== false) ? substr($script_name, 0, strpos($script_name, '?')) : $script_name;
+			$script_name = (($pos = strpos($script_name, '?')) !== false) ? substr($script_name, 0, $pos) : $script_name;
 			$page_array['failover'] = 1;
 		}
 
@@ -122,7 +122,7 @@ class session
 	*
 	* This is where all session activity begins. We gather various pieces of
 	* information from the client and server. We test to see if a session already
-	* exists. If it does, fine and dandy. If it doesn't we'll go on to create a 
+	* exists. If it does, fine and dandy. If it doesn't we'll go on to create a
 	* new one ... pretty logical heh? We also examine the system load (if we're
 	* running on a system which makes such information readily available) and
 	* halt if it's above an admin definable limit.
@@ -132,7 +132,7 @@ class session
 	*/
 	function session_begin($update_session_page = true)
 	{
-		global $phpEx, $SID, $_SID, $db, $config, $phpbb_root_path;
+		global $phpEx, $SID, $_SID, $_EXTRA_URL, $db, $config, $phpbb_root_path;
 
 		// Give us some basic information
 		$this->time_now				= time();
@@ -193,6 +193,8 @@ class session
 			$SID = '?sid=' . $this->session_id;
 		}
 
+		$_EXTRA_URL = array();
+
 		// Why no forwarded_for et al? Well, too easily spoofed. With the results of my recent requests
 		// it's pretty clear that in the majority of cases you'll at least be left with a proxy/cache ip.
 		$this->ip = (!empty($_SERVER['REMOTE_ADDR'])) ? htmlspecialchars($_SERVER['REMOTE_ADDR']) : '';
@@ -301,6 +303,7 @@ class session
 
 						$this->data['is_registered'] = ($this->data['user_id'] != ANONYMOUS && ($this->data['user_type'] == USER_NORMAL || $this->data['user_type'] == USER_FOUNDER)) ? true : false;
 						$this->data['is_bot'] = (!$this->data['is_registered'] && $this->data['user_id'] != ANONYMOUS) ? true : false;
+						$this->data['user_lang'] = basename($this->data['user_lang']);
 
 						return true;
 					}
@@ -308,7 +311,7 @@ class session
 				else
 				{
 					// Added logging temporarly to help debug bugs...
-					if (defined('DEBUG_EXTRA'))
+					if (defined('DEBUG_EXTRA') && $this->data['user_id'] != ANONYMOUS)
 					{
 						add_log('critical', 'LOG_IP_BROWSER_FORWARDED_CHECK', $u_ip, $s_ip, $u_browser, $s_browser, htmlspecialchars($u_forwarded_for), htmlspecialchars($s_forwarded_for));
 					}
@@ -319,7 +322,7 @@ class session
 		// If we reach here then no (valid) session exists. So we'll create a new one
 		return $this->session_create();
 	}
-	
+
 	/**
 	* Create a new session
 	*
@@ -354,7 +357,7 @@ class session
 		* check. We loop through the list of bots defined by the admin and
 		* see if we have any useragent and/or IP matches. If we do, this is a
 		* bot, act accordingly
-		*/		
+		*/
 		$bot = false;
 		$active_bots = $cache->obtain_bots();
 
@@ -406,7 +409,7 @@ class session
 		// Else if we've been passed a user_id we'll grab data based on that
 		if (isset($this->cookie_data['k']) && $this->cookie_data['k'] && $this->cookie_data['u'] && !sizeof($this->data))
 		{
-			$sql = 'SELECT u.* 
+			$sql = 'SELECT u.*
 				FROM ' . USERS_TABLE . ' u, ' . SESSIONS_KEYS_TABLE . ' k
 				WHERE u.user_id = ' . (int) $this->cookie_data['u'] . '
 					AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ")
@@ -431,7 +434,7 @@ class session
 			$db->sql_freeresult($result);
 			$bot = false;
 		}
-	
+
 		// If no data was returned one or more of the following occurred:
 		// Key didn't match one in the DB
 		// User does not exist
@@ -564,7 +567,7 @@ class session
 			'session_start'			=> (int) $this->time_now,
 			'session_last_visit'	=> (int) $this->data['session_last_visit'],
 			'session_time'			=> (int) $this->time_now,
-			'session_browser'		=> (string) $this->browser,
+			'session_browser'		=> (string) substr($this->browser, 0, 149),
 			'session_forwarded_for'	=> (string) $this->forwarded_for,
 			'session_ip'			=> (string) $this->ip,
 			'session_autologin'		=> ($session_autologin) ? 1 : 0,
@@ -587,7 +590,7 @@ class session
 		if (!defined('IN_ERROR_HANDLER') && (!$this->session_id || !$db->sql_query($sql) || !$db->sql_affectedrows()))
 		{
 			// Limit new sessions in 1 minute period (if required)
-			if ((!isset($this->data['session_time']) || !$this->data['session_time']) && $config['active_sessions'])
+			if (empty($this->data['session_time']) && $config['active_sessions'])
 			{
 				$sql = 'SELECT COUNT(session_id) AS sessions
 					FROM ' . SESSIONS_TABLE . '
@@ -648,7 +651,7 @@ class session
 			$SID = '?sid=';
 			$_SID = '';
 		}
-		
+
 		return true;
 	}
 
@@ -676,7 +679,7 @@ class session
 		$method = 'logout_' . $method;
 		if (function_exists($method))
 		{
-			$method($this->data);
+			$method($this->data, $new_session);
 		}
 
 		if ($this->data['user_id'] != ANONYMOUS)
@@ -823,7 +826,7 @@ class session
 	*
 	* Checks whether the supplied user is banned by id, ip or email. If no parameters
 	* are passed to the method pre-existing session data is used. If $return is false
-	* this routine does not return on finding a banned user, it outputs a relevant 
+	* this routine does not return on finding a banned user, it outputs a relevant
 	* message and stops execution.
 	*
 	* @param string|array	$user_ips	Can contain a string with one IP or an array of multiple IPs
@@ -976,8 +979,6 @@ class session
 				$this->session_create(ANONYMOUS);
 			}
 
-			// Because we never have a fully working session we need to embed the style
-			$template->assign_var('S_FORCE_EMBED_STYLE', true);
 
 			// Determine which message to output
 			$till_date = ($ban_row['ban_end']) ? $this->format_date($ban_row['ban_end']) : '';
@@ -1157,7 +1158,7 @@ class session
 		$sql_where = 'session_user_id = ' . (int) $user_id;
 		$sql_where .= ($user_id === $this->data['user_id']) ? " AND session_id <> '" . $db->sql_escape($this->session_id) . "'" : '';
 
-		$sql = 'DELETE FROM ' . SESSIONS_TABLE . " 
+		$sql = 'DELETE FROM ' . SESSIONS_TABLE . "
 			WHERE $sql_where";
 		$db->sql_query($sql);
 
@@ -1206,8 +1207,8 @@ class user extends session
 
 		if ($this->data['user_id'] != ANONYMOUS)
 		{
-			$this->lang_name = (file_exists($phpbb_root_path . 'language/' . $this->data['user_lang'] . "/common.$phpEx")) ? $this->data['user_lang'] : $config['default_lang'];
-			$this->lang_path = $phpbb_root_path . 'language/' . basename($this->lang_name) . '/';
+			$this->lang_name = (file_exists($phpbb_root_path . 'language/' . $this->data['user_lang'] . "/common.$phpEx")) ? $this->data['user_lang'] : basename($config['default_lang']);
+			$this->lang_path = $phpbb_root_path . 'language/' . $this->lang_name . '/';
 
 			$this->date_format = $this->data['user_dateformat'];
 			$this->timezone = $this->data['user_timezone'] * 3600;
@@ -1215,8 +1216,8 @@ class user extends session
 		}
 		else
 		{
-			$this->lang_name = $config['default_lang'];
-			$this->lang_path = $phpbb_root_path . 'language/' . basename($this->lang_name) . '/';
+			$this->lang_name = basename($config['default_lang']);
+			$this->lang_path = $phpbb_root_path . 'language/' . $this->lang_name . '/';
 			$this->date_format = $config['default_dateformat'];
 			$this->timezone = $config['board_timezone'] * 3600;
 			$this->dst = $config['board_dst'] * 3600;
@@ -1262,9 +1263,10 @@ class user extends session
 
 		// We include common language file here to not load it every time a custom language file is included
 		$lang = &$this->lang;
-		if ((include $this->lang_path . "common.$phpEx") === false)
+
+		if ((@include $this->lang_path . "common.$phpEx") === false)
 		{
-			die("Language file " . $this->lang_path . "common.$phpEx" . " couldn't be opened.");
+			die('Language file ' . $this->lang_name . "/common.$phpEx" . " couldn't be opened.");
 		}
 
 		$this->add_lang($lang_set);
@@ -1284,7 +1286,7 @@ class user extends session
 			$style = ($style) ? $style : ((!$config['override_user_style'] && $this->data['user_id'] != ANONYMOUS) ? $this->data['user_style'] : $config['default_style']);
 		}
 
-		$sql = 'SELECT s.style_id, t.*, c.*, i.*
+		$sql = 'SELECT s.style_id, t.template_storedb, t.template_path, t.template_id, t.bbcode_bitfield, c.theme_path, c.theme_name, c.theme_storedb, c.theme_id, i.imageset_path, i.imageset_id, i.imageset_name
 			FROM ' . STYLES_TABLE . ' s, ' . STYLES_TEMPLATE_TABLE . ' t, ' . STYLES_THEME_TABLE . ' c, ' . STYLES_IMAGESET_TABLE . " i
 			WHERE s.style_id = $style
 				AND t.template_id = s.template_id
@@ -1299,12 +1301,12 @@ class user extends session
 		{
 			$style = $this->data['user_style'] = $config['default_style'];
 
-			$sql = 'UPDATE ' . USERS_TABLE . " 
-				SET user_style = $style 
+			$sql = 'UPDATE ' . USERS_TABLE . "
+				SET user_style = $style
 				WHERE user_id = {$this->data['user_id']}";
 			$db->sql_query($sql);
 
-			$sql = 'SELECT s.style_id, t.*, c.*, i.*
+			$sql = 'SELECT s.style_id, t.template_storedb, t.template_path, t.template_id, t.bbcode_bitfield, c.theme_path, c.theme_name, c.theme_storedb, c.theme_id, i.imageset_path, i.imageset_id, i.imageset_name
 				FROM ' . STYLES_TABLE . ' s, ' . STYLES_TEMPLATE_TABLE . ' t, ' . STYLES_THEME_TABLE . ' c, ' . STYLES_IMAGESET_TABLE . " i
 				WHERE s.style_id = $style
 					AND t.template_id = s.template_id
@@ -1353,7 +1355,7 @@ class user extends session
 			// Match CSS imports
 			$matches = array();
 			preg_match_all('/@import url\(["\'](.*)["\']\);/i', $stylesheet, $matches);
-	
+
 			if (sizeof($matches))
 			{
 				$content = '';
@@ -1392,7 +1394,7 @@ class user extends session
 
 		$this->img_lang = (file_exists($phpbb_root_path . 'styles/' . $this->theme['imageset_path'] . '/imageset/' . $this->lang_name)) ? $this->lang_name : $config['default_lang'];
 
-		$sql = 'SELECT *
+		$sql = 'SELECT image_name, image_filename, image_lang, image_height, image_width
 			FROM ' . STYLES_IMAGESET_DATA_TABLE . '
 			WHERE imageset_id = ' . $this->theme['imageset_id'] . "
 			AND image_lang IN('" . $db->sql_escape($this->img_lang) . "', '')";
@@ -1405,6 +1407,7 @@ class user extends session
 			{
 				$localised_images = true;
 			}
+
 			$this->img_array[$row['image_name']] = $row;
 		}
 		$db->sql_freeresult($result);
@@ -1415,9 +1418,9 @@ class user extends session
 			// Attention: this code ignores the image definition list from acp_styles and just takes everything
 			// that the config file contains
 			$sql_ary = array();
-	
+
 			$db->sql_transaction('begin');
-	
+
 			$sql = 'DELETE FROM ' . STYLES_IMAGESET_DATA_TABLE . '
 				WHERE imageset_id = ' . $this->theme['imageset_id'] . '
 					AND image_lang = \'' . $db->sql_escape($this->img_lang) . '\'';
@@ -1450,24 +1453,30 @@ class user extends session
 					{
 						$image_name = substr($image_name, 4);
 						$sql_ary[] = array(
-							'image_name'		=> $image_name,
-							'image_filename'	=> $image_filename,
-							'image_height'		=> $image_height,
-							'image_width'		=> $image_width,
-							'imageset_id'		=> $this->theme['imageset_id'],
-							'image_lang'		=> $this->img_lang,
+							'image_name'		=> (string) $image_name,
+							'image_filename'	=> (string) $image_filename,
+							'image_height'		=> (int) $image_height,
+							'image_width'		=> (int) $image_width,
+							'imageset_id'		=> (int) $this->theme['imageset_id'],
+							'image_lang'		=> (string) $this->img_lang,
 						);
 					}
 				}
 			}
-	
-			$db->sql_multi_insert(STYLES_IMAGESET_DATA_TABLE, $sql_ary);
-	
-			$db->sql_transaction('commit');
-	
-			$cache->destroy('sql', STYLES_IMAGESET_DATA_TABLE);
-	
-			add_log('admin', 'LOG_IMAGESET_REFRESHED', $this->theme['imageset_name'], $this->img_lang);
+
+			if (sizeof($sql_ary))
+			{
+				$db->sql_multi_insert(STYLES_IMAGESET_DATA_TABLE, $sql_ary);
+				$db->sql_transaction('commit');
+				$cache->destroy('sql', STYLES_IMAGESET_DATA_TABLE);
+
+				add_log('admin', 'LOG_IMAGESET_LANG_REFRESHED', $this->theme['imageset_name'], $this->img_lang);
+			}
+			else
+			{
+				$db->sql_transaction('commit');
+				add_log('admin', 'LOG_IMAGESET_LANG_MISSING', $this->theme['imageset_name'], $this->img_lang);
+			}
 		}
 
 		// If this function got called from the error handler we are finished here.
@@ -1504,13 +1513,19 @@ class user extends session
 		// Is load exceeded?
 		if ($config['limit_load'] && $this->load !== false)
 		{
-			if ($this->load > floatval($config['limit_load']) && !defined('IN_LOGIN') && !$auth->acl_gets('a_', 'm_') && !$auth->acl_getf_global('m_'))
+			if ($this->load > floatval($config['limit_load']) && !defined('IN_LOGIN'))
 			{
-				header('HTTP/1.1 503 Service Unavailable');
-				trigger_error('BOARD_UNAVAILABLE');
+				// Set board disabled to true to let the admins/mods get the proper notification
+				$config['board_disable'] = '1';
+
+				if (!$auth->acl_gets('a_', 'm_') && !$auth->acl_getf_global('m_'))
+				{
+					header('HTTP/1.1 503 Service Unavailable');
+					trigger_error('BOARD_UNAVAILABLE');
+				}
 			}
 		}
-		
+
 		if (isset($this->data['session_viewonline']))
 		{
 			// Make sure the user is able to hide his session
@@ -1637,9 +1652,9 @@ class user extends session
 				$language_filename = $this->lang_path . (($use_help) ? 'help_' : '') . $lang_file . '.' . $phpEx;
 			}
 
-			if ((include($language_filename)) === false)
+			if ((@include $language_filename) === false)
 			{
-				trigger_error("Language file $language_filename couldn't be opened.", E_USER_ERROR);
+				trigger_error('Language file ' . basename($language_filename) . ' couldn\'t be opened.', E_USER_ERROR);
 			}
 		}
 		else if ($use_db)
@@ -1776,7 +1791,7 @@ class user extends session
 			case 'src':
 				return $img_data['src'];
 			break;
-			
+
 			case 'width':
 				return ($width === false) ? $img_data['width'] : $width;
 			break;