3.0.2-RC2 released

git-svn-id: file:///svn/phpbb/tags/release_3_0_2-RC2@8676 89ea8834-ac86-4346-8a33-228a782c2dd0
Bug #29635
2025-09-11 00:30:53 +02:00 · 2008-06-29 10:39:19 +00:00 · 2008-06-28 17:07:50 +00:00 · 2008-06-28 15:07:37 +00:00 · 2008-06-24 20:59:21 +00:00 · 2008-06-23 17:08:42 +00:00
213 changed files with 3517 additions and 2109 deletions
--- a/phpBB/adm/images/progress_bar.gif
+++ b/phpBB/adm/images/progress_bar.gif
--- a/phpBB/adm/index.php
+++ b/phpBB/adm/index.php
@@ -45,8 +45,8 @@ define('IN_ADMIN', true);
 $phpbb_admin_path = (defined('PHPBB_ADMIN_PATH')) ? PHPBB_ADMIN_PATH : './';

 // Some oft used variables
-$safe_mode		= (@ini_get('safe_mode') || @strtolower(ini_get('safe_mode')) == 'on') ? true : false;
-$file_uploads	= (@ini_get('file_uploads') || strtolower(@ini_get('file_uploads')) == 'on') ? true : false;
+$safe_mode		= (@ini_get('safe_mode') == '1' || strtolower(@ini_get('safe_mode')) === 'on') ? true : false;
+$file_uploads	= (@ini_get('file_uploads') == '1' || strtolower(@ini_get('file_uploads')) === 'on') ? true : false;
 $module_id		= request_var('i', '');
 $mode			= request_var('mode', '');

@@ -116,6 +116,7 @@ function adm_page_header($page_title)
 		'ROOT_PATH'				=> $phpbb_admin_path,

 		'U_LOGOUT'				=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=logout'),
+		'U_ADM_LOGOUT'			=> append_sid("{$phpbb_admin_path}index.$phpEx", 'action=admlogout'),
 		'U_ADM_INDEX'			=> append_sid("{$phpbb_admin_path}index.$phpEx"),
 		'U_INDEX'				=> append_sid("{$phpbb_root_path}index.$phpEx"),

@@ -184,7 +185,7 @@ function adm_page_footer($copyright_html = true)
 				{
 					global $base_memory_usage;
 					$memory_usage -= $base_memory_usage;
-					$memory_usage = ($memory_usage >= 1048576) ? round((round($memory_usage / 1048576 * 100) / 100), 2) . ' ' . $user->lang['MB'] : (($memory_usage >= 1024) ? round((round($memory_usage / 1024 * 100) / 100), 2) . ' ' . $user->lang['KB'] : $memory_usage . ' ' . $user->lang['BYTES']);
+					$memory_usage = get_formatted_filesize($memory_usage);

 					$debug_output .= ' | Memory Usage: ' . $memory_usage;
 				}
@@ -367,33 +368,64 @@ function build_cfg_template($tpl_type, $key, &$new, $config_key, $vars)
 }

 /**
-* Going through a config array and validate values, writing errors to $error.
+* Going through a config array and validate values, writing errors to $error. The validation method  accepts parameters separated by ':' for string and int.
+* The first parameter defines the type to be used, the second the lower bound and the third the upper bound. Only the type is required.
 */
 function validate_config_vars($config_vars, &$cfg_array, &$error)
 {
 	global $phpbb_root_path, $user;
-
+	$type	= 0;
+	$min	= 1;
+	$max	= 2;
+	
 	foreach ($config_vars as $config_name => $config_definition)
 	{
 		if (!isset($cfg_array[$config_name]) || strpos($config_name, 'legend') !== false)
 		{
 			continue;
 		}
-
+	
 		if (!isset($config_definition['validate']))
 		{
 			continue;
 		}
+		
+		$validator = explode(':', $config_definition['validate']);

-		// Validate a bit. ;) String is already checked through request_var(), therefore we do not check this again
-		switch ($config_definition['validate'])
+		// Validate a bit. ;) (0 = type, 1 = min, 2= max)
+		switch ($validator[$type])
 		{
+			case 'string':
+				$length = strlen($cfg_array[$config_name]);
+
+				// the column is a VARCHAR
+				$validator[$max] = (isset($validator[$max])) ? min(255, $validator[$max]) : 255;
+
+				if (isset($validator[$min]) && $length < $validator[$min])
+				{
+					$error[] = sprintf($user->lang['SETTING_TOO_SHORT'], $user->lang[$config_definition['lang']], $validator[$min]);
+				}
+				else if (isset($validator[$max]) && $length > $validator[2])
+				{
+					$error[] = sprintf($user->lang['SETTING_TOO_LONG'], $user->lang[$config_definition['lang']], $validator[$max]);
+				}
+			break;
+
 			case 'bool':
 				$cfg_array[$config_name] = ($cfg_array[$config_name]) ? 1 : 0;
 			break;

 			case 'int':
 				$cfg_array[$config_name] = (int) $cfg_array[$config_name];
+
+				if (isset($validator[$min]) && $cfg_array[$config_name] < $validator[$min])
+				{
+					$error[] = sprintf($user->lang['SETTING_TOO_LOW'], $user->lang[$config_definition['lang']], $validator[$min]);
+				}
+				else if (isset($validator[$max]) && $cfg_array[$config_name] > $validator[$max])
+				{
+					$error[] = sprintf($user->lang['SETTING_TOO_BIG'], $user->lang[$config_definition['lang']], $validator[$max]);
+				}
 			break;

 			// Absolute path
@@ -508,4 +540,62 @@ function validate_config_vars($config_vars, &$cfg_array, &$error)
 	return;
 }

+/**
+* Checks whatever or not a variable is OK for use in the Database
+* param mixed $value_ary An array of the form array(array('lang' => ..., 'value' => ..., 'column_type' =>))'
+* param mixed $error The error array
+*/
+function validate_range($value_ary, &$error)
+{
+	global $user;
+	
+	$column_types = array(
+		'BOOL'	=> array('php_type' => 'int', 		'min' => 0, 				'max' => 1),
+		'USINT'	=> array('php_type' => 'int',		'min' => 0, 				'max' => 65535),
+		'UINT'	=> array('php_type' => 'int', 		'min' => 0, 				'max' => (int) 0x7fffffff),
+		'INT'	=> array('php_type' => 'int', 		'min' => (int) 0x80000000, 	'max' => (int) 0x7fffffff),
+		'TINT'	=> array('php_type' => 'int',		'min' => -128,				'max' => 127),
+		
+		'VCHAR'	=> array('php_type' => 'string', 	'min' => 0, 				'max' => 255),
+	);
+	foreach ($value_ary as $value)
+	{
+		$column = explode(':', $value['column_type']);
+		$max = $min = 0;
+		$type = 0;
+		if (!isset($column_types[$column[0]]))
+		{
+			continue;
+		}
+		else
+		{
+			$type = $column_types[$column[0]];
+		}
+
+		switch ($type['php_type'])
+		{
+			case 'string' :
+				$max = (isset($column[1])) ? min($column[1],$type['max']) : $type['max'];
+				if (strlen($value['value']) > $max)
+				{
+					$error[] = sprintf($user->lang['SETTING_TOO_LONG'], $user->lang[$value['lang']], $max);
+				}
+			break;
+
+			case 'int': 
+				$min = (isset($column[1])) ? max($column[1],$type['min']) : $type['min'];
+				$max = (isset($column[2])) ? min($column[2],$type['max']) : $type['max'];
+				if ($value['value'] < $min)
+				{
+					$error[] = sprintf($user->lang['SETTING_TOO_LOW'], $user->lang[$value['lang']], $min);
+				}
+				else if ($value['value'] > $max)
+				{
+					$error[] = sprintf($user->lang['SETTING_TOO_BIG'], $user->lang[$value['lang']], $max);
+				}
+			break;
+		}
+	}
+}
+
 ?>
--- a/phpBB/adm/style/acp_attachments.html
+++ b/phpBB/adm/style/acp_attachments.html
@@ -122,11 +122,11 @@
 			{
 				if (newimage == 'no_image')
 				{
-					document.image_upload_icon.src = "{PHPBB_ROOT_PATH}images/spacer.gif";
+					document.getElementById('image_upload_icon').src = "{PHPBB_ROOT_PATH}images/spacer.gif";
 				}
 				else
 				{
-					document.image_upload_icon.src = "{PHPBB_ROOT_PATH}{IMG_PATH}/" + newimage;
+					document.getElementById('image_upload_icon').src = "{PHPBB_ROOT_PATH}{IMG_PATH}/" + newimage;
 				}
 			}

@@ -192,7 +192,7 @@
 			<dd><select name="upload_icon" id="upload_icon" onchange="update_image(this.options[selectedIndex].value);">
 					<option value="no_image"<!-- IF S_NO_IMAGE --> selected="selected"<!-- ENDIF -->>{L_NO_IMAGE}</option>{S_FILENAME_LIST}
 			</select></dd>
-			<dd>&nbsp;<img <!-- IF S_NO_IMAGE -->src="{PHPBB_ROOT_PATH}images/spacer.gif"<!-- ELSE -->src="{UPLOAD_ICON_SRC}"<!-- ENDIF --> name="image_upload_icon" alt="" title="" />&nbsp;</dd>
+			<dd>&nbsp;<img <!-- IF S_NO_IMAGE -->src="{PHPBB_ROOT_PATH}images/spacer.gif"<!-- ELSE -->src="{UPLOAD_ICON_SRC}"<!-- ENDIF --> id="image_upload_icon" alt="" title="" />&nbsp;</dd>
 		</dl>
 		<dl>
 			<dt><label for="extgroup_filesize">{L_MAX_EXTGROUP_FILESIZE}:</label></dt>
--- a/phpBB/adm/style/acp_bbcodes.html
+++ b/phpBB/adm/style/acp_bbcodes.html
@@ -103,6 +103,10 @@
 			<td style="text-align: center;">{bbcodes.BBCODE_TAG}</td>
 			<td style="text-align: right; width: 40px;"><a href="{bbcodes.U_EDIT}">{ICON_EDIT}</a> <a href="{bbcodes.U_DELETE}">{ICON_DELETE}</a></td>
 		</tr>
+	<!-- BEGINELSE -->
+		<tr class="row3">
+			<td colspan="2">{L_ACP_NO_ITEMS}</td>
+		</tr>
 	<!-- END bbcodes -->
 	</tbody>
 	</table>
--- a/phpBB/adm/style/acp_database.html
+++ b/phpBB/adm/style/acp_database.html
@@ -7,8 +7,9 @@

 	<p>{L_ACP_RESTORE_EXPLAIN}</p>

+	<!-- IF .files -->
 	<form id="acp_backup" method="post" action="{U_ACTION}">
-	
+
 	<fieldset>
 		<legend>{L_RESTORE_OPTIONS}</legend>
 	<dl>
@@ -16,16 +17,19 @@
 		<dd><select id="file" name="file" size="10"><!-- BEGIN files --><option value="{files.FILE}"<!-- IF files.S_LAST_ROW --> selected="selected"<!-- ENDIF -->>{files.NAME}</option><!-- END files --></select></dd>
 	</dl>

-	<!-- IF .files -->
-		<p class="submit-buttons">
-			<input class="button1" type="submit" id="submit" name="submit" value="{L_START_RESTORE}" />&nbsp;
-			<input class="button2" type="submit" id="delete" name="delete" value="{L_DELETE_BACKUP}" />&nbsp;
-			<input class="button2" type="submit" id="download" name="download" value="{L_DOWNLOAD_BACKUP}" />
-		</p>
-	<!-- ENDIF -->
-		{S_FORM_TOKEN}
+	<p class="submit-buttons">
+		<input class="button1" type="submit" id="submit" name="submit" value="{L_START_RESTORE}" />&nbsp;
+		<input class="button2" type="submit" id="delete" name="delete" value="{L_DELETE_BACKUP}" />&nbsp;
+		<input class="button2" type="submit" id="download" name="download" value="{L_DOWNLOAD_BACKUP}" />
+	</p>
+	{S_FORM_TOKEN}
 	</fieldset>
 	</form>
+	<!-- ELSE -->
+		<div class="errorbox">
+			<p>{L_ACP_NO_ITEMS}</p>
+		</div>
+	<!-- ENDIF -->

 <!-- ELSE -->
 	<h1>{L_ACP_BACKUP}</h1>
@@ -77,7 +81,7 @@
 			<option value="{tables.TABLE}">{tables.TABLE}</option>
 		<!-- END tables -->
 		</select></dd>
-		<dd><a href="#" onclick="selector(true)">{L_SELECT_ALL}</a> :: <a href="#" onclick="selector(false)">{L_DESELECT_ALL}</a></dd>
+		<dd><a href="#" onclick="selector(true); return false;">{L_SELECT_ALL}</a> :: <a href="#" onclick="selector(false); return false;">{L_DESELECT_ALL}</a></dd>
 	</dl>

 	<p class="submit-buttons">
--- a/phpBB/adm/style/acp_forums.html
+++ b/phpBB/adm/style/acp_forums.html
@@ -96,7 +96,7 @@

 	<a href="{U_BACK}" style="float: {S_CONTENT_FLOW_END};">&laquo; {L_BACK}</a>

-	<h1>{L_TITLE} :: {FORUM_NAME}</h1>
+	<h1>{L_TITLE} <!-- IF FORUM_NAME -->:: {FORUM_NAME}<!-- ENDIF --></h1>

 	<p>{L_FORUM_EDIT_EXPLAIN}</p>

@@ -202,6 +202,11 @@
 			<dt><label for="forum_status">{L_FORUM_STATUS}:</label></dt>
 			<dd><select id="forum_status" name="forum_status">{S_STATUS_OPTIONS}</select></dd>
 		</dl>
+		<dl>
+			<dt><label for="display_subforum_list">{L_LIST_SUBFORUMS}:</label><br /><span>{L_LIST_SUBFORUMS_EXPLAIN}</span></dt>
+			<dd><label><input type="radio" class="radio" name="display_subforum_list" value="1"<!-- IF S_DISPLAY_SUBFORUM_LIST --> id="display_subforum_list" checked="checked"<!-- ENDIF --> /> {L_YES}</label>
+				<label><input type="radio" class="radio" name="display_subforum_list" value="0"<!-- IF not S_DISPLAY_SUBFORUM_LIST --> id="display_subforum_list" checked="checked"<!-- ENDIF --> /> {L_NO}</label></dd>
+		</dl>
 		<dl>
 			<dt><label for="display_on_index">{L_LIST_INDEX}:</label><br /><span>{L_LIST_INDEX_EXPLAIN}</span></dt>
 			<dd><label><input type="radio" class="radio" name="display_on_index" value="1"<!-- IF S_DISPLAY_ON_INDEX --> id="display_on_index" checked="checked"<!-- ENDIF --> /> {L_YES}</label>
@@ -445,7 +450,7 @@
 					<!-- IF forums.S_FIRST_ROW && not forums.S_LAST_ROW -->
 						{ICON_MOVE_UP_DISABLED}
 						<a href="{forums.U_MOVE_DOWN}">{ICON_MOVE_DOWN}</a>
-					<!-- ELSEIF not forums.S_FIRST_ROW && not forums.S_LAST_ROW-->
+					<!-- ELSEIF not forums.S_FIRST_ROW && not forums.S_LAST_ROW -->
 						<a href="{forums.U_MOVE_UP}">{ICON_MOVE_UP}</a>
 						<a href="{forums.U_MOVE_DOWN}">{ICON_MOVE_DOWN}</a>
 					<!-- ELSEIF forums.S_LAST_ROW && not forums.S_FIRST_ROW -->
--- a/phpBB/adm/style/acp_icons.html
+++ b/phpBB/adm/style/acp_icons.html
@@ -43,19 +43,19 @@
 	
 	function toggle_select(icon, display, select)
 	{
-		var disp = document.getElementById('order_disp[' + icon + ']');
-		var nodisp = document.getElementById('order_no_disp[' + icon + ']');
+		var disp = document.getElementById('order_disp_' + select);
+		var nodisp = document.getElementById('order_no_disp_' + select);
 		disp.disabled = !display;
 		nodisp.disabled = display;
 		if (display)
 		{
-			document.getElementById(select).selectedIndex = 0;
+			document.getElementById('order_' + select).selectedIndex = 0;
 			nodisp.className = 'disabled-options';
 			disp.className = '';
 		}
 		else
 		{
-			document.getElementById(select).selectedIndex = {S_ORDER_LIST_DISPLAY_COUNT};
+			document.getElementById('order_' + select).selectedIndex = {S_ORDER_LIST_DISPLAY_COUNT};
 			disp.className = 'disabled-options';
 			nodisp.className = '';
 		}
@@ -111,15 +111,15 @@
 		<td><input class="text post" type="text" size="3" name="width[{items.IMG}]" value="{items.WIDTH}" /></td>
 		<td><input class="text post" type="text" size="3" name="height[{items.IMG}]" value="{items.HEIGHT}" /></td>
 		<td>
-			<input type="checkbox" class="radio" name="display_on_posting[{items.IMG}]"{items.POSTING_CHECKED} onclick="toggle_select('{items.A_IMG}', this.checked, 'order[{items.A_IMG}]');"/>
+			<input type="checkbox" class="radio" name="display_on_posting[{items.IMG}]"{items.POSTING_CHECKED} onclick="toggle_select('{items.A_IMG}', this.checked, '{items.S_ROW_COUNT}');"/>
 			<!-- IF items.S_ID -->
 				<input type="hidden" name="id[{items.IMG}]" value="{items.ID}" />
 			<!-- ENDIF -->
 		</td>
 		<!-- IF ID or S_ADD -->
-			<td><select id="order[{items.IMG}]" name="order[{items.IMG}]">
-				<optgroup id="order_disp[{items.IMG}]" label="{L_DISPLAY_POSTING}" <!-- IF not items.POSTING_CHECKED -->disabled="disabled" class="disabled-options" <!-- ENDIF -->>{S_ORDER_LIST_DISPLAY}</optgroup>
-				<optgroup id="order_no_disp[{items.IMG}]" label="{L_DISPLAY_POSTING_NO}" <!-- IF  items.POSTING_CHECKED -->disabled="disabled" class="disabled-options" <!-- ENDIF -->>{S_ORDER_LIST_UNDISPLAY}</optgroup>
+			<td><select id="order_{items.S_ROW_COUNT}" name="order[{items.IMG}]">
+				<optgroup id="order_disp_{items.S_ROW_COUNT}" label="{L_DISPLAY_POSTING}" <!-- IF not items.POSTING_CHECKED -->disabled="disabled" class="disabled-options" <!-- ENDIF -->>{S_ORDER_LIST_DISPLAY}</optgroup>
+				<optgroup id="order_no_disp_{items.S_ROW_COUNT}" label="{L_DISPLAY_POSTING_NO}" <!-- IF  items.POSTING_CHECKED -->disabled="disabled" class="disabled-options" <!-- ENDIF -->>{S_ORDER_LIST_UNDISPLAY}</optgroup>
 			</select></td>
 		<!-- ENDIF -->	
 		<!-- IF S_ADD -->
@@ -248,6 +248,10 @@
 				&nbsp;<a href="{items.U_EDIT}">{ICON_EDIT}</a> <a href="{items.U_DELETE}">{ICON_DELETE}</a>
 			</td>
 		</tr>
+	<!-- BEGINELSE -->
+		<tr class="row3">
+			<td colspan="{COLSPAN}">{L_ACP_NO_ITEMS}</td>
+		</tr>
 	<!-- END items -->
 	</tbody>
 	</table>
--- a/phpBB/adm/style/acp_inactive.html
+++ b/phpBB/adm/style/acp_inactive.html
--- a/phpBB/adm/style/acp_language.html
+++ b/phpBB/adm/style/acp_language.html
@@ -121,9 +121,11 @@

 	<!--[if lt IE 8]>
 	<style type="text/css">
+	/* <![CDATA[ */
 		input.langvalue, textarea.langvalue {
 		width: 450px;
 		}
+	/* ]]> */
 	</style>
 	<![endif]-->

--- a/phpBB/adm/style/acp_permission_roles.html
+++ b/phpBB/adm/style/acp_permission_roles.html
@@ -28,11 +28,11 @@

 	<p>{L_EXPLAIN}</p>

-	<form id="acp_roles" method="post" action="{U_ACTION}">
-
 	<br />
 	<a href="#acl">&raquo; {L_SET_ROLE_PERMISSIONS}</a>

+	<form id="acp_roles" method="post" action="{U_ACTION}">
+
 	<fieldset>
 		<legend>{L_ROLE_DETAILS}</legend>
 	<dl>
@@ -46,6 +46,7 @@

 	<p class="quick">
 		<input type="submit" class="button1" name="submit" value="{L_SUBMIT}" />
+		{S_FORM_TOKEN}
 	</p>
 	</fieldset>

@@ -57,11 +58,15 @@

 	<!-- ENDIF -->

+	<p>
+
 	<a name="acl"></a>

 	<a href="#maincontent">&raquo; {L_BACK_TO_TOP}</a><br />
 	<br /><br />

+	</p>
+
 	<h1>{L_ACL_TYPE}</h1>

 	<fieldset class="perm nolegend">
@@ -107,9 +112,9 @@
 						<!-- IF auth.mask.S_ROW_COUNT is even --><tr class="row4"><!-- ELSE --><tr class="row3"><!-- ENDIF -->
 						<th class="permissions-name<!-- IF auth.mask.S_ROW_COUNT is even --> row4<!-- ELSE --> row3<!-- ENDIF -->">{auth.mask.PERMISSION}</th>
 							
-						<td class="permissions-yes"><label for="{auth.mask.FIELD_NAME}_y"><input onchange="set_colours('00{auth.S_ROW_COUNT}', false)" id="setting[{auth.mask.FIELD_NAME}]_y" name="setting[{auth.mask.FIELD_NAME}]" class="radio" type="radio"<!-- IF auth.mask.S_YES --> checked="checked"<!-- ENDIF --> value="1" /></label></td>
-						<td class="permissions-no"><label for="{auth.mask.FIELD_NAME}_u"><input onchange="set_colours('00{auth.S_ROW_COUNT}', false)" id="setting[{auth.mask.FIELD_NAME}]_u" name="setting[{auth.mask.FIELD_NAME}]" class="radio" type="radio"<!-- IF auth.mask.S_NO --> checked="checked"<!-- ENDIF --> value="-1" /></label></td>
-						<td class="permissions-never"><label for="{auth.mask.FIELD_NAME}_n"><input onchange="set_colours('00{auth.S_ROW_COUNT}', false)" id="setting[{auth.mask.FIELD_NAME}]_n" name="setting[{auth.mask.FIELD_NAME}]" class="radio" type="radio"<!-- IF auth.mask.S_NEVER --> checked="checked"<!-- ENDIF --> value="0" /></label></td>
+						<td class="permissions-yes"><label for="setting_{auth.mask.FIELD_NAME}_y"><input onchange="set_colours('00{auth.S_ROW_COUNT}', false)" id="setting_{auth.mask.FIELD_NAME}_y" name="setting[{auth.mask.FIELD_NAME}]" class="radio" type="radio"<!-- IF auth.mask.S_YES --> checked="checked"<!-- ENDIF --> value="1" /></label></td>
+						<td class="permissions-no"><label for="setting_{auth.mask.FIELD_NAME}_u"><input onchange="set_colours('00{auth.S_ROW_COUNT}', false)" id="setting_{auth.mask.FIELD_NAME}_u" name="setting[{auth.mask.FIELD_NAME}]" class="radio" type="radio"<!-- IF auth.mask.S_NO --> checked="checked"<!-- ENDIF --> value="-1" /></label></td>
+						<td class="permissions-never"><label for="setting_{auth.mask.FIELD_NAME}_n"><input onchange="set_colours('00{auth.S_ROW_COUNT}', false)" id="setting_{auth.mask.FIELD_NAME}_n" name="setting[{auth.mask.FIELD_NAME}]" class="radio" type="radio"<!-- IF auth.mask.S_NEVER --> checked="checked"<!-- ENDIF --> value="0" /></label></td>
 					</tr>
 					<!-- END mask -->
 					</tbody>
--- a/phpBB/adm/style/acp_prune_forums.html
+++ b/phpBB/adm/style/acp_prune_forums.html
@@ -44,7 +44,7 @@
 		<p>{L_LOOK_UP_FORUMS_EXPLAIN}</p>
 	<dl>
 		<dt><label for="forum">{L_LOOK_UP_FORUM}:</label></dt>
-		<dd><select name="f[]" multiple="multiple" size="10">{S_FORUM_OPTIONS}</select></dd>
+		<dd><select id="forum" name="f[]" multiple="multiple" size="10">{S_FORUM_OPTIONS}</select></dd>
 		<dd><label><input type="checkbox" class="radio" name="all_forums" value="1" /> {L_ALL_FORUMS}</label></dd>
 	</dl>
 	
--- a/phpBB/adm/style/acp_styles.html
+++ b/phpBB/adm/style/acp_styles.html
@@ -459,7 +459,7 @@
 	</dl>
 	<dl>
 		<dt><label for="copyright">{L_COPYRIGHT}:</label></dt>
-		<dd><!-- IF S_INSTALL --><b id="name">{COPYRIGHT}</b><!-- ELSE --><input type="text" id="copyright" name="copyright" value="{COPYRIGHT}" /><!-- ENDIF --></dd>
+		<dd><!-- IF S_INSTALL --><b id="copyright">{COPYRIGHT}</b><!-- ELSE --><input type="text" id="copyright" name="copyright" value="{COPYRIGHT}" /><!-- ENDIF --></dd>
 	</dl>
 	<!-- IF S_STYLE and not S_BASIS -->
 		<dl>
--- a/phpBB/adm/style/acp_words.html
+++ b/phpBB/adm/style/acp_words.html
@@ -62,6 +62,10 @@
 		<td style="text-align: center;">{words.REPLACEMENT}</td>
 		<td>&nbsp;<a href="{words.U_EDIT}">{ICON_EDIT}</a>&nbsp;&nbsp;<a href="{words.U_DELETE}">{ICON_DELETE}</a>&nbsp;</td>
 	</tr>
+	<!-- BEGINELSE -->
+	<tr class="row3">
+		<td colspan="3">{L_ACP_NO_ITEMS}</td>
+	</tr>
 	<!-- END words -->
 	</tbody>
 	</table>
--- a/phpBB/adm/style/colour_swatch.html
+++ b/phpBB/adm/style/colour_swatch.html
@@ -8,7 +8,7 @@
 <title>{L_COLOUR_SWATCH}</title>

 <style type="text/css">
-<!--
+/* <![CDATA[ */
 	body {
 		background-color: #404040;
 		color: #fff;
@@ -29,7 +29,7 @@
 	img {
 		border: 0;
 	}
-//-->
+/* ]]> */
 </style>
 </head>

--- a/phpBB/adm/style/install_convert.html
+++ b/phpBB/adm/style/install_convert.html
--- a/phpBB/adm/style/install_error.html
+++ b/phpBB/adm/style/install_error.html
--- a/phpBB/adm/style/install_footer.html
+++ b/phpBB/adm/style/install_footer.html
--- a/phpBB/adm/style/install_header.html
+++ b/phpBB/adm/style/install_header.html
--- a/phpBB/adm/style/install_install.html
+++ b/phpBB/adm/style/install_install.html
--- a/phpBB/adm/style/install_main.html
+++ b/phpBB/adm/style/install_main.html
--- a/phpBB/adm/style/install_update_diff.html
+++ b/phpBB/adm/style/install_update_diff.html
@@ -32,7 +32,7 @@ function resize_panel()
 </script>

 <style type="text/css">
-<!--
+/* <![CDATA[ */

 #main {
 	font-size: 1em;
@@ -198,7 +198,7 @@ table.hrdiff caption span {

 <!-- ENDIF -->

-//-->
+/* ]]> */
 </style>

 </head>
--- a/phpBB/adm/style/overall_header.html
+++ b/phpBB/adm/style/overall_header.html
@@ -181,11 +181,11 @@ function switch_menu()
 			<span class="corners-top"><span></span></span>
 				<div id="content">
 					<!-- IF not S_USER_NOTICE --> 
-					<div id="toggle">						
+					<div id="toggle">
 						<a id="toggle-handle" accesskey="m" title="{L_MENU_TOGGLE}" onclick="switch_menu(); return false;" href="#"></a></div>
 					<!-- ENDIF -->
 					<div id="menu">
-						<p>{L_LOGGED_IN_AS}<br /><strong>{USERNAME}</strong> [&nbsp;<a href="{U_LOGOUT}">{L_LOGOUT}</a>&nbsp;]</p>
+						<p>{L_LOGGED_IN_AS}<br /><strong>{USERNAME}</strong> [&nbsp;<a href="{U_LOGOUT}">{L_LOGOUT}</a>&nbsp;][&nbsp;<a href="{U_ADM_LOGOUT}">{L_ADM_LOGOUT}</a>&nbsp;]</p>
 						<ul>
 						<!-- BEGIN l_block1 -->
 							<!-- IF l_block1.S_SELECTED -->
--- a/phpBB/common.php
+++ b/phpBB/common.php
@@ -131,7 +131,7 @@ if (!defined('PHPBB_INSTALLED'))
 	// Redirect the user to the installer
 	// We have to generate a full HTTP/1.1 header here since we can't guarantee to have any of the information
 	// available as used by the redirect function
-	$server_name = (!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME');
+	$server_name = (!empty($_SERVER['HTTP_HOST'])) ? strtolower($_SERVER['HTTP_HOST']) : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME'));
 	$server_port = (!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT');
 	$secure = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 1 : 0;

@@ -150,7 +150,11 @@ if (!defined('PHPBB_INSTALLED'))

 	if ($server_port && (($secure && $server_port <> 443) || (!$secure && $server_port <> 80)))
 	{
-		$url .= ':' . $server_port;
+		// HTTP HOST can carry a port number...
+		if (strpos($server_name, ':') === false)
+		{
+			$url .= ':' . $server_port;
+		}
 	}

 	$url .= $script_path;
--- a/phpBB/develop/adjust_avatars.php
+++ b/phpBB/develop/adjust_avatars.php
--- a/phpBB/develop/adjust_uids.php
+++ b/phpBB/develop/adjust_uids.php
--- a/phpBB/develop/create_schema_files.php
+++ b/phpBB/develop/create_schema_files.php
@@ -674,7 +674,7 @@ foreach ($supported_dbms as $dbms)
 						}

 						$line .= ($key_data[0] == 'INDEX') ? 'CREATE INDEX' : '';
-						
+
 						$line .= " {$table_name}_{$key_name} ON {$table_name} (" . implode(', ', $key_data[1]) . ")\n";
 						$line .= "/\n";
 					break;
@@ -1005,7 +1005,7 @@ function get_schema_struct()
 			'topic_id'			=> array('UINT', 0),
 			'forum_id'			=> array('UINT', 0),
 			'save_time'			=> array('TIMESTAMP', 0),
-			'draft_subject'		=> array('XSTEXT_UNI', ''),
+			'draft_subject'		=> array('STEXT_UNI', ''),
 			'draft_message'		=> array('MTEXT_UNI', ''),
 		),
 		'PRIMARY_KEY'	=> 'draft_id',
@@ -1067,11 +1067,12 @@ function get_schema_struct()
 			'forum_topics_real'		=> array('UINT', 0),
 			'forum_last_post_id'	=> array('UINT', 0),
 			'forum_last_poster_id'	=> array('UINT', 0),
-			'forum_last_post_subject' => array('XSTEXT_UNI', ''),
+			'forum_last_post_subject' => array('STEXT_UNI', ''),
 			'forum_last_post_time'	=> array('TIMESTAMP', 0),
 			'forum_last_poster_name'=> array('VCHAR_UNI', ''),
 			'forum_last_poster_colour'=> array('VCHAR:6', ''),
 			'forum_flags'			=> array('TINT:4', 32),
+			'display_subforum_list'	=> array('BOOL', 1),
 			'display_on_index'		=> array('BOOL', 1),
 			'enable_indexing'		=> array('BOOL', 1),
 			'enable_icons'			=> array('BOOL', 1),
@@ -1143,7 +1144,7 @@ function get_schema_struct()
 		),
 		'PRIMARY_KEY'	=> 'group_id',
 		'KEYS'			=> array(
-			'group_legend'			=> array('INDEX', 'group_legend'),
+			'group_legend_name'		=> array('INDEX', array('group_legend', 'group_name')),
 		),
 	);

@@ -1280,7 +1281,7 @@ function get_schema_struct()
 			'enable_magic_url'		=> array('BOOL', 1),
 			'enable_sig'			=> array('BOOL', 1),
 			'post_username'			=> array('VCHAR_UNI:255', ''),
-			'post_subject'			=> array('XSTEXT_UNI', '', 'true_sort'),
+			'post_subject'			=> array('STEXT_UNI', '', 'true_sort'),
 			'post_text'				=> array('MTEXT_UNI', ''),
 			'post_checksum'			=> array('VCHAR:32', ''),
 			'post_attachment'		=> array('BOOL', 0),
@@ -1316,7 +1317,7 @@ function get_schema_struct()
 			'enable_smilies'		=> array('BOOL', 1),
 			'enable_magic_url'		=> array('BOOL', 1),
 			'enable_sig'			=> array('BOOL', 1),
-			'message_subject'		=> array('XSTEXT_UNI', ''),
+			'message_subject'		=> array('STEXT_UNI', ''),
 			'message_text'			=> array('MTEXT_UNI', ''),
 			'message_edit_reason'	=> array('STEXT_UNI', ''),
 			'message_edit_user'		=> array('UINT', 0),
@@ -1519,6 +1520,7 @@ function get_schema_struct()
 		'COLUMNS'		=> array(
 			'session_id'			=> array('CHAR:32', ''),
 			'session_user_id'		=> array('UINT', 0),
+			'session_forum_id'		=> array('UINT', 0),
 			'session_last_visit'	=> array('TIMESTAMP', 0),
 			'session_start'			=> array('TIMESTAMP', 0),
 			'session_time'			=> array('TIMESTAMP', 0),
@@ -1534,6 +1536,7 @@ function get_schema_struct()
 		'KEYS'			=> array(
 			'session_time'		=> array('INDEX', 'session_time'),
 			'session_user_id'	=> array('INDEX', 'session_user_id'),
+			'session_fid'		=> array('INDEX', 'session_forum_id'),
 		),
 	);

@@ -1679,7 +1682,7 @@ function get_schema_struct()
 			'topic_attachment'			=> array('BOOL', 0),
 			'topic_approved'			=> array('BOOL', 1),
 			'topic_reported'			=> array('BOOL', 0),
-			'topic_title'				=> array('XSTEXT_UNI', '', 'true_sort'),
+			'topic_title'				=> array('STEXT_UNI', '', 'true_sort'),
 			'topic_poster'				=> array('UINT', 0),
 			'topic_time'				=> array('TIMESTAMP', 0),
 			'topic_time_limit'			=> array('TIMESTAMP', 0),
@@ -1695,7 +1698,7 @@ function get_schema_struct()
 			'topic_last_poster_id'		=> array('UINT', 0),
 			'topic_last_poster_name'	=> array('VCHAR_UNI', ''),
 			'topic_last_poster_colour'	=> array('VCHAR:6', ''),
-			'topic_last_post_subject'	=> array('XSTEXT_UNI', ''),
+			'topic_last_post_subject'	=> array('STEXT_UNI', ''),
 			'topic_last_post_time'		=> array('TIMESTAMP', 0),
 			'topic_last_view_time'		=> array('TIMESTAMP', 0),
 			'topic_moved_id'			=> array('UINT', 0),
--- a/phpBB/develop/repair_bots.php
+++ b/phpBB/develop/repair_bots.php
--- a/phpBB/docs/AUTHORS
+++ b/phpBB/docs/AUTHORS
@@ -22,13 +22,15 @@ involved in phpBB.

 phpBB Lead Developer  : Acyd Burn (Meik Sievertsen)

-phpBB Developers      : DavidMJ (David M.)
+phpBB Developers      : APTX (Marek A. R.)
+                        DavidMJ (David M.)
                        dhn (Dominik Dr<44>scher)
                        kellanved (Henry Sudhof)
                        naderman (Nils Adermann)
-                        subBlue (Tom Beddard)
+                        ToonArmy (Chris Smith)
                        Vic D'Elfant (Vic D'Elfant)

+
 -- Previous Contributors --

 phpBB Project Manager : theFinn (James Atkinson) [Founder - 04/2007]
--- a/phpBB/docs/CHANGELOG.html
+++ b/phpBB/docs/CHANGELOG.html
@@ -53,6 +53,8 @@
 <ol>
 	<li><a href="#changelog">Changelog</a>
 	<ol style="list-style-type: lower-roman;">
+		<li><a href="#v301">Changes since 3.0.1</a></li>
+		<li><a href="#v300">Changes since 3.0.0</a></li>
 		<li><a href="#v30rc8">Changes since RC-8</a></li>
 		<li><a href="#v30rc7">Changes since RC-7</a></li>
 		<li><a href="#v30rc6">Changes since RC-6</a></li>
@@ -80,7 +82,126 @@

 		<div class="content">

-	<a name="v30rc8"></a><h3>1.i. Changes since 3.0.RC8</h3>
+	<a name="v301"></a><h3>1.i. Changes since 3.0.1</h3>
+
+	<ul>
+		<li>[Fix] Ability to set permissions on non-mysql dbms (Bug #24955)</li>
+		<li>[Fix] Fixed blank style on setups having no username defined within config.php (Bug #25065)</li>
+		<li>[Fix] Made the compress_tar class tolerate archives that do not properly have their archived contents listed (Bug #14429 / thanks to JRSweets for his patch)</li>
+		<li>[Fix] Moved topics should not count towards the number of topics in a forum (Bug #14648 / thanks to Schumi for his patch)</li>
+		<li>[Fix] Properly check for invalid characters in MySQL DB prefixes during install (Bug #18775)</li>
+		<li>[Fix] Bring the PostgreSQL backup system back to working order (Bug #22385)</li>
+		<li>[Fix] Update correct theme for cached styles in style.php (Bug #25805)</li>
+		<li>[Fix] Also add PHPBB_INSTALLED check to download/file.php for inline avatar delivery</li>
+		<li>[Fix] Unable to login to some jabber server, reverted previous change (Bug #25095)</li>
+		<li>[Fix] Do not return BMP as valid image type for GD image manipulation (Bug #25925)</li>
+		<li>[Fix] Correctly determine safe mode for temp file creation in functions_upload.php (Bug #23525)</li>
+		<li>[Fix] Correctly sort by rank in memberlist (Bug #24435)</li>
+		<li>[Fix] Purge cache after database restore (Bug #24245)</li>
+		<li>[Fix] Correctly display subforum read/unread icons from RTL in FF3, Konqueror and Safari3+. (thanks arod-1 for the fix, related to Bug #14830)</li>
+		<li>[Fix] Added missing form token in acp (thanks NBBN).</li>
+		<li>[Fix] Do not remove whitespace in front of url containing the boards url and no relative path appended (Bug #27355)</li>
+		<li>[Fix] reset forum notifications in viewtopic (Bug #28025)</li>
+		<li>[Fix] corrected link for searching post author's other posts (Bug #26455)</li>
+		<li>[Fix] HTTP Authentication supports UTF-8 usernames now (Bug #21135)</li>
+		<li>[Fix] Topic searches by author no longer return invalid results (Bug #11777)</li>
+		<li>[Fix] Delete drafts and bookmarks when deleting an user. (#27585, thanks Schumi for the fix)</li>
+		<li>[Fix] Set last_post_subject for new topics. (#23945)</li>
+		<li>[Fix] Allow moving posts to invisible forums. (#27325)</li>
+		<li>[Fix] Don't allow promoting unapproved group members (#16124)</li>
+		<li>[Fix] Correctly fetch server name if using non-standard port (#27395)</li>
+		<li>[Fix] Regular expression for email matching in posts will no longer die on long words.</li>
+		<li>[Fix] Do not display ban message if direct call to cron. (thanks Dog Cow for reporting)</li>
+		<li>[Fix] Correctly display double-colon on special conditions within highlighted php source (Bug #26795)</li>
+		<li>[Fix] Increase storage capacity of titles/subjects due to specialchared content (Bug #25235)</li>
+		<li>[Fix] Catch invalid username wildcard ban (we do not support these) (Bug #29305)</li>
+		<li>[Fix] Fix (email)-domain checks for those having DNS prefixes set (Bug #29635)</li>
+		<li>[Change] Adjust truncate_string() to be able to adjust the maximum storage length.</li>
+		<li>[Change] Generalize load check (Bug #21255 / thanks to Xipher)</li>
+		<li>[Change] Make utf8_htmlspecialchars not pass its argument by reference (Bug #21885)</li>
+		<li>[Change] Sort the tables at the database table backup screen</li>
+		<li>[Change] For determining the maximum number of private messages in one box, use the biggest value from all groups the user is a member of (Bug #24665)</li>
+		<li>[Change] Show email ban reason on registration. Additionally allow custom errors properly returned if using validate_data(). (Bug #26885)</li>
+		<li>[Change] Don't allow redirects to different domains. (thanks nookieman)</li>
+		<li>[Feature] Added optional referer validation of POST requests as additional CSRF protection.</li>
+		<li>[Feature] Added optional stricter upload validation to avoid mime sniffing in addition to the safeguards provided by file.php. (thanks to Nicolas Grekas for compiling the list).</li>
+		<li>[Feature] Streamlined banning via the MCP by adding a ban link to the user profile. Also pre-fills ban fields as far as possible.</li>
+		<li>[Feature] Added ACP logout to reset an admin session.</li>
+		<li>[Sec] Only allow urls gone through redirect() being used within login_box(). (thanks nookieman)</li>
+	</ul>
+
+	<a name="v300"></a><h3>1.ii. Changes since 3.0.0</h3>
+
+	<ul>
+		<li>[Change] Validate birthdays (Bug #15004)</li>
+		<li>[Fix] Allow correct avatar caching for CGI installations. (thanks wildbill)</li>
+		<li>[Fix] Fix disabling of word censor, now possible again</li>
+		<li>[Fix] Allow single quotes in db password to be stored within config.php in installer</li>
+		<li>[Fix] Correctly quote db password for re-display in installer (Bug #16695 / thanks to m313 for reporting too - #s17235)</li>
+		<li>[Fix] Correctly handle empty imageset entries (Bug #16865)</li>
+		<li>[Fix] Correctly check empty subjects/messages (Bug #17915)</li>
+		<li>[Change] Do not check usernames against word censor list. Disallowed usernames is already checked and word censor belong to posts. (Bug #17745)</li>
+		<li>[Fix] Additionally include non-postable forums for moderators forums shown within the teams list. (Bug #17265)</li>
+		<li>[Change] Sped up viewforum considerably (also goes towards mcp_forum)</li>
+		<li>[Fix] Do not split topic list for topics being promoted to announcements after been moved to another forum (Bug #18635)</li>
+		<li>[Fix] Allow editing usernames within database_update on username cleanup (Bug #18415)</li>
+		<li>[Fix] Fixing wrong sync() calls if moving all posts by a member in ACP (Bug #18385)</li>
+		<li>[Fix] Check entered imagemagick path for trailing slash (Bug #18205)</li>
+		<li>[Fix] Use proper title on index for new/unread posts (Bug #13101) - patch provided by Pyramide</li>
+		<li>[Fix] Allow calls to $user-&gt;set_cookie() define no cookie time for setting session cookies (Bug #18025)</li>
+		<li>[Fix] Stricter checks on smilie packs (Bug #19675)</li>
+		<li>[Fix] Gracefully return from cancelling pm drafts (Bug #19675)</li>
+		<li>[Fix] Possible login problems with IE7 if browser check is activated (Bug #20135)</li>
+		<li>[Fix] Fix possible database transaction errors if code returns on error and rollback happened (Bug #17025)</li>
+		<li>[Change] Allow numbers in permission names for modifications, as well as uppercase letters for the request_ part (Bug #20125)</li>
+		<li>[Fix] Use HTTP_HOST in favor of SERVER_NAME for determining server url for redirection and installation (Bug #19955)</li>
+		<li>[Fix] Removing s_watching_img from watch_topic_forum() function (Bug #20445)</li>
+		<li>[Fix] Changing order for post review if more than one post affected (Bug #15249)</li>
+		<li>[Fix] Language typos/fixes (Bug #20425, #15719, #15429, #14669, #13479, #20795, #21095, #21405, #21715, #21725, #21755, #21865, #15689)</li>
+		<li>[Fix] Style/Template fixes (Bug #20065, #19405, #19205, #15028, #14934, #14821, #14752, #14497, #13707, #14738, #19725)</li>
+		<li>[Fix] Tiny code fixes (Bug #20165, #20025, #19795, #14804)</li>
+		<li>[Fix] Prepend phpbb_root_path to ranks path for displaying ranks (Bug #19075)</li>
+		<li>[Fix] Allow forum notifications if topic notifications are disabled but forum notifications enabled (Bug #14765)</li>
+		<li>[Fix] Fixing realpath issues for provider returning the passed value instead of disabling it. This fixes issues with confirm boxes for those hosted on Network Solutions for example. (Bug #20435)</li>
+		<li>[Fix] Try to sort last active date on memberlist correctly at least on current page (Bug #18665)</li>
+		<li>[Fix] Handle generation of form tokens when maximum time is set to -1</li>
+		<li>[Fix] Correctly delete unapproved posts without deleting the topic (Bug #15120)</li>
+		<li>[Fix] Respect signature permissions in posting (Bug #16029)</li>
+		<li>[Fix] Users allowed to resign only from open and freely open groups (Bug #19355)</li>
+		<li>[Fix] Assign a last viewed date to converted topics (Bug #16565)</li>
+		<li>[Fix] Many minor and/or cosmetic fixes (Including, but not limited to: #21315, #18575, #18435, #21215)</li>
+		<li>[Feature] New option to hide the entire list of subforums on listforums</li>
+		<li>[Fix] Custom BBCode {EMAIL}-Token usage (Bug #21155)</li>
+		<li>[Fix] Do not rely on parameter returned by unlink() for verifying cache directory write permission (Bug #19565)</li>
+		<li>[Change] Use correct string for filesize (MiB instead of MB for example)</li>
+		<li>[Change] Remove left join for query used to retrieve already assigned users and groups within permission panel (Bug #20235)</li>
+		<li>[Fix] Correctly return sole whitespaces if used with BBCodes (Bug #19535)</li>
+		<li>[Fix] Quote bbcode parsing adding too much closing tags on special conditions (Bug #20735)</li>
+		<li>[Change] Added sanity checks to various ACP settings</li>
+		<li>[Change] Removed minimum form times</li>
+		<li>[Fix] Check topics_per_page value in acp_forums (Bug #15539)</li>
+		<li>[Fix] Custom profile fields with date type should be timezone independend (Bug #15003)</li>
+		<li>[Fix] Fixing some XHTML errors/warnings within the ACP (Bug #22875)</li>
+		<li>[Fix] Warnings if poll title/options exceed maximum characters per post (Bug #22865)</li>
+		<li>[Fix] Do not allow selecting non-authorized groups within memberlist by adjusting URL (Bug #22805 - patch provided by ToonArmy)</li>
+		<li>[Fix] Correctly specify &quot;close report action&quot; (Bug #22685)</li>
+		<li>[Fix] Display &quot;empty password error&quot; within the login box instead of issuing a general error (Bug #22525)</li>
+		<li>[Fix] Clean up who is online code in page_header (Bug #22715, thanks HighwayofLife)</li>
+		<li>[Fix] Pertain select single link on memberlist (Bug #23235 - patch provided by Schumi)</li>
+		<li>[Fix] Allow &amp; and | in local part of email addresses (Bug #22995)</li>
+		<li>[Fix] Do not error out if php_uname function disabled / Authenticating on SMTP Server (Bug #22235 - patch by HoL)</li>
+		<li>[Fix] Correctly obtain to be ignored users within topic/forum notification (Bug #21795 - patch provided by dr.death)</li>
+		<li>[Fix] Correctly update board statistics for attaching orphaned files to existing posts (Bug #20185)</li>
+		<li>[Fix] Do not detect the board URL as a link twice in posts (Bug #19215)</li>
+		<li>[Fix] Set correct error reporting in style.php to avoid blank pages after CSS changes (Bug #23885)</li>
+		<li>[Fix] If pruning users based on last activity, do not include users never logged in before (Bug #18105)</li>
+		<li>[Sec] Only allow searching by email address in memberlist for users having the a_user permission (reported by evil&lt;3)</li>
+		<li>[Sec] Limit private message attachments to be viewable only by the recipient(s)/sender (Report #s23535) - reported by AlleyKat</li>
+		<li>[Sec] Check for non-empty config.php within style.php (Report #s24575) - reported by bantu</li>
+		<li>[Fix] Find and display colliding usernames correctly when converting from one database to another (Bug #23925)</li>
+	</ul>
+
+	<a name="v30rc8"></a><h3>1.iii. Changes since 3.0.RC8</h3>

 	<ul>
 		<li>[Fix] Cleaned usernames contain only single spaces, so &quot;a_name&quot; and &quot;a__name&quot; are treated as the same name (Bug #15634)</li>
@@ -89,7 +210,7 @@
 		<li>[Fix] Call garbage_collection() within database updater to correctly close connections (affects Oracle for example)</li>
 	</ul>

-	<a name="v30rc7"></a><h3>1.ii. Changes since 3.0.RC7</h3>
+	<a name="v30rc7"></a><h3>1.iv. Changes since 3.0.RC7</h3>

 	<ul>
 		<li>[Fix] Fixed MSSQL related bug in the update system</li>
@@ -124,7 +245,7 @@
 		<li>[Fix] No duplication of active topics (Bug #15474)</li>
 	</ul>

-	<a name="v30rc6"></a><h3>1.iii. Changes since 3.0.RC6</h3>
+	<a name="v30rc6"></a><h3>1.v. Changes since 3.0.RC6</h3>

 	<ul>
 		<li>[Fix] Submitting language changes using acp_language (Bug #14736)</li>
@@ -134,7 +255,7 @@
 		<li>[Fix] Able to request new password (Bug #14743)</li>
 	</ul>

-	<a name="v30rc5"></a><h3>1.iv. Changes since 3.0.RC5</h3>
+	<a name="v30rc5"></a><h3>1.vi. Changes since 3.0.RC5</h3>

 	<ul>
 		<li>[Feature] Removing constant PHPBB_EMBEDDED in favor of using an exit_handler(); the constant was meant to achive this more or less.</li>
@@ -197,7 +318,7 @@
 		<li>[Sec] New password hashing mechanism for storing passwords (#i42)</li>
 	</ul>

-	<a name="v30rc4"></a><h3>1.v. Changes since 3.0.RC4</h3>
+	<a name="v30rc4"></a><h3>1.vii. Changes since 3.0.RC4</h3>

 	<ul>
 		<li>[Fix] MySQL, PostgreSQL and SQLite related database fixes (Bug #13862)</li>
@@ -248,7 +369,7 @@
 		<li>[Fix] odbc_autocommit causing existing result sets to be dropped (Bug #14182)</li>
 	</ul>

-	<a name="v30rc3"></a><h3>1.vi. Changes since 3.0.RC3</h3>
+	<a name="v30rc3"></a><h3>1.viii. Changes since 3.0.RC3</h3>

 	<ul>
 		<li>[Fix] Fixing some subsilver2 and prosilver style issues</li>
@@ -357,7 +478,7 @@

 	</ul>

-	<a name="v30rc2"></a><h3>1.vii. Changes since 3.0.RC2</h3>
+	<a name="v30rc2"></a><h3>1.ix. Changes since 3.0.RC2</h3>

 	<ul>
 		<li>[Fix] Re-allow searching within the memberlist</li>
@@ -399,11 +520,11 @@
 		<li>[Fix] Some jabber related bugs (Bug #12989, #11805, #11809)</li>
 		<li>[Fix] Added UTF-8 support for banning via the MCP (Bug #13013)</li>
 		<li>[Fix] Properly detect the script name in session::extract_current_page() if PHP_SELF is not defined (Bug #12705) - patch provided by ToonArmy</li>
-		<li>[Fix] Show role mask for global permission class under Permissions->Permission Roles (Bug #13057)</li>
+		<li>[Fix] Show role mask for global permission class under Permissions-&gt;Permission Roles (Bug #13057)</li>

 	</ul>

-	<a name="v30rc1"></a><h3>1.viii. Changes since 3.0.RC1</h3>
+	<a name="v30rc1"></a><h3>1.x. Changes since 3.0.RC1</h3>

 	<ul>
 		<li>[Fix] (X)HTML issues within the templates (Bug #11255, #11255)</li>
--- a/phpBB/docs/INSTALL.html
+++ b/phpBB/docs/INSTALL.html
@@ -273,7 +273,7 @@

 	<p>This package is meant for those wanting to only replace changed files from a previous version to the latest version. This package normally contains the changed files from up to five previous versions.</p>

-	<p>This package contains a number of archives, each contains the files changed from a given release to the latest version. You should select the appropriate archive for your current version, e.g. if you currently have <samp>3.0.0</samp> you should select the phpBB-3.0.0_to_3.0.1.zip/tar.gz file.</p>
+	<p>This package contains a number of archives, each contains the files changed from a given release to the latest version. You should select the appropriate archive for your current version, e.g. if you currently have <samp>3.0.1</samp> you should select the phpBB-3.0.1_to_3.0.2.zip/tar.gz file.</p>

 	<p>The directory structure has been preserved enabling you (if you wish) to simply upload the contents of the archive to the appropriate location on your server, i.e. simply overwrite the existing files with the new versions. Do not forget that if you have installed any MODs these files will overwrite the originals possibly destroying them in the process. You will need to re-add MODs to any affected file before uploading.</p>

@@ -281,11 +281,11 @@

 <a name="update_patch"></a><h3>4.iii. Patch file</h3>

-	<p>The patch file package is for those wanting to update through the patch application, and being compfortable with it.</p>
+	<p>The patch file package is for those wanting to update through the patch application, and being comfortable with it.</p>

-	<p>The patch file is one solution for those with many Modifications (MODs) or other changes who do not want to re-add them back to all the changed files if they use the method explained above. To use this you will need command line access to a standard UNIX type <strong>patch</strong> application. If you do not have access to such an application but still want to use this update approach, we strongly recommend the <a href="update_auto">Automatic update package</a> explained below. It is also the preferred update method.</p>
+	<p>The patch file is one solution for those with many Modifications (MODs) or other changes who do not want to re-add them back to all the changed files if they use the method explained above. To use this you will need command line access to a standard UNIX type <strong>patch</strong> application. If you do not have access to such an application but still want to use this update approach, we strongly recommend the <a href="#update_auto">Automatic update package</a> explained below. It is also the preferred update method.</p>

-	<p>A number of patch files are provided to allow you to update from previous stable releases. Select the correct patch, e.g. if your current version is 3.0.0 you need the phpBB-3.0.0_to_3.0.1.patch file. Place the correct patch in the parent directory containing the phpBB3 core files (i.e. index.php, viewforum.php, etc.). With this done you should run the following command: <strong>patch -cl -d [PHPBB DIRECTORY] -p1 &lt; [PATCH NAME]</strong> (where PHPBB DIRECTORY is the directory name your phpBB Installation resides in, for example phpBB3, and where PATCH NAME is the relevant filename of the selected patch file). This should complete quickly, hopefully without any HUNK FAILED comments.</p>
+	<p>A number of patch files are provided to allow you to update from previous stable releases. Select the correct patch, e.g. if your current version is 3.0.1 you need the phpBB-3.0.1_to_3.0.1.patch file. Place the correct patch in the parent directory containing the phpBB3 core files (i.e. index.php, viewforum.php, etc.). With this done you should run the following command: <strong>patch -cl -d [PHPBB DIRECTORY] -p1 &lt; [PATCH NAME]</strong> (where PHPBB DIRECTORY is the directory name your phpBB Installation resides in, for example phpBB3, and where PATCH NAME is the relevant filename of the selected patch file). This should complete quickly, hopefully without any HUNK FAILED comments.</p>

 	<p>If you do get failures you should look at using the <a href="#update_files">Changed files only</a> package to replace the files which failed to patch, please note that you will need to manually re-add any Modifications (MODs) to these particular files. Alternatively if you know how you can examine the .rej files to determine what failed where and make manual adjustments to the relevant source.</p>

@@ -369,7 +369,7 @@

 	<p><strong>Password conversion</strong> Due to the utf-8 based handling of passwords in phpBB3, it is not always possible to transfer all passwords. For passwords "lost in translation" the easiest workaround is to use the "forgotten password" function.</p>

-	<p><strong>Path to your former board</strong> The converter expects the relative path to your old board's files. So, -for instance - if the new board is located at <code>http://www.yourdomain.com/forum</code> and the phpBB3 is located at <code>http://www.yourdomain.com/phpBB3</code>, then the correct value would be <code>../forum</code>. Note that the webserver user must be able to access the source installation's files.</p>
+	<p><strong>Path to your former board</strong> The converter expects the relative path to your old board's files. So, - for instance - if the old board is located at <code>http://www.yourdomain.com/forum</code> and the phpBB3 installation is located at <code>http://www.yourdomain.com/phpBB3</code>, then the correct value would be <code>../forum</code>. Note that the webserver user must be able to access the source installation's files.</p>

 	<p><strong>Missing images</strong> If your default board language's language pack does not include all images, then some images might be missing in your installation. Always use a complete language pack as default language.</p> 

--- a/phpBB/docs/coding-guidelines.html
+++ b/phpBB/docs/coding-guidelines.html
@@ -110,7 +110,7 @@
 	<p>If entered with tabs (replace the {TAB}) both equal signs need to be on the same column.</p>

 	<h3>Linefeeds:</h3>
-	<p>Ensure that your editor is saving files in the UNIX format. This means lines are terminated with a newline, not with a CR/LF combo as they are on Win32, or whatever the Mac uses. Any decent editor should be able to do this, but it might not always be the default. Know your editor. If you want advice on Windows text editors, just ask one of the developers. Some of them do their editing on Win32.</p>
+	<p>Ensure that your editor is saving files in the UNIX (LF) line ending format. This means that lines are terminated with a newline, not with Windows Line endings (CR/LF combo) as they are on Win32 or Classic Mac (CR) Line endings. Any decent editor should be able to do this, but it might not always be the default setting. Know your editor. If you want advice for an editor for your Operating System, just ask one of the developers. Some of them do their editing on Win32.

 	<a name="fileheader"></a><h3>1.ii. File Header</h3>

@@ -1059,7 +1059,7 @@ append_sid(&quot;{$phpbb_root_path}memberlist.$phpEx&quot;, 'mode=group&amp;amp;
 <span class="comment">&lt;!-- END loopname --&gt;</span>
 </pre></div>

-<p>A bit later loops will be explained further. To not irretate you we will explain conditionals as well as other statements first.</p>
+<p>A bit later loops will be explained further. To not irritate you we will explain conditionals as well as other statements first.</p>

 <h4>Including files</h4>
 <p>Something that existed in 2.0.x which no longer exists in 3.0.x is the ability to assign a template to a variable. This was used (for example) to output the jumpbox. Instead (perhaps better, perhaps not but certainly more flexible) we now have INCLUDE. This takes the simple form:</p>
@@ -1450,7 +1450,7 @@ div


 <h4>What are Unicode, UCS and UTF-8?</h4>
-<p>The <a href="http://en.wikipedia.org/wiki/Universal_Character_Set">Universal Character Set (UCS)</a> described in ISO/IEC 10646 consists of a large amount of characters. Each of them has a unique name and a code point which is an integer number. <a href="http://en.wikipedia.org/wiki/Unicode">Unicode</a> - which is an industry standard - complements the Universal Character Set with further information about the characters' properties and alternative character encodings. More information on Unicode can be found on the <a href="http://www.unicode.org/">Unicode Consortium's website</a>. One of the Unicode encodings is the <a href="http://en.wikipedia.org/wiki/UTF-8">8-bit Unicode Transformation Format (UTF-8)</a>. It encodes characters with up to four bytes aiming for maximum compatability with the <a href="http://en.wikipedia.org/wiki/ASCII">American Standard Code for Information Interchange</a> which is a 7-bit encoding of a relatively small subset of the UCS.</p>
+<p>The <a href="http://en.wikipedia.org/wiki/Universal_Character_Set">Universal Character Set (UCS)</a> described in ISO/IEC 10646 consists of a large amount of characters. Each of them has a unique name and a code point which is an integer number. <a href="http://en.wikipedia.org/wiki/Unicode">Unicode</a> - which is an industry standard - complements the Universal Character Set with further information about the characters' properties and alternative character encodings. More information on Unicode can be found on the <a href="http://www.unicode.org/">Unicode Consortium's website</a>. One of the Unicode encodings is the <a href="http://en.wikipedia.org/wiki/UTF-8">8-bit Unicode Transformation Format (UTF-8)</a>. It encodes characters with up to four bytes aiming for maximum compatibility with the <a href="http://en.wikipedia.org/wiki/ASCII">American Standard Code for Information Interchange</a> which is a 7-bit encoding of a relatively small subset of the UCS.</p>

 <h4>phpBB's use of Unicode</h4>
 <p>Unfortunately PHP does not faciliate the use of Unicode prior to version 6. Most functions simply treat strings as sequences of bytes assuming that each character takes up exactly one byte. This behaviour still allows for storing UTF-8 encoded text in PHP strings but many operations on strings have unexpected results. To circumvent this problem we have created some alternative functions to PHP's native string operations which use code points instead of bytes. These functions can be found in <code>/includes/utf/utf_tools.php</code>. They are also covered in the <a href="http://area51.phpbb.com/docs/code/">phpBB3 Sourcecode Documentation</a>. A lot of native PHP functions still work with UTF-8 as long as you stick to certain restrictions. For example <code>explode</code> still works as long as the first and the last character of the delimiter string are ASCII characters.</p>
--- a/phpBB/docs/hook_system.html
+++ b/phpBB/docs/hook_system.html
@@ -14,7 +14,7 @@
 <title>phpBB3 &bull; Hook System</title>

 <style type="text/css">
-<!--
+/* <![CDATA[ */

 /*
 	The original "prosilver" theme for phpBB3
@@ -309,7 +309,7 @@ a:active	{ color: #368AD2; }
 	margin-left: 25px;
 }

-//-->
+/* ]]> */
 </style>

 </head>
--- a/phpBB/download/file.php
+++ b/phpBB/download/file.php
@@ -18,6 +18,12 @@ $phpEx = substr(strrchr(__FILE__, '.'), 1);
 if (isset($_GET['avatar']))
 {
 	require($phpbb_root_path . 'config.' . $phpEx);
+
+	if (!defined('PHPBB_INSTALLED') || empty($dbms) || empty($acm_type))
+	{
+		exit;
+	}
+
 	require($phpbb_root_path . 'includes/acm/acm_' . $acm_type . '.' . $phpEx);
 	require($phpbb_root_path . 'includes/cache.' . $phpEx);
 	require($phpbb_root_path . 'includes/db/' . $dbms . '.' . $phpEx);
@@ -32,7 +38,7 @@ if (isset($_GET['avatar']))
 		exit;
 	}
 	unset($dbpasswd);
-	
+
 	// worst-case default
 	$browser = (!empty($_SERVER['HTTP_USER_AGENT'])) ? htmlspecialchars((string) $_SERVER['HTTP_USER_AGENT']) : 'msie 6.0';

@@ -44,11 +50,11 @@ if (isset($_GET['avatar']))
 		$avatar_group = true;
 		$filename = substr($filename, 1);
 	}
-	
+
 	// '==' is not a bug - . as the first char is as bad as no dot at all
 	if (strpos($filename, '.') == false)
 	{
-		header('HTTP/1.0 403 forbidden');
+		header('HTTP/1.0 403 Forbidden');
 		if (!empty($cache))
 		{
 			$cache->unload();
@@ -56,33 +62,40 @@ if (isset($_GET['avatar']))
 		$db->sql_close();
 		exit;
 	}
-	
+
 	$ext		= substr(strrchr($filename, '.'), 1);
 	$stamp		= (int) substr(stristr($filename, '_'), 1);
 	$filename	= (int) $filename;
-	
+
 	// let's see if we have to send the file at all
 	$last_load 	=  isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) ? strtotime(trim($_SERVER['HTTP_IF_MODIFIED_SINCE'])) : false;
 	if (strpos(strtolower($browser), 'msie 6.0') === false)
 	{
 		if ($last_load !== false && $last_load <= $stamp)
 		{
-			header('Not Modified', true, 304);
+			if (@php_sapi_name() === 'CGI')
+			{
+				header('Status: 304 Not Modified', true, 304);
+			}
+			else
+			{
+				header('HTTP/1.0 304 Not Modified', true, 304);
+			}
 			// seems that we need those too ... browsers
 			header('Pragma: public');
 			header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', time() + 31536000));
 			exit();
-		} 
+		}
 		else
 		{
 			header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $stamp) . ' GMT');
 		}
 	}
-	
+
 	if (!in_array($ext, array('png', 'gif', 'jpg', 'jpeg')))
 	{
 		// no way such an avatar could exist. They are not following the rules, stop the show.
-		header("HTTP/1.0 403 forbidden");
+		header("HTTP/1.0 403 Forbidden");
 		if (!empty($cache))
 		{
 			$cache->unload();
@@ -90,11 +103,11 @@ if (isset($_GET['avatar']))
 		$db->sql_close();
 		exit;
 	}
-	
+
 	if (!$filename)
 	{
 		// no way such an avatar could exist. They are not following the rules, stop the show.
-		header("HTTP/1.0 403 forbidden");
+		header("HTTP/1.0 403 Forbidden");
 		if (!empty($cache))
 		{
 			$cache->unload();
@@ -201,8 +214,32 @@ else
 		$row['forum_id'] = false;
 		if (!$auth->acl_get('u_pm_download'))
 		{
+			header('HTTP/1.0 403 Forbidden');
 			trigger_error('SORRY_AUTH_VIEW_ATTACH');
 		}
+
+		// Check if the attachment is within the users scope...
+		$sql = 'SELECT user_id, author_id
+			FROM ' . PRIVMSGS_TO_TABLE . '
+			WHERE msg_id = ' . $attachment['post_msg_id'];
+		$result = $db->sql_query($sql);
+
+		$allowed = false;
+		while ($user_row = $db->sql_fetchrow($result))
+		{
+			if ($user->data['user_id'] == $user_row['user_id'] || $user->data['user_id'] == $user_row['author_id'])
+			{
+				$allowed = true;
+				break;
+			}
+		}
+		$db->sql_freeresult($result);
+
+		if (!$allowed)
+		{
+			header('HTTP/1.0 403 Forbidden');
+			trigger_error('ERROR_NO_ATTACHMENT');
+		}
 	}

 	// disallowed?
@@ -215,6 +252,7 @@ else

 if (!download_allowed())
 {
+	header('HTTP/1.0 403 Forbidden');
 	trigger_error($user->lang['LINKAGE_FORBIDDEN']);
 }

@@ -273,7 +311,7 @@ else
 		{
 			trigger_error($user->lang['PHYSICAL_DOWNLOAD_NOT_POSSIBLE']);
 		}
-		
+
 		redirect($phpbb_root_path . $config['upload_path'] . '/' . $attachment['physical_filename']);
 		exit;
 	}
@@ -460,7 +498,7 @@ function send_file_to_browser($attachment, $upload_dir, $category)
 	{
 		header('Content-Disposition: ' . ((strpos($attachment['mimetype'], 'image') === 0) ? 'inline' : 'attachment') . '; ' . header_filename(htmlspecialchars_decode($attachment['real_filename'])));
 	}
-	
+
 	if ($size)
 	{
 		header("Content-Length: $size");
@@ -549,9 +587,9 @@ function download_allowed()
 			}
 		}
 	}
-	
+
 	// Check for own server...
-	$server_name = (!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME');
+	$server_name = $user->host;

 	// Forcing server vars is the only way to specify/override the protocol
 	if ($config['force_server_vars'] || !$server_name)
@@ -563,7 +601,7 @@ function download_allowed()
 	{
 		$allowed = true;
 	}
-	
+
 	// Get IP's and Hostnames
 	if (!$allowed)
 	{
@@ -613,7 +651,7 @@ function download_allowed()
 		}
 		$db->sql_freeresult($result);
 	}
-	
+
 	return $allowed;
 }

--- a/phpBB/download/index.htm
+++ b/phpBB/download/index.htm
--- a/phpBB/images/avatars/upload/.htaccess
+++ b/phpBB/images/avatars/upload/.htaccess
--- a/phpBB/images/smilies/icon_arrow.gif
+++ b/phpBB/images/smilies/icon_arrow.gif
--- a/phpBB/images/smilies/icon_cool.gif
+++ b/phpBB/images/smilies/icon_cool.gif
--- a/phpBB/images/smilies/icon_cry.gif
+++ b/phpBB/images/smilies/icon_cry.gif
--- a/phpBB/images/smilies/icon_e_biggrin.gif
+++ b/phpBB/images/smilies/icon_e_biggrin.gif
--- a/phpBB/images/smilies/icon_e_confused.gif
+++ b/phpBB/images/smilies/icon_e_confused.gif
--- a/phpBB/images/smilies/icon_e_geek.gif
+++ b/phpBB/images/smilies/icon_e_geek.gif
--- a/phpBB/images/smilies/icon_e_sad.gif
+++ b/phpBB/images/smilies/icon_e_sad.gif
--- a/phpBB/images/smilies/icon_e_smile.gif
+++ b/phpBB/images/smilies/icon_e_smile.gif
--- a/phpBB/images/smilies/icon_e_surprised.gif
+++ b/phpBB/images/smilies/icon_e_surprised.gif
--- a/phpBB/images/smilies/icon_e_ugeek.gif
+++ b/phpBB/images/smilies/icon_e_ugeek.gif
--- a/phpBB/images/smilies/icon_e_wink.gif
+++ b/phpBB/images/smilies/icon_e_wink.gif
--- a/phpBB/images/smilies/icon_eek.gif
+++ b/phpBB/images/smilies/icon_eek.gif
--- a/phpBB/images/smilies/icon_evil.gif
+++ b/phpBB/images/smilies/icon_evil.gif
--- a/phpBB/images/smilies/icon_exclaim.gif
+++ b/phpBB/images/smilies/icon_exclaim.gif
--- a/phpBB/images/smilies/icon_idea.gif
+++ b/phpBB/images/smilies/icon_idea.gif
--- a/phpBB/images/smilies/icon_lol.gif
+++ b/phpBB/images/smilies/icon_lol.gif
--- a/phpBB/images/smilies/icon_mad.gif
+++ b/phpBB/images/smilies/icon_mad.gif
--- a/phpBB/images/smilies/icon_mrgreen.gif
+++ b/phpBB/images/smilies/icon_mrgreen.gif
--- a/phpBB/images/smilies/icon_neutral.gif
+++ b/phpBB/images/smilies/icon_neutral.gif
--- a/phpBB/images/smilies/icon_question.gif
+++ b/phpBB/images/smilies/icon_question.gif
--- a/phpBB/images/smilies/icon_razz.gif
+++ b/phpBB/images/smilies/icon_razz.gif
--- a/phpBB/images/smilies/icon_redface.gif
+++ b/phpBB/images/smilies/icon_redface.gif
--- a/phpBB/images/smilies/icon_rolleyes.gif
+++ b/phpBB/images/smilies/icon_rolleyes.gif
--- a/phpBB/images/smilies/icon_twisted.gif
+++ b/phpBB/images/smilies/icon_twisted.gif
--- a/phpBB/includes/acm/acm_file.php
+++ b/phpBB/includes/acm/acm_file.php
@@ -312,7 +312,7 @@ class acm

 		if ($var_name[0] == '_')
 		{
-			$this->remove_file($this->cache_dir . 'data' . $var_name . ".$phpEx");
+			$this->remove_file($this->cache_dir . 'data' . $var_name . ".$phpEx", true);
 		}
 		else if (isset($this->vars[$var_name]))
 		{
@@ -375,7 +375,7 @@ class acm
 		}
 		else if ($expired)
 		{
-			$this->remove_file($this->cache_dir . 'sql_' . md5($query) . ".$phpEx");
+			$this->remove_file($this->cache_dir . 'sql_' . md5($query) . ".$phpEx", true);
 			return false;
 		}

@@ -489,13 +489,15 @@ class acm
 	/**
 	* Removes/unlinks file
 	*/
-	function remove_file($filename)
+	function remove_file($filename, $check = false)
 	{
-		if (!@unlink($filename))
+		if ($check && !@is_writeable($this->cache_dir))
 		{
 			// E_USER_ERROR - not using language entry - intended.
 			trigger_error('Unable to remove files within ' . $this->cache_dir . '. Please check directory permissions.', E_USER_ERROR);
 		}
+
+		return @unlink($filename);
 	}
 }

--- a/phpBB/includes/acp/acp_attachments.php
+++ b/phpBB/includes/acp/acp_attachments.php
@@ -23,7 +23,7 @@ class acp_attachments
 {
 	var $u_action;
 	var $new_config;
-	
+
 	function main($id, $mode)
 	{
 		global $db, $user, $auth, $template, $cache;
@@ -56,7 +56,7 @@ class acp_attachments
 			case 'ext_groups':
 				$l_title = 'ACP_EXTENSION_GROUPS';
 			break;
-	
+
 			case 'orphan':
 				$l_title = 'ACP_ORPHAN_ATTACHMENTS';
 			break;
@@ -99,9 +99,13 @@ class acp_attachments
 				$display_vars = array(
 					'title'	=> 'ACP_ATTACHMENT_SETTINGS',
 					'vars'	=> array(
-						'img_max_width' => false, 'img_max_height' => false, 'img_link_width' => false, 'img_link_height' => false,
-
 						'legend1'				=> 'ACP_ATTACHMENT_SETTINGS',
+
+						'img_max_width'			=> array('lang' => 'MAX_IMAGE_SIZE', 'validate' => 'int:0', 'type' => false, 'method' => false, 'explain' => false,),
+						'img_max_height'		=> array('lang' => 'MAX_IMAGE_SIZE', 'validate' => 'int:0', 'type' => false, 'method' => false, 'explain' => false,),
+						'img_link_width'		=> array('lang' => 'IMAGE_LINK_SIZE', 'validate' => 'int:0', 'type' => false, 'method' => false, 'explain' => false,),
+						'img_link_height'		=> array('lang' => 'IMAGE_LINK_SIZE', 'validate' => 'int:0', 'type' => false, 'method' => false, 'explain' => false,),
+
 						'allow_attachments'		=> array('lang' => 'ALLOW_ATTACHMENTS',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
 						'allow_pm_attach'		=> array('lang' => 'ALLOW_PM_ATTACHMENTS',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
 						'upload_path'			=> array('lang' => 'UPLOAD_DIR',			'validate' => 'wpath',	'type' => 'text:25:100', 'explain' => true),
@@ -113,7 +117,9 @@ class acp_attachments
 						'max_attachments_pm'	=> array('lang' => 'MAX_ATTACHMENTS_PM',	'validate' => 'int',	'type' => 'text:3:3', 'explain' => false),
 						'secure_downloads'		=> array('lang' => 'SECURE_DOWNLOADS',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'secure_allow_deny'		=> array('lang' => 'SECURE_ALLOW_DENY',		'validate' => 'int',	'type' => 'custom', 'method' => 'select_allow_deny', 'explain' => true),
-						'secure_allow_empty_referer' => array('lang' => 'SECURE_EMPTY_REFERRER', 'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
+						'secure_allow_empty_referer'	=> array('lang' => 'SECURE_EMPTY_REFERRER', 'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
+						'check_attachment_content' 		=> array('lang' => 'CHECK_CONTENT', 'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
+

 						'legend2'					=> $l_legend_cat_images,
 						'img_display_inlined'		=> array('lang' => 'DISPLAY_INLINED',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
@@ -184,7 +190,18 @@ class acp_attachments
 				}

 				// We strip eventually manual added convert program, we only want the patch
-				$this->new_config['img_imagick'] = str_replace(array('convert', '.exe'), array('', ''), $this->new_config['img_imagick']);
+				if ($this->new_config['img_imagick'])
+				{
+					// Change path separator
+					$this->new_config['img_imagick'] = str_replace('\\', '/', $this->new_config['img_imagick']);
+					$this->new_config['img_imagick'] = str_replace(array('convert', '.exe'), array('', ''), $this->new_config['img_imagick']);
+
+					// Check for trailing slash
+					if (substr($this->new_config['img_imagick'], -1) !== '/')
+					{
+						$this->new_config['img_imagick'] .= '/';
+					}
+				}

 				$supported_types = get_supported_image_types();

@@ -201,7 +218,7 @@ class acp_attachments

 				// Secure Download Options - Same procedure as with banning
 				$allow_deny = ($this->new_config['secure_allow_deny']) ? 'ALLOWED' : 'DISALLOWED';
-		
+
 				$sql = 'SELECT *
 					FROM ' . SITELIST_TABLE;
 				$result = $db->sql_query($sql);
@@ -262,16 +279,22 @@ class acp_attachments
 					{
 						$l_explain = (isset($user->lang[$vars['lang'] . '_EXPLAIN'])) ? $user->lang[$vars['lang'] . '_EXPLAIN'] : '';
 					}
+					
+					$content = build_cfg_template($type, $config_key, $this->new_config, $config_key, $vars);
+					if (empty($content))
+					{
+						continue;
+					}

 					$template->assign_block_vars('options', array(
 						'KEY'			=> $config_key,
 						'TITLE'			=> $user->lang[$vars['lang']],
 						'S_EXPLAIN'		=> $vars['explain'],
 						'TITLE_EXPLAIN'	=> $l_explain,
-						'CONTENT'		=> build_cfg_template($type, $config_key, $this->new_config, $config_key, $vars),
+						'CONTENT'		=> $content,
 						)
 					);
-		
+
 					unset($display_vars['vars'][$config_key]);
 				}

@@ -323,7 +346,7 @@ class acp_attachments
 								FROM ' . EXTENSIONS_TABLE . '
 								WHERE ' . $db->sql_in_set('extension_id', $extension_id_list);
 							$result = $db->sql_query($sql);
-							
+
 							$extension_list = '';
 							while ($row = $db->sql_fetchrow($result))
 							{
@@ -353,7 +376,7 @@ class acp_attachments
 								FROM ' . EXTENSIONS_TABLE . "
 								WHERE extension = '" . $db->sql_escape($add_extension) . "'";
 							$result = $db->sql_query($sql);
-							
+
 							if ($row = $db->sql_fetchrow($result))
 							{
 								$error[] = sprintf($user->lang['EXTENSION_EXIST'], $add_extension);
@@ -592,7 +615,7 @@ class acp_attachments
 								SET group_id = 0
 								WHERE group_id = $group_id";
 							$db->sql_query($sql);
-					
+
 							add_log('admin', 'LOG_ATTACH_EXTGROUP_DEL', $group_name);

 							$cache->destroy('_extensions');
@@ -662,8 +685,7 @@ class acp_attachments
 						}

 						$size_format = ($ext_group_row['max_filesize'] >= 1048576) ? 'mb' : (($ext_group_row['max_filesize'] >= 1024) ? 'kb' : 'b');
-
-						$ext_group_row['max_filesize'] = ($ext_group_row['max_filesize'] >= 1048576) ? round($ext_group_row['max_filesize'] / 1048576 * 100) / 100 : (($ext_group_row['max_filesize'] >= 1024) ? round($ext_group_row['max_filesize'] / 1024 * 100) / 100 : $ext_group_row['max_filesize']);
+						$ext_group_row['max_filesize'] = get_formatted_filesize($ext_group_row['max_filesize'], false);

 						$img_path = $config['upload_icons_path'];

@@ -889,7 +911,7 @@ class acp_attachments
 					$upload_list = array();
 					foreach ($add_files as $attach_id)
 					{
-						if (!in_array($attach_id, array_keys($delete_files)) && !empty($post_ids[$attach_id]))
+						if (!isset($delete_files[$attach_id]) && !empty($post_ids[$attach_id]))
 						{
 							$upload_list[$attach_id] = $post_ids[$attach_id];
 						}
@@ -930,6 +952,7 @@ class acp_attachments
 								AND is_orphan = 1';
 						$result = $db->sql_query($sql);

+						$files_added = $space_taken = 0;
 						while ($row = $db->sql_fetchrow($result))
 						{
 							$post_row = $post_info[$upload_list[$row['attach_id']]];
@@ -969,9 +992,18 @@ class acp_attachments
 								WHERE topic_id = ' . $post_row['topic_id'];
 							$db->sql_query($sql);

+							$space_taken += $row['filesize'];
+							$files_added++;
+
 							add_log('admin', 'LOG_ATTACH_FILEUPLOAD', $post_row['post_id'], $row['real_filename']);
 						}
 						$db->sql_freeresult($result);
+
+						if ($files_added)
+						{
+							set_config('upload_dir_size', $config['upload_dir_size'] + $space_taken, true);
+							set_config('num_files', $config['num_files'] + $files_added, true);
+						}
 					}
 				}

@@ -989,11 +1021,8 @@ class acp_attachments

 				while ($row = $db->sql_fetchrow($result))
 				{
-					$size_lang = ($row['filesize'] >= 1048576) ? $user->lang['MB'] : (($row['filesize'] >= 1024) ? $user->lang['KB'] : $user->lang['BYTES']);
-					$row['filesize'] = ($row['filesize'] >= 1048576) ? round((round($row['filesize'] / 1048576 * 100) / 100), 2) : (($row['filesize'] >= 1024) ? round((round($row['filesize'] / 1024 * 100) / 100), 2) : $row['filesize']);
-
 					$template->assign_block_vars('orphan', array(
-						'FILESIZE'			=> $row['filesize'] . ' ' . $size_lang,
+						'FILESIZE'			=> get_formatted_filesize($row['filesize']),
 						'FILETIME'			=> $user->format_date($row['filetime']),
 						'REAL_FILENAME'		=> basename($row['real_filename']),
 						'PHYSICAL_FILENAME'	=> basename($row['physical_filename']),
@@ -1039,7 +1068,7 @@ class acp_attachments
 			ATTACHMENT_CATEGORY_FLASH		=> $user->lang['CAT_FLASH_FILES'],
 			ATTACHMENT_CATEGORY_QUICKTIME	=> $user->lang['CAT_QUICKTIME_FILES'],
 		);
-		
+
 		if ($group_id)
 		{
 			$sql = 'SELECT cat_id
@@ -1055,7 +1084,7 @@ class acp_attachments
 		{
 			$cat_type = ATTACHMENT_CATEGORY_NONE;
 		}
-		
+
 		$group_select = '<select name="' . $select_name . '"' . (($key) ? ' id="' . $key . '"' : '') . '>';

 		foreach ($types as $type => $mode)
@@ -1075,7 +1104,7 @@ class acp_attachments
 	function group_select($select_name, $default_group = false, $key = '')
 	{
 		global $db, $user;
-			
+
 		$group_select = '<select name="' . $select_name . '"' . (($key) ? ' id="' . $key . '"' : '') . '>';

 		$sql = 'SELECT group_id, group_name
@@ -1093,7 +1122,7 @@ class acp_attachments
 		$row['group_id'] = 0;
 		$row['group_name'] = $user->lang['NOT_ASSIGNED'];
 		$group_name[] = $row;
-		
+
 		for ($i = 0; $i < sizeof($group_name); $i++)
 		{
 			if ($default_group === false)
@@ -1127,14 +1156,14 @@ class acp_attachments
 		if (empty($magic_home))
 		{
 			$locations = array('C:/WINDOWS/', 'C:/WINNT/', 'C:/WINDOWS/SYSTEM/', 'C:/WINNT/SYSTEM/', 'C:/WINDOWS/SYSTEM32/', 'C:/WINNT/SYSTEM32/', '/usr/bin/', '/usr/sbin/', '/usr/local/bin/', '/usr/local/sbin/', '/opt/', '/usr/imagemagick/', '/usr/bin/imagemagick/');
-			$path_locations = str_replace('\\', '/', (explode(($exe) ? ';' : ':', getenv('PATH'))));	
+			$path_locations = str_replace('\\', '/', (explode(($exe) ? ';' : ':', getenv('PATH'))));

 			$locations = array_merge($path_locations, $locations);

 			foreach ($locations as $location)
 			{
 				// The path might not end properly, fudge it
-				if (substr($location, -1, 1) !== '/')
+				if (substr($location, -1) !== '/')
 				{
 					$location .= '/';
 				}
@@ -1341,7 +1370,7 @@ class acp_attachments
 					$db->sql_query($sql);
 				}
 			}
-			
+
 			if (!empty($ip_list_log))
 			{
 				// Update log
@@ -1399,7 +1428,7 @@ class acp_attachments
 	{
 		// Determine size var and adjust the value accordingly
 		$size_var = ($value >= 1048576) ? 'mb' : (($value >= 1024) ? 'kb' : 'b');
-		$value = ($value >= 1048576) ? round($value / 1048576 * 100) / 100 : (($value >= 1024) ? round($value / 1024 * 100) / 100 : $value);
+		$value = get_formatted_filesize($value, false);

 		return '<input type="text" id="' . $key . '" size="8" maxlength="15" name="config[' . $key . ']" value="' . $value . '" /> <select name="' . $key . '">' . size_select_options($size_var) . '</select>';
 	}
--- a/phpBB/includes/acp/acp_bbcodes.php
+++ b/phpBB/includes/acp/acp_bbcodes.php
@@ -312,7 +312,7 @@ class acp_bbcodes
 				'!(' . str_replace(array('!', '\#'), array('\!', '#'), get_preg_expression('relative_url')) . ')!e'	=>	"\$this->bbcode_specialchars('$1')"
 			),
 			'EMAIL' => array(
-				'!([a-z0-9]+[a-z0-9\-\._]*@(?:(?:[0-9]{1,3}\.){3,5}[0-9]{1,3}|[a-z0-9]+[a-z0-9\-\._]*\.[a-z]+))!i'	=>	"\$this->bbcode_specialchars('$1')"
+				'!(' . get_preg_expression('email') . ')!ie'	=>	"\$this->bbcode_specialchars('$1')"
 			),
 			'TEXT' => array(
 				'!(.*?)!es'	 =>	"str_replace(array(\"\\r\\n\", '\\\"', '\\'', '(', ')'), array(\"\\n\", '\"', '&#39;', '&#40;', '&#41;'), trim('\$1'))"
@@ -334,7 +334,7 @@ class acp_bbcodes
 		$sp_tokens = array(
 			'URL'	 => '(?i)((?:' . str_replace(array('!', '\#'), array('\!', '#'), get_preg_expression('url')) . ')|(?:' . str_replace(array('!', '\#'), array('\!', '#'), get_preg_expression('www_url')) . '))(?-i)',
 			'LOCAL_URL'	 => '(?i)(' . str_replace(array('!', '\#'), array('\!', '#'), get_preg_expression('relative_url')) . ')(?-i)',
-			'EMAIL' => '([a-zA-Z0-9]+[a-zA-Z0-9\-\._]*@(?:(?:[0-9]{1,3}\.){3,5}[0-9]{1,3}|[a-zA-Z0-9]+[a-zA-Z0-9\-\._]*\.[a-zA-Z]+))',
+			'EMAIL' => '(' . get_preg_expression('email') . ')',
 			'TEXT' => '(.*?)',
 			'SIMPLETEXT' => '([a-zA-Z0-9-+.,_ ]+)',
 			'IDENTIFIER' => '([a-zA-Z0-9-_]+)',
--- a/phpBB/includes/acp/acp_board.php
+++ b/phpBB/includes/acp/acp_board.php
@@ -102,14 +102,18 @@ class acp_board
 					'title'	=> 'ACP_AVATAR_SETTINGS',
 					'vars'	=> array(
 						'legend1'				=> 'ACP_AVATAR_SETTINGS',
-						'avatar_min_height'		=> false, 'avatar_min_width' => false, 'avatar_max_height' => false, 'avatar_max_width' => false,
+
+						'avatar_min_width'		=> array('lang' => 'MIN_AVATAR_SIZE', 'validate' => 'int:0', 'type' => false, 'method' => false, 'explain' => false,),
+						'avatar_min_height'		=> array('lang' => 'MIN_AVATAR_SIZE', 'validate' => 'int:0', 'type' => false, 'method' => false, 'explain' => false,),
+						'avatar_max_width'		=> array('lang' => 'MAX_AVATAR_SIZE', 'validate' => 'int:0', 'type' => false, 'method' => false, 'explain' => false,),
+						'avatar_max_height'		=> array('lang' => 'MAX_AVATAR_SIZE', 'validate' => 'int:0', 'type' => false, 'method' => false, 'explain' => false,),

 						'allow_avatar_local'	=> array('lang' => 'ALLOW_LOCAL',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
 						'allow_avatar_remote'	=> array('lang' => 'ALLOW_REMOTE',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'allow_avatar_upload'	=> array('lang' => 'ALLOW_UPLOAD',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
-						'avatar_filesize'		=> array('lang' => 'MAX_FILESIZE',			'validate' => 'int',	'type' => 'text:4:10', 'explain' => true, 'append' => ' ' . $user->lang['BYTES']),
-						'avatar_min'			=> array('lang' => 'MIN_AVATAR_SIZE',		'validate' => 'int',	'type' => 'dimension:3:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
-						'avatar_max'			=> array('lang' => 'MAX_AVATAR_SIZE',		'validate' => 'int',	'type' => 'dimension:3:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
+						'avatar_filesize'		=> array('lang' => 'MAX_FILESIZE',			'validate' => 'int:0',	'type' => 'text:4:10', 'explain' => true, 'append' => ' ' . $user->lang['BYTES']),
+						'avatar_min'			=> array('lang' => 'MIN_AVATAR_SIZE',		'validate' => 'int:0',	'type' => 'dimension:3:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
+						'avatar_max'			=> array('lang' => 'MAX_AVATAR_SIZE',		'validate' => 'int:0',	'type' => 'dimension:3:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
 						'avatar_path'			=> array('lang' => 'AVATAR_STORAGE_PATH',	'validate' => 'rwpath',	'type' => 'text:20:255', 'explain' => true),
 						'avatar_gallery_path'	=> array('lang' => 'AVATAR_GALLERY_PATH',	'validate' => 'rpath',	'type' => 'text:20:255', 'explain' => true)
 					)
@@ -123,11 +127,11 @@ class acp_board
 					'vars'	=> array(
 						'legend1'				=> 'GENERAL_SETTINGS',
 						'allow_privmsg'			=> array('lang' => 'BOARD_PM',				'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
-						'pm_max_boxes'			=> array('lang' => 'BOXES_MAX',				'validate' => 'int',	'type' => 'text:4:4', 'explain' => true),
-						'pm_max_msgs'			=> array('lang' => 'BOXES_LIMIT',			'validate' => 'int',	'type' => 'text:4:4', 'explain' => true),
+						'pm_max_boxes'			=> array('lang' => 'BOXES_MAX',				'validate' => 'int:0',	'type' => 'text:4:4', 'explain' => true),
+						'pm_max_msgs'			=> array('lang' => 'BOXES_LIMIT',			'validate' => 'int:0',	'type' => 'text:4:4', 'explain' => true),
 						'full_folder_action'	=> array('lang' => 'FULL_FOLDER_ACTION',	'validate' => 'int',	'type' => 'select', 'method' => 'full_folder_select', 'explain' => true),
-						'pm_edit_time'			=> array('lang' => 'PM_EDIT_TIME',			'validate' => 'int',	'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['MINUTES']),
-						
+						'pm_edit_time'			=> array('lang' => 'PM_EDIT_TIME',			'validate' => 'int:0',	'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['MINUTES']),
+
 						'legend2'				=> 'GENERAL_OPTIONS',
 						'allow_mass_pm'			=> array('lang' => 'ALLOW_MASS_PM',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
 						'auth_bbcode_pm'		=> array('lang' => 'ALLOW_BBCODE_PM',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
@@ -160,21 +164,21 @@ class acp_board

 						'legend2'				=> 'POSTING',
 						'bump_type'				=> false,
-						'edit_time'				=> array('lang' => 'EDIT_TIME',				'validate' => 'int',	'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['MINUTES']),
-						'display_last_edited'	=> array('lang' => 'DISPLAY_LAST_EDITED',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
-						'flood_interval'		=> array('lang' => 'FLOOD_INTERVAL',		'validate' => 'int',	'type' => 'text:3:10', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
-						'bump_interval'			=> array('lang' => 'BUMP_INTERVAL',			'validate' => 'int',	'type' => 'custom', 'method' => 'bump_interval', 'explain' => true),
-						'topics_per_page'		=> array('lang' => 'TOPICS_PER_PAGE',		'validate' => 'int',	'type' => 'text:3:4', 'explain' => false),
-						'posts_per_page'		=> array('lang' => 'POSTS_PER_PAGE',		'validate' => 'int',	'type' => 'text:3:4', 'explain' => false),
-						'hot_threshold'			=> array('lang' => 'HOT_THRESHOLD',			'validate' => 'int',	'type' => 'text:3:4', 'explain' => true),
-						'max_poll_options'		=> array('lang' => 'MAX_POLL_OPTIONS',		'validate' => 'int',	'type' => 'text:4:4', 'explain' => false),
-						'max_post_chars'		=> array('lang' => 'CHAR_LIMIT',			'validate' => 'int',	'type' => 'text:4:6', 'explain' => true),
-						'max_post_smilies'		=> array('lang' => 'SMILIES_LIMIT',			'validate' => 'int',	'type' => 'text:4:4', 'explain' => true),
-						'max_post_urls'			=> array('lang' => 'MAX_POST_URLS',			'validate' => 'int',	'type' => 'text:5:4', 'explain' => true),
-						'max_post_font_size'	=> array('lang' => 'MAX_POST_FONT_SIZE',	'validate' => 'int',	'type' => 'text:5:4', 'explain' => true, 'append' => ' %'),
-						'max_quote_depth'		=> array('lang' => 'QUOTE_DEPTH_LIMIT',		'validate' => 'int',	'type' => 'text:4:4', 'explain' => true),
-						'max_post_img_width'	=> array('lang' => 'MAX_POST_IMG_WIDTH',	'validate' => 'int',	'type' => 'text:5:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
-						'max_post_img_height'	=> array('lang' => 'MAX_POST_IMG_HEIGHT',	'validate' => 'int',	'type' => 'text:5:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
+						'edit_time'				=> array('lang' => 'EDIT_TIME',				'validate' => 'int:0',		'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['MINUTES']),
+						'display_last_edited'	=> array('lang' => 'DISPLAY_LAST_EDITED',	'validate' => 'bool',		'type' => 'radio:yes_no', 'explain' => true),
+						'flood_interval'		=> array('lang' => 'FLOOD_INTERVAL',		'validate' => 'int:0',		'type' => 'text:3:10', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
+						'bump_interval'			=> array('lang' => 'BUMP_INTERVAL',			'validate' => 'int:0',		'type' => 'custom', 'method' => 'bump_interval', 'explain' => true),
+						'topics_per_page'		=> array('lang' => 'TOPICS_PER_PAGE',		'validate' => 'int:1',		'type' => 'text:3:4', 'explain' => false),
+						'posts_per_page'		=> array('lang' => 'POSTS_PER_PAGE',		'validate' => 'int:1',		'type' => 'text:3:4', 'explain' => false),
+						'hot_threshold'			=> array('lang' => 'HOT_THRESHOLD',			'validate' => 'int:0',		'type' => 'text:3:4', 'explain' => true),
+						'max_poll_options'		=> array('lang' => 'MAX_POLL_OPTIONS',		'validate' => 'int:2:127',	'type' => 'text:4:4', 'explain' => false),
+						'max_post_chars'		=> array('lang' => 'CHAR_LIMIT',			'validate' => 'int:0',		'type' => 'text:4:6', 'explain' => true),
+						'max_post_smilies'		=> array('lang' => 'SMILIES_LIMIT',			'validate' => 'int:0',		'type' => 'text:4:4', 'explain' => true),
+						'max_post_urls'			=> array('lang' => 'MAX_POST_URLS',			'validate' => 'int:0',		'type' => 'text:5:4', 'explain' => true),
+						'max_post_font_size'	=> array('lang' => 'MAX_POST_FONT_SIZE',	'validate' => 'int:0',		'type' => 'text:5:4', 'explain' => true, 'append' => ' %'),
+						'max_quote_depth'		=> array('lang' => 'QUOTE_DEPTH_LIMIT',		'validate' => 'int:0',		'type' => 'text:4:4', 'explain' => true),
+						'max_post_img_width'	=> array('lang' => 'MAX_POST_IMG_WIDTH',	'validate' => 'int:0',		'type' => 'text:5:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
+						'max_post_img_height'	=> array('lang' => 'MAX_POST_IMG_HEIGHT',	'validate' => 'int:0',		'type' => 'text:5:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
 					)
 				);
 			break;
@@ -192,12 +196,12 @@ class acp_board
 						'allow_sig_links'		=> array('lang' => 'ALLOW_SIG_LINKS',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),

 						'legend2'				=> 'GENERAL_SETTINGS',
-						'max_sig_chars'			=> array('lang' => 'MAX_SIG_LENGTH',		'validate' => 'int',	'type' => 'text:5:4', 'explain' => true),
-						'max_sig_urls'			=> array('lang' => 'MAX_SIG_URLS',			'validate' => 'int',	'type' => 'text:5:4', 'explain' => true),
-						'max_sig_font_size'		=> array('lang' => 'MAX_SIG_FONT_SIZE',		'validate' => 'int',	'type' => 'text:5:4', 'explain' => true, 'append' => ' %'),
-						'max_sig_smilies'		=> array('lang' => 'MAX_SIG_SMILIES',		'validate' => 'int',	'type' => 'text:5:4', 'explain' => true),
-						'max_sig_img_width'		=> array('lang' => 'MAX_SIG_IMG_WIDTH',		'validate' => 'int',	'type' => 'text:5:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
-						'max_sig_img_height'	=> array('lang' => 'MAX_SIG_IMG_HEIGHT',	'validate' => 'int',	'type' => 'text:5:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
+						'max_sig_chars'			=> array('lang' => 'MAX_SIG_LENGTH',		'validate' => 'int:0',	'type' => 'text:5:4', 'explain' => true),
+						'max_sig_urls'			=> array('lang' => 'MAX_SIG_URLS',			'validate' => 'int:0',	'type' => 'text:5:4', 'explain' => true),
+						'max_sig_font_size'		=> array('lang' => 'MAX_SIG_FONT_SIZE',		'validate' => 'int:0',	'type' => 'text:5:4', 'explain' => true, 'append' => ' %'),
+						'max_sig_smilies'		=> array('lang' => 'MAX_SIG_SMILIES',		'validate' => 'int:0',	'type' => 'text:5:4', 'explain' => true),
+						'max_sig_img_width'		=> array('lang' => 'MAX_SIG_IMG_WIDTH',		'validate' => 'int:0',	'type' => 'text:5:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
+						'max_sig_img_height'	=> array('lang' => 'MAX_SIG_IMG_HEIGHT',	'validate' => 'int:0',	'type' => 'text:5:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
 					)
 				);
 			break;
@@ -207,24 +211,22 @@ class acp_board
 					'title'	=> 'ACP_REGISTER_SETTINGS',
 					'vars'	=> array(
 						'legend1'				=> 'GENERAL_SETTINGS',
-						'max_name_chars'		=> false,
-						'max_pass_chars'		=> false,
+						'max_name_chars'		=> array('lang' => 'USERNAME_LENGTH', 'validate' => 'int:8:180', 'type' => false, 'method' => false, 'explain' => false,),
+						'max_pass_chars'		=> array('lang' => 'PASSWORD_LENGTH', 'validate' => 'int:8:255', 'type' => false, 'method' => false, 'explain' => false,),

 						'require_activation'	=> array('lang' => 'ACC_ACTIVATION',	'validate' => 'int',	'type' => 'custom', 'method' => 'select_acc_activation', 'explain' => true),
-						'min_name_chars'		=> array('lang' => 'USERNAME_LENGTH',	'validate' => 'int',	'type' => 'custom', 'method' => 'username_length', 'explain' => true),
-						'min_pass_chars'		=> array('lang' => 'PASSWORD_LENGTH',	'validate' => 'int',	'type' => 'custom', 'method' => 'password_length', 'explain' => true),
+						'min_name_chars'		=> array('lang' => 'USERNAME_LENGTH',	'validate' => 'int:1',	'type' => 'custom:5:180', 'method' => 'username_length', 'explain' => true),
+						'min_pass_chars'		=> array('lang' => 'PASSWORD_LENGTH',	'validate' => 'int:1',	'type' => 'custom', 'method' => 'password_length', 'explain' => true),
 						'allow_name_chars'		=> array('lang' => 'USERNAME_CHARS',	'validate' => 'string',	'type' => 'select', 'method' => 'select_username_chars', 'explain' => true),
 						'pass_complex'			=> array('lang' => 'PASSWORD_TYPE',		'validate' => 'string',	'type' => 'select', 'method' => 'select_password_chars', 'explain' => true),
-						'chg_passforce'			=> array('lang' => 'FORCE_PASS_CHANGE',	'validate' => 'int',	'type' => 'text:3:3', 'explain' => true, 'append' => ' ' . $user->lang['DAYS']),
+						'chg_passforce'			=> array('lang' => 'FORCE_PASS_CHANGE',	'validate' => 'int:0',	'type' => 'text:3:3', 'explain' => true, 'append' => ' ' . $user->lang['DAYS']),

 						'legend2'				=> 'GENERAL_OPTIONS',
 						'allow_namechange'		=> array('lang' => 'ALLOW_NAME_CHANGE',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
 						'allow_emailreuse'		=> array('lang' => 'ALLOW_EMAIL_REUSE',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'enable_confirm'		=> array('lang' => 'VISUAL_CONFIRM_REG',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
-						'max_login_attempts'	=> array('lang' => 'MAX_LOGIN_ATTEMPTS',	'validate' => 'int',	'type' => 'text:3:3', 'explain' => true),
-						'max_reg_attempts'		=> array('lang' => 'REG_LIMIT',				'validate' => 'int',	'type' => 'text:4:4', 'explain' => true),
-						'min_time_reg'			=> array('lang' => 'MIN_TIME_REG',			'validate' => 'int',	'type' => 'text:3:3', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
-						'min_time_terms'		=> array('lang' => 'MIN_TIME_TERMS',		'validate' => 'int',	'type' => 'text:3:3', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
+						'max_login_attempts'	=> array('lang' => 'MAX_LOGIN_ATTEMPTS',	'validate' => 'int:0',	'type' => 'text:3:3', 'explain' => true),
+						'max_reg_attempts'		=> array('lang' => 'REG_LIMIT',				'validate' => 'int:0',	'type' => 'text:4:4', 'explain' => true),

 						'legend3'			=> 'COPPA',
 						'coppa_enable'		=> array('lang' => 'ENABLE_COPPA',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
@@ -253,9 +255,9 @@ class acp_board
 					'vars'	=> array(
 						'legend1'			=> 'GENERAL_SETTINGS',
 						'limit_load'		=> array('lang' => 'LIMIT_LOAD',		'validate' => 'string',	'type' => 'text:4:4', 'explain' => true),
-						'session_length'	=> array('lang' => 'SESSION_LENGTH',	'validate' => 'int',	'type' => 'text:5:10', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
-						'active_sessions'	=> array('lang' => 'LIMIT_SESSIONS',	'validate' => 'int',	'type' => 'text:4:4', 'explain' => true),
-						'load_online_time'	=> array('lang' => 'ONLINE_LENGTH',		'validate' => 'int',	'type' => 'text:4:3', 'explain' => true, 'append' => ' ' . $user->lang['MINUTES']),
+						'session_length'	=> array('lang' => 'SESSION_LENGTH',	'validate' => 'int:60',	'type' => 'text:5:10', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
+						'active_sessions'	=> array('lang' => 'LIMIT_SESSIONS',	'validate' => 'int:0',	'type' => 'text:4:4', 'explain' => true),
+						'load_online_time'	=> array('lang' => 'ONLINE_LENGTH',		'validate' => 'int:0',	'type' => 'text:4:3', 'explain' => true, 'append' => ' ' . $user->lang['MINUTES']),

 						'legend2'				=> 'GENERAL_OPTIONS',
 						'load_db_track'			=> array('lang' => 'YES_POST_MARKING',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
@@ -269,7 +271,7 @@ class acp_board
 						'load_jumpbox'			=> array('lang' => 'YES_JUMPBOX',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
 						'load_user_activity'	=> array('lang' => 'LOAD_USER_ACTIVITY',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'load_tplcompile'		=> array('lang' => 'RECOMPILE_STYLES',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
-						
+
 						'legend3'				=> 'CUSTOM_PROFILE_FIELDS',
 						'load_cpf_memberlist'	=> array('lang' => 'LOAD_CPF_MEMBERLIST',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
 						'load_cpf_viewprofile'	=> array('lang' => 'LOAD_CPF_VIEWPROFILE',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
@@ -305,7 +307,7 @@ class acp_board
 						'force_server_vars'		=> array('lang' => 'FORCE_SERVER_VARS',	'validate' => 'bool',			'type' => 'radio:yes_no', 'explain' => true),
 						'server_protocol'		=> array('lang' => 'SERVER_PROTOCOL',	'validate' => 'string',			'type' => 'text:10:10', 'explain' => true),
 						'server_name'			=> array('lang' => 'SERVER_NAME',		'validate' => 'string',			'type' => 'text:40:255', 'explain' => true),
-						'server_port'			=> array('lang' => 'SERVER_PORT',		'validate' => 'int',			'type' => 'text:5:5', 'explain' => true),
+						'server_port'			=> array('lang' => 'SERVER_PORT',		'validate' => 'int:0',			'type' => 'text:5:5', 'explain' => true),
 						'script_path'			=> array('lang' => 'SCRIPT_PATH',		'validate' => 'script_path',	'type' => 'text::255', 'explain' => true),
 					)
 				);
@@ -317,18 +319,18 @@ class acp_board
 					'vars'	=> array(
 						'legend1'				=> 'ACP_SECURITY_SETTINGS',
 						'allow_autologin'		=> array('lang' => 'ALLOW_AUTOLOGIN',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
-						'max_autologin_time'	=> array('lang' => 'AUTOLOGIN_LENGTH',		'validate' => 'int',	'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['DAYS']),
+						'max_autologin_time'	=> array('lang' => 'AUTOLOGIN_LENGTH',		'validate' => 'int:0',	'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['DAYS']),
 						'ip_check'				=> array('lang' => 'IP_VALID',				'validate' => 'int',	'type' => 'custom', 'method' => 'select_ip_check', 'explain' => true),
 						'browser_check'			=> array('lang' => 'BROWSER_VALID',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'forwarded_for_check'	=> array('lang' => 'FORWARDED_FOR_VALID',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
+						'referer_validation'	=> array('lang' => 'REFERER_VALID',		'validate' => 'int:0:3','type' => 'custom', 'method' => 'select_ref_check', 'explain' => true),
 						'check_dnsbl'			=> array('lang' => 'CHECK_DNSBL',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'email_check_mx'		=> array('lang' => 'EMAIL_CHECK_MX',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'pass_complex'			=> array('lang' => 'PASSWORD_TYPE',			'validate' => 'string',	'type' => 'select', 'method' => 'select_password_chars', 'explain' => true),
-						'chg_passforce'			=> array('lang' => 'FORCE_PASS_CHANGE',		'validate' => 'int',	'type' => 'text:3:3', 'explain' => true, 'append' => ' ' . $user->lang['DAYS']),
-						'max_login_attempts'	=> array('lang' => 'MAX_LOGIN_ATTEMPTS',	'validate' => 'int',	'type' => 'text:3:3', 'explain' => true),
+						'chg_passforce'			=> array('lang' => 'FORCE_PASS_CHANGE',		'validate' => 'int:0',	'type' => 'text:3:3', 'explain' => true, 'append' => ' ' . $user->lang['DAYS']),
+						'max_login_attempts'	=> array('lang' => 'MAX_LOGIN_ATTEMPTS',	'validate' => 'int:0',	'type' => 'text:3:3', 'explain' => true),
 						'tpl_allow_php'			=> array('lang' => 'TPL_ALLOW_PHP',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
-						'form_token_lifetime'	=> array('lang' => 'FORM_TIME_MAX',			'validate' => 'int',	'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
-						'form_token_mintime'	=> array('lang' => 'FORM_TIME_MIN',			'validate' => 'int',	'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
+						'form_token_lifetime'	=> array('lang' => 'FORM_TIME_MAX',			'validate' => 'int:-1',	'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
 						'form_token_sid_guests'	=> array('lang' => 'FORM_SID_GUESTS',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),

 					)
@@ -343,7 +345,7 @@ class acp_board
 						'email_enable'			=> array('lang' => 'ENABLE_EMAIL',			'validate' => 'bool',	'type' => 'radio:enabled_disabled', 'explain' => true),
 						'board_email_form'		=> array('lang' => 'BOARD_EMAIL_FORM',		'validate' => 'bool',	'type' => 'radio:enabled_disabled', 'explain' => true),
 						'email_function_name'	=> array('lang' => 'EMAIL_FUNCTION_NAME',	'validate' => 'string',	'type' => 'text:20:50', 'explain' => true),
-						'email_package_size'	=> array('lang' => 'EMAIL_PACKAGE_SIZE',	'validate' => 'int',	'type' => 'text:5:5', 'explain' => true),
+						'email_package_size'	=> array('lang' => 'EMAIL_PACKAGE_SIZE',	'validate' => 'int:0',	'type' => 'text:5:5', 'explain' => true),
 						'board_contact'			=> array('lang' => 'CONTACT_EMAIL',			'validate' => 'string',	'type' => 'text:25:100', 'explain' => true),
 						'board_email'			=> array('lang' => 'ADMIN_EMAIL',			'validate' => 'string',	'type' => 'text:25:100', 'explain' => true),
 						'board_email_sig'		=> array('lang' => 'EMAIL_SIG',				'validate' => 'string',	'type' => 'textarea:5:30', 'explain' => true),
@@ -352,7 +354,7 @@ class acp_board
 						'legend2'				=> 'SMTP_SETTINGS',
 						'smtp_delivery'			=> array('lang' => 'USE_SMTP',				'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'smtp_host'				=> array('lang' => 'SMTP_SERVER',			'validate' => 'string',	'type' => 'text:25:50', 'explain' => false),
-						'smtp_port'				=> array('lang' => 'SMTP_PORT',				'validate' => 'int',	'type' => 'text:4:5', 'explain' => true),
+						'smtp_port'				=> array('lang' => 'SMTP_PORT',				'validate' => 'int:0',	'type' => 'text:4:5', 'explain' => true),
 						'smtp_auth_method'		=> array('lang' => 'SMTP_AUTH_METHOD',		'validate' => 'string',	'type' => 'select', 'method' => 'mail_auth_select', 'explain' => true),
 						'smtp_username'			=> array('lang' => 'SMTP_USERNAME',			'validate' => 'string',	'type' => 'text:25:255', 'explain' => true),
 						'smtp_password'			=> array('lang' => 'SMTP_PASSWORD',			'validate' => 'string',	'type' => 'password:25:255', 'explain' => true)
@@ -555,16 +557,23 @@ class acp_board
 			{
 				$l_explain = (isset($user->lang[$vars['lang'] . '_EXPLAIN'])) ? $user->lang[$vars['lang'] . '_EXPLAIN'] : '';
 			}
-
+			
+			$content = build_cfg_template($type, $config_key, $this->new_config, $config_key, $vars);
+			
+			if (empty($content))
+			{
+				continue;
+			}
+			
 			$template->assign_block_vars('options', array(
 				'KEY'			=> $config_key,
 				'TITLE'			=> (isset($user->lang[$vars['lang']])) ? $user->lang[$vars['lang']] : $vars['lang'],
 				'S_EXPLAIN'		=> $vars['explain'],
 				'TITLE_EXPLAIN'	=> $l_explain,
-				'CONTENT'		=> build_cfg_template($type, $config_key, $this->new_config, $config_key, $vars),
+				'CONTENT'		=> $content,
 				)
 			);
-		
+
 			unset($display_vars['vars'][$config_key]);
 		}

@@ -668,7 +677,17 @@ class acp_board

 		return h_radio('config[ip_check]', $radio_ary, $value, $key);
 	}
+	
+	/**
+	* Select referer validation
+	*/
+	function select_ref_check($value, $key = '')
+	{
+		$radio_ary = array(REFERER_VALIDATE_PATH => 'REF_PATH', REFERER_VALIDATE_HOST => 'REF_HOST', REFERER_VALIDATE_NONE => 'NO_REF_VALIDATION');

+		return h_radio('config[referer_validation]', $radio_ary, $value, $key);
+	}
+	
 	/**
 	* Select account activation method
 	*/
@@ -795,7 +814,7 @@ class acp_board
 		}

 		$dateformat_options .= '<option value="custom"';
-		if (!in_array($value, array_keys($user->lang['dateformats'])))
+		if (!isset($user->lang['dateformats'][$value]))
 		{
 			$dateformat_options .= ' selected="selected"';
 		}
--- a/phpBB/includes/acp/acp_captcha.php
+++ b/phpBB/includes/acp/acp_captcha.php
@@ -29,7 +29,7 @@ class acp_captcha

 		$user->add_lang('acp/board');

-		
+
 		$captcha_vars = array(
 			'captcha_gd_x_grid'				=> 'CAPTCHA_GD_X_GRID',
 			'captcha_gd_y_grid'				=> 'CAPTCHA_GD_Y_GRID',
@@ -54,7 +54,7 @@ class acp_captcha
 			}
 			$captcha = new captcha();
 			$captcha->execute(gen_rand_string(mt_rand(5, 8)), time());
-			exit_handler();
+			exit;
 		}

 		$config_vars = array(
@@ -90,7 +90,7 @@ class acp_captcha
 		}
 		else
 		{
-			
+
 			$preview_image_src = append_sid(append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&amp;demo=demo"));
 			if (@extension_loaded('gd'))
 			{
@@ -110,7 +110,7 @@ class acp_captcha
 				'CAPTCHA_PREVIEW'	=> $preview_image_src,
 				'PREVIEW'			=> isset($_POST['preview']),
 			));
-			
+
 		}
 	}
 }
--- a/phpBB/includes/acp/acp_database.php
+++ b/phpBB/includes/acp/acp_database.php
@@ -25,7 +25,7 @@ class acp_database

 	function main($id, $mode)
 	{
-		global $db, $user, $auth, $template, $table_prefix;
+		global $cache, $db, $user, $auth, $template, $table_prefix;
 		global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx;
 		
 		$user->add_lang('acp/database');
@@ -159,18 +159,20 @@ class acp_database

 						$extractor->write_end();

+						add_log('admin', 'LOG_DB_BACKUP');
+
 						if ($download == true)
 						{
 							exit;
 						}

-						add_log('admin', 'LOG_DB_BACKUP');
 						trigger_error($user->lang['BACKUP_SUCCESS'] . adm_back_link($this->u_action));
 					break;

 					default:
 						include($phpbb_root_path . 'includes/functions_install.' . $phpEx);
 						$tables = get_tables($db);
+						asort($tables);
 						foreach ($tables as $table_name)
 						{
 							if (strlen($table_prefix) === 0 || stripos($table_name, $table_prefix) === 0)
@@ -341,10 +343,29 @@ class acp_database
 								break;

 								case 'postgres':
+									$delim = ";\n";
 									while (($sql = $fgetd($fp, $delim, $read, $seek, $eof)) !== false)
 									{
 										$query = trim($sql);
-										$db->sql_query($query);
+
+										if (substr($query, 0, 13) == 'CREATE DOMAIN')
+										{
+											list(, , $domain) = explode(' ', $query);
+											$sql = "SELECT domain_name
+												FROM information_schema.domains
+												WHERE domain_name = '$domain';";
+											$result = $db->sql_query($sql);
+											if (!$db->sql_fetchrow($result))
+											{
+												$db->sql_query($query);
+											}
+											$db->sql_freeresult($result);
+										}
+										else
+										{
+											$db->sql_query($query);
+										}
+
 										if (substr($query, 0, 4) == 'COPY')
 										{
 											while (($sub = $fgetd($fp, "\n", $read, $seek, $eof)) !== '\.')
@@ -379,6 +400,9 @@ class acp_database

 							$close($fp);

+							// Purge the cache due to updated data
+							$cache->purge();
+
 							add_log('admin', 'LOG_DB_RESTORE');
 							trigger_error($user->lang['RESTORE_SUCCESS'] . adm_back_link($this->u_action));
 							break;
@@ -1086,7 +1110,7 @@ class postgres_extractor extends base_extractor
 		}

 		$sql_data = '-- Table: ' . $table_name . "\n";
-		//$sql_data .= "DROP TABLE $table_name;\n";
+		$sql_data .= "DROP TABLE $table_name;\n";
 		// PGSQL does not "tightly" bind sequences and tables, we must guess...
 		$sql = "SELECT relname
 			FROM pg_class
@@ -1155,7 +1179,7 @@ class postgres_extractor extends base_extractor
 				$line .= ')';
 			}

-			if (!empty($row['rowdefault']))
+			if (isset($row['rowdefault']))
 			{
 				$line .= ' DEFAULT ' . $row['rowdefault'];
 			}
--- a/phpBB/includes/acp/acp_forums.php
+++ b/phpBB/includes/acp/acp_forums.php
@@ -56,7 +56,7 @@ class acp_forums
 				$total = request_var('total', 0);

 				$this->display_progress_bar($start, $total);
-				exit_handler();
+				exit;
 			break;

 			case 'delete':
@@ -74,7 +74,7 @@ class acp_forums
 				{
 					trigger_error($user->lang['NO_PERMISSION_FORUM_ADD'] . adm_back_link($this->u_action . '&amp;parent_id=' . $this->parent_id), E_USER_WARNING);
 				}
-			
+
 			break;
 		}

@@ -100,7 +100,7 @@ class acp_forums
 					$cache->destroy('sql', FORUMS_TABLE);

 					trigger_error($user->lang['FORUM_DELETED'] . adm_back_link($this->u_action . '&amp;parent_id=' . $this->parent_id));
-	
+
 				break;

 				case 'edit':
@@ -132,6 +132,7 @@ class acp_forums
 						'forum_rules_link'		=> request_var('forum_rules_link', ''),
 						'forum_image'			=> request_var('forum_image', ''),
 						'forum_style'			=> request_var('forum_style', 0),
+						'display_subforum_list'	=> request_var('display_subforum_list', false),
 						'display_on_index'		=> request_var('display_on_index', false),
 						'forum_topics_per_page'	=> request_var('topics_per_page', 0),
 						'enable_indexing'		=> request_var('enable_indexing', true),
@@ -188,7 +189,7 @@ class acp_forums
 								$sql = 'DELETE FROM ' . ACL_USERS_TABLE . '
 									WHERE forum_id = ' . (int) $forum_data['forum_id'];
 								$db->sql_query($sql);
-	
+
 								$sql = 'DELETE FROM ' . ACL_GROUPS_TABLE . '
 									WHERE forum_id = ' . (int) $forum_data['forum_id'];
 								$db->sql_query($sql);
@@ -244,7 +245,7 @@ class acp_forums

 						$auth->acl_clear_prefetch();
 						$cache->destroy('sql', FORUMS_TABLE);
-	
+
 						$acl_url = '&amp;mode=setting_forum_local&amp;forum_id[]=' . $forum_data['forum_id'];

 						$message = ($action == 'add') ? $user->lang['FORUM_CREATED'] : $user->lang['FORUM_UPDATED'];
@@ -471,6 +472,7 @@ class acp_forums
 							'forum_rules_link'		=> '',
 							'forum_image'			=> '',
 							'forum_style'			=> 0,
+							'display_subforum_list'	=> true,
 							'display_on_index'		=> false,
 							'forum_topics_per_page'	=> 0,
 							'enable_indexing'		=> true,
@@ -541,7 +543,7 @@ class acp_forums

 				$forum_type_options = '';
 				$forum_type_ary = array(FORUM_CAT => 'CAT', FORUM_POST => 'FORUM', FORUM_LINK => 'LINK');
-		
+
 				foreach ($forum_type_ary as $value => $lang)
 				{
 					$forum_type_options .= '<option value="' . $value . '"' . (($value == $forum_data['forum_type']) ? ' selected="selected"' : '') . '>' . $user->lang['TYPE_' . $lang] . '</option>';
@@ -611,7 +613,7 @@ class acp_forums
 						}
 					}
 				}
-				
+
 				if (strlen($forum_data['forum_password']) == 32)
 				{
 					$errors[] = $user->lang['FORUM_PASSWORD_OLD'];
@@ -670,6 +672,7 @@ class acp_forums
 					'S_FORUM_CAT'				=> ($forum_data['forum_type'] == FORUM_CAT) ? true : false,
 					'S_ENABLE_INDEXING'			=> ($forum_data['enable_indexing']) ? true : false,
 					'S_TOPIC_ICONS'				=> ($forum_data['enable_icons']) ? true : false,
+					'S_DISPLAY_SUBFORUM_LIST'	=> ($forum_data['display_subforum_list']) ? true : false,
 					'S_DISPLAY_ON_INDEX'		=> ($forum_data['display_on_index']) ? true : false,
 					'S_PRUNE_ENABLE'			=> ($forum_data['enable_prune']) ? true : false,
 					'S_FORUM_LINK_TRACK'		=> ($forum_data['forum_flags'] & FORUM_FLAG_LINK_TRACK) ? true : false,
@@ -916,6 +919,13 @@ class acp_forums
 			$errors[] = $user->lang['FORUM_DATA_NEGATIVE'];
 		}

+		$range_test_ary = array(
+			array('lang' => 'FORUM_TOPICS_PAGE', 'value' => $forum_data['forum_topics_per_page'], 'column_type' => 'TINT:0'),
+		);
+		validate_range($range_test_ary, $errors);
+
+
+
 		// Set forum flags
 		// 1 = link tracking
 		// 2 = prune old polls
@@ -964,7 +974,7 @@ class acp_forums
 			$forum_data_sql['forum_password'] = phpbb_hash($forum_data_sql['forum_password']);
 		}
 		unset($forum_data_sql['forum_password_unset']);
-		
+
 		if (!isset($forum_data_sql['forum_id']))
 		{
 			// no forum_id means we're creating a new forum
@@ -1622,7 +1632,7 @@ class acp_forums
 			WHERE p.forum_id = $forum_id
 				AND a.in_message = 0
 				AND a.topic_id = p.topic_id";
-		$result = $db->sql_query($sql);	
+		$result = $db->sql_query($sql);

 		$topic_ids = array();
 		while ($row = $db->sql_fetchrow($result))
@@ -1680,7 +1690,7 @@ class acp_forums
 			break;

 			default:
-			
+
 				// Delete everything else and curse your DB for not offering multi-table deletion
 				$tables_ary = array(
 					'post_id'	=>	array(
--- a/phpBB/includes/acp/acp_groups.php
+++ b/phpBB/includes/acp/acp_groups.php
@@ -87,24 +87,32 @@ class acp_groups

 				// Approve, demote or promote
 				$group_name = ($group_row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $group_row['group_name']] : $group_row['group_name'];
-				group_user_attributes($action, $group_id, $mark_ary, false, $group_name);
-
-				switch ($action)
+				$error = group_user_attributes($action, $group_id, $mark_ary, false, $group_name);
+				
+				if (!$error)
 				{
-					case 'demote':
-						$message = 'GROUP_MODS_DEMOTED';
-					break;
+					switch ($action)
+					{
+						case 'demote':
+							$message = 'GROUP_MODS_DEMOTED';
+						break;

-					case 'promote':
-						$message = 'GROUP_MODS_PROMOTED';
-					break;
+						case 'promote':
+							$message = 'GROUP_MODS_PROMOTED';
+						break;

-					case 'approve':
-						$message = 'USERS_APPROVED';
-					break;
+						case 'approve':
+							$message = 'USERS_APPROVED';
+						break;
+					}
+
+					trigger_error($user->lang[$message] . adm_back_link($this->u_action . '&amp;action=list&amp;g=' . $group_id));
 				}
-
-				trigger_error($user->lang[$message] . adm_back_link($this->u_action . '&amp;action=list&amp;g=' . $group_id));
+				else
+				{
+					trigger_error($user->lang[$error] . adm_back_link($this->u_action . '&amp;action=list&amp;g=' . $group_id), E_USER_WARNING);
+				}
+				
 			break;

 			case 'default':
--- a/phpBB/includes/acp/acp_icons.php
+++ b/phpBB/includes/acp/acp_icons.php
@@ -337,11 +337,16 @@ class acp_icons
 				}

 				$icons_updated = 0;
+				$errors = array();
 				foreach ($images as $image)
 				{
-					if (($mode == 'smilies' && ($image_emotion[$image] == '' || $image_code[$image] == '')) ||
-						($action == 'create' && !isset($image_add[$image])))
+					if ($mode == 'smilies' && ($image_emotion[$image] == '' || $image_code[$image] == ''))
 					{
+						$errors[$image] = 'SMILIE_NO_' . (($image_emotion[$image] == '') ? 'EMOTION' : 'CODE');
+					}
+					else if ($action == 'create' && !isset($image_add[$image]))
+					{
+						// skip images where add wasn't checked
 					}
 					else
 					{
@@ -431,13 +436,18 @@ class acp_icons
 					default:
 						$suc_lang = $lang;
 				}
+				$errormsgs = '';
+				foreach ($errors as $img => $error)
+				{
+					$errormsgs .= '<br />' . sprintf($user->lang[$error], $img);
+				}
 				if ($action == 'modify')
 				{
-					trigger_error($user->lang[$suc_lang . '_EDITED'] . adm_back_link($this->u_action), $level);
+					trigger_error($user->lang[$suc_lang . '_EDITED'] . $errormsgs . adm_back_link($this->u_action), $level);
 				}
 				else
 				{
-					trigger_error($user->lang[$suc_lang . '_ADDED'] . adm_back_link($this->u_action), $level);
+					trigger_error($user->lang[$suc_lang . '_ADDED'] . $errormsgs . adm_back_link($this->u_action), $level);
 				}

 			break;
@@ -462,7 +472,7 @@ class acp_icons
 						if (preg_match_all("#'(.*?)', ?#", $pak_entry, $data))
 						{
 							if ((sizeof($data[1]) != 4 && $mode == 'icons') ||
-								(sizeof($data[1]) != 6 && $mode == 'smilies'))
+								((sizeof($data[1]) != 6 || (empty($data[1][4]) || empty($data[1][5]))) && $mode == 'smilies' ))
 							{
 								trigger_error($user->lang['WRONG_PAK_TYPE'] . adm_back_link($this->u_action), E_USER_WARNING);
 							}
--- a/phpBB/includes/acp/acp_inactive.php
+++ b/phpBB/includes/acp/acp_inactive.php
--- a/phpBB/includes/acp/acp_main.php
+++ b/phpBB/includes/acp/acp_main.php
@@ -61,6 +61,14 @@ class acp_main

 		if ($action)
 		{
+			if ($action === 'admlogout')
+			{
+				$user->unset_admin();
+				$redirect_url = append_sid("{$phpbb_root_path}index.$phpEx");
+				meta_refresh(3, $redirect_url);
+				trigger_error($user->lang['ADM_LOGGED_OUT'] . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . $redirect_url . '">', '</a>'));
+			}
+
 			if (!confirm_box(true))
 			{
 				switch ($action)
@@ -108,6 +116,7 @@ class acp_main
 			{
 				switch ($action)
 				{
+
 					case 'online':
 						if (!$auth->acl_get('a_board'))
 						{
@@ -310,8 +319,8 @@ class acp_main
 		$users_per_day = sprintf('%.2f', $total_users / $boarddays);
 		$files_per_day = sprintf('%.2f', $total_files / $boarddays);

-		$upload_dir_size = ($config['upload_dir_size'] >= 1048576) ? sprintf('%.2f ' . $user->lang['MB'], ($config['upload_dir_size'] / 1048576)) : (($config['upload_dir_size'] >= 1024) ? sprintf('%.2f ' . $user->lang['KB'], ($config['upload_dir_size'] / 1024)) : sprintf('%.2f ' . $user->lang['BYTES'], $config['upload_dir_size']));
-
+		$upload_dir_size = get_formatted_filesize($config['upload_dir_size']);
+	
 		$avatar_dir_size = 0;

 		if ($avatar_dir = @opendir($phpbb_root_path . $config['avatar_path']))
@@ -325,10 +334,7 @@ class acp_main
 			}
 			closedir($avatar_dir);

-			// This bit of code translates the avatar directory size into human readable format
-			// Borrowed the code from the PHP.net annoted manual, origanally written by:
-			// Jesse (jesse@jess.on.ca)
-			$avatar_dir_size = ($avatar_dir_size >= 1048576) ? sprintf('%.2f ' . $user->lang['MB'], ($avatar_dir_size / 1048576)) : (($avatar_dir_size >= 1024) ? sprintf('%.2f ' . $user->lang['KB'], ($avatar_dir_size / 1024)) : sprintf('%.2f ' . $user->lang['BYTES'], $avatar_dir_size));
+			$avatar_dir_size = get_formatted_filesize($avatar_dir_size);
 		}
 		else
 		{
@@ -392,7 +398,7 @@ class acp_main
 			'DATABASE_INFO'		=> $db->sql_server_info(),
 			'BOARD_VERSION'		=> $config['version'],

-			'U_ACTION'			=> append_sid("{$phpbb_admin_path}index.$phpEx"),
+			'U_ACTION'			=> $this->u_action,
 			'U_ADMIN_LOG'		=> append_sid("{$phpbb_admin_path}index.$phpEx", 'i=logs&amp;mode=admin'),
 			'U_INACTIVE_USERS'	=> append_sid("{$phpbb_admin_path}index.$phpEx", 'i=inactive&amp;mode=list'),

--- a/phpBB/includes/acp/acp_permissions.php
+++ b/phpBB/includes/acp/acp_permissions.php
@@ -48,7 +48,7 @@ class acp_permissions

 			$this->tpl_name = 'permission_trace';

-			if ($user_id && isset($auth_admin->option_ids[$permission]) && $auth->acl_get('a_viewauth'))
+			if ($user_id && isset($auth_admin->acl_options['id'][$permission]) && $auth->acl_get('a_viewauth'))
 			{
 				$this->page_title = sprintf($user->lang['TRACE_PERMISSION'], $user->lang['acl_' . $permission]['lang']);
 				$this->permission_trace($user_id, $forum_id, $permission);
@@ -124,7 +124,7 @@ class acp_permissions
 			$forum_id = array();
 			while ($row = $db->sql_fetchrow($result))
 			{
-				$forum_id[] = $row['forum_id'];
+				$forum_id[] = (int) $row['forum_id'];
 			}
 			$db->sql_freeresult($result);
 		}
@@ -133,7 +133,7 @@ class acp_permissions
 			$forum_id = array();
 			foreach (get_forum_branch($subforum_id, 'children') as $row)
 			{
-				$forum_id[] = $row['forum_id'];
+				$forum_id[] = (int) $row['forum_id'];
 			}
 		}

@@ -598,7 +598,7 @@ class acp_permissions
 			$ids = array();
 			while ($row = $db->sql_fetchrow($result))
 			{
-				$ids[] = $row[$sql_id];
+				$ids[] = (int) $row[$sql_id];
 			}
 			$db->sql_freeresult($result);
 		}
@@ -1117,31 +1117,51 @@ class acp_permissions
 		global $db, $user;

 		$sql_forum_id = ($permission_scope == 'global') ? 'AND a.forum_id = 0' : ((sizeof($forum_id)) ? 'AND ' . $db->sql_in_set('a.forum_id', $forum_id) : 'AND a.forum_id <> 0');
-		$sql_permission_option = ' AND o.auth_option ' . $db->sql_like_expression($permission_type . $db->any_char);
-		
-		$sql = $db->sql_build_query('SELECT_DISTINCT', array(
-			'SELECT'	=> 'u.username, u.username_clean, u.user_regdate, u.user_id',

-			'FROM'		=> array(
-				USERS_TABLE			=> 'u',
-				ACL_OPTIONS_TABLE	=> 'o',
-				ACL_USERS_TABLE		=> 'a'
-			),
+		// Permission options are only able to be a permission set... therefore we will pre-fetch the possible options and also the possible roles
+		$option_ids = $role_ids = array();

-			'LEFT_JOIN'	=> array(
-				array(
-					'FROM'	=> array(ACL_ROLES_DATA_TABLE => 'r'),
-					'ON'	=> 'a.auth_role_id = r.role_id'
-				)
-			),
+		$sql = 'SELECT auth_option_id
+			FROM ' . ACL_OPTIONS_TABLE . '
+			WHERE auth_option ' . $db->sql_like_expression($permission_type . $db->any_char);
+		$result = $db->sql_query($sql);

-			'WHERE'		=> "(a.auth_option_id = o.auth_option_id OR r.auth_option_id = o.auth_option_id)
-				$sql_permission_option
+		while ($row = $db->sql_fetchrow($result))
+		{
+			$option_ids[] = (int) $row['auth_option_id'];
+		}
+		$db->sql_freeresult($result);
+
+		if (sizeof($option_ids))
+		{
+			$sql = 'SELECT DISTINCT role_id
+				FROM ' . ACL_ROLES_DATA_TABLE . '
+				WHERE ' . $db->sql_in_set('auth_option_id', $option_ids);
+			$result = $db->sql_query($sql);
+
+			while ($row = $db->sql_fetchrow($result))
+			{
+				$role_ids[] = (int) $row['role_id'];
+			}
+			$db->sql_freeresult($result);
+		}
+
+		if (sizeof($option_ids) && sizeof($role_ids))
+		{
+			$sql_where = 'AND (' . $db->sql_in_set('a.auth_option_id', $option_ids) . ' OR ' . $db->sql_in_set('a.auth_role_id', $role_ids) . ')';
+		}
+		else
+		{
+			$sql_where = 'AND ' . $db->sql_in_set('a.auth_option_id', $option_ids);
+		}
+
+		// Not ideal, due to the filesort, non-use of indexes, etc.
+		$sql = 'SELECT DISTINCT u.user_id, u.username, u.username_clean, u.user_regdate
+			FROM ' . USERS_TABLE . ' u, ' . ACL_USERS_TABLE . " a
+			WHERE u.user_id = a.user_id
 				$sql_forum_id
-				AND u.user_id = a.user_id",
-
-			'ORDER_BY'	=> 'u.username_clean, u.user_regdate ASC'
-		));
+				$sql_where
+			ORDER BY u.username_clean, u.user_regdate ASC";
 		$result = $db->sql_query($sql);

 		$s_defined_user_options = '';
@@ -1153,29 +1173,12 @@ class acp_permissions
 		}
 		$db->sql_freeresult($result);

-		$sql = $db->sql_build_query('SELECT_DISTINCT', array(
-			'SELECT'	=> 'g.group_type, g.group_name, g.group_id',
-
-			'FROM'		=> array(
-				GROUPS_TABLE		=> 'g',
-				ACL_OPTIONS_TABLE	=> 'o',
-				ACL_GROUPS_TABLE	=> 'a'
-			),
-
-			'LEFT_JOIN'	=> array(
-				array(
-					'FROM'	=> array(ACL_ROLES_DATA_TABLE => 'r'),
-					'ON'	=> 'a.auth_role_id = r.role_id'
-				)
-			),
-
-			'WHERE'		=> "(a.auth_option_id = o.auth_option_id OR r.auth_option_id = o.auth_option_id)
-				$sql_permission_option
+		$sql = 'SELECT DISTINCT g.group_type, g.group_name, g.group_id
+			FROM ' . GROUPS_TABLE . ' g, ' . ACL_GROUPS_TABLE . " a
+			WHERE g.group_id = a.group_id
 				$sql_forum_id
-				AND g.group_id = a.group_id",
-
-			'ORDER_BY'	=> 'g.group_type DESC, g.group_name ASC'
-		));
+				$sql_where
+			ORDER BY g.group_type DESC, g.group_name ASC";
 		$result = $db->sql_query($sql);

 		$s_defined_group_options = '';
--- a/phpBB/includes/acp/acp_prune.php
+++ b/phpBB/includes/acp/acp_prune.php
@@ -405,7 +405,15 @@ class acp_prune
 			$where_sql .= ($email) ? ' AND user_email ' . $db->sql_like_expression(str_replace('*', $db->any_char, $email)) . ' ' : '';
 			$where_sql .= (sizeof($joined)) ? " AND user_regdate " . $key_match[$joined_select] . ' ' . gmmktime(0, 0, 0, (int) $joined[1], (int) $joined[2], (int) $joined[0]) : '';
 			$where_sql .= ($count !== '') ? " AND user_posts " . $key_match[$count_select] . ' ' . (int) $count . ' ' : '';
-			$where_sql .= (sizeof($active)) ? " AND user_lastvisit " . $key_match[$active_select] . " " . gmmktime(0, 0, 0, (int) $active[1], (int) $active[2], (int) $active[0]) : '';
+
+			if (sizeof($active) && $active_select != 'lt')
+			{
+				$where_sql .= ' AND user_lastvisit ' . $key_match[$active_select] . ' ' . gmmktime(0, 0, 0, (int) $active[1], (int) $active[2], (int) $active[0]);
+			}
+			else if (sizeof($active))
+			{
+				$where_sql .= ' AND (user_lastvisit > 0 AND user_lastvisit < ' . gmmktime(0, 0, 0, (int) $active[1], (int) $active[2], (int) $active[0]) . ')';
+			}
 		}

 		// Protect the admin, do not prune if no options are given...
--- a/phpBB/includes/acp/acp_search.php
+++ b/phpBB/includes/acp/acp_search.php
@@ -183,6 +183,26 @@ class acp_search
 				}
 			}

+			$search = null;
+			$error = false;
+			if (!$this->init_search($config['search_type'], $search, $error))
+			{
+				if ($updated)
+				{
+					if (method_exists($search, 'config_updated'))
+					{
+						if ($search->config_updated())
+						{
+							trigger_error($error . adm_back_link($this->u_action), E_USER_WARNING);
+						}
+					}
+				}
+			}
+			else
+			{
+				trigger_error($error . adm_back_link($this->u_action), E_USER_WARNING);
+			}
+
 			trigger_error($user->lang['CONFIG_UPDATED'] . $extra_message . adm_back_link($this->u_action));
 		}
 		unset($cfg_array);
@@ -518,9 +538,9 @@ class acp_search
 	function close_popup_js()
 	{
 		return "<script type=\"text/javascript\">\n" .
-			"<!--\n" .
+			"// <![CDATA[\n" .
 			"	close_waitscreen = 1;\n" .
-			"//-->\n" .
+			"// ]]>\n" .
 			"</script>\n";
 	}

--- a/phpBB/includes/acp/acp_styles.php
+++ b/phpBB/includes/acp/acp_styles.php
@@ -695,6 +695,15 @@ parse_css_file = {PARSE_CSS_FILE}
 		{
 			trigger_error($user->lang['NO_TEMPLATE'] . adm_back_link($this->u_action), E_USER_WARNING);
 		}
+		
+		if ($save_changes && !check_form_key('acp_styles'))
+		{
+			trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+		}
+		else if (!$save_changes)
+		{
+			add_form_key('acp_styles');
+		}

 		// save changes to the template if the user submitted any
 		if ($save_changes && $template_file)
@@ -1003,7 +1012,7 @@ parse_css_file = {PARSE_CSS_FILE}

 				'CACHED'		=> $user->format_date(filemtime("{$phpbb_root_path}cache/$filename")),
 				'FILENAME'		=> $file,
-				'FILESIZE'		=> sprintf('%.1f KB', filesize("{$phpbb_root_path}cache/$filename") / 1024),
+				'FILESIZE'		=> sprintf('%.1f ' . $user->lang['KIB'], filesize("{$phpbb_root_path}cache/$filename") / 1024),
 				'MODIFIED'		=> $user->format_date((!$template_row['template_storedb']) ? filemtime("{$phpbb_root_path}styles/{$template_row['template_path']}/template/$tpl_file.html") : $filemtime[$file . '.html']))
 			);
 		}
--- a/phpBB/includes/acp/acp_users.php
+++ b/phpBB/includes/acp/acp_users.php
@@ -411,7 +411,7 @@ class acp_users
 							$sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
 								WHERE user_id = $user_id";
 							$db->sql_query($sql);
-						
+
 							add_log('admin', 'LOG_USER_DEL_SIG', $user_row['username']);
 							add_log('user', $user_id, 'LOG_USER_DEL_SIG_USER');

@@ -492,9 +492,9 @@ class acp_users
 									'update'		=> true))
 								);
 							}
-						
+
 						break;
-						
+
 						case 'moveposts':

 							if (!check_form_key($form_name))
@@ -630,7 +630,7 @@ class acp_users
 							}

 							$forum_id_ary = array_unique($forum_id_ary);
-							$topic_id_ary = array_unique(array_merge($topic_id_ary, $new_topic_id_ary));
+							$topic_id_ary = array_unique(array_merge(array_keys($topic_id_ary), $new_topic_id_ary));

 							if (sizeof($topic_id_ary))
 							{
@@ -835,9 +835,9 @@ class acp_users
 					{
 						$quick_tool_ary += array('active' => (($user_row['user_type'] == USER_INACTIVE) ? 'ACTIVATE' : 'DEACTIVATE'));
 					}
-					
+
 					$quick_tool_ary += array('delsig' => 'DEL_SIG', 'delavatar' => 'DEL_AVATAR', 'moveposts' => 'MOVE_POSTS', 'delposts' => 'DEL_POSTS', 'delattach' => 'DEL_ATTACH');
-					
+
 					if ($config['email_enable'] && ($user_row['user_type'] == USER_NORMAL || $user_row['user_type'] == USER_INACTIVE))
 					{
 						$quick_tool_ary['reactivate'] = 'FORCE';
@@ -923,7 +923,7 @@ class acp_users
 			case 'feedback':

 				$user->add_lang('mcp');
-				
+
 				// Set up general vars
 				$start		= request_var('start', 0);
 				$deletemark = (isset($_POST['delmarked'])) ? true : false;
@@ -980,7 +980,7 @@ class acp_users

 					trigger_error($user->lang['USER_FEEDBACK_ADDED'] . adm_back_link($this->u_action . '&amp;u=' . $user_id));
 				}
-				
+
 				// Sorting
 				$limit_days = array(0 => $user->lang['ALL_ENTRIES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']);
 				$sort_by_text = array('u' => $user->lang['SORT_USERNAME'], 't' => $user->lang['SORT_DATE'], 'i' => $user->lang['SORT_IP'], 'o' => $user->lang['SORT_ACTION']);
@@ -1060,9 +1060,11 @@ class acp_users
 					list($data['bday_day'], $data['bday_month'], $data['bday_year']) = explode('-', $user_row['user_birthday']);
 				}

-				$data['bday_day'] = request_var('bday_day', $data['bday_day']);
-				$data['bday_month'] = request_var('bday_month', $data['bday_month']);
-				$data['bday_year'] = request_var('bday_year', $data['bday_year']);
+				$data['bday_day']		= request_var('bday_day', $data['bday_day']);
+				$data['bday_month']		= request_var('bday_month', $data['bday_month']);
+				$data['bday_year']		= request_var('bday_year', $data['bday_year']);
+				$data['user_birthday']	= sprintf('%2d-%2d-%4d', $data['bday_day'], $data['bday_month'], $data['bday_year']);
+

 				if ($submit)
 				{
@@ -1085,6 +1087,7 @@ class acp_users
 						'bday_day'		=> array('num', true, 1, 31),
 						'bday_month'	=> array('num', true, 1, 12),
 						'bday_year'		=> array('num', true, 1901, gmdate('Y', time())),
+						'user_birthday'	=> array('date', true),
 					));

 					// validate custom profile fields
@@ -1111,7 +1114,7 @@ class acp_users
 							'user_from'		=> $data['location'],
 							'user_occ'		=> $data['occupation'],
 							'user_interests'=> $data['interests'],
-							'user_birthday'	=> sprintf('%2d-%2d-%4d', $data['bday_day'], $data['bday_month'], $data['bday_year']),
+							'user_birthday'	=> $data['user_birthday'],
 						);

 						$sql = 'UPDATE ' . USERS_TABLE . '
@@ -1213,7 +1216,7 @@ class acp_users
 					'S_BIRTHDAY_DAY_OPTIONS'	=> $s_birthday_day_options,
 					'S_BIRTHDAY_MONTH_OPTIONS'	=> $s_birthday_month_options,
 					'S_BIRTHDAY_YEAR_OPTIONS'	=> $s_birthday_year_options,
-						
+
 					'S_PROFILE'		=> true)
 				);

@@ -1344,7 +1347,7 @@ class acp_users
 				$s_custom = false;

 				$dateformat_options .= '<option value="custom"';
-				if (!in_array($data['dateformat'], array_keys($user->lang['dateformats'])))
+				if (!isset($user->lang['dateformats'][$data['dateformat']]))
 				{
 					$dateformat_options .= ' selected="selected"';
 					$s_custom = true;
@@ -1392,7 +1395,7 @@ class acp_users
 				$template->assign_vars(array(
 					'S_PREFS'			=> true,
 					'S_JABBER_DISABLED'	=> ($config['jab_enable'] && $user_row['user_jabber'] && @extension_loaded('xml')) ? false : true,
-					
+
 					'VIEW_EMAIL'		=> $data['viewemail'],
 					'MASS_EMAIL'		=> $data['massemail'],
 					'ALLOW_PM'			=> $data['allowpm'],
@@ -1413,7 +1416,7 @@ class acp_users
 					'VIEW_SIGS'			=> $data['view_sigs'],
 					'VIEW_AVATARS'		=> $data['view_avatars'],
 					'VIEW_WORDCENSOR'	=> $data['view_wordcensor'],
-					
+
 					'S_TOPIC_SORT_DAYS'		=> $s_limit_topic_days,
 					'S_TOPIC_SORT_KEY'		=> $s_sort_topic_key,
 					'S_TOPIC_SORT_DIR'		=> $s_sort_topic_dir,
@@ -1506,7 +1509,7 @@ class acp_users

 					trigger_error($user->lang['USER_RANK_UPDATED'] . adm_back_link($this->u_action . '&amp;u=' . $user_id));
 				}
-				
+
 				$sql = 'SELECT *
 					FROM ' . RANKS_TABLE . '
 					WHERE rank_special = 1
@@ -1528,9 +1531,9 @@ class acp_users
 				);

 			break;
-			
+
 			case 'sig':
-			
+
 				include_once($phpbb_root_path . 'includes/functions_posting.' . $phpEx);
 				include_once($phpbb_root_path . 'includes/functions_display.' . $phpEx);

@@ -1549,7 +1552,7 @@ class acp_users

 					// Allowing Quote BBCode
 					$message_parser->parse($enable_bbcode, $enable_urls, $enable_smilies, $config['allow_sig_img'], $config['allow_sig_flash'], true, $config['allow_sig_links'], true, 'sig');
-						
+
 					if (sizeof($message_parser->warn_msg))
 					{
 						$error[] = implode('<br />', $message_parser->warn_msg);
@@ -1575,13 +1578,13 @@ class acp_users

 						trigger_error($user->lang['USER_SIG_UPDATED'] . adm_back_link($this->u_action . '&amp;u=' . $user_id));
 					}
-	
+
 					// Replace "error" strings with their real, localised form
 					$error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error);
 				}
-				
+
 				$signature_preview = '';
-				
+
 				if ($preview)
 				{
 					// Now parse it for displaying
@@ -1744,7 +1747,7 @@ class acp_users
 						'REAL_FILENAME'		=> $row['real_filename'],
 						'COMMENT'			=> nl2br($row['attach_comment']),
 						'EXTENSION'			=> $row['extension'],
-						'SIZE'				=> ($row['filesize'] >= 1048576) ? ($row['filesize'] >> 20) . ' ' . $user->lang['MB'] : (($row['filesize'] >= 1024) ? ($row['filesize'] >> 10) . ' ' . $user->lang['KB'] : $row['filesize'] . ' ' . $user->lang['BYTES']),
+						'SIZE'				=> get_formatted_filesize($row['filesize']),
 						'DOWNLOAD_COUNT'	=> $row['download_count'],
 						'POST_TIME'			=> $user->format_date($row['filetime']),
 						'TOPIC_TITLE'		=> ($row['in_message']) ? $row['message_title'] : $row['topic_title'],
@@ -1752,7 +1755,7 @@ class acp_users
 						'ATTACH_ID'			=> $row['attach_id'],
 						'POST_ID'			=> $row['post_msg_id'],
 						'TOPIC_ID'			=> $row['topic_id'],
-				
+
 						'S_IN_MESSAGE'		=> $row['in_message'],

 						'U_DOWNLOAD'		=> append_sid("{$phpbb_root_path}download/file.$phpEx", 'mode=view&amp;id=' . $row['attach_id']),
@@ -1760,7 +1763,7 @@ class acp_users
 					);
 				}
 				$db->sql_freeresult($result);
-		
+
 				$template->assign_vars(array(
 					'S_ATTACHMENTS'		=> true,
 					'S_ON_PAGE'			=> on_page($num_attachments, $config['topics_per_page'], $start),
@@ -1771,14 +1774,14 @@ class acp_users
 				);

 			break;
-		
+
 			case 'groups':

 				include($phpbb_root_path . 'includes/functions_user.' . $phpEx);

 				$user->add_lang(array('groups', 'acp/groups'));
 				$group_id = request_var('g', 0);
-				
+
 				if ($group_id)
 				{
 					// Check the founder only entry for this group to make sure everything is well
@@ -1788,7 +1791,7 @@ class acp_users
 					$result = $db->sql_query($sql);
 					$founder_manage = (int) $db->sql_fetchfield('group_founder_manage');
 					$db->sql_freeresult($result);
-					
+
 					if ($user->data['user_type'] != USER_FOUNDER && $founder_manage)
 					{
 						trigger_error($user->lang['NOT_ALLOWED_MANAGE_GROUP'] . adm_back_link($this->u_action . '&amp;u=' . $user_id), E_USER_WARNING);
@@ -1798,7 +1801,7 @@ class acp_users
 				{
 					$founder_manage = 0;
 				}
-				
+
 				switch ($action)
 				{
 					case 'demote':
@@ -1829,7 +1832,7 @@ class acp_users
 							{
 								trigger_error($user->lang[$error] . adm_back_link($this->u_action . '&amp;u=' . $user_id), E_USER_WARNING);
 							}
-						
+
 							$error = array();
 						}
 						else
@@ -1842,7 +1845,7 @@ class acp_users
 								'g'				=> $group_id))
 							);
 						}
-	
+
 					break;
 				}

@@ -1977,7 +1980,7 @@ class acp_users
 					$result = $db->sql_query($sql);

 					$hold_ary = array();
-					
+
 					while ($row = $db->sql_fetchrow($result))
 					{
 						$hold_ary = $auth_admin->get_mask('view', $user_id, false, false, $row['auth_option'], 'global', ACL_NEVER);
@@ -2017,7 +2020,7 @@ class acp_users
 					'U_USER_PERMISSIONS'		=> append_sid("{$phpbb_admin_path}index.$phpEx" ,'i=permissions&amp;mode=setting_user_global&amp;user_id[]=' . $user_id),
 					'U_USER_FORUM_PERMISSIONS'	=> append_sid("{$phpbb_admin_path}index.$phpEx", 'i=permissions&amp;mode=setting_user_local&amp;user_id[]=' . $user_id))
 				);
-			
+
 			break;

 		}
--- a/phpBB/includes/acp/auth.php
+++ b/phpBB/includes/acp/auth.php
@@ -22,8 +22,6 @@ if (!defined('IN_PHPBB'))
 */
 class auth_admin extends auth
 {
-	var $option_ids = array();
-
 	/**
 	* Init auth settings
 	*/
@@ -33,7 +31,7 @@ class auth_admin extends auth

 		if (($this->acl_options = $cache->get('_acl_options')) === false)
 		{
-			$sql = 'SELECT auth_option, is_global, is_local
+			$sql = 'SELECT auth_option_id, auth_option, is_global, is_local
 				FROM ' . ACL_OPTIONS_TABLE . '
 				ORDER BY auth_option_id';
 			$result = $db->sql_query($sql);
@@ -51,25 +49,14 @@ class auth_admin extends auth
 				{
 					$this->acl_options['local'][$row['auth_option']] = $local++;
 				}
+
+				$this->acl_options['id'][$row['auth_option']] = (int) $row['auth_option_id'];
+				$this->acl_options['option'][(int) $row['auth_option_id']] = $row['auth_option'];
 			}
 			$db->sql_freeresult($result);

 			$cache->put('_acl_options', $this->acl_options);
 		}
-
-		if (!sizeof($this->option_ids))
-		{
-			$sql = 'SELECT auth_option_id, auth_option
-				FROM ' . ACL_OPTIONS_TABLE;
-			$result = $db->sql_query($sql);
-
-			$this->option_ids = array();
-			while ($row = $db->sql_fetchrow($result))
-			{
-				$this->option_ids[$row['auth_option']] = $row['auth_option_id'];
-			}
-			$db->sql_freeresult($result);
-		}
 	}
 	
 	/**
@@ -126,7 +113,7 @@ class auth_admin extends auth

 			while ($row = $db->sql_fetchrow($result))
 			{
-				$forum_ids[] = $row['forum_id'];
+				$forum_ids[] = (int) $row['forum_id'];
 			}
 			$db->sql_freeresult($result);
 		}
@@ -778,6 +765,10 @@ class auth_admin extends auth
 		$cache->destroy('_acl_options');
 		$this->acl_clear_prefetch();

+		// Because we just changed the options and also purged the options cache, we instantly update/regenerate it for later calls to succeed.
+		$this->acl_options = array();
+		$this->auth_admin();
+
 		return true;
 	}

@@ -813,7 +804,7 @@ class auth_admin extends auth
 		$flag = substr($flag, 0, strpos($flag, '_') + 1);
 		
 		// This ID (the any-flag) is set if one or more permissions are true...
-		$any_option_id = (int) $this->option_ids[$flag];
+		$any_option_id = (int) $this->acl_options['id'][$flag];

 		// Remove any-flag from auth ary
 		if (isset($auth[$flag]))
@@ -825,7 +816,7 @@ class auth_admin extends auth
 		$auth_option_ids = array((int)$any_option_id);
 		foreach ($auth as $auth_option => $auth_setting)
 		{
-			$auth_option_ids[] = (int) $this->option_ids[$auth_option];
+			$auth_option_ids[] = (int) $this->acl_options['id'][$auth_option];
 		}

 		$sql = "DELETE FROM $table
@@ -888,7 +879,7 @@ class auth_admin extends auth
 			{
 				foreach ($auth as $auth_option => $setting)
 				{
-					$auth_option_id = (int) $this->option_ids[$auth_option];
+					$auth_option_id = (int) $this->acl_options['id'][$auth_option];

 					if ($setting != ACL_NO)
 					{
@@ -944,7 +935,7 @@ class auth_admin extends auth
 		$sql_ary = array();
 		foreach ($auth as $auth_option => $setting)
 		{
-			$auth_option_id = (int) $this->option_ids[$auth_option];
+			$auth_option_id = (int) $this->acl_options['id'][$auth_option];

 			if ($setting != ACL_NO)
 			{
@@ -961,7 +952,7 @@ class auth_admin extends auth
 		{
 			$sql_ary[] = array(
 				'role_id'			=> (int) $role_id,
-				'auth_option_id'	=> (int) $this->option_ids[$flag],
+				'auth_option_id'	=> (int) $this->acl_options['id'][$flag],
 				'auth_setting'		=> ACL_NEVER
 			);
 		}
@@ -1238,13 +1229,8 @@ class auth_admin extends auth
 			return false;
 		}

-		$hold_ary = $this->acl_raw_data($from_user_id, false, false);
+		$hold_ary = $this->acl_raw_data_single_user($from_user_id);

-		if (isset($hold_ary[$from_user_id]))
-		{
-			$hold_ary = $hold_ary[$from_user_id];
-		}
-		
 		// Key 0 in $hold_ary are global options, all others are forum_ids

 		// We disallow copying admin permissions
@@ -1252,12 +1238,12 @@ class auth_admin extends auth
 		{
 			if (strpos($opt, 'a_') === 0)
 			{
-				$hold_ary[0][$opt] = ACL_NEVER;
+				$hold_ary[0][$this->acl_options['id'][$opt]] = ACL_NEVER;
 			}
 		}

 		// Force a_switchperm to be allowed
-		$hold_ary[0]['a_switchperm'] = ACL_YES;
+		$hold_ary[0][$this->acl_options['id']['a_switchperm']] = ACL_YES;

 		$user_permissions = $this->build_bitstring($hold_ary);

--- a/phpBB/includes/acp/info/acp_inactive.php
+++ b/phpBB/includes/acp/info/acp_inactive.php
--- a/phpBB/includes/auth.php
+++ b/phpBB/includes/auth.php
@@ -39,7 +39,7 @@ class auth

 		if (($this->acl_options = $cache->get('_acl_options')) === false)
 		{
-			$sql = 'SELECT auth_option, is_global, is_local
+			$sql = 'SELECT auth_option_id, auth_option, is_global, is_local
 				FROM ' . ACL_OPTIONS_TABLE . '
 				ORDER BY auth_option_id';
 			$result = $db->sql_query($sql);
@@ -57,6 +57,9 @@ class auth
 				{
 					$this->acl_options['local'][$row['auth_option']] = $local++;
 				}
+
+				$this->acl_options['id'][$row['auth_option']] = (int) $row['auth_option_id'];
+				$this->acl_options['option'][(int) $row['auth_option_id']] = $row['auth_option'];
 			}
 			$db->sql_freeresult($result);

@@ -302,7 +305,14 @@ class auth
 	*/
 	function acl_get_list($user_id = false, $opts = false, $forum_id = false)
 	{
-		$hold_ary = $this->acl_raw_data($user_id, $opts, $forum_id);
+		if ($user_id !== false && !is_array($user_id) && $opts === false && $forum_id === false)
+		{
+			$hold_ary = array($user_id => $this->acl_raw_data_single_user($user_id));
+		}
+		else
+		{
+			$hold_ary = $this->acl_raw_data($user_id, $opts, $forum_id);
+		}

 		$auth_ary = array();
 		foreach ($hold_ary as $user_id => $forum_ary)
@@ -332,12 +342,7 @@ class auth
 		// Empty user_permissions
 		$userdata['user_permissions'] = '';

-		$hold_ary = $this->acl_raw_data($userdata['user_id'], false, false);
-
-		if (isset($hold_ary[$userdata['user_id']]))
-		{
-			$hold_ary = $hold_ary[$userdata['user_id']];
-		}
+		$hold_ary = $this->acl_raw_data_single_user($userdata['user_id']);

 		// Key 0 in $hold_ary are global options, all others are forum_ids

@@ -348,42 +353,11 @@ class auth
 			{
 				if (strpos($opt, 'a_') === 0)
 				{
-					$hold_ary[0][$opt] = ACL_YES;
+					$hold_ary[0][$this->acl_options['id'][$opt]] = ACL_YES;
 				}
 			}
 		}

-		// Sometimes, it can happen $hold_ary holding forums which do not exist.
-		// Since this function is not called that often (we are caching the data) we check for this inconsistency.
-		$sql = 'SELECT forum_id
-			FROM ' . FORUMS_TABLE . '
-			WHERE ' . $db->sql_in_set('forum_id', array_keys($hold_ary), false, true);
-		$result = $db->sql_query($sql);
-
-		$forum_ids = (isset($hold_ary[0])) ? array(0) : array();
-		while ($row = $db->sql_fetchrow($result))
-		{
-			$forum_ids[] = $row['forum_id'];
-		}
-		$db->sql_freeresult($result);
-
-		// Now determine forums which do not exist and remove the unneeded information (for modding purposes it is clearly the wrong place. ;))
-		$missing_forums = array_diff(array_keys($hold_ary), $forum_ids);
-
-		if (sizeof($missing_forums))
-		{
-			foreach ($missing_forums as $forum_id)
-			{
-				unset($hold_ary[$forum_id]);
-			}
-
-			$sql = 'DELETE FROM ' . ACL_GROUPS_TABLE . ' WHERE ' . $db->sql_in_set('forum_id', $missing_forums);
-			$db->sql_query($sql);
-
-			$sql = 'DELETE FROM ' . ACL_USERS_TABLE . ' WHERE ' . $db->sql_in_set('forum_id', $missing_forums);
-			$db->sql_query($sql);
-		}
-
 		$hold_str = $this->build_bitstring($hold_ary);

 		if ($hold_str)
@@ -420,15 +394,15 @@ class auth
 				$bitstring = array();
 				foreach ($this->acl_options[$ary_key] as $opt => $id)
 				{
-					if (isset($auth_ary[$opt]))
+					if (isset($auth_ary[$this->acl_options['id'][$opt]]))
 					{
-						$bitstring[$id] = $auth_ary[$opt];
+						$bitstring[$id] = $auth_ary[$this->acl_options['id'][$opt]];

 						$option_key = substr($opt, 0, strpos($opt, '_') + 1);

 						// If one option is allowed, the global permission for this option has to be allowed too
 						// example: if the user has the a_ permission this means he has one or more a_* permissions
-						if ($auth_ary[$opt] == ACL_YES && (!isset($bitstring[$this->acl_options[$ary_key][$option_key]]) || $bitstring[$this->acl_options[$ary_key][$option_key]] == ACL_NEVER))
+						if ($auth_ary[$this->acl_options['id'][$opt]] == ACL_YES && (!isset($bitstring[$this->acl_options[$ary_key][$option_key]]) || $bitstring[$this->acl_options[$ary_key][$option_key]] == ACL_NEVER))
 						{
 							$bitstring[$this->acl_options[$ary_key][$option_key]] = ACL_YES;
 						}
@@ -466,8 +440,31 @@ class auth
 	*/
 	function acl_clear_prefetch($user_id = false)
 	{
-		global $db;
+		global $db, $cache;

+		// Rebuild options cache
+		$cache->destroy('_role_cache');
+
+		$sql = 'SELECT *
+			FROM ' . ACL_ROLES_DATA_TABLE . '
+			ORDER BY role_id ASC';
+		$result = $db->sql_query($sql);
+
+		$this->role_cache = array();
+		while ($row = $db->sql_fetchrow($result))
+		{
+			$this->role_cache[$row['role_id']][$row['auth_option_id']] = (int) $row['auth_setting'];
+		}
+		$db->sql_freeresult($result);
+
+		foreach ($this->role_cache as $role_id => $role_options)
+		{
+			$this->role_cache[$role_id] = serialize($role_options);
+		}
+
+		$cache->put('_role_cache', $this->role_cache);
+
+		// Now empty user permissions
 		$where_sql = '';

 		if ($user_id !== false)
@@ -528,103 +525,35 @@ class auth
 		$sql_user = ($user_id !== false) ? ((!is_array($user_id)) ? 'user_id = ' . (int) $user_id : $db->sql_in_set('user_id', array_map('intval', $user_id))) : '';
 		$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? 'AND a.forum_id = ' . (int) $forum_id : 'AND ' . $db->sql_in_set('a.forum_id', array_map('intval', $forum_id))) : '';

-		$sql_opts = '';
+		$sql_opts = $sql_opts_select = $sql_opts_from = '';
+		$hold_ary = array();

 		if ($opts !== false)
 		{
+			$sql_opts_select = ', ao.auth_option';
+			$sql_opts_from = ', ' . ACL_OPTIONS_TABLE . ' ao';
 			$this->build_auth_option_statement('ao.auth_option', $opts, $sql_opts);
 		}

-		$hold_ary = array();
+		$sql_ary = array();

-		// First grab user settings ... each user has only one setting for each
-		// option ... so we shouldn't need any ACL_NEVER checks ... he says ...
-		// Grab assigned roles...
-		$sql = $db->sql_build_query('SELECT', array(
-			'SELECT'	=> 'ao.auth_option, a.auth_role_id, r.auth_setting as role_auth_setting, a.user_id, a.forum_id, a.auth_setting',
-
-			'FROM'		=> array(
-				ACL_OPTIONS_TABLE	=> 'ao',
-				ACL_USERS_TABLE		=> 'a'
-			),
-
-			'LEFT_JOIN'	=> array(
-				array(
-					'FROM'	=> array(ACL_ROLES_DATA_TABLE => 'r'),
-					'ON'	=> 'a.auth_role_id = r.role_id'
-				)
-			),
-
-			'WHERE'		=> '(ao.auth_option_id = a.auth_option_id OR ao.auth_option_id = r.auth_option_id)
-				' . (($sql_user) ? 'AND a.' . $sql_user : '') . "
+		// Grab non-role settings - user-specific
+		$sql_ary[] = 'SELECT a.user_id, a.forum_id, a.auth_setting, a.auth_option_id' . $sql_opts_select . '
+			FROM ' . ACL_USERS_TABLE . ' a' . $sql_opts_from . '
+			WHERE a.auth_role_id = 0 ' .
+				(($sql_opts_from) ? 'AND a.auth_option_id = ao.auth_option_id ' : '') .
+				(($sql_user) ? 'AND a.' . $sql_user : '') . "
 				$sql_forum
-				$sql_opts",
-		));
-		$result = $db->sql_query($sql);
+				$sql_opts";

-		while ($row = $db->sql_fetchrow($result))
-		{
-			$setting = ($row['auth_role_id']) ? $row['role_auth_setting'] : $row['auth_setting'];
-			$hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']] = $setting;
-		}
-		$db->sql_freeresult($result);
-
-		// Now grab group settings ... ACL_NEVER overrides ACL_YES so act appropriatley
-		$sql_ary[] = $db->sql_build_query('SELECT', array(
-			'SELECT'	=> 'ug.user_id, ao.auth_option, a.forum_id, a.auth_setting, a.auth_role_id, r.auth_setting as role_auth_setting',
-
-			'FROM'		=> array(
-				USER_GROUP_TABLE	=> 'ug',
-				ACL_OPTIONS_TABLE	=> 'ao',
-				ACL_GROUPS_TABLE	=> 'a'
-			),
-
-			'LEFT_JOIN'	=> array(
-				array(
-					'FROM'	=> array(ACL_ROLES_DATA_TABLE => 'r'),
-					'ON'	=> 'a.auth_role_id = r.role_id'
-				)
-			),
-
-			'WHERE'		=> 'ao.auth_option_id = a.auth_option_id
-				AND a.group_id = ug.group_id
-				AND ug.user_pending = 0
-				' . (($sql_user) ? 'AND ug.' . $sql_user : '') . "
+		// Now the role settings - user-specific
+		$sql_ary[] = 'SELECT a.user_id, a.forum_id, r.auth_option_id, r.auth_setting, r.auth_option_id' . $sql_opts_select . '
+			FROM ' . ACL_USERS_TABLE . ' a, ' . ACL_ROLES_DATA_TABLE . ' r' . $sql_opts_from . '
+			WHERE a.auth_role_id = r.role_id ' . 
+				(($sql_opts_from) ? 'AND r.auth_option_id = ao.auth_option_id ' : '') .
+				(($sql_user) ? 'AND a.' . $sql_user : '') . "
 				$sql_forum
-				$sql_opts"
-		));
-
-		$sql_ary[] = $db->sql_build_query('SELECT', array(
-			'SELECT'	=> 'ug.user_id,  a.forum_id, a.auth_setting, a.auth_role_id, r.auth_setting as role_auth_setting, ao.auth_option' ,
-
-			'FROM'		=> array(
-				ACL_OPTIONS_TABLE	=> 'ao'
-				
-			),
-
-			'LEFT_JOIN'	=> array(
-				
-				array(
-					'FROM'	=> array(ACL_ROLES_DATA_TABLE => 'r'),
-					'ON'	=> 'r.auth_option_id = ao.auth_option_id'
-				),
-				array(
-					'FROM'	=> array(ACL_GROUPS_TABLE	=> 'a'),
-					'ON'	=> 'a.auth_role_id = r.role_id'
-				),
-				array(
-					'FROM'	=> array(USER_GROUP_TABLE	=> 'ug'),
-					'ON'	=> 'ug.group_id = a.group_id'
-				)
-				
-			),
-
-			'WHERE'		=> 'ug.user_pending = 0
-				' . (($sql_user) ? 'AND ug.' . $sql_user : '') . "
-				$sql_forum
-				$sql_opts"
-		));
-		
+				$sql_opts";

 		foreach ($sql_ary as $sql)
 		{
@@ -632,24 +561,62 @@ class auth

 			while ($row = $db->sql_fetchrow($result))
 			{
-				if (!isset($hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']]) || (isset($hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']]) && $hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']] != ACL_NEVER))
+				$option = ($sql_opts_select) ? $row['auth_option'] : $this->acl_options['option'][$row['auth_option_id']];
+				$hold_ary[$row['user_id']][$row['forum_id']][$option] = $row['auth_setting'];
+			}
+			$db->sql_freeresult($result);
+		}
+
+		$sql_ary = array();
+
+		// Now grab group settings - non-role specific...
+		$sql_ary[] = 'SELECT ug.user_id, a.forum_id, a.auth_setting, a.auth_option_id' . $sql_opts_select . '
+			FROM ' . ACL_GROUPS_TABLE . ' a, ' . USER_GROUP_TABLE . ' ug' . $sql_opts_from . '
+			WHERE a.auth_role_id = 0 ' .
+				(($sql_opts_from) ? 'AND a.auth_option_id = ao.auth_option_id ' : '') . '
+				AND a.group_id = ug.group_id
+				AND ug.user_pending = 0
+				' . (($sql_user) ? 'AND ug.' . $sql_user : '') . "
+				$sql_forum
+				$sql_opts";
+
+		// Now grab group settings - role specific...
+		$sql_ary[] = 'SELECT ug.user_id, a.forum_id, r.auth_setting, r.auth_option_id' . $sql_opts_select . '
+			FROM ' . ACL_GROUPS_TABLE . ' a, ' . USER_GROUP_TABLE . ' ug, ' . ACL_ROLES_DATA_TABLE . ' r' . $sql_opts_from . '
+			WHERE a.auth_role_id = r.role_id ' .
+				(($sql_opts_from) ? 'AND r.auth_option_id = ao.auth_option_id ' : '') . '
+				AND a.group_id = ug.group_id
+				AND ug.user_pending = 0
+				' . (($sql_user) ? 'AND ug.' . $sql_user : '') . "
+				$sql_forum
+				$sql_opts";
+
+		foreach ($sql_ary as $sql)
+		{
+			$result = $db->sql_query($sql);
+
+			while ($row = $db->sql_fetchrow($result))
+			{
+				$option = ($sql_opts_select) ? $row['auth_option'] : $this->acl_options['option'][$row['auth_option_id']];
+
+				if (!isset($hold_ary[$row['user_id']][$row['forum_id']][$option]) || (isset($hold_ary[$row['user_id']][$row['forum_id']][$option]) && $hold_ary[$row['user_id']][$row['forum_id']][$option] != ACL_NEVER))
 				{
-					$setting = ($row['auth_role_id']) ? $row['role_auth_setting'] : $row['auth_setting'];
-					$hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']] = $setting;
-	
-					// Check for existence of ACL_YES if an option got set to ACL_NEVER
-					if ($setting == ACL_NEVER)
+					$hold_ary[$row['user_id']][$row['forum_id']][$option] = $row['auth_setting'];
+
+					// If we detect ACL_NEVER, we will unset the flag option (within building the bitstring it is correctly set again)
+					if ($row['auth_setting'] == ACL_NEVER)
 					{
-						$flag = substr($row['auth_option'], 0, strpos($row['auth_option'], '_') + 1);
+						$flag = substr($option, 0, strpos($option, '_') + 1);
 	
 						if (isset($hold_ary[$row['user_id']][$row['forum_id']][$flag]) && $hold_ary[$row['user_id']][$row['forum_id']][$flag] == ACL_YES)
 						{
 							unset($hold_ary[$row['user_id']][$row['forum_id']][$flag]);
-	
-							if (in_array(ACL_YES, $hold_ary[$row['user_id']][$row['forum_id']]))
+
+/*							if (in_array(ACL_YES, $hold_ary[$row['user_id']][$row['forum_id']]))
 							{
 								$hold_ary[$row['user_id']][$row['forum_id']][$flag] = ACL_YES;
 							}
+*/
 						}
 					}
 				}
@@ -671,45 +638,43 @@ class auth
 		$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? 'AND a.forum_id = ' . (int) $forum_id : 'AND ' . $db->sql_in_set('a.forum_id', array_map('intval', $forum_id))) : '';

 		$sql_opts = '';
+		$hold_ary = $sql_ary = array();

 		if ($opts !== false)
 		{
 			$this->build_auth_option_statement('ao.auth_option', $opts, $sql_opts);
 		}

-		$hold_ary = array();
-
-		// Grab user settings...
-		$sql = $db->sql_build_query('SELECT', array(
-			'SELECT'	=> 'ao.auth_option, a.auth_role_id, r.auth_setting as role_auth_setting, a.user_id, a.forum_id, a.auth_setting',
-			
-			'FROM'		=> array(
-				ACL_OPTIONS_TABLE	=> 'ao',
-				ACL_USERS_TABLE		=> 'a'
-			),
-			
-			'LEFT_JOIN'	=> array(
-				array(
-					'FROM'	=> array(ACL_ROLES_DATA_TABLE => 'r'),
-					'ON'	=> 'a.auth_role_id = r.role_id'
-				),
-			),
-
-			'WHERE'		=> '(ao.auth_option_id = a.auth_option_id OR ao.auth_option_id = r.auth_option_id)
-				' . (($sql_user) ? 'AND a.' . $sql_user : '') . "
+		// Grab user settings - non-role specific...
+		$sql_ary[] = 'SELECT a.user_id, a.forum_id, a.auth_setting, a.auth_option_id, ao.auth_option
+			FROM ' . ACL_USERS_TABLE . ' a, ' . ACL_OPTIONS_TABLE . ' ao
+			WHERE a.auth_role_id = 0
+				AND a.auth_option_id = ao.auth_option_id ' .
+				(($sql_user) ? 'AND a.' . $sql_user : '') . "
 				$sql_forum
-				$sql_opts",
+				$sql_opts
+			ORDER BY a.forum_id, ao.auth_option";

-			'ORDER_BY'	=> 'a.forum_id, ao.auth_option'
-		));
-		$result = $db->sql_query($sql);
+		// Now the role settings - user-specific
+		$sql_ary[] = 'SELECT a.user_id, a.forum_id, r.auth_option_id, r.auth_setting, r.auth_option_id, ao.auth_option
+			FROM ' . ACL_USERS_TABLE . ' a, ' . ACL_ROLES_DATA_TABLE . ' r, ' . ACL_OPTIONS_TABLE . ' ao
+			WHERE a.auth_role_id = r.role_id
+				AND r.auth_option_id = ao.auth_option_id ' .
+				(($sql_user) ? 'AND a.' . $sql_user : '') . "
+				$sql_forum
+				$sql_opts
+			ORDER BY a.forum_id, ao.auth_option";

-		while ($row = $db->sql_fetchrow($result))
+		foreach ($sql_ary as $sql)
 		{
-			$setting = ($row['auth_role_id']) ? $row['role_auth_setting'] : $row['auth_setting'];
-			$hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']] = $setting;
+			$result = $db->sql_query($sql);
+
+			while ($row = $db->sql_fetchrow($result))
+			{
+				$hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']] = $row['auth_setting'];
+			}
+			$db->sql_freeresult($result);
 		}
-		$db->sql_freeresult($result);

 		return $hold_ary;
 	}
@@ -725,49 +690,158 @@ class auth
 		$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? 'AND a.forum_id = ' . (int) $forum_id : 'AND ' . $db->sql_in_set('a.forum_id', array_map('intval', $forum_id))) : '';

 		$sql_opts = '';
+		$hold_ary = $sql_ary = array();

 		if ($opts !== false)
 		{
 			$this->build_auth_option_statement('ao.auth_option', $opts, $sql_opts);
 		}

+		// Grab group settings - non-role specific...
+		$sql_ary[] = 'SELECT a.group_id, a.forum_id, a.auth_setting, a.auth_option_id, ao.auth_option
+			FROM ' . ACL_GROUPS_TABLE . ' a, ' . ACL_OPTIONS_TABLE . ' ao
+			WHERE a.auth_role_id = 0
+				AND a.auth_option_id = ao.auth_option_id ' .
+				(($sql_group) ? 'AND a.' . $sql_group : '') . "
+				$sql_forum
+				$sql_opts
+			ORDER BY a.forum_id, ao.auth_option";
+
+		// Now grab group settings - role specific...
+		$sql_ary[] = 'SELECT a.group_id, a.forum_id, r.auth_setting, r.auth_option_id, ao.auth_option
+			FROM ' . ACL_GROUPS_TABLE . ' a, ' . ACL_ROLES_DATA_TABLE . ' r, ' . ACL_OPTIONS_TABLE . ' ao
+			WHERE a.auth_role_id = r.role_id
+				AND r.auth_option_id = ao.auth_option_id ' .
+				(($sql_group) ? 'AND a.' . $sql_group : '') . "
+				$sql_forum
+				$sql_opts
+			ORDER BY a.forum_id, ao.auth_option";
+
+		foreach ($sql_ary as $sql)
+		{
+			$result = $db->sql_query($sql);
+
+			while ($row = $db->sql_fetchrow($result))
+			{
+				$hold_ary[$row['group_id']][$row['forum_id']][$row['auth_option']] = $row['auth_setting'];
+			}
+			$db->sql_freeresult($result);
+		}
+
+		return $hold_ary;
+	}
+
+	/**
+	* Get raw acl data based on user for caching user_permissions
+	* This function returns the same data as acl_raw_data(), but without the user id as the first key within the array.
+	*/
+	function acl_raw_data_single_user($user_id)
+	{
+		global $db, $cache;
+
+		// Check if the role-cache is there
+		if (($this->role_cache = $cache->get('_role_cache')) === false)
+		{
+			$this->role_cache = array();
+
+			// We pre-fetch roles
+			$sql = 'SELECT *
+				FROM ' . ACL_ROLES_DATA_TABLE . '
+				ORDER BY role_id ASC';
+			$result = $db->sql_query($sql);
+
+			while ($row = $db->sql_fetchrow($result))
+			{
+				$this->role_cache[$row['role_id']][$row['auth_option_id']] = (int) $row['auth_setting'];
+			}
+			$db->sql_freeresult($result);
+
+			foreach ($this->role_cache as $role_id => $role_options)
+			{
+				$this->role_cache[$role_id] = serialize($role_options);
+			}
+
+			$cache->put('_role_cache', $this->role_cache);
+		}
+
 		$hold_ary = array();

-		// Grab group settings...
-		$sql = $db->sql_build_query('SELECT', array(
-			'SELECT'	=> 'a.group_id, ao.auth_option, a.forum_id, a.auth_setting, a.auth_role_id, r.auth_setting as role_auth_setting',
-
-			'FROM'		=> array(
-				ACL_OPTIONS_TABLE	=> 'ao',
-				ACL_GROUPS_TABLE	=> 'a'
-			),
-
-			'LEFT_JOIN'	=> array(
-				array(
-					'FROM'	=> array(ACL_ROLES_DATA_TABLE => 'r'),
-					'ON'	=> 'a.auth_role_id = r.role_id'
-				),
-			),
-
-			'WHERE'		=> '(ao.auth_option_id = a.auth_option_id OR ao.auth_option_id = r.auth_option_id)
-				' . (($sql_group) ? 'AND a.' . $sql_group : '') . "
-				$sql_forum
-				$sql_opts",
-
-			'ORDER_BY'	=> 'a.forum_id, ao.auth_option'
-		));
+		// Grab user-specific permission settings
+		$sql = 'SELECT forum_id, auth_option_id, auth_role_id, auth_setting
+			FROM ' . ACL_USERS_TABLE . '
+			WHERE user_id = ' . $user_id;
 		$result = $db->sql_query($sql);

 		while ($row = $db->sql_fetchrow($result))
 		{
-			$setting = ($row['auth_role_id']) ? $row['role_auth_setting'] : $row['auth_setting'];
-			$hold_ary[$row['group_id']][$row['forum_id']][$row['auth_option']] = $setting;
+			// If a role is assigned, assign all options included within this role. Else, only set this one option.
+			if ($row['auth_role_id'])
+			{
+				$hold_ary[$row['forum_id']] = (empty($hold_ary[$row['forum_id']])) ? unserialize($this->role_cache[$row['auth_role_id']]) : $hold_ary[$row['forum_id']] + unserialize($this->role_cache[$row['auth_role_id']]);
+			}
+			else
+			{
+				$hold_ary[$row['forum_id']][$row['auth_option_id']] = $row['auth_setting'];
+			}
+		}
+		$db->sql_freeresult($result);
+
+		// Now grab group-specific permission settings
+		$sql = 'SELECT a.forum_id, a.auth_option_id, a.auth_role_id, a.auth_setting
+			FROM ' . ACL_GROUPS_TABLE . ' a, ' . USER_GROUP_TABLE . ' ug
+			WHERE a.group_id = ug.group_id
+				AND ug.user_pending = 0
+				AND ug.user_id = ' . $user_id;
+		$result = $db->sql_query($sql);
+
+		while ($row = $db->sql_fetchrow($result))
+		{
+			if (!$row['auth_role_id'])
+			{
+				$this->_set_group_hold_ary($hold_ary[$row['forum_id']], $row['auth_option_id'], $row['auth_setting']);
+			}
+			else if (!empty($this->role_cache[$row['auth_role_id']]))
+			{
+				foreach (unserialize($this->role_cache[$row['auth_role_id']]) as $option_id => $setting)
+				{
+					$this->_set_group_hold_ary($hold_ary[$row['forum_id']], $option_id, $setting);
+				}
+			}
 		}
 		$db->sql_freeresult($result);

 		return $hold_ary;
 	}

+	/**
+	* Private function snippet for setting a specific piece of the hold_ary
+	*/
+	function _set_group_hold_ary(&$hold_ary, $option_id, $setting)
+	{
+		if (!isset($hold_ary[$option_id]) || (isset($hold_ary[$option_id]) && $hold_ary[$option_id] != ACL_NEVER))
+		{
+			$hold_ary[$option_id] = $setting;
+
+			// If we detect ACL_NEVER, we will unset the flag option (within building the bitstring it is correctly set again)
+			if ($setting == ACL_NEVER)
+			{
+				$flag = substr($this->acl_options['option'][$option_id], 0, strpos($this->acl_options['option'][$option_id], '_') + 1);
+				$flag = (int) $this->acl_options['id'][$flag];
+		
+				if (isset($hold_ary[$flag]) && $hold_ary[$flag] == ACL_YES)
+				{
+					unset($hold_ary[$flag]);
+
+/*					This is uncommented, because i suspect this being slightly wrong due to mixed permission classes being possible
+					if (in_array(ACL_YES, $hold_ary))
+					{
+						$hold_ary[$flag] = ACL_YES;
+					}*/
+				}
+			}
+		}
+	}
+
 	/**
 	* Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him.
 	*/
--- a/phpBB/includes/auth/auth_apache.php
+++ b/phpBB/includes/auth/auth_apache.php
@@ -48,8 +48,18 @@ function login_apache(&$username, &$password)
 	if (!$password)
 	{
 		return array(
-			'status'	=> LOGIN_BREAK,
+			'status'	=> LOGIN_ERROR_PASSWORD,
 			'error_msg'	=> 'NO_PASSWORD_SUPPLIED',
+			'user_row'	=> array('user_id' => ANONYMOUS),
+		);
+	}
+
+	if (!$username)
+	{
+		return array(
+			'status'	=> LOGIN_ERROR_USERNAME,
+			'error_msg'	=> 'LOGIN_ERROR_USERNAME',
+			'user_row'	=> array('user_id' => ANONYMOUS),
 		);
 	}

@@ -138,8 +148,8 @@ function autologin_apache()

 	if (!empty($php_auth_user) && !empty($php_auth_pw))
 	{
-		set_var($php_auth_user, $php_auth_user, 'string');
-		set_var($php_auth_pw, $php_auth_pw, 'string');
+		set_var($php_auth_user, $php_auth_user, 'string', true);
+		set_var($php_auth_pw, $php_auth_pw, 'string', true);

 		$sql = 'SELECT *
 			FROM ' . USERS_TABLE . "
@@ -223,7 +233,7 @@ function validate_session_apache(&$user)
 	}

 	$php_auth_user = '';
-	set_var($php_auth_user, $_SERVER['PHP_AUTH_USER'], 'string');
+	set_var($php_auth_user, $_SERVER['PHP_AUTH_USER'], 'string', true);

 	return ($php_auth_user === $user['username']) ? true : false;
 }
--- a/phpBB/includes/auth/auth_db.php
+++ b/phpBB/includes/auth/auth_db.php
@@ -32,8 +32,18 @@ function login_db(&$username, &$password)
 	if (!$password)
 	{
 		return array(
-			'status'	=> LOGIN_BREAK,
+			'status'	=> LOGIN_ERROR_PASSWORD,
 			'error_msg'	=> 'NO_PASSWORD_SUPPLIED',
+			'user_row'	=> array('user_id' => ANONYMOUS),
+		);
+	}
+
+	if (!$username)
+	{
+		return array(
+			'status'	=> LOGIN_ERROR_USERNAME,
+			'error_msg'	=> 'LOGIN_ERROR_USERNAME',
+			'user_row'	=> array('user_id' => ANONYMOUS),
 		);
 	}

--- a/phpBB/includes/auth/auth_ldap.php
+++ b/phpBB/includes/auth/auth_ldap.php
@@ -104,8 +104,18 @@ function login_ldap(&$username, &$password)
 	if (!$password)
 	{
 		return array(
-			'status'	=> LOGIN_BREAK,
+			'status'	=> LOGIN_ERROR_PASSWORD,
 			'error_msg'	=> 'NO_PASSWORD_SUPPLIED',
+			'user_row'	=> array('user_id' => ANONYMOUS),
+		);
+	}
+
+	if (!$username)
+	{
+		return array(
+			'status'	=> LOGIN_ERROR_USERNAME,
+			'error_msg'	=> 'LOGIN_ERROR_USERNAME',
+			'user_row'	=> array('user_id' => ANONYMOUS),
 		);
 	}

--- a/phpBB/includes/constants.php
+++ b/phpBB/includes/constants.php
@@ -171,9 +171,14 @@ define('FIELD_BOOL', 4);
 define('FIELD_DROPDOWN', 5);
 define('FIELD_DATE', 6);

+// referer validation
+define('REFERER_VALIDATE_NONE', 0);
+define('REFERER_VALIDATE_HOST', 1);
+define('REFERER_VALIDATE_PATH', 2);
+

 // Additional constants
-define('VOTE_CONVERTED', 9999);
+define('VOTE_CONVERTED', 127);

 // Table names
 define('ACL_GROUPS_TABLE',			$table_prefix . 'acl_groups');
--- a/phpBB/includes/db/dbal.php
+++ b/phpBB/includes/db/dbal.php
@@ -45,7 +45,9 @@ class dbal

 	// Holding the last sql query on sql error
 	var $sql_error_sql = '';
-
+	// Holding the error information - only populated if sql_error_triggered is set
+	var $sql_error_returned = array();
+	
 	// Holding transaction count
 	var $transactions = 0;

@@ -262,6 +264,13 @@ class dbal
 					return true;
 				}

+				// Check if there is a transaction (no transaction can happen if there was an error, with a combined rollback and error returning enabled)
+				// This implies we have transaction always set for autocommit db's
+				if (!$this->transaction)
+				{
+					return false;
+				}
+
 				$result = $this->_sql_transaction('commit');

 				if (!$result)
@@ -537,11 +546,11 @@ class dbal
 		$this->sql_error_triggered = true;
 		$this->sql_error_sql = $sql;

-		$error = $this->_sql_error();
+		$this->sql_error_returned = $this->_sql_error();

 		if (!$this->return_on_error)
 		{
-			$message = 'SQL ERROR [ ' . $this->sql_layer . ' ]<br /><br />' . $error['message'] . ' [' . $error['code'] . ']';
+			$message = 'SQL ERROR [ ' . $this->sql_layer . ' ]<br /><br />' . $this->sql_error_returned['message'] . ' [' . $this->sql_error_returned['code'] . ']';

 			// Show complete SQL error and path to administrators only
 			// Additionally show complete error on installation or if extended debug mode is enabled
@@ -598,7 +607,7 @@ class dbal
 			$this->sql_transaction('rollback');
 		}

-		return $error;
+		return $this->sql_error_returned;
 	}

 	/**
--- a/phpBB/includes/diff/renderer.php
+++ b/phpBB/includes/diff/renderer.php
@@ -301,7 +301,7 @@ class diff_renderer_unified extends diff_renderer
 	{
 		return '<pre class="diff context">' . htmlspecialchars($this->_lines($lines, ' ')) . '<br /></pre>';
 	}
-	
+
 	function _added($lines)
 	{
 		return '<pre class="diff added">' . htmlspecialchars($this->_lines($lines, '+')) . '<br /></pre>';
@@ -448,7 +448,7 @@ class diff_renderer_inline extends diff_renderer
 		// Therefore we split on words, but include all blocks of whitespace in the wordlist.
 		$splitted_text_1 = $this->_split_on_words($text1, $nl);
 		$splitted_text_2 = $this->_split_on_words($text2, $nl);
-		
+
 		$diff = &new diff($splitted_text_1, $splitted_text_2);
 		unset($splitted_text_1, $splitted_text_2);

@@ -463,7 +463,7 @@ class diff_renderer_inline extends diff_renderer
 	{
 		// Ignore \0; otherwise the while loop will never finish.
 		$string = str_replace("\0", '', $string);
-		
+
 		$words = array();
 		$length = strlen($string);
 		$pos = 0;
@@ -537,7 +537,7 @@ class diff_renderer_raw extends diff_renderer
 	{
 		return $this->_lines($lines, ' ');
 	}
-	
+
 	function _added($lines)
 	{
 		return $this->_lines($lines, '+');
@@ -603,7 +603,7 @@ class diff_renderer_side_by_side extends diff_renderer
 			// Iterate through every header block of changes
 			foreach ($this->lines as $header)
 			{
-				$output .= '<tr><th>Line ' . $header['oldline'] . '</th><th>' . $user->lang['LINE'] . ' ' . $header['newline'] . '</th></tr>';
+				$output .= '<tr><th>' . $user->lang['LINE'] . ' ' . $header['oldline'] . '</th><th>' . $user->lang['LINE'] . ' ' . $header['newline'] . '</th></tr>';

 				// Each header block consists of a number of changes (add, remove, change).
 				$current_context = '';
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
--- a/phpBB/includes/functions_admin.php
+++ b/phpBB/includes/functions_admin.php
@@ -196,7 +196,7 @@ function size_select_options($size_compare)
 {
 	global $user;

-	$size_types_text = array($user->lang['BYTES'], $user->lang['KB'], $user->lang['MB']);
+	$size_types_text = array($user->lang['BYTES'], $user->lang['KIB'], $user->lang['MIB']);
 	$size_types = array('b', 'kb', 'mb');

 	$s_size_options = '';
@@ -1545,7 +1545,8 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 					$sql = 'SELECT SUM(t.topic_replies + 1) AS forum_posts
 						FROM ' . TOPICS_TABLE . ' t
 						WHERE ' . $db->sql_in_set('t.forum_id', $forum_ids) . '
-							AND t.topic_approved = 1';
+							AND t.topic_approved = 1
+							AND t.topic_status <> ' . ITEM_MOVED;
 				}
 				else
 				{
@@ -1553,6 +1554,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 						FROM ' . TOPICS_TABLE . ' t
 						WHERE ' . $db->sql_in_set('t.forum_id', $forum_ids) . '
 							AND t.topic_approved = 1
+							AND t.topic_status <> ' . ITEM_MOVED . '
 						GROUP BY t.forum_id';
 				}

@@ -2878,14 +2880,7 @@ function get_database_size()
 		break;
 	}

-	if ($database_size !== false)
-	{
-		$database_size = ($database_size >= 1048576) ? sprintf('%.2f ' . $user->lang['MB'], ($database_size / 1048576)) : (($database_size >= 1024) ? sprintf('%.2f ' . $user->lang['KB'], ($database_size / 1024)) : sprintf('%.2f ' . $user->lang['BYTES'], $database_size));
-	}
-	else
-	{
-		$database_size = $user->lang['NOT_AVAILABLE'];
-	}
+	$database_size = ($database_size !== false) ? get_formatted_filesize($database_size) : $user->lang['NOT_AVAILABLE'];

 	return $database_size;
 }
@@ -2998,6 +2993,29 @@ function tidy_database()
 {
 	global $db;

+	// Here we check permission consistency
+
+	// Sometimes, it can happen permission tables having forums listed which do not exist
+	$sql = 'SELECT forum_id
+		FROM ' . FORUMS_TABLE;
+	$result = $db->sql_query($sql);
+
+	$forum_ids = array(0);
+	while ($row = $db->sql_fetchrow($result))
+	{
+		$forum_ids[] = $row['forum_id'];
+	}
+	$db->sql_freeresult($result);
+
+	// Delete those rows from the acl tables not having listed the forums above
+	$sql = 'DELETE FROM ' . ACL_GROUPS_TABLE . '
+		WHERE ' . $db->sql_in_set('forum_id', $forum_ids, true);
+	$db->sql_query($sql);
+
+	$sql = 'DELETE FROM ' . ACL_USERS_TABLE . '
+		WHERE ' . $db->sql_in_set('forum_id', $forum_ids, true);
+	$db->sql_query($sql);
+
 	set_config('database_last_gc', time(), true);
 }

--- a/phpBB/includes/functions_compress.php
+++ b/phpBB/includes/functions_compress.php
@@ -179,7 +179,7 @@ class compress_zip extends compress
 	* Extract archive
 	*/
 	function extract($dst)
-	{		
+	{
 		// Loop the file, looking for files and folders
 		$dd_try = false;
 		rewind($this->fp);
@@ -215,6 +215,12 @@ class compress_zip extends compress
 							// Create and folders and subfolders if they do not exist
 							foreach ($folders as $folder)
 							{
+								$folder = trim($folder);
+								if (!$folder)
+								{
+									continue;
+								}
+
 								$str = (!empty($str)) ? $str . '/' . $folder : $folder;
 								if (!is_dir($str))
 								{
@@ -231,13 +237,19 @@ class compress_zip extends compress
 					}
 					else
 					{
-						// Some archivers are punks, they don't don't include folders in their archives!
+						// Some archivers are punks, they don't include folders in their archives!
 						$str = '';
 						$folders = explode('/', pathinfo($target_filename, PATHINFO_DIRNAME));

 						// Create and folders and subfolders if they do not exist
 						foreach ($folders as $folder)
 						{
+							$folder = trim($folder);
+							if (!$folder)
+							{
+								continue;
+							}
+
 							$str = (!empty($str)) ? $str . '/' . $folder : $folder;
 							if (!is_dir($str))
 							{
@@ -267,7 +279,7 @@ class compress_zip extends compress
 							// Not compressed
 							fwrite($fp, $content);
 						break;
-					
+
 						case 8:
 							// Deflate
 							fwrite($fp, gzinflate($content, $data['uc_size']));
@@ -278,7 +290,7 @@ class compress_zip extends compress
 							fwrite($fp, bzdecompress($content));
 						break;
 					}
-					
+
 					fclose($fp);
 				break;

@@ -288,11 +300,11 @@ class compress_zip extends compress
 				// This case should simply never happen.. but it does exist..
 				case "\x50\x4b\x05\x06":
 				break 2;
-				
+
 				// 'Packed to Removable Disk', ignore it and look for the next signature...
 				case 'PK00':
 				continue 2;
-				
+
 				// We have encountered a header that is weird. Lets look for better data...
 				default:
 					if (!$dd_try)
@@ -507,16 +519,24 @@ class compress_tar extends compress
 				$tmp = unpack('A12size', substr($buffer, 124, 12));
 				$filesize = octdec((int) trim($tmp['size']));

+				$target_filename = "$dst$filename";
+
 				if ($filetype == 5)
 				{
-					if (!is_dir("$dst$filename"))
+					if (!is_dir($target_filename))
 					{
 						$str = '';
-						$folders = explode('/', "$dst$filename");
+						$folders = explode('/', $target_filename);

 						// Create and folders and subfolders if they do not exist
 						foreach ($folders as $folder)
 						{
+							$folder = trim($folder);
+							if (!$folder)
+							{
+								continue;
+							}
+
 							$str = (!empty($str)) ? $str . '/' . $folder : $folder;
 							if (!is_dir($str))
 							{
@@ -529,17 +549,41 @@ class compress_tar extends compress
 						}
 					}
 				}
-				else if ($filesize != 0 && ($filetype == 0 || $filetype == "\0"))
+				else if ($filesize >= 0 && ($filetype == 0 || $filetype == "\0"))
 				{
+					// Some archivers are punks, they don't properly order the folders in their archives!
+					$str = '';
+					$folders = explode('/', pathinfo($target_filename, PATHINFO_DIRNAME));
+
+					// Create and folders and subfolders if they do not exist
+					foreach ($folders as $folder)
+					{
+						$folder = trim($folder);
+						if (!$folder)
+						{
+							continue;
+						}
+
+						$str = (!empty($str)) ? $str . '/' . $folder : $folder;
+						if (!is_dir($str))
+						{
+							if (!@mkdir($str, 0777))
+							{
+								trigger_error("Could not create directory $folder");
+							}
+							@chmod($str, 0777);
+						}
+					}
+
 					// Write out the files
-					if (!($fp = fopen("$dst$filename", 'wb')))
+					if (!($fp = fopen($target_filename, 'wb')))
 					{
 						trigger_error("Couldn't create file $filename");
 					}
-					@chmod("$dst$filename", 0777);
+					@chmod($target_filename, 0777);

 					// Grab the file contents
-					fwrite($fp, $fzread($this->fp, ($filesize + 511) &~ 511), $filesize);
+					fwrite($fp, ($filesize) ? $fzread($this->fp, ($filesize + 511) &~ 511) : '', $filesize);
 					fclose($fp);
 				}
 			}
--- a/phpBB/includes/functions_content.php
+++ b/phpBB/includes/functions_content.php
@@ -67,7 +67,7 @@ function gen_sort_selects(&$limit_days, &$sort_by_text, &$sort_days, &$sort_key,
 		$sort_dir = key($sort_dir_text);
 	}

-	$s_limit_days = '<select name="st">';
+	$s_limit_days = '<select name="st" id="st">';
 	foreach ($limit_days as $day => $text)
 	{
 		$selected = ($sort_days == $day) ? ' selected="selected"' : '';
@@ -75,7 +75,7 @@ function gen_sort_selects(&$limit_days, &$sort_by_text, &$sort_days, &$sort_key,
 	}
 	$s_limit_days .= '</select>';

-	$s_sort_key = '<select name="sk">';
+	$s_sort_key = '<select name="sk" id="sk">';
 	foreach ($sort_by_text as $key => $text)
 	{
 		$selected = ($sort_key == $key) ? ' selected="selected"' : '';
@@ -83,7 +83,7 @@ function gen_sort_selects(&$limit_days, &$sort_by_text, &$sort_days, &$sort_key,
 	}
 	$s_sort_key .= '</select>';

-	$s_sort_dir = '<select name="sd">';
+	$s_sort_dir = '<select name="sd" id="sd">';
 	foreach ($sort_dir_text as $key => $value)
 	{
 		$selected = ($sort_dir == $key) ? ' selected="selected"' : '';
@@ -382,7 +382,7 @@ function strip_bbcode(&$text, $uid = '')

 	$match = get_preg_expression('bbcode_htm');
 	$replace = array('\1', '\1', '\2', '\1', '', '');
-	
+
 	$text = preg_replace($match, $replace, $text);
 }

@@ -418,7 +418,7 @@ function generate_text_for_display($text, $uid, $bitfield, $flags)
 		{
 			$bbcode->bbcode($bitfield);
 		}
-		
+
 		$bbcode->bbcode_second_pass($text, $uid);
 	}

@@ -438,6 +438,7 @@ function generate_text_for_storage(&$text, &$uid, &$bitfield, &$flags, $allow_bb
 	global $phpbb_root_path, $phpEx;

 	$uid = $bitfield = '';
+	$flags = (($allow_bbcode) ? OPTION_FLAG_BBCODE : 0) + (($allow_smilies) ? OPTION_FLAG_SMILIES : 0) + (($allow_urls) ? OPTION_FLAG_LINKS : 0);

 	if (!$text)
 	{
@@ -461,7 +462,6 @@ function generate_text_for_storage(&$text, &$uid, &$bitfield, &$flags, $allow_bb
 		$uid = '';
 	}

-	$flags = (($allow_bbcode) ? OPTION_FLAG_BBCODE : 0) + (($allow_smilies) ? OPTION_FLAG_SMILIES : 0) + (($allow_urls) ? OPTION_FLAG_LINKS : 0);
 	$bitfield = $message_parser->bbcode_bitfield;

 	return;
@@ -492,6 +492,7 @@ function generate_text_for_edit($text, $uid, $flags)
 */
 function make_clickable_callback($type, $whitespace, $url, $relative_url, $class)
 {
+	$orig_url		= $url . $relative_url;
 	$append			= '';
 	$url			= htmlspecialchars_decode($url);
 	$relative_url	= htmlspecialchars_decode($relative_url);
@@ -558,29 +559,39 @@ function make_clickable_callback($type, $whitespace, $url, $relative_url, $class
 		break;
 	}

+	$short_url = (strlen($url) > 55) ? substr($url, 0, 39) . ' ... ' . substr($url, -10) : $url;
+
 	switch ($type)
 	{
 		case MAGIC_URL_LOCAL:
 			$tag			= 'l';
 			$relative_url	= preg_replace('/[&?]sid=[0-9a-f]{32}$/', '', preg_replace('/([&?])sid=[0-9a-f]{32}&/', '$1', $relative_url));
 			$url			= $url . '/' . $relative_url;
-			$text			= ($relative_url) ? $relative_url : $url;
+			$text			= $relative_url;
+
+			// this url goes to http://domain.tld/path/to/board/ which
+			// would result in an empty link if treated as local so
+			// don't touch it and let MAGIC_URL_FULL take care of it.
+			if (!$relative_url)
+			{
+				return $whitespace . $orig_url . '/'; // slash is taken away by relative url pattern
+			}
 		break;

 		case MAGIC_URL_FULL:
 			$tag	= 'm';
-			$text	= (strlen($url) > 55) ? substr($url, 0, 39) . ' ... ' . substr($url, -10) : $url;
+			$text	= $short_url;
 		break;

 		case MAGIC_URL_WWW:
 			$tag	= 'w';
 			$url	= 'http://' . $url;
-			$text	= (strlen($url) > 55) ? substr($url, 0, 39) . ' ... ' . substr($url, -10) : $url;
+			$text	= $short_url;
 		break;

 		case MAGIC_URL_EMAIL:
 			$tag	= 'e';
-			$text	= (strlen($url) > 55) ? substr($url, 0, 39) . ' ... ' . substr($url, -10) : $url;
+			$text	= $short_url;
 			$url	= 'mailto:' . $url;
 		break;
 	}
@@ -647,12 +658,21 @@ function make_clickable($text, $server_url = false, $class = 'postlink')
 function censor_text($text)
 {
 	static $censors;
-	global $cache;

+	// We moved the word censor checks in here because we call this function quite often - and then only need to do the check once
 	if (!isset($censors) || !is_array($censors))
 	{
-		// obtain_word_list is taking care of the users censor option and the board-wide option
-		$censors = $cache->obtain_word_list();
+		global $config, $user, $auth, $cache;
+
+		// We check here if the user is having viewing censors disabled (and also allowed to do so).
+		if (!$user->optionget('viewcensors') && $config['allow_nocensors'] && $auth->acl_get('u_chgcensors'))
+		{
+			$censors = array();
+		}
+		else
+		{
+			$censors = $cache->obtain_word_list();
+		}
 	}

 	if (sizeof($censors))
@@ -792,7 +812,7 @@ function parse_attachments($forum_id, &$message, &$attachments, &$update_count,
 		$template->destroy_block_vars('_file');

 		$block_array = array();
-		
+
 		// Some basics...
 		$attachment['extension'] = strtolower(trim($attachment['extension']));
 		$filename = $phpbb_root_path . $config['upload_path'] . '/' . basename($attachment['physical_filename']);
@@ -813,8 +833,8 @@ function parse_attachments($forum_id, &$message, &$attachments, &$update_count,
 		}

 		$filesize = $attachment['filesize'];
-		$size_lang = ($filesize >= 1048576) ? $user->lang['MB'] : ( ($filesize >= 1024) ? $user->lang['KB'] : $user->lang['BYTES'] );
-		$filesize = ($filesize >= 1048576) ? round((round($filesize / 1048576 * 100) / 100), 2) : (($filesize >= 1024) ? round((round($filesize / 1024 * 100) / 100), 2) : $filesize);
+		$size_lang = ($filesize >= 1048576) ? $user->lang['MIB'] : (($filesize >= 1024) ? $user->lang['KIB'] : $user->lang['BYTES']);
+		$filesize = get_formatted_filesize($filesize, false);

 		$comment = bbcode_nl2br(censor_text($attachment['attach_comment']));

@@ -1046,8 +1066,16 @@ function extension_allowed($forum_id, $extension, &$extensions)
 /**
 * Truncates string while retaining special characters if going over the max length
 * The default max length is 60 at the moment
+* The maximum storage length is there to fit the string within the given length. The string may be further truncated due to html entities.
+* For example: string given is 'a "quote"' (length: 9), would be a stored as 'a &quot;quote&quot;' (length: 19)
+*
+* @param string $string The text to truncate to the given length. String is specialchared.
+* @param int $max_length Maximum length of string (multibyte character count as 1 char / Html entity count as 1 char)
+* @param int $max_store_length Maximum character length of string (multibyte character count as 1 char / Html entity count as entity chars).
+* @param bool $allow_reply Allow Re: in front of string
+* @param string $append String to be appended
 */
-function truncate_string($string, $max_length = 60, $allow_reply = true, $append = '')
+function truncate_string($string, $max_length = 60, $max_store_length = 255, $allow_reply = true, $append = '')
 {
 	$chars = array();

@@ -1070,11 +1098,26 @@ function truncate_string($string, $max_length = 60, $allow_reply = true, $append
 		$stripped = true;
 	}

+	// Due to specialchars, we may not be able to store the string...
+	if (utf8_strlen($string) > $max_store_length)
+	{
+		// let's split again, we do not want half-baked strings where entities are split
+		$_chars = utf8_str_split(htmlspecialchars_decode($string));
+		$chars = array_map('utf8_htmlspecialchars', $_chars);
+
+		do
+		{
+			array_pop($chars);
+			$string = implode('', $chars);
+		}
+		while (utf8_strlen($string) > $max_store_length || !sizeof($chars));
+	}
+
 	if ($strip_reply)
 	{
 		$string = 'Re: ' . $string;
 	}
-	
+
 	if ($append != '' && $stripped)
 	{
 		$string = $string . $append;
@@ -1193,7 +1236,7 @@ class bitfield
 		if (strlen($this->data) >= $byte + 1)
 		{
 			$c = $this->data[$byte];
-	
+
 			// Lookup the ($n % 8)th bit of the byte
 			$bit = 7 - ($n & 7);
 			return (bool) (ord($c) & (1 << $bit));
--- a/phpBB/includes/functions_convert.php
+++ b/phpBB/includes/functions_convert.php
@@ -148,7 +148,7 @@ function auto_id($pad = 0)
 	{
 		return $convert_row['max_id'] + $pad;
 	}
-	
+
 	return $auto_id + $pad;
 }

@@ -280,7 +280,7 @@ function get_config_value($config_name)
 	{
 		$convert_config = get_config();
 	}
-	
+
 	if (!isset($convert_config[$config_name]))
 	{
 		return false;
@@ -669,12 +669,12 @@ function import_avatar($source, $use_target = false, $user_id = false)
 	{
 		$convert->p_master->error(sprintf($user->lang['CONV_ERROR_NO_AVATAR_PATH'], 'import_avatar()'), __LINE__, __FILE__);
 	}
-	
+
 	if ($use_target === false && $user_id !== false)
 	{
 		$use_target = $config['avatar_salt'] . '_' . $user_id . '.' . substr(strrchr($source, '.'), 1);
 	}
-	
+
 	$result = _import_check('avatar_path', $source, $use_target);

 	return ((!empty($user_id)) ? $user_id : $use_target) . '.' . substr(strrchr($source, '.'), 1);
@@ -946,7 +946,7 @@ function get_remote_avatar_dim($src, $axis)
 		unset($remote_avatar_cache);
 		return $retval;
 	}
-	
+
 	$url_info = @parse_url($src);
 	if (empty($url_info['host']))
 	{
@@ -962,19 +962,19 @@ function get_remote_avatar_dim($src, $axis)
 			case 'ftp':
 				$port = 21;
 				break;
-				
+
 			case 'https':
 				$port = 443;
 				break;
-			
+
 			default:
 				$port = 80;
 		}
 	}
-	
+
 	$timeout = @ini_get('default_socket_timeout');
 	@ini_set('default_socket_timeout', 2);
-	
+
 	// We're just trying to reach the server to avoid timeouts
 	$fp = @fsockopen($host, $port, $errno, $errstr, 1);
 	if ($fp)
@@ -982,11 +982,11 @@ function get_remote_avatar_dim($src, $axis)
 		$remote_avatar_cache[$src] = @getimagesize($src);
 		fclose($fp);
 	}
-	
+
 	$default_x 	= (defined('DEFAULT_AVATAR_X_CUSTOM')) ? DEFAULT_AVATAR_X_CUSTOM : DEFAULT_AVATAR_X;
 	$default_y 	= (defined('DEFAULT_AVATAR_Y_CUSTOM')) ? DEFAULT_AVATAR_Y_CUSTOM : DEFAULT_AVATAR_Y;
 	$default 	= array($default_x, $default_y);
-	
+
 	if (empty($remote_avatar_cache[$src]) || empty($remote_avatar_cache[$src][0]) || empty($remote_avatar_cache[$src][1]))
 	{
 		$remote_avatar_cache[$src] = $default;
@@ -1002,7 +1002,7 @@ function get_remote_avatar_dim($src, $axis)
 			$remote_avatar_cache[$src][1] = (int)($remote_avatar_cache[$src][1] * $ratio);
 		}
 	}
-	
+
 	@ini_set('default_socket_timeout', $timeout);
 	return $remote_avatar_cache[$src][$axis];
 }
@@ -1112,7 +1112,7 @@ function words_unique(&$words)
 function add_user_group($group_id, $user_id, $group_leader=false)
 {
 	global $convert, $phpbb_root_path, $config, $user, $db;
-	
+
 	$sql = 'INSERT INTO ' . USER_GROUP_TABLE . ' ' . $db->sql_build_array('INSERT', array(
 		'group_id'		=> $group_id,
 		'user_id'		=> $user_id,
@@ -1282,7 +1282,7 @@ function restore_config($schema)
 			// Most are...
 			if (is_string($config_value))
 			{
-				$config_value = utf8_htmlspecialchars($config_value);
+				$config_value = truncate_string(utf8_htmlspecialchars($config_value), 255, 255, false);
 			}

 			set_config($config_name, $config_value);
@@ -2443,7 +2443,7 @@ function get_smiley_display()
 function fill_dateformat($user_dateformat)
 {
 	global $config;
-	
+
 	return ((empty($user_dateformat)) ? $config['default_dateformat'] : $user_dateformat);
 }

--- a/phpBB/includes/functions_display.php
+++ b/phpBB/includes/functions_display.php
@@ -27,7 +27,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 	$forum_rows = $subforums = $forum_ids = $forum_ids_moderator = $forum_moderators = $active_forum_ary = array();
 	$parent_id = $visible_forums = 0;
 	$sql_from = '';
-	
+
 	// Mark forums read?
 	$mark_read = request_var('mark', '');

@@ -371,7 +371,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 		$s_subforums_list = array();
 		foreach ($subforums_list as $subforum)
 		{
-			$s_subforums_list[] = '<a href="' . $subforum['link'] . '" class="subforum ' . (($subforum['unread']) ? 'unread' : 'read') . '">' . $subforum['name'] . '</a>';
+			$s_subforums_list[] = '<a href="' . $subforum['link'] . '" class="subforum ' . (($subforum['unread']) ? 'unread' : 'read') . '" title="' . (($subforum['unread']) ? $user->lang['NEW_POSTS'] : $user->lang['NO_NEW_POSTS']) . '">' . $subforum['name'] . '</a>';
 		}
 		$s_subforums_list = (string) implode(', ', $s_subforums_list);
 		$catless = ($row['parent_id'] == $root_data['forum_id']) ? true : false;
@@ -400,6 +400,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 			'S_IS_LINK'			=> ($row['forum_type'] == FORUM_LINK) ? true : false,
 			'S_UNREAD_FORUM'	=> $forum_unread,
 			'S_LOCKED_FORUM'	=> ($row['forum_status'] == ITEM_LOCKED) ? true : false,
+			'S_LIST_SUBFORUMS'	=> ($row['display_subforum_list']) ? true : false,
 			'S_SUBFORUMS'		=> (sizeof($subforums_list)) ? true : false,

 			'FORUM_ID'				=> $row['forum_id'],
@@ -409,6 +410,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 			$l_post_click_count		=> $post_click_count,
 			'FORUM_FOLDER_IMG'		=> $user->img($folder_image, $folder_alt),
 			'FORUM_FOLDER_IMG_SRC'	=> $user->img($folder_image, $folder_alt, false, '', 'src'),
+			'FORUM_FOLDER_IMG_ALT'	=> isset($user->lang[$folder_alt]) ? $user->lang[$folder_alt] : '',
 			'FORUM_IMAGE'			=> ($row['forum_image']) ? '<img src="' . $phpbb_root_path . $row['forum_image'] . '" alt="' . $user->lang[$folder_alt] . '" />' : '',
 			'FORUM_IMAGE_SRC'		=> ($row['forum_image']) ? $phpbb_root_path . $row['forum_image'] : '',
 			'LAST_POST_SUBJECT'		=> censor_text($last_post_subject),
@@ -437,7 +439,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 				'S_UNREAD'		=> $subforum['unread'])
 			);
 		}
-		
+
 		$last_catless = $catless;
 	}

@@ -979,7 +981,7 @@ function display_user_activity(&$userdata)
 /**
 * Topic and forum watching common code
 */
-function watch_topic_forum($mode, &$s_watching, &$s_watching_img, $user_id, $forum_id, $topic_id, $notify_status = 'unset', $start = 0)
+function watch_topic_forum($mode, &$s_watching, $user_id, $forum_id, $topic_id, $notify_status = 'unset', $start = 0)
 {
 	global $template, $db, $user, $phpEx, $start, $phpbb_root_path;

@@ -1101,7 +1103,7 @@ function watch_topic_forum($mode, &$s_watching, &$s_watching_img, $user_id, $for
 */
 function get_user_rank($user_rank, $user_posts, &$rank_title, &$rank_img, &$rank_img_src)
 {
-	global $ranks, $config;
+	global $ranks, $config, $phpbb_root_path;

 	if (empty($ranks))
 	{
@@ -1112,8 +1114,8 @@ function get_user_rank($user_rank, $user_posts, &$rank_title, &$rank_img, &$rank
 	if (!empty($user_rank))
 	{
 		$rank_title = (isset($ranks['special'][$user_rank]['rank_title'])) ? $ranks['special'][$user_rank]['rank_title'] : '';
-		$rank_img = (!empty($ranks['special'][$user_rank]['rank_image'])) ? '<img src="' . $config['ranks_path'] . '/' . $ranks['special'][$user_rank]['rank_image'] . '" alt="' . $ranks['special'][$user_rank]['rank_title'] . '" title="' . $ranks['special'][$user_rank]['rank_title'] . '" />' : '';
-		$rank_img_src = (!empty($ranks['special'][$user_rank]['rank_image'])) ? $config['ranks_path'] . '/' . $ranks['special'][$user_rank]['rank_image'] : '';
+		$rank_img = (!empty($ranks['special'][$user_rank]['rank_image'])) ? '<img src="' . $phpbb_root_path . $config['ranks_path'] . '/' . $ranks['special'][$user_rank]['rank_image'] . '" alt="' . $ranks['special'][$user_rank]['rank_title'] . '" title="' . $ranks['special'][$user_rank]['rank_title'] . '" />' : '';
+		$rank_img_src = (!empty($ranks['special'][$user_rank]['rank_image'])) ? $phpbb_root_path . $config['ranks_path'] . '/' . $ranks['special'][$user_rank]['rank_image'] : '';
 	}
 	else
 	{
@@ -1124,8 +1126,8 @@ function get_user_rank($user_rank, $user_posts, &$rank_title, &$rank_img, &$rank
 				if ($user_posts >= $rank['rank_min'])
 				{
 					$rank_title = $rank['rank_title'];
-					$rank_img = (!empty($rank['rank_image'])) ? '<img src="' . $config['ranks_path'] . '/' . $rank['rank_image'] . '" alt="' . $rank['rank_title'] . '" title="' . $rank['rank_title'] . '" />' : '';
-					$rank_img_src = (!empty($rank['rank_image'])) ? $config['ranks_path'] . '/' . $rank['rank_image'] : '';
+					$rank_img = (!empty($rank['rank_image'])) ? '<img src="' . $phpbb_root_path . $config['ranks_path'] . '/' . $rank['rank_image'] . '" alt="' . $rank['rank_title'] . '" title="' . $rank['rank_title'] . '" />' : '';
+					$rank_img_src = (!empty($rank['rank_image'])) ? $phpbb_root_path . $config['ranks_path'] . '/' . $rank['rank_image'] : '';
 					break;
 				}
 			}
--- a/phpBB/includes/functions_install.php
+++ b/phpBB/includes/functions_install.php
@@ -286,7 +286,7 @@ function connect_check_db($error_connect, &$error, $dbms_details, $table_prefix,
 	{
 		case 'mysql':
 		case 'mysqli':
-			if (strpos($table_prefix, '-') !== false || strpos($table_prefix, '.') !== false)
+			if (strspn($table_prefix, '-./\\') !== 0)
 			{
 				$error[] = $lang['INST_ERR_PREFIX_INVALID'];
 				return false;
--- a/phpBB/includes/functions_jabber.php
+++ b/phpBB/includes/functions_jabber.php
@@ -20,11 +20,11 @@ if (!defined('IN_PHPBB'))
 *
 * Jabber class from Flyspray project
 *
-* @version class.jabber2.php 1306 2007-06-21
+* @version class.jabber2.php 1488 2007-11-25
 * @copyright 2006 Flyspray.org
 * @author Florian Schmitz (floele)
 *
-* Modified by Acyd Burn
+* Only slightly modified by Acyd Burn
 *
 * @package phpBB3
 */
@@ -286,7 +286,7 @@ class jabber
 			$read = trim(fread($this->connection, 4096));
 			$data .= $read;
 		}
-		while (time() <= $start + $timeout && ($wait || $data == '' || $read != '' || (substr(rtrim($data), -1) != '>')));
+		while (time() <= $start + $timeout && !feof($this->connection) && ($wait || $data == '' || $read != '' || (substr(rtrim($data), -1) != '>')));

 		if ($data != '')
 		{
@@ -385,7 +385,6 @@ class jabber
 		{
 			case 'stream:stream':
 				// Connection initialised (or after authentication). Not much to do here...
-				$this->session['id'] = $xml['stream:stream'][0]['@']['id'];

 				if (isset($xml['stream:stream'][0]['#']['stream:features']))
 				{
@@ -397,6 +396,17 @@ class jabber
 					$this->features = $this->listen();
 				}

+				$second_time = isset($this->session['id']);
+				$this->session['id'] = $xml['stream:stream'][0]['@']['id'];
+
+				/** Currently commented out due to problems with some jabber server - reason unknown
+				if ($second_time)
+				{
+					// If we are here for the second time after TLS, we need to continue logging in
+					$this->login();
+					return;
+				}*/
+
 				// go on with authentication?
 				if (isset($this->features['stream:features'][0]['#']['bind']) || !empty($this->session['tls']))
 				{
@@ -519,9 +529,10 @@ class jabber
 						'response'	=> $this->encrypt_password(array_merge($decoded, array('nc' => '00000001'))),
 						'charset'	=> 'utf-8',
 						'nc'		=> '00000001',
+						'qop'		=> 'auth',			// only auth being supported
 					);

-					foreach (array('nonce', 'qop', 'digest-uri', 'realm', 'cnonce') as $key)
+					foreach (array('nonce', 'digest-uri', 'realm', 'cnonce') as $key)
 					{
 						if (isset($decoded[$key]))
 						{
--- a/phpBB/includes/functions_messenger.php
+++ b/phpBB/includes/functions_messenger.php
@@ -1056,8 +1056,7 @@ class smtp_class
 		global $user;

 		$err_msg = '';
-		$local_host = php_uname('n');
-		$local_host = (empty($local_host)) ? 'localhost' : $local_host;
+		$local_host = (function_exists('php_uname')) ? php_uname('n') : $user->host;

 		// If we are authenticating through pop-before-smtp, we
 		// have to login ones before we get authenticated
@@ -1332,7 +1331,7 @@ class smtp_class
 		// Realm
 		if (empty($tokens['realm']))
 		{
-			$tokens['realm'] = php_uname('n');
+			$tokens['realm'] = (function_exists('php_uname')) ? php_uname('n') : $user->host;
 		}

 		// Maxbuf
--- a/phpBB/includes/functions_module.php
+++ b/phpBB/includes/functions_module.php
@@ -59,7 +59,7 @@ class p_master
 				WHERE module_class = '" . $db->sql_escape($this->p_class) . "'
 				ORDER BY left_id ASC";
 			$result = $db->sql_query($sql);
-			
+
 			$rows = array();
 			while ($row = $db->sql_fetchrow($result))
 			{
@@ -114,7 +114,7 @@ class p_master
 					unset($this->module_cache['modules'][$key]);
 					continue;
 				}
-				
+
 				$right_id = false;
 			}

@@ -147,7 +147,7 @@ class p_master
 				{
 					continue;
 				}
-				
+
 				$right_id = false;
 			}

@@ -194,7 +194,7 @@ class p_master
 			$custom_func = '_module_' . $row['module_basename'];

 			$names[$row['module_basename'] . '_' . $row['module_mode']][] = true;
-			
+
 			$module_row = array(
 				'depth'		=> $depth,

@@ -209,7 +209,7 @@ class p_master
 				'display'	=> (int) $row['module_display'],

 				'url_extra'	=> (function_exists($url_func)) ? $url_func($row['module_mode'], $row) : '',
-				
+
 				'lang'		=> ($row['module_basename'] && function_exists($lang_func)) ? $lang_func($row['module_mode'], $row['module_langname']) : ((!empty($user->lang[$row['module_langname']])) ? $user->lang[$row['module_langname']] : $row['module_langname']),
 				'langname'	=> $row['module_langname'],

@@ -309,7 +309,7 @@ class p_master
 				break;

 				default:
-					if (!preg_match('#(?:acl_([a-z_]+)(,\$id)?)|(?:\$id)|(?:aclf_([a-z_]+))|(?:cfg_([a-z_]+))|(?:request_([a-z_]+))#', $token))
+					if (!preg_match('#(?:acl_([a-z0-9_]+)(,\$id)?)|(?:\$id)|(?:aclf_([a-z0-9_]+))|(?:cfg_([a-z0-9_]+))|(?:request_([a-zA-Z0-9_]+))#', $token))
 					{
 						$token = '';
 					}
@@ -325,7 +325,7 @@ class p_master
 		$forum_id = ($forum_id === false) ? $this->acl_forum_id : $forum_id;

 		$is_auth = false;
-		eval('$is_auth = (int) (' . preg_replace(array('#acl_([a-z_]+)(,\$id)?#', '#\$id#', '#aclf_([a-z_]+)#', '#cfg_([a-z_]+)#', '#request_([a-z_]+)#'), array('(int) $auth->acl_get(\'\\1\'\\2)', '(int) $forum_id', '(int) $auth->acl_getf_global(\'\\1\')', '(int) $config[\'\\1\']', '!empty($_REQUEST[\'\\1\'])'), $module_auth) . ');');
+		eval('$is_auth = (int) (' . preg_replace(array('#acl_([a-z0-9_]+)(,\$id)?#', '#\$id#', '#aclf_([a-z0-9_]+)#', '#cfg_([a-z0-9_]+)#', '#request_([a-zA-Z0-9_]+)#'), array('(int) $auth->acl_get(\'\\1\'\\2)', '(int) $forum_id', '(int) $auth->acl_getf_global(\'\\1\')', '(int) $config[\'\\1\']', '!empty($_REQUEST[\'\\1\'])'), $module_auth) . ');');

 		return $is_auth;
 	}
@@ -677,7 +677,7 @@ class p_master
 			}

 			// Select first id we can get
-			if (!$current_id && (in_array($item_ary['id'], array_keys($this->module_cache['parents'])) || $item_ary['id'] == $this->p_id))
+			if (!$current_id && (isset($this->module_cache['parents'][$item_ary['id']]) || $item_ary['id'] == $this->p_id))
 			{
 				$current_id = $item_ary['id'];
 			}
@@ -710,7 +710,7 @@ class p_master

 				$tpl_ary = array(
 					'L_TITLE'		=> $item_ary['lang'],
-					'S_SELECTED'	=> (in_array($item_ary['id'], array_keys($this->module_cache['parents'])) || $item_ary['id'] == $this->p_id) ? true : false,
+					'S_SELECTED'	=> (isset($this->module_cache['parents'][$item_ary['id']]) || $item_ary['id'] == $this->p_id) ? true : false,
 					'U_TITLE'		=> $u_title
 				);

@@ -719,7 +719,7 @@ class p_master

 			$tpl_ary = array(
 				'L_TITLE'		=> $item_ary['lang'],
-				'S_SELECTED'	=> (in_array($item_ary['id'], array_keys($this->module_cache['parents'])) || $item_ary['id'] == $this->p_id) ? true : false,
+				'S_SELECTED'	=> (isset($this->module_cache['parents'][$item_ary['id']]) || $item_ary['id'] == $this->p_id) ? true : false,
 				'U_TITLE'		=> $u_title
 			);

--- a/phpBB/includes/functions_posting.php
+++ b/phpBB/includes/functions_posting.php
@@ -267,7 +267,7 @@ function posting_gen_topic_icons($mode, $icon_id)
 					'ICON_IMG'		=> $phpbb_root_path . $config['icons_path'] . '/' . $data['img'],
 					'ICON_WIDTH'	=> $data['width'],
 					'ICON_HEIGHT'	=> $data['height'],
-	
+
 					'S_CHECKED'			=> ($id == $icon_id) ? true : false,
 					'S_ICON_CHECKED'	=> ($id == $icon_id) ? ' checked="checked"' : '')
 				);
@@ -323,7 +323,7 @@ function posting_gen_topic_types($forum_id, $cur_topic_type = POST_NORMAL)

 			$topic_type_array
 		);
-		
+
 		foreach ($topic_type_array as $array)
 		{
 			$template->assign_block_vars('topic_type', $array);
@@ -358,6 +358,11 @@ function upload_attachment($form_name, $forum_id, $local = false, $local_storage
 	include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx);
 	$upload = new fileupload();

+	if ($config['check_attachment_content'])
+	{
+		$upload->set_disallowed_content(explode('|', $config['mime_triggers']));
+	}
+
 	if (!$local)
 	{
 		$filedata['post_attach'] = ($upload->is_valid($form_name)) ? true : false;
@@ -524,6 +529,8 @@ function get_supported_image_types($type = false)

 		if ($type !== false)
 		{
+			// Type is one of the IMAGETYPE constants - it is fetched from getimagesize()
+			// We do not use the constants here, because some were not available in PHP 4.3.x
 			switch ($type)
 			{
 				// GIF
@@ -545,8 +552,7 @@ function get_supported_image_types($type = false)
 					$new_type = ($format & IMG_PNG) ? IMG_PNG : false;
 				break;

-				// BMP, WBMP
-				case 6:
+				// WBMP
 				case 15:
 					$new_type = ($format & IMG_WBMP) ? IMG_WBMP : false;
 				break;
@@ -618,6 +624,11 @@ function create_thumbnail($source, $destination, $mimetype)
 	// Only use imagemagick if defined and the passthru function not disabled
 	if ($config['img_imagick'] && function_exists('passthru'))
 	{
+		if (substr($config['img_imagick'], -1) !== '/')
+		{
+			$config['img_imagick'] .= '/';
+		}
+
 		@passthru(escapeshellcmd($config['img_imagick']) . 'convert' . ((defined('PHP_OS') && preg_match('#^win#i', PHP_OS)) ? '.exe' : '') . ' -quality 85 -antialias -sample ' . $new_width . 'x' . $new_height . ' "' . str_replace('\\', '/', $source) . '" +profile "*" "' . str_replace('\\', '/', $destination) . '"');

 		if (file_exists($destination))
@@ -934,7 +945,8 @@ function topic_review($topic_id, $forum_id, $mode = 'topic_review', $cur_post_id
 		WHERE p.topic_id = $topic_id
 			" . ((!$auth->acl_get('m_approve', $forum_id)) ? 'AND p.post_approved = 1' : '') . '
 			' . (($mode == 'post_review') ? " AND p.post_id > $cur_post_id" : '') . '
-		ORDER BY p.post_time DESC';
+		ORDER BY p.post_time ';
+	$sql .= ($mode == 'post_review') ? 'ASC' : 'DESC';
 	$result = $db->sql_query_limit($sql, $config['posts_per_page']);

 	$post_list = array();
@@ -1105,7 +1117,7 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id
 		trigger_error('WRONG_NOTIFICATION_MODE');
 	}

-	if (!$config['allow_topic_notify'])
+	if (($topic_notification && !$config['allow_topic_notify']) || ($forum_notification && !$config['allow_forum_notify']))
 	{
 		return;
 	}
@@ -1115,16 +1127,15 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id

 	// Get banned User ID's
 	$sql = 'SELECT ban_userid
-		FROM ' . BANLIST_TABLE;
+		FROM ' . BANLIST_TABLE . '
+		WHERE ban_userid <> 0
+			AND ban_exclude <> 1';
 	$result = $db->sql_query($sql);

 	$sql_ignore_users = ANONYMOUS . ', ' . $user->data['user_id'];
 	while ($row = $db->sql_fetchrow($result))
 	{
-		if (isset($row['ban_userid']))
-		{
-			$sql_ignore_users .= ', ' . $row['ban_userid'];
-		}
+		$sql_ignore_users .= ', ' . (int) $row['ban_userid'];
 	}
 	$db->sql_freeresult($result);

@@ -1326,9 +1337,21 @@ function delete_post($forum_id, $topic_id, $post_id, &$data)
 	global $config, $phpEx, $phpbb_root_path;

 	// Specify our post mode
-	$post_mode = ($data['topic_first_post_id'] == $data['topic_last_post_id']) ? 'delete_topic' : (($data['topic_first_post_id'] == $post_id) ? 'delete_first_post' : (($data['topic_last_post_id'] == $post_id) ? 'delete_last_post' : 'delete'));
+	$post_mode = 'delete';
+	if (($data['topic_first_post_id'] === $data['topic_last_post_id']) && $data['topic_replies_real'] == 0)
+	{
+		$post_mode = 'delete_topic';
+	}
+	else if ($data['topic_first_post_id'] == $post_id)
+	{
+		$post_mode = 'delete_first_post';
+	}
+	else if ($data['topic_last_post_id'] == $post_id)
+	{
+		$post_mode = 'delete_last_post';
+	}
 	$sql_data = array();
-	$next_post_id = 0;
+	$next_post_id = false;

 	include_once($phpbb_root_path . 'includes/functions_admin.' . $phpEx);

@@ -1628,7 +1651,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 			// Display edit info if edit reason given or user is editing his post, which is not the last within the topic.
 			if ($data['post_edit_reason'] || (!$auth->acl_get('m_edit', $data['forum_id']) && ($post_mode == 'edit' || $post_mode == 'edit_first_post')))
 			{
-				$data['post_edit_reason']		= truncate_string($data['post_edit_reason'], 255, false);
+				$data['post_edit_reason']		= truncate_string($data['post_edit_reason'], 255, 255, false);

 				$sql_data[POSTS_TABLE]['sql']	= array(
 					'post_edit_time'	=> $current_time,
@@ -1717,7 +1740,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 			}

 			$sql_data[USERS_TABLE]['stat'][] = "user_lastpost_time = $current_time" . (($auth->acl_get('f_postcount', $data['forum_id'])) ? ', user_posts = user_posts + 1' : '');
-	
+
 			if ($topic_type != POST_GLOBAL)
 			{
 				if ($auth->acl_get('f_noapprove', $data['forum_id']) || $auth->acl_get('m_approve', $data['forum_id']))
@@ -1839,6 +1862,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 				'topic_last_poster_id'		=> (int) $user->data['user_id'],
 				'topic_last_poster_name'	=> (!$user->data['is_registered'] && $username) ? $username : (($user->data['user_id'] != ANONYMOUS) ? $user->data['username'] : ''),
 				'topic_last_poster_colour'	=> $user->data['user_colour'],
+				'topic_last_post_subject'	=> (string) $subject,
 			);
 		}

@@ -1940,7 +1964,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 		}

 		$sql_insert_ary = array();
-		
+
 		for ($i = 0, $size = sizeof($poll['poll_options']); $i < $size; $i++)
 		{
 			if (strlen(trim($poll['poll_options'][$i])))
@@ -2013,7 +2037,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u

 		foreach ($data['attachment_data'] as $pos => $attach_row)
 		{
-			if ($attach_row['is_orphan'] && !in_array($attach_row['attach_id'], array_keys($orphan_rows)))
+			if ($attach_row['is_orphan'] && !isset($orphan_rows[$attach_row['attach_id']]))
 			{
 				continue;
 			}
--- a/phpBB/includes/functions_privmsgs.php
+++ b/phpBB/includes/functions_privmsgs.php
@@ -208,6 +208,11 @@ function get_folder($user_id, $folder_id = false)
 		);
 	}

+	if ($folder_id !== false && !isset($folder[$folder_id]))
+	{
+		trigger_error('UNKNOWN_FOLDER');
+	}
+
 	return $folder;
 }

@@ -276,7 +281,7 @@ function check_rule(&$rules, &$rule_row, &$message_row, $user_id)
 		case ACTION_PLACE_INTO_FOLDER:
 			return array('action' => $rule_row['rule_action'], 'folder_id' => $rule_row['rule_folder_id']);
 		break;
-		
+
 		case ACTION_MARK_AS_READ:
 		case ACTION_MARK_AS_IMPORTANT:
 			return array('action' => $rule_row['rule_action'], 'pm_unread' => $message_row['pm_unread'], 'pm_marked' => $message_row['pm_marked']);
@@ -304,7 +309,7 @@ function check_rule(&$rules, &$rule_row, &$message_row, $user_id)

 			return false;
 		break;
-		
+
 		default:
 			return false;
 	}
@@ -606,7 +611,7 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false)

 		unset($sql_folder);

-		if (in_array(PRIVMSGS_INBOX, array_keys($move_into_folder)))
+		if (isset($move_into_folder[PRIVMSGS_INBOX]))
 		{
 			$sql = 'SELECT COUNT(msg_id) as num_messages
 				FROM ' . PRIVMSGS_TO_TABLE . "
@@ -892,7 +897,7 @@ function handle_mark_actions($user_id, $mark_action)
 			if (confirm_box(true))
 			{
 				delete_pm($user_id, $msg_ids, $cur_folder_id);
-				
+
 				$success_msg = (sizeof($msg_ids) == 1) ? 'MESSAGE_DELETED' : 'MESSAGES_DELETED';
 				$redirect = append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&amp;folder=' . $cur_folder_id);

@@ -1034,8 +1039,8 @@ function delete_pm($user_id, $msg_ids, $folder_id)
 		$user->data['user_new_privmsg'] -= $num_new;
 		$user->data['user_unread_privmsg'] -= $num_unread;
 	}
-	
-	// Now we have to check which messages we can delete completely	
+
+	// Now we have to check which messages we can delete completely
 	$sql = 'SELECT msg_id
 		FROM ' . PRIVMSGS_TO_TABLE . '
 		WHERE ' . $db->sql_in_set('msg_id', array_keys($delete_rows));
@@ -1157,7 +1162,7 @@ function write_pm_addresses($check_ary, $author_id, $plaintext = false)
 					FROM ' . GROUPS_TABLE . '
 						WHERE ' . $db->sql_in_set('group_id', $g);
 				$result = $db->sql_query($sql);
-		
+
 				while ($row = $db->sql_fetchrow($result))
 				{
 					if ($check_type == 'to' || $author_id == $user->data['user_id'] || $row['user_id'] == $user->data['user_id'])
@@ -1175,7 +1180,7 @@ function write_pm_addresses($check_ary, $author_id, $plaintext = false)
 						AND g.group_id = ug.group_id
 						AND ug.user_pending = 0';
 				$result = $db->sql_query($sql);
-		
+
 				while ($row = $db->sql_fetchrow($result))
 				{
 					if (!isset($address['group'][$row['group_id']]))
@@ -1331,7 +1336,7 @@ function submit_pm($mode, $subject, &$data, $put_in_outbox = true)
 					AND u.user_id = ug.user_id
 					AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')';
 			$result = $db->sql_query($sql);
-	
+
 			while ($row = $db->sql_fetchrow($result))
 			{
 				$field = ($data['address_list']['g'][$row['group_id']] == 'to') ? 'to' : 'bcc';
@@ -1506,7 +1511,7 @@ function submit_pm($mode, $subject, &$data, $put_in_outbox = true)

 		foreach ($data['attachment_data'] as $pos => $attach_row)
 		{
-			if ($attach_row['is_orphan'] && !in_array($attach_row['attach_id'], array_keys($orphan_rows)))
+			if ($attach_row['is_orphan'] && !isset($orphan_rows[$attach_row['attach_id']]))
 			{
 				continue;
 			}
@@ -1803,4 +1808,25 @@ function message_history($msg_id, $user_id, $message_row, $folder, $in_post_mode
 	return true;
 }

+/**
+* Set correct users max messages in PM folder.
+* If several group memberships define different amount of messages, the highest will be chosen.
+*/
+function set_user_message_limit()
+{
+	global $user, $db, $config;
+
+	// Get maximum about from user memberships - if it is 0, there is no limit set and we use the maximum value within the config.
+	$sql = 'SELECT MAX(g.group_message_limit) as max_message_limit
+		FROM ' . GROUPS_TABLE . ' g, ' . USER_GROUP_TABLE . ' ug
+		WHERE ug.user_id = ' . $user->data['user_id'] . '
+			AND ug.user_pending = 0
+			AND ug.group_id = g.group_id';
+	$result = $db->sql_query($sql);
+	$message_limit = (int) $db->sql_fetchfield('max_message_limit');
+	$db->sql_freeresult($result);
+
+	$user->data['message_limit'] = (!$message_limit) ? $config['pm_max_msgs'] : $message_limit;
+}
+
 ?>
--- a/phpBB/includes/functions_profile_fields.php
+++ b/phpBB/includes/functions_profile_fields.php
@@ -488,7 +488,8 @@ class custom_profile
 				else if ($day && $month && $year)
 				{
 					global $user;
-					return $user->format_date(mktime(0, 0, 0, $month, $day, $year), $user->lang['DATE_FORMAT'], true);
+					// d/m/y 00:00 GMT isn't necessarily on the same d/m/y in the user's timezone, so add the timezone seconds
+					return $user->format_date(gmmktime(0, 0, 0, $month, $day, $year) + $user->timezone + $user->dst, $user->lang['DATE_FORMAT'], true);
 				}

 				return $value;
@@ -666,7 +667,7 @@ class custom_profile
 		}

 		$profile_row['s_year_options'] = '<option value="0"' . ((!$year) ? ' selected="selected"' : '') . '>--</option>';
-		for ($i = $now['year'] - 100; $i <= $now['year']; $i++)
+		for ($i = $now['year'] - 100; $i <= $now['year'] + 100; $i++)
 		{
 			$profile_row['s_year_options'] .= '<option value="' . $i . '"' . (($i == $year) ? ' selected="selected"' : '') . ">$i</option>";
 		}
@@ -871,13 +872,13 @@ class custom_profile
 				}
 				else
 				{
-					$var = request_var($var_name, $profile_row['field_default_value']);
+					$var = request_var($var_name, (int) $profile_row['field_default_value']);
 				}
 			break;

 			case FIELD_STRING:
 			case FIELD_TEXT:
-				$var = utf8_normalize_nfc(request_var($var_name, $profile_row['field_default_value'], true));
+				$var = utf8_normalize_nfc(request_var($var_name, (string) $profile_row['field_default_value'], true));
 			break;

 			case FIELD_INT:
@@ -887,10 +888,14 @@ class custom_profile
 				}
 				else
 				{
-					$var = request_var($var_name, $profile_row['field_default_value']);
+					$var = request_var($var_name, (int) $profile_row['field_default_value']);
 				}
 			break;

+			case FIELD_DROPDOWN:
+				$var = request_var($var_name, (int) $profile_row['field_default_value']);
+			break;
+
 			default:
 				$var = request_var($var_name, $profile_row['field_default_value']);
 			break;
--- a/phpBB/includes/functions_upload.php
+++ b/phpBB/includes/functions_upload.php
@@ -228,6 +228,34 @@ class filespec
 	{
 		return @filesize($filename);
 	}
+	
+	
+	/**
+	* Check the first 256 bytes for forbidden content
+	*/
+	function check_content($disallowed_content)
+	{
+		if (empty($disallowed_content))
+		{
+			return true;
+		}
+		
+		$fp = @fopen($this->filename, 'rb');
+
+		if ($fp !== false)
+		{
+			$ie_mime_relevant = fread($fp, 256);
+			fclose($fp);
+			foreach ($disallowed_content as $forbidden)
+			{
+				if (stripos($ie_mime_relevant, '<' . $forbidden) !== false)
+				{
+					return false;
+				}
+			}
+		}
+		return true;
+	}

 	/**
 	* Move file to destination folder
@@ -257,7 +285,7 @@ class filespec
 			return false;
 		}

-		$upload_mode = (@ini_get('open_basedir') || @ini_get('safe_mode')) ? 'move' : 'copy';
+		$upload_mode = (@ini_get('open_basedir') || @ini_get('safe_mode') || strtolower(@ini_get('safe_mode')) == 'on') ? 'move' : 'copy';
 		$upload_mode = ($this->local) ? 'local' : $upload_mode;
 		$this->destination_file = $this->destination_path . '/' . basename($this->realname);

@@ -386,8 +414,8 @@ class filespec
 		// Filesize is too big or it's 0 if it was larger than the maxsize in the upload form
 		if ($this->upload->max_filesize && ($this->get('filesize') > $this->upload->max_filesize || $this->filesize == 0))
 		{
-			$size_lang = ($this->upload->max_filesize >= 1048576) ? $user->lang['MB'] : (($this->upload->max_filesize >= 1024) ? $user->lang['KB'] : $user->lang['BYTES'] );
-			$max_filesize = ($this->upload->max_filesize >= 1048576) ? round($this->upload->max_filesize / 1048576 * 100) / 100 : (($this->upload->max_filesize >= 1024) ? round($this->upload->max_filesize / 1024 * 100) / 100 : $this->upload->max_filesize);
+			$size_lang = ($this->upload->max_filesize >= 1048576) ? $user->lang['MIB'] : (($this->upload->max_filesize >= 1024) ? $user->lang['KIB'] : $user->lang['BYTES'] );
+			$max_filesize = get_formatted_filesize($this->upload->max_filesize, false);
 	
 			$this->error[] = sprintf($user->lang[$this->upload->error_prefix . 'WRONG_FILESIZE'], $max_filesize, $size_lang);

@@ -427,6 +455,7 @@ class fileerror extends filespec
 class fileupload
 {
 	var $allowed_extensions = array();
+	var $disallowed_content = array();
 	var $max_filesize = 0;
 	var $min_width = 0;
 	var $min_height = 0;
@@ -446,12 +475,13 @@ class fileupload
 	* @param int $max_height Maximum image height (only checked for images)
 	*
 	*/
-	function fileupload($error_prefix = '', $allowed_extensions = false, $max_filesize = false, $min_width = false, $min_height = false, $max_width = false, $max_height = false)
+	function fileupload($error_prefix = '', $allowed_extensions = false, $max_filesize = false, $min_width = false, $min_height = false, $max_width = false, $max_height = false, $disallowed_content = false)
 	{
 		$this->set_allowed_extensions($allowed_extensions);
 		$this->set_max_filesize($max_filesize);
 		$this->set_allowed_dimensions($min_width, $min_height, $max_width, $max_height);
 		$this->set_error_prefix($error_prefix);
+		$this->set_disallowed_content($disallowed_content);
 	}

 	/**
@@ -463,6 +493,7 @@ class fileupload
 		$this->min_width = $this->min_height = $this->max_width = $this->max_height = 0;
 		$this->error_prefix = '';
 		$this->allowed_extensions = array();
+		$this->disallowed_content = array();
 	}

 	/**
@@ -497,6 +528,17 @@ class fileupload
 			$this->max_filesize = (int) $max_filesize;
 		}
 	}
+	
+	/**
+	* Set disallowed strings
+	*/
+	function set_disallowed_content($disallowed_content)
+	{
+		if ($disallowed_content !== false && is_array($disallowed_content))
+		{
+			$this->disallowed_content = $disallowed_content;
+		}
+	}

 	/**
 	* Set error prefix
@@ -741,7 +783,7 @@ class fileupload
 			return $file;
 		}

-		$tmp_path = (!@ini_get('safe_mode')) ? false : $phpbb_root_path . 'cache';
+		$tmp_path = (!@ini_get('safe_mode') || strtolower(@ini_get('safe_mode')) == 'off') ? false : $phpbb_root_path . 'cache';
 		$filename = tempnam($tmp_path, unique_id() . '-');

 		if (!($fp = @fopen($filename, 'wb')))
@@ -777,8 +819,8 @@ class fileupload
 			break;

 			case 2:
-				$size_lang = ($this->max_filesize >= 1048576) ? $user->lang['MB'] : (($this->max_filesize >= 1024) ? $user->lang['KB'] : $user->lang['BYTES'] );
-				$max_filesize = ($this->max_filesize >= 1048576) ? round($this->max_filesize / 1048576 * 100) / 100 : (($this->max_filesize >= 1024) ? round($this->max_filesize / 1024 * 100) / 100 : $this->max_filesize);
+				$size_lang = ($this->max_filesize >= 1048576) ? $user->lang['MIB'] : (($this->max_filesize >= 1024) ? $user->lang['KIB'] : $user->lang['BYTES']);
+				$max_filesize = get_formatted_filesize($this->max_filesize, false);

 				$error = sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize, $size_lang);
 			break;
@@ -813,8 +855,8 @@ class fileupload
 		// Filesize is too big or it's 0 if it was larger than the maxsize in the upload form
 		if ($this->max_filesize && ($file->get('filesize') > $this->max_filesize || $file->get('filesize') == 0))
 		{
-			$size_lang = ($this->max_filesize >= 1048576) ? $user->lang['MB'] : (($this->max_filesize >= 1024) ? $user->lang['KB'] : $user->lang['BYTES'] );
-			$max_filesize = ($this->max_filesize >= 1048576) ? round($this->max_filesize / 1048576 * 100) / 100 : (($this->max_filesize >= 1024) ? round($this->max_filesize / 1024 * 100) / 100 : $this->max_filesize);
+			$size_lang = ($this->max_filesize >= 1048576) ? $user->lang['MIB'] : (($this->max_filesize >= 1024) ? $user->lang['KIB'] : $user->lang['BYTES']);
+			$max_filesize = get_formatted_filesize($this->max_filesize, false);

 			$file->error[] = sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize, $size_lang);
 		}
@@ -830,6 +872,12 @@ class fileupload
 		{
 			$file->error[] = sprintf($user->lang[$this->error_prefix . 'DISALLOWED_EXTENSION'], $file->get('extension'));
 		}
+		
+		// MIME Sniffing
+		if (!$this->valid_content($file))
+		{
+			$file->error[] = sprintf($user->lang[$this->error_prefix . 'DISALLOWED_CONTENT']);
+		}
 	}

 	/**
@@ -869,6 +917,15 @@ class fileupload
 		return (isset($_FILES[$form_name]) && $_FILES[$form_name]['name'] != 'none') ? true : false;
 	}

+
+	/**
+	* Check for allowed extension
+	*/
+	function valid_content(&$file)
+	{
+		return ($file->check_content($this->disallowed_content));
+	}
+
 	/**
 	* Return image type/extension mapping
 	*/
--- a/phpBB/includes/functions_user.php
+++ b/phpBB/includes/functions_user.php
@@ -137,10 +137,17 @@ function user_update_name($old_name, $new_name)
 	{
 		set_config('newest_username', $new_name, true);
 	}
+
+	// Because some tables/caches use username-specific data we need to purge this here.
+	$cache->destroy('sql', MODERATOR_CACHE_TABLE);
 }

 /**
-* Add User
+* Adds an user
+*
+* @param mixed $user_row An array containing the following keys (and the appropriate values): username, group_id (the group to place the user in), user_email and the user_type(usually 0). Additional entries not overridden by defaults will be forwarded.
+* @param string $cp_data custom profile fields, see custom_profile::build_insert_sql_array
+* @return: the new user's ID.
 */
 function user_add($user_row, $cp_data = false)
 {
@@ -175,8 +182,7 @@ function user_add($user_row, $cp_data = false)
 		'user_timezone'		=> $config['board_timezone'],
 		'user_dateformat'	=> $config['default_dateformat'],
 		'user_lang'			=> $config['default_lang'],
-		'user_style'		=> $config['default_style'],
-		'user_allow_pm'		=> 1,
+		'user_style'		=> (int) $config['default_style'],
 		'user_actkey'		=> '',
 		'user_ip'			=> '',
 		'user_regdate'		=> time(),
@@ -216,7 +222,7 @@ function user_add($user_row, $cp_data = false)
 		'user_sig'					=> '',
 		'user_sig_bbcode_uid'		=> '',
 		'user_sig_bbcode_bitfield'	=> '',
-		
+
 		'user_form_salt'			=> unique_id(),
 	);

@@ -278,7 +284,7 @@ function user_add($user_row, $cp_data = false)

 		$sql = 'SELECT group_colour
 			FROM ' . GROUPS_TABLE . '
-			WHERE group_id = ' . $user_row['group_id'];
+			WHERE group_id = ' . (int) $user_row['group_id'];
 		$result = $db->sql_query_limit($sql, 1);
 		$row = $db->sql_fetchrow($result);
 		$db->sql_freeresult($result);
@@ -374,7 +380,7 @@ function user_delete($mode, $user_id, $post_username = false)
 	{
 		avatar_delete('user', $user_row);
 	}
-	
+
 	switch ($mode)
 	{
 		case 'retain':
@@ -479,7 +485,7 @@ function user_delete($mode, $user_id, $post_username = false)
 		break;
 	}

-	$table_ary = array(USERS_TABLE, USER_GROUP_TABLE, TOPICS_WATCH_TABLE, FORUMS_WATCH_TABLE, ACL_USERS_TABLE, TOPICS_TRACK_TABLE, TOPICS_POSTED_TABLE, FORUMS_TRACK_TABLE, PROFILE_FIELDS_DATA_TABLE, MODERATOR_CACHE_TABLE);
+	$table_ary = array(USERS_TABLE, USER_GROUP_TABLE, TOPICS_WATCH_TABLE, FORUMS_WATCH_TABLE, ACL_USERS_TABLE, TOPICS_TRACK_TABLE, TOPICS_POSTED_TABLE, FORUMS_TRACK_TABLE, PROFILE_FIELDS_DATA_TABLE, MODERATOR_CACHE_TABLE, DRAFTS_TABLE, BOOKMARKS_TABLE);

 	foreach ($table_ary as $table)
 	{
@@ -728,70 +734,65 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
 		case 'user':
 			$type = 'ban_userid';

-			if (in_array('*', $ban_list))
+			// At the moment we do not support wildcard username banning
+
+			// Select the relevant user_ids.
+			$sql_usernames = array();
+
+			foreach ($ban_list as $username)
 			{
-				// Ban all users (it's a good thing that you can exclude people)
-				$banlist_ary[] = '*';
+				$username = trim($username);
+				if ($username != '')
+				{
+					$clean_name = utf8_clean_string($username);
+					if ($clean_name == $user->data['username_clean'])
+					{
+						trigger_error('CANNOT_BAN_YOURSELF', E_USER_WARNING);
+					}
+					if (in_array($clean_name, $founder_names))
+					{
+						trigger_error('CANNOT_BAN_FOUNDER', E_USER_WARNING);
+					}
+					$sql_usernames[] = $clean_name;
+				}
+			}
+
+			// Make sure we have been given someone to ban
+			if (!sizeof($sql_usernames))
+			{
+				trigger_error('NO_USER_SPECIFIED');
+			}
+
+			$sql = 'SELECT user_id
+				FROM ' . USERS_TABLE . '
+				WHERE ' . $db->sql_in_set('username_clean', $sql_usernames);
+
+			// Do not allow banning yourself
+			if (sizeof($founder))
+			{
+				$sql .= ' AND ' . $db->sql_in_set('user_id', array_merge(array_keys($founder), array($user->data['user_id'])), true);
 			}
 			else
 			{
-				// Select the relevant user_ids.
-				$sql_usernames = array();
-
-				foreach ($ban_list as $username)
-				{
-					$username = trim($username);
-					if ($username != '')
-					{
-						$clean_name = utf8_clean_string($username);
-						if ($clean_name == $user->data['username_clean'])
-						{
-							trigger_error('CANNOT_BAN_YOURSELF', E_USER_WARNING);
-						}
-						if (in_array($clean_name, $founder_names))
-						{
-							trigger_error('CANNOT_BAN_FOUNDER', E_USER_WARNING);
-						}
-						$sql_usernames[] = $clean_name;
-					}
-				}
-
-				// Make sure we have been given someone to ban
-				if (!sizeof($sql_usernames))
-				{
-					trigger_error('NO_USER_SPECIFIED');
-				}
-
-				$sql = 'SELECT user_id
-					FROM ' . USERS_TABLE . '
-					WHERE ' . $db->sql_in_set('username_clean', $sql_usernames);
-
-				// Do not allow banning yourself
-				if (sizeof($founder))
-				{
-					$sql .= ' AND ' . $db->sql_in_set('user_id', array_merge(array_keys($founder), array($user->data['user_id'])), true);
-				}
-				else
-				{
-					$sql .= ' AND user_id <> ' . $user->data['user_id'];
-				}
-
-				$result = $db->sql_query($sql);
-
-				if ($row = $db->sql_fetchrow($result))
-				{
-					do
-					{
-						$banlist_ary[] = (int) $row['user_id'];
-					}
-					while ($row = $db->sql_fetchrow($result));
-				}
-				else
-				{
-					trigger_error('NO_USERS');
-				}
-				$db->sql_freeresult($result);
+				$sql .= ' AND user_id <> ' . $user->data['user_id'];
 			}
+
+			$result = $db->sql_query($sql);
+
+			if ($row = $db->sql_fetchrow($result))
+			{
+				do
+				{
+					$banlist_ary[] = (int) $row['user_id'];
+				}
+				while ($row = $db->sql_fetchrow($result));
+			}
+			else
+			{
+				$db->sql_freeresult($result);
+				trigger_error('NO_USERS');
+			}
+			$db->sql_freeresult($result);
 		break;

 		case 'ip':
@@ -982,7 +983,7 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
 				'ban_give_reason'	=> (string) $ban_give_reason,
 			);
 		}
-		
+
 		$db->sql_multi_insert(BANLIST_TABLE, $sql_ary);

 		// If we are banning we want to logout anyone matching the ban
@@ -991,7 +992,7 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
 			switch ($mode)
 			{
 				case 'user':
-					$sql_where = (in_array('*', $banlist_ary)) ? '' : 'WHERE ' . $db->sql_in_set('session_user_id', $banlist_ary);
+					$sql_where = 'WHERE ' . $db->sql_in_set('session_user_id', $banlist_ary);
 				break;

 				case 'ip':
@@ -1188,6 +1189,8 @@ function user_ipwhois($ip)
 */
 function validate_data($data, $val_ary)
 {
+	global $user;
+
 	$error = array();

 	foreach ($val_ary as $var => $val_seq)
@@ -1204,7 +1207,8 @@ function validate_data($data, $val_ary)

 			if ($result = call_user_func_array('validate_' . $function, $validate))
 			{
-				$error[] = $result . '_' . strtoupper($var);
+				// Since errors are checked later for their language file existence, we need to make sure custom errors are not adjusted.
+				$error[] = (empty($user->lang[$result . '_' . strtoupper($var)])) ? $result : $result . '_' . strtoupper($var);
 			}
 		}
 	}
@@ -1260,6 +1264,45 @@ function validate_num($num, $optional = false, $min = 0, $max = 1E99)
 	return false;
 }

+/**
+* Validate Date
+* @param String $string a date in the dd-mm-yyyy format
+* @return	boolean
+*/
+function validate_date($date_string, $optional = false)
+{
+	$date = explode('-', $date_string);
+	if ((empty($date) || sizeof($date) != 3) && $optional)
+	{
+		return false;
+	}
+	else if ($optional)
+	{
+		for ($field = 0; $field <= 1; $field++)
+		{
+			$date[$field] = (int) $date[$field];
+			if (empty($date[$field]))
+			{
+				$date[$field] = 1;
+			}
+		}
+		$date[2] = (int) $date[2];
+		// assume an arbitrary leap year
+		if (empty($date[2]))
+		{
+			$date[2] = 1980;
+		}
+	}
+
+	if (sizeof($date) != 3 || !checkdate($date[1], $date[0], $date[2]))
+	{
+		return 'INVALID';
+	}
+
+	return false;
+}
+
+
 /**
 * Validate Match
 *
@@ -1433,20 +1476,6 @@ function validate_username($username, $allowed_username = false)
 		}
 	}

-	$sql = 'SELECT word
-		FROM ' . WORDS_TABLE;
-	$result = $db->sql_query($sql);
-
-	while ($row = $db->sql_fetchrow($result))
-	{
-		if (preg_match('#(' . str_replace('\*', '.*?', preg_quote($row['word'], '#')) . ')#i', $username))
-		{
-			$db->sql_freeresult($result);
-			return 'USERNAME_DISALLOWED';
-		}
-	}
-	$db->sql_freeresult($result);
-
 	return false;
 }

@@ -1579,9 +1608,9 @@ function validate_email($email, $allowed_email = false)
 		}
 	}

-	if ($user->check_ban(false, false, $email, true) == true)
+	if (($ban_reason = $user->check_ban(false, false, $email, true)) !== false)
 	{
-		return 'EMAIL_BANNED';
+		return ($ban_reason === true) ? 'EMAIL_BANNED' : $ban_reason;
 	}

 	if (!$config['allow_emailreuse'])
@@ -1819,7 +1848,7 @@ function avatar_delete($mode, $row, $clean_db = false)
 			return false;
 		}
 	}
-	
+
 	if ($clean_db)
 	{
 		avatar_remove_db($row[$mode . '_avatar']);
@@ -1921,7 +1950,7 @@ function avatar_upload($data, &$error)

 	// Init upload class
 	include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx);
-	$upload = new fileupload('AVATAR_', array('jpg', 'jpeg', 'gif', 'png'), $config['avatar_filesize'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height']);
+	$upload = new fileupload('AVATAR_', array('jpg', 'jpeg', 'gif', 'png'), $config['avatar_filesize'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], explode('|', $config['mime_triggers']));

 	if (!empty($_FILES['uploadfile']['name']))
 	{
@@ -1931,7 +1960,7 @@ function avatar_upload($data, &$error)
 	{
 		$file = $upload->remote_upload($data['uploadurl']);
 	}
-	
+
 	$prefix = $config['avatar_salt'] . '_';
 	$file->clean_filename('avatar', $prefix, $data['user_id']);

@@ -1968,7 +1997,7 @@ function get_avatar_filename($avatar_entry)
 {
 	global $config;

-	
+
 	if ($avatar_entry[0] === 'g')
 	{
 		$avatar_group = true;
@@ -2014,7 +2043,7 @@ function avatar_gallery($category, $avatar_select, $items_per_column, $block_var
 			if ($file[0] != '.' && preg_match('#^[^&"\'<>]+$#i', $file) && is_dir("$path/$file"))
 			{
 				$avatar_row_count = $avatar_col_count = 0;
-	
+
 				if ($dp2 = @opendir("$path/$file"))
 				{
 					while (($sub_file = readdir($dp2)) !== false)
@@ -2094,7 +2123,7 @@ function avatar_gallery($category, $avatar_select, $items_per_column, $block_var
 function avatar_get_dimensions($avatar, $avatar_type, &$error, $current_x = 0, $current_y = 0)
 {
 	global $config, $phpbb_root_path, $user;
-	
+
 	switch ($avatar_type)
 	{
 		case AVATAR_REMOTE :
@@ -2103,7 +2132,7 @@ function avatar_get_dimensions($avatar, $avatar_type, &$error, $current_x = 0, $
 		case AVATAR_UPLOAD :
 			$avatar = $phpbb_root_path . $config['avatar_path'] . '/' . get_avatar_filename($avatar);
 			break;
-		
+
 		case AVATAR_GALLERY :
 			$avatar = $phpbb_root_path . $config['avatar_gallery_path'] . '/' . $avatar ;
 			break;
@@ -2121,7 +2150,7 @@ function avatar_get_dimensions($avatar, $avatar_type, &$error, $current_x = 0, $
 		$error[] = $user->lang['AVATAR_NO_SIZE'];
 		return false;
 	}
-	
+
 	// try to maintain ratio
 	if (!(empty($current_x) && empty($current_y)))
 	{
@@ -2220,7 +2249,7 @@ function avatar_process_user(&$error, $custom_userdata = false)
 	else if (!empty($userdata['user_avatar']))
 	{
 		// Only update the dimensions
-		
+
 		if (empty($data['width']) || empty($data['height']))
 		{
 			if ($dims = avatar_get_dimensions($userdata['user_avatar'], $userdata['user_avatar_type'], $error, $data['width'], $data['height']))
@@ -2326,13 +2355,13 @@ function group_create(&$group_id, $type, $name, $desc, $group_attributes, $allow
 	{
 		$error[] = (!utf8_strlen($name)) ? $user->lang['GROUP_ERR_USERNAME'] : $user->lang['GROUP_ERR_USER_LONG'];
 	}
-	
+
 	$err = group_validate_groupname($group_id, $name);
 	if (!empty($err))
 	{
 		$error[] = $user->lang[$err];
 	}
-	
+
 	if (!in_array($type, array(GROUP_OPEN, GROUP_CLOSED, GROUP_HIDDEN, GROUP_SPECIAL, GROUP_FREE)))
 	{
 		$error[] = $user->lang['GROUP_ERR_TYPE'];
@@ -2466,7 +2495,7 @@ function group_correct_avatar($group_id, $old_entry)
 	$old_filename 	= get_avatar_filename($old_entry);
 	$new_filename 	= $config['avatar_salt'] . "_g$group_id.$ext";
 	$new_entry 		= 'g' . $group_id . '_' . substr(time(), -5) . ".$ext";
-	
+
 	$avatar_path = $phpbb_root_path . $config['avatar_path'];
 	if (@rename($avatar_path . '/'. $old_filename, $avatar_path . '/' . $new_filename))
 	{
@@ -2484,7 +2513,7 @@ function group_correct_avatar($group_id, $old_entry)
 function avatar_remove_db($avatar_name)
 {
 	global $config, $db;
-	
+
 	$sql = 'UPDATE ' . USERS_TABLE . "
 		SET user_avatar = '',
 		user_avatar_type = 0
@@ -2814,7 +2843,7 @@ function remove_default_avatar($group_id, $user_ids)
 		return false;
 	}
 	$db->sql_freeresult($result);
-	
+
 	$sql = 'UPDATE ' . USERS_TABLE . "
 		SET user_avatar = '',
 			user_avatar_type = 0,
@@ -2823,7 +2852,7 @@ function remove_default_avatar($group_id, $user_ids)
 		WHERE group_id = " . (int) $group_id . "
 		AND user_avatar = '" . $db->sql_escape($row['group_avatar']) . "'
 		AND " . $db->sql_in_set('user_id', $user_ids);
-	
+
 	$db->sql_query($sql);
 }

@@ -2877,7 +2906,7 @@ function group_user_attributes($action, $group_id, $user_id_ary = false, $userna

 	if (!sizeof($user_id_ary) || $result !== false)
 	{
-		return false;
+		return 'NO_USERS';
 	}

 	if (!$group_name)
@@ -2889,9 +2918,23 @@ function group_user_attributes($action, $group_id, $user_id_ary = false, $userna
 	{
 		case 'demote':
 		case 'promote':
+
+			$sql = 'SELECT user_id FROM ' . USER_GROUP_TABLE . "
+				WHERE group_id = $group_id
+					AND user_pending = 1
+					AND " . $db->sql_in_set('user_id', $user_id_ary);
+			$result = $db->sql_query_limit($sql, 1);
+			$not_empty = ($db->sql_fetchrow($result));
+			$db->sql_freeresult($result);
+			if ($not_empty)
+			{
+				return 'NO_VALID_USERS';
+			}
+
 			$sql = 'UPDATE ' . USER_GROUP_TABLE . '
 				SET group_leader = ' . (($action == 'promote') ? 1 : 0) . "
 				WHERE group_id = $group_id
+					AND user_pending = 0
 					AND " . $db->sql_in_set('user_id', $user_id_ary);
 			$db->sql_query($sql);

@@ -2985,7 +3028,7 @@ function group_user_attributes($action, $group_id, $user_id_ary = false, $userna

 	group_update_listings($group_id);

-	return true;
+	return false;
 }

 /**
@@ -3025,7 +3068,7 @@ function group_validate_groupname($group_id, $group_name)
 	$result = $db->sql_query($sql);
 	$row = $db->sql_fetchrow($result);
 	$db->sql_freeresult($result);
-	
+
 	if ($row)
 	{
 		return 'GROUP_NAME_TAKEN';
@@ -3088,7 +3131,7 @@ function group_set_user_default($group_id, $user_id_ary, $group_attributes = fal
 	}

 	// Before we update the user attributes, we will make a list of those having now the group avatar assigned
-	if (in_array('user_avatar', array_keys($sql_ary)))
+	if (isset($sql_ary['user_avatar']))
 	{
 		// Ok, get the original avatar data from users having an uploaded one (we need to remove these from the filesystem)
 		$sql = 'SELECT user_id, group_id, user_avatar
@@ -3114,7 +3157,7 @@ function group_set_user_default($group_id, $user_id_ary, $group_attributes = fal
 		WHERE ' . $db->sql_in_set('user_id', $user_id_ary);
 	$db->sql_query($sql);

-	if (in_array('user_colour', array_keys($sql_ary)))
+	if (isset($sql_ary['user_colour']))
 	{
 		// Update any cached colour information for these users
 		$sql = 'UPDATE ' . FORUMS_TABLE . " SET forum_last_poster_colour = '" . $db->sql_escape($sql_ary['user_colour']) . "'
--- a/phpBB/includes/mcp/mcp_ban.php
+++ b/phpBB/includes/mcp/mcp_ban.php
@@ -151,7 +151,7 @@ class mcp_ban
 			'U_FIND_USERNAME'	=> append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&amp;form=mcp_ban&amp;field=ban'),
 		));

-		if ($mode != 'user')
+		if ($mode === 'email' && !$auth->acl_get('a_user'))
 		{
 			return;
 		}
@@ -159,15 +159,28 @@ class mcp_ban
 		// As a "service" we will check if any post id is specified and populate the username of the poster id if given
 		$post_id = request_var('p', 0);
 		$user_id = request_var('u', 0);
-		$username = false;
+		$username = $pre_fill = false;

 		if ($user_id && $user_id <> ANONYMOUS)
 		{
-			$sql = 'SELECT username
+			$sql = 'SELECT username, user_email, user_ip
 				FROM ' . USERS_TABLE . '
 				WHERE user_id = ' . $user_id;
 			$result = $db->sql_query($sql);
-			$username = (string) $db->sql_fetchfield('username');
+			switch ($mode)
+			{
+				case 'user':
+					$pre_fill = (string) $db->sql_fetchfield('username');
+				break;
+				
+				case 'ip':
+					$pre_fill = (string) $db->sql_fetchfield('user_ip');
+				break;
+
+				case 'email':
+					$pre_fill = (string) $db->sql_fetchfield('user_email');
+				break;
+			}
 			$db->sql_freeresult($result);
 		}
 		else if ($post_id)
@@ -176,13 +189,29 @@ class mcp_ban

 			if (sizeof($post_info) && !empty($post_info[$post_id]))
 			{
-				$username = $post_info[$post_id]['username'];
+				switch ($mode)
+				{
+					case 'user':
+						$pre_fill = $post_info[$post_id]['username'];
+					break;
+
+					case 'ip':
+						$pre_fill = $post_info[$post_id]['poster_ip'];
+					break;
+
+					case 'email':
+						$pre_fill = $post_info[$post_id]['user_email'];
+					break;
+				}
+
 			}
 		}

-		if ($username)
+		if ($pre_fill)
 		{
-			$template->assign_var('USERNAMES', $username);
+			// left for legacy template compatibility
+			$template->assign_var('USERNAMES', $pre_fill);
+			$template->assign_var('BAN_QUANTIFIER', $pre_fill);
 		}
 	}
 }
--- a/Show More
+++ b/Show More