Tag 3.0.2 RC1

git-svn-id: file:///svn/phpbb/tags/release_3_0_2-RC1@8658 89ea8834-ac86-4346-8a33-228a782c2dd0

phpBB/adm/index.php

@@ -45,8 +45,8 @@ define('IN_ADMIN', true);
 $phpbb_admin_path = (defined('PHPBB_ADMIN_PATH')) ? PHPBB_ADMIN_PATH : './';
 
 // Some oft used variables
-$safe_mode		= (@ini_get('safe_mode') || @strtolower(ini_get('safe_mode')) == 'on') ? true : false;
-$file_uploads	= (@ini_get('file_uploads') || strtolower(@ini_get('file_uploads')) == 'on') ? true : false;
+$safe_mode		= (@ini_get('safe_mode') == '1' || strtolower(@ini_get('safe_mode')) === 'on') ? true : false;
+$file_uploads	= (@ini_get('file_uploads') == '1' || strtolower(@ini_get('file_uploads')) === 'on') ? true : false;
 $module_id		= request_var('i', '');
 $mode			= request_var('mode', '');
 
@@ -77,8 +77,8 @@ $module->load_active();
 adm_page_header($module->get_page_title());
 
 $template->set_filenames(array(
-	'body' => $module->get_tpl_name())
-);
+	'body' => $module->get_tpl_name(),
+));
 
 adm_page_footer();
 
@@ -116,6 +116,7 @@ function adm_page_header($page_title)
 		'ROOT_PATH'				=> $phpbb_admin_path,
 
 		'U_LOGOUT'				=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=logout'),
+		'U_ADM_LOGOUT'			=> append_sid("{$phpbb_admin_path}index.$phpEx", 'action=admlogout'),
 		'U_ADM_INDEX'			=> append_sid("{$phpbb_admin_path}index.$phpEx"),
 		'U_INDEX'				=> append_sid("{$phpbb_root_path}index.$phpEx"),
 
@@ -184,7 +185,7 @@ function adm_page_footer($copyright_html = true)
 				{
 					global $base_memory_usage;
 					$memory_usage -= $base_memory_usage;
-					$memory_usage = ($memory_usage >= 1048576) ? round((round($memory_usage / 1048576 * 100) / 100), 2) . ' ' . $user->lang['MB'] : (($memory_usage >= 1024) ? round((round($memory_usage / 1024 * 100) / 100), 2) . ' ' . $user->lang['KB'] : $memory_usage . ' ' . $user->lang['BYTES']);
+					$memory_usage = get_formatted_filesize($memory_usage);
 
 					$debug_output .= ' | Memory Usage: ' . $memory_usage;
 				}
@@ -367,33 +368,64 @@ function build_cfg_template($tpl_type, $key, &$new, $config_key, $vars)
 }
 
 /**
-* Going through a config array and validate values, writing errors to $error.
+* Going through a config array and validate values, writing errors to $error. The validation method  accepts parameters separated by ':' for string and int.
+* The first parameter defines the type to be used, the second the lower bound and the third the upper bound. Only the type is required.
 */
 function validate_config_vars($config_vars, &$cfg_array, &$error)
 {
 	global $phpbb_root_path, $user;
-
+	$type	= 0;
+	$min	= 1;
+	$max	= 2;
+	
 	foreach ($config_vars as $config_name => $config_definition)
 	{
 		if (!isset($cfg_array[$config_name]) || strpos($config_name, 'legend') !== false)
 		{
 			continue;
 		}
-
+	
 		if (!isset($config_definition['validate']))
 		{
 			continue;
 		}
+		
+		$validator = explode(':', $config_definition['validate']);
 
-		// Validate a bit. ;) String is already checked through request_var(), therefore we do not check this again
-		switch ($config_definition['validate'])
+		// Validate a bit. ;) (0 = type, 1 = min, 2= max)
+		switch ($validator[$type])
 		{
+			case 'string':
+				$length = strlen($cfg_array[$config_name]);
+
+				// the column is a VARCHAR
+				$validator[$max] = (isset($validator[$max])) ? min(255, $validator[$max]) : 255;
+
+				if (isset($validator[$min]) && $length < $validator[$min])
+				{
+					$error[] = sprintf($user->lang['SETTING_TOO_SHORT'], $user->lang[$config_definition['lang']], $validator[$min]);
+				}
+				else if (isset($validator[$max]) && $length > $validator[2])
+				{
+					$error[] = sprintf($user->lang['SETTING_TOO_LONG'], $user->lang[$config_definition['lang']], $validator[$max]);
+				}
+			break;
+
 			case 'bool':
 				$cfg_array[$config_name] = ($cfg_array[$config_name]) ? 1 : 0;
 			break;
 
 			case 'int':
 				$cfg_array[$config_name] = (int) $cfg_array[$config_name];
+
+				if (isset($validator[$min]) && $cfg_array[$config_name] < $validator[$min])
+				{
+					$error[] = sprintf($user->lang['SETTING_TOO_LOW'], $user->lang[$config_definition['lang']], $validator[$min]);
+				}
+				else if (isset($validator[$max]) && $cfg_array[$config_name] > $validator[$max])
+				{
+					$error[] = sprintf($user->lang['SETTING_TOO_BIG'], $user->lang[$config_definition['lang']], $validator[$max]);
+				}
 			break;
 
 			// Absolute path
@@ -508,4 +540,62 @@ function validate_config_vars($config_vars, &$cfg_array, &$error)
 	return;
 }
 
+/**
+* Checks whatever or not a variable is OK for use in the Database
+* param mixed $value_ary An array of the form array(array('lang' => ..., 'value' => ..., 'column_type' =>))'
+* param mixed $error The error array
+*/
+function validate_range($value_ary, &$error)
+{
+	global $user;
+	
+	$column_types = array(
+		'BOOL'	=> array('php_type' => 'int', 		'min' => 0, 				'max' => 1),
+		'USINT'	=> array('php_type' => 'int',		'min' => 0, 				'max' => 65535),
+		'UINT'	=> array('php_type' => 'int', 		'min' => 0, 				'max' => (int) 0x7fffffff),
+		'INT'	=> array('php_type' => 'int', 		'min' => (int) 0x80000000, 	'max' => (int) 0x7fffffff),
+		'TINT'	=> array('php_type' => 'int',		'min' => -128,				'max' => 127),
+		
+		'VCHAR'	=> array('php_type' => 'string', 	'min' => 0, 				'max' => 255),
+	);
+	foreach ($value_ary as $value)
+	{
+		$column = explode(':', $value['column_type']);
+		$max = $min = 0;
+		$type = 0;
+		if (!isset($column_types[$column[0]]))
+		{
+			continue;
+		}
+		else
+		{
+			$type = $column_types[$column[0]];
+		}
+
+		switch ($type['php_type'])
+		{
+			case 'string' :
+				$max = (isset($column[1])) ? min($column[1],$type['max']) : $type['max'];
+				if (strlen($value['value']) > $max)
+				{
+					$error[] = sprintf($user->lang['SETTING_TOO_LONG'], $user->lang[$value['lang']], $max);
+				}
+			break;
+
+			case 'int': 
+				$min = (isset($column[1])) ? max($column[1],$type['min']) : $type['min'];
+				$max = (isset($column[2])) ? min($column[2],$type['max']) : $type['max'];
+				if ($value['value'] < $min)
+				{
+					$error[] = sprintf($user->lang['SETTING_TOO_LOW'], $user->lang[$value['lang']], $min);
+				}
+				else if ($value['value'] > $max)
+				{
+					$error[] = sprintf($user->lang['SETTING_TOO_BIG'], $user->lang[$value['lang']], $max);
+				}
+			break;
+		}
+	}
+}
+
 ?>

phpBB/adm/style/acp_attachments.html

@@ -109,8 +109,8 @@
 	<!-- ELSE -->
 		<p>{L_NO_IPS_DEFINED}</p>
 	<!-- ENDIF -->
-	</fieldset>
 	{S_FORM_TOKEN}
+	</fieldset>
 	</form>
 
 <!-- ELSEIF S_EXTENSION_GROUPS -->
@@ -122,11 +122,11 @@
 			{
 				if (newimage == 'no_image')
 				{
-					document.image_upload_icon.src = "{PHPBB_ROOT_PATH}images/spacer.gif";
+					document.getElementById('image_upload_icon').src = "{PHPBB_ROOT_PATH}images/spacer.gif";
 				}
 				else
 				{
-					document.image_upload_icon.src = "{PHPBB_ROOT_PATH}{IMG_PATH}/" + newimage;
+					document.getElementById('image_upload_icon').src = "{PHPBB_ROOT_PATH}{IMG_PATH}/" + newimage;
 				}
 			}
 
@@ -192,7 +192,7 @@
 			<dd><select name="upload_icon" id="upload_icon" onchange="update_image(this.options[selectedIndex].value);">
 					<option value="no_image"<!-- IF S_NO_IMAGE --> selected="selected"<!-- ENDIF -->>{L_NO_IMAGE}</option>{S_FILENAME_LIST}
 			</select></dd>
-			<dd>&nbsp;<img <!-- IF S_NO_IMAGE -->src="{PHPBB_ROOT_PATH}images/spacer.gif"<!-- ELSE -->src="{UPLOAD_ICON_SRC}"<!-- ENDIF --> name="image_upload_icon" alt="" title="" />&nbsp;</dd>
+			<dd>&nbsp;<img <!-- IF S_NO_IMAGE -->src="{PHPBB_ROOT_PATH}images/spacer.gif"<!-- ELSE -->src="{UPLOAD_ICON_SRC}"<!-- ENDIF --> id="image_upload_icon" alt="" title="" />&nbsp;</dd>
 		</dl>
 		<dl>
 			<dt><label for="extgroup_filesize">{L_MAX_EXTGROUP_FILESIZE}:</label></dt>
@@ -214,9 +214,9 @@
 			<input class="button1" type="submit" id="submit" name="submit" value="{L_SUBMIT}" />&nbsp;
 			<input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" />
 		</p>
-
-		</fieldset>
 		{S_FORM_TOKEN}
+		</fieldset>
+
 		</form>
 	<!-- ELSE -->
 
@@ -257,8 +257,8 @@
 				{L_CREATE_GROUP}: <input type="text" name="group_name" maxlength="30" />
 				<input class="button2" name="add" type="submit" value="{L_SUBMIT}" />
 		</p>
-		</fieldset>
 		{S_FORM_TOKEN}
+		</fieldset>
 		</form>
 
 	<!-- ENDIF -->
@@ -280,8 +280,8 @@
 	<p class="quick">
 		<input type="submit" id="add_extension_check" name="add_extension_check" class="button2" value="{L_SUBMIT}" />
 	</p>
-	</fieldset>
 	{S_FORM_TOKEN}
+	</fieldset>
 	</form>
 
 	<br />
@@ -320,8 +320,8 @@
 		<input class="button1" type="submit" id="submit" name="submit" value="{L_SUBMIT}" />&nbsp;
 		<input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" />
 	</p>
-	</fieldset>
 	{S_FORM_TOKEN}
+	</fieldset>
 	</form>
 
 <!-- ELSEIF S_ORPHAN -->
@@ -367,11 +367,10 @@
 		<input class="button1" type="submit" id="submit" name="submit" value="{L_SUBMIT}" />&nbsp;
 		<input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" />
 	</p>
-
-	</fieldset>
 	{S_FORM_TOKEN}
+	</fieldset>
 	</form>
 
 <!-- ENDIF -->
 
-<!-- INCLUDE overall_footer.html -->
+<!-- INCLUDE overall_footer.html -->

phpBB/adm/style/acp_ban.html

@@ -71,9 +71,8 @@
 	<input class="button1" type="submit" id="bansubmit" name="bansubmit" value="{L_SUBMIT}" />&nbsp;
 	<input class="button2" type="reset" id="banreset" name="banreset" value="{L_RESET}" />
 </p>
-
+{S_FORM_TOKEN}
 </fieldset>
-
 </form>
 
 <br /><br />
@@ -109,15 +108,17 @@
 		<input class="button1" type="submit" id="unbansubmit" name="unbansubmit" value="{L_SUBMIT}" />&nbsp;
 		<input class="button2" type="reset" id="unbanreset" name="unbanreset" value="{L_RESET}" />
 	</p>
+	{S_FORM_TOKEN}
 	</fieldset>
 
 <!-- ELSE -->
 
 	<p>{L_NO_BAN_CELL}</p>
+	{S_FORM_TOKEN}
 </fieldset>
 
 <!-- ENDIF -->
 
 </form>
 
-<!-- INCLUDE overall_footer.html -->
+<!-- INCLUDE overall_footer.html -->

phpBB/adm/style/acp_bbcodes.html

@@ -51,6 +51,7 @@
 		<legend>{L_SUBMIT}</legend>
 		<input class="button1" type="submit" id="submit" name="submit" value="{L_SUBMIT}" />&nbsp;
 		<input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" />
+		{S_FORM_TOKEN}
 	</fieldset>
 	
 	<br />
@@ -77,7 +78,6 @@
 	<!-- END token -->
 	</tbody>
 	</table>
-	{S_FORM_TOKEN}
 	</form>
 
 <!-- ELSE -->
@@ -103,6 +103,10 @@
 			<td style="text-align: center;">{bbcodes.BBCODE_TAG}</td>
 			<td style="text-align: right; width: 40px;"><a href="{bbcodes.U_EDIT}">{ICON_EDIT}</a> <a href="{bbcodes.U_DELETE}">{ICON_DELETE}</a></td>
 		</tr>
+	<!-- BEGINELSE -->
+		<tr class="row3">
+			<td colspan="2">{L_ACP_NO_ITEMS}</td>
+		</tr>
 	<!-- END bbcodes -->
 	</tbody>
 	</table>
@@ -110,8 +114,9 @@
 	<p class="quick">
 		<input class="button2" name="submit" type="submit" value="{L_ADD_BBCODE}" />
 	</p>
+	{S_FORM_TOKEN}
 	</fieldset>
-{S_FORM_TOKEN}
+
 	</form>
 
 <!-- ENDIF -->

phpBB/adm/style/acp_board.html

@@ -42,10 +42,8 @@
 		<input class="button1" type="submit" id="submit" name="submit" value="{L_SUBMIT}" />&nbsp;
 		<input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" />
 	</p>
-
+	{S_FORM_TOKEN}
 </fieldset>
-
-{S_FORM_TOKEN}
 </form>
 
 <!-- INCLUDE overall_footer.html -->

phpBB/adm/style/acp_bots.html

@@ -49,9 +49,9 @@
 	<p class="submit-buttons">
 		<input class="button1" type="submit" id="submit" name="submit" value="{L_SUBMIT}" />&nbsp;
 		<input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" />
+		{S_FORM_TOKEN}
 	</p>
 	</fieldset>
-	{S_FORM_TOKEN}
 	</form>
 
 <!-- ELSE -->
@@ -93,8 +93,8 @@
 		<select name="action">{S_BOT_OPTIONS}</select>
 		<input class="button2" name="submit" type="submit" value="{L_SUBMIT}" />
 		<p class="small"><a href="#" onclick="marklist('acp_bots', 'mark', true);">{L_MARK_ALL}</a> &bull; <a href="#" onclick="marklist('acp_bots', 'mark', false);">{L_UNMARK_ALL}</a></p>
+		{S_FORM_TOKEN}
 	</fieldset>
-	{S_FORM_TOKEN}
 	</form>
 
 <!-- ENDIF -->

phpBB/adm/style/acp_captcha.html

@@ -63,8 +63,8 @@
 	<input class="button1" type="submit" id="submit" name="submit" value="{L_SUBMIT}" />&nbsp;
 	<input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" />&nbsp;
 	<input class="button2" type="submit" id="preview" name="preview" value="{L_PREVIEW}" />
+	{S_FORM_TOKEN}
 </fieldset>
-{S_FORM_TOKEN}
 </form>
 
 <!-- INCLUDE overall_footer.html -->

phpBB/adm/style/acp_database.html

@@ -7,8 +7,9 @@
 
 	<p>{L_ACP_RESTORE_EXPLAIN}</p>
 
+	<!-- IF .files -->
 	<form id="acp_backup" method="post" action="{U_ACTION}">
-	
+
 	<fieldset>
 		<legend>{L_RESTORE_OPTIONS}</legend>
 	<dl>
@@ -16,17 +17,19 @@
 		<dd><select id="file" name="file" size="10"><!-- BEGIN files --><option value="{files.FILE}"<!-- IF files.S_LAST_ROW --> selected="selected"<!-- ENDIF -->>{files.NAME}</option><!-- END files --></select></dd>
 	</dl>
 
-	<!-- IF .files -->
-		<p class="submit-buttons">
-			<input class="button1" type="submit" id="submit" name="submit" value="{L_START_RESTORE}" />&nbsp;
-			<input class="button2" type="submit" id="delete" name="delete" value="{L_DELETE_BACKUP}" />&nbsp;
-			<input class="button2" type="submit" id="download" name="download" value="{L_DOWNLOAD_BACKUP}" />
-		</p>
-	<!-- ENDIF -->
-
-	</fieldset>
+	<p class="submit-buttons">
+		<input class="button1" type="submit" id="submit" name="submit" value="{L_START_RESTORE}" />&nbsp;
+		<input class="button2" type="submit" id="delete" name="delete" value="{L_DELETE_BACKUP}" />&nbsp;
+		<input class="button2" type="submit" id="download" name="download" value="{L_DOWNLOAD_BACKUP}" />
+	</p>
 	{S_FORM_TOKEN}
+	</fieldset>
 	</form>
+	<!-- ELSE -->
+		<div class="errorbox">
+			<p>{L_ACP_NO_ITEMS}</p>
+		</div>
+	<!-- ENDIF -->
 
 <!-- ELSE -->
 	<h1>{L_ACP_BACKUP}</h1>
@@ -78,15 +81,15 @@
 			<option value="{tables.TABLE}">{tables.TABLE}</option>
 		<!-- END tables -->
 		</select></dd>
-		<dd><a href="#" onclick="selector(true)">{L_SELECT_ALL}</a> :: <a href="#" onclick="selector(false)">{L_DESELECT_ALL}</a></dd>
+		<dd><a href="#" onclick="selector(true); return false;">{L_SELECT_ALL}</a> :: <a href="#" onclick="selector(false); return false;">{L_DESELECT_ALL}</a></dd>
 	</dl>
 
 	<p class="submit-buttons">
 		<input class="button1" type="submit" id="submit" name="submit" value="{L_SUBMIT}" />&nbsp;
 		<input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" />
 	</p>
-	</fieldset>
 	{S_FORM_TOKEN}
+	</fieldset>
 	</form>
 
 <!-- ENDIF -->

phpBB/adm/style/acp_disallow.html

@@ -38,8 +38,8 @@
 <!-- ELSE -->
 	<p>{L_NO_DISALLOWED}</p>
 <!-- ENDIF -->
+	{S_FORM_TOKEN}
 </fieldset>
-{S_FORM_TOKEN}
 </form>
 
 <!-- INCLUDE overall_footer.html -->

phpBB/adm/style/acp_email.html

@@ -47,8 +47,8 @@
 	<input class="button1" type="submit" id="submit" name="submit" value="{L_EMAIL}" />&nbsp;
 	<input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" />
 </p>
-</fieldset>
 {S_FORM_TOKEN}
+</fieldset>
 </form>
 
 <!-- INCLUDE overall_footer.html -->

phpBB/adm/style/acp_forums.html

@@ -96,7 +96,7 @@
 
 	<a href="{U_BACK}" style="float: {S_CONTENT_FLOW_END};">&laquo; {L_BACK}</a>
 
-	<h1>{L_TITLE} :: {FORUM_NAME}</h1>
+	<h1>{L_TITLE} <!-- IF FORUM_NAME -->:: {FORUM_NAME}<!-- ENDIF --></h1>
 
 	<p>{L_FORUM_EDIT_EXPLAIN}</p>
 
@@ -202,6 +202,11 @@
 			<dt><label for="forum_status">{L_FORUM_STATUS}:</label></dt>
 			<dd><select id="forum_status" name="forum_status">{S_STATUS_OPTIONS}</select></dd>
 		</dl>
+		<dl>
+			<dt><label for="display_subforum_list">{L_LIST_SUBFORUMS}:</label><br /><span>{L_LIST_SUBFORUMS_EXPLAIN}</span></dt>
+			<dd><label><input type="radio" class="radio" name="display_subforum_list" value="1"<!-- IF S_DISPLAY_SUBFORUM_LIST --> id="display_subforum_list" checked="checked"<!-- ENDIF --> /> {L_YES}</label>
+				<label><input type="radio" class="radio" name="display_subforum_list" value="0"<!-- IF not S_DISPLAY_SUBFORUM_LIST --> id="display_subforum_list" checked="checked"<!-- ENDIF --> /> {L_NO}</label></dd>
+		</dl>
 		<dl>
 			<dt><label for="display_on_index">{L_LIST_INDEX}:</label><br /><span>{L_LIST_INDEX_EXPLAIN}</span></dt>
 			<dd><label><input type="radio" class="radio" name="display_on_index" value="1"<!-- IF S_DISPLAY_ON_INDEX --> id="display_on_index" checked="checked"<!-- ENDIF --> /> {L_YES}</label>
@@ -317,8 +322,8 @@
 		<legend>{L_SUBMIT}</legend>
 		<input class="button1" type="submit" id="submit" name="update" value="{L_SUBMIT}" />&nbsp;
 		<input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" />
+		{S_FORM_TOKEN}
 	</fieldset>
-	{S_FORM_TOKEN}
 	</form>
 
 <!-- ELSEIF S_DELETE_FORUM -->
@@ -366,8 +371,8 @@
 	<p class="quick">
 		<input class="button1" type="submit" name="update" value="{L_SUBMIT}" />
 	</p>
-	</fieldset>
 	{S_FORM_TOKEN}
+	</fieldset>
 	</form>
 
 <!-- ELSEIF S_CONTINUE_SYNC -->
@@ -445,7 +450,7 @@
 					<!-- IF forums.S_FIRST_ROW && not forums.S_LAST_ROW -->
 						{ICON_MOVE_UP_DISABLED}
 						<a href="{forums.U_MOVE_DOWN}">{ICON_MOVE_DOWN}</a>
-					<!-- ELSEIF not forums.S_FIRST_ROW && not forums.S_LAST_ROW-->
+					<!-- ELSEIF not forums.S_FIRST_ROW && not forums.S_LAST_ROW -->
 						<a href="{forums.U_MOVE_UP}">{ICON_MOVE_UP}</a>
 						<a href="{forums.U_MOVE_DOWN}">{ICON_MOVE_DOWN}</a>
 					<!-- ELSEIF forums.S_LAST_ROW && not forums.S_FIRST_ROW -->
@@ -475,8 +480,8 @@
 		{L_SELECT_FORUM}: <select name="parent_id" onchange="if(this.options[this.selectedIndex].value != -1){ this.form.submit(); }">{FORUM_BOX}</select>
 
 		<input class="button2" type="submit" value="{L_GO}" />
+		{S_FORM_TOKEN}
 	</fieldset>
-	{S_FORM_TOKEN}
 	</form>
 
 	<form id="forums" method="post" action="{U_ACTION}">
@@ -486,8 +491,8 @@
 
 		<input type="text" name="forum_name" value="" maxlength="255" />
 		<input class="button2" name="addforum" type="submit" value="{L_CREATE_FORUM}" />
+		{S_FORM_TOKEN}
 	</fieldset>
-	{S_FORM_TOKEN}
 	</form>
 
 <!-- ENDIF -->

phpBB/adm/style/acp_groups.html

@@ -154,8 +154,8 @@
 		<legend>{L_SUBMIT}</legend>
 		<input class="button1" type="submit" id="submit" name="update" value="{L_SUBMIT}" />&nbsp;
 		<input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" />
+		{S_FORM_TOKEN}
 	</fieldset>
-	{S_FORM_TOKEN}
 	</form>
 
 <!-- ELSEIF S_LIST -->
@@ -260,8 +260,8 @@
 	<p class="quick">
 		<input class="button2" type="submit" name="addusers" value="{L_SUBMIT}" />
 	</p>
-	</fieldset>
 	{S_FORM_TOKEN}
+	</fieldset>
 	</form>
 
 <!-- ELSE -->
@@ -309,8 +309,8 @@
 			{L_CREATE_GROUP}: <input type="text" name="group_name" value="" /> <input class="button2" type="submit" name="submit" value="{L_SUBMIT}" />
 			<input type="hidden" name="add" value="1" />
 		<!-- ENDIF -->
+		{S_FORM_TOKEN}
 	</fieldset>
-	{S_FORM_TOKEN}
 	</form>
 
 	<h1>{L_SPECIAL_GROUPS}</h1>

phpBB/adm/style/acp_icons.html

@@ -43,19 +43,19 @@
 	
 	function toggle_select(icon, display, select)
 	{
-		var disp = document.getElementById('order_disp[' + icon + ']');
-		var nodisp = document.getElementById('order_no_disp[' + icon + ']');
+		var disp = document.getElementById('order_disp_' + select);
+		var nodisp = document.getElementById('order_no_disp_' + select);
 		disp.disabled = !display;
 		nodisp.disabled = display;
 		if (display)
 		{
-			document.getElementById(select).selectedIndex = 0;
+			document.getElementById('order_' + select).selectedIndex = 0;
 			nodisp.className = 'disabled-options';
 			disp.className = '';
 		}
 		else
 		{
-			document.getElementById(select).selectedIndex = {S_ORDER_LIST_DISPLAY_COUNT};
+			document.getElementById('order_' + select).selectedIndex = {S_ORDER_LIST_DISPLAY_COUNT};
 			disp.className = 'disabled-options';
 			nodisp.className = '';
 		}
@@ -111,15 +111,15 @@
 		<td><input class="text post" type="text" size="3" name="width[{items.IMG}]" value="{items.WIDTH}" /></td>
 		<td><input class="text post" type="text" size="3" name="height[{items.IMG}]" value="{items.HEIGHT}" /></td>
 		<td>
-			<input type="checkbox" class="radio" name="display_on_posting[{items.IMG}]"{items.POSTING_CHECKED} onclick="toggle_select('{items.A_IMG}', this.checked, 'order[{items.A_IMG}]');"/>
+			<input type="checkbox" class="radio" name="display_on_posting[{items.IMG}]"{items.POSTING_CHECKED} onclick="toggle_select('{items.A_IMG}', this.checked, '{items.S_ROW_COUNT}');"/>
 			<!-- IF items.S_ID -->
 				<input type="hidden" name="id[{items.IMG}]" value="{items.ID}" />
 			<!-- ENDIF -->
 		</td>
 		<!-- IF ID or S_ADD -->
-			<td><select id="order[{items.IMG}]" name="order[{items.IMG}]">
-				<optgroup id="order_disp[{items.IMG}]" label="{L_DISPLAY_POSTING}" <!-- IF not items.POSTING_CHECKED -->disabled="disabled" class="disabled-options" <!-- ENDIF -->>{S_ORDER_LIST_DISPLAY}</optgroup>
-				<optgroup id="order_no_disp[{items.IMG}]" label="{L_DISPLAY_POSTING_NO}" <!-- IF  items.POSTING_CHECKED -->disabled="disabled" class="disabled-options" <!-- ENDIF -->>{S_ORDER_LIST_UNDISPLAY}</optgroup>
+			<td><select id="order_{items.S_ROW_COUNT}" name="order[{items.IMG}]">
+				<optgroup id="order_disp_{items.S_ROW_COUNT}" label="{L_DISPLAY_POSTING}" <!-- IF not items.POSTING_CHECKED -->disabled="disabled" class="disabled-options" <!-- ENDIF -->>{S_ORDER_LIST_DISPLAY}</optgroup>
+				<optgroup id="order_no_disp_{items.S_ROW_COUNT}" label="{L_DISPLAY_POSTING_NO}" <!-- IF  items.POSTING_CHECKED -->disabled="disabled" class="disabled-options" <!-- ENDIF -->>{S_ORDER_LIST_UNDISPLAY}</optgroup>
 			</select></td>
 		<!-- ENDIF -->	
 		<!-- IF S_ADD -->
@@ -158,9 +158,8 @@
 		<input class="button1" type="submit" id="submit" name="submit" value="{L_SUBMIT}" />&nbsp;
 		<input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" />
 	</p>
-
-	</fieldset>
 	{S_FORM_TOKEN}
+	</fieldset>
 	</form>
 
 <!-- ELSEIF S_CHOOSE_PAK -->
@@ -194,8 +193,8 @@
 		<input class="button1" type="submit" id="import" name="import" value="{L_IMPORT_SUBMIT}" />
 	</p>
 	<!-- ENDIF -->
-	</fieldset>
 	{S_FORM_TOKEN}
+	</fieldset>
 	</form>
 
 <!-- ELSE -->
@@ -249,6 +248,10 @@
 				&nbsp;<a href="{items.U_EDIT}">{ICON_EDIT}</a> <a href="{items.U_DELETE}">{ICON_DELETE}</a>
 			</td>
 		</tr>
+	<!-- BEGINELSE -->
+		<tr class="row3">
+			<td colspan="{COLSPAN}">{L_ACP_NO_ITEMS}</td>
+		</tr>
 	<!-- END items -->
 	</tbody>
 	</table>
@@ -256,8 +259,8 @@
 	<p class="quick">
 		<input class="button2" name="add" type="submit" value="{L_ICON_ADD}" />&nbsp; &nbsp;<input class="button2" type="submit" name="edit" value="{L_ICON_EDIT}" />
 	</p>
-	</fieldset>
 	{S_FORM_TOKEN}
+	</fieldset>
 	</form>
 
 <!-- ENDIF -->

phpBB/adm/style/acp_inactive.html

@@ -60,12 +60,12 @@
 	<fieldset class="quick">
 		<select name="action">{S_INACTIVE_OPTIONS}</select>
 		<input class="button2" type="submit" name="submit" value="{L_SUBMIT}" />
-<p class="small"><a href="#" onclick="marklist('inactive', 'mark', true); return false;">{L_MARK_ALL}</a> &bull; <a href="#" onclick="marklist('inactive', 'mark', false); return false;">{L_UNMARK_ALL}</a></p>		
+		<p class="small"><a href="#" onclick="marklist('inactive', 'mark', true); return false;">{L_MARK_ALL}</a> &bull; <a href="#" onclick="marklist('inactive', 'mark', false); return false;">{L_UNMARK_ALL}</a></p>		
+		{S_FORM_TOKEN}
 	</fieldset>
 
 
 
-{S_FORM_TOKEN}
 </form>
 
 <!-- INCLUDE overall_footer.html -->

phpBB/adm/style/acp_jabber.html

@@ -58,8 +58,8 @@
 <fieldset class="submit-buttons">
 	<input class="button1" type="submit" id="submit" name="submit" value="{L_SUBMIT}" />&nbsp;
 	<input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" />
+	{S_FORM_TOKEN}
 </fieldset>
-{S_FORM_TOKEN}
 </form>
 
 <!-- INCLUDE overall_footer.html -->

phpBB/adm/style/acp_language.html

@@ -54,8 +54,8 @@
 	<p class="quick" style="margin-top: -15px;">
 		<input type="submit" name="update_details" class="button2" value="{L_SUBMIT}" />
 	</p>
-	</fieldset>
 	{S_FORM_TOKEN}
+	</fieldset>
 	</form>
 
 	<br /><br />
@@ -92,7 +92,7 @@
 		<!-- END missing -->
 		</tbody>
 		</table>
-		{S_FORM_TOKEN}
+		<div>{S_FORM_TOKEN}</div>
 		</form>
 
 		<br /><br />
@@ -121,9 +121,11 @@
 
 	<!--[if lt IE 8]>
 	<style type="text/css">
+	/* <![CDATA[ */
 		input.langvalue, textarea.langvalue {
 		width: 450px;
 		}
+	/* ]]> */
 	</style>
 	<![endif]-->
 
@@ -157,11 +159,10 @@
 		{TPL}
 	<!-- ENDIF -->
 	<tr>
-		<td class="row3" colspan="3" style="text-align: right;"><input type="submit" name="download_file" class="button2" value="{L_SUBMIT_AND_DOWNLOAD}" />&nbsp;&nbsp;<input type="submit" name="submit_file" class="button2" value="{L_SUBMIT}" /></td>
+		<td class="row3" colspan="3" style="text-align: right;">{S_FORM_TOKEN}<input type="submit" name="download_file" class="button2" value="{L_SUBMIT_AND_DOWNLOAD}" />&nbsp;&nbsp;<input type="submit" name="submit_file" class="button2" value="{L_SUBMIT}" /></td>
 	</tr>
 	</tbody>
 	</table>
-	{S_FORM_TOKEN}
 	</form>
 
 <!-- ELSEIF S_UPLOAD -->
@@ -198,10 +199,10 @@
 	
 	<fieldset class="quick">
 		{HIDDEN}
+		{S_FORM_TOKEN}
 		<input class="button1" type="submit" name="update" value="{L_SUBMIT}" />
 		<input class="button1" type="submit" name="test_connection" value="{L_TEST_CONNECTION}" />
 	</fieldset>
-	{S_FORM_TOKEN}
 	</form>
 
 <!-- ELSE -->

phpBB/adm/style/acp_logs.html

@@ -56,6 +56,7 @@
 <fieldset class="display-options">
 	{L_DISPLAY_LOG}: &nbsp;{S_LIMIT_DAYS}&nbsp;{L_SORT_BY}: {S_SORT_KEY} {S_SORT_DIR}
 	<input class="button2" type="submit" value="{L_GO}" name="sort" />
+	{S_FORM_TOKEN}
 </fieldset>
 <hr />
 <!-- IF PAGINATION -->
@@ -79,7 +80,6 @@
 <!-- ENDIF -->
 
 
-{S_FORM_TOKEN}
 </form>
 
 <!-- INCLUDE overall_footer.html -->

phpBB/adm/style/acp_modules.html

@@ -115,8 +115,8 @@
 		<input class="button1" type="submit" id="submit" name="submit" value="{L_SUBMIT}" />&nbsp;
 		<input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" />
 	</p>
-	</fieldset>
 	{S_FORM_TOKEN}
+	</fieldset>
 	</form>
 
 <!-- ELSE -->

phpBB/adm/style/acp_permission_roles.html

@@ -28,11 +28,11 @@
 
 	<p>{L_EXPLAIN}</p>
 
-	<form id="acp_roles" method="post" action="{U_ACTION}">
-
 	<br />
 	<a href="#acl">&raquo; {L_SET_ROLE_PERMISSIONS}</a>
 
+	<form id="acp_roles" method="post" action="{U_ACTION}">
+
 	<fieldset>
 		<legend>{L_ROLE_DETAILS}</legend>
 	<dl>
@@ -46,6 +46,7 @@
 
 	<p class="quick">
 		<input type="submit" class="button1" name="submit" value="{L_SUBMIT}" />
+		{S_FORM_TOKEN}
 	</p>
 	</fieldset>
 
@@ -57,11 +58,15 @@
 
 	<!-- ENDIF -->
 
+	<p>
+
 	<a name="acl"></a>
 
 	<a href="#maincontent">&raquo; {L_BACK_TO_TOP}</a><br />
 	<br /><br />
 
+	</p>
+
 	<h1>{L_ACL_TYPE}</h1>
 
 	<fieldset class="perm nolegend">
@@ -107,9 +112,9 @@
 						<!-- IF auth.mask.S_ROW_COUNT is even --><tr class="row4"><!-- ELSE --><tr class="row3"><!-- ENDIF -->
 						<th class="permissions-name<!-- IF auth.mask.S_ROW_COUNT is even --> row4<!-- ELSE --> row3<!-- ENDIF -->">{auth.mask.PERMISSION}</th>
 							
-						<td class="permissions-yes"><label for="{auth.mask.FIELD_NAME}_y"><input onchange="set_colours('00{auth.S_ROW_COUNT}', false)" id="setting[{auth.mask.FIELD_NAME}]_y" name="setting[{auth.mask.FIELD_NAME}]" class="radio" type="radio"<!-- IF auth.mask.S_YES --> checked="checked"<!-- ENDIF --> value="1" /></label></td>
-						<td class="permissions-no"><label for="{auth.mask.FIELD_NAME}_u"><input onchange="set_colours('00{auth.S_ROW_COUNT}', false)" id="setting[{auth.mask.FIELD_NAME}]_u" name="setting[{auth.mask.FIELD_NAME}]" class="radio" type="radio"<!-- IF auth.mask.S_NO --> checked="checked"<!-- ENDIF --> value="-1" /></label></td>
-						<td class="permissions-never"><label for="{auth.mask.FIELD_NAME}_n"><input onchange="set_colours('00{auth.S_ROW_COUNT}', false)" id="setting[{auth.mask.FIELD_NAME}]_n" name="setting[{auth.mask.FIELD_NAME}]" class="radio" type="radio"<!-- IF auth.mask.S_NEVER --> checked="checked"<!-- ENDIF --> value="0" /></label></td>
+						<td class="permissions-yes"><label for="setting_{auth.mask.FIELD_NAME}_y"><input onchange="set_colours('00{auth.S_ROW_COUNT}', false)" id="setting_{auth.mask.FIELD_NAME}_y" name="setting[{auth.mask.FIELD_NAME}]" class="radio" type="radio"<!-- IF auth.mask.S_YES --> checked="checked"<!-- ENDIF --> value="1" /></label></td>
+						<td class="permissions-no"><label for="setting_{auth.mask.FIELD_NAME}_u"><input onchange="set_colours('00{auth.S_ROW_COUNT}', false)" id="setting_{auth.mask.FIELD_NAME}_u" name="setting[{auth.mask.FIELD_NAME}]" class="radio" type="radio"<!-- IF auth.mask.S_NO --> checked="checked"<!-- ENDIF --> value="-1" /></label></td>
+						<td class="permissions-never"><label for="setting_{auth.mask.FIELD_NAME}_n"><input onchange="set_colours('00{auth.S_ROW_COUNT}', false)" id="setting_{auth.mask.FIELD_NAME}_n" name="setting[{auth.mask.FIELD_NAME}]" class="radio" type="radio"<!-- IF auth.mask.S_NEVER --> checked="checked"<!-- ENDIF --> value="0" /></label></td>
 					</tr>
 					<!-- END mask -->
 					</tbody>
@@ -124,8 +129,8 @@
 
 	<fieldset class="quick">
 		<input type="submit" class="button1" name="submit" value="{L_SUBMIT}" />
+		{S_FORM_TOKEN}
 	</fieldset>
-	{S_FORM_TOKEN}
 	</form>
 
 	<a href="#maincontent">&raquo; {L_BACK_TO_TOP}</a><br />
@@ -178,8 +183,8 @@
 
 	<fieldset class="quick">
 		{L_CREATE_ROLE}: <input type="text" name="role_name" value="" maxlength="255" /><!-- IF S_ROLE_OPTIONS --> <select name="options_from"><option value="0" selected="selected">{L_CREATE_ROLE_FROM}</option>{S_ROLE_OPTIONS}</select><!-- ENDIF --> <input class="button2" type="submit" name="add" value="{L_SUBMIT}" /><br />
+		{S_FORM_TOKEN}
 	</fieldset>
-	{S_FORM_TOKEN}
 	</form>
 
 	<!-- IF S_DISPLAY_ROLE_MASK -->

phpBB/adm/style/acp_permissions.html

@@ -35,11 +35,11 @@
 
 		<p class="quick">
 			{S_HIDDEN_FIELDS}
+			{S_FORM_TOKEN}
 			<input type="submit" name="submit" value="{L_SUBMIT}" class="button1" />
 		</p>
 
 		</fieldset>
-		{S_FORM_TOKEN}
 		</form>
 
 		<!-- IF S_FORUM_MULTIPLE -->
@@ -56,11 +56,11 @@
 
 			<p class="quick">
 				{S_HIDDEN_FIELDS}
+				{S_FORM_TOKEN}
 				<input type="submit" name="submit" value="{L_SUBMIT}" class="button1" />
 			</p>
 
 			</fieldset>
-			{S_FORM_TOKEN}
 			</form>
 			
 		<!-- ENDIF -->
@@ -80,10 +80,10 @@
 
 		<p class="quick">
 			{S_HIDDEN_FIELDS}
+			{S_FORM_TOKEN}
 			<input type="submit" name="submit" value="{L_SUBMIT}" class="button1" />
 		</p>
 		</fieldset>
-		{S_FORM_TOKEN}
 		</form>
 
 	<!-- ELSEIF S_SELECT_GROUP and S_CAN_SELECT_GROUP -->
@@ -99,11 +99,11 @@
 
 		<p class="quick">
 			{S_HIDDEN_FIELDS}
+			{S_FORM_TOKEN}
 			<input type="submit" name="submit" value="{L_SUBMIT}" class="button1" />
 		</p>
 
 		</fieldset>
-		{S_FORM_TOKEN}
 		</form>
 
 		<!-- ELSEIF S_SELECT_USERGROUP -->
@@ -126,9 +126,9 @@
 			
 			<fieldset class="quick">
 				{S_HIDDEN_FIELDS}
+				{S_FORM_TOKEN}
 				<input type="submit" class="button2" name="action[delete]" value="{L_REMOVE_PERMISSIONS}" style="width: 46% !important;" /> &nbsp; <input class="button1" type="submit" name="submit_edit_options" value="{L_EDIT_PERMISSIONS}" style="width: 46% !important;" />
 			</fieldset>
-			{S_FORM_TOKEN}
 			</form>
 
 			<form id="add_user" method="post" action="{U_ACTION}">
@@ -144,9 +144,9 @@
 
 			<fieldset class="quick">
 				{S_HIDDEN_FIELDS}
+				{S_FORM_TOKEN}
 				<input class="button1" type="submit" name="submit_add_options" value="{L_ADD_PERMISSIONS}" />
 			</fieldset>
-			{S_FORM_TOKEN}
 			</form>
 
 		<!-- ENDIF -->
@@ -171,9 +171,9 @@
 			
 			<fieldset class="quick">
 				{S_HIDDEN_FIELDS}
+				{S_FORM_TOKEN}
 				<input class="button2" type="submit" name="action[delete]" value="{L_REMOVE_PERMISSIONS}" style="width: 46% !important;" /> &nbsp; <input class="button1" type="submit" name="submit_edit_options" value="{L_EDIT_PERMISSIONS}" style="width: 46% !important;" />
 			</fieldset>
-			{S_FORM_TOKEN}
 			</form>
 
 			<form id="add_groups" method="post" action="{U_ACTION}">
@@ -187,10 +187,9 @@
 
 			<fieldset class="quick">
 				{S_HIDDEN_FIELDS}
+				{S_FORM_TOKEN}
 				<input type="submit" class="button1" name="submit_add_options" value="{L_ADD_PERMISSIONS}" />
 			</fieldset>
-			
-			{S_FORM_TOKEN}
 			</form>
 
 		<!-- ENDIF -->
@@ -214,10 +213,9 @@
 			
 			<fieldset class="quick">
 				{S_HIDDEN_FIELDS}
+				{S_FORM_TOKEN}
 				<input class="button1" type="submit" name="submit" value="{L_VIEW_PERMISSIONS}" />
 			</fieldset>
-			
-			{S_FORM_TOKEN}
 			</form>
 
 			<form id="add_user" method="post" action="{U_ACTION}">
@@ -234,9 +232,9 @@
 
 			<fieldset class="quick">
 				{S_HIDDEN_FIELDS}
+				{S_FORM_TOKEN}
 				<input type="submit" name="submit" value="{L_VIEW_PERMISSIONS}" class="button1" />
 			</fieldset>
-			{S_FORM_TOKEN}
 			</form>
 
 		</div>
@@ -256,10 +254,9 @@
 			
 			<fieldset class="quick">
 				{S_HIDDEN_FIELDS}
+				{S_FORM_TOKEN}
 				<input class="button1" type="submit" name="submit" value="{L_VIEW_PERMISSIONS}" />
 			</fieldset>
-			
-			{S_FORM_TOKEN}
 			</form>
 
 			<form id="group" method="post" action="{U_ACTION}">
@@ -275,10 +272,9 @@
 
 			<fieldset class="quick">
 				{S_HIDDEN_FIELDS}
+				{S_FORM_TOKEN}
 				<input type="submit" name="submit" value="{L_VIEW_PERMISSIONS}" class="button1" />
 			</fieldset>
-
-			{S_FORM_TOKEN}
 			</form>
 
 		</div>
@@ -318,11 +314,11 @@
 	
 		<fieldset class="quick" style="float: {S_CONTENT_FLOW_BEGIN};">
 			{S_HIDDEN_FIELDS}
+			{S_FORM_TOKEN}
 			{L_SELECT_TYPE}: <select name="type">{S_PERMISSION_DROPDOWN}</select> 
 
 			<input class="button2" type="submit" name="submit" value="{L_GO}" />
 		</fieldset>
-		{S_FORM_TOKEN}	
 		</form>
 	<!-- ENDIF -->
 
@@ -347,11 +343,11 @@
 	<fieldset class="quick" style="float: {S_CONTENT_FLOW_END};">
 		<input class="button1" type="submit" name="action[apply_all_permissions]" value="{L_APPLY_ALL_PERMISSIONS}" />
 		<input class="button2" type="button" name="cancel" value="{L_RESET}" onclick="document.forms['set-permissions'].reset(); init_colours(active_pmask + active_fmask);" />
+		{S_FORM_TOKEN}
 	</fieldset>
 
 	<br /><br />
 	
-	{S_FORM_TOKEN}
 	</form>
 
 <!-- ENDIF -->

phpBB/adm/style/acp_profile.html

@@ -108,6 +108,7 @@
 
 		<fieldset class="quick">
 			{S_HIDDEN_FIELDS}
+			{S_FORM_TOKEN}
 			<input class="button1" type="submit" name="next" value="{L_PROFILE_TYPE_OPTIONS}" />
 		</fieldset>
 
@@ -129,6 +130,7 @@
 		
 		<fieldset class="quick" style="float: {S_CONTENT_FLOW_END};">
 			{S_HIDDEN_FIELDS}
+			{S_FORM_TOKEN}
 			<input class="button1" type="submit" name="next" value="{L_NEXT_STEP}" />
 		</fieldset>
 
@@ -153,10 +155,11 @@
 		<fieldset class="quick" style="float: {S_CONTENT_FLOW_END};">
 			{S_HIDDEN_FIELDS}
 			<input class="button1" type="submit" name="save" value="{L_SAVE}" />
+			{S_FORM_TOKEN}
 		</fieldset>
 	
 	<!-- ENDIF -->
-	{S_FORM_TOKEN}
+	
 	</form>
 
 <!-- ELSE -->
@@ -216,8 +219,8 @@
 		<input class="text small" type="text" name="field_ident" /> <select name="field_type">{S_TYPE_OPTIONS}</select>
 		<input class="button1" type="submit" name="submit" value="{L_CREATE_NEW_FIELD}" />
 		<input type="hidden" name="create" value="1" />
+		{S_FORM_TOKEN}
 	</fieldset>
-	{S_FORM_TOKEN}
 	</form>
 
 <!-- ENDIF -->

phpBB/adm/style/acp_prune_forums.html

@@ -44,7 +44,7 @@
 		<p>{L_LOOK_UP_FORUMS_EXPLAIN}</p>
 	<dl>
 		<dt><label for="forum">{L_LOOK_UP_FORUM}:</label></dt>
-		<dd><select name="f[]" multiple="multiple" size="10">{S_FORUM_OPTIONS}</select></dd>
+		<dd><select id="forum" name="f[]" multiple="multiple" size="10">{S_FORUM_OPTIONS}</select></dd>
 		<dd><label><input type="checkbox" class="radio" name="all_forums" value="1" /> {L_ALL_FORUMS}</label></dd>
 	</dl>
 	
@@ -97,11 +97,10 @@
 	
 	<p class="quick">
 		{S_HIDDEN_FIELDS}
-
+		{S_FORM_TOKEN}
 		<input class="button1" type="submit" id="submit" name="submit" value="{L_SUBMIT}" />
 	</p>
 	</fieldset>
-	{S_FORM_TOKEN}
 	</form>
 
 <!-- ENDIF -->

phpBB/adm/style/acp_prune_users.html

@@ -51,9 +51,9 @@
 
 	<input class="button1" type="submit" id="update" name="update" value="{L_SUBMIT}" />&nbsp;
 	<input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" />
+	{S_FORM_TOKEN}
 </p>
 </fieldset>
-{S_FORM_TOKEN}
 </form>
 
 <!-- INCLUDE overall_footer.html -->

phpBB/adm/style/acp_ranks.html

@@ -50,9 +50,9 @@
 
 		<input class="button1" type="submit" id="submit" name="submit" value="{L_SUBMIT}" />&nbsp;
 		<input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" />
+		{S_FORM_TOKEN}
 	</p>
 	</fieldset>
-	{S_FORM_TOKEN}
 	</form>
 
 <!-- ELSE -->
@@ -88,9 +88,9 @@
 
 	<p class="quick">
 		<input class="button2" name="add" type="submit" value="{L_ADD_RANK}" />
+		{S_FORM_TOKEN}
 	</p>
 	</fieldset>
-	{S_FORM_TOKEN}
 	</form>
 
 <!-- ENDIF -->

phpBB/adm/style/acp_reasons.html

@@ -52,9 +52,9 @@
 	<p class="submit-buttons">
 		<input class="button1" type="submit" id="submit" name="submit" value="{L_SUBMIT}" />&nbsp;
 		<input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" />
+		{S_FORM_TOKEN}
 	</p>
 	</fieldset>
-	{S_FORM_TOKEN}
 	</form>
 
 <!-- ELSE -->
@@ -116,10 +116,10 @@
 
 		<input type="text" name="reason_title" /> 
 		<input class="button2" name="addreason" type="submit" value="{L_ADD_NEW_REASON}" />
+		{S_FORM_TOKEN}
 	</p>
 	</fieldset>
 	
-	{S_FORM_TOKEN}
 	</form>
 
 <!-- ENDIF -->

phpBB/adm/style/acp_search.html

@@ -59,9 +59,8 @@
 		<legend>{L_SUBMIT}</legend>
 		<input class="button1" type="submit" id="submit" name="submit" value="{L_SUBMIT}" />&nbsp;
 		<input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" />
+		{S_FORM_TOKEN}
 	</fieldset>
-
-	{S_FORM_TOKEN}
 	</form>
 
 <!-- ELSEIF S_INDEX -->
@@ -90,8 +89,8 @@
 				<legend>{L_SUBMIT}</legend>
 				<input class="button1" type="submit" id="continue" name="continue" value="{L_CONTINUE}" onclick="popup_progress_bar('{S_CONTINUE_INDEXING}');" />&nbsp;
 				<input class="button2" type="submit" id="cancel" name="cancel" value="{L_CANCEL}" />
+				{S_FORM_TOKEN}
 			</fieldset>
-		{S_FORM_TOKEN}
 		</form>
 	<!-- ELSE -->
 
@@ -141,8 +140,9 @@
 				<input class="button2" type="submit" name="action[create]" value="{L_CREATE_INDEX}" onclick="popup_progress_bar('create');" />
 			<!-- ENDIF -->
 			</p>
-			</fieldset>
 			{S_FORM_TOKEN}
+			</fieldset>
+			
 			</form>
 		<!-- END backend -->
 

phpBB/adm/style/acp_styles.html

@@ -25,9 +25,9 @@
 
 	<p class="quick">
 		<input class="button1" type="submit" name="update" value="{L_DELETE}" />
+		{S_FORM_TOKEN}
 	</p>
 	</fieldset>
-	{S_FORM_TOKEN}
 	</form>
 
 <!-- ELSEIF S_EDIT_IMAGESET -->
@@ -147,8 +147,8 @@
 	<fieldset class="submit-buttons">
 		<legend>{L_SUBMIT}</legend>
 		<input class="button1" type="submit" name="update" value="{L_SUBMIT}" />&nbsp;&nbsp;<input class="button2" type="reset" value="{L_RESET}" />
+		{S_FORM_TOKEN}
 	</fieldset>
-	{S_FORM_TOKEN}
 	</form>
 
 <!-- ELSEIF S_EDIT_TEMPLATE or S_EDIT_THEME -->
@@ -170,10 +170,9 @@
 		<dt><label for="template_file">{L_FILE}:</label></dt>
 		<dd><select id="template_file" name="template_file" onchange="if (this.options[this.selectedIndex].value != '') this.form.submit();">{S_TEMPLATES}</select> <input class="button2" type="submit" value="{L_SELECT}" /></dd>
 	</dl>
+	{S_FORM_TOKEN}
 	</fieldset>
 	<!-- ENDIF -->
-	
-	{S_FORM_TOKEN}
 	</form>
 
 	<!-- IF TEMPLATE_FILE or (S_EDIT_THEME and S_THEME_IN_DB) -->
@@ -253,10 +252,9 @@
 		<fieldset class="submit-buttons">
 			<legend>{L_SUBMIT}</legend>
 			{S_HIDDEN_FIELDS}
+			{S_FORM_TOKEN}
 			<input class="button1" id="save" type="submit" name="save" value="{L_SUBMIT}" />
 		</fieldset>
-		
-		{S_FORM_TOKEN}
 		</form>
 	<!-- ENDIF -->
 
@@ -301,12 +299,10 @@
 
 	<p class="quick">
 		<span class="small"><a href="#" onclick="marklist('acp_styles', 'delete', true); return false;">{L_MARK_ALL}</a> :: <a href="#" onclick="marklist('acp_styles', 'delete', false); return false;">{L_UNMARK_ALL}</a></span><br />
-
+		{S_FORM_TOKEN}
 		<input class="button1" type="submit" id="submit" name="submit" value="{L_DELETE_MARKED}" />
 	</p>
 	</fieldset>
-
-	{S_FORM_TOKEN}
 	</form>
 
 <!-- ELSEIF S_EXPORT -->
@@ -360,11 +356,12 @@
 	</dl>
 
 	<p class="quick">
+		{S_FORM_TOKEN}
 		<input class="button1" type="submit" name="update" value="{L_SUBMIT}" />
 	</p>
 	</fieldset>
 
-	{S_FORM_TOKEN}
+	
 	</form>
 
 <!-- ELSEIF S_FRONTEND -->
@@ -462,7 +459,7 @@
 	</dl>
 	<dl>
 		<dt><label for="copyright">{L_COPYRIGHT}:</label></dt>
-		<dd><!-- IF S_INSTALL --><b id="name">{COPYRIGHT}</b><!-- ELSE --><input type="text" id="copyright" name="copyright" value="{COPYRIGHT}" /><!-- ENDIF --></dd>
+		<dd><!-- IF S_INSTALL --><b id="copyright">{COPYRIGHT}</b><!-- ELSE --><input type="text" id="copyright" name="copyright" value="{COPYRIGHT}" /><!-- ENDIF --></dd>
 	</dl>
 	<!-- IF S_STYLE and not S_BASIS -->
 		<dl>
@@ -508,9 +505,9 @@
 	<fieldset class="submit-buttons">
 		<legend>{L_SUBMIT}</legend>
 		<input class="button1" type="submit" name="update" value="{L_SUBMIT}" />
+		{S_FORM_TOKEN}
 	</fieldset>
 	
-	{S_FORM_TOKEN}
 	</form>
 
 <!-- ENDIF -->

phpBB/adm/style/acp_users.html

@@ -46,8 +46,8 @@
 
 	<fieldset class="quick">
 		<input type="submit" name="update" value="{L_SUBMIT}" class="button1" />
+		{S_FORM_TOKEN}
 	</fieldset>
-	{S_FORM_TOKEN}
 	</form>
 
 <!-- ELSE -->
@@ -69,8 +69,8 @@
 
 	<fieldset class="quick">
 		{L_SELECT_FORM}: <select name="mode" onchange="if (this.options[this.selectedIndex].value != '') this.form.submit();">{S_FORM_OPTIONS}</select> <input class="button2" type="submit" value="{L_GO}" />
+		{S_FORM_TOKEN}
 	</fieldset>
-	{S_FORM_TOKEN}
 	</form>
 
 <!-- ENDIF -->
@@ -109,8 +109,8 @@
 
 	<fieldset class="quick">
 		<input class="button1" type="submit" name="update" value="{L_SUBMIT}" />
+		{S_FORM_TOKEN}
 	</fieldset>
-	{S_FORM_TOKEN}
 	</form>
 
 <!-- ELSEIF S_SIGNATURE -->
@@ -143,9 +143,9 @@
 	<!-- IF S_GROUP_OPTIONS -->
 		<fieldset class="quick">
 			{L_USER_GROUP_ADD}: <select name="g">{S_GROUP_OPTIONS}</select> <input class="button1" type="submit" name="update" value="{L_SUBMIT}" />
+			{S_FORM_TOKEN}
 		</fieldset>
 	<!-- ENDIF -->
-	{S_FORM_TOKEN}
 	</form>
 
 <!-- ELSEIF S_ATTACHMENTS -->
@@ -201,8 +201,8 @@
 	<fieldset class="quick">
 		<input class="button2" type="submit" name="delmarked" value="{L_DELETE_MARKED}" />
 		<p class="small"><a href="#" onclick="marklist('user_attachments', 'mark', true);">{L_MARK_ALL}</a> &bull; <a href="#" onclick="marklist('user_attachments', 'mark', false);">{L_UNMARK_ALL}</a></p>
+		{S_FORM_TOKEN}
 	</fieldset>
-	{S_FORM_TOKEN}
 	</form>
 
 <!-- ELSEIF S_PERMISSIONS -->
@@ -217,8 +217,8 @@
 		<fieldset class="quick" style="text-align: left;">
 			{L_SELECT_FORUM}: <select name="f">{S_FORUM_OPTIONS}</select> 
 			<input class="button2" type="submit" value="{L_GO}" name="select" />
+			{S_FORM_TOKEN}
 		</fieldset>
-	{S_FORM_TOKEN}
 	</form>
 
 	<div class="clearfix">&nbsp;</div>

phpBB/adm/style/acp_users_avatar.html

@@ -70,7 +70,7 @@
 
 	<fieldset class="quick">
 		<input class="button1" type="submit" name="update" value="{L_SUBMIT}" />
+		{S_FORM_TOKEN}
 	</fieldset>
 	
-	{S_FORM_TOKEN}
 	</form>

phpBB/adm/style/acp_users_overview.html

@@ -61,10 +61,10 @@
 <p class="quick">
 	<input class="button1" type="submit" name="update" value="{L_SUBMIT}" />
 	<input type="hidden" name="action" value="" />
+	{S_FORM_TOKEN}
 </p>
 
 </fieldset>
-{S_FORM_TOKEN}
 </form>
 
 <!-- IF not S_USER_FOUNDER or S_FOUNDER -->
@@ -134,11 +134,11 @@
 
 	<p class="quick">
 		<input class="button1" type="submit" name="update" value="{L_SUBMIT}" />
+		{S_FORM_TOKEN}
 	</p>
 
 	</fieldset>
 	
-	{S_FORM_TOKEN}
 	</form>
 
 <!-- ENDIF -->

phpBB/adm/style/acp_users_prefs.html

@@ -152,7 +152,7 @@
 
 	<fieldset class="quick">
 		<input class="button1" type="submit" name="update" value="{L_SUBMIT}" />
+		{S_FORM_TOKEN}
 	</fieldset>
 
-	{S_FORM_TOKEN}
 	</form>

phpBB/adm/style/acp_users_profile.html

@@ -61,7 +61,6 @@
 
 	<fieldset class="quick">
 		<input class="button1" type="submit" name="update" value="{L_SUBMIT}" />
+		{S_FORM_TOKEN}
 	</fieldset>
-
-	{S_FORM_TOKEN}
 	</form>

phpBB/adm/style/acp_users_signature.html

@@ -27,7 +27,7 @@
 		t: '{LA_BBCODE_T_HELP}',
 		tip: '{L_STYLES_TIP}'
 		<!-- BEGIN custom_tags -->
-			,cb_{custom_tags.BBCODE_ID}: '{custom_tags.BBCODE_HELPLINE}'
+			,cb_{custom_tags.BBCODE_ID}: '{custom_tags.A_BBCODE_HELPLINE}'
 		<!-- END custom_tags -->
 	}
 
@@ -77,7 +77,7 @@
 		<!-- IF .custom_tags -->
 			<br /><br />
 			<!-- BEGIN custom_tags -->
-				<input type="button" class="button2" name="addbbcode{custom_tags.BBCODE_ID}" value="{custom_tags.BBCODE_TAG}" onclick="bbstyle({custom_tags.BBCODE_ID})"<!-- IF custom_tags.BBCODE_HELPLINE !== '' --> onmouseover="helpline('cb_{custom_tags.BBCODE_ID}')"<!-- ENDIF --> />
+				<input type="button" class="button2" name="addbbcode{custom_tags.BBCODE_ID}" value="{custom_tags.BBCODE_TAG}" onclick="bbstyle({custom_tags.BBCODE_ID})"<!-- IF custom_tags.BBCODE_HELPLINE !== '' --> onmouseover="helpline('cb_{custom_tags.BBCODE_ID}')" onmouseout="helpline('tip')"<!-- ENDIF --> />
 			<!-- END custom_tags -->
 		<!-- ENDIF -->
 
@@ -112,6 +112,6 @@
 	<fieldset class="submit-buttons">
 		<input class="button1" type="submit" name="update" value="{L_SUBMIT}" />&nbsp;
 		<input class="button2" type="submit" name="preview" value="{L_PREVIEW}" />
+		{S_FORM_TOKEN}
 	</fieldset>
-{S_FORM_TOKEN}
 </form>

phpBB/adm/style/acp_words.html

@@ -27,9 +27,9 @@
 	<p class="submit-buttons">
 		<input class="button1" type="submit" id="submit" name="save" value="{L_SUBMIT}" />&nbsp;
 		<input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" />
+		{S_FORM_TOKEN}
 	</p>
 	</fieldset>
-	{S_FORM_TOKEN}
 	</form>
 
 <!-- ELSE -->
@@ -62,12 +62,15 @@
 		<td style="text-align: center;">{words.REPLACEMENT}</td>
 		<td>&nbsp;<a href="{words.U_EDIT}">{ICON_EDIT}</a>&nbsp;&nbsp;<a href="{words.U_DELETE}">{ICON_DELETE}</a>&nbsp;</td>
 	</tr>
+	<!-- BEGINELSE -->
+	<tr class="row3">
+		<td colspan="3">{L_ACP_NO_ITEMS}</td>
+	</tr>
 	<!-- END words -->
 	</tbody>
 	</table>
-
-	</fieldset>
 	{S_FORM_TOKEN}
+	</fieldset>
 	</form>
 <!-- ENDIF -->
 

phpBB/adm/style/admin.css

@@ -117,6 +117,10 @@ a:active {
 	text-decoration: none;
 }
 
+.install-body p a {
+	font-weight: bold;
+}
+
 /* Main blocks
 ---------------------------------------- */
 #wrap {

phpBB/adm/style/colour_swatch.html

@@ -8,7 +8,7 @@
 <title>{L_COLOUR_SWATCH}</title>
 
 <style type="text/css">
-<!--
+/* <![CDATA[ */
 	body {
 		background-color: #404040;
 		color: #fff;
@@ -29,7 +29,7 @@
 	img {
 		border: 0;
 	}
-//-->
+/* ]]> */
 </style>
 </head>
 

phpBB/adm/style/install_header.html

@@ -78,4 +78,4 @@ function dE(n, s, type)
 						</ul>
 					</div>
 	
-					<div id="main">
+					<div id="main" class="install-body">

phpBB/adm/style/install_update.html

@@ -2,6 +2,17 @@
 
 <script type="text/javascript">
 // <![CDATA[
+	function popup(url, width, height, name)
+	{
+		if (!name)
+		{
+			name = '_popup';
+		}
+
+		window.open(url.replace(/&amp;/g, '&'), name, 'height=' + height + ',resizable=yes,scrollbars=yes, width=' + width);
+		return false;
+	}
+
 	function diff_popup(url)
 	{
 		popup(url, 950, 600, '_diff');
@@ -52,7 +63,7 @@
 	<p>{L_UPDATE_SUCCESS_EXPLAIN}</p>
 
 	<fieldset class="submit-buttons">
-		<input class="button1" type="submit" name="submit" value="{L_CHECK_FILES_AGAIN}" />
+		<input class="button1" type="submit" name="check_again" value="{L_CHECK_FILES_AGAIN}" />
 	</fieldset>
 
 	</form>
@@ -190,7 +201,7 @@
 
 					<h2>{files.TITLE}</h2>
 
-					<!-- IF files.STATUS eq 'not_modified' --><div style="float: {S_CONTENT_FLOW_END};">&raquo; <a href="#" onclick="dE('not_modified', 0);">{L_TOGGLE_DISPLAY}</a></div><!-- ENDIF -->
+					<!-- IF files.STATUS eq 'not_modified' --><div style="float: {S_CONTENT_FLOW_END};">&raquo; <a href="#" onclick="dE('not_modified', 0); return false;">{L_TOGGLE_DISPLAY}</a></div><!-- ENDIF -->
 					<p>{files.EXPLAIN}</p>
 
 					<div style="display: <!-- IF files.STATUS neq 'not_modified' -->block<!-- ELSE -->none<!-- ENDIF -->;" id="{files.STATUS}">
@@ -244,10 +255,6 @@
 							<dl>
 								<dt style="width: 60%"><label><input type="radio" class="radio" name="conflict[{files.FILENAME}]" value="1" checked="checked" /> {L_MERGE_NO_MERGE_NEW_OPTION}</label></dt>
 								<dd style="margin-left: 60%;"><!-- IF not files.S_BINARY -->[<a href="{files.U_VIEW_NO_MERGE_NEW}" onclick="diff_popup(this.href); return false;">{L_SHOW_DIFF_FINAL}</a>]<!-- ELSE -->&nbsp;<!-- ENDIF --></dd>
-							</dl>
-							<dl>
-								<dt style="width: 60%"><label><input type="radio" class="radio" name="conflict[{files.FILENAME}]" value="2" /> {L_MERGE_NO_MERGE_MOD_OPTION}</label></dt>
-								<dd style="margin-left: 60%;"><!-- IF not files.S_BINARY -->[<a href="{files.U_VIEW_NO_MERGE_MOD}" onclick="diff_popup(this.href); return false;">{L_SHOW_DIFF_FINAL}</a>]<!-- ELSE -->&nbsp;<!-- ENDIF --></dd>
 							</dl>
 								<!-- IF not files.S_BINARY -->
 									<dl>

phpBB/adm/style/install_update_diff.html

@@ -32,7 +32,7 @@ function resize_panel()
 </script>
 
 <style type="text/css">
-<!--
+/* <![CDATA[ */
 
 #main {
 	font-size: 1em;
@@ -198,7 +198,7 @@ table.hrdiff caption span {
 
 <!-- ENDIF -->
 
-//-->
+/* ]]> */
 </style>
 
 </head>

phpBB/adm/style/overall_header.html

@@ -181,11 +181,11 @@ function switch_menu()
 			<span class="corners-top"><span></span></span>
 				<div id="content">
 					<!-- IF not S_USER_NOTICE --> 
-					<div id="toggle">						
+					<div id="toggle">
 						<a id="toggle-handle" accesskey="m" title="{L_MENU_TOGGLE}" onclick="switch_menu(); return false;" href="#"></a></div>
 					<!-- ENDIF -->
 					<div id="menu">
-						<p>{L_LOGGED_IN_AS}<br /><strong>{USERNAME}</strong> [&nbsp;<a href="{U_LOGOUT}">{L_LOGOUT}</a>&nbsp;]</p>
+						<p>{L_LOGGED_IN_AS}<br /><strong>{USERNAME}</strong> [&nbsp;<a href="{U_LOGOUT}">{L_LOGOUT}</a>&nbsp;][&nbsp;<a href="{U_ADM_LOGOUT}">{L_ADM_LOGOUT}</a>&nbsp;]</p>
 						<ul>
 						<!-- BEGIN l_block1 -->
 							<!-- IF l_block1.S_SELECTED -->

phpBB/common.php

@@ -131,7 +131,7 @@ if (!defined('PHPBB_INSTALLED'))
 	// Redirect the user to the installer
 	// We have to generate a full HTTP/1.1 header here since we can't guarantee to have any of the information
 	// available as used by the redirect function
-	$server_name = (!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME');
+	$server_name = (!empty($_SERVER['HTTP_HOST'])) ? strtolower($_SERVER['HTTP_HOST']) : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME'));
 	$server_port = (!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT');
 	$secure = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 1 : 0;
 
@@ -150,7 +150,11 @@ if (!defined('PHPBB_INSTALLED'))
 
 	if ($server_port && (($secure && $server_port <> 443) || (!$secure && $server_port <> 80)))
 	{
-		$url .= ':' . $server_port;
+		// HTTP HOST can carry a port number...
+		if (strpos($server_name, ':') === false)
+		{
+			$url .= ':' . $server_port;
+		}
 	}
 
 	$url .= $script_path;
@@ -203,7 +207,7 @@ $cache		= new cache();
 $db			= new $sql_db();
 
 // Connect to DB
-$db->sql_connect($dbhost, $dbuser, $dbpasswd, $dbname, $dbport, false, false);
+$db->sql_connect($dbhost, $dbuser, $dbpasswd, $dbname, $dbport, false, defined('PHPBB_DB_NEW_LINK') ? PHPBB_DB_NEW_LINK : false);
 
 // We do not need this any longer, unset for safety purposes
 unset($dbpasswd);

phpBB/develop/adjust_uids.php

@@ -0,0 +1,129 @@
+<?php
+/**
+* Repair bbcodes converted with RC6
+*
+* You should make a backup from your users, posts and privmsgs table in case something goes wrong
+* Forum descriptions and rules need to be re-submitted manually
+*
+*/
+die("Please read the first lines of this script for instructions on how to enable it");
+
+set_time_limit(0);
+@ini_set('memory_limit', '512M');
+
+define('IN_PHPBB', true);
+$phpbb_root_path = './../';
+$phpEx = substr(strrchr(__FILE__, '.'), 1);
+include($phpbb_root_path . 'common.'.$phpEx);
+
+// Start session management
+$user->session_begin();
+$auth->acl($user->data);
+$user->setup();
+
+$echos = 0;
+
+
+// Adjust user signatures
+$sql = 'SELECT user_id, user_sig, user_sig_bbcode_uid
+	FROM ' . USERS_TABLE . '
+	ORDER BY user_id ASC';
+$result = $db->sql_query($sql);
+
+while ($row = $db->sql_fetchrow($result))
+{
+	$bbcode_uid = $row['user_sig_bbcode_uid'];
+
+	// Only if a bbcode uid is present, the signature present and a size tag used...
+	if (!empty($bbcode_uid) && strpos($row['user_sig'], $bbcode_uid) === false)
+	{
+		$row['user_sig'] = preg_replace('/\:[0-9a-z]{8}\]/', ":$bbcode_uid]", $row['user_sig']);
+
+		$sql = 'UPDATE ' . USERS_TABLE . " SET user_sig = '" . $db->sql_escape($row['user_sig']) . "'
+			WHERE user_id = " . $row['user_id'];
+		$db->sql_query($sql);
+
+		if ($echos > 200)
+		{
+			echo '<br />User: ' . "{$row['user_id']}\n";
+			$echos = 0;
+		}
+
+		echo '.';
+		$echos++;
+
+		flush();
+	}
+}
+$db->sql_freeresult($result);
+
+
+// Now adjust posts
+$sql = 'SELECT post_id, post_text, bbcode_uid, enable_bbcode
+	FROM ' . POSTS_TABLE . '
+	ORDER BY post_id ASC';
+$result = $db->sql_query($sql);
+
+while ($row = $db->sql_fetchrow($result))
+{
+	$bbcode_uid = $row['bbcode_uid'];
+
+	// Only if a bbcode uid is present, bbcode enabled and a size tag used...
+	if ($row['enable_bbcode'] && !empty($bbcode_uid) && strpos($row['post_text'], $bbcode_uid) === false)
+	{
+		$row['post_text'] = preg_replace('/\:[0-9a-z]{8}\]/', ":$bbcode_uid]", $row['post_text']);
+		
+		$sql = 'UPDATE ' . POSTS_TABLE . " SET post_text = '" . $db->sql_escape($row['post_text']) . "'
+			WHERE post_id = " . $row['post_id'];
+		$db->sql_query($sql);
+
+		if ($echos > 200)
+		{
+			echo '<br />Post: ' . "{$row['post_id']} \n";
+			$echos = 0;
+		}
+
+		echo '.';
+		$echos++;
+
+		flush();
+	}
+}
+$db->sql_freeresult($result);
+
+// Now to the private messages
+$sql = 'SELECT msg_id, message_text, bbcode_uid, enable_bbcode
+	FROM ' . PRIVMSGS_TABLE;
+$result = $db->sql_query($sql);
+
+while ($row = $db->sql_fetchrow($result))
+{
+	$bbcode_uid = $row['bbcode_uid'];
+
+	// Only if a bbcode uid is present, bbcode enabled and a size tag used...
+	if ($row['enable_bbcode'] && !empty($bbcode_uid) && strpos($row['message_text'], $bbcode_uid) === false)
+	{
+		$row['message_text'] = preg_replace('/\:[0-9a-z]{8}\]/', ":$bbcode_uid]", $row['message_text']);
+		
+		$sql = 'UPDATE ' . PRIVMSGS_TABLE . " SET message_text = '" . $db->sql_escape($row['message_text']) . "'
+			WHERE msg_id = " . $row['msg_id'];
+		$db->sql_query($sql);
+
+		if ($echos > 200)
+		{
+			echo '<br />' . "\n";
+			$echos = 0;
+		}
+
+		echo '.';
+		$echos++;
+
+		flush();
+	}
+}
+$db->sql_freeresult($result);
+
+// Done
+$db->sql_close();
+echo 'done';
+?>

phpBB/develop/create_schema_files.php

@@ -1049,7 +1049,7 @@ function get_schema_struct()
 			'forum_desc'			=> array('TEXT_UNI', ''),
 			'forum_desc_bitfield'	=> array('VCHAR:255', ''),
 			'forum_desc_options'	=> array('UINT:11', 7),
-			'forum_desc_uid'		=> array('VCHAR:5', ''),
+			'forum_desc_uid'		=> array('VCHAR:8', ''),
 			'forum_link'			=> array('VCHAR_UNI', ''),
 			'forum_password'		=> array('VCHAR_UNI:40', ''),
 			'forum_style'			=> array('USINT', 0),
@@ -1058,7 +1058,7 @@ function get_schema_struct()
 			'forum_rules_link'		=> array('VCHAR_UNI', ''),
 			'forum_rules_bitfield'	=> array('VCHAR:255', ''),
 			'forum_rules_options'	=> array('UINT:11', 7),
-			'forum_rules_uid'		=> array('VCHAR:5', ''),
+			'forum_rules_uid'		=> array('VCHAR:8', ''),
 			'forum_topics_per_page'	=> array('TINT:4', 0),
 			'forum_type'			=> array('TINT:4', 0),
 			'forum_status'			=> array('TINT:4', 0),
@@ -1072,6 +1072,7 @@ function get_schema_struct()
 			'forum_last_poster_name'=> array('VCHAR_UNI', ''),
 			'forum_last_poster_colour'=> array('VCHAR:6', ''),
 			'forum_flags'			=> array('TINT:4', 32),
+			'display_subforum_list'	=> array('BOOL', 1),
 			'display_on_index'		=> array('BOOL', 1),
 			'enable_indexing'		=> array('BOOL', 1),
 			'enable_icons'			=> array('BOOL', 1),
@@ -1128,7 +1129,7 @@ function get_schema_struct()
 			'group_desc'			=> array('TEXT_UNI', ''),
 			'group_desc_bitfield'	=> array('VCHAR:255', ''),
 			'group_desc_options'	=> array('UINT:11', 7),
-			'group_desc_uid'		=> array('VCHAR:5', ''),
+			'group_desc_uid'		=> array('VCHAR:8', ''),
 			'group_display'			=> array('BOOL', 0),
 			'group_avatar'			=> array('VCHAR', ''),
 			'group_avatar_type'		=> array('TINT:2', 0),
@@ -1143,7 +1144,7 @@ function get_schema_struct()
 		),
 		'PRIMARY_KEY'	=> 'group_id',
 		'KEYS'			=> array(
-			'group_legend'			=> array('INDEX', 'group_legend'),
+			'group_legend_name'		=> array('INDEX', array('group_legend', 'group_name')),
 		),
 	);
 
@@ -1519,6 +1520,7 @@ function get_schema_struct()
 		'COLUMNS'		=> array(
 			'session_id'			=> array('CHAR:32', ''),
 			'session_user_id'		=> array('UINT', 0),
+			'session_forum_id'		=> array('UINT', 0),
 			'session_last_visit'	=> array('TIMESTAMP', 0),
 			'session_start'			=> array('TIMESTAMP', 0),
 			'session_time'			=> array('TIMESTAMP', 0),
@@ -1534,6 +1536,7 @@ function get_schema_struct()
 		'KEYS'			=> array(
 			'session_time'		=> array('INDEX', 'session_time'),
 			'session_user_id'	=> array('INDEX', 'session_user_id'),
+			'session_forum_id'	=> array('INDEX', 'session_forum_id'),
 		),
 	);
 
@@ -1804,8 +1807,8 @@ function get_schema_struct()
 			'user_style'				=> array('USINT', 0),
 			'user_rank'					=> array('UINT', 0),
 			'user_colour'				=> array('VCHAR:6', ''),
-			'user_new_privmsg'			=> array('TINT:4', 0),
-			'user_unread_privmsg'		=> array('TINT:4', 0),
+			'user_new_privmsg'			=> array('INT:4', 0),
+			'user_unread_privmsg'		=> array('INT:4', 0),
 			'user_last_privmsg'			=> array('TIMESTAMP', 0),
 			'user_message_rules'		=> array('BOOL', 0),
 			'user_full_folder'			=> array('INT:11', -3),
@@ -1841,7 +1844,7 @@ function get_schema_struct()
 			'user_occ'					=> array('TEXT_UNI', ''),
 			'user_interests'			=> array('TEXT_UNI', ''),
 			'user_actkey'				=> array('VCHAR:32', ''),
-			'user_newpasswd'			=> array('VCHAR_UNI:32', ''),
+			'user_newpasswd'			=> array('VCHAR_UNI:40', ''),
 			'user_form_salt'			=> array('VCHAR_UNI:32', ''),
 
 		),

phpBB/develop/repair_bots.php

@@ -0,0 +1,151 @@
+<?php
+/**
+* Rebuild BOTS
+*
+* You should make a backup from your whole database. Things can and will go wrong. 
+* This will only work if no BOTs were added.
+*
+*/
+die("Please read the first lines of this script for instructions on how to enable it");
+
+set_time_limit(0);
+
+define('IN_PHPBB', true);
+$phpbb_root_path = './../';
+$phpEx = substr(strrchr(__FILE__, '.'), 1);
+include($phpbb_root_path . 'common.'.$phpEx);
+include($phpbb_root_path . '/includes/functions_user.'.$phpEx);
+
+
+// Start session management
+$user->session_begin();
+$auth->acl($user->data);
+$user->setup();
+
+$bots = array(
+	'AdsBot [Google]'			=> array('AdsBot-Google', ''),
+	'Alexa [Bot]'				=> array('ia_archiver', ''),
+	'Alta Vista [Bot]'			=> array('Scooter/', ''),
+	'Ask Jeeves [Bot]'			=> array('Ask Jeeves', ''),
+	'Baidu [Spider]'			=> array('Baiduspider+(', ''),
+	'Exabot [Bot]'				=> array('Exabot/', ''),
+	'FAST Enterprise [Crawler]'	=> array('FAST Enterprise Crawler', ''),
+	'FAST WebCrawler [Crawler]'	=> array('FAST-WebCrawler/', ''),
+	'Francis [Bot]'				=> array('http://www.neomo.de/', ''),
+	'Gigabot [Bot]'				=> array('Gigabot/', ''),
+	'Google Adsense [Bot]'		=> array('Mediapartners-Google', ''),
+	'Google Desktop'			=> array('Google Desktop', ''),
+	'Google Feedfetcher'		=> array('Feedfetcher-Google', ''),
+	'Google [Bot]'				=> array('Googlebot', ''),
+	'Heise IT-Markt [Crawler]'	=> array('heise-IT-Markt-Crawler', ''),
+	'Heritrix [Crawler]'		=> array('heritrix/1.', ''),
+	'IBM Research [Bot]'		=> array('ibm.com/cs/crawler', ''),
+	'ICCrawler - ICjobs'		=> array('ICCrawler - ICjobs', ''),
+	'ichiro [Crawler]'			=> array('ichiro/2', ''),
+	'Majestic-12 [Bot]'			=> array('MJ12bot/', ''),
+	'Metager [Bot]'				=> array('MetagerBot/', ''),
+	'MSN NewsBlogs'				=> array('msnbot-NewsBlogs/', ''),
+	'MSN [Bot]'					=> array('msnbot/', ''),
+	'MSNbot Media'				=> array('msnbot-media/', ''),
+	'NG-Search [Bot]'			=> array('NG-Search/', ''),
+	'Nutch [Bot]'				=> array('http://lucene.apache.org/nutch/', ''),
+	'Nutch/CVS [Bot]'			=> array('NutchCVS/', ''),
+	'OmniExplorer [Bot]'		=> array('OmniExplorer_Bot/', ''),
+	'Online link [Validator]'	=> array('online link validator', ''),
+	'psbot [Picsearch]'			=> array('psbot/0', ''),
+	'Seekport [Bot]'			=> array('Seekbot/', ''),
+	'Sensis [Crawler]'			=> array('Sensis Web Crawler', ''),
+	'SEO Crawler'				=> array('SEO search Crawler/', ''),
+	'Seoma [Crawler]'			=> array('Seoma [SEO Crawler]', ''),
+	'SEOSearch [Crawler]'		=> array('SEOsearch/', ''),
+	'Snappy [Bot]'				=> array('Snappy/1.1 ( http://www.urltrends.com/ )', ''),
+	'Steeler [Crawler]'			=> array('http://www.tkl.iis.u-tokyo.ac.jp/~crawler/', ''),
+	'Synoo [Bot]'				=> array('SynooBot/', ''),
+	'Telekom [Bot]'				=> array('crawleradmin.t-info@telekom.de', ''),
+	'TurnitinBot [Bot]'			=> array('TurnitinBot/', ''),
+	'Voyager [Bot]'				=> array('voyager/1.0', ''),
+	'W3 [Sitesearch]'			=> array('W3 SiteSearch Crawler', ''),
+	'W3C [Linkcheck]'			=> array('W3C-checklink/', ''),
+	'W3C [Validator]'			=> array('W3C_*Validator', ''),
+	'WiseNut [Bot]'				=> array('http://www.WISEnutbot.com', ''),
+	'YaCy [Bot]'				=> array('yacybot', ''),
+	'Yahoo MMCrawler [Bot]'		=> array('Yahoo-MMCrawler/', ''),
+	'Yahoo Slurp [Bot]'			=> array('Yahoo! DE Slurp', ''),
+	'Yahoo [Bot]'				=> array('Yahoo! Slurp', ''),
+	'YahooSeeker [Bot]'			=> array('YahooSeeker/', ''),
+);
+	
+$bot_ids = array();
+user_get_id_name($bot_ids, array_keys($bots), USER_IGNORE);
+foreach($bot_ids as $bot)
+{
+	user_delete('remove', $bot);
+}
+// Done
+add_bots($bots);
+echo 'done';
+
+
+/**
+* Add the search bots into the database
+* This code should be used in execute_last if the source database did not have bots
+* If you are converting bots this function should not be called
+* @todo We might want to look at sharing the bot list between the install code and this code for consistency
+*/
+function add_bots($bots)
+{
+	global $db, $config;
+
+	$sql = 'SELECT group_id FROM ' . GROUPS_TABLE . " WHERE group_name = 'BOTS'";
+	$result = $db->sql_query($sql);
+	$group_id = (int) $db->sql_fetchfield('group_id', false, $result);
+	$db->sql_freeresult($result);
+	$db->sql_query('TRUNCATE TABLE ' . BOTS_TABLE);
+
+	if (!$group_id)
+	{
+		add_default_groups();
+
+		$sql = 'SELECT group_id FROM ' . GROUPS_TABLE . " WHERE group_name = 'BOTS'";
+		$result = $db->sql_query($sql);
+		$group_id = (int) $db->sql_fetchfield('group_id', false, $result);
+		$db->sql_freeresult($result);
+
+	}
+
+
+
+
+	foreach ($bots as $bot_name => $bot_ary)
+	{
+		$user_row = array(
+			'user_type'				=> USER_IGNORE,
+			'group_id'				=> $group_id,
+			'username'				=> $bot_name,
+			'user_regdate'			=> time(),
+			'user_password'			=> '',
+			'user_colour'			=> '9E8DA7',
+			'user_email'			=> '',
+			'user_lang'				=> $config['default_lang'],
+			'user_style'			=> 1,
+			'user_timezone'			=> 0,
+			'user_allow_massemail'	=> 0,
+		);
+
+		$user_id = user_add($user_row);
+
+		if ($user_id)
+		{
+			$sql = 'INSERT INTO ' . BOTS_TABLE . ' ' . $db->sql_build_array('INSERT', array(
+				'bot_active'	=> 1,
+				'bot_name'		=> $bot_name,
+				'user_id'		=> $user_id,
+				'bot_agent'		=> $bot_ary[0],
+				'bot_ip'		=> $bot_ary[1])
+			);
+			$db->sql_query($sql);
+		}
+	}
+}
+
+?>

phpBB/docs/CHANGELOG.html

@@ -53,6 +53,11 @@
 <ol>
 	<li><a href="#changelog">Changelog</a>
 	<ol style="list-style-type: lower-roman;">
+		<li><a href="#v301">Changes since 3.0.1</a></li>
+		<li><a href="#v300">Changes since 3.0.0</a></li>
+		<li><a href="#v30rc8">Changes since RC-8</a></li>
+		<li><a href="#v30rc7">Changes since RC-7</a></li>
+		<li><a href="#v30rc6">Changes since RC-6</a></li>
 		<li><a href="#v30rc5">Changes since RC-5</a></li>
 		<li><a href="#v30rc4">Changes since RC-4</a></li>
 		<li><a href="#v30rc3">Changes since RC-3</a></li>
@@ -67,7 +72,7 @@
 
 		<span class="corners-bottom"><span></span></span></div>
 	</div>
-
+	
 	<hr />
 
 	<a name="changelog"></a><h2>1. Changelog</h2>
@@ -77,7 +82,174 @@
 
 		<div class="content">
 
-	<a name="v30rc5"></a><h3>1.i. Changes since 3.0.RC5</h3>
+	<a name="v301"></a><h3>1.i. Changes since 3.0.1</h3>
+
+	<ul>
+		<li>[Fix] Ability to set permissions on non-mysql dbms (Bug #24955)</li>
+		<li>[Fix] Fixed blank style on setups having no username defined within config.php (Bug #25065)</li>
+		<li>[Fix] Made the compress_tar class tolerate archives that do not properly have their archived contents listed (Bug #14429 / thanks to JRSweets for his patch)</li>
+		<li>[Fix] Moved topics should not count towards the number of topics in a forum (Bug #14648 / thanks to Schumi for his patch)</li>
+		<li>[Fix] Properly check for invalid characters in MySQL DB prefixes during install (Bug #18775)</li>
+		<li>[Change] Generalize load check (Bug #21255 / thanks to Xipher)</li>
+		<li>[Change] Make utf8_htmlspecialchars not pass its argument by reference (Bug #21885)</li>
+		<li>[Fix] Bring the PostgreSQL backup system back to working order (Bug #22385)</li>
+		<li>[Change] Sort the tables at the database table backup screen</li>
+		<li>[Fix] Update correct theme for cached styles in style.php (Bug #25805)</li>
+		<li>[Fix] Also add PHPBB_INSTALLED check to download/file.php for inline avatar delivery</li>
+		<li>[Fix] Unable to login to some jabber server, reverted previous change (Bug #25095)</li>
+		<li>[Fix] Do not return BMP as valid image type for GD image manipulation (Bug #25925)</li>
+		<li>[Change] For determining the maximum number of private messages in one box, use the biggest value from all groups the user is a member of (Bug #24665)</li>
+		<li>[Fix] Correctly determine safe mode for temp file creation in functions_upload.php (Bug #23525)</li>
+		<li>[Fix] Correctly sort by rank in memberlist (Bug #24435)</li>
+		<li>[Fix] Purge cache after database restore (Bug #24245)</li>
+		<li>[Fix] Correctly display subforum read/unread icons from RTL in FF3, Konqueror and Safari3+. (thanks arod-1 for the fix, related to Bug #14830)</li>
+		<li>[Feature] Added optional referer validation of POST requests as additional CSRF protection.</li>
+		<li>[Fix] Added missing form token in acp (thanks NBBN).</li>
+		<li>[Feature] Added optional stricter upload validation to avoid mime sniffing in addition to the safeguards provided by file.php. (thanks to Nicolas Grekas for compiling the list).</li>
+		<li>[Fix] Do not remove whitespace in front of url containing the boards url and no relative path appended (Bug #27355)</li>
+		<li>[Change] Show email ban reason on registration. Additionally allow custom errors properly returned if using validate_data(). (Bug #26885)</li>
+		<li>[Feature] Streamlined banning via the MCP by adding a ban link to the user profile. Also pre-fills ban fields as far as possible.</li>
+		<li>[Feature] Added ACP logout to reset an admin session.</li>
+		<li>[Fix] reset forum notifications in viewtopic (Bug #28025)</li>
+		<li>[Fix] corrected link for searching post author's other posts (Bug #26455)</li>
+		<li>[Fix] HTTP Authentication supports UTF-8 usernames now (Bug #21135)</li>
+		<li>[Fix] Topic searches by author no longer return invalid results (Bug #11777)</li>
+		<li>[Change] Don't allow redirects to different domains. (thanks nookieman)</li>
+		<li>[Fix] Delete drafts and bookmarks when deleting an user. (#27585, thanks Schumi for the fix)</li>
+		<li>[Fix] Set last_post_subject for new topics. (#23945)</li>
+		<li>[Fix] Allow moving posts to invisible forums. (#27325)</li>
+		<li>[Fix] Don't allow promoting unapproved group members (#16124)</li>
+		<li>[Fix] Correctly fetch server name if using non-standard port (#27395)</li>
+		<li>[Fix] Regular expression for email matching in posts will no longer die on long words.</li>
+		<li>[Sec] Only allow urls gone through redirect() being used within login_box(). (thanks nookieman)</li>
+	</ul>
+
+	<a name="v300"></a><h3>1.ii. Changes since 3.0.0</h3>
+
+	<ul>
+		<li>[Change] Validate birthdays (Bug #15004)</li>
+		<li>[Fix] Allow correct avatar caching for CGI installations. (thanks wildbill)</li>
+		<li>[Fix] Fix disabling of word censor, now possible again</li>
+		<li>[Fix] Allow single quotes in db password to be stored within config.php in installer</li>
+		<li>[Fix] Correctly quote db password for re-display in installer (Bug #16695 / thanks to m313 for reporting too - #s17235)</li>
+		<li>[Fix] Correctly handle empty imageset entries (Bug #16865)</li>
+		<li>[Fix] Correctly check empty subjects/messages (Bug #17915)</li>
+		<li>[Change] Do not check usernames against word censor list. Disallowed usernames is already checked and word censor belong to posts. (Bug #17745)</li>
+		<li>[Fix] Additionally include non-postable forums for moderators forums shown within the teams list. (Bug #17265)</li>
+		<li>[Change] Sped up viewforum considerably (also goes towards mcp_forum)</li>
+		<li>[Fix] Do not split topic list for topics being promoted to announcements after been moved to another forum (Bug #18635)</li>
+		<li>[Fix] Allow editing usernames within database_update on username cleanup (Bug #18415)</li>
+		<li>[Fix] Fixing wrong sync() calls if moving all posts by a member in ACP (Bug #18385)</li>
+		<li>[Fix] Check entered imagemagick path for trailing slash (Bug #18205)</li>
+		<li>[Fix] Use proper title on index for new/unread posts (Bug #13101) - patch provided by Pyramide</li>
+		<li>[Fix] Allow calls to $user-&gt;set_cookie() define no cookie time for setting session cookies (Bug #18025)</li>
+		<li>[Fix] Stricter checks on smilie packs (Bug #19675)</li>
+		<li>[Fix] Gracefully return from cancelling pm drafts (Bug #19675)</li>
+		<li>[Fix] Possible login problems with IE7 if browser check is activated (Bug #20135)</li>
+		<li>[Fix] Fix possible database transaction errors if code returns on error and rollback happened (Bug #17025)</li>
+		<li>[Change] Allow numbers in permission names for modifications, as well as uppercase letters for the request_ part (Bug #20125)</li>
+		<li>[Fix] Use HTTP_HOST in favor of SERVER_NAME for determining server url for redirection and installation (Bug #19955)</li>
+		<li>[Fix] Removing s_watching_img from watch_topic_forum() function (Bug #20445)</li>
+		<li>[Fix] Changing order for post review if more than one post affected (Bug #15249)</li>
+		<li>[Fix] Language typos/fixes (Bug #20425, #15719, #15429, #14669, #13479, #20795, #21095, #21405, #21715, #21725, #21755, #21865, #15689)</li>
+		<li>[Fix] Style/Template fixes (Bug #20065, #19405, #19205, #15028, #14934, #14821, #14752, #14497, #13707, #14738, #19725)</li>
+		<li>[Fix] Tiny code fixes (Bug #20165, #20025, #19795, #14804)</li>
+		<li>[Fix] Prepend phpbb_root_path to ranks path for displaying ranks (Bug #19075)</li>
+		<li>[Fix] Allow forum notifications if topic notifications are disabled but forum notifications enabled (Bug #14765)</li>
+		<li>[Fix] Fixing realpath issues for provider returning the passed value instead of disabling it. This fixes issues with confirm boxes for those hosted on Network Solutions for example. (Bug #20435)</li>
+		<li>[Fix] Try to sort last active date on memberlist correctly at least on current page (Bug #18665)</li>
+		<li>[Fix] Handle generation of form tokens when maximum time is set to -1</li>
+		<li>[Fix] Correctly delete unapproved posts without deleting the topic (Bug #15120)</li>
+		<li>[Fix] Respect signature permissions in posting (Bug #16029)</li>
+		<li>[Fix] Users allowed to resign only from open and freely open groups (Bug #19355)</li>
+		<li>[Fix] Assign a last viewed date to converted topics (Bug #16565)</li>
+		<li>[Fix] Many minor and/or cosmetic fixes (Including, but not limited to: #21315, #18575, #18435, #21215)</li>
+		<li>[Feature] New option to hide the entire list of subforums on listforums</li>
+		<li>[Fix] Custom BBCode {EMAIL}-Token usage (Bug #21155)</li>
+		<li>[Fix] Do not rely on parameter returned by unlink() for verifying cache directory write permission (Bug #19565)</li>
+		<li>[Change] Use correct string for filesize (MiB instead of MB for example)</li>
+		<li>[Change] Remove left join for query used to retrieve already assigned users and groups within permission panel (Bug #20235)</li>
+		<li>[Fix] Correctly return sole whitespaces if used with BBCodes (Bug #19535)</li>
+		<li>[Fix] Quote bbcode parsing adding too much closing tags on special conditions (Bug #20735)</li>
+		<li>[Change] Added sanity checks to various ACP settings</li>
+		<li>[Change] Removed minimum form times</li>
+		<li>[Fix] Check topics_per_page value in acp_forums (Bug #15539)</li>
+		<li>[Fix] Custom profile fields with date type should be timezone independend (Bug #15003)</li>
+		<li>[Fix] Fixing some XHTML errors/warnings within the ACP (Bug #22875)</li>
+		<li>[Fix] Warnings if poll title/options exceed maximum characters per post (Bug #22865)</li>
+		<li>[Fix] Do not allow selecting non-authorized groups within memberlist by adjusting URL (Bug #22805 - patch provided by ToonArmy)</li>
+		<li>[Fix] Correctly specify &quot;close report action&quot; (Bug #22685)</li>
+		<li>[Fix] Display &quot;empty password error&quot; within the login box instead of issuing a general error (Bug #22525)</li>
+		<li>[Fix] Clean up who is online code in page_header (Bug #22715, thanks HighwayofLife)</li>
+		<li>[Fix] Pertain select single link on memberlist (Bug #23235 - patch provided by Schumi)</li>
+		<li>[Fix] Allow &amp; and | in local part of email addresses (Bug #22995)</li>
+		<li>[Fix] Do not error out if php_uname function disabled / Authenticating on SMTP Server (Bug #22235 - patch by HoL)</li>
+		<li>[Fix] Correctly obtain to be ignored users within topic/forum notification (Bug #21795 - patch provided by dr.death)</li>
+		<li>[Fix] Correctly update board statistics for attaching orphaned files to existing posts (Bug #20185)</li>
+		<li>[Fix] Do not detect the board URL as a link twice in posts (Bug #19215)</li>
+		<li>[Fix] Set correct error reporting in style.php to avoid blank pages after CSS changes (Bug #23885)</li>
+		<li>[Fix] If pruning users based on last activity, do not include users never logged in before (Bug #18105)</li>
+		<li>[Sec] Only allow searching by email address in memberlist for users having the a_user permission (reported by evil&lt;3)</li>
+		<li>[Sec] Limit private message attachments to be viewable only by the recipient(s)/sender (Report #s23535) - reported by AlleyKat</li>
+		<li>[Sec] Check for non-empty config.php within style.php (Report #s24575) - reported by bantu</li>
+		<li>[Fix] Find and display colliding usernames correctly when converting from one database to another (Bug #23925)</li>
+	</ul>
+
+	<a name="v30rc8"></a><h3>1.iii. Changes since 3.0.RC8</h3>
+
+	<ul>
+		<li>[Fix] Cleaned usernames contain only single spaces, so &quot;a_name&quot; and &quot;a__name&quot; are treated as the same name (Bug #15634)</li>
+		<li>[Fix] Check &quot;able to disable word censor&quot; option while applying word censor on text (Bug #15974)</li>
+		<li>[Fix] Rollback changes on failed transaction if returning on sql error is set</li>
+		<li>[Fix] Call garbage_collection() within database updater to correctly close connections (affects Oracle for example)</li>
+	</ul>
+
+	<a name="v30rc7"></a><h3>1.iv. Changes since 3.0.RC7</h3>
+
+	<ul>
+		<li>[Fix] Fixed MSSQL related bug in the update system</li>
+		<li>[Fix] Display &quot;Return to&quot; links on unwritable forums (Bug #14824)</li>
+		<li>[Fix] Mitigating different realpath() handling between PHP versions (fixing confirm box redirects)</li>
+		<li>[Fix] Fix signature editing - ability to remove signature (Bug #14820)</li>
+		<li>[Fix] Send correct activation key by forcing reactivation for inactive user (Bug #14819)</li>
+		<li>[Fix] Adding correct IP for private messages sent by issuing warnings (Bug #14781)</li>
+		<li>[Fix] Open private message notification (Bug #14773)</li>
+		<li>[Fix] Fixing false new private message indicator (Bug #14627)</li>
+		<li>[Fix] Let newly activated passwords work if users were converted (Bug #14787)</li>
+		<li>[Fix] Quote bbcode fixes. Letting parse quote=&quot;[&quot; and re-allowing whitelisted bbcodes within username portion (Bug #14770)</li>
+		<li>[Fix] Allow alternative text for styled buttons if images turned off, but CSS staying on</li>
+		<li>[Sec] Fix bbcode helpline display for custom bbcodes - this requires style changes for any custom style (Bug #14850)</li>
+		<li>[Fix] Correctly count announcements when filtering forums by date (Bug #14877)</li>
+		<li>[Fix] Allow charset names containing underscores or spaces</li>
+		<li>[Fix] Don't allow previous/next links for non-existing topics (Bug #15039)</li>
+		<li>[Change] Do not assign converted votes to the first option in a vote.</li>
+		<li>[Fix] Use correct RFC 2822 date format in emails (Bug #15042)</li>
+		<li>[Fix] Require founder status for some actions on founder-only groups (Bug #15119)</li>
+		<li>[Fix] Allow changing the &quot;now&quot; option of date CPFs (Bug #15111)</li>
+		<li>[Change] Some improvements to the caching of avatars</li>
+		<li>[Change] Set template recompilation to be disabled by default. All mod and style authors and all those who want to modify their styles should enabled it after installation.</li>
+		<li>[Change] Disable debug mode. All mod and style authors should enable DEBUG and DEBUG_EXTRA.</li>
+		<li>[Fix] Check error reporting level for all error level. This fixes a problem for hosts having manipulated the error handler. (Bug #14831)</li>
+		<li>[Feature] Constant PHPBB_DB_NEW_LINK introduced which can be used to force phpBB to create a new database connection instead of reusing an existing one if the dbms supports it (Bug #14927)</li>
+		<li>[Fix] Automatic URL parsing no longer allows dots in the schema but can parse URLs starting after a dot (Bug #15110)</li>
+		<li>[Fix] Dynamic width for birthday select boxes (Bug #15149)</li>
+		<li>[Fix] Recache Moderators when copying permissions. (Bug #15384)</li>
+		<li>[Fix] Propagate sort options in mcp_forums (Bug #15464)</li>
+		<li>[Change] Do not allow [size=0] bbcodes (font-size of 0)</li>
+		<li>[Fix] No duplication of active topics (Bug #15474)</li>
+	</ul>
+
+	<a name="v30rc6"></a><h3>1.v. Changes since 3.0.RC6</h3>
+
+	<ul>
+		<li>[Fix] Submitting language changes using acp_language (Bug #14736)</li>
+		<li>[Fix] Fixed wrong bbcode handling for forum rules, forum descriptions and group descriptions</li>
+		<li>[Fix] Fixed faulty form tokens (Bug #14725, #14762 and #14755)</li>
+		<li>[Fix] Fixed bbcode uid generation in the phpBB2 converter (Bug #14722)</li>
+		<li>[Fix] Able to request new password (Bug #14743)</li>
+	</ul>
+
+	<a name="v30rc5"></a><h3>1.vi. Changes since 3.0.RC5</h3>
 
 	<ul>
 		<li>[Feature] Removing constant PHPBB_EMBEDDED in favor of using an exit_handler(); the constant was meant to achive this more or less.</li>
@@ -99,10 +271,10 @@
 		<li>[Feature] Added /includes/db/db_tools.php file, which includes tools for handling cross-db actions such as altering columns, etc.</li>
 		<li>[Change] Reset the start parameter when the timeframe is changed in the mcp topic page (Ticket #14438)</li>
 		<li>[Change] Added Code for cleaning the confirm table to the session garbage collection</li>
-		<li>[Fix] Fixed token handling in jabber class for extremely spec-compilant XMPP server (Bug #14445)</li>
+		<li>[Fix] Fixed token handling in jabber class for extremely spec-compliant XMPP server (Bug #14445)</li>
 		<li>[Fix] Disallowed galleries from using special characters (Bug #14466)</li>
 		<li>[Change] Listing the board url within the email text instead of appending it to the subject (Bug #14378)</li>
-		<li>[Fix] Always display the quote button as the most accessible one - edit is always before quote (Bug #14403)</li>
+		<li>[Fix] Always display the quote button as the most accessible one (this means edit is before quote in prosilver due to the way we lay out profiles)</li>
 		<li>[Fix] Use correct dimension (width x height) in ACP (Bug #14452)</li>
 		<li>[Fix] Only display PM history links if there are PM's to be displayed (Bug #14484)</li>
 		<li>[Feature] Added completely new hook system to allow better application/mod integration - see docs/hook_system.html</li>
@@ -140,7 +312,7 @@
 		<li>[Sec] New password hashing mechanism for storing passwords (#i42)</li>
 	</ul>
 
-	<a name="v30rc4"></a><h3>1.ii. Changes since 3.0.RC4</h3>
+	<a name="v30rc4"></a><h3>1.vii. Changes since 3.0.RC4</h3>
 
 	<ul>
 		<li>[Fix] MySQL, PostgreSQL and SQLite related database fixes (Bug #13862)</li>
@@ -191,7 +363,7 @@
 		<li>[Fix] odbc_autocommit causing existing result sets to be dropped (Bug #14182)</li>
 	</ul>
 
-	<a name="v30rc3"></a><h3>1.iii. Changes since 3.0.RC3</h3>
+	<a name="v30rc3"></a><h3>1.viii. Changes since 3.0.RC3</h3>
 
 	<ul>
 		<li>[Fix] Fixing some subsilver2 and prosilver style issues</li>
@@ -300,7 +472,7 @@
 
 	</ul>
 
-	<a name="v30rc2"></a><h3>1.iv. Changes since 3.0.RC2</h3>
+	<a name="v30rc2"></a><h3>1.ix. Changes since 3.0.RC2</h3>
 
 	<ul>
 		<li>[Fix] Re-allow searching within the memberlist</li>
@@ -342,11 +514,11 @@
 		<li>[Fix] Some jabber related bugs (Bug #12989, #11805, #11809)</li>
 		<li>[Fix] Added UTF-8 support for banning via the MCP (Bug #13013)</li>
 		<li>[Fix] Properly detect the script name in session::extract_current_page() if PHP_SELF is not defined (Bug #12705) - patch provided by ToonArmy</li>
-		<li>[Fix] Show role mask for global permission class under Permissions->Permission Roles (Bug #13057)</li>
+		<li>[Fix] Show role mask for global permission class under Permissions-&gt;Permission Roles (Bug #13057)</li>
 
 	</ul>
 
-	<a name="v30rc1"></a><h3>1.v. Changes since 3.0.RC1</h3>
+	<a name="v30rc1"></a><h3>1.x. Changes since 3.0.RC1</h3>
 
 	<ul>
 		<li>[Fix] (X)HTML issues within the templates (Bug #11255, #11255)</li>

phpBB/docs/INSTALL.html

@@ -261,7 +261,7 @@
 
 <a name="update_full"></a><h3>4.i. Full package</h3>
 
-	<p>The full package is normally meant for new installations, but if you want to replace all source files this package comes in handy.</p>
+	<p>The full package is normally meant for new installations only, but if you want to replace all source files this package comes in handy.</p>
 
 	<p>First you should make a copy of your existing <em>config.php</em> file, keep it in a safe place! Next delete all the existing phpBB3 files, you may want to leave your <code>files/</code> and <code>images/</code> directory in place. You can leave alternative styles in-place too. With this complete you can upload the new phpBB3 files (see <a href="#install">New installation</a> for details if necessary). Once complete copy back your saved <em>config.php</em>, replacing the new one. Another method is to just <strong>replace</strong> the existing files with the files from the full package - though make sure you do <strong>not</strong> overwrite your config.php file.</p>
 
@@ -271,7 +271,9 @@
 
 <a name="update_files"></a><h3>4.ii. Changed files only</h3>
 
-	<p>This package contains a number of archives, each contains the files changed from a given release to the latest version. You should select the appropriate archive for your current version, e.g. if you currently have <samp>3.0.0</samp> you should select the phpBB-3.0.0_to_3.0.1.zip/tar.gz file.</p>
+	<p>This package is meant for those wanting to only replace changed files from a previous version to the latest version. This package normally contains the changed files from up to five previous versions.</p>
+
+	<p>This package contains a number of archives, each contains the files changed from a given release to the latest version. You should select the appropriate archive for your current version, e.g. if you currently have <samp>3.0.1</samp> you should select the phpBB-3.0.1_to_3.0.2.zip/tar.gz file.</p>
 
 	<p>The directory structure has been preserved enabling you (if you wish) to simply upload the contents of the archive to the appropriate location on your server, i.e. simply overwrite the existing files with the new versions. Do not forget that if you have installed any MODs these files will overwrite the originals possibly destroying them in the process. You will need to re-add MODs to any affected file before uploading.</p>
 
@@ -279,9 +281,11 @@
 
 <a name="update_patch"></a><h3>4.iii. Patch file</h3>
 
-	<p>The patch file is probably the best solution for those with many Modifications (MODs) or other changes who do not want to re-add them back to all the changed files. To use this you will need command line access to a standard UNIX type <strong>patch</strong> application. If you do not have access to such an application but still want to use this update approach we recommend the <a href="update_auto">Automatic update package</a> explained below.</p>
+	<p>The patch file package is for those wanting to update through the patch application, and being comfortable with it.</p>
 
-	<p>A number of patch files are provided to allow you to update from previous stable releases. Select the correct patch, e.g. if your current version is 3.0.0 you need the phpBB-3.0.0_to_3.0.1.patch file. Place the correct patch in the parent directory containing the phpBB3 core files (i.e. index.php, viewforum.php, etc.). With this done you should run the following command: <strong>patch -cl -d [PHPBB DIRECTORY] -p1 &lt; [PATCH NAME]</strong> (where PHPBB DIRECTORY is the directory name your phpBB Installation resides in, for example phpBB3, and where PATCH NAME is the relevant filename of the selected patch file). This should complete quickly, hopefully without any HUNK FAILED comments.</p>
+	<p>The patch file is one solution for those with many Modifications (MODs) or other changes who do not want to re-add them back to all the changed files if they use the method explained above. To use this you will need command line access to a standard UNIX type <strong>patch</strong> application. If you do not have access to such an application but still want to use this update approach, we strongly recommend the <a href="#update_auto">Automatic update package</a> explained below. It is also the preferred update method.</p>
+
+	<p>A number of patch files are provided to allow you to update from previous stable releases. Select the correct patch, e.g. if your current version is 3.0.1 you need the phpBB-3.0.1_to_3.0.1.patch file. Place the correct patch in the parent directory containing the phpBB3 core files (i.e. index.php, viewforum.php, etc.). With this done you should run the following command: <strong>patch -cl -d [PHPBB DIRECTORY] -p1 &lt; [PATCH NAME]</strong> (where PHPBB DIRECTORY is the directory name your phpBB Installation resides in, for example phpBB3, and where PATCH NAME is the relevant filename of the selected patch file). This should complete quickly, hopefully without any HUNK FAILED comments.</p>
 
 	<p>If you do get failures you should look at using the <a href="#update_files">Changed files only</a> package to replace the files which failed to patch, please note that you will need to manually re-add any Modifications (MODs) to these particular files. Alternatively if you know how you can examine the .rej files to determine what failed where and make manual adjustments to the relevant source.</p>
 
@@ -289,12 +293,14 @@
 
 <a name="update_auto"></a><h3>4.iv. Automatic update package</h3>
 
+	<p>This update method is the preferred method for updating. This package allows detecting changed files automatically and merges changes if needed.</p>
+
 	<p>The automatic update package is holding - contrary to the others - only the update informations for updating the last released version to the latest available version. These package is meant for use with the automatic update tool.</p>
 
-	<p>To perform the update, either follow the instructions from the <code>Administration Control Panel -&gt; System</code> Tab - this should point out that you are running an outdated version and will guide you through the update - or following the instructions listed below.</p>
+	<p>To perform the update, either follow the instructions from the <code>Administration Control Panel-&gt;System</code> Tab - this should point out that you are running an outdated version and will guide you through the update - or follow the instructions listed below.</p>
 
 	<ul>
-		<li>Go to the <a href="http://www.phpbb.com/downloads/">downloads page</a> and download the latest update package listed there.</li>
+		<li>Go to the <a href="http://www.phpbb.com/downloads/">downloads page</a> and download the latest update package listed there, matching your current version.</li>
 		<li>Upload the archives contents to your phpBB installation - only the install folder is required. Upload the whole install folder, retaining the file structure.</li>
 		<li>After the install folder is present, phpBB3 will go offline automatically.</li>
 		<li>Point your browser to the install directory, for example <samp>http://www.example.com/phpBB3/install/</samp></li>
@@ -363,7 +369,7 @@
 
 	<p><strong>Password conversion</strong> Due to the utf-8 based handling of passwords in phpBB3, it is not always possible to transfer all passwords. For passwords "lost in translation" the easiest workaround is to use the "forgotten password" function.</p>
 
-	<p><strong>Path to your former board</strong> The converter expects the relative path to your old board's files. So, -for instance - if the new board is located at <code>http://www.yourdomain.com/forum</code> and the phpBB3 is located at <code>http://www.yourdomain.com/phpBB3</code>, then the correct value would be <code>../forum</code>. Note that the webserver user must be able to access the source installation's files.</p>
+	<p><strong>Path to your former board</strong> The converter expects the relative path to your old board's files. So, - for instance - if the old board is located at <code>http://www.yourdomain.com/forum</code> and the phpBB3 installation is located at <code>http://www.yourdomain.com/phpBB3</code>, then the correct value would be <code>../forum</code>. Note that the webserver user must be able to access the source installation's files.</p>
 
 	<p><strong>Missing images</strong> If your default board language's language pack does not include all images, then some images might be missing in your installation. Always use a complete language pack as default language.</p> 
 

phpBB/docs/README.html

@@ -105,9 +105,9 @@
 	<p>We give support for the following installation types:</p>
 
 	<ul>
-		<li>Updates from phpBB3 RC1 to any higher version</li>
-		<li>Conversions from phpBB 2.0.x to phpBB3 RC1 and higher</li>
-		<li>New installations of phpBB3 RC1 and higher</li>
+		<li>Updates from phpBB3 RC1 to the latest version</li>
+		<li>Conversions from phpBB 2.0.x to the latest version</li>
+		<li>New installations of phpBB3 - always only the latest released version</li>
 	</ul>
 
 		</div>
@@ -136,9 +136,9 @@
 
 	<p>This is the <em>official</em> location for all supported language sets. If you download a package from a 3rd party site you do so with the understanding that we cannot offer support. So please, do not ask for help in these cases!</p>
 
-	<p>Installation of these packages is straightforward, simply download the required language pack and unarchive it into the <samp>languages/</samp> folder. Please ensure you retain the directory structure when doing this! Once uploaded go to the <code>Admin-&gt;System-&gt;Language Packs</code> and install the now appeared new language pack. To install the style image packs you should unarchive the file/s into the styles/subsilver2/imageset directory, again you must retain the directory structure. Once installed the languages will become immediately available.</p>
+	<p>Installation of these packages is straightforward, simply download the required language pack and unarchive it into the <samp>languages/</samp> folder. Please ensure you retain the directory structure when doing this! Once uploaded go to the <code>Admin-&gt;System-&gt;Language Packs</code> and install the now appeared new language pack. To install the style imageset you should download the imageset for your language and unarchive the file/s into the relevant imageset directory (styles/prosilver/imageset or styles/subsilver2/imageset), again you must retain the directory structure. Once installed the imageset will become immediately available.</p>
 
-	<p>If your language is not available please visit our forums where you will find a topic listing translations currently available or in preparation. This topic also gives you information should you wish to volunteer to translate a language not currently listed</p>
+	<p>If your language is not available please visit our forums where you will find a topic listing translations currently available or in preparation. This topic also gives you information should you wish to volunteer to translate a language not currently listed.</p>
 
 	<a name="styles"></a><h3>2.ii. Styles</h3>
 
@@ -150,6 +150,8 @@
 
 	<p>Once you have downloaded a style the usual next step is to unarchive (or upload the unarchived contents of) the package into your <samp>styles/</samp> directory. You then need to visit <code>Administration -&gt; Styles</code>, you should see the new style available, click install and it will become available for all your users.</p>
 
+	<p><strong>Please note</strong> that if you create your own style or modify existing ones, please remember to enable the &quot;Recompile stale style components&quot; setting within the <code>Admin-&gt;General-&gt;Load Settings</code> screen. This setting allows the cache to detect changes made to the style and automatically refresh it. If this setting is disabled, you will not see your changes taking effect.</p>
+
 	<a name="mods"></a><h3>2.iii. Modifications</h3>
 
 	<p>Although not officially supported by phpBB Group, phpBB has a thriving modification scene. These third party modifications to the standard phpBB extend its capabilities still further and can be found at:</p>
@@ -292,7 +294,7 @@
 	<ul>
 		<li>Conversions may fail to complete on large boards under some hosts</li>
 		<li>Updates may fail to complete on large update sets under some hosts</li>
-		<li>URL redirects are not working correctly under PHP 5.2.4 and certain conditions due to a bug within this PHP version</li>
+		<li>Smilies placed directly after bbcode tags will not get parsed. Smilies always need to be separated by spaces.</li>
 	</ul>
 
 		</div>

phpBB/docs/coding-guidelines.html

@@ -110,7 +110,7 @@
 	<p>If entered with tabs (replace the {TAB}) both equal signs need to be on the same column.</p>
 
 	<h3>Linefeeds:</h3>
-	<p>Ensure that your editor is saving files in the UNIX format. This means lines are terminated with a newline, not with a CR/LF combo as they are on Win32, or whatever the Mac uses. Any decent editor should be able to do this, but it might not always be the default. Know your editor. If you want advice on Windows text editors, just ask one of the developers. Some of them do their editing on Win32.</p>
+	<p>Ensure that your editor is saving files in the UNIX (LF) line ending format. This means that lines are terminated with a newline, not with Windows Line endings (CR/LF combo) as they are on Win32 or Classic Mac (CR) Line endings. Any decent editor should be able to do this, but it might not always be the default setting. Know your editor. If you want advice for an editor for your Operating System, just ask one of the developers. Some of them do their editing on Win32.
 
 	<a name="fileheader"></a><h3>1.ii. File Header</h3>
 
@@ -184,7 +184,7 @@ class ...
 		<li><strong>acp</strong><br /><code>/adm</code>, <code>/includes/acp</code>, <code>/includes/functions_admin.php</code><br />Administration Control Panel</li>
 		<li><strong>dbal</strong><br /><code>/includes/db</code><br />Database Abstraction Layer.<br />Base class is <code>dbal</code>
 			<ul>
-				<li><code>/includes/db/dbal.php</code><br />Base DBAL class, defining the overall framework as well as common detominators</li>
+				<li><code>/includes/db/dbal.php</code><br />Base DBAL class, defining the overall framework</li>
 				<li><code>/includes/db/firebird.php</code><br />Firebird/Interbase Database Abstraction Layer</li>
 				<li><code>/includes/db/msssql.php</code><br />MSSQL Database Abstraction Layer</li>
 				<li><code>/includes/db/mssql_odbc.php</code><br />MSSQL ODBC Database Abstraction Layer for MSSQL</li>
@@ -955,6 +955,10 @@ append_sid(&quot;{$phpbb_root_path}memberlist.$phpEx&quot;, 'mode=group&amp;amp;
 		</li>
 	</ul>
 
+	<h4>Exiting</h4>
+
+	<p>Your page should either call <code>page_footer()</code> in the end to trigger output through the template engine and terminate the script, or alternatively at least call the <code>exit_handler()</code>. That call is necessary because it provides a method for external applications embedding phpBB to be called at the end of the script.</p>
+
 		</div>
 
 		<div class="back2top"><a href="#wrap" class="top">Back to Top</a></div>
@@ -1055,7 +1059,7 @@ append_sid(&quot;{$phpbb_root_path}memberlist.$phpEx&quot;, 'mode=group&amp;amp;
 <span class="comment">&lt;!-- END loopname --&gt;</span>
 </pre></div>
 
-<p>A bit later loops will be explained further. To not irretate you we will explain conditionals as well as other statements first.</p>
+<p>A bit later loops will be explained further. To not irritate you we will explain conditionals as well as other statements first.</p>
 
 <h4>Including files</h4>
 <p>Something that existed in 2.0.x which no longer exists in 3.0.x is the ability to assign a template to a variable. This was used (for example) to output the jumpbox. Instead (perhaps better, perhaps not but certainly more flexible) we now have INCLUDE. This takes the simple form:</p>
@@ -1421,8 +1425,8 @@ div
 	&lt;fieldset class="submit-buttons"&gt;
 		&lt;input type=&quot;reset&quot; value=&quot;{L_RESET}&quot; name=&quot;reset&quot; class=&quot;button2&quot; /&gt&nbsp;
 		&lt;input type=&quot;submit&quot; name=&quot;action[add_warning]&quot; value=&quot;{L_SUBMIT}&quot; class=&quot;button1&quot; /&gt
+		{S_FORM_TOKEN}
 	&lt;/fieldset&gt
-	{S_FORM_TOKEN}
 &lt;/form&gt
 		</pre></div><br />
 		</div>
@@ -1446,7 +1450,7 @@ div
 
 
 <h4>What are Unicode, UCS and UTF-8?</h4>
-<p>The <a href="http://en.wikipedia.org/wiki/Universal_Character_Set">Universal Character Set (UCS)</a> described in ISO/IEC 10646 consists of a large amount of characters. Each of them has a unique name and a code point which is an integer number. <a href="http://en.wikipedia.org/wiki/Unicode">Unicode</a> - which is an industry standard - complements the Universal Character Set with further information about the characters' properties and alternative character encodings. More information on Unicode can be found on the <a href="http://www.unicode.org/">Unicode Consortium's website</a>. One of the Unicode encodings is the <a href="http://en.wikipedia.org/wiki/UTF-8">8-bit Unicode Transformation Format (UTF-8)</a>. It encodes characters with up to four bytes aiming for maximum compatability with the <a href="http://en.wikipedia.org/wiki/ASCII">American Standard Code for Information Interchange</a> which is a 7-bit encoding of a relatively small subset of the UCS.</p>
+<p>The <a href="http://en.wikipedia.org/wiki/Universal_Character_Set">Universal Character Set (UCS)</a> described in ISO/IEC 10646 consists of a large amount of characters. Each of them has a unique name and a code point which is an integer number. <a href="http://en.wikipedia.org/wiki/Unicode">Unicode</a> - which is an industry standard - complements the Universal Character Set with further information about the characters' properties and alternative character encodings. More information on Unicode can be found on the <a href="http://www.unicode.org/">Unicode Consortium's website</a>. One of the Unicode encodings is the <a href="http://en.wikipedia.org/wiki/UTF-8">8-bit Unicode Transformation Format (UTF-8)</a>. It encodes characters with up to four bytes aiming for maximum compatibility with the <a href="http://en.wikipedia.org/wiki/ASCII">American Standard Code for Information Interchange</a> which is a 7-bit encoding of a relatively small subset of the UCS.</p>
 
 <h4>phpBB's use of Unicode</h4>
 <p>Unfortunately PHP does not faciliate the use of Unicode prior to version 6. Most functions simply treat strings as sequences of bytes assuming that each character takes up exactly one byte. This behaviour still allows for storing UTF-8 encoded text in PHP strings but many operations on strings have unexpected results. To circumvent this problem we have created some alternative functions to PHP's native string operations which use code points instead of bytes. These functions can be found in <code>/includes/utf/utf_tools.php</code>. They are also covered in the <a href="http://area51.phpbb.com/docs/code/">phpBB3 Sourcecode Documentation</a>. A lot of native PHP functions still work with UTF-8 as long as you stick to certain restrictions. For example <code>explode</code> still works as long as the first and the last character of the delimiter string are ASCII characters.</p>

phpBB/docs/hook_system.html

@@ -14,7 +14,7 @@
 <title>phpBB3 &bull; Hook System</title>
 
 <style type="text/css">
-<!--
+/* <![CDATA[ */
 
 /*
 	The original "prosilver" theme for phpBB3
@@ -309,7 +309,7 @@ a:active	{ color: #368AD2; }
 	margin-left: 25px;
 }
 
-//-->
+/* ]]> */
 </style>
 
 </head>
@@ -384,6 +384,7 @@ a:active	{ color: #368AD2; }
 
 <div class="codebox"><pre>
 PHPBB_MSG_HANDLER (overwrite message handler)
+PHPBB_DB_NEW_LINK (overwrite new_link parameter for sql_connect)
 PHPBB_ROOT_PATH   (overwrite $phpbb_root_path)
 PHPBB_ADMIN_PATH  (overwrite $phpbb_admin_path)
 </pre></div>

phpBB/download/file.php

@@ -18,6 +18,12 @@ $phpEx = substr(strrchr(__FILE__, '.'), 1);
 if (isset($_GET['avatar']))
 {
 	require($phpbb_root_path . 'config.' . $phpEx);
+
+	if (!defined('PHPBB_INSTALLED') || empty($dbms) || empty($acm_type))
+	{
+		exit;
+	}
+
 	require($phpbb_root_path . 'includes/acm/acm_' . $acm_type . '.' . $phpEx);
 	require($phpbb_root_path . 'includes/cache.' . $phpEx);
 	require($phpbb_root_path . 'includes/db/' . $dbms . '.' . $phpEx);
@@ -33,6 +39,9 @@ if (isset($_GET['avatar']))
 	}
 	unset($dbpasswd);
 
+	// worst-case default
+	$browser = (!empty($_SERVER['HTTP_USER_AGENT'])) ? htmlspecialchars((string) $_SERVER['HTTP_USER_AGENT']) : 'msie 6.0';
+
 	$config = $cache->obtain_config();
 	$filename = $_GET['avatar'];
 	$avatar_group = false;
@@ -41,11 +50,11 @@ if (isset($_GET['avatar']))
 		$avatar_group = true;
 		$filename = substr($filename, 1);
 	}
-	
+
 	// '==' is not a bug - . as the first char is as bad as no dot at all
 	if (strpos($filename, '.') == false)
 	{
-		header('HTTP/1.0 403 forbidden');
+		header('HTTP/1.0 403 Forbidden');
 		if (!empty($cache))
 		{
 			$cache->unload();
@@ -55,12 +64,38 @@ if (isset($_GET['avatar']))
 	}
 
 	$ext		= substr(strrchr($filename, '.'), 1);
-	$filename	= intval($filename);
-	
+	$stamp		= (int) substr(stristr($filename, '_'), 1);
+	$filename	= (int) $filename;
+
+	// let's see if we have to send the file at all
+	$last_load 	=  isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) ? strtotime(trim($_SERVER['HTTP_IF_MODIFIED_SINCE'])) : false;
+	if (strpos(strtolower($browser), 'msie 6.0') === false)
+	{
+		if ($last_load !== false && $last_load <= $stamp)
+		{
+			if (@php_sapi_name() === 'CGI')
+			{
+				header('Status: 304 Not Modified', true, 304);
+			}
+			else
+			{
+				header('HTTP/1.0 304 Not Modified', true, 304);
+			}
+			// seems that we need those too ... browsers
+			header('Pragma: public');
+			header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', time() + 31536000));
+			exit();
+		}
+		else
+		{
+			header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $stamp) . ' GMT');
+		}
+	}
+
 	if (!in_array($ext, array('png', 'gif', 'jpg', 'jpeg')))
 	{
 		// no way such an avatar could exist. They are not following the rules, stop the show.
-		header("HTTP/1.0 403 forbidden");
+		header("HTTP/1.0 403 Forbidden");
 		if (!empty($cache))
 		{
 			$cache->unload();
@@ -72,7 +107,7 @@ if (isset($_GET['avatar']))
 	if (!$filename)
 	{
 		// no way such an avatar could exist. They are not following the rules, stop the show.
-		header("HTTP/1.0 403 forbidden");
+		header("HTTP/1.0 403 Forbidden");
 		if (!empty($cache))
 		{
 			$cache->unload();
@@ -81,7 +116,7 @@ if (isset($_GET['avatar']))
 		exit;
 	}
 
-	send_avatar_to_browser(($avatar_group ? 'g' : '') . $filename . '.' . $ext);
+	send_avatar_to_browser(($avatar_group ? 'g' : '') . $filename . '.' . $ext, $browser);
 
 	if (!empty($cache))
 	{
@@ -179,8 +214,32 @@ else
 		$row['forum_id'] = false;
 		if (!$auth->acl_get('u_pm_download'))
 		{
+			header('HTTP/1.0 403 Forbidden');
 			trigger_error('SORRY_AUTH_VIEW_ATTACH');
 		}
+
+		// Check if the attachment is within the users scope...
+		$sql = 'SELECT user_id, author_id
+			FROM ' . PRIVMSGS_TO_TABLE . '
+			WHERE msg_id = ' . $attachment['post_msg_id'];
+		$result = $db->sql_query($sql);
+
+		$allowed = false;
+		while ($user_row = $db->sql_fetchrow($result))
+		{
+			if ($user->data['user_id'] == $user_row['user_id'] || $user->data['user_id'] == $user_row['author_id'])
+			{
+				$allowed = true;
+				break;
+			}
+		}
+		$db->sql_freeresult($result);
+
+		if (!$allowed)
+		{
+			header('HTTP/1.0 403 Forbidden');
+			trigger_error('ERROR_NO_ATTACHMENT');
+		}
 	}
 
 	// disallowed?
@@ -193,6 +252,7 @@ else
 
 if (!download_allowed())
 {
+	header('HTTP/1.0 403 Forbidden');
 	trigger_error($user->lang['LINKAGE_FORBIDDEN']);
 }
 
@@ -239,7 +299,7 @@ else if (($display_cat == ATTACHMENT_CATEGORY_NONE || $display_cat == ATTACHMENT
 
 if ($display_cat == ATTACHMENT_CATEGORY_IMAGE && $mode === 'view' && (strpos($attachment['mimetype'], 'image') === 0) && strpos(strtolower($user->browser), 'msie') !== false)
 {
-	wrap_img_in_html(append_sid('./download.' . $phpEx, 'id=' . $attachment['attach_id']), $attachment['real_filename']);
+	wrap_img_in_html(append_sid($phpbb_root_path . 'download/file.' . $phpEx, 'id=' . $attachment['attach_id']), $attachment['real_filename']);
 }
 else
 {
@@ -251,7 +311,7 @@ else
 		{
 			trigger_error($user->lang['PHYSICAL_DOWNLOAD_NOT_POSSIBLE']);
 		}
-		
+
 		redirect($phpbb_root_path . $config['upload_path'] . '/' . $attachment['physical_filename']);
 		exit;
 	}
@@ -267,16 +327,13 @@ else
 * A simplified function to deliver avatars
 * The argument needs to be checked before calling this function.
 */
-function send_avatar_to_browser($file)
+function send_avatar_to_browser($file, $browser)
 {
 	global $config, $phpbb_root_path;
 
 	$prefix = $config['avatar_salt'] . '_';
 	$image_dir = $config['avatar_path'];
 
-	// worst-case default
-	$browser = (!empty($_SERVER['HTTP_USER_AGENT'])) ? htmlspecialchars((string) $_SERVER['HTTP_USER_AGENT']) : 'msie 6.0';
-
 	// Adjust image_dir path (no trailing slash)
 	if (substr($image_dir, -1, 1) == '/' || substr($image_dir, -1, 1) == '\\')
 	{
@@ -290,7 +347,7 @@ function send_avatar_to_browser($file)
 	}
 	$file_path = $phpbb_root_path . $image_dir . '/' . $prefix . $file;
 
-	if ((@file_exists($file_path) && @is_readable($file_path)) || headers_sent())
+	if ((@file_exists($file_path) && @is_readable($file_path)) && !headers_sent())
 	{
 		header('Pragma: public');
 
@@ -441,7 +498,7 @@ function send_file_to_browser($attachment, $upload_dir, $category)
 	{
 		header('Content-Disposition: ' . ((strpos($attachment['mimetype'], 'image') === 0) ? 'inline' : 'attachment') . '; ' . header_filename(htmlspecialchars_decode($attachment['real_filename'])));
 	}
-	
+
 	if ($size)
 	{
 		header("Content-Length: $size");
@@ -530,9 +587,9 @@ function download_allowed()
 			}
 		}
 	}
-	
+
 	// Check for own server...
-	$server_name = (!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME');
+	$server_name = $user->host;
 
 	// Forcing server vars is the only way to specify/override the protocol
 	if ($config['force_server_vars'] || !$server_name)
@@ -544,7 +601,7 @@ function download_allowed()
 	{
 		$allowed = true;
 	}
-	
+
 	// Get IP's and Hostnames
 	if (!$allowed)
 	{
@@ -594,7 +651,7 @@ function download_allowed()
 		}
 		$db->sql_freeresult($result);
 	}
-	
+
 	return $allowed;
 }
 

phpBB/download/index.htm

@@ -0,0 +1,10 @@
+<html>
+<head>
+<title></title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<body bgcolor="#FFFFFF" text="#000000">
+
+</body>
+</html>

phpBB/includes/acm/acm_file.php

@@ -67,6 +67,11 @@ class acm
 		unset($this->var_expires);
 		unset($this->sql_rowset);
 		unset($this->sql_row_pointer);
+
+		$this->vars = array();
+		$this->var_expires = array();
+		$this->sql_rowset = array();
+		$this->sql_row_pointer = array();
 	}
 
 	/**
@@ -232,6 +237,11 @@ class acm
 		unset($this->sql_rowset);
 		unset($this->sql_row_pointer);
 
+		$this->vars = array();
+		$this->var_expires = array();
+		$this->sql_rowset = array();
+		$this->sql_row_pointer = array();
+
 		$this->is_modified = false;
 	}
 
@@ -302,7 +312,7 @@ class acm
 
 		if ($var_name[0] == '_')
 		{
-			$this->remove_file($this->cache_dir . 'data' . $var_name . ".$phpEx");
+			$this->remove_file($this->cache_dir . 'data' . $var_name . ".$phpEx", true);
 		}
 		else if (isset($this->vars[$var_name]))
 		{
@@ -365,7 +375,7 @@ class acm
 		}
 		else if ($expired)
 		{
-			$this->remove_file($this->cache_dir . 'sql_' . md5($query) . ".$phpEx");
+			$this->remove_file($this->cache_dir . 'sql_' . md5($query) . ".$phpEx", true);
 			return false;
 		}
 
@@ -479,13 +489,15 @@ class acm
 	/**
 	* Removes/unlinks file
 	*/
-	function remove_file($filename)
+	function remove_file($filename, $check = false)
 	{
-		if (!@unlink($filename))
+		if ($check && !@is_writeable($this->cache_dir))
 		{
 			// E_USER_ERROR - not using language entry - intended.
 			trigger_error('Unable to remove files within ' . $this->cache_dir . '. Please check directory permissions.', E_USER_ERROR);
 		}
+
+		return @unlink($filename);
 	}
 }
 

phpBB/includes/acp/acp_attachments.php

@@ -23,7 +23,7 @@ class acp_attachments
 {
 	var $u_action;
 	var $new_config;
-	
+
 	function main($id, $mode)
 	{
 		global $db, $user, $auth, $template, $cache;
@@ -56,7 +56,7 @@ class acp_attachments
 			case 'ext_groups':
 				$l_title = 'ACP_EXTENSION_GROUPS';
 			break;
-	
+
 			case 'orphan':
 				$l_title = 'ACP_ORPHAN_ATTACHMENTS';
 			break;
@@ -99,9 +99,13 @@ class acp_attachments
 				$display_vars = array(
 					'title'	=> 'ACP_ATTACHMENT_SETTINGS',
 					'vars'	=> array(
-						'img_max_width' => false, 'img_max_height' => false, 'img_link_width' => false, 'img_link_height' => false,
-
 						'legend1'				=> 'ACP_ATTACHMENT_SETTINGS',
+
+						'img_max_width'			=> array('lang' => 'MAX_IMAGE_SIZE', 'validate' => 'int:0', 'type' => false, 'method' => false, 'explain' => false,),
+						'img_max_height'		=> array('lang' => 'MAX_IMAGE_SIZE', 'validate' => 'int:0', 'type' => false, 'method' => false, 'explain' => false,),
+						'img_link_width'		=> array('lang' => 'IMAGE_LINK_SIZE', 'validate' => 'int:0', 'type' => false, 'method' => false, 'explain' => false,),
+						'img_link_height'		=> array('lang' => 'IMAGE_LINK_SIZE', 'validate' => 'int:0', 'type' => false, 'method' => false, 'explain' => false,),
+
 						'allow_attachments'		=> array('lang' => 'ALLOW_ATTACHMENTS',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
 						'allow_pm_attach'		=> array('lang' => 'ALLOW_PM_ATTACHMENTS',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
 						'upload_path'			=> array('lang' => 'UPLOAD_DIR',			'validate' => 'wpath',	'type' => 'text:25:100', 'explain' => true),
@@ -113,7 +117,9 @@ class acp_attachments
 						'max_attachments_pm'	=> array('lang' => 'MAX_ATTACHMENTS_PM',	'validate' => 'int',	'type' => 'text:3:3', 'explain' => false),
 						'secure_downloads'		=> array('lang' => 'SECURE_DOWNLOADS',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'secure_allow_deny'		=> array('lang' => 'SECURE_ALLOW_DENY',		'validate' => 'int',	'type' => 'custom', 'method' => 'select_allow_deny', 'explain' => true),
-						'secure_allow_empty_referer' => array('lang' => 'SECURE_EMPTY_REFERRER', 'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
+						'secure_allow_empty_referer'	=> array('lang' => 'SECURE_EMPTY_REFERRER', 'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
+						'check_attachment_content' 		=> array('lang' => 'CHECK_CONTENT', 'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
+
 
 						'legend2'					=> $l_legend_cat_images,
 						'img_display_inlined'		=> array('lang' => 'DISPLAY_INLINED',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
@@ -184,7 +190,18 @@ class acp_attachments
 				}
 
 				// We strip eventually manual added convert program, we only want the patch
-				$this->new_config['img_imagick'] = str_replace(array('convert', '.exe'), array('', ''), $this->new_config['img_imagick']);
+				if ($this->new_config['img_imagick'])
+				{
+					// Change path separator
+					$this->new_config['img_imagick'] = str_replace('\\', '/', $this->new_config['img_imagick']);
+					$this->new_config['img_imagick'] = str_replace(array('convert', '.exe'), array('', ''), $this->new_config['img_imagick']);
+
+					// Check for trailing slash
+					if (substr($this->new_config['img_imagick'], -1) !== '/')
+					{
+						$this->new_config['img_imagick'] .= '/';
+					}
+				}
 
 				$supported_types = get_supported_image_types();
 
@@ -201,7 +218,7 @@ class acp_attachments
 
 				// Secure Download Options - Same procedure as with banning
 				$allow_deny = ($this->new_config['secure_allow_deny']) ? 'ALLOWED' : 'DISALLOWED';
-		
+
 				$sql = 'SELECT *
 					FROM ' . SITELIST_TABLE;
 				$result = $db->sql_query($sql);
@@ -262,16 +279,22 @@ class acp_attachments
 					{
 						$l_explain = (isset($user->lang[$vars['lang'] . '_EXPLAIN'])) ? $user->lang[$vars['lang'] . '_EXPLAIN'] : '';
 					}
+					
+					$content = build_cfg_template($type, $config_key, $this->new_config, $config_key, $vars);
+					if (empty($content))
+					{
+						continue;
+					}
 
 					$template->assign_block_vars('options', array(
 						'KEY'			=> $config_key,
 						'TITLE'			=> $user->lang[$vars['lang']],
 						'S_EXPLAIN'		=> $vars['explain'],
 						'TITLE_EXPLAIN'	=> $l_explain,
-						'CONTENT'		=> build_cfg_template($type, $config_key, $this->new_config, $config_key, $vars),
+						'CONTENT'		=> $content,
 						)
 					);
-		
+
 					unset($display_vars['vars'][$config_key]);
 				}
 
@@ -323,7 +346,7 @@ class acp_attachments
 								FROM ' . EXTENSIONS_TABLE . '
 								WHERE ' . $db->sql_in_set('extension_id', $extension_id_list);
 							$result = $db->sql_query($sql);
-							
+
 							$extension_list = '';
 							while ($row = $db->sql_fetchrow($result))
 							{
@@ -353,7 +376,7 @@ class acp_attachments
 								FROM ' . EXTENSIONS_TABLE . "
 								WHERE extension = '" . $db->sql_escape($add_extension) . "'";
 							$result = $db->sql_query($sql);
-							
+
 							if ($row = $db->sql_fetchrow($result))
 							{
 								$error[] = sprintf($user->lang['EXTENSION_EXIST'], $add_extension);
@@ -592,7 +615,7 @@ class acp_attachments
 								SET group_id = 0
 								WHERE group_id = $group_id";
 							$db->sql_query($sql);
-					
+
 							add_log('admin', 'LOG_ATTACH_EXTGROUP_DEL', $group_name);
 
 							$cache->destroy('_extensions');
@@ -662,8 +685,7 @@ class acp_attachments
 						}
 
 						$size_format = ($ext_group_row['max_filesize'] >= 1048576) ? 'mb' : (($ext_group_row['max_filesize'] >= 1024) ? 'kb' : 'b');
-
-						$ext_group_row['max_filesize'] = ($ext_group_row['max_filesize'] >= 1048576) ? round($ext_group_row['max_filesize'] / 1048576 * 100) / 100 : (($ext_group_row['max_filesize'] >= 1024) ? round($ext_group_row['max_filesize'] / 1024 * 100) / 100 : $ext_group_row['max_filesize']);
+						$ext_group_row['max_filesize'] = get_formatted_filesize($ext_group_row['max_filesize'], false);
 
 						$img_path = $config['upload_icons_path'];
 
@@ -889,7 +911,7 @@ class acp_attachments
 					$upload_list = array();
 					foreach ($add_files as $attach_id)
 					{
-						if (!in_array($attach_id, array_keys($delete_files)) && !empty($post_ids[$attach_id]))
+						if (!isset($delete_files[$attach_id]) && !empty($post_ids[$attach_id]))
 						{
 							$upload_list[$attach_id] = $post_ids[$attach_id];
 						}
@@ -930,6 +952,7 @@ class acp_attachments
 								AND is_orphan = 1';
 						$result = $db->sql_query($sql);
 
+						$files_added = $space_taken = 0;
 						while ($row = $db->sql_fetchrow($result))
 						{
 							$post_row = $post_info[$upload_list[$row['attach_id']]];
@@ -969,9 +992,18 @@ class acp_attachments
 								WHERE topic_id = ' . $post_row['topic_id'];
 							$db->sql_query($sql);
 
+							$space_taken += $row['filesize'];
+							$files_added++;
+
 							add_log('admin', 'LOG_ATTACH_FILEUPLOAD', $post_row['post_id'], $row['real_filename']);
 						}
 						$db->sql_freeresult($result);
+
+						if ($files_added)
+						{
+							set_config('upload_dir_size', $config['upload_dir_size'] + $space_taken, true);
+							set_config('num_files', $config['num_files'] + $files_added, true);
+						}
 					}
 				}
 
@@ -989,11 +1021,8 @@ class acp_attachments
 
 				while ($row = $db->sql_fetchrow($result))
 				{
-					$size_lang = ($row['filesize'] >= 1048576) ? $user->lang['MB'] : (($row['filesize'] >= 1024) ? $user->lang['KB'] : $user->lang['BYTES']);
-					$row['filesize'] = ($row['filesize'] >= 1048576) ? round((round($row['filesize'] / 1048576 * 100) / 100), 2) : (($row['filesize'] >= 1024) ? round((round($row['filesize'] / 1024 * 100) / 100), 2) : $row['filesize']);
-
 					$template->assign_block_vars('orphan', array(
-						'FILESIZE'			=> $row['filesize'] . ' ' . $size_lang,
+						'FILESIZE'			=> get_formatted_filesize($row['filesize']),
 						'FILETIME'			=> $user->format_date($row['filetime']),
 						'REAL_FILENAME'		=> basename($row['real_filename']),
 						'PHYSICAL_FILENAME'	=> basename($row['physical_filename']),
@@ -1039,7 +1068,7 @@ class acp_attachments
 			ATTACHMENT_CATEGORY_FLASH		=> $user->lang['CAT_FLASH_FILES'],
 			ATTACHMENT_CATEGORY_QUICKTIME	=> $user->lang['CAT_QUICKTIME_FILES'],
 		);
-		
+
 		if ($group_id)
 		{
 			$sql = 'SELECT cat_id
@@ -1055,7 +1084,7 @@ class acp_attachments
 		{
 			$cat_type = ATTACHMENT_CATEGORY_NONE;
 		}
-		
+
 		$group_select = '<select name="' . $select_name . '"' . (($key) ? ' id="' . $key . '"' : '') . '>';
 
 		foreach ($types as $type => $mode)
@@ -1075,7 +1104,7 @@ class acp_attachments
 	function group_select($select_name, $default_group = false, $key = '')
 	{
 		global $db, $user;
-			
+
 		$group_select = '<select name="' . $select_name . '"' . (($key) ? ' id="' . $key . '"' : '') . '>';
 
 		$sql = 'SELECT group_id, group_name
@@ -1093,7 +1122,7 @@ class acp_attachments
 		$row['group_id'] = 0;
 		$row['group_name'] = $user->lang['NOT_ASSIGNED'];
 		$group_name[] = $row;
-		
+
 		for ($i = 0; $i < sizeof($group_name); $i++)
 		{
 			if ($default_group === false)
@@ -1127,14 +1156,14 @@ class acp_attachments
 		if (empty($magic_home))
 		{
 			$locations = array('C:/WINDOWS/', 'C:/WINNT/', 'C:/WINDOWS/SYSTEM/', 'C:/WINNT/SYSTEM/', 'C:/WINDOWS/SYSTEM32/', 'C:/WINNT/SYSTEM32/', '/usr/bin/', '/usr/sbin/', '/usr/local/bin/', '/usr/local/sbin/', '/opt/', '/usr/imagemagick/', '/usr/bin/imagemagick/');
-			$path_locations = str_replace('\\', '/', (explode(($exe) ? ';' : ':', getenv('PATH'))));	
+			$path_locations = str_replace('\\', '/', (explode(($exe) ? ';' : ':', getenv('PATH'))));
 
 			$locations = array_merge($path_locations, $locations);
 
 			foreach ($locations as $location)
 			{
 				// The path might not end properly, fudge it
-				if (substr($location, -1, 1) !== '/')
+				if (substr($location, -1) !== '/')
 				{
 					$location .= '/';
 				}
@@ -1341,7 +1370,7 @@ class acp_attachments
 					$db->sql_query($sql);
 				}
 			}
-			
+
 			if (!empty($ip_list_log))
 			{
 				// Update log
@@ -1399,7 +1428,7 @@ class acp_attachments
 	{
 		// Determine size var and adjust the value accordingly
 		$size_var = ($value >= 1048576) ? 'mb' : (($value >= 1024) ? 'kb' : 'b');
-		$value = ($value >= 1048576) ? round($value / 1048576 * 100) / 100 : (($value >= 1024) ? round($value / 1024 * 100) / 100 : $value);
+		$value = get_formatted_filesize($value, false);
 
 		return '<input type="text" id="' . $key . '" size="8" maxlength="15" name="config[' . $key . ']" value="' . $value . '" /> <select name="' . $key . '">' . size_select_options($size_var) . '</select>';
 	}

phpBB/includes/acp/acp_bbcodes.php

@@ -312,7 +312,7 @@ class acp_bbcodes
 				'!(' . str_replace(array('!', '\#'), array('\!', '#'), get_preg_expression('relative_url')) . ')!e'	=>	"\$this->bbcode_specialchars('$1')"
 			),
 			'EMAIL' => array(
-				'!([a-z0-9]+[a-z0-9\-\._]*@(?:(?:[0-9]{1,3}\.){3,5}[0-9]{1,3}|[a-z0-9]+[a-z0-9\-\._]*\.[a-z]+))!i'	=>	"\$this->bbcode_specialchars('$1')"
+				'!(' . get_preg_expression('email') . ')!ie'	=>	"\$this->bbcode_specialchars('$1')"
 			),
 			'TEXT' => array(
 				'!(.*?)!es'	 =>	"str_replace(array(\"\\r\\n\", '\\\"', '\\'', '(', ')'), array(\"\\n\", '\"', ''', '(', ')'), trim('\$1'))"
@@ -334,7 +334,7 @@ class acp_bbcodes
 		$sp_tokens = array(
 			'URL'	 => '(?i)((?:' . str_replace(array('!', '\#'), array('\!', '#'), get_preg_expression('url')) . ')|(?:' . str_replace(array('!', '\#'), array('\!', '#'), get_preg_expression('www_url')) . '))(?-i)',
 			'LOCAL_URL'	 => '(?i)(' . str_replace(array('!', '\#'), array('\!', '#'), get_preg_expression('relative_url')) . ')(?-i)',
-			'EMAIL' => '([a-zA-Z0-9]+[a-zA-Z0-9\-\._]*@(?:(?:[0-9]{1,3}\.){3,5}[0-9]{1,3}|[a-zA-Z0-9]+[a-zA-Z0-9\-\._]*\.[a-zA-Z]+))',
+			'EMAIL' => '(' . get_preg_expression('email') . ')',
 			'TEXT' => '(.*?)',
 			'SIMPLETEXT' => '([a-zA-Z0-9-+.,_ ]+)',
 			'IDENTIFIER' => '([a-zA-Z0-9-_]+)',

phpBB/includes/acp/acp_board.php

@@ -102,14 +102,18 @@ class acp_board
 					'title'	=> 'ACP_AVATAR_SETTINGS',
 					'vars'	=> array(
 						'legend1'				=> 'ACP_AVATAR_SETTINGS',
-						'avatar_min_height'		=> false, 'avatar_min_width' => false, 'avatar_max_height' => false, 'avatar_max_width' => false,
+
+						'avatar_min_width'		=> array('lang' => 'MIN_AVATAR_SIZE', 'validate' => 'int:0', 'type' => false, 'method' => false, 'explain' => false,),
+						'avatar_min_height'		=> array('lang' => 'MIN_AVATAR_SIZE', 'validate' => 'int:0', 'type' => false, 'method' => false, 'explain' => false,),
+						'avatar_max_width'		=> array('lang' => 'MAX_AVATAR_SIZE', 'validate' => 'int:0', 'type' => false, 'method' => false, 'explain' => false,),
+						'avatar_max_height'		=> array('lang' => 'MAX_AVATAR_SIZE', 'validate' => 'int:0', 'type' => false, 'method' => false, 'explain' => false,),
 
 						'allow_avatar_local'	=> array('lang' => 'ALLOW_LOCAL',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
 						'allow_avatar_remote'	=> array('lang' => 'ALLOW_REMOTE',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'allow_avatar_upload'	=> array('lang' => 'ALLOW_UPLOAD',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
-						'avatar_filesize'		=> array('lang' => 'MAX_FILESIZE',			'validate' => 'int',	'type' => 'text:4:10', 'explain' => true, 'append' => ' ' . $user->lang['BYTES']),
-						'avatar_min'			=> array('lang' => 'MIN_AVATAR_SIZE',		'validate' => 'int',	'type' => 'dimension:3:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
-						'avatar_max'			=> array('lang' => 'MAX_AVATAR_SIZE',		'validate' => 'int',	'type' => 'dimension:3:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
+						'avatar_filesize'		=> array('lang' => 'MAX_FILESIZE',			'validate' => 'int:0',	'type' => 'text:4:10', 'explain' => true, 'append' => ' ' . $user->lang['BYTES']),
+						'avatar_min'			=> array('lang' => 'MIN_AVATAR_SIZE',		'validate' => 'int:0',	'type' => 'dimension:3:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
+						'avatar_max'			=> array('lang' => 'MAX_AVATAR_SIZE',		'validate' => 'int:0',	'type' => 'dimension:3:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
 						'avatar_path'			=> array('lang' => 'AVATAR_STORAGE_PATH',	'validate' => 'rwpath',	'type' => 'text:20:255', 'explain' => true),
 						'avatar_gallery_path'	=> array('lang' => 'AVATAR_GALLERY_PATH',	'validate' => 'rpath',	'type' => 'text:20:255', 'explain' => true)
 					)
@@ -123,11 +127,11 @@ class acp_board
 					'vars'	=> array(
 						'legend1'				=> 'GENERAL_SETTINGS',
 						'allow_privmsg'			=> array('lang' => 'BOARD_PM',				'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
-						'pm_max_boxes'			=> array('lang' => 'BOXES_MAX',				'validate' => 'int',	'type' => 'text:4:4', 'explain' => true),
-						'pm_max_msgs'			=> array('lang' => 'BOXES_LIMIT',			'validate' => 'int',	'type' => 'text:4:4', 'explain' => true),
+						'pm_max_boxes'			=> array('lang' => 'BOXES_MAX',				'validate' => 'int:0',	'type' => 'text:4:4', 'explain' => true),
+						'pm_max_msgs'			=> array('lang' => 'BOXES_LIMIT',			'validate' => 'int:0',	'type' => 'text:4:4', 'explain' => true),
 						'full_folder_action'	=> array('lang' => 'FULL_FOLDER_ACTION',	'validate' => 'int',	'type' => 'select', 'method' => 'full_folder_select', 'explain' => true),
-						'pm_edit_time'			=> array('lang' => 'PM_EDIT_TIME',			'validate' => 'int',	'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['MINUTES']),
-						
+						'pm_edit_time'			=> array('lang' => 'PM_EDIT_TIME',			'validate' => 'int:0',	'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['MINUTES']),
+
 						'legend2'				=> 'GENERAL_OPTIONS',
 						'allow_mass_pm'			=> array('lang' => 'ALLOW_MASS_PM',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
 						'auth_bbcode_pm'		=> array('lang' => 'ALLOW_BBCODE_PM',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
@@ -160,21 +164,21 @@ class acp_board
 
 						'legend2'				=> 'POSTING',
 						'bump_type'				=> false,
-						'edit_time'				=> array('lang' => 'EDIT_TIME',				'validate' => 'int',	'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['MINUTES']),
-						'display_last_edited'	=> array('lang' => 'DISPLAY_LAST_EDITED',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
-						'flood_interval'		=> array('lang' => 'FLOOD_INTERVAL',		'validate' => 'int',	'type' => 'text:3:10', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
-						'bump_interval'			=> array('lang' => 'BUMP_INTERVAL',			'validate' => 'int',	'type' => 'custom', 'method' => 'bump_interval', 'explain' => true),
-						'topics_per_page'		=> array('lang' => 'TOPICS_PER_PAGE',		'validate' => 'int',	'type' => 'text:3:4', 'explain' => false),
-						'posts_per_page'		=> array('lang' => 'POSTS_PER_PAGE',		'validate' => 'int',	'type' => 'text:3:4', 'explain' => false),
-						'hot_threshold'			=> array('lang' => 'HOT_THRESHOLD',			'validate' => 'int',	'type' => 'text:3:4', 'explain' => true),
-						'max_poll_options'		=> array('lang' => 'MAX_POLL_OPTIONS',		'validate' => 'int',	'type' => 'text:4:4', 'explain' => false),
-						'max_post_chars'		=> array('lang' => 'CHAR_LIMIT',			'validate' => 'int',	'type' => 'text:4:6', 'explain' => true),
-						'max_post_smilies'		=> array('lang' => 'SMILIES_LIMIT',			'validate' => 'int',	'type' => 'text:4:4', 'explain' => true),
-						'max_post_urls'			=> array('lang' => 'MAX_POST_URLS',			'validate' => 'int',	'type' => 'text:5:4', 'explain' => true),
-						'max_post_font_size'	=> array('lang' => 'MAX_POST_FONT_SIZE',	'validate' => 'int',	'type' => 'text:5:4', 'explain' => true, 'append' => ' %'),
-						'max_quote_depth'		=> array('lang' => 'QUOTE_DEPTH_LIMIT',		'validate' => 'int',	'type' => 'text:4:4', 'explain' => true),
-						'max_post_img_width'	=> array('lang' => 'MAX_POST_IMG_WIDTH',	'validate' => 'int',	'type' => 'text:5:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
-						'max_post_img_height'	=> array('lang' => 'MAX_POST_IMG_HEIGHT',	'validate' => 'int',	'type' => 'text:5:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
+						'edit_time'				=> array('lang' => 'EDIT_TIME',				'validate' => 'int:0',		'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['MINUTES']),
+						'display_last_edited'	=> array('lang' => 'DISPLAY_LAST_EDITED',	'validate' => 'bool',		'type' => 'radio:yes_no', 'explain' => true),
+						'flood_interval'		=> array('lang' => 'FLOOD_INTERVAL',		'validate' => 'int:0',		'type' => 'text:3:10', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
+						'bump_interval'			=> array('lang' => 'BUMP_INTERVAL',			'validate' => 'int:0',		'type' => 'custom', 'method' => 'bump_interval', 'explain' => true),
+						'topics_per_page'		=> array('lang' => 'TOPICS_PER_PAGE',		'validate' => 'int:1',		'type' => 'text:3:4', 'explain' => false),
+						'posts_per_page'		=> array('lang' => 'POSTS_PER_PAGE',		'validate' => 'int:1',		'type' => 'text:3:4', 'explain' => false),
+						'hot_threshold'			=> array('lang' => 'HOT_THRESHOLD',			'validate' => 'int:0',		'type' => 'text:3:4', 'explain' => true),
+						'max_poll_options'		=> array('lang' => 'MAX_POLL_OPTIONS',		'validate' => 'int:2:127',	'type' => 'text:4:4', 'explain' => false),
+						'max_post_chars'		=> array('lang' => 'CHAR_LIMIT',			'validate' => 'int:0',		'type' => 'text:4:6', 'explain' => true),
+						'max_post_smilies'		=> array('lang' => 'SMILIES_LIMIT',			'validate' => 'int:0',		'type' => 'text:4:4', 'explain' => true),
+						'max_post_urls'			=> array('lang' => 'MAX_POST_URLS',			'validate' => 'int:0',		'type' => 'text:5:4', 'explain' => true),
+						'max_post_font_size'	=> array('lang' => 'MAX_POST_FONT_SIZE',	'validate' => 'int:0',		'type' => 'text:5:4', 'explain' => true, 'append' => ' %'),
+						'max_quote_depth'		=> array('lang' => 'QUOTE_DEPTH_LIMIT',		'validate' => 'int:0',		'type' => 'text:4:4', 'explain' => true),
+						'max_post_img_width'	=> array('lang' => 'MAX_POST_IMG_WIDTH',	'validate' => 'int:0',		'type' => 'text:5:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
+						'max_post_img_height'	=> array('lang' => 'MAX_POST_IMG_HEIGHT',	'validate' => 'int:0',		'type' => 'text:5:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
 					)
 				);
 			break;
@@ -192,12 +196,12 @@ class acp_board
 						'allow_sig_links'		=> array('lang' => 'ALLOW_SIG_LINKS',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 
 						'legend2'				=> 'GENERAL_SETTINGS',
-						'max_sig_chars'			=> array('lang' => 'MAX_SIG_LENGTH',		'validate' => 'int',	'type' => 'text:5:4', 'explain' => true),
-						'max_sig_urls'			=> array('lang' => 'MAX_SIG_URLS',			'validate' => 'int',	'type' => 'text:5:4', 'explain' => true),
-						'max_sig_font_size'		=> array('lang' => 'MAX_SIG_FONT_SIZE',		'validate' => 'int',	'type' => 'text:5:4', 'explain' => true, 'append' => ' %'),
-						'max_sig_smilies'		=> array('lang' => 'MAX_SIG_SMILIES',		'validate' => 'int',	'type' => 'text:5:4', 'explain' => true),
-						'max_sig_img_width'		=> array('lang' => 'MAX_SIG_IMG_WIDTH',		'validate' => 'int',	'type' => 'text:5:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
-						'max_sig_img_height'	=> array('lang' => 'MAX_SIG_IMG_HEIGHT',	'validate' => 'int',	'type' => 'text:5:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
+						'max_sig_chars'			=> array('lang' => 'MAX_SIG_LENGTH',		'validate' => 'int:0',	'type' => 'text:5:4', 'explain' => true),
+						'max_sig_urls'			=> array('lang' => 'MAX_SIG_URLS',			'validate' => 'int:0',	'type' => 'text:5:4', 'explain' => true),
+						'max_sig_font_size'		=> array('lang' => 'MAX_SIG_FONT_SIZE',		'validate' => 'int:0',	'type' => 'text:5:4', 'explain' => true, 'append' => ' %'),
+						'max_sig_smilies'		=> array('lang' => 'MAX_SIG_SMILIES',		'validate' => 'int:0',	'type' => 'text:5:4', 'explain' => true),
+						'max_sig_img_width'		=> array('lang' => 'MAX_SIG_IMG_WIDTH',		'validate' => 'int:0',	'type' => 'text:5:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
+						'max_sig_img_height'	=> array('lang' => 'MAX_SIG_IMG_HEIGHT',	'validate' => 'int:0',	'type' => 'text:5:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
 					)
 				);
 			break;
@@ -207,24 +211,22 @@ class acp_board
 					'title'	=> 'ACP_REGISTER_SETTINGS',
 					'vars'	=> array(
 						'legend1'				=> 'GENERAL_SETTINGS',
-						'max_name_chars'		=> false,
-						'max_pass_chars'		=> false,
+						'max_name_chars'		=> array('lang' => 'USERNAME_LENGTH', 'validate' => 'int:8:180', 'type' => false, 'method' => false, 'explain' => false,),
+						'max_pass_chars'		=> array('lang' => 'PASSWORD_LENGTH', 'validate' => 'int:8:255', 'type' => false, 'method' => false, 'explain' => false,),
 
 						'require_activation'	=> array('lang' => 'ACC_ACTIVATION',	'validate' => 'int',	'type' => 'custom', 'method' => 'select_acc_activation', 'explain' => true),
-						'min_name_chars'		=> array('lang' => 'USERNAME_LENGTH',	'validate' => 'int',	'type' => 'custom', 'method' => 'username_length', 'explain' => true),
-						'min_pass_chars'		=> array('lang' => 'PASSWORD_LENGTH',	'validate' => 'int',	'type' => 'custom', 'method' => 'password_length', 'explain' => true),
+						'min_name_chars'		=> array('lang' => 'USERNAME_LENGTH',	'validate' => 'int:1',	'type' => 'custom:5:180', 'method' => 'username_length', 'explain' => true),
+						'min_pass_chars'		=> array('lang' => 'PASSWORD_LENGTH',	'validate' => 'int:1',	'type' => 'custom', 'method' => 'password_length', 'explain' => true),
 						'allow_name_chars'		=> array('lang' => 'USERNAME_CHARS',	'validate' => 'string',	'type' => 'select', 'method' => 'select_username_chars', 'explain' => true),
 						'pass_complex'			=> array('lang' => 'PASSWORD_TYPE',		'validate' => 'string',	'type' => 'select', 'method' => 'select_password_chars', 'explain' => true),
-						'chg_passforce'			=> array('lang' => 'FORCE_PASS_CHANGE',	'validate' => 'int',	'type' => 'text:3:3', 'explain' => true, 'append' => ' ' . $user->lang['DAYS']),
+						'chg_passforce'			=> array('lang' => 'FORCE_PASS_CHANGE',	'validate' => 'int:0',	'type' => 'text:3:3', 'explain' => true, 'append' => ' ' . $user->lang['DAYS']),
 
 						'legend2'				=> 'GENERAL_OPTIONS',
 						'allow_namechange'		=> array('lang' => 'ALLOW_NAME_CHANGE',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
 						'allow_emailreuse'		=> array('lang' => 'ALLOW_EMAIL_REUSE',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'enable_confirm'		=> array('lang' => 'VISUAL_CONFIRM_REG',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
-						'max_login_attempts'	=> array('lang' => 'MAX_LOGIN_ATTEMPTS',	'validate' => 'int',	'type' => 'text:3:3', 'explain' => true),
-						'max_reg_attempts'		=> array('lang' => 'REG_LIMIT',				'validate' => 'int',	'type' => 'text:4:4', 'explain' => true),
-						'min_time_reg'			=> array('lang' => 'MIN_TIME_REG',			'validate' => 'int',	'type' => 'text:3:3', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
-						'min_time_terms'		=> array('lang' => 'MIN_TIME_TERMS',		'validate' => 'int',	'type' => 'text:3:3', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
+						'max_login_attempts'	=> array('lang' => 'MAX_LOGIN_ATTEMPTS',	'validate' => 'int:0',	'type' => 'text:3:3', 'explain' => true),
+						'max_reg_attempts'		=> array('lang' => 'REG_LIMIT',				'validate' => 'int:0',	'type' => 'text:4:4', 'explain' => true),
 
 						'legend3'			=> 'COPPA',
 						'coppa_enable'		=> array('lang' => 'ENABLE_COPPA',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
@@ -253,9 +255,9 @@ class acp_board
 					'vars'	=> array(
 						'legend1'			=> 'GENERAL_SETTINGS',
 						'limit_load'		=> array('lang' => 'LIMIT_LOAD',		'validate' => 'string',	'type' => 'text:4:4', 'explain' => true),
-						'session_length'	=> array('lang' => 'SESSION_LENGTH',	'validate' => 'int',	'type' => 'text:5:10', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
-						'active_sessions'	=> array('lang' => 'LIMIT_SESSIONS',	'validate' => 'int',	'type' => 'text:4:4', 'explain' => true),
-						'load_online_time'	=> array('lang' => 'ONLINE_LENGTH',		'validate' => 'int',	'type' => 'text:4:3', 'explain' => true, 'append' => ' ' . $user->lang['MINUTES']),
+						'session_length'	=> array('lang' => 'SESSION_LENGTH',	'validate' => 'int:60',	'type' => 'text:5:10', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
+						'active_sessions'	=> array('lang' => 'LIMIT_SESSIONS',	'validate' => 'int:0',	'type' => 'text:4:4', 'explain' => true),
+						'load_online_time'	=> array('lang' => 'ONLINE_LENGTH',		'validate' => 'int:0',	'type' => 'text:4:3', 'explain' => true, 'append' => ' ' . $user->lang['MINUTES']),
 
 						'legend2'				=> 'GENERAL_OPTIONS',
 						'load_db_track'			=> array('lang' => 'YES_POST_MARKING',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
@@ -269,7 +271,7 @@ class acp_board
 						'load_jumpbox'			=> array('lang' => 'YES_JUMPBOX',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
 						'load_user_activity'	=> array('lang' => 'LOAD_USER_ACTIVITY',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'load_tplcompile'		=> array('lang' => 'RECOMPILE_STYLES',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
-						
+
 						'legend3'				=> 'CUSTOM_PROFILE_FIELDS',
 						'load_cpf_memberlist'	=> array('lang' => 'LOAD_CPF_MEMBERLIST',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
 						'load_cpf_viewprofile'	=> array('lang' => 'LOAD_CPF_VIEWPROFILE',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
@@ -305,7 +307,7 @@ class acp_board
 						'force_server_vars'		=> array('lang' => 'FORCE_SERVER_VARS',	'validate' => 'bool',			'type' => 'radio:yes_no', 'explain' => true),
 						'server_protocol'		=> array('lang' => 'SERVER_PROTOCOL',	'validate' => 'string',			'type' => 'text:10:10', 'explain' => true),
 						'server_name'			=> array('lang' => 'SERVER_NAME',		'validate' => 'string',			'type' => 'text:40:255', 'explain' => true),
-						'server_port'			=> array('lang' => 'SERVER_PORT',		'validate' => 'int',			'type' => 'text:5:5', 'explain' => true),
+						'server_port'			=> array('lang' => 'SERVER_PORT',		'validate' => 'int:0',			'type' => 'text:5:5', 'explain' => true),
 						'script_path'			=> array('lang' => 'SCRIPT_PATH',		'validate' => 'script_path',	'type' => 'text::255', 'explain' => true),
 					)
 				);
@@ -317,18 +319,18 @@ class acp_board
 					'vars'	=> array(
 						'legend1'				=> 'ACP_SECURITY_SETTINGS',
 						'allow_autologin'		=> array('lang' => 'ALLOW_AUTOLOGIN',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
-						'max_autologin_time'	=> array('lang' => 'AUTOLOGIN_LENGTH',		'validate' => 'int',	'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['DAYS']),
+						'max_autologin_time'	=> array('lang' => 'AUTOLOGIN_LENGTH',		'validate' => 'int:0',	'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['DAYS']),
 						'ip_check'				=> array('lang' => 'IP_VALID',				'validate' => 'int',	'type' => 'custom', 'method' => 'select_ip_check', 'explain' => true),
 						'browser_check'			=> array('lang' => 'BROWSER_VALID',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'forwarded_for_check'	=> array('lang' => 'FORWARDED_FOR_VALID',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
+						'referer_validation'	=> array('lang' => 'REFERER_VALID',		'validate' => 'int:0:3','type' => 'custom', 'method' => 'select_ref_check', 'explain' => true),
 						'check_dnsbl'			=> array('lang' => 'CHECK_DNSBL',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'email_check_mx'		=> array('lang' => 'EMAIL_CHECK_MX',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'pass_complex'			=> array('lang' => 'PASSWORD_TYPE',			'validate' => 'string',	'type' => 'select', 'method' => 'select_password_chars', 'explain' => true),
-						'chg_passforce'			=> array('lang' => 'FORCE_PASS_CHANGE',		'validate' => 'int',	'type' => 'text:3:3', 'explain' => true, 'append' => ' ' . $user->lang['DAYS']),
-						'max_login_attempts'	=> array('lang' => 'MAX_LOGIN_ATTEMPTS',	'validate' => 'int',	'type' => 'text:3:3', 'explain' => true),
+						'chg_passforce'			=> array('lang' => 'FORCE_PASS_CHANGE',		'validate' => 'int:0',	'type' => 'text:3:3', 'explain' => true, 'append' => ' ' . $user->lang['DAYS']),
+						'max_login_attempts'	=> array('lang' => 'MAX_LOGIN_ATTEMPTS',	'validate' => 'int:0',	'type' => 'text:3:3', 'explain' => true),
 						'tpl_allow_php'			=> array('lang' => 'TPL_ALLOW_PHP',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
-						'form_token_lifetime'	=> array('lang' => 'FORM_TIME_MAX',			'validate' => 'int',	'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
-						'form_token_mintime'	=> array('lang' => 'FORM_TIME_MIN',			'validate' => 'int',	'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
+						'form_token_lifetime'	=> array('lang' => 'FORM_TIME_MAX',			'validate' => 'int:-1',	'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
 						'form_token_sid_guests'	=> array('lang' => 'FORM_SID_GUESTS',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 
 					)
@@ -343,7 +345,7 @@ class acp_board
 						'email_enable'			=> array('lang' => 'ENABLE_EMAIL',			'validate' => 'bool',	'type' => 'radio:enabled_disabled', 'explain' => true),
 						'board_email_form'		=> array('lang' => 'BOARD_EMAIL_FORM',		'validate' => 'bool',	'type' => 'radio:enabled_disabled', 'explain' => true),
 						'email_function_name'	=> array('lang' => 'EMAIL_FUNCTION_NAME',	'validate' => 'string',	'type' => 'text:20:50', 'explain' => true),
-						'email_package_size'	=> array('lang' => 'EMAIL_PACKAGE_SIZE',	'validate' => 'int',	'type' => 'text:5:5', 'explain' => true),
+						'email_package_size'	=> array('lang' => 'EMAIL_PACKAGE_SIZE',	'validate' => 'int:0',	'type' => 'text:5:5', 'explain' => true),
 						'board_contact'			=> array('lang' => 'CONTACT_EMAIL',			'validate' => 'string',	'type' => 'text:25:100', 'explain' => true),
 						'board_email'			=> array('lang' => 'ADMIN_EMAIL',			'validate' => 'string',	'type' => 'text:25:100', 'explain' => true),
 						'board_email_sig'		=> array('lang' => 'EMAIL_SIG',				'validate' => 'string',	'type' => 'textarea:5:30', 'explain' => true),
@@ -352,7 +354,7 @@ class acp_board
 						'legend2'				=> 'SMTP_SETTINGS',
 						'smtp_delivery'			=> array('lang' => 'USE_SMTP',				'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'smtp_host'				=> array('lang' => 'SMTP_SERVER',			'validate' => 'string',	'type' => 'text:25:50', 'explain' => false),
-						'smtp_port'				=> array('lang' => 'SMTP_PORT',				'validate' => 'int',	'type' => 'text:4:5', 'explain' => true),
+						'smtp_port'				=> array('lang' => 'SMTP_PORT',				'validate' => 'int:0',	'type' => 'text:4:5', 'explain' => true),
 						'smtp_auth_method'		=> array('lang' => 'SMTP_AUTH_METHOD',		'validate' => 'string',	'type' => 'select', 'method' => 'mail_auth_select', 'explain' => true),
 						'smtp_username'			=> array('lang' => 'SMTP_USERNAME',			'validate' => 'string',	'type' => 'text:25:255', 'explain' => true),
 						'smtp_password'			=> array('lang' => 'SMTP_PASSWORD',			'validate' => 'string',	'type' => 'password:25:255', 'explain' => true)
@@ -555,16 +557,23 @@ class acp_board
 			{
 				$l_explain = (isset($user->lang[$vars['lang'] . '_EXPLAIN'])) ? $user->lang[$vars['lang'] . '_EXPLAIN'] : '';
 			}
-
+			
+			$content = build_cfg_template($type, $config_key, $this->new_config, $config_key, $vars);
+			
+			if (empty($content))
+			{
+				continue;
+			}
+			
 			$template->assign_block_vars('options', array(
 				'KEY'			=> $config_key,
 				'TITLE'			=> (isset($user->lang[$vars['lang']])) ? $user->lang[$vars['lang']] : $vars['lang'],
 				'S_EXPLAIN'		=> $vars['explain'],
 				'TITLE_EXPLAIN'	=> $l_explain,
-				'CONTENT'		=> build_cfg_template($type, $config_key, $this->new_config, $config_key, $vars),
+				'CONTENT'		=> $content,
 				)
 			);
-		
+
 			unset($display_vars['vars'][$config_key]);
 		}
 
@@ -668,7 +677,17 @@ class acp_board
 
 		return h_radio('config[ip_check]', $radio_ary, $value, $key);
 	}
+	
+	/**
+	* Select referer validation
+	*/
+	function select_ref_check($value, $key = '')
+	{
+		$radio_ary = array(REFERER_VALIDATE_PATH => 'REF_PATH', REFERER_VALIDATE_HOST => 'REF_HOST', REFERER_VALIDATE_NONE => 'NO_REF_VALIDATION');
 
+		return h_radio('config[referer_validation]', $radio_ary, $value, $key);
+	}
+	
 	/**
 	* Select account activation method
 	*/
@@ -795,7 +814,7 @@ class acp_board
 		}
 
 		$dateformat_options .= '<option value="custom"';
-		if (!in_array($value, array_keys($user->lang['dateformats'])))
+		if (!isset($user->lang['dateformats'][$value]))
 		{
 			$dateformat_options .= ' selected="selected"';
 		}

phpBB/includes/acp/acp_captcha.php

@@ -29,7 +29,7 @@ class acp_captcha
 
 		$user->add_lang('acp/board');
 
-		
+
 		$captcha_vars = array(
 			'captcha_gd_x_grid'				=> 'CAPTCHA_GD_X_GRID',
 			'captcha_gd_y_grid'				=> 'CAPTCHA_GD_Y_GRID',
@@ -54,7 +54,7 @@ class acp_captcha
 			}
 			$captcha = new captcha();
 			$captcha->execute(gen_rand_string(mt_rand(5, 8)), time());
-			exit_handler();
+			exit;
 		}
 
 		$config_vars = array(
@@ -90,7 +90,7 @@ class acp_captcha
 		}
 		else
 		{
-			
+
 			$preview_image_src = append_sid(append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&demo=demo"));
 			if (@extension_loaded('gd'))
 			{
@@ -110,7 +110,7 @@ class acp_captcha
 				'CAPTCHA_PREVIEW'	=> $preview_image_src,
 				'PREVIEW'			=> isset($_POST['preview']),
 			));
-			
+
 		}
 	}
 }

phpBB/includes/acp/acp_database.php

@@ -25,7 +25,7 @@ class acp_database
 
 	function main($id, $mode)
 	{
-		global $db, $user, $auth, $template, $table_prefix;
+		global $cache, $db, $user, $auth, $template, $table_prefix;
 		global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx;
 		
 		$user->add_lang('acp/database');
@@ -159,18 +159,20 @@ class acp_database
 
 						$extractor->write_end();
 
+						add_log('admin', 'LOG_DB_BACKUP');
+
 						if ($download == true)
 						{
 							exit;
 						}
 
-						add_log('admin', 'LOG_DB_BACKUP');
 						trigger_error($user->lang['BACKUP_SUCCESS'] . adm_back_link($this->u_action));
 					break;
 
 					default:
 						include($phpbb_root_path . 'includes/functions_install.' . $phpEx);
 						$tables = get_tables($db);
+						asort($tables);
 						foreach ($tables as $table_name)
 						{
 							if (strlen($table_prefix) === 0 || stripos($table_name, $table_prefix) === 0)
@@ -341,10 +343,29 @@ class acp_database
 								break;
 
 								case 'postgres':
+									$delim = ";\n";
 									while (($sql = $fgetd($fp, $delim, $read, $seek, $eof)) !== false)
 									{
 										$query = trim($sql);
-										$db->sql_query($query);
+
+										if (substr($query, 0, 13) == 'CREATE DOMAIN')
+										{
+											list(, , $domain) = explode(' ', $query);
+											$sql = "SELECT domain_name
+												FROM information_schema.domains
+												WHERE domain_name = '$domain';";
+											$result = $db->sql_query($sql);
+											if (!$db->sql_fetchrow($result))
+											{
+												$db->sql_query($query);
+											}
+											$db->sql_freeresult($result);
+										}
+										else
+										{
+											$db->sql_query($query);
+										}
+
 										if (substr($query, 0, 4) == 'COPY')
 										{
 											while (($sub = $fgetd($fp, "\n", $read, $seek, $eof)) !== '\.')
@@ -379,6 +400,9 @@ class acp_database
 
 							$close($fp);
 
+							// Purge the cache due to updated data
+							$cache->purge();
+
 							add_log('admin', 'LOG_DB_RESTORE');
 							trigger_error($user->lang['RESTORE_SUCCESS'] . adm_back_link($this->u_action));
 							break;
@@ -1086,7 +1110,7 @@ class postgres_extractor extends base_extractor
 		}
 
 		$sql_data = '-- Table: ' . $table_name . "\n";
-		//$sql_data .= "DROP TABLE $table_name;\n";
+		$sql_data .= "DROP TABLE $table_name;\n";
 		// PGSQL does not "tightly" bind sequences and tables, we must guess...
 		$sql = "SELECT relname
 			FROM pg_class
@@ -1155,7 +1179,7 @@ class postgres_extractor extends base_extractor
 				$line .= ')';
 			}
 
-			if (!empty($row['rowdefault']))
+			if (isset($row['rowdefault']))
 			{
 				$line .= ' DEFAULT ' . $row['rowdefault'];
 			}

phpBB/includes/acp/acp_forums.php

@@ -45,7 +45,7 @@ class acp_forums
 		if ($update && !check_form_key($form_key))
 		{
 			$update = false;
-			$error[] = $user->lang['FORM_INVALID'];
+			$errors[] = $user->lang['FORM_INVALID'];
 		}
 
 		// Check additional permissions
@@ -56,7 +56,7 @@ class acp_forums
 				$total = request_var('total', 0);
 
 				$this->display_progress_bar($start, $total);
-				exit_handler();
+				exit;
 			break;
 
 			case 'delete':
@@ -74,7 +74,7 @@ class acp_forums
 				{
 					trigger_error($user->lang['NO_PERMISSION_FORUM_ADD'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id), E_USER_WARNING);
 				}
-			
+
 			break;
 		}
 
@@ -100,7 +100,7 @@ class acp_forums
 					$cache->destroy('sql', FORUMS_TABLE);
 
 					trigger_error($user->lang['FORUM_DELETED'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id));
-	
+
 				break;
 
 				case 'edit':
@@ -132,6 +132,7 @@ class acp_forums
 						'forum_rules_link'		=> request_var('forum_rules_link', ''),
 						'forum_image'			=> request_var('forum_image', ''),
 						'forum_style'			=> request_var('forum_style', 0),
+						'display_subforum_list'	=> request_var('display_subforum_list', false),
 						'display_on_index'		=> request_var('display_on_index', false),
 						'forum_topics_per_page'	=> request_var('topics_per_page', 0),
 						'enable_indexing'		=> request_var('enable_indexing', true),
@@ -188,7 +189,7 @@ class acp_forums
 								$sql = 'DELETE FROM ' . ACL_USERS_TABLE . '
 									WHERE forum_id = ' . (int) $forum_data['forum_id'];
 								$db->sql_query($sql);
-	
+
 								$sql = 'DELETE FROM ' . ACL_GROUPS_TABLE . '
 									WHERE forum_id = ' . (int) $forum_data['forum_id'];
 								$db->sql_query($sql);
@@ -239,11 +240,12 @@ class acp_forums
 							// Now insert the data
 							$db->sql_multi_insert(ACL_USERS_TABLE, $users_sql_ary);
 							$db->sql_multi_insert(ACL_GROUPS_TABLE, $groups_sql_ary);
+							cache_moderators();
 						}
 
 						$auth->acl_clear_prefetch();
 						$cache->destroy('sql', FORUMS_TABLE);
-	
+
 						$acl_url = '&mode=setting_forum_local&forum_id[]=' . $forum_data['forum_id'];
 
 						$message = ($action == 'add') ? $user->lang['FORUM_CREATED'] : $user->lang['FORUM_UPDATED'];
@@ -470,6 +472,7 @@ class acp_forums
 							'forum_rules_link'		=> '',
 							'forum_image'			=> '',
 							'forum_style'			=> 0,
+							'display_subforum_list'	=> true,
 							'display_on_index'		=> false,
 							'forum_topics_per_page'	=> 0,
 							'enable_indexing'		=> true,
@@ -540,7 +543,7 @@ class acp_forums
 
 				$forum_type_options = '';
 				$forum_type_ary = array(FORUM_CAT => 'CAT', FORUM_POST => 'FORUM', FORUM_LINK => 'LINK');
-		
+
 				foreach ($forum_type_ary as $value => $lang)
 				{
 					$forum_type_options .= '<option value="' . $value . '"' . (($value == $forum_data['forum_type']) ? ' selected="selected"' : '') . '>' . $user->lang['TYPE_' . $lang] . '</option>';
@@ -610,10 +613,10 @@ class acp_forums
 						}
 					}
 				}
-				
+
 				if (strlen($forum_data['forum_password']) == 32)
 				{
-					$errors[] = 'FORUM_PASSWORD_OLD';
+					$errors[] = $user->lang['FORUM_PASSWORD_OLD'];
 				}
 
 				$template->assign_vars(array(
@@ -669,6 +672,7 @@ class acp_forums
 					'S_FORUM_CAT'				=> ($forum_data['forum_type'] == FORUM_CAT) ? true : false,
 					'S_ENABLE_INDEXING'			=> ($forum_data['enable_indexing']) ? true : false,
 					'S_TOPIC_ICONS'				=> ($forum_data['enable_icons']) ? true : false,
+					'S_DISPLAY_SUBFORUM_LIST'	=> ($forum_data['display_subforum_list']) ? true : false,
 					'S_DISPLAY_ON_INDEX'		=> ($forum_data['display_on_index']) ? true : false,
 					'S_PRUNE_ENABLE'			=> ($forum_data['enable_prune']) ? true : false,
 					'S_FORUM_LINK_TRACK'		=> ($forum_data['forum_flags'] & FORUM_FLAG_LINK_TRACK) ? true : false,
@@ -915,6 +919,13 @@ class acp_forums
 			$errors[] = $user->lang['FORUM_DATA_NEGATIVE'];
 		}
 
+		$range_test_ary = array(
+			array('lang' => 'FORUM_TOPICS_PAGE', 'value' => $forum_data['forum_topics_per_page'], 'column_type' => 'TINT:0'),
+		);
+		validate_range($range_test_ary, $errors);
+
+
+
 		// Set forum flags
 		// 1 = link tracking
 		// 2 = prune old polls
@@ -948,8 +959,8 @@ class acp_forums
 		{
 			return $errors;
 		}
- 
- 		// As we don't know the old password, it's kinda tricky to detect changes
+
+		// As we don't know the old password, it's kinda tricky to detect changes
 		if ($forum_data_sql['forum_password_unset'])
 		{
 			$forum_data_sql['forum_password'] = '';
@@ -963,7 +974,7 @@ class acp_forums
 			$forum_data_sql['forum_password'] = phpbb_hash($forum_data_sql['forum_password']);
 		}
 		unset($forum_data_sql['forum_password_unset']);
-		
+
 		if (!isset($forum_data_sql['forum_id']))
 		{
 			// no forum_id means we're creating a new forum
@@ -1621,7 +1632,7 @@ class acp_forums
 			WHERE p.forum_id = $forum_id
 				AND a.in_message = 0
 				AND a.topic_id = p.topic_id";
-		$result = $db->sql_query($sql);	
+		$result = $db->sql_query($sql);
 
 		$topic_ids = array();
 		while ($row = $db->sql_fetchrow($result))
@@ -1679,7 +1690,7 @@ class acp_forums
 			break;
 
 			default:
-			
+
 				// Delete everything else and curse your DB for not offering multi-table deletion
 				$tables_ary = array(
 					'post_id'	=>	array(

phpBB/includes/acp/acp_groups.php

@@ -87,24 +87,32 @@ class acp_groups
 
 				// Approve, demote or promote
 				$group_name = ($group_row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $group_row['group_name']] : $group_row['group_name'];
-				group_user_attributes($action, $group_id, $mark_ary, false, $group_name);
-
-				switch ($action)
+				$error = group_user_attributes($action, $group_id, $mark_ary, false, $group_name);
+				
+				if (!$error)
 				{
-					case 'demote':
-						$message = 'GROUP_MODS_DEMOTED';
-					break;
+					switch ($action)
+					{
+						case 'demote':
+							$message = 'GROUP_MODS_DEMOTED';
+						break;
 
-					case 'promote':
-						$message = 'GROUP_MODS_PROMOTED';
-					break;
+						case 'promote':
+							$message = 'GROUP_MODS_PROMOTED';
+						break;
 
-					case 'approve':
-						$message = 'USERS_APPROVED';
-					break;
+						case 'approve':
+							$message = 'USERS_APPROVED';
+						break;
+					}
+
+					trigger_error($user->lang[$message] . adm_back_link($this->u_action . '&action=list&g=' . $group_id));
 				}
-
-				trigger_error($user->lang[$message] . adm_back_link($this->u_action . '&action=list&g=' . $group_id));
+				else
+				{
+					trigger_error($user->lang[$error] . adm_back_link($this->u_action . '&action=list&g=' . $group_id), E_USER_WARNING);
+				}
+				
 			break;
 
 			case 'default':

phpBB/includes/acp/acp_icons.php

@@ -89,15 +89,17 @@ class acp_icons
 			}
 			unset($imglist);
 
-			$dir = @opendir($phpbb_root_path . $img_path);
-			while (($file = @readdir($dir)) !== false)
+			if ($dir = @opendir($phpbb_root_path . $img_path))
 			{
-				if (is_file($phpbb_root_path . $img_path . '/' . $file) && preg_match('#\.pak$#i', $file))
+				while (($file = readdir($dir)) !== false)
 				{
-					$_paks[] = $file;
+					if (is_file($phpbb_root_path . $img_path . '/' . $file) && preg_match('#\.pak$#i', $file))
+					{
+						$_paks[] = $file;
+					}
 				}
+				closedir($dir);
 			}
-			@closedir($dir);
 		}
 
 		// What shall we do today? Oops, I believe that's trademarked ...
@@ -335,11 +337,16 @@ class acp_icons
 				}
 
 				$icons_updated = 0;
+				$errors = array();
 				foreach ($images as $image)
 				{
-					if (($mode == 'smilies' && ($image_emotion[$image] == '' || $image_code[$image] == '')) ||
-						($action == 'create' && !isset($image_add[$image])))
+					if ($mode == 'smilies' && ($image_emotion[$image] == '' || $image_code[$image] == ''))
 					{
+						$errors[$image] = 'SMILIE_NO_' . (($image_emotion[$image] == '') ? 'EMOTION' : 'CODE');
+					}
+					else if ($action == 'create' && !isset($image_add[$image]))
+					{
+						// skip images where add wasn't checked
 					}
 					else
 					{
@@ -429,13 +436,18 @@ class acp_icons
 					default:
 						$suc_lang = $lang;
 				}
+				$errormsgs = '';
+				foreach ($errors as $img => $error)
+				{
+					$errormsgs .= '<br />' . sprintf($user->lang[$error], $img);
+				}
 				if ($action == 'modify')
 				{
-					trigger_error($user->lang[$suc_lang . '_EDITED'] . adm_back_link($this->u_action), $level);
+					trigger_error($user->lang[$suc_lang . '_EDITED'] . $errormsgs . adm_back_link($this->u_action), $level);
 				}
 				else
 				{
-					trigger_error($user->lang[$suc_lang . '_ADDED'] . adm_back_link($this->u_action), $level);
+					trigger_error($user->lang[$suc_lang . '_ADDED'] . $errormsgs . adm_back_link($this->u_action), $level);
 				}
 
 			break;
@@ -460,7 +472,7 @@ class acp_icons
 						if (preg_match_all("#'(.*?)', ?#", $pak_entry, $data))
 						{
 							if ((sizeof($data[1]) != 4 && $mode == 'icons') ||
-								(sizeof($data[1]) != 6 && $mode == 'smilies'))
+								((sizeof($data[1]) != 6 || (empty($data[1][4]) || empty($data[1][5]))) && $mode == 'smilies' ))
 							{
 								trigger_error($user->lang['WRONG_PAK_TYPE'] . adm_back_link($this->u_action), E_USER_WARNING);
 							}

phpBB/includes/acp/acp_inactive.php

@@ -135,6 +135,8 @@ class acp_inactive
 							{
 								user_delete('retain', $user_id, $user_affected[$user_id]);
 							}
+
+							add_log('admin', 'LOG_INACTIVE_' . strtoupper($action), implode(', ', $user_affected));
 						}
 						else
 						{
@@ -143,13 +145,12 @@ class acp_inactive
 								'action'		=> $action,
 								'mark'			=> $mark,
 								'submit'		=> 1,
+								'start'			=> $start,
 							);
 							confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields($s_hidden_fields));
 						}
 					}
 
-					add_log('admin', 'LOG_INACTIVE_' . strtoupper($action), implode(', ', $user_affected));
-
 				break;
 
 				case 'remind':
@@ -166,7 +167,7 @@ class acp_inactive
 					if ($row = $db->sql_fetchrow($result))
 					{
 						// Send the messages
-						include_once($phpbb_root_path . 'includes/functions_messenger.'.$phpEx);
+						include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
 
 						$messenger = new messenger();
 						$usernames = array();
@@ -216,7 +217,7 @@ class acp_inactive
 		$inactive = array();
 		$inactive_count = 0;
 
-		view_inactive_users($inactive, $inactive_count, $config['topics_per_page'], $start, $sql_where, $sql_sort);
+		$start = view_inactive_users($inactive, $inactive_count, $config['topics_per_page'], $start, $sql_where, $sql_sort);
 
 		foreach ($inactive as $row)
 		{
@@ -246,6 +247,8 @@ class acp_inactive
 			'S_SORT_DIR'	=> $s_sort_dir,
 			'S_ON_PAGE'		=> on_page($inactive_count, $config['topics_per_page'], $start),
 			'PAGINATION'	=> generate_pagination($this->u_action . "&$u_sort_param", $inactive_count, $config['topics_per_page'], $start, true),
+			
+			'U_ACTION'		=> $this->u_action . '&start=' . $start,
 		));
 
 		$this->tpl_name = 'acp_inactive';

phpBB/includes/acp/acp_language.php

@@ -42,13 +42,13 @@ class acp_language
 		// Check and set some common vars
 
 		$action		= (isset($_POST['update_details'])) ? 'update_details' : '';
-		$action		= (isset($_POST['download_file'])) ? 'download_file' : '';
-		$action		= (isset($_POST['upload_file'])) ? 'upload_file' : '';
-		$action		= (isset($_POST['upload_data'])) ? 'upload_data' : '';
-		$action		= (isset($_POST['submit_file'])) ? 'submit_file' : '';
-		$action		= (isset($_POST['remove_store'])) ? 'details' : '';
+		$action		= (isset($_POST['download_file'])) ? 'download_file' : $action;
+		$action		= (isset($_POST['upload_file'])) ? 'upload_file' : $action;
+		$action		= (isset($_POST['upload_data'])) ? 'upload_data' : $action;
+		$action		= (isset($_POST['submit_file'])) ? 'submit_file' : $action;
+		$action		= (isset($_POST['remove_store'])) ? 'details' : $action;
 
-		$submit = (empty($action)) ? false : true;
+		$submit = (empty($action) && !isset($_POST['update']) && !isset($_POST['test_connection'])) ? false : true;
 		$action = (empty($action)) ? request_var('action', '') : $action;
 
 		$form_name = 'acp_lang';
@@ -1171,6 +1171,11 @@ class acp_language
 /**
 * DO NOT CHANGE
 */
+if (!defined(\'IN_PHPBB\'))
+{
+	exit;
+}
+
 if (empty($lang) || !is_array($lang))
 {
 	$lang = array();

phpBB/includes/acp/acp_main.php

@@ -61,6 +61,14 @@ class acp_main
 
 		if ($action)
 		{
+			if ($action === 'admlogout')
+			{
+				$user->unset_admin();
+				$redirect_url = append_sid("{$phpbb_root_path}index.$phpEx");
+				meta_refresh(3, $redirect_url);
+				trigger_error($user->lang['ADM_LOGGED_OUT'] . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . $redirect_url . '">', '</a>'));
+			}
+
 			if (!confirm_box(true))
 			{
 				switch ($action)
@@ -108,6 +116,7 @@ class acp_main
 			{
 				switch ($action)
 				{
+
 					case 'online':
 						if (!$auth->acl_get('a_board'))
 						{
@@ -287,6 +296,7 @@ class acp_main
 
 						// Clear permissions
 						$auth->acl_clear_prefetch();
+						cache_moderators();
 
 						add_log('admin', 'LOG_PURGE_CACHE');
 					break;
@@ -309,8 +319,8 @@ class acp_main
 		$users_per_day = sprintf('%.2f', $total_users / $boarddays);
 		$files_per_day = sprintf('%.2f', $total_files / $boarddays);
 
-		$upload_dir_size = ($config['upload_dir_size'] >= 1048576) ? sprintf('%.2f ' . $user->lang['MB'], ($config['upload_dir_size'] / 1048576)) : (($config['upload_dir_size'] >= 1024) ? sprintf('%.2f ' . $user->lang['KB'], ($config['upload_dir_size'] / 1024)) : sprintf('%.2f ' . $user->lang['BYTES'], $config['upload_dir_size']));
-
+		$upload_dir_size = get_formatted_filesize($config['upload_dir_size']);
+	
 		$avatar_dir_size = 0;
 
 		if ($avatar_dir = @opendir($phpbb_root_path . $config['avatar_path']))
@@ -322,12 +332,9 @@ class acp_main
 					$avatar_dir_size += filesize($phpbb_root_path . $config['avatar_path'] . '/' . $file);
 				}
 			}
-			@closedir($avatar_dir);
+			closedir($avatar_dir);
 
-			// This bit of code translates the avatar directory size into human readable format
-			// Borrowed the code from the PHP.net annoted manual, origanally written by:
-			// Jesse (jesse@jess.on.ca)
-			$avatar_dir_size = ($avatar_dir_size >= 1048576) ? sprintf('%.2f ' . $user->lang['MB'], ($avatar_dir_size / 1048576)) : (($avatar_dir_size >= 1024) ? sprintf('%.2f ' . $user->lang['KB'], ($avatar_dir_size / 1024)) : sprintf('%.2f ' . $user->lang['BYTES'], $avatar_dir_size));
+			$avatar_dir_size = get_formatted_filesize($avatar_dir_size);
 		}
 		else
 		{
@@ -391,7 +398,7 @@ class acp_main
 			'DATABASE_INFO'		=> $db->sql_server_info(),
 			'BOARD_VERSION'		=> $config['version'],
 
-			'U_ACTION'			=> append_sid("{$phpbb_admin_path}index.$phpEx"),
+			'U_ACTION'			=> $this->u_action,
 			'U_ADMIN_LOG'		=> append_sid("{$phpbb_admin_path}index.$phpEx", 'i=logs&amp;mode=admin'),
 			'U_INACTIVE_USERS'	=> append_sid("{$phpbb_admin_path}index.$phpEx", 'i=inactive&amp;mode=list'),
 

phpBB/includes/acp/acp_permissions.php

@@ -48,7 +48,7 @@ class acp_permissions
 
 			$this->tpl_name = 'permission_trace';
 
-			if ($user_id && isset($auth_admin->option_ids[$permission]) && $auth->acl_get('a_viewauth'))
+			if ($user_id && isset($auth_admin->acl_options['id'][$permission]) && $auth->acl_get('a_viewauth'))
 			{
 				$this->page_title = sprintf($user->lang['TRACE_PERMISSION'], $user->lang['acl_' . $permission]['lang']);
 				$this->permission_trace($user_id, $forum_id, $permission);
@@ -124,7 +124,7 @@ class acp_permissions
 			$forum_id = array();
 			while ($row = $db->sql_fetchrow($result))
 			{
-				$forum_id[] = $row['forum_id'];
+				$forum_id[] = (int) $row['forum_id'];
 			}
 			$db->sql_freeresult($result);
 		}
@@ -133,7 +133,7 @@ class acp_permissions
 			$forum_id = array();
 			foreach (get_forum_branch($subforum_id, 'children') as $row)
 			{
-				$forum_id[] = $row['forum_id'];
+				$forum_id[] = (int) $row['forum_id'];
 			}
 		}
 
@@ -598,7 +598,7 @@ class acp_permissions
 			$ids = array();
 			while ($row = $db->sql_fetchrow($result))
 			{
-				$ids[] = $row[$sql_id];
+				$ids[] = (int) $row[$sql_id];
 			}
 			$db->sql_freeresult($result);
 		}
@@ -1117,31 +1117,51 @@ class acp_permissions
 		global $db, $user;
 
 		$sql_forum_id = ($permission_scope == 'global') ? 'AND a.forum_id = 0' : ((sizeof($forum_id)) ? 'AND ' . $db->sql_in_set('a.forum_id', $forum_id) : 'AND a.forum_id <> 0');
-		$sql_permission_option = ' AND o.auth_option ' . $db->sql_like_expression($permission_type . $db->any_char);
-		
-		$sql = $db->sql_build_query('SELECT_DISTINCT', array(
-			'SELECT'	=> 'u.username, u.username_clean, u.user_regdate, u.user_id',
 
-			'FROM'		=> array(
-				USERS_TABLE			=> 'u',
-				ACL_OPTIONS_TABLE	=> 'o',
-				ACL_USERS_TABLE		=> 'a'
-			),
+		// Permission options are only able to be a permission set... therefore we will pre-fetch the possible options and also the possible roles
+		$option_ids = $role_ids = array();
 
-			'LEFT_JOIN'	=> array(
-				array(
-					'FROM'	=> array(ACL_ROLES_DATA_TABLE => 'r'),
-					'ON'	=> 'a.auth_role_id = r.role_id'
-				)
-			),
+		$sql = 'SELECT auth_option_id
+			FROM ' . ACL_OPTIONS_TABLE . '
+			WHERE auth_option ' . $db->sql_like_expression($permission_type . $db->any_char);
+		$result = $db->sql_query($sql);
 
-			'WHERE'		=> "(a.auth_option_id = o.auth_option_id OR r.auth_option_id = o.auth_option_id)
-				$sql_permission_option
+		while ($row = $db->sql_fetchrow($result))
+		{
+			$option_ids[] = (int) $row['auth_option_id'];
+		}
+		$db->sql_freeresult($result);
+
+		if (sizeof($option_ids))
+		{
+			$sql = 'SELECT DISTINCT role_id
+				FROM ' . ACL_ROLES_DATA_TABLE . '
+				WHERE ' . $db->sql_in_set('auth_option_id', $option_ids);
+			$result = $db->sql_query($sql);
+
+			while ($row = $db->sql_fetchrow($result))
+			{
+				$role_ids[] = (int) $row['role_id'];
+			}
+			$db->sql_freeresult($result);
+		}
+
+		if (sizeof($option_ids) && sizeof($role_ids))
+		{
+			$sql_where = 'AND (' . $db->sql_in_set('a.auth_option_id', $option_ids) . ' OR ' . $db->sql_in_set('a.auth_role_id', $role_ids) . ')';
+		}
+		else
+		{
+			$sql_where = 'AND ' . $db->sql_in_set('a.auth_option_id', $option_ids);
+		}
+
+		// Not ideal, due to the filesort, non-use of indexes, etc.
+		$sql = 'SELECT DISTINCT u.user_id, u.username, u.username_clean, u.user_regdate
+			FROM ' . USERS_TABLE . ' u, ' . ACL_USERS_TABLE . " a
+			WHERE u.user_id = a.user_id
 				$sql_forum_id
-				AND u.user_id = a.user_id",
-
-			'ORDER_BY'	=> 'u.username_clean, u.user_regdate ASC'
-		));
+				$sql_where
+			ORDER BY u.username_clean, u.user_regdate ASC";
 		$result = $db->sql_query($sql);
 
 		$s_defined_user_options = '';
@@ -1153,29 +1173,12 @@ class acp_permissions
 		}
 		$db->sql_freeresult($result);
 
-		$sql = $db->sql_build_query('SELECT_DISTINCT', array(
-			'SELECT'	=> 'g.group_type, g.group_name, g.group_id',
-
-			'FROM'		=> array(
-				GROUPS_TABLE		=> 'g',
-				ACL_OPTIONS_TABLE	=> 'o',
-				ACL_GROUPS_TABLE	=> 'a'
-			),
-
-			'LEFT_JOIN'	=> array(
-				array(
-					'FROM'	=> array(ACL_ROLES_DATA_TABLE => 'r'),
-					'ON'	=> 'a.auth_role_id = r.role_id'
-				)
-			),
-
-			'WHERE'		=> "(a.auth_option_id = o.auth_option_id OR r.auth_option_id = o.auth_option_id)
-				$sql_permission_option
+		$sql = 'SELECT DISTINCT g.group_type, g.group_name, g.group_id
+			FROM ' . GROUPS_TABLE . ' g, ' . ACL_GROUPS_TABLE . " a
+			WHERE g.group_id = a.group_id
 				$sql_forum_id
-				AND g.group_id = a.group_id",
-
-			'ORDER_BY'	=> 'g.group_type DESC, g.group_name ASC'
-		));
+				$sql_where
+			ORDER BY g.group_type DESC, g.group_name ASC";
 		$result = $db->sql_query($sql);
 
 		$s_defined_group_options = '';

phpBB/includes/acp/acp_profile.php

@@ -480,9 +480,9 @@ class acp_profile
 					}
 					else if ($field_type == FIELD_DATE && $key == 'field_default_value')
 					{
-						$always_now = request_var('always_now', 0);
-
-						if ($always_now || $var == 'now')
+						$always_now = request_var('always_now', -1);
+						
+						if ($always_now == 1 || ($always_now === -1 && $var == 'now'))
 						{
 							$now = getdate();
 

phpBB/includes/acp/acp_prune.php

@@ -405,7 +405,15 @@ class acp_prune
 			$where_sql .= ($email) ? ' AND user_email ' . $db->sql_like_expression(str_replace('*', $db->any_char, $email)) . ' ' : '';
 			$where_sql .= (sizeof($joined)) ? " AND user_regdate " . $key_match[$joined_select] . ' ' . gmmktime(0, 0, 0, (int) $joined[1], (int) $joined[2], (int) $joined[0]) : '';
 			$where_sql .= ($count !== '') ? " AND user_posts " . $key_match[$count_select] . ' ' . (int) $count . ' ' : '';
-			$where_sql .= (sizeof($active)) ? " AND user_lastvisit " . $key_match[$active_select] . " " . gmmktime(0, 0, 0, (int) $active[1], (int) $active[2], (int) $active[0]) : '';
+
+			if (sizeof($active) && $active_select != 'lt')
+			{
+				$where_sql .= ' AND user_lastvisit ' . $key_match[$active_select] . ' ' . gmmktime(0, 0, 0, (int) $active[1], (int) $active[2], (int) $active[0]);
+			}
+			else if (sizeof($active))
+			{
+				$where_sql .= ' AND (user_lastvisit > 0 AND user_lastvisit < ' . gmmktime(0, 0, 0, (int) $active[1], (int) $active[2], (int) $active[0]) . ')';
+			}
 		}
 
 		// Protect the admin, do not prune if no options are given...

phpBB/includes/acp/acp_ranks.php

@@ -139,11 +139,6 @@ class acp_ranks
 			case 'edit':
 			case 'add':
 
-				if (!check_form_key($form_name))
-				{
-					trigger_error($user->lang['FORM_INVALID']. adm_back_link($this->u_action), E_USER_WARNING);
-				}
-
 				$data = $ranks = $existing_imgs = array();
 				
 				$sql = 'SELECT *