Tag 3.0.4

git-svn-id: file:///svn/phpbb/tags/release_3_0_4@9188 89ea8834-ac86-4346-8a33-228a782c2dd0

phpBB/adm/index.php

@@ -45,7 +45,7 @@ define('IN_ADMIN', true);
 $phpbb_admin_path = (defined('PHPBB_ADMIN_PATH')) ? PHPBB_ADMIN_PATH : './';
 
 // Some oft used variables
-$safe_mode		= (@ini_get('safe_mode') == '1' || @strtolower(ini_get('safe_mode')) === 'on') ? true : false;
+$safe_mode		= (@ini_get('safe_mode') == '1' || strtolower(@ini_get('safe_mode')) === 'on') ? true : false;
 $file_uploads	= (@ini_get('file_uploads') == '1' || strtolower(@ini_get('file_uploads')) === 'on') ? true : false;
 $module_id		= request_var('i', '');
 $mode			= request_var('mode', '');
@@ -116,6 +116,7 @@ function adm_page_header($page_title)
 		'ROOT_PATH'				=> $phpbb_admin_path,
 
 		'U_LOGOUT'				=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=logout'),
+		'U_ADM_LOGOUT'			=> append_sid("{$phpbb_admin_path}index.$phpEx", 'action=admlogout'),
 		'U_ADM_INDEX'			=> append_sid("{$phpbb_admin_path}index.$phpEx"),
 		'U_INDEX'				=> append_sid("{$phpbb_root_path}index.$phpEx"),
 

phpBB/adm/style/acp_ban.html

@@ -97,11 +97,11 @@
 	</dl>
 	<dl>
 		<dt><label for="unbanreason">{L_BAN_REASON}:</label></dt>
-		<dd><input style="border: 0;" type="text" class="text full" disabled="disabled" name="unbanreason" id="unbanreason" /></dd>
+		<dd><textarea style="border: 0;" class="text full" disabled="disabled" name="unbanreason" id="unbanreason" rows="5" cols="80">&nbsp;</textarea></dd>
 	</dl>
 	<dl>
 		<dt><label for="unbangivereason">{L_BAN_GIVE_REASON}:</label></dt>
-		<dd><input style="border: 0;" type="text" class="text full" disabled="disabled" name="unbangivereason" id="unbangivereason" /></dd>
+		<dd><textarea style="border: 0;" class="text full" disabled="disabled" name="unbangivereason" id="unbangivereason" rows="5" cols="80">&nbsp;</textarea></dd>
 	</dl>
 
 	<p class="submit-buttons">

phpBB/adm/style/acp_forums.html

@@ -96,7 +96,7 @@
 
 	<a href="{U_BACK}" style="float: {S_CONTENT_FLOW_END};">&laquo; {L_BACK}</a>
 
-	<h1>{L_TITLE} :: {FORUM_NAME}</h1>
+	<h1>{L_TITLE} <!-- IF FORUM_NAME -->:: {FORUM_NAME}<!-- ENDIF --></h1>
 
 	<p>{L_FORUM_EDIT_EXPLAIN}</p>
 

phpBB/adm/style/acp_groups.html

@@ -74,6 +74,10 @@
 		<dt><label for="group_message_limit">{L_GROUP_MESSAGE_LIMIT}:</label><br /><span>{L_GROUP_MESSAGE_LIMIT_EXPLAIN}</span></dt>
 		<dd><input name="group_message_limit" type="text" id="group_message_limit" maxlength="4" size="4" value="{GROUP_MESSAGE_LIMIT}" /></dd>
 	</dl>
+	<dl>
+		<dt><label for="group_max_recipients">{L_GROUP_MAX_RECIPIENTS}:</label><br /><span>{L_GROUP_MAX_RECIPIENTS_EXPLAIN}</span></dt>
+		<dd><input name="group_max_recipients" type="text" id="group_max_recipients" maxlength="10" size="4" value="{GROUP_MAX_RECIPIENTS}" /></dd>
+	</dl>
 	<dl>
 		<dt><label for="group_colour">{L_GROUP_COLOR}:</label><br /><span>{L_GROUP_COLOR_EXPLAIN}</span></dt>
 		<dd><input name="group_colour" type="text" id="group_colour" value="{GROUP_COLOUR}" size="6" maxlength="6" />&nbsp;&nbsp;<span>[ <a href="{U_SWATCH}" onclick="popup(this.href, 636, 150, '_swatch'); return false">{L_COLOUR_SWATCH}</a> ]</span></dd>

phpBB/adm/style/acp_main.html

@@ -21,6 +21,12 @@
 		</div>
 	<!-- ENDIF -->
 
+	<!-- IF S_WRITABLE_CONFIG -->
+		<div class="errorbox notice">
+			<p>{L_WRITABLE_CONFIG}</p>
+		</div>
+	<!-- ENDIF -->
+
 	<table cellspacing="1">
 		<caption>{L_FORUM_STATS}</caption>
 		<col class="col1" /><col class="col2" /><col class="col1" /><col class="col2" />

phpBB/adm/style/acp_profile.html

@@ -48,20 +48,20 @@
 		<fieldset>
 			<legend>{L_VISIBILITY_OPTION}</legend>
 		<dl>
-			<dt><label for="field_option_none">{L_DISPLAY_AT_PROFILE}:</label><br /><span>{L_DISPLAY_AT_PROFILE_EXPLAIN}</span></dt>
-			<dd><input type="radio" class="radio" id="field_option_none" name="field_option" value="none"<!-- IF not S_SHOW_ON_REG and not S_FIELD_REQUIRED and not S_FIELD_HIDE --> checked="checked"<!-- ENDIF --> /></dd>
+			<dt><label for="field_show_profile">{L_DISPLAY_AT_PROFILE}:</label><br /><span>{L_DISPLAY_AT_PROFILE_EXPLAIN}</span></dt>
+			<dd><input type="checkbox" class="radio" id="field_show_profile" name="field_show_profile" value="1"<!-- IF S_SHOW_PROFILE --> checked="checked"<!-- ENDIF --> /></dd>
 		</dl>
 		<dl>
 			<dt><label for="field_show_on_reg">{L_DISPLAY_AT_REGISTER}:</label><br /><span>{L_DISPLAY_AT_REGISTER_EXPLAIN}</span></dt>
-			<dd><input type="radio" class="radio" id="field_show_on_reg" name="field_option" value="field_show_on_reg"<!-- IF S_SHOW_ON_REG --> checked="checked"<!-- ENDIF --> /></dd>
+			<dd><input type="checkbox" class="radio" id="field_show_on_reg" name="field_show_on_reg" value="1"<!-- IF S_SHOW_ON_REG --> checked="checked"<!-- ENDIF --> /></dd>
 		</dl>
 		<dl>
 			<dt><label for="field_required">{L_REQUIRED_FIELD}:</label><br /><span>{L_REQUIRED_FIELD_EXPLAIN}</span></dt>
-			<dd><input type="radio" class="radio" id="field_required" name="field_option" value="field_required"<!-- IF S_FIELD_REQUIRED --> checked="checked"<!-- ENDIF --> /></dd>
+			<dd><input type="checkbox" class="radio" id="field_required" name="field_required" value="1"<!-- IF S_FIELD_REQUIRED --> checked="checked"<!-- ENDIF --> /></dd>
 		</dl>
 		<dl>
 			<dt><label for="field_hide">{L_HIDE_PROFILE_FIELD}:</label><br /><span>{L_HIDE_PROFILE_FIELD_EXPLAIN}</span></dt>
-			<dd><input type="radio" class="radio" id="field_hide" name="field_option" value="field_hide"<!-- IF S_FIELD_HIDE --> checked="checked"<!-- ENDIF --> /></dd>
+			<dd><input type="checkbox" class="radio" id="field_hide" name="field_hide" value="1"<!-- IF S_FIELD_HIDE --> checked="checked"<!-- ENDIF --> /></dd>
 		</dl>
 		</fieldset>
 

phpBB/adm/style/acp_styles.html

@@ -261,11 +261,11 @@
 <!-- ELSEIF S_CACHE -->
 
 	<a href="{U_BACK}" style="float: {S_CONTENT_FLOW_END};">&laquo; {L_BACK}</a>
-	
+
 	<h1>{L_TEMPLATE_CACHE}</h1>
-	
+
 	<p>{L_TEMPLATE_CACHE_EXPLAIN}</p>
-	
+
 	<form name="acp_styles" method="post" action="{U_ACTION}">
 	<fieldset class="tabulated">
 	<legend>{L_TEMPLATE_CACHE}</legend>
@@ -283,7 +283,7 @@
 	<tbody>
 	<!-- BEGIN file -->
 		<!-- IF file.S_ROW_COUNT is even --><tr class="row1"><!-- ELSE --><tr class="row2"><!-- ENDIF -->
-			<td><a href="{file.U_VIEWSOURCE}" onclick="popup(this.href, 750, 550, '_source'); return false;">{file.FILENAME}</a></td>
+			<td><a href="{file.U_VIEWSOURCE}" onclick="popup(this.href, 750, 550, '_source'); return false;">{file.FILENAME_PATH}</a></td>
 			<td>{file.FILESIZE}</td>
 			<td>{file.CACHED}</td>
 			<td>{file.MODIFIED}</td>
@@ -361,7 +361,7 @@
 	</p>
 	</fieldset>
 
-	
+
 	</form>
 
 <!-- ELSEIF S_FRONTEND -->
@@ -461,6 +461,12 @@
 		<dt><label for="copyright">{L_COPYRIGHT}:</label></dt>
 		<dd><!-- IF S_INSTALL --><b id="copyright">{COPYRIGHT}</b><!-- ELSE --><input type="text" id="copyright" name="copyright" value="{COPYRIGHT}" /><!-- ENDIF --></dd>
 	</dl>
+	<!-- IF S_SUPERTEMPLATE -->
+	<dl>
+		<dt><label for="inheriting">{L_INHERITING_FROM}:</label></dt>
+		<dd><b id="inheriting">{S_SUPERTEMPLATE}</b></dd>
+	</dl>
+	<!-- ENDIF -->
 	<!-- IF S_STYLE and not S_BASIS -->
 		<dl>
 			<dt><label for="template_id">{L_STYLE_TEMPLATE}:</label></dt>
@@ -475,11 +481,11 @@
 			<dd><!-- IF S_INSTALL --><b id="imageset_id">{IMAGESET_NAME}</b><!-- ELSE --><select id="imageset_id" name="imageset_id">{S_IMAGESET_OPTIONS}</select><!-- ENDIF --></dd>
 		</dl>
 	<!-- ENDIF -->
-	<!-- IF S_TEMPLATE or S_THEME -->
+	<!-- IF (S_TEMPLATE or S_THEME) and (S_LOCATION or not S_INSTALL) -->
 		<dl>
-			<dt><label for="store_db">{L_LOCATION}:</label><br /><span>{L_LOCATION_EXPLAIN}</span></dt>
-			<dd><label><input type="radio" class="radio" name="store_db" value="0"<!-- IF not S_STORE_DB --> id="store_db" checked="checked"<!-- ENDIF --> /> {L_STORE_FILESYSTEM}</label>
-				<label><input type="radio" class="radio" name="store_db" value="1"<!-- IF S_STORE_DB --> id="store_db" checked="checked"<!-- ENDIF --> /> {L_STORE_DATABASE}</label></dd>
+			<dt><label for="store_db">{L_LOCATION}:</label><br /><span><!-- IF S_STORE_DB_DISABLED -->{L_LOCATION_DISABLED_EXPLAIN}<!-- ELSE -->{L_LOCATION_EXPLAIN}<!-- ENDIF --></span></dt>
+			<dd><label><input type="radio" class="radio" name="store_db" value="0"<!-- IF not S_STORE_DB --> id="store_db" checked="checked"<!-- ENDIF --> <!-- IF S_STORE_DB_DISABLED -->disabled="disabled" <!-- ENDIF --> />{L_STORE_FILESYSTEM}</label>
+				<label><input type="radio" class="radio" name="store_db" value="1"<!-- IF S_STORE_DB --> id="store_db" checked="checked"<!-- ENDIF --> <!-- IF S_STORE_DB_DISABLED -->disabled="disabled" <!-- ENDIF -->/> {L_STORE_DATABASE}</label></dd>
 		</dl>
 	<!-- ENDIF -->
 	<!-- IF S_STYLE -->
@@ -507,7 +513,7 @@
 		<input class="button1" type="submit" name="update" value="{L_SUBMIT}" />
 		{S_FORM_TOKEN}
 	</fieldset>
-	
+
 	</form>
 
 <!-- ENDIF -->

phpBB/adm/style/acp_users.html

@@ -197,7 +197,7 @@
 		<a href="#" onclick="jumpto(); return false;" title="{L_JUMP_TO_PAGE}">{S_ON_PAGE}</a> &bull; <span>{PAGINATION}</span>
 	</div>
 	<!-- ENDIF -->
-	
+
 	<fieldset class="quick">
 		<input class="button2" type="submit" name="delmarked" value="{L_DELETE_MARKED}" />
 		<p class="small"><a href="#" onclick="marklist('user_attachments', 'mark', true);">{L_MARK_ALL}</a> &bull; <a href="#" onclick="marklist('user_attachments', 'mark', false);">{L_UNMARK_ALL}</a></p>
@@ -215,7 +215,7 @@
 	<form id="select_forum" method="post" action="{U_ACTION}">
 
 		<fieldset class="quick" style="text-align: left;">
-			{L_SELECT_FORUM}: <select name="f">{S_FORUM_OPTIONS}</select> 
+			{L_SELECT_FORUM}: <select name="f">{S_FORUM_OPTIONS}</select>
 			<input class="button2" type="submit" value="{L_GO}" name="select" />
 			{S_FORM_TOKEN}
 		</fieldset>

phpBB/adm/style/acp_users_overview.html

@@ -30,7 +30,7 @@
 </dl>
 <dl>
 	<dt><label>{L_POSTS}:</label></dt>
-	<dd><strong>{USER_POSTS}</strong></dd>
+	<dd><strong>{USER_POSTS}</strong><!-- IF POSTS_IN_QUEUE and U_MCP_QUEUE --> (<a href="{U_MCP_QUEUE}">{L_POSTS_IN_QUEUE}</a>)<!-- ELSEIF POSTS_IN_QUEUE --> ({L_POSTS_IN_QUEUE})<!-- ENDIF --></dd>
 </dl>
 <dl>
 	<dt><label>{L_WARNINGS}:</label></dt>
@@ -138,7 +138,7 @@
 	</p>
 
 	</fieldset>
-	
+
 	</form>
 
 <!-- ENDIF -->

phpBB/adm/style/admin.css

@@ -1175,6 +1175,10 @@ input.disabled {
 	font-weight: bold;
 }
 
+.notice {
+	background-color: #62A5CC;
+}
+
 /* Special cases for the error page */
 #errorpage #page-header a {
 	font-weight: bold;
@@ -1333,18 +1337,21 @@ fieldset.permissions .permissions-switch {
 fieldset.permissions .padding {
 }
 
+.permissions-switch {
+	margin-top: -6px;
+	font-size: .9em;
+}
+
 .permissions-switch a {
 	text-decoration: underline;
-	font-size: 0.90em;
 }
 
 .permissions-reset {
-	margin-top: -6px;
 	padding-bottom: 10px;
 }
 
 .permissions-reset a {
-	font-size: .8em;
+	font-size: .85em;
 }
 
 /* Tabbed menu */

phpBB/adm/style/install_update.html

@@ -63,7 +63,7 @@
 	<p>{L_UPDATE_SUCCESS_EXPLAIN}</p>
 
 	<fieldset class="submit-buttons">
-		<input class="button1" type="submit" name="check_again" value="{L_CHECK_FILES_AGAIN}" />
+		<input class="button1" type="submit" name="check_again" value="{L_CONTINUE_UPDATE}" />
 	</fieldset>
 
 	</form>
@@ -186,7 +186,7 @@
 				<p>{L_NO_UPDATE_FILES_EXPLAIN}</p><br />
 
 				<strong>{NO_UPDATE_FILES}</strong>
-				
+
 			</div>
 		<!-- ENDIF -->
 
@@ -226,7 +226,7 @@
 							<!-- IF files.S_CUSTOM -->
 								<dd style="margin-left: 60%;"><label><input type="checkbox" name="no_update[]" value="{files.FILENAME}" class="radio" /> {L_DO_NOT_UPDATE}</label></dd>
 							<!-- ENDIF -->
-							
+
 							<!-- IF files.STATUS eq 'modified' -->
 							</dl>
 							<dl>
@@ -295,7 +295,7 @@
 		<p>{L_UPDATE_METHOD_EXPLAIN}</p>
 
 		<fieldset class="submit-buttons">
-			<input class="button1" type="submit" name="ftp_upload" value="{L_FTP_UPDATE_METHOD}" />&nbsp; &nbsp;<input class="button1" type="submit" name="download" value="{L_DOWNLOAD_UPDATE_METHOD}" />
+			<input class="button1" type="submit" name="ftp_upload" value="{L_FTP_UPDATE_METHOD}" />&nbsp; &nbsp;<input class="button1" type="submit" name="download" value="{L_DOWNLOAD_UPDATE_METHOD_BUTTON}" />
 		</fieldset>
 
 		</form>
@@ -360,9 +360,18 @@
 			<p>{L_CONNECTION_SUCCESS}</p>
 		</div>
 	<!-- ELSEIF S_CONNECTION_FAILED -->
+		<div class="successbox">
+			<p>{L_TRY_DOWNLOAD_METHOD}</p>
+
+			<fieldset class="quick">
+				<input class="button1" type="submit" name="download" value="{L_TRY_DOWNLOAD_METHOD_BUTTON}" />
+			</fieldset>
+		</div>
+
 		<div class="errorbox">
 			<p>{L_CONNECTION_FAILED}<br />{ERROR_MSG}</p>
 		</div>
+
 	<!-- ENDIF -->
 
 	<fieldset>
@@ -378,7 +387,7 @@
 	</dl>
 	<!-- END data -->
 	</fieldset>
-	
+
 	<fieldset class="submit-buttons">
 		{S_HIDDEN_FIELDS}
 		<input class="button2" type="submit" name="check_again" value="{L_BACK}" />

phpBB/adm/style/overall_header.html

@@ -181,11 +181,11 @@ function switch_menu()
 			<span class="corners-top"><span></span></span>
 				<div id="content">
 					<!-- IF not S_USER_NOTICE --> 
-					<div id="toggle">						
+					<div id="toggle">
 						<a id="toggle-handle" accesskey="m" title="{L_MENU_TOGGLE}" onclick="switch_menu(); return false;" href="#"></a></div>
 					<!-- ENDIF -->
 					<div id="menu">
-						<p>{L_LOGGED_IN_AS}<br /><strong>{USERNAME}</strong> [&nbsp;<a href="{U_LOGOUT}">{L_LOGOUT}</a>&nbsp;]</p>
+						<p>{L_LOGGED_IN_AS}<br /><strong>{USERNAME}</strong> [&nbsp;<a href="{U_LOGOUT}">{L_LOGOUT}</a>&nbsp;][&nbsp;<a href="{U_ADM_LOGOUT}">{L_ADM_LOGOUT}</a>&nbsp;]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</p>
 						<ul>
 						<!-- BEGIN l_block1 -->
 							<!-- IF l_block1.S_SELECTED -->

phpBB/adm/style/permission_mask.html

@@ -68,7 +68,7 @@
 		<!-- ELSE -->
 			<li class="permissions-preset-custom<!-- IF p_mask.S_FIRST_ROW and p_mask.f_mask.S_FIRST_ROW and p_mask.f_mask.category.S_FIRST_ROW --> activetab<!-- ENDIF -->" id="tab{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}{p_mask.f_mask.category.S_ROW_COUNT}">
 		<!-- ENDIF -->
-		<a href="#" onclick="swap_options('{p_mask.S_ROW_COUNT}', '{p_mask.f_mask.S_ROW_COUNT}', '{p_mask.f_mask.category.S_ROW_COUNT}', false<!-- IF p_mask.S_VIEW -->, true<!-- ENDIF -->); return false;"><span class="tabbg"><span class="colour"></span>{category.CAT_NAME}</span></a></li>
+		<a href="#" onclick="swap_options('{p_mask.S_ROW_COUNT}', '{p_mask.f_mask.S_ROW_COUNT}', '{p_mask.f_mask.category.S_ROW_COUNT}', false<!-- IF p_mask.S_VIEW -->, true<!-- ENDIF -->); return false;"><span class="tabbg"><span class="colour"></span>{p_mask.f_mask.category.CAT_NAME}</span></a></li>
 	<!-- END category -->
 				</ul>
 			</div>

phpBB/common.php

@@ -103,7 +103,7 @@ if (version_compare(PHP_VERSION, '6.0.0-dev', '>='))
 }
 else
 {
-	set_magic_quotes_runtime(0);
+	@set_magic_quotes_runtime(0);
 
 	// Be paranoid with passed vars
 	if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on' || !function_exists('ini_get'))

phpBB/develop/create_schema_files.php

@@ -674,7 +674,7 @@ foreach ($supported_dbms as $dbms)
 						}
 
 						$line .= ($key_data[0] == 'INDEX') ? 'CREATE INDEX' : '';
-						
+
 						$line .= " {$table_name}_{$key_name} ON {$table_name} (" . implode(', ', $key_data[1]) . ")\n";
 						$line .= "/\n";
 					break;
@@ -1005,7 +1005,7 @@ function get_schema_struct()
 			'topic_id'			=> array('UINT', 0),
 			'forum_id'			=> array('UINT', 0),
 			'save_time'			=> array('TIMESTAMP', 0),
-			'draft_subject'		=> array('XSTEXT_UNI', ''),
+			'draft_subject'		=> array('STEXT_UNI', ''),
 			'draft_message'		=> array('MTEXT_UNI', ''),
 		),
 		'PRIMARY_KEY'	=> 'draft_id',
@@ -1052,7 +1052,7 @@ function get_schema_struct()
 			'forum_desc_uid'		=> array('VCHAR:8', ''),
 			'forum_link'			=> array('VCHAR_UNI', ''),
 			'forum_password'		=> array('VCHAR_UNI:40', ''),
-			'forum_style'			=> array('USINT', 0),
+			'forum_style'			=> array('UINT', 0),
 			'forum_image'			=> array('VCHAR', ''),
 			'forum_rules'			=> array('TEXT_UNI', ''),
 			'forum_rules_link'		=> array('VCHAR_UNI', ''),
@@ -1067,7 +1067,7 @@ function get_schema_struct()
 			'forum_topics_real'		=> array('UINT', 0),
 			'forum_last_post_id'	=> array('UINT', 0),
 			'forum_last_poster_id'	=> array('UINT', 0),
-			'forum_last_post_subject' => array('XSTEXT_UNI', ''),
+			'forum_last_post_subject' => array('STEXT_UNI', ''),
 			'forum_last_post_time'	=> array('TIMESTAMP', 0),
 			'forum_last_poster_name'=> array('VCHAR_UNI', ''),
 			'forum_last_poster_colour'=> array('VCHAR:6', ''),
@@ -1140,6 +1140,7 @@ function get_schema_struct()
 			'group_sig_chars'		=> array('UINT', 0),
 			'group_receive_pm'		=> array('BOOL', 0),
 			'group_message_limit'	=> array('UINT', 0),
+			'group_max_recipients'	=> array('UINT', 0),
 			'group_legend'			=> array('BOOL', 1),
 		),
 		'PRIMARY_KEY'	=> 'group_id',
@@ -1281,7 +1282,7 @@ function get_schema_struct()
 			'enable_magic_url'		=> array('BOOL', 1),
 			'enable_sig'			=> array('BOOL', 1),
 			'post_username'			=> array('VCHAR_UNI:255', ''),
-			'post_subject'			=> array('XSTEXT_UNI', '', 'true_sort'),
+			'post_subject'			=> array('STEXT_UNI', '', 'true_sort'),
 			'post_text'				=> array('MTEXT_UNI', ''),
 			'post_checksum'			=> array('VCHAR:32', ''),
 			'post_attachment'		=> array('BOOL', 0),
@@ -1317,7 +1318,7 @@ function get_schema_struct()
 			'enable_smilies'		=> array('BOOL', 1),
 			'enable_magic_url'		=> array('BOOL', 1),
 			'enable_sig'			=> array('BOOL', 1),
-			'message_subject'		=> array('XSTEXT_UNI', ''),
+			'message_subject'		=> array('STEXT_UNI', ''),
 			'message_text'			=> array('MTEXT_UNI', ''),
 			'message_edit_reason'	=> array('STEXT_UNI', ''),
 			'message_edit_user'		=> array('UINT', 0),
@@ -1403,6 +1404,7 @@ function get_schema_struct()
 			'field_validation'		=> array('VCHAR_UNI:20', ''),
 			'field_required'		=> array('BOOL', 0),
 			'field_show_on_reg'		=> array('BOOL', 0),
+			'field_show_profile'	=> array('BOOL', 0),
 			'field_hide'			=> array('BOOL', 0),
 			'field_no_view'			=> array('BOOL', 0),
 			'field_active'			=> array('BOOL', 0),
@@ -1536,7 +1538,7 @@ function get_schema_struct()
 		'KEYS'			=> array(
 			'session_time'		=> array('INDEX', 'session_time'),
 			'session_user_id'	=> array('INDEX', 'session_user_id'),
-			'session_forum_id'	=> array('INDEX', 'session_forum_id'),
+			'session_fid'		=> array('INDEX', 'session_forum_id'),
 		),
 	);
 
@@ -1583,13 +1585,13 @@ function get_schema_struct()
 
 	$schema_data['phpbb_styles'] = array(
 		'COLUMNS'		=> array(
-			'style_id'				=> array('USINT', NULL, 'auto_increment'),
+			'style_id'				=> array('UINT', NULL, 'auto_increment'),
 			'style_name'			=> array('VCHAR_UNI:255', ''),
 			'style_copyright'		=> array('VCHAR_UNI', ''),
 			'style_active'			=> array('BOOL', 1),
-			'template_id'			=> array('USINT', 0),
-			'theme_id'				=> array('USINT', 0),
-			'imageset_id'			=> array('USINT', 0),
+			'template_id'			=> array('UINT', 0),
+			'theme_id'				=> array('UINT', 0),
+			'imageset_id'			=> array('UINT', 0),
 		),
 		'PRIMARY_KEY'	=> 'style_id',
 		'KEYS'			=> array(
@@ -1602,12 +1604,14 @@ function get_schema_struct()
 
 	$schema_data['phpbb_styles_template'] = array(
 		'COLUMNS'		=> array(
-			'template_id'			=> array('USINT', NULL, 'auto_increment'),
+			'template_id'			=> array('UINT', NULL, 'auto_increment'),
 			'template_name'			=> array('VCHAR_UNI:255', ''),
 			'template_copyright'	=> array('VCHAR_UNI', ''),
 			'template_path'			=> array('VCHAR:100', ''),
 			'bbcode_bitfield'		=> array('VCHAR:255', 'kNg='),
 			'template_storedb'		=> array('BOOL', 0),
+			'template_inherits_id'		=> array('UINT:4', 0),
+			'template_inherit_path'		=> array('VCHAR', ''),
 		),
 		'PRIMARY_KEY'	=> 'template_id',
 		'KEYS'			=> array(
@@ -1617,7 +1621,7 @@ function get_schema_struct()
 
 	$schema_data['phpbb_styles_template_data'] = array(
 		'COLUMNS'		=> array(
-			'template_id'			=> array('USINT', 0),
+			'template_id'			=> array('UINT', 0),
 			'template_filename'		=> array('VCHAR:100', ''),
 			'template_included'		=> array('TEXT', ''),
 			'template_mtime'		=> array('TIMESTAMP', 0),
@@ -1631,7 +1635,7 @@ function get_schema_struct()
 
 	$schema_data['phpbb_styles_theme'] = array(
 		'COLUMNS'		=> array(
-			'theme_id'				=> array('USINT', NULL, 'auto_increment'),
+			'theme_id'				=> array('UINT', NULL, 'auto_increment'),
 			'theme_name'			=> array('VCHAR_UNI:255', ''),
 			'theme_copyright'		=> array('VCHAR_UNI', ''),
 			'theme_path'			=> array('VCHAR:100', ''),
@@ -1647,7 +1651,7 @@ function get_schema_struct()
 
 	$schema_data['phpbb_styles_imageset'] = array(
 		'COLUMNS'		=> array(
-			'imageset_id'				=> array('USINT', NULL, 'auto_increment'),
+			'imageset_id'				=> array('UINT', NULL, 'auto_increment'),
 			'imageset_name'				=> array('VCHAR_UNI:255', ''),
 			'imageset_copyright'		=> array('VCHAR_UNI', ''),
 			'imageset_path'				=> array('VCHAR:100', ''),
@@ -1660,13 +1664,13 @@ function get_schema_struct()
 
 	$schema_data['phpbb_styles_imageset_data'] = array(
 		'COLUMNS'		=> array(
-			'image_id'				=> array('USINT', NULL, 'auto_increment'),
+			'image_id'				=> array('UINT', NULL, 'auto_increment'),
 			'image_name'			=> array('VCHAR:200', ''),
 			'image_filename'		=> array('VCHAR:200', ''),
 			'image_lang'			=> array('VCHAR:30', ''),
 			'image_height'			=> array('USINT', 0),
 			'image_width'			=> array('USINT', 0),
-			'imageset_id'			=> array('USINT', 0),
+			'imageset_id'			=> array('UINT', 0),
 		),
 		'PRIMARY_KEY'		=> 'image_id',
 		'KEYS'				=> array(
@@ -1682,7 +1686,7 @@ function get_schema_struct()
 			'topic_attachment'			=> array('BOOL', 0),
 			'topic_approved'			=> array('BOOL', 1),
 			'topic_reported'			=> array('BOOL', 0),
-			'topic_title'				=> array('XSTEXT_UNI', '', 'true_sort'),
+			'topic_title'				=> array('STEXT_UNI', '', 'true_sort'),
 			'topic_poster'				=> array('UINT', 0),
 			'topic_time'				=> array('TIMESTAMP', 0),
 			'topic_time_limit'			=> array('TIMESTAMP', 0),
@@ -1698,7 +1702,7 @@ function get_schema_struct()
 			'topic_last_poster_id'		=> array('UINT', 0),
 			'topic_last_poster_name'	=> array('VCHAR_UNI', ''),
 			'topic_last_poster_colour'	=> array('VCHAR:6', ''),
-			'topic_last_post_subject'	=> array('XSTEXT_UNI', ''),
+			'topic_last_post_subject'	=> array('STEXT_UNI', ''),
 			'topic_last_post_time'		=> array('TIMESTAMP', 0),
 			'topic_last_view_time'		=> array('TIMESTAMP', 0),
 			'topic_moved_id'			=> array('UINT', 0),
@@ -1804,7 +1808,7 @@ function get_schema_struct()
 			'user_timezone'				=> array('DECIMAL', 0),
 			'user_dst'					=> array('BOOL', 0),
 			'user_dateformat'			=> array('VCHAR_UNI:30', 'd M Y H:i'),
-			'user_style'				=> array('USINT', 0),
+			'user_style'				=> array('UINT', 0),
 			'user_rank'					=> array('UINT', 0),
 			'user_colour'				=> array('VCHAR:6', ''),
 			'user_new_privmsg'			=> array('INT:4', 0),

phpBB/develop/mysql_upgrader.php

@@ -1,10 +1,10 @@
 <?php
-/** 
+/**
 *
 * @package phpBB3
 * @version $Id$
-* @copyright (c) 2006 phpBB Group 
-* @license http://opensource.org/licenses/gpl-license.php GNU Public License 
+* @copyright (c) 2006 phpBB Group
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License
 *
 * This file creates SQL statements to upgrade phpBB on MySQL 3.x/4.0.x to 4.1.x/5.x
 *
@@ -127,7 +127,7 @@ foreach ($schema_data as $table_name => $table_data)
 	$line = "ALTER TABLE {$table_name} $newline";
 
 	// Table specific so we don't get overlap
-	$modded_array = array(); 
+	$modded_array = array();
 
 	// Write columns one by one...
 	foreach ($table_data['COLUMNS'] as $column_name => $column_data)
@@ -477,7 +477,7 @@ function get_schema_struct()
 			'topic_id'			=> array('UINT', 0),
 			'forum_id'			=> array('UINT', 0),
 			'save_time'			=> array('TIMESTAMP', 0),
-			'draft_subject'		=> array('XSTEXT_UNI', ''),
+			'draft_subject'		=> array('STEXT_UNI', ''),
 			'draft_message'		=> array('MTEXT_UNI', ''),
 		),
 		'PRIMARY_KEY'	=> 'draft_id',
@@ -524,7 +524,7 @@ function get_schema_struct()
 			'forum_desc_uid'		=> array('VCHAR:8', ''),
 			'forum_link'			=> array('VCHAR_UNI', ''),
 			'forum_password'		=> array('VCHAR_UNI:40', ''),
-			'forum_style'			=> array('USINT', 0),
+			'forum_style'			=> array('UINT', 0),
 			'forum_image'			=> array('VCHAR', ''),
 			'forum_rules'			=> array('TEXT_UNI', ''),
 			'forum_rules_link'		=> array('VCHAR_UNI', ''),
@@ -539,11 +539,12 @@ function get_schema_struct()
 			'forum_topics_real'		=> array('UINT', 0),
 			'forum_last_post_id'	=> array('UINT', 0),
 			'forum_last_poster_id'	=> array('UINT', 0),
-			'forum_last_post_subject' => array('XSTEXT_UNI', ''),
+			'forum_last_post_subject' => array('STEXT_UNI', ''),
 			'forum_last_post_time'	=> array('TIMESTAMP', 0),
 			'forum_last_poster_name'=> array('VCHAR_UNI', ''),
 			'forum_last_poster_colour'=> array('VCHAR:6', ''),
 			'forum_flags'			=> array('TINT:4', 32),
+			'display_subforum_list'	=> array('BOOL', 1),
 			'display_on_index'		=> array('BOOL', 1),
 			'enable_indexing'		=> array('BOOL', 1),
 			'enable_icons'			=> array('BOOL', 1),
@@ -611,11 +612,12 @@ function get_schema_struct()
 			'group_sig_chars'		=> array('UINT', 0),
 			'group_receive_pm'		=> array('BOOL', 0),
 			'group_message_limit'	=> array('UINT', 0),
+			'group_max_recipients'	=> array('UINT', 0),
 			'group_legend'			=> array('BOOL', 1),
 		),
 		'PRIMARY_KEY'	=> 'group_id',
 		'KEYS'			=> array(
-			'group_legend'			=> array('INDEX', 'group_legend'),
+			'group_legend_name'		=> array('INDEX', array('group_legend', 'group_name')),
 		),
 	);
 
@@ -752,8 +754,8 @@ function get_schema_struct()
 			'enable_magic_url'		=> array('BOOL', 1),
 			'enable_sig'			=> array('BOOL', 1),
 			'post_username'			=> array('VCHAR_UNI:255', ''),
-			'post_subject'			=> array('XSTEXT_UNI', '', 'true_sort'),
-			'post_text'				=> array('MTEXT_UNI', '', ($GLOBALS['mysql_indexer']) ? 'true_sort' : 'no_sort'),
+			'post_subject'			=> array('STEXT_UNI', '', 'true_sort'),
+			'post_text'				=> array('MTEXT_UNI', ''),
 			'post_checksum'			=> array('VCHAR:32', ''),
 			'post_attachment'		=> array('BOOL', 0),
 			'bbcode_bitfield'		=> array('VCHAR:255', ''),
@@ -788,7 +790,7 @@ function get_schema_struct()
 			'enable_smilies'		=> array('BOOL', 1),
 			'enable_magic_url'		=> array('BOOL', 1),
 			'enable_sig'			=> array('BOOL', 1),
-			'message_subject'		=> array('XSTEXT_UNI', ''),
+			'message_subject'		=> array('STEXT_UNI', ''),
 			'message_text'			=> array('MTEXT_UNI', ''),
 			'message_edit_reason'	=> array('STEXT_UNI', ''),
 			'message_edit_user'		=> array('UINT', 0),
@@ -874,6 +876,7 @@ function get_schema_struct()
 			'field_validation'		=> array('VCHAR_UNI:20', ''),
 			'field_required'		=> array('BOOL', 0),
 			'field_show_on_reg'		=> array('BOOL', 0),
+			'field_show_profile'	=> array('BOOL', 0),
 			'field_hide'			=> array('BOOL', 0),
 			'field_no_view'			=> array('BOOL', 0),
 			'field_active'			=> array('BOOL', 0),
@@ -991,6 +994,7 @@ function get_schema_struct()
 		'COLUMNS'		=> array(
 			'session_id'			=> array('CHAR:32', ''),
 			'session_user_id'		=> array('UINT', 0),
+			'session_forum_id'		=> array('UINT', 0),
 			'session_last_visit'	=> array('TIMESTAMP', 0),
 			'session_start'			=> array('TIMESTAMP', 0),
 			'session_time'			=> array('TIMESTAMP', 0),
@@ -1006,6 +1010,7 @@ function get_schema_struct()
 		'KEYS'			=> array(
 			'session_time'		=> array('INDEX', 'session_time'),
 			'session_user_id'	=> array('INDEX', 'session_user_id'),
+			'session_fid'		=> array('INDEX', 'session_forum_id'),
 		),
 	);
 
@@ -1052,13 +1057,13 @@ function get_schema_struct()
 
 	$schema_data['phpbb_styles'] = array(
 		'COLUMNS'		=> array(
-			'style_id'				=> array('USINT', NULL, 'auto_increment'),
+			'style_id'				=> array('UINT', NULL, 'auto_increment'),
 			'style_name'			=> array('VCHAR_UNI:255', ''),
 			'style_copyright'		=> array('VCHAR_UNI', ''),
 			'style_active'			=> array('BOOL', 1),
-			'template_id'			=> array('USINT', 0),
-			'theme_id'				=> array('USINT', 0),
-			'imageset_id'			=> array('USINT', 0),
+			'template_id'			=> array('UINT', 0),
+			'theme_id'				=> array('UINT', 0),
+			'imageset_id'			=> array('UINT', 0),
 		),
 		'PRIMARY_KEY'	=> 'style_id',
 		'KEYS'			=> array(
@@ -1071,7 +1076,7 @@ function get_schema_struct()
 
 	$schema_data['phpbb_styles_template'] = array(
 		'COLUMNS'		=> array(
-			'template_id'			=> array('USINT', NULL, 'auto_increment'),
+			'template_id'			=> array('UINT', NULL, 'auto_increment'),
 			'template_name'			=> array('VCHAR_UNI:255', ''),
 			'template_copyright'	=> array('VCHAR_UNI', ''),
 			'template_path'			=> array('VCHAR:100', ''),
@@ -1086,7 +1091,7 @@ function get_schema_struct()
 
 	$schema_data['phpbb_styles_template_data'] = array(
 		'COLUMNS'		=> array(
-			'template_id'			=> array('USINT', 0),
+			'template_id'			=> array('UINT', 0),
 			'template_filename'		=> array('VCHAR:100', ''),
 			'template_included'		=> array('TEXT', ''),
 			'template_mtime'		=> array('TIMESTAMP', 0),
@@ -1100,7 +1105,7 @@ function get_schema_struct()
 
 	$schema_data['phpbb_styles_theme'] = array(
 		'COLUMNS'		=> array(
-			'theme_id'				=> array('USINT', NULL, 'auto_increment'),
+			'theme_id'				=> array('UINT', NULL, 'auto_increment'),
 			'theme_name'			=> array('VCHAR_UNI:255', ''),
 			'theme_copyright'		=> array('VCHAR_UNI', ''),
 			'theme_path'			=> array('VCHAR:100', ''),
@@ -1116,7 +1121,7 @@ function get_schema_struct()
 
 	$schema_data['phpbb_styles_imageset'] = array(
 		'COLUMNS'		=> array(
-			'imageset_id'				=> array('USINT', NULL, 'auto_increment'),
+			'imageset_id'				=> array('UINT', NULL, 'auto_increment'),
 			'imageset_name'				=> array('VCHAR_UNI:255', ''),
 			'imageset_copyright'		=> array('VCHAR_UNI', ''),
 			'imageset_path'				=> array('VCHAR:100', ''),
@@ -1129,13 +1134,13 @@ function get_schema_struct()
 
 	$schema_data['phpbb_styles_imageset_data'] = array(
 		'COLUMNS'		=> array(
-			'image_id'				=> array('USINT', NULL, 'auto_increment'),
+			'image_id'				=> array('UINT', NULL, 'auto_increment'),
 			'image_name'			=> array('VCHAR:200', ''),
 			'image_filename'		=> array('VCHAR:200', ''),
 			'image_lang'			=> array('VCHAR:30', ''),
 			'image_height'			=> array('USINT', 0),
 			'image_width'			=> array('USINT', 0),
-			'imageset_id'			=> array('USINT', 0),
+			'imageset_id'			=> array('UINT', 0),
 		),
 		'PRIMARY_KEY'		=> 'image_id',
 		'KEYS'				=> array(
@@ -1151,7 +1156,7 @@ function get_schema_struct()
 			'topic_attachment'			=> array('BOOL', 0),
 			'topic_approved'			=> array('BOOL', 1),
 			'topic_reported'			=> array('BOOL', 0),
-			'topic_title'				=> array('XSTEXT_UNI', '', 'true_sort'),
+			'topic_title'				=> array('STEXT_UNI', '', 'true_sort'),
 			'topic_poster'				=> array('UINT', 0),
 			'topic_time'				=> array('TIMESTAMP', 0),
 			'topic_time_limit'			=> array('TIMESTAMP', 0),
@@ -1167,7 +1172,7 @@ function get_schema_struct()
 			'topic_last_poster_id'		=> array('UINT', 0),
 			'topic_last_poster_name'	=> array('VCHAR_UNI', ''),
 			'topic_last_poster_colour'	=> array('VCHAR:6', ''),
-			'topic_last_post_subject'	=> array('XSTEXT_UNI', ''),
+			'topic_last_post_subject'	=> array('STEXT_UNI', ''),
 			'topic_last_post_time'		=> array('TIMESTAMP', 0),
 			'topic_last_view_time'		=> array('TIMESTAMP', 0),
 			'topic_moved_id'			=> array('UINT', 0),
@@ -1273,7 +1278,7 @@ function get_schema_struct()
 			'user_timezone'				=> array('DECIMAL', 0),
 			'user_dst'					=> array('BOOL', 0),
 			'user_dateformat'			=> array('VCHAR_UNI:30', 'd M Y H:i'),
-			'user_style'				=> array('USINT', 0),
+			'user_style'				=> array('UINT', 0),
 			'user_rank'					=> array('UINT', 0),
 			'user_colour'				=> array('VCHAR:6', ''),
 			'user_new_privmsg'			=> array('INT:4', 0),

phpBB/docs/AUTHORS

@@ -22,13 +22,15 @@ involved in phpBB.
 
 phpBB Lead Developer  : Acyd Burn (Meik Sievertsen)
 
-phpBB Developers      : DavidMJ (David M.)
+phpBB Developers      : APTX (Marek A. R.)
+                        DavidMJ (David M.)
                         dhn (Dominik Dr<44>scher)
                         kellanved (Henry Sudhof)
                         naderman (Nils Adermann)
-                        subBlue (Tom Beddard)
+                        ToonArmy (Chris Smith)
                         Vic D'Elfant (Vic D'Elfant)
 
+
 -- Previous Contributors --
 
 phpBB Project Manager : theFinn (James Atkinson) [Founder - 04/2007]

phpBB/docs/CHANGELOG.html

@@ -53,6 +53,9 @@
 <ol>
 	<li><a href="#changelog">Changelog</a>
 	<ol style="list-style-type: lower-roman;">
+		<li><a href="#v303">Changes since 3.0.3</a></li>
+		<li><a href="#v302">Changes since 3.0.2</a></li>
+		<li><a href="#v301">Changes since 3.0.1</a></li>
 		<li><a href="#v300">Changes since 3.0.0</a></li>
 		<li><a href="#v30rc8">Changes since RC-8</a></li>
 		<li><a href="#v30rc7">Changes since RC-7</a></li>
@@ -71,7 +74,7 @@
 
 		<span class="corners-bottom"><span></span></span></div>
 	</div>
-	
+
 	<hr />
 
 	<a name="changelog"></a><h2>1. Changelog</h2>
@@ -80,8 +83,186 @@
 		<div class="inner"><span class="corners-top"><span></span></span>
 
 		<div class="content">
+	<a name="v303"></a><h3>1.i. Changes since 3.0.3</h3>
 
-	<a name="v300"></a><h3>1.i. Changes since 3.0.0</h3>
+	<ul>
+		<li>[Fix] Allow mixed-case template directories to be inherited (Bug #36725)</li>
+		<li>[Fix] Regression bug from revision #8908 regarding log display in ACP</li>
+		<li>[Fix] Allow the UCP group management to work for groups with avatars. (Bug #37375)</li>
+		<li>[Fix] Fix header list build for replying oldest PM in PM history (Bug #37275)</li>
+		<li>[Fix] Do not display COPPA group in memberlist find member dialog if COPPA disabled (Bug #37175)</li>
+		<li>[Fix] Do not try to send jabber notifications if no jid entered (Bug #36775)</li>
+		<li>[Fix] Only display special ranks to guests; no longer display normal ranks for guests (Bug #36735)</li>
+		<li>[Fix] Properly treat punctuation marks after local urls (Bug #37055)</li>
+		<li>[Fix] Make searching for members by YIM address work in prosilver</li>
+		<li>[Fix] Tell users to recreate the search index after changing the common word threshold for fulltext_native (Bug #36345)</li>
+		<li>[Fix] Adjusted phpbb_chmod() to always set permissions for group bit.</li>
+		<li>[Fix] Do not increment users post count after post approval if post had been posted in a forum with no post count increasing set (Bug #37865)</li>
+		<li>[Fix] Extend vertical line for last post column if no posts in forum (Bug #37125)</li>
+		<li>[Fix] correctly update last topic/forum information if changing guest usernames through editing posts (Bug #38095)</li>
+		<li>[Fix] fix postcount resync for situations where low and high post ids are higher than step value, resulting in users having 0 posts. (Bug #38195)</li>
+		<li>[Fix] Use a left join for the topics table on search to avoid trouble with FROM syntax on some databases (Bug #37005)</li>
+		<li>[Fix] Do not show 'Forward' button if the user cannot send PM's</li>
+		<li>[Change] Alllow applications to set custom module inclusion path (idea by HoL)</li>
+		<li>[Change] Handle checking for duplicate usernames in chunks (Bug #17285 - Patch by A_Jelly_Doughnut)</li>
+		<li>[Change] Better handling and finer control for custom profile fields visibility options. (Patch by Highway of Life)</li>
+		<li>[Change] Performance increase for format_date() (Bug #37575 - Patch by BartVB)</li>
+		<li>[Change] Changed prosilver date separator from 'on' to '&raquo;'</li>
+		<li>[Change] Performance increase for get_username_string() (Bug #37545 - Patch by BartVB)</li>
+		<li>[Change] Slight performance increase for common parameter calls to append_sid() (Bug #37555 - Patch by BartVB)</li>
+		<li>[Feature] Added 'AGO' setting to relative date strings. For example: posted 14 minutes ago. (Patch by BartVB)</li>
+		<li>[Sec] Fixed an issue where deactivated accounts could be re-activated without the required privileges. (Reported by Jorick)</li>
+		<li>[Sec] Ask for forum password if post within passworded forum quoted in private message. (Reported by nickvergessen)</li>
+	</ul>
+
+	<a name="v302"></a><h3>1.ii. Changes since 3.0.2</h3>
+
+	<ul>
+		<li>[Fix] Correctly set topic starter if first post in topic removed (Bug #30575 - Patch by blueray2048)</li>
+		<li>[Fix] Delete avatar files (Bug #29985).</li>
+		<li>[Fix] Preserve selection in the MCP. (Bug #31265).</li>
+		<li>[Fix] Added VST - Venezuela Standard Time (Bug #30545).</li>
+		<li>[Fix] Close DB connections in file.php.</li>
+		<li>[Fix] Correctly return results for nested cached queries (Bug #31445 - Patch by faw).</li>
+		<li>[Fix] Allow export of PM pages greater one. (#33155)</li>
+		<li>[Fix] Display coloured username of last poster in list of subscribed forums (prosilver).</li>
+		<li>[Fix] Added missing UCP language string <em>NO_AUTH_READ_HOLD_MESSAGE</em>.</li>
+		<li>[Fix] Do not jump back to page 1 when hiding member search in memberlist. (Bug #32515)</li>
+		<li>[Fix] Correctly limit input of the users location to 100 characters in the UCP and ACP. (Bug #32655)</li>
+		<li>[Fix] Sync reports when using the move all users posts tool in the ACP. (Bug #31165)</li>
+		<li>[Fix] Extra slash is included in the redirect url when redirecting to the forum root directory. (Bug #33605)</li>
+		<li>[Fix] Remove reported flag from shadow topics when closing reports. (Bug #19765)</li>
+		<li>[Fix] Do not show non indexed forums on the search page if they contain no subforums. (Bug #33125)</li>
+		<li>[Fix] Stop search bots incrementing topic views. (Bug #32675 - Patch by eviL&lt;3)</li>
+		<li>[Fix] Use correct link for post author search. (Bug #32595)</li>
+		<li>[Fix] Do not decrease topics counter when deleting shadow topics. (Bug #26495)</li>
+		<li>[Fix] Send localised disapproval reasons in the recipients local language. (Bug #31645)</li>
+		<li>[Fix] Language typos/fixes. (Bugs #27625, #30755, #34185, #32795)</li>
+		<li>[Fix] Added missing terms parameter to search pagination. (Bug #34085)</li>
+		<li>[Fix] Wrong table order in query obtaining posts if post id given.</li>
+		<li>[Fix] Do not display reported topic icon for shadow topics. (Bug #13970)</li>
+		<li>[Fix] Display popular topic based on posts within topic instead of replies within topic. (Bug #16099)</li>
+		<li>[Fix] Expand shown ban reason in unban screen to fully show long entries. (Bug #16234)</li>
+		<li>[Fix] Preserve alpha transparency for created thumbnails. (Bug #16575)</li>
+		<li>[Fix] Use correct port delimiter for MSSQL connections in windows. (Bug #16615)</li>
+		<li>[Fix] Do not allow setting forums parent to the forum itself. (Bug #18855)</li>
+		<li>[Fix] Display assigned rank/avatar for guests. (Bug #19155)</li>
+		<li>[Fix] Set secure cookie for style switcher if required. (Bug #19625)</li>
+		<li>[Fix] Fix native full text search on postgresql while using excluding keyword matches. (Bug #19195)</li>
+		<li>[Fix] Pass S_SEARCH_ACTION through append_sid() in search.php. (Bug #21585)</li>
+		<li>[Fix] Correctly delete message attachments. (Bug #23755)</li>
+		<li>[Fix] Correctly handle unread status of subforums (that are not shown on the index) of forums that are shown on the index. (Bug #14589)</li>
+		<li>[Fix] Stop users from deleting posts after the edit time has passed or they have been locked. (Bug #19115)</li>
+		<li>[Fix] Split posts target forum requires 'f_post' now instead of 'm_split'. (Bug #31015)</li>
+		<li>[Fix] Duplicate log messages for deleting a topic ('LOG_TOPIC_DELETED' has been deprecated in favour of 'LOG_DELETE_TOPIC').</li>
+		<li>[Fix] Use a distinct log message for shadow topic deletions to differentiate between normal topic deletions. (Bug #34635)</li>
+		<li>[Fix] Fix problems with styles using an underscore within the filename. (Bug #34315)</li>
+		<li>[Fix] Better return links when deleting topics through the MCP. (Bug #34655)</li>
+		<li>[Fix] Add quoting support to PM history when composing a reply. (Bug #34285)</li>
+		<li>[Fix] Use phpBB 3.1.x method for storing cached data to prevent PHP bug with our usage of var_export(). (Thanks to Techie-Micheal and HoL for pointing out possible problems)</li>
+		<li>[Fix] Check users pm preferences for pm's sent to groups. (Bug #33245)</li>
+		<li>[Fix] Do not allow password reminders if u_passchg permission is not given. (Bug #14806)</li>
+		<li>[Fix] Implemented strict check for cached user permissions and existing ACL options. This fix makes sure cached permissions are valid, even if they got already cached.</li>
+		<li>[Fix] Do not show link to user/group profiles if user has no permission to view the linked page and gets a denied message anyway. (Bug #15088)</li>
+		<li>[Fix] Do not display last post link and sort display options for search engines. (Bug #15088)</li>
+		<li>[Fix] Make sure users still get notifications if they set to only be notified by Jabber, but Jabber service disabled. (Bug #29715 - Patch by Paul)</li>
+		<li>[Fix] Don't show forum subscription link on categories. (Bug #34895)</li>
+		<li>[Fix] Display a message if no topics or forums are selected when unsubscribing. (Bug #34855)</li>
+		<li>[Fix] Mark/unmark all links in UCP now select/unselect both subscribed topics and forums.</li>
+		<li>[Fix] Increase board topic counter when splitting topics. (Bug #32125)</li>
+		<li>[Fix] Display profile icons when viewing a topic, or PM when only the jabber icon is to be visible. (Bug #34755)</li>
+		<li>[Fix] Do not send PMs with warnings if the user cannot read PMs or they are disabled. (Bug #30815)</li>
+		<li>[Fix] Correctly convert Niels' Birthday MOD to the date format used in phpBB3. (Bug #32895)</li>
+		<li>[Fix] Parse BBCode lists of type square, circle and disc. (Bug #35295)</li>
+		<li>[Fix] Round the displayed percentages in polls. (Bug #32375)</li>
+		<li>[Fix] Disable mass e-mail when e-mail is disabled. (Bug #27385)</li>
+		<li>[Fix] Display coloured poster username of queued posts displayed on the front of the MCP.</li>
+		<li>[Fix] Moderators can only see reports/queue/logs from forums they can actually read. (Bug #31085)</li>
+		<li>[Fix] Correctly display topic when start parameter is equal to the number of posts.</li>
+		<li>[Fix] Correctly display topic in MCP when start parameter is equal to or greater than the number of posts. (Bug #30525)</li>
+
+		<li>[Change] No longer allow the direct use of MULTI_INSERT in sql_build_array. sql_multi_insert() must be used.</li>
+		<li>[Change] Display warning in ACP if config.php file is left writable.</li>
+		<li>[Change] More restrictive chmod to new files being created. (phpbb_chmod() function mostly by faw)</li>
+		<li>[Change] Set headers to allow browsers to better cache attachments (Mylek pointed this out)</li>
+		<li>[Change] Hide parameters if they equal the default in viewforum/viewtopic (Bug #31185)</li>
+		<li>[Change] Various improvements to group listings (Bugs #32155, #32145, #32085, #26675, #26265)</li>
+		<li>[Change] Set headers for IE 8 in file.php</li>
+		<li>[Change] Do not count queued posts to user_posts.</li>
+		<li>[Change] Allow setting birth year to current year.</li>
+		<li>[Change] Do not use the topics posted table when performing an egosearch.</li>
+		<li>[Change] Log the forum name that topics are moved into.</li>
+		<li>[Change] Automatically add users/groups to the PM recipient list, if entered or selected.</li>
+		<li>[Change] Reply to PM now includes all previous recipients and not only the original sender.</li>
+		<li>[Change] Make topic selection for merge less confusing by removing unneeded controls. (Bug #21925)</li>
+		<li>[Change] MCP topic view checkboxes now default to unchecked.</li>
+		<li>[Change] Adjust language key <em>SPLIT_AFTER</em> to make the action clearer.</li>
+		<li>[Change] Add links to the post and forum when viewing a report from the MCP. (Bugs #33795, #33805)</li>
+		<li>[Change] Added CSRF protection to GET-only actions like marking forums.</li>
+		<li>[Change] Remove NUL-Bytes directly in request_var() for strings and within the custom DBAL sql_escape() functions (MSSQL, Firebird, Oracle) (reported by AdhostMikeSw)</li>
+
+		<li>[Feature] Allow limited inheritance for template sets.</li>
+		<li>[Feature] Allow hard disabling of the template editor.</li>
+		<li>[Feature] Allow setting custom language path through $user-&gt;set_custom_lang_path(). $user-&gt;lang_path now also do not include the user language, but only the path.</li>
+		<li>[Feature] Ability to define nullar/singular/plural language entries</li>
+		<li>[Feature] Ability to mimic sprintf() calls with $user-&gt;lang() with the ability to correctly assign nullar/singular/plural language entries.</li>
+		<li>[Feature] Added the possibility to force user posts put in queue if post count is lower than an admin defined value. Guest posting is not affected by this setting.</li>
+		<li>[Feature] Added 'max_recipients' setting for private messages. This setting allows admins to define the maximum number of recipients per private message with a board-wide setting and a group-specific setting.</li>
+		<li>[Feature] Added new permission setting for sending private messages to groups. Now there are two permissions to define sending private messages to multiple recipients and private messages to groups.</li>
+		<li>[Feature] Allow specific connection to different server for jabber functionality by providing a valid JID as username. This also allows the use of talk.google.com as jabber server with gmail.com JIDs. (Bug #14989)</li>
+
+		<li>[Sec Precaution] Stricter validation of the HTTP_HOST header (Thanks to Techie-Micheal et al for pointing out possible issues in derived code)</li>
+	</ul>
+
+	<a name="v301"></a><h3>1.iii. Changes since 3.0.1</h3>
+
+	<ul>
+		<li>[Fix] Ability to set permissions on non-mysql dbms (Bug #24955)</li>
+		<li>[Fix] Fixed blank style on setups having no username defined within config.php (Bug #25065)</li>
+		<li>[Fix] Made the compress_tar class tolerate archives that do not properly have their archived contents listed (Bug #14429 / thanks to JRSweets for his patch)</li>
+		<li>[Fix] Moved topics should not count towards the number of topics in a forum (Bug #14648 / thanks to Schumi for his patch)</li>
+		<li>[Fix] Properly check for invalid characters in MySQL DB prefixes during install (Bug #18775)</li>
+		<li>[Fix] Bring the PostgreSQL backup system back to working order (Bug #22385)</li>
+		<li>[Fix] Update correct theme for cached styles in style.php (Bug #25805)</li>
+		<li>[Fix] Also add PHPBB_INSTALLED check to download/file.php for inline avatar delivery</li>
+		<li>[Fix] Unable to login to some jabber server, reverted previous change (Bug #25095)</li>
+		<li>[Fix] Do not return BMP as valid image type for GD image manipulation (Bug #25925)</li>
+		<li>[Fix] Correctly determine safe mode for temp file creation in functions_upload.php (Bug #23525)</li>
+		<li>[Fix] Correctly sort by rank in memberlist (Bug #24435)</li>
+		<li>[Fix] Purge cache after database restore (Bug #24245)</li>
+		<li>[Fix] Correctly display subforum read/unread icons from RTL in FF3, Konqueror and Safari3+. (thanks arod-1 for the fix, related to Bug #14830)</li>
+		<li>[Fix] Added missing form token in acp (thanks NBBN).</li>
+		<li>[Fix] Do not remove whitespace in front of url containing the boards url and no relative path appended (Bug #27355)</li>
+		<li>[Fix] reset forum notifications in viewtopic (Bug #28025)</li>
+		<li>[Fix] corrected link for searching post author's other posts (Bug #26455)</li>
+		<li>[Fix] HTTP Authentication supports UTF-8 usernames now (Bug #21135)</li>
+		<li>[Fix] Topic searches by author no longer return invalid results (Bug #11777)</li>
+		<li>[Fix] Delete drafts and bookmarks when deleting an user. (#27585, thanks Schumi for the fix)</li>
+		<li>[Fix] Set last_post_subject for new topics. (#23945)</li>
+		<li>[Fix] Allow moving posts to invisible forums. (#27325)</li>
+		<li>[Fix] Don't allow promoting unapproved group members (#16124)</li>
+		<li>[Fix] Correctly fetch server name if using non-standard port (#27395)</li>
+		<li>[Fix] Regular expression for email matching in posts will no longer die on long words.</li>
+		<li>[Fix] Do not display ban message if direct call to cron. (thanks Dog Cow for reporting)</li>
+		<li>[Fix] Correctly display double-colon on special conditions within highlighted php source (Bug #26795)</li>
+		<li>[Fix] Increase storage capacity of titles/subjects due to specialchared content (Bug #25235)</li>
+		<li>[Fix] Catch invalid username wildcard ban (we do not support these) (Bug #29305)</li>
+		<li>[Fix] Fix (email)-domain checks for those having DNS prefixes set (Bug #29635)</li>
+		<li>[Change] Adjust truncate_string() to be able to adjust the maximum storage length.</li>
+		<li>[Change] Generalize load check (Bug #21255 / thanks to Xipher)</li>
+		<li>[Change] Make utf8_htmlspecialchars not pass its argument by reference (Bug #21885)</li>
+		<li>[Change] Sort the tables at the database table backup screen</li>
+		<li>[Change] For determining the maximum number of private messages in one box, use the biggest value from all groups the user is a member of (Bug #24665)</li>
+		<li>[Change] Show email ban reason on registration. Additionally allow custom errors properly returned if using validate_data(). (Bug #26885)</li>
+		<li>[Change] Don't allow redirects to different domains. (thanks nookieman)</li>
+		<li>[Feature] Added optional referer validation of POST requests as additional CSRF protection.</li>
+		<li>[Feature] Added optional stricter upload validation to avoid mime sniffing in addition to the safeguards provided by file.php. (thanks to Nicolas Grekas for compiling the list).</li>
+		<li>[Feature] Streamlined banning via the MCP by adding a ban link to the user profile. Also pre-fills ban fields as far as possible.</li>
+		<li>[Feature] Added ACP logout to reset an admin session.</li>
+		<li>[Sec] Only allow urls gone through redirect() being used within login_box(). (thanks nookieman)</li>
+	</ul>
+
+	<a name="v300"></a><h3>1.iv. Changes since 3.0.0</h3>
 
 	<ul>
 		<li>[Change] Validate birthdays (Bug #15004)</li>
@@ -99,7 +280,7 @@
 		<li>[Fix] Fixing wrong sync() calls if moving all posts by a member in ACP (Bug #18385)</li>
 		<li>[Fix] Check entered imagemagick path for trailing slash (Bug #18205)</li>
 		<li>[Fix] Use proper title on index for new/unread posts (Bug #13101) - patch provided by Pyramide</li>
-		<li>[Fix] Allow calls to $user->set_cookie() define no cookie time for setting session cookies (Bug #18025)</li>
+		<li>[Fix] Allow calls to $user-&gt;set_cookie() define no cookie time for setting session cookies (Bug #18025)</li>
 		<li>[Fix] Stricter checks on smilie packs (Bug #19675)</li>
 		<li>[Fix] Gracefully return from cancelling pm drafts (Bug #19675)</li>
 		<li>[Fix] Possible login problems with IE7 if browser check is activated (Bug #20135)</li>
@@ -152,7 +333,7 @@
 		<li>[Fix] Find and display colliding usernames correctly when converting from one database to another (Bug #23925)</li>
 	</ul>
 
-	<a name="v30rc8"></a><h3>1.i. Changes since 3.0.RC8</h3>
+	<a name="v30rc8"></a><h3>1.v. Changes since 3.0.RC8</h3>
 
 	<ul>
 		<li>[Fix] Cleaned usernames contain only single spaces, so &quot;a_name&quot; and &quot;a__name&quot; are treated as the same name (Bug #15634)</li>
@@ -161,7 +342,7 @@
 		<li>[Fix] Call garbage_collection() within database updater to correctly close connections (affects Oracle for example)</li>
 	</ul>
 
-	<a name="v30rc7"></a><h3>1.ii. Changes since 3.0.RC7</h3>
+	<a name="v30rc7"></a><h3>1.vi. Changes since 3.0.RC7</h3>
 
 	<ul>
 		<li>[Fix] Fixed MSSQL related bug in the update system</li>
@@ -196,7 +377,7 @@
 		<li>[Fix] No duplication of active topics (Bug #15474)</li>
 	</ul>
 
-	<a name="v30rc6"></a><h3>1.iii. Changes since 3.0.RC6</h3>
+	<a name="v30rc6"></a><h3>1.vii. Changes since 3.0.RC6</h3>
 
 	<ul>
 		<li>[Fix] Submitting language changes using acp_language (Bug #14736)</li>
@@ -206,7 +387,7 @@
 		<li>[Fix] Able to request new password (Bug #14743)</li>
 	</ul>
 
-	<a name="v30rc5"></a><h3>1.iv. Changes since 3.0.RC5</h3>
+	<a name="v30rc5"></a><h3>1.viii. Changes since 3.0.RC5</h3>
 
 	<ul>
 		<li>[Feature] Removing constant PHPBB_EMBEDDED in favor of using an exit_handler(); the constant was meant to achive this more or less.</li>
@@ -269,7 +450,7 @@
 		<li>[Sec] New password hashing mechanism for storing passwords (#i42)</li>
 	</ul>
 
-	<a name="v30rc4"></a><h3>1.v. Changes since 3.0.RC4</h3>
+	<a name="v30rc4"></a><h3>1.ix. Changes since 3.0.RC4</h3>
 
 	<ul>
 		<li>[Fix] MySQL, PostgreSQL and SQLite related database fixes (Bug #13862)</li>
@@ -320,7 +501,7 @@
 		<li>[Fix] odbc_autocommit causing existing result sets to be dropped (Bug #14182)</li>
 	</ul>
 
-	<a name="v30rc3"></a><h3>1.vi. Changes since 3.0.RC3</h3>
+	<a name="v30rc3"></a><h3>1.x. Changes since 3.0.RC3</h3>
 
 	<ul>
 		<li>[Fix] Fixing some subsilver2 and prosilver style issues</li>
@@ -429,7 +610,7 @@
 
 	</ul>
 
-	<a name="v30rc2"></a><h3>1.vii. Changes since 3.0.RC2</h3>
+	<a name="v30rc2"></a><h3>1.xi. Changes since 3.0.RC2</h3>
 
 	<ul>
 		<li>[Fix] Re-allow searching within the memberlist</li>
@@ -454,7 +635,7 @@
 		<li>[Fix] Use our global expression for checking email syntax in memberlist (Bug #12827)</li>
 		<li>[Fix] Correctly retrieve/refresh templates stored in database if using subdirectories within template directory (Bug #12839)</li>
 		<li>[Fix] Correctly translate special group names in ucp_groups.php (Bug #12597)</li>
-		<li>[Fix] Search boxes not loosing session id (changing method from get to post) (Bug #12643)</li>
+		<li>[Fix] Search boxes not losing session id (changing method from get to post) (Bug #12643)</li>
 		<li>[Fix] Make sure the automatic update is also working for those having fsockopen disabled</li>
 		<li>[Fix] Simulate recache of theme data on automatic update finished page - recaching it if css data changed</li>
 		<li>[Feature] Allow dropping in custom &quot;info_[module class]_*.php&quot; files to language/*/mods directory for inclusion into the menu structure without the need to modify phpBB language files for menu placements</li>
@@ -471,11 +652,11 @@
 		<li>[Fix] Some jabber related bugs (Bug #12989, #11805, #11809)</li>
 		<li>[Fix] Added UTF-8 support for banning via the MCP (Bug #13013)</li>
 		<li>[Fix] Properly detect the script name in session::extract_current_page() if PHP_SELF is not defined (Bug #12705) - patch provided by ToonArmy</li>
-		<li>[Fix] Show role mask for global permission class under Permissions->Permission Roles (Bug #13057)</li>
+		<li>[Fix] Show role mask for global permission class under Permissions-&gt;Permission Roles (Bug #13057)</li>
 
 	</ul>
 
-	<a name="v30rc1"></a><h3>1.viii. Changes since 3.0.RC1</h3>
+	<a name="v30rc1"></a><h3>1.xii. Changes since 3.0.RC1</h3>
 
 	<ul>
 		<li>[Fix] (X)HTML issues within the templates (Bug #11255, #11255)</li>

phpBB/docs/INSTALL.html

@@ -273,7 +273,7 @@
 
 	<p>This package is meant for those wanting to only replace changed files from a previous version to the latest version. This package normally contains the changed files from up to five previous versions.</p>
 
-	<p>This package contains a number of archives, each contains the files changed from a given release to the latest version. You should select the appropriate archive for your current version, e.g. if you currently have <samp>3.0.0</samp> you should select the phpBB-3.0.0_to_3.0.1.zip/tar.gz file.</p>
+	<p>This package contains a number of archives, each contains the files changed from a given release to the latest version. You should select the appropriate archive for your current version, e.g. if you currently have <samp>3.0.3</samp> you should select the phpBB-3.0.3_to_3.0.4.zip/tar.gz file.</p>
 
 	<p>The directory structure has been preserved enabling you (if you wish) to simply upload the contents of the archive to the appropriate location on your server, i.e. simply overwrite the existing files with the new versions. Do not forget that if you have installed any MODs these files will overwrite the originals possibly destroying them in the process. You will need to re-add MODs to any affected file before uploading.</p>
 
@@ -285,7 +285,7 @@
 
 	<p>The patch file is one solution for those with many Modifications (MODs) or other changes who do not want to re-add them back to all the changed files if they use the method explained above. To use this you will need command line access to a standard UNIX type <strong>patch</strong> application. If you do not have access to such an application but still want to use this update approach, we strongly recommend the <a href="#update_auto">Automatic update package</a> explained below. It is also the preferred update method.</p>
 
-	<p>A number of patch files are provided to allow you to update from previous stable releases. Select the correct patch, e.g. if your current version is 3.0.0 you need the phpBB-3.0.0_to_3.0.1.patch file. Place the correct patch in the parent directory containing the phpBB3 core files (i.e. index.php, viewforum.php, etc.). With this done you should run the following command: <strong>patch -cl -d [PHPBB DIRECTORY] -p1 &lt; [PATCH NAME]</strong> (where PHPBB DIRECTORY is the directory name your phpBB Installation resides in, for example phpBB3, and where PATCH NAME is the relevant filename of the selected patch file). This should complete quickly, hopefully without any HUNK FAILED comments.</p>
+	<p>A number of patch files are provided to allow you to update from previous stable releases. Select the correct patch, e.g. if your current version is 3.0.3 you need the phpBB-3.0.3_to_3.0.4.patch file. Place the correct patch in the parent directory containing the phpBB3 core files (i.e. index.php, viewforum.php, etc.). With this done you should run the following command: <strong>patch -cl -d [PHPBB DIRECTORY] -p1 &lt; [PATCH NAME]</strong> (where PHPBB DIRECTORY is the directory name your phpBB Installation resides in, for example phpBB3, and where PATCH NAME is the relevant filename of the selected patch file). This should complete quickly, hopefully without any HUNK FAILED comments.</p>
 
 	<p>If you do get failures you should look at using the <a href="#update_files">Changed files only</a> package to replace the files which failed to patch, please note that you will need to manually re-add any Modifications (MODs) to these particular files. Alternatively if you know how you can examine the .rej files to determine what failed where and make manual adjustments to the relevant source.</p>
 
@@ -295,7 +295,7 @@
 
 	<p>This update method is the preferred method for updating. This package allows detecting changed files automatically and merges changes if needed.</p>
 
-	<p>The automatic update package is holding - contrary to the others - only the update informations for updating the last released version to the latest available version. These package is meant for use with the automatic update tool.</p>
+	<p>The automatic update package contains - contrary to the others - only the information required to update the previous release version to the latest available version. These packages are meant for use with the automatic update tool.</p>
 
 	<p>To perform the update, either follow the instructions from the <code>Administration Control Panel-&gt;System</code> Tab - this should point out that you are running an outdated version and will guide you through the update - or follow the instructions listed below.</p>
 
@@ -371,9 +371,9 @@
 
 	<p><strong>Path to your former board</strong> The converter expects the relative path to your old board's files. So, - for instance - if the old board is located at <code>http://www.yourdomain.com/forum</code> and the phpBB3 installation is located at <code>http://www.yourdomain.com/phpBB3</code>, then the correct value would be <code>../forum</code>. Note that the webserver user must be able to access the source installation's files.</p>
 
-	<p><strong>Missing images</strong> If your default board language's language pack does not include all images, then some images might be missing in your installation. Always use a complete language pack as default language.</p> 
+	<p><strong>Missing images</strong> If your default board language's language pack does not include all images, then some images might be missing in your installation. Always use a complete language pack as default language.</p>
 
-	<p><strong>Smilies</strong> During the conversion you might see warnings about image files where the copying failed. That can happen if the old board's smilies have the same file names as those on the new board. Copy those files manually after the conversion, if you want to continue using the old smilies.</p> 
+	<p><strong>Smilies</strong> During the conversion you might see warnings about image files where the copying failed. That can happen if the old board's smilies have the same file names as those on the new board. Copy those files manually after the conversion, if you want to continue using the old smilies.</p>
 
 
 		</div>

phpBB/docs/coding-guidelines.html

@@ -69,7 +69,15 @@
 	</ol>
 	</li>
 	<li><a href="#styling">Styling</a></li>
-	<li><a href="#templating">Templating</a></li>
+	<ol style="list-style-type: lower-roman;">
+		<li><a href="#cfgfiles">Style Config Files</a></li>
+		<li><a href="#genstyling">General Styling Rules</a></li>
+	</ol></li>
+	<li><a href="#templating">Templating</a>
+	<ol style="list-style-type: lower-roman;">
+		<li><a href="#templates">General Templating</a></li>
+		<li><a href="#inheritance">Template Inheritance</a></li>
+	</ol></li>
 	<li><a href="#charsets">Character Sets and Encodings</a></li>
 	<li><a href="#translation">Translation (<abbr title="Internationalisation">i18n</abbr>/<abbr title="Localisation">L10n</abbr>) Guidelines</a>
 	<ol style="list-style-type: lower-roman;">
@@ -188,8 +196,7 @@ class ...
 				<li><code>/includes/db/firebird.php</code><br />Firebird/Interbase Database Abstraction Layer</li>
 				<li><code>/includes/db/msssql.php</code><br />MSSQL Database Abstraction Layer</li>
 				<li><code>/includes/db/mssql_odbc.php</code><br />MSSQL ODBC Database Abstraction Layer for MSSQL</li>
-				<li><code>/includes/db/mysql.php</code><br />MySQL Database Abstraction Layer for MySQL 3.x/4.0.x</li>
-				<li><code>/includes/db/mysql4.php</code><br />MySQL4 Database Abstraction Layer for MySQL 4.1.x/5.x</li>
+				<li><code>/includes/db/mysql.php</code><br />MySQL Database Abstraction Layer for MySQL 3.x/4.0.x/4.1.x/5.x
 				<li><code>/includes/db/mysqli.php</code><br />MySQLi Database Abstraction Layer</li>
 				<li><code>/includes/db/oracle.php</code><br />Oracle Database Abstraction Layer</li>
 				<li><code>/includes/db/postgres.php</code><br />PostgreSQL Database Abstraction Layer</li>
@@ -518,7 +525,7 @@ switch ($mode)
 	break;
 
 	default:
-		// Always assume that the case got not catched
+		// Always assume that a case was not caught
 	break;
 }
 	</pre></div>
@@ -541,7 +548,7 @@ switch ($mode)
 
 	default:
 
-		// Always assume that the case got not catched
+		// Always assume that a case was not caught
 
 	break;
 }
@@ -569,7 +576,7 @@ switch ($mode)
 
 	default:
 
-		// Always assume that the case got not catched
+		// Always assume that a case was not caught
 
 	break;
 }
@@ -690,7 +697,29 @@ $sql = 'UPDATE ' . SOME_TABLE . '
 $db-&gt;sql_query($sql);
 	</pre></div>
 
-	<p>The <code>$db-&gt;sql_build_array()</code> function supports the following modes: <code>INSERT</code> (example above), <code>INSERT_SELECT</code> (building query for <code>INSERT INTO table (...) SELECT value, column ...</code> statements), <code>MULTI_INSERT</code> (for returning extended inserts), <code>UPDATE</code> (example above) and <code>SELECT</code> (for building WHERE statement [AND logic]).</p>
+	<p>The <code>$db-&gt;sql_build_array()</code> function supports the following modes: <code>INSERT</code> (example above), <code>INSERT_SELECT</code> (building query for <code>INSERT INTO table (...) SELECT value, column ...</code> statements), <code>UPDATE</code> (example above) and <code>SELECT</code> (for building WHERE statement [AND logic]).</p>
+
+	<h4>sql_multi_insert():</h4>
+
+	<p>If you want to insert multiple statements at once, please use the separate <code>sql_multi_insert()</code> method. An example:</p>
+
+	<div class="codebox"><pre>
+$sql_ary = array();
+
+$sql_ary[] = array(
+	'somedata'		=&gt; $my_string_1,
+	'otherdata'		=&gt; $an_int_1,
+	'moredata'		=&gt; $another_int_1,
+);
+
+$sql_ary[] = array(
+	'somedata'		=&gt; $my_string_2,
+	'otherdata'		=&gt; $an_int_2,
+	'moredata'		=&gt; $another_int_2,
+);
+
+$db->sql_multi_insert(SOME_TABLE, $sql_ary);
+	</pre></div>
 
 	<h4>sql_in_set():</h4>
 
@@ -973,8 +1002,18 @@ append_sid(&quot;{$phpbb_root_path}memberlist.$phpEx&quot;, 'mode=group&amp;amp;
 		<div class="inner"><span class="corners-top"><span></span></span>
 
 		<div class="content">
-
-<h4>General things</h4>
+	<a name="cfgfiles"></a><h3>3.i. Style Config Files</h3>
+	<p>Style cfg files are simple name-value lists with the information necessary for installing a style. Similar cfg files exist for templates, themes and imagesets. These follow the same principle and will not be introduced individually. Styles can use installed components by using the required_theme/required_template/required_imageset entries. The important part of the style configuration file is assigning an unique name.</p>
+	<div class="codebox"><pre>
+        # General Information about this style
+        name = prosilver_duplicate
+        copyright = &copy; phpBB Group, 2007
+        version = 3.0.3
+        required_template = prosilver
+        required_theme = prosilver
+        required_imageset = prosilver
+	</pre></div>
+	<a name="genstyling"></a><h3>3.2. General Styling Rules</h3>
 <p>Templates should be produced in a consistent manner. Where appropriate they should be based off an existing copy, e.g. index, viewforum or viewtopic (the combination of which implement a range of conditional and variable forms). Please also note that the intendation and coding guidelines also apply to templates where possible.</p>
 
 <p>The outer table class <code>forumline</code> has gone and is replaced with <code>tablebg</code>.</p>
@@ -1041,6 +1080,7 @@ append_sid(&quot;{$phpbb_root_path}memberlist.$phpEx&quot;, 'mode=group&amp;amp;
 		<div class="inner"><span class="corners-top"><span></span></span>
 
 		<div class="content">
+	<a name="templates"></a><h3>4.i. General Templating</h3>
 
 <h4>File naming</h4>
 <p>Firstly templates now take the suffix &quot;.html&quot; rather than &quot;.tpl&quot;. This was done simply to make the lifes of some people easier wrt syntax highlighting, etc.</p>
@@ -1429,6 +1469,29 @@ div
 	&lt;/fieldset&gt
 &lt;/form&gt
 		</pre></div><br />
+
+	<a name="inheritance"></a><h3>4.ii. Template Inheritance</h3>
+		<p>When basing a new template on an existing one, it is not necessary to provide all template files. By declaring the template  to be &quot;<strong>inheriting</strong>&quot; in the template configuration file.</p>
+
+		<p>The limitation on this is that the base style has to be installed and complete, meaning that it is not itself inheriting.</p>
+
+		<p>The effect of doing so is that the template engine will use the files in the new template where they exist, but fall back to files in the base template otherwise. Declaring a style to be inheriting also causes it to use some of the configuration settings of the base style, notably database storage.</p>
+
+		<p>We strongly encourage the use of inheritance for styles based on the bundled styles, as it will ease the update procedure.</p>
+
+		<div class="codebox"><pre>
+        # General Information about this template
+        name = inherits
+        copyright = &copy; phpBB Group, 2007
+        version = 3.0.3
+
+        # Defining a different template bitfield
+        template_bitfield = lNg=
+
+        # Are we inheriting?
+        inherit_from = prosilver
+		</pre></div>
+
 		</div>
 
 		<div class="back2top"><a href="#wrap" class="top">Back to Top</a></div>
@@ -1450,7 +1513,7 @@ div
 
 
 <h4>What are Unicode, UCS and UTF-8?</h4>
-<p>The <a href="http://en.wikipedia.org/wiki/Universal_Character_Set">Universal Character Set (UCS)</a> described in ISO/IEC 10646 consists of a large amount of characters. Each of them has a unique name and a code point which is an integer number. <a href="http://en.wikipedia.org/wiki/Unicode">Unicode</a> - which is an industry standard - complements the Universal Character Set with further information about the characters' properties and alternative character encodings. More information on Unicode can be found on the <a href="http://www.unicode.org/">Unicode Consortium's website</a>. One of the Unicode encodings is the <a href="http://en.wikipedia.org/wiki/UTF-8">8-bit Unicode Transformation Format (UTF-8)</a>. It encodes characters with up to four bytes aiming for maximum compatability with the <a href="http://en.wikipedia.org/wiki/ASCII">American Standard Code for Information Interchange</a> which is a 7-bit encoding of a relatively small subset of the UCS.</p>
+<p>The <a href="http://en.wikipedia.org/wiki/Universal_Character_Set">Universal Character Set (UCS)</a> described in ISO/IEC 10646 consists of a large amount of characters. Each of them has a unique name and a code point which is an integer number. <a href="http://en.wikipedia.org/wiki/Unicode">Unicode</a> - which is an industry standard - complements the Universal Character Set with further information about the characters' properties and alternative character encodings. More information on Unicode can be found on the <a href="http://www.unicode.org/">Unicode Consortium's website</a>. One of the Unicode encodings is the <a href="http://en.wikipedia.org/wiki/UTF-8">8-bit Unicode Transformation Format (UTF-8)</a>. It encodes characters with up to four bytes aiming for maximum compatibility with the <a href="http://en.wikipedia.org/wiki/ASCII">American Standard Code for Information Interchange</a> which is a 7-bit encoding of a relatively small subset of the UCS.</p>
 
 <h4>phpBB's use of Unicode</h4>
 <p>Unfortunately PHP does not faciliate the use of Unicode prior to version 6. Most functions simply treat strings as sequences of bytes assuming that each character takes up exactly one byte. This behaviour still allows for storing UTF-8 encoded text in PHP strings but many operations on strings have unexpected results. To circumvent this problem we have created some alternative functions to PHP's native string operations which use code points instead of bytes. These functions can be found in <code>/includes/utf/utf_tools.php</code>. They are also covered in the <a href="http://area51.phpbb.com/docs/code/">phpBB3 Sourcecode Documentation</a>. A lot of native PHP functions still work with UTF-8 as long as you stick to certain restrictions. For example <code>explode</code> still works as long as the first and the last character of the delimiter string are ASCII characters.</p>
@@ -2195,6 +2258,21 @@ if (utf8_case_fold_nfc($string1) == utf8_case_fold_nfc($string2))
 
 		<div class="content">
 
+
+<h3>Revision 8732</h3>
+
+<ul>
+	<li>Added cfg files.</li>
+	<li>Added template <a href="#inheritance">inheritance</a>.</li>
+</ul>
+
+<h3>Revision 8596+</h3>
+
+<ul>
+	<li>Removed sql_build_array('MULTI_INSERT'... statements.</li>
+	<li>Added sql_multi_insert() explanation.</li>
+</ul>
+
 <h3>Revision 1.31</h3>
 
 <ul>

phpBB/download/file.php

@@ -15,9 +15,29 @@ define('IN_PHPBB', true);
 $phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './../';
 $phpEx = substr(strrchr(__FILE__, '.'), 1);
 
+
+// Thank you sun. 
+if (isset($_SERVER['CONTENT_TYPE']))
+{
+	if ($_SERVER['CONTENT_TYPE'] === 'application/x-java-archive')
+	{
+		exit;
+	}
+}
+else if (isset($_SERVER['HTTP_USER_AGENT']) && strpos($_SERVER['HTTP_USER_AGENT'], 'Java') !== false)
+{
+	exit;
+}
+
 if (isset($_GET['avatar']))
 {
 	require($phpbb_root_path . 'config.' . $phpEx);
+
+	if (!defined('PHPBB_INSTALLED') || empty($dbms) || empty($acm_type))
+	{
+		exit;
+	}
+
 	require($phpbb_root_path . 'includes/acm/acm_' . $acm_type . '.' . $phpEx);
 	require($phpbb_root_path . 'includes/cache.' . $phpEx);
 	require($phpbb_root_path . 'includes/db/' . $dbms . '.' . $phpEx);
@@ -39,6 +59,8 @@ if (isset($_GET['avatar']))
 	$config = $cache->obtain_config();
 	$filename = $_GET['avatar'];
 	$avatar_group = false;
+	$exit = false;
+	
 	if ($filename[0] === 'g')
 	{
 		$avatar_group = true;
@@ -49,75 +71,37 @@ if (isset($_GET['avatar']))
 	if (strpos($filename, '.') == false)
 	{
 		header('HTTP/1.0 403 Forbidden');
-		if (!empty($cache))
-		{
-			$cache->unload();
-		}
-		$db->sql_close();
-		exit;
+		$exit = true;
 	}
 
-	$ext		= substr(strrchr($filename, '.'), 1);
-	$stamp		= (int) substr(stristr($filename, '_'), 1);
-	$filename	= (int) $filename;
-
-	// let's see if we have to send the file at all
-	$last_load 	=  isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) ? strtotime(trim($_SERVER['HTTP_IF_MODIFIED_SINCE'])) : false;
-	if (strpos(strtolower($browser), 'msie 6.0') === false)
+	if (!$exit)
 	{
-		if ($last_load !== false && $last_load <= $stamp)
+		$ext		= substr(strrchr($filename, '.'), 1);
+		$stamp		= (int) substr(stristr($filename, '_'), 1);
+		$filename	= (int) $filename;
+		$exit = set_modified_headers($stamp, $browser);
+	}
+	if (!$exit && !in_array($ext, array('png', 'gif', 'jpg', 'jpeg')))
+	{
+		// no way such an avatar could exist. They are not following the rules, stop the show.
+		header("HTTP/1.0 403 Forbidden");
+		$exit = true;
+	}
+	
+	
+	if (!$exit)
+	{
+		if (!$filename)
 		{
-			if (@php_sapi_name() === 'CGI')
-			{
-				header('Status: 304 Not Modified', true, 304);
-			}
-			else
-			{
-				header('HTTP/1.0 304 Not Modified', true, 304);
-			}
-			// seems that we need those too ... browsers
-			header('Pragma: public');
-			header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', time() + 31536000));
-			exit();
+			// no way such an avatar could exist. They are not following the rules, stop the show.
+			header("HTTP/1.0 403 Forbidden");
 		}
 		else
 		{
-			header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $stamp) . ' GMT');
+			send_avatar_to_browser(($avatar_group ? 'g' : '') . $filename . '.' . $ext, $browser);
 		}
 	}
-
-	if (!in_array($ext, array('png', 'gif', 'jpg', 'jpeg')))
-	{
-		// no way such an avatar could exist. They are not following the rules, stop the show.
-		header("HTTP/1.0 403 Forbidden");
-		if (!empty($cache))
-		{
-			$cache->unload();
-		}
-		$db->sql_close();
-		exit;
-	}
-
-	if (!$filename)
-	{
-		// no way such an avatar could exist. They are not following the rules, stop the show.
-		header("HTTP/1.0 403 Forbidden");
-		if (!empty($cache))
-		{
-			$cache->unload();
-		}
-		$db->sql_close();
-		exit;
-	}
-
-	send_avatar_to_browser(($avatar_group ? 'g' : '') . $filename . '.' . $ext, $browser);
-
-	if (!empty($cache))
-	{
-		$cache->unload();
-	}
-	$db->sql_close();
-	exit;
+	file_gc();
 }
 
 // implicit else: we are not in avatar mode
@@ -142,7 +126,7 @@ if (!$config['allow_attachments'] && !$config['allow_pm_attach'])
 	trigger_error('ATTACHMENT_FUNCTIONALITY_DISABLED');
 }
 
-$sql = 'SELECT attach_id, in_message, post_msg_id, extension, is_orphan, poster_id
+$sql = 'SELECT attach_id, in_message, post_msg_id, extension, is_orphan, poster_id, filetime
 	FROM ' . ATTACHMENTS_TABLE . "
 	WHERE attach_id = $download_id";
 $result = $db->sql_query_limit($sql, 1);
@@ -253,7 +237,7 @@ if (!download_allowed())
 $download_mode = (int) $extensions[$attachment['extension']]['download_mode'];
 
 // Fetching filename here to prevent sniffing of filename
-$sql = 'SELECT attach_id, is_orphan, in_message, post_msg_id, extension, physical_filename, real_filename, mimetype
+$sql = 'SELECT attach_id, is_orphan, in_message, post_msg_id, extension, physical_filename, real_filename, mimetype, filetime
 	FROM ' . ATTACHMENTS_TABLE . "
 	WHERE attach_id = $download_id";
 $result = $db->sql_query_limit($sql, 1);
@@ -291,7 +275,7 @@ else if (($display_cat == ATTACHMENT_CATEGORY_NONE || $display_cat == ATTACHMENT
 	$db->sql_query($sql);
 }
 
-if ($display_cat == ATTACHMENT_CATEGORY_IMAGE && $mode === 'view' && (strpos($attachment['mimetype'], 'image') === 0) && strpos(strtolower($user->browser), 'msie') !== false)
+if ($display_cat == ATTACHMENT_CATEGORY_IMAGE && $mode === 'view' && (strpos($attachment['mimetype'], 'image') === 0) && ((strpos(strtolower($user->browser), 'msie') !== false) && (strpos(strtolower($user->browser), 'msie 8.0') === false)))
 {
 	wrap_img_in_html(append_sid($phpbb_root_path . 'download/file.' . $phpEx, 'id=' . $attachment['attach_id']), $attachment['real_filename']);
 }
@@ -307,12 +291,12 @@ else
 		}
 
 		redirect($phpbb_root_path . $config['upload_path'] . '/' . $attachment['physical_filename']);
-		exit;
+		file_gc();
 	}
 	else
 	{
 		send_file_to_browser($attachment, $config['upload_path'], $display_cat);
-		exit;
+		file_gc();
 	}
 }
 
@@ -348,7 +332,7 @@ function send_avatar_to_browser($file, $browser)
 		$image_data = @getimagesize($file_path);
 		header('Content-Type: ' . image_type_to_mime_type($image_data[2]));
 
-		if (strpos(strtolower($browser), 'msie') !== false)
+		if (strpos(strtolower($browser), 'msie') !== false && strpos(strtolower($browser), 'msie 8.0') === false)
 		{
 			header('Content-Disposition: attachment; ' . header_filename($file));
 
@@ -373,7 +357,7 @@ function send_avatar_to_browser($file, $browser)
 			header("Content-Length: $size");
 		}
 
-		if (@readfile($file_path) === false)
+		if (@readfile($file_path) == false)
 		{
 			$fp = @fopen($file_path, 'rb');
 
@@ -478,9 +462,10 @@ function send_file_to_browser($attachment, $upload_dir, $category)
 	*/
 
 	// Send out the Headers. Do not set Content-Disposition to inline please, it is a security measure for users using the Internet Explorer.
-	header('Content-Type: ' . $attachment['mimetype']);
+	$is_ie8 = (strpos(strtolower($user->browser), 'msie 8.0') !== false);
+	header('Content-Type: ' . $attachment['mimetype'] . (($is_ie8) ? '; authoritative=true;' : ''));
 
-	if (empty($user->browser) || (strpos(strtolower($user->browser), 'msie') !== false))
+	if (empty($user->browser) || (!$is_ie8 && (strpos(strtolower($user->browser), 'msie') !== false)))
 	{
 		header('Content-Disposition: attachment; ' . header_filename(htmlspecialchars_decode($attachment['real_filename'])));
 		if (empty($user->browser) || (strpos(strtolower($user->browser), 'msie 6.0') !== false))
@@ -491,6 +476,10 @@ function send_file_to_browser($attachment, $upload_dir, $category)
 	else
 	{
 		header('Content-Disposition: ' . ((strpos($attachment['mimetype'], 'image') === 0) ? 'inline' : 'attachment') . '; ' . header_filename(htmlspecialchars_decode($attachment['real_filename'])));
+		if ($is_ie8 && (strpos($attachment['mimetype'], 'image') !== 0))
+		{
+			header('X-Download-Options: noopen');
+		}
 	}
 
 	if ($size)
@@ -498,26 +487,32 @@ function send_file_to_browser($attachment, $upload_dir, $category)
 		header("Content-Length: $size");
 	}
 
-	// Try to deliver in chunks
-	@set_time_limit(0);
+	// Close the db connection before sending the file
+	$db->sql_close();
 
-	$fp = @fopen($filename, 'rb');
-
-	if ($fp !== false)
+	if (!set_modified_headers($attachment['filetime'], $user->browser))
 	{
-		while (!feof($fp))
+		// Try to deliver in chunks
+		@set_time_limit(0);
+
+		$fp = @fopen($filename, 'rb');
+
+		if ($fp !== false)
 		{
-			echo fread($fp, 8192);
+			while (!feof($fp))
+			{
+				echo fread($fp, 8192);
+			}
+			fclose($fp);
+		}
+		else
+		{
+			@readfile($filename);
 		}
-		fclose($fp);
-	}
-	else
-	{
-		@readfile($filename);
-	}
 
-	flush();
-	exit;
+		flush();
+	}
+	file_gc();
 }
 
 /**
@@ -649,4 +644,48 @@ function download_allowed()
 	return $allowed;
 }
 
+/**
+* Check if the browser has the file already and set the appropriate headers-
+* @returns false if a resend is in order.
+*/
+function set_modified_headers($stamp, $browser)
+{
+	// let's see if we have to send the file at all
+	$last_load 	=  isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) ? strtotime(trim($_SERVER['HTTP_IF_MODIFIED_SINCE'])) : false;
+	if ((strpos(strtolower($browser), 'msie 6.0') === false) && (strpos(strtolower($browser), 'msie 8.0') === false))
+	{
+		if ($last_load !== false && $last_load <= $stamp)
+		{
+			if (@php_sapi_name() === 'CGI')
+			{
+				header('Status: 304 Not Modified', true, 304);
+			}
+			else
+			{
+				header('HTTP/1.0 304 Not Modified', true, 304);
+			}
+			// seems that we need those too ... browsers
+			header('Pragma: public');
+			header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', time() + 31536000));
+			return true;
+		}
+		else
+		{
+			header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $stamp) . ' GMT');
+		}
+	}
+	return false;
+}
+
+function file_gc()
+{
+	global $cache, $db;
+	if (!empty($cache))
+	{
+		$cache->unload();
+	}
+	$db->sql_close();
+	exit;
+}
+
 ?>

phpBB/includes/acm/acm_file.php

@@ -93,7 +93,13 @@ class acm
 			@flock($fp, LOCK_UN);
 			fclose($fp);
 
-			@chmod($this->cache_dir . 'data_global.' . $phpEx, 0666);
+			if (!function_exists('phpbb_chmod'))
+			{
+				global $phpbb_root_path;
+				include($phpbb_root_path . 'includes/functions.' . $phpEx);
+			}
+
+			phpbb_chmod($this->cache_dir . 'data_global.' . $phpEx, CHMOD_WRITE);
 		}
 		else
 		{
@@ -154,7 +160,7 @@ class acm
 				}
 			}
 		}
-		
+
 		set_config('cache_last_gc', time(), true);
 	}
 
@@ -193,11 +199,17 @@ class acm
 			if ($fp = @fopen($this->cache_dir . "data{$var_name}.$phpEx", 'wb'))
 			{
 				@flock($fp, LOCK_EX);
-				fwrite($fp, "<?php\n\$expired = (time() > " . (time() + $ttl) . ") ? true : false;\nif (\$expired) { return; }\n\n\$data = " . var_export($var, true) . ";\n?>");
+				fwrite($fp, "<?php\n\$expired = (time() > " . (time() + $ttl) . ") ? true : false;\nif (\$expired) { return; }\n\n\$data =  " . (sizeof($var) ? "unserialize(" . var_export(serialize($var), true) . ");" : 'array();') . "\n\n?>");
 				@flock($fp, LOCK_UN);
 				fclose($fp);
 
-				@chmod($this->cache_dir . "data{$var_name}.$phpEx", 0666);
+				if (!function_exists('phpbb_chmod'))
+				{
+					global $phpbb_root_path;
+					include($phpbb_root_path . 'includes/functions.' . $phpEx);
+				}
+
+				phpbb_chmod($this->cache_dir . "data{$var_name}.$phpEx", CHMOD_WRITE);
 			}
 		}
 		else
@@ -412,11 +424,17 @@ class acm
 			$file = "<?php\n\n/* " . str_replace('*/', '*\/', $query) . " */\n";
 			$file .= "\n\$expired = (time() > " . (time() + $ttl) . ") ? true : false;\nif (\$expired) { return; }\n";
 
-			fwrite($fp, $file . "\n\$this->sql_rowset[\$query_id] = " . var_export($this->sql_rowset[$query_id], true) . ";\n?>");
+			fwrite($fp, $file . "\n\$this->sql_rowset[\$query_id] = " . (sizeof($this->sql_rowset[$query_id]) ? "unserialize(" . var_export(serialize($this->sql_rowset[$query_id]), true) . ");" : 'array();') . "\n\n?>");
 			@flock($fp, LOCK_UN);
 			fclose($fp);
 
-			@chmod($filename, 0666);
+			if (!function_exists('phpbb_chmod'))
+			{
+				global $phpbb_root_path;
+				include($phpbb_root_path . 'includes/functions.' . $phpEx);
+			}
+
+			phpbb_chmod($filename, CHMOD_WRITE);
 
 			$query_result = $query_id;
 		}
@@ -491,7 +509,7 @@ class acm
 	*/
 	function remove_file($filename, $check = false)
 	{
-		if ($check && !@is_writeable($this->cache_dir))
+		if ($check && !@is_writable($this->cache_dir))
 		{
 			// E_USER_ERROR - not using language entry - intended.
 			trigger_error('Unable to remove files within ' . $this->cache_dir . '. Please check directory permissions.', E_USER_ERROR);

phpBB/includes/acp/acp_attachments.php

@@ -117,7 +117,9 @@ class acp_attachments
 						'max_attachments_pm'	=> array('lang' => 'MAX_ATTACHMENTS_PM',	'validate' => 'int',	'type' => 'text:3:3', 'explain' => false),
 						'secure_downloads'		=> array('lang' => 'SECURE_DOWNLOADS',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'secure_allow_deny'		=> array('lang' => 'SECURE_ALLOW_DENY',		'validate' => 'int',	'type' => 'custom', 'method' => 'select_allow_deny', 'explain' => true),
-						'secure_allow_empty_referer' => array('lang' => 'SECURE_EMPTY_REFERRER', 'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
+						'secure_allow_empty_referer'	=> array('lang' => 'SECURE_EMPTY_REFERRER', 'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
+						'check_attachment_content' 		=> array('lang' => 'CHECK_CONTENT', 'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
+
 
 						'legend2'					=> $l_legend_cat_images,
 						'img_display_inlined'		=> array('lang' => 'DISPLAY_INLINED',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
@@ -156,7 +158,7 @@ class acp_attachments
 					if (in_array($config_name, array('attachment_quota', 'max_filesize', 'max_filesize_pm')))
 					{
 						$size_var = request_var($config_name, '');
-						$this->new_config[$config_name] = $config_value = ($size_var == 'kb') ? ($config_value << 10) : (($size_var == 'mb') ? ($config_value << 20) : $config_value);
+						$this->new_config[$config_name] = $config_value = ($size_var == 'kb') ? round($config_value * 1024) : (($size_var == 'mb') ? round($config_value * 1048576) : $config_value);
 					}
 
 					if ($submit)
@@ -278,12 +280,18 @@ class acp_attachments
 						$l_explain = (isset($user->lang[$vars['lang'] . '_EXPLAIN'])) ? $user->lang[$vars['lang'] . '_EXPLAIN'] : '';
 					}
 
+					$content = build_cfg_template($type, $config_key, $this->new_config, $config_key, $vars);
+					if (empty($content))
+					{
+						continue;
+					}
+
 					$template->assign_block_vars('options', array(
 						'KEY'			=> $config_key,
 						'TITLE'			=> $user->lang[$vars['lang']],
 						'S_EXPLAIN'		=> $vars['explain'],
 						'TITLE_EXPLAIN'	=> $l_explain,
-						'CONTENT'		=> build_cfg_template($type, $config_key, $this->new_config, $config_key, $vars),
+						'CONTENT'		=> $content,
 						)
 					);
 
@@ -504,7 +512,7 @@ class acp_attachments
 						$allowed_forums	= request_var('allowed_forums', array(0));
 						$allow_in_pm	= (isset($_POST['allow_in_pm'])) ? true : false;
 						$max_filesize	= request_var('max_filesize', 0);
-						$max_filesize	= ($size_select == 'kb') ? ($max_filesize << 10) : (($size_select == 'mb') ? ($max_filesize << 20) : $max_filesize);
+						$max_filesize	= ($size_select == 'kb') ? round($max_filesize * 1024) : (($size_select == 'mb') ? round($max_filesize * 1048576) : $max_filesize);
 						$allow_group	= (isset($_POST['allow_group'])) ? true : false;
 
 						if ($max_filesize == $config['max_filesize'])
@@ -757,6 +765,8 @@ class acp_attachments
 
 						$s_forum_id_options = '';
 
+						/** @todo use in-built function **/
+
 						$sql = 'SELECT forum_id, forum_name, parent_id, forum_type, left_id, right_id
 							FROM ' . FORUMS_TABLE . '
 							ORDER BY left_id ASC';
@@ -787,7 +797,7 @@ class acp_attachments
 							}
 							else if ($row['left_id'] > $right + 1)
 							{
-								$padding = $padding_store[$row['parent_id']];
+								$padding = empty($padding_store[$row['parent_id']]) ? '' : $padding_store[$row['parent_id']];
 							}
 
 							$right = $row['right_id'];
@@ -1160,7 +1170,7 @@ class acp_attachments
 					$location .= '/';
 				}
 
-				if (@is_readable($location . 'mogrify' . $exe) && @filesize($location . 'mogrify' . $exe) > 3000)
+				if (@file_exists($location) && @is_readable($location . 'mogrify' . $exe) && @filesize($location . 'mogrify' . $exe) > 3000)
 				{
 					$imagick = str_replace('\\', '/', $location);
 					continue;
@@ -1188,7 +1198,7 @@ class acp_attachments
 			if (!file_exists($phpbb_root_path . $upload_dir))
 			{
 				@mkdir($phpbb_root_path . $upload_dir, 0777);
-				@chmod($phpbb_root_path . $upload_dir, 0777);
+				phpbb_chmod($phpbb_root_path . $upload_dir, CHMOD_READ | CHMOD_WRITE);
 			}
 		}
 

phpBB/includes/acp/acp_bbcodes.php

@@ -168,6 +168,12 @@ class acp_bbcodes
 				{
 					trigger_error($user->lang['BBCODE_TAG_DEF_TOO_LONG'] . adm_back_link($this->u_action), E_USER_WARNING);
 				}
+				
+				
+				if (strlen($bbcode_helpline) > 255)
+				{
+					trigger_error($user->lang['BBCODE_HELPLINE_TOO_LONG'] . adm_back_link($this->u_action), E_USER_WARNING);
+				}
 
 				$sql_ary = array(
 					'bbcode_tag'				=> $data['bbcode_tag'],

phpBB/includes/acp/acp_board.php

@@ -131,6 +131,7 @@ class acp_board
 						'pm_max_msgs'			=> array('lang' => 'BOXES_LIMIT',			'validate' => 'int:0',	'type' => 'text:4:4', 'explain' => true),
 						'full_folder_action'	=> array('lang' => 'FULL_FOLDER_ACTION',	'validate' => 'int',	'type' => 'select', 'method' => 'full_folder_select', 'explain' => true),
 						'pm_edit_time'			=> array('lang' => 'PM_EDIT_TIME',			'validate' => 'int:0',	'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['MINUTES']),
+						'pm_max_recipients'		=> array('lang' => 'PM_MAX_RECIPIENTS',		'validate' => 'int:0',	'type' => 'text:5:5', 'explain' => true),
 
 						'legend2'				=> 'GENERAL_OPTIONS',
 						'allow_mass_pm'			=> array('lang' => 'ALLOW_MASS_PM',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
@@ -163,22 +164,24 @@ class acp_board
 						'enable_post_confirm'	=> array('lang' => 'VISUAL_CONFIRM_POST',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 
 						'legend2'				=> 'POSTING',
+						'enable_queue_trigger'	=> array('lang' => 'ENABLE_QUEUE_TRIGGER',	'validate' => 'bool',		'type' => 'radio:yes_no', 'explain' => true),
+						'queue_trigger_posts'	=> array('lang' => 'QUEUE_TRIGGER_POSTS',	'validate' => 'int:0:250',	'type' => 'text:4:4', 'explain' => true),
 						'bump_type'				=> false,
-						'edit_time'				=> array('lang' => 'EDIT_TIME',				'validate' => 'int:0',	'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['MINUTES']),
-						'display_last_edited'	=> array('lang' => 'DISPLAY_LAST_EDITED',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
-						'flood_interval'		=> array('lang' => 'FLOOD_INTERVAL',		'validate' => 'int:0',	'type' => 'text:3:10', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
-						'bump_interval'			=> array('lang' => 'BUMP_INTERVAL',			'validate' => 'int:0',	'type' => 'custom', 'method' => 'bump_interval', 'explain' => true),
-						'topics_per_page'		=> array('lang' => 'TOPICS_PER_PAGE',		'validate' => 'int:1',	'type' => 'text:3:4', 'explain' => false),
-						'posts_per_page'		=> array('lang' => 'POSTS_PER_PAGE',		'validate' => 'int:1',	'type' => 'text:3:4', 'explain' => false),
-						'hot_threshold'			=> array('lang' => 'HOT_THRESHOLD',			'validate' => 'int:0',	'type' => 'text:3:4', 'explain' => true),
-						'max_poll_options'		=> array('lang' => 'MAX_POLL_OPTIONS',		'validate' => 'int:0',	'type' => 'text:4:4', 'explain' => false),
-						'max_post_chars'		=> array('lang' => 'CHAR_LIMIT',			'validate' => 'int:0',	'type' => 'text:4:6', 'explain' => true),
-						'max_post_smilies'		=> array('lang' => 'SMILIES_LIMIT',			'validate' => 'int:0',	'type' => 'text:4:4', 'explain' => true),
-						'max_post_urls'			=> array('lang' => 'MAX_POST_URLS',			'validate' => 'int:0',	'type' => 'text:5:4', 'explain' => true),
-						'max_post_font_size'	=> array('lang' => 'MAX_POST_FONT_SIZE',	'validate' => 'int:0',	'type' => 'text:5:4', 'explain' => true, 'append' => ' %'),
-						'max_quote_depth'		=> array('lang' => 'QUOTE_DEPTH_LIMIT',		'validate' => 'int:0',	'type' => 'text:4:4', 'explain' => true),
-						'max_post_img_width'	=> array('lang' => 'MAX_POST_IMG_WIDTH',	'validate' => 'int:0',	'type' => 'text:5:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
-						'max_post_img_height'	=> array('lang' => 'MAX_POST_IMG_HEIGHT',	'validate' => 'int:0',	'type' => 'text:5:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
+						'edit_time'				=> array('lang' => 'EDIT_TIME',				'validate' => 'int:0',		'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['MINUTES']),
+						'display_last_edited'	=> array('lang' => 'DISPLAY_LAST_EDITED',	'validate' => 'bool',		'type' => 'radio:yes_no', 'explain' => true),
+						'flood_interval'		=> array('lang' => 'FLOOD_INTERVAL',		'validate' => 'int:0',		'type' => 'text:3:10', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
+						'bump_interval'			=> array('lang' => 'BUMP_INTERVAL',			'validate' => 'int:0',		'type' => 'custom', 'method' => 'bump_interval', 'explain' => true),
+						'topics_per_page'		=> array('lang' => 'TOPICS_PER_PAGE',		'validate' => 'int:1',		'type' => 'text:3:4', 'explain' => false),
+						'posts_per_page'		=> array('lang' => 'POSTS_PER_PAGE',		'validate' => 'int:1',		'type' => 'text:3:4', 'explain' => false),
+						'hot_threshold'			=> array('lang' => 'HOT_THRESHOLD',			'validate' => 'int:0',		'type' => 'text:3:4', 'explain' => true),
+						'max_poll_options'		=> array('lang' => 'MAX_POLL_OPTIONS',		'validate' => 'int:2:127',	'type' => 'text:4:4', 'explain' => false),
+						'max_post_chars'		=> array('lang' => 'CHAR_LIMIT',			'validate' => 'int:0',		'type' => 'text:4:6', 'explain' => true),
+						'max_post_smilies'		=> array('lang' => 'SMILIES_LIMIT',			'validate' => 'int:0',		'type' => 'text:4:4', 'explain' => true),
+						'max_post_urls'			=> array('lang' => 'MAX_POST_URLS',			'validate' => 'int:0',		'type' => 'text:5:4', 'explain' => true),
+						'max_post_font_size'	=> array('lang' => 'MAX_POST_FONT_SIZE',	'validate' => 'int:0',		'type' => 'text:5:4', 'explain' => true, 'append' => ' %'),
+						'max_quote_depth'		=> array('lang' => 'QUOTE_DEPTH_LIMIT',		'validate' => 'int:0',		'type' => 'text:4:4', 'explain' => true),
+						'max_post_img_width'	=> array('lang' => 'MAX_POST_IMG_WIDTH',	'validate' => 'int:0',		'type' => 'text:5:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
+						'max_post_img_height'	=> array('lang' => 'MAX_POST_IMG_HEIGHT',	'validate' => 'int:0',		'type' => 'text:5:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
 					)
 				);
 			break;
@@ -323,6 +326,7 @@ class acp_board
 						'ip_check'				=> array('lang' => 'IP_VALID',				'validate' => 'int',	'type' => 'custom', 'method' => 'select_ip_check', 'explain' => true),
 						'browser_check'			=> array('lang' => 'BROWSER_VALID',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'forwarded_for_check'	=> array('lang' => 'FORWARDED_FOR_VALID',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
+						'referer_validation'	=> array('lang' => 'REFERER_VALID',		'validate' => 'int:0:3','type' => 'custom', 'method' => 'select_ref_check', 'explain' => true),
 						'check_dnsbl'			=> array('lang' => 'CHECK_DNSBL',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'email_check_mx'		=> array('lang' => 'EMAIL_CHECK_MX',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'pass_complex'			=> array('lang' => 'PASSWORD_TYPE',			'validate' => 'string',	'type' => 'select', 'method' => 'select_password_chars', 'explain' => true),
@@ -556,20 +560,20 @@ class acp_board
 			{
 				$l_explain = (isset($user->lang[$vars['lang'] . '_EXPLAIN'])) ? $user->lang[$vars['lang'] . '_EXPLAIN'] : '';
 			}
-			
+
 			$content = build_cfg_template($type, $config_key, $this->new_config, $config_key, $vars);
-			
+
 			if (empty($content))
 			{
 				continue;
 			}
-			
+
 			$template->assign_block_vars('options', array(
 				'KEY'			=> $config_key,
 				'TITLE'			=> (isset($user->lang[$vars['lang']])) ? $user->lang[$vars['lang']] : $vars['lang'],
 				'S_EXPLAIN'		=> $vars['explain'],
 				'TITLE_EXPLAIN'	=> $l_explain,
-				'CONTENT'		=> build_cfg_template($type, $config_key, $this->new_config, $config_key, $vars),
+				'CONTENT'		=> $content,
 				)
 			);
 
@@ -677,6 +681,16 @@ class acp_board
 		return h_radio('config[ip_check]', $radio_ary, $value, $key);
 	}
 
+	/**
+	* Select referer validation
+	*/
+	function select_ref_check($value, $key = '')
+	{
+		$radio_ary = array(REFERER_VALIDATE_PATH => 'REF_PATH', REFERER_VALIDATE_HOST => 'REF_HOST', REFERER_VALIDATE_NONE => 'NO_REF_VALIDATION');
+
+		return h_radio('config[referer_validation]', $radio_ary, $value, $key);
+	}
+
 	/**
 	* Select account activation method
 	*/

phpBB/includes/acp/acp_captcha.php

@@ -29,7 +29,7 @@ class acp_captcha
 
 		$user->add_lang('acp/board');
 
-		
+
 		$captcha_vars = array(
 			'captcha_gd_x_grid'				=> 'CAPTCHA_GD_X_GRID',
 			'captcha_gd_y_grid'				=> 'CAPTCHA_GD_Y_GRID',
@@ -54,7 +54,7 @@ class acp_captcha
 			}
 			$captcha = new captcha();
 			$captcha->execute(gen_rand_string(mt_rand(5, 8)), time());
-			exit_handler();
+			exit;
 		}
 
 		$config_vars = array(
@@ -80,7 +80,11 @@ class acp_captcha
 			$captcha_vars = array_keys($captcha_vars);
 			foreach ($captcha_vars as $captcha_var)
 			{
-				set_config($captcha_var, request_var($captcha_var, 0));
+				$value = request_var($captcha_var, 0);
+				if ($value >= 0)
+				{
+					set_config($captcha_var, $value);
+				}
 			}
 			trigger_error($user->lang['CONFIG_UPDATED'] . adm_back_link($this->u_action));
 		}
@@ -90,7 +94,7 @@ class acp_captcha
 		}
 		else
 		{
-			
+
 			$preview_image_src = append_sid(append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&demo=demo"));
 			if (@extension_loaded('gd'))
 			{
@@ -110,7 +114,7 @@ class acp_captcha
 				'CAPTCHA_PREVIEW'	=> $preview_image_src,
 				'PREVIEW'			=> isset($_POST['preview']),
 			));
-			
+
 		}
 	}
 }

phpBB/includes/acp/acp_database.php

@@ -25,7 +25,7 @@ class acp_database
 
 	function main($id, $mode)
 	{
-		global $db, $user, $auth, $template, $table_prefix;
+		global $cache, $db, $user, $auth, $template, $table_prefix;
 		global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx;
 		
 		$user->add_lang('acp/database');
@@ -159,18 +159,20 @@ class acp_database
 
 						$extractor->write_end();
 
+						add_log('admin', 'LOG_DB_BACKUP');
+
 						if ($download == true)
 						{
 							exit;
 						}
 
-						add_log('admin', 'LOG_DB_BACKUP');
 						trigger_error($user->lang['BACKUP_SUCCESS'] . adm_back_link($this->u_action));
 					break;
 
 					default:
 						include($phpbb_root_path . 'includes/functions_install.' . $phpEx);
 						$tables = get_tables($db);
+						asort($tables);
 						foreach ($tables as $table_name)
 						{
 							if (strlen($table_prefix) === 0 || stripos($table_name, $table_prefix) === 0)
@@ -345,7 +347,25 @@ class acp_database
 									while (($sql = $fgetd($fp, $delim, $read, $seek, $eof)) !== false)
 									{
 										$query = trim($sql);
-										$db->sql_query($query);
+
+										if (substr($query, 0, 13) == 'CREATE DOMAIN')
+										{
+											list(, , $domain) = explode(' ', $query);
+											$sql = "SELECT domain_name
+												FROM information_schema.domains
+												WHERE domain_name = '$domain';";
+											$result = $db->sql_query($sql);
+											if (!$db->sql_fetchrow($result))
+											{
+												$db->sql_query($query);
+											}
+											$db->sql_freeresult($result);
+										}
+										else
+										{
+											$db->sql_query($query);
+										}
+
 										if (substr($query, 0, 4) == 'COPY')
 										{
 											while (($sub = $fgetd($fp, "\n", $read, $seek, $eof)) !== '\.')
@@ -380,6 +400,9 @@ class acp_database
 
 							$close($fp);
 
+							// Purge the cache due to updated data
+							$cache->purge();
+
 							add_log('admin', 'LOG_DB_RESTORE');
 							trigger_error($user->lang['RESTORE_SUCCESS'] . adm_back_link($this->u_action));
 							break;
@@ -597,7 +620,7 @@ class mysql_extractor extends base_extractor
 
 		if ($new_extract === null)
 		{
-			if ($db->sql_layer === 'mysqli' || version_compare($db->mysql_version, '3.23.20', '>='))
+			if ($db->sql_layer === 'mysqli' || version_compare($db->sql_server_info(true), '3.23.20', '>='))
 			{
 				$new_extract = true;
 			}
@@ -1087,7 +1110,7 @@ class postgres_extractor extends base_extractor
 		}
 
 		$sql_data = '-- Table: ' . $table_name . "\n";
-		//$sql_data .= "DROP TABLE $table_name;\n";
+		$sql_data .= "DROP TABLE $table_name;\n";
 		// PGSQL does not "tightly" bind sequences and tables, we must guess...
 		$sql = "SELECT relname
 			FROM pg_class
@@ -1156,7 +1179,7 @@ class postgres_extractor extends base_extractor
 				$line .= ')';
 			}
 
-			if (!empty($row['rowdefault']))
+			if (isset($row['rowdefault']))
 			{
 				$line .= ' DEFAULT ' . $row['rowdefault'];
 			}

phpBB/includes/acp/acp_forums.php

@@ -56,7 +56,7 @@ class acp_forums
 				$total = request_var('total', 0);
 
 				$this->display_progress_bar($start, $total);
-				exit_handler();
+				exit;
 			break;
 
 			case 'delete':
@@ -74,7 +74,7 @@ class acp_forums
 				{
 					trigger_error($user->lang['NO_PERMISSION_FORUM_ADD'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id), E_USER_WARNING);
 				}
-			
+
 			break;
 		}
 
@@ -100,7 +100,7 @@ class acp_forums
 					$cache->destroy('sql', FORUMS_TABLE);
 
 					trigger_error($user->lang['FORUM_DELETED'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id));
-	
+
 				break;
 
 				case 'edit':
@@ -154,8 +154,11 @@ class acp_forums
 					if ($forum_data['forum_type'] == FORUM_LINK)
 					{
 						$forum_data['display_on_index'] = request_var('link_display_on_index', false);
+					}
 
-						// Linked forums are not able to be locked...
+					// Linked forums and categories are not able to be locked...
+					if ($forum_data['forum_type'] == FORUM_LINK || $forum_data['forum_type'] == FORUM_CAT)
+					{
 						$forum_data['forum_status'] = ITEM_UNLOCKED;
 					}
 
@@ -189,7 +192,7 @@ class acp_forums
 								$sql = 'DELETE FROM ' . ACL_USERS_TABLE . '
 									WHERE forum_id = ' . (int) $forum_data['forum_id'];
 								$db->sql_query($sql);
-	
+
 								$sql = 'DELETE FROM ' . ACL_GROUPS_TABLE . '
 									WHERE forum_id = ' . (int) $forum_data['forum_id'];
 								$db->sql_query($sql);
@@ -245,7 +248,7 @@ class acp_forums
 
 						$auth->acl_clear_prefetch();
 						$cache->destroy('sql', FORUMS_TABLE);
-	
+
 						$acl_url = '&mode=setting_forum_local&forum_id[]=' . $forum_data['forum_id'];
 
 						$message = ($action == 'add') ? $user->lang['FORUM_CREATED'] : $user->lang['FORUM_UPDATED'];
@@ -543,7 +546,7 @@ class acp_forums
 
 				$forum_type_options = '';
 				$forum_type_ary = array(FORUM_CAT => 'CAT', FORUM_POST => 'FORUM', FORUM_LINK => 'LINK');
-		
+
 				foreach ($forum_type_ary as $value => $lang)
 				{
 					$forum_type_options .= '<option value="' . $value . '"' . (($value == $forum_data['forum_type']) ? ' selected="selected"' : '') . '>' . $user->lang['TYPE_' . $lang] . '</option>';
@@ -613,7 +616,7 @@ class acp_forums
 						}
 					}
 				}
-				
+
 				if (strlen($forum_data['forum_password']) == 32)
 				{
 					$errors[] = $user->lang['FORUM_PASSWORD_OLD'];
@@ -918,14 +921,13 @@ class acp_forums
 			$forum_data['prune_days'] = $forum_data['prune_viewed'] = $forum_data['prune_freq'] = 0;
 			$errors[] = $user->lang['FORUM_DATA_NEGATIVE'];
 		}
-		
+
 		$range_test_ary = array(
 			array('lang' => 'FORUM_TOPICS_PAGE', 'value' => $forum_data['forum_topics_per_page'], 'column_type' => 'TINT:0'),
 		);
+
 		validate_range($range_test_ary, $errors);
 
-
-
 		// Set forum flags
 		// 1 = link tracking
 		// 2 = prune old polls
@@ -974,7 +976,7 @@ class acp_forums
 			$forum_data_sql['forum_password'] = phpbb_hash($forum_data_sql['forum_password']);
 		}
 		unset($forum_data_sql['forum_password_unset']);
-		
+
 		if (!isset($forum_data_sql['forum_id']))
 		{
 			// no forum_id means we're creating a new forum
@@ -1206,7 +1208,14 @@ class acp_forums
 
 			if ($row['parent_id'] != $forum_data_sql['parent_id'])
 			{
-				$errors = $this->move_forum($forum_data_sql['forum_id'], $forum_data_sql['parent_id']);
+				if ($row['forum_id'] != $forum_data_sql['parent_id'])
+				{
+					$errors = $this->move_forum($forum_data_sql['forum_id'], $forum_data_sql['parent_id']);
+				}
+				else
+				{
+					$forum_data_sql['parent_id'] = $row['parent_id'];
+				}
 			}
 
 			if (sizeof($errors))
@@ -1632,7 +1641,7 @@ class acp_forums
 			WHERE p.forum_id = $forum_id
 				AND a.in_message = 0
 				AND a.topic_id = p.topic_id";
-		$result = $db->sql_query($sql);	
+		$result = $db->sql_query($sql);
 
 		$topic_ids = array();
 		while ($row = $db->sql_fetchrow($result))
@@ -1647,7 +1656,8 @@ class acp_forums
 		$sql = 'SELECT poster_id
 			FROM ' . POSTS_TABLE . '
 			WHERE forum_id = ' . $forum_id . '
-				AND post_postcount = 1';
+				AND post_postcount = 1
+				AND post_approved = 1';
 		$result = $db->sql_query($sql);
 
 		$post_counts = array();
@@ -1690,7 +1700,7 @@ class acp_forums
 			break;
 
 			default:
-			
+
 				// Delete everything else and curse your DB for not offering multi-table deletion
 				$tables_ary = array(
 					'post_id'	=>	array(
@@ -1768,6 +1778,7 @@ class acp_forums
 					WHERE user_id = ' . $poster_id . '
 					AND user_posts < ' . $substract;
 				$db->sql_query($sql);
+
 				$sql = 'UPDATE ' . USERS_TABLE . '
 					SET user_posts = user_posts - ' . $substract . '
 					WHERE user_id = ' . $poster_id . '
@@ -1811,7 +1822,7 @@ class acp_forums
 		$row = $db->sql_fetchrow($result);
 		$db->sql_freeresult($result);
 
-		set_config('upload_dir_size', (int) $row['stat'], true);
+		set_config('upload_dir_size', (float) $row['stat'], true);
 
 		return array();
 	}

phpBB/includes/acp/acp_groups.php

@@ -87,24 +87,32 @@ class acp_groups
 
 				// Approve, demote or promote
 				$group_name = ($group_row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $group_row['group_name']] : $group_row['group_name'];
-				group_user_attributes($action, $group_id, $mark_ary, false, $group_name);
+				$error = group_user_attributes($action, $group_id, $mark_ary, false, $group_name);
 
-				switch ($action)
+				if (!$error)
 				{
-					case 'demote':
-						$message = 'GROUP_MODS_DEMOTED';
-					break;
+					switch ($action)
+					{
+						case 'demote':
+							$message = 'GROUP_MODS_DEMOTED';
+						break;
 
-					case 'promote':
-						$message = 'GROUP_MODS_PROMOTED';
-					break;
+						case 'promote':
+							$message = 'GROUP_MODS_PROMOTED';
+						break;
 
-					case 'approve':
-						$message = 'USERS_APPROVED';
-					break;
+						case 'approve':
+							$message = 'USERS_APPROVED';
+						break;
+					}
+
+					trigger_error($user->lang[$message] . adm_back_link($this->u_action . '&action=list&g=' . $group_id));
+				}
+				else
+				{
+					trigger_error($user->lang[$error] . adm_back_link($this->u_action . '&action=list&g=' . $group_id), E_USER_WARNING);
 				}
 
-				trigger_error($user->lang[$message] . adm_back_link($this->u_action . '&action=list&g=' . $group_id));
 			break;
 
 			case 'default':
@@ -172,13 +180,17 @@ class acp_groups
 
 			case 'deleteusers':
 			case 'delete':
+				if (!$group_id)
+				{
+					trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action), E_USER_WARNING);
+				}
+				else if ($action === 'delete' && $group_row['group_type'] == GROUP_SPECIAL)
+				{
+					trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING);
+				}
+
 				if (confirm_box(true))
 				{
-					if (!$group_id)
-					{
-						trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action), E_USER_WARNING);
-					}
-
 					$error = '';
 
 					switch ($action)
@@ -295,6 +307,7 @@ class acp_groups
 						'receive_pm'		=> isset($_REQUEST['group_receive_pm']) ? 1 : 0,
 						'legend'			=> isset($_REQUEST['group_legend']) ? 1 : 0,
 						'message_limit'		=> request_var('group_message_limit', 0),
+						'max_recipients'	=> request_var('group_max_recipients', 0),
 						'founder_manage'	=> 0,
 					);
 
@@ -387,7 +400,7 @@ class acp_groups
 						// were made.
 
 						$group_attributes = array();
-						$test_variables = array('rank', 'colour', 'avatar', 'avatar_type', 'avatar_width', 'avatar_height', 'receive_pm', 'legend', 'message_limit', 'founder_manage');
+						$test_variables = array('rank', 'colour', 'avatar', 'avatar_type', 'avatar_width', 'avatar_height', 'receive_pm', 'legend', 'message_limit', 'max_recipients', 'founder_manage');
 						foreach ($test_variables as $test)
 						{
 							if (isset($submit_ary[$test]) && ($action == 'add' || $group_row['group_' . $test] != $submit_ary[$test]))
@@ -547,6 +560,7 @@ class acp_groups
 					'GROUP_FOUNDER_MANAGE'	=> (isset($group_row['group_founder_manage']) && $group_row['group_founder_manage']) ? ' checked="checked"' : '',
 					'GROUP_LEGEND'			=> (isset($group_row['group_legend']) && $group_row['group_legend']) ? ' checked="checked"' : '',
 					'GROUP_MESSAGE_LIMIT'	=> (isset($group_row['group_message_limit'])) ? $group_row['group_message_limit'] : 0,
+					'GROUP_MAX_RECIPIENTS'	=> (isset($group_row['group_max_recipients'])) ? $group_row['group_max_recipients'] : 0,
 					'GROUP_COLOUR'			=> (isset($group_row['group_colour'])) ? $group_row['group_colour'] : '',
 
 
@@ -739,14 +753,14 @@ class acp_groups
 			foreach ($row_ary as $group_id => $row)
 			{
 				$group_name = (!empty($user->lang['G_' . $row['group_name']]))? $user->lang['G_' . $row['group_name']] : $row['group_name'];
-				
+
 				$template->assign_block_vars('groups', array(
 					'U_LIST'		=> "{$this->u_action}&action=list&g=$group_id",
 					'U_EDIT'		=> "{$this->u_action}&action=edit&g=$group_id",
 					'U_DELETE'		=> ($auth->acl_get('a_groupdel')) ? "{$this->u_action}&action=delete&g=$group_id" : '',
 
 					'S_GROUP_SPECIAL'	=> ($row['group_type'] == GROUP_SPECIAL) ? true : false,
-					
+
 					'GROUP_NAME'	=> $group_name,
 					'TOTAL_MEMBERS'	=> $row['total_members'],
 					)

phpBB/includes/acp/acp_icons.php

@@ -73,6 +73,13 @@ class acp_icons
 
 			foreach ($imglist as $path => $img_ary)
 			{
+				if (empty($img_ary))
+				{
+					continue;
+				}
+
+				asort($img_ary, SORT_STRING);
+
 				foreach ($img_ary as $img)
 				{
 					$img_size = getimagesize($phpbb_root_path . $img_path . '/' . $path . $img);
@@ -99,6 +106,11 @@ class acp_icons
 					}
 				}
 				closedir($dir);
+
+				if (!empty($_paks))
+				{
+					asort($_paks, SORT_STRING);
+				}
 			}
 		}
 
@@ -436,7 +448,7 @@ class acp_icons
 					default:
 						$suc_lang = $lang;
 				}
-				$errormsgs = '<br />';
+				$errormsgs = '';
 				foreach ($errors as $img => $error)
 				{
 					$errormsgs .= '<br />' . sprintf($user->lang[$error], $img);
@@ -447,7 +459,7 @@ class acp_icons
 				}
 				else
 				{
-					trigger_error($user->lang[$suc_lang . '_ADDED'] . $errormsgs .adm_back_link($this->u_action), $level);
+					trigger_error($user->lang[$suc_lang . '_ADDED'] . $errormsgs . adm_back_link($this->u_action), $level);
 				}
 
 			break;

phpBB/includes/acp/acp_jabber.php

@@ -85,6 +85,19 @@ class acp_jabber
 
 				$jabber->disconnect();
 			}
+			else
+			{
+				// This feature is disabled.
+				// We update the user table to be sure all users that have IM as notify type are set to both  as notify type
+				$sql_ary = array(
+					'user_notify_type'		=> NOTIFY_BOTH,
+				);
+
+				$sql = 'UPDATE ' . USERS_TABLE . '
+					SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
+					WHERE user_notify_type = ' . NOTIFY_IM;
+				$db->sql_query($sql);
+			}
 
 			set_config('jab_enable', $jab_enable);
 			set_config('jab_host', $jab_host);

phpBB/includes/acp/acp_language.php

@@ -181,7 +181,7 @@ class acp_language
 			case 'submit_file':
 			case 'download_file':
 			case 'upload_data':
-				
+
 				if (!$submit || !check_form_key($form_name))
 				{
 					trigger_error($user->lang['FORM_INVALID']. adm_back_link($this->u_action), E_USER_WARNING);
@@ -261,16 +261,16 @@ class acp_language
 				if (!$safe_mode)
 				{
 					$mkdir_ary = array('language', 'language/' . $row['lang_iso']);
-					
+
 					if ($this->language_directory)
 					{
 						$mkdir_ary[] = 'language/' . $row['lang_iso'] . '/' . $this->language_directory;
 					}
-				
+
 					foreach ($mkdir_ary as $dir)
 					{
 						$dir = $phpbb_root_path . 'store/' . $dir;
-			
+
 						if (!is_dir($dir))
 						{
 							if (!@mkdir($dir, 0777))
@@ -316,7 +316,7 @@ class acp_language
 							}
 
 							$entry = "\tarray(\n";
-							
+
 							foreach ($value as $_key => $_value)
 							{
 								$entry .= "\t\t" . (int) $_key . "\t=> '" . $this->prepare_lang_entry($_value) . "',\n";
@@ -433,7 +433,7 @@ class acp_language
 				{
 					trigger_error($user->lang['NO_LANG_ID'] . adm_back_link($this->u_action), E_USER_WARNING);
 				}
-				
+
 				$this->page_title = 'LANGUAGE_PACK_DETAILS';
 
 				$sql = 'SELECT *
@@ -442,7 +442,7 @@ class acp_language
 				$result = $db->sql_query($sql);
 				$lang_entries = $db->sql_fetchrow($result);
 				$db->sql_freeresult($result);
-				
+
 				$lang_iso = $lang_entries['lang_iso'];
 				$missing_vars = $missing_files = array();
 
@@ -488,7 +488,7 @@ class acp_language
 							trigger_error($user->lang['WRONG_LANGUAGE_FILE'] . adm_back_link($this->u_action . '&action=details&id=' . $lang_id), E_USER_WARNING);
 						}
 				}
-				
+
 				if (isset($_POST['remove_store']))
 				{
 					$store_filename = $this->get_filename($lang_iso, $this->language_directory, $this->language_file, true, true);
@@ -532,7 +532,7 @@ class acp_language
 						if (file_exists($phpbb_root_path . $this->get_filename($lang_iso, '', $file)))
 						{
 							$missing_vars[$file] = $this->compare_language_files($config['default_lang'], $lang_iso, '', $file);
-							
+
 							if (sizeof($missing_vars[$file]))
 							{
 								$is_missing_var = true;
@@ -550,7 +550,7 @@ class acp_language
 						if (file_exists($phpbb_root_path . $this->get_filename($lang_iso, 'acp', $file)))
 						{
 							$missing_vars['acp/' . $file] = $this->compare_language_files($config['default_lang'], $lang_iso, 'acp', $file);
-							
+
 							if (sizeof($missing_vars['acp/' . $file]))
 							{
 								$is_missing_var = true;
@@ -569,7 +569,7 @@ class acp_language
 							if (file_exists($phpbb_root_path . $this->get_filename($lang_iso, 'mods', $file)))
 							{
 								$missing_vars['mods/' . $file] = $this->compare_language_files($config['default_lang'], $lang_iso, 'mods', $file);
-								
+
 								if (sizeof($missing_vars['mods/' . $file]))
 								{
 									$is_missing_var = true;
@@ -581,7 +581,7 @@ class acp_language
 							}
 						}
 					}
-				
+
 					// More missing files... for example email templates?
 					foreach ($email_files as $file)
 					{
@@ -1046,7 +1046,7 @@ class acp_language
 				$compress->add_data('', 'language/' . $row['lang_iso'] . '/index.html');
 				$compress->add_data('', 'language/' . $row['lang_iso'] . '/email/index.html');
 				$compress->add_data('', 'language/' . $row['lang_iso'] . '/acp/index.html');
-				
+
 				if (sizeof($mod_files))
 				{
 					$compress->add_data('', 'language/' . $row['lang_iso'] . '/mods/index.html');
@@ -1208,7 +1208,7 @@ $lang = array_merge($lang, array(
 	function get_filename($lang_iso, $directory, $filename, $check_store = false, $only_return_filename = false)
 	{
 		global $phpbb_root_path, $safe_mode;
-		
+
 		$check_filename = "language/$lang_iso/" . (($directory) ? $directory . '/' : '') . $filename;
 
 		if ($check_store)

phpBB/includes/acp/acp_main.php

@@ -61,6 +61,14 @@ class acp_main
 
 		if ($action)
 		{
+			if ($action === 'admlogout')
+			{
+				$user->unset_admin();
+				$redirect_url = append_sid("{$phpbb_root_path}index.$phpEx");
+				meta_refresh(3, $redirect_url);
+				trigger_error($user->lang['ADM_LOGGED_OUT'] . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . $redirect_url . '">', '</a>'));
+			}
+
 			if (!confirm_box(true))
 			{
 				switch ($action)
@@ -108,6 +116,7 @@ class acp_main
 			{
 				switch ($action)
 				{
+
 					case 'online':
 						if (!$auth->acl_get('a_board'))
 						{
@@ -157,9 +166,9 @@ class acp_main
 							FROM ' . ATTACHMENTS_TABLE . '
 							WHERE is_orphan = 0';
 						$result = $db->sql_query($sql);
-						set_config('upload_dir_size', (int) $db->sql_fetchfield('stat'), true);
+						set_config('upload_dir_size', (float) $db->sql_fetchfield('stat'), true);
 						$db->sql_freeresult($result);
-						
+
 						if (!function_exists('update_last_username'))
 						{
 							include($phpbb_root_path . "includes/functions_user.$phpEx");
@@ -175,22 +184,63 @@ class acp_main
 							trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING);
 						}
 
-						$sql = 'SELECT COUNT(p.post_id) AS num_posts, u.user_id
-							FROM ' . USERS_TABLE . ' u
-							LEFT JOIN  ' . POSTS_TABLE . ' p ON (u.user_id = p.poster_id AND p.post_postcount = 1)
-							GROUP BY u.user_id';
-						$result = $db->sql_query($sql);
+						// Resync post counts
+						$start = $max_post_id = 0;
 
-						while ($row = $db->sql_fetchrow($result))
-						{
-							$db->sql_query('UPDATE ' . USERS_TABLE . " SET user_posts = {$row['num_posts']} WHERE user_id = {$row['user_id']}");
-						}
+						// Find the maximum post ID, we can only stop the cycle when we've reached it
+						$sql = 'SELECT MAX(forum_last_post_id) as max_post_id
+							FROM ' . FORUMS_TABLE;
+						$result = $db->sql_query($sql);
+						$max_post_id = (int) $db->sql_fetchfield('max_post_id');
 						$db->sql_freeresult($result);
 
+						// No maximum post id? :o
+						if (!$max_post_id)
+						{
+							$sql = 'SELECT MAX(post_id)
+								FROM ' . POSTS_TABLE;
+							$result = $db->sql_query($sql);
+							$max_post_id = (int) $db->sql_fetchfield('max_post_id');
+							$db->sql_freeresult($result);
+						}
+
+						// Still no maximum post id? Then we are finished
+						if (!$max_post_id)
+						{
+							add_log('admin', 'LOG_RESYNC_POSTCOUNTS');
+							break;
+						}
+
+						$step = ($config['num_posts']) ? (max((int) ($config['num_posts'] / 5), 20000)) : 20000;
+						$db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_posts = 0');
+
+						while ($start < $max_post_id)
+						{
+							$sql = 'SELECT COUNT(post_id) AS num_posts, poster_id
+								FROM ' . POSTS_TABLE . '
+								WHERE post_id BETWEEN ' . ($start + 1) . ' AND ' . ($start + $step) . '
+									AND post_postcount = 1 AND post_approved = 1
+								GROUP BY poster_id';
+							$result = $db->sql_query($sql);
+
+							if ($row = $db->sql_fetchrow($result))
+							{
+								do
+								{
+									$sql = 'UPDATE ' . USERS_TABLE . " SET user_posts = user_posts + {$row['num_posts']} WHERE user_id = {$row['poster_id']}";
+									$db->sql_query($sql);
+								}
+								while ($row = $db->sql_fetchrow($result));
+							}
+							$db->sql_freeresult($result);
+
+							$start += $step;
+						}
+
 						add_log('admin', 'LOG_RESYNC_POSTCOUNTS');
 
 					break;
-			
+
 					case 'date':
 						if (!$auth->acl_get('a_board'))
 						{
@@ -200,7 +250,7 @@ class acp_main
 						set_config('board_startdate', time() - 1);
 						add_log('admin', 'LOG_RESET_DATE');
 					break;
-				
+
 					case 'db_track':
 						switch ($db->sql_layer)
 						{
@@ -222,7 +272,7 @@ class acp_main
 							FROM ' . FORUMS_TABLE . '
 							WHERE forum_type <> ' . FORUM_CAT;
 						$result = $db->sql_query($sql);
-				
+
 						$forum_ids = array();
 						while ($row = $db->sql_fetchrow($result))
 						{
@@ -272,7 +322,7 @@ class acp_main
 								$db->sql_multi_insert(TOPICS_POSTED_TABLE, $sql_ary);
 							}
 						}
-			
+
 						add_log('admin', 'LOG_RESYNC_POST_MARKING');
 					break;
 
@@ -311,7 +361,7 @@ class acp_main
 		$files_per_day = sprintf('%.2f', $total_files / $boarddays);
 
 		$upload_dir_size = get_formatted_filesize($config['upload_dir_size']);
-	
+
 		$avatar_dir_size = 0;
 
 		if ($avatar_dir = @opendir($phpbb_root_path . $config['avatar_path']))
@@ -454,6 +504,12 @@ class acp_main
 			$template->assign_var('S_REMOVE_INSTALL', true);
 		}
 
+		if (!defined('PHPBB_DISABLE_CONFIG_CHECK') && file_exists($phpbb_root_path . 'config.' . $phpEx) && is_writable($phpbb_root_path . 'config.' . $phpEx))
+		{
+			// World-Writable? (000x)
+			$template->assign_var('S_WRITABLE_CONFIG', (bool) (@fileperms($phpbb_root_path . 'config.' . $phpEx) & 0x0002));
+		}
+
 		$this->tpl_name = 'acp_main';
 		$this->page_title = 'ACP_MAIN';
 	}

phpBB/includes/acp/acp_modules.php

@@ -658,6 +658,8 @@ class acp_modules
 
 			$iteration++;
 		}
+		$db->sql_freeresult($result);
+
 		unset($padding_store);
 
 		return $module_list;

phpBB/includes/acp/acp_permissions.php

@@ -369,8 +369,8 @@ class acp_permissions
 
 					$template->assign_vars(array(
 						'S_SELECT_GROUP'		=> true,
-						'S_GROUP_OPTIONS'		=> group_select_options(false, false, (($user->data['user_type'] == USER_FOUNDER) ? false : 0)))
-					);
+						'S_GROUP_OPTIONS'		=> group_select_options(false, false, false), // Show all groups
+					));
 
 				break;
 
@@ -415,7 +415,7 @@ class acp_permissions
 						'S_SELECT_USERGROUP_VIEW'	=> ($victim == 'usergroup_view') ? true : false,
 						'S_DEFINED_USER_OPTIONS'	=> $items['user_ids_options'],
 						'S_DEFINED_GROUP_OPTIONS'	=> $items['group_ids_options'],
-						'S_ADD_GROUP_OPTIONS'		=> group_select_options(false, $items['group_ids'], (($user->data['user_type'] == USER_FOUNDER) ? false : 0)),
+						'S_ADD_GROUP_OPTIONS'		=> group_select_options(false, $items['group_ids'], false),	// Show all groups
 						'U_FIND_USERNAME'			=> append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=add_user&field=username&select_single=true'),
 					));
 
@@ -1156,7 +1156,7 @@ class acp_permissions
 		}
 
 		// Not ideal, due to the filesort, non-use of indexes, etc.
-		$sql = 'SELECT DISTINCT u.user_id, u.username
+		$sql = 'SELECT DISTINCT u.user_id, u.username, u.username_clean, u.user_regdate
 			FROM ' . USERS_TABLE . ' u, ' . ACL_USERS_TABLE . " a
 			WHERE u.user_id = a.user_id
 				$sql_forum_id

phpBB/includes/acp/acp_profile.php

@@ -77,7 +77,7 @@ class acp_profile
 			FROM ' . PROFILE_LANG_TABLE . '
 			ORDER BY lang_id';
 		$result = $db->sql_query($sql);
-	
+
 		while ($row = $db->sql_fetchrow($result))
 		{
 			// Which languages are available for each item
@@ -206,7 +206,7 @@ class acp_profile
 						'field_id'	=> $field_id,
 					)));
 				}
-	
+
 			break;
 
 			case 'activate':
@@ -216,7 +216,7 @@ class acp_profile
 				{
 					trigger_error($user->lang['NO_FIELD_ID'] . adm_back_link($this->u_action), E_USER_WARNING);
 				}
-	
+
 				$sql = 'SELECT lang_id
 					FROM ' . LANG_TABLE . "
 					WHERE lang_iso = '" . $db->sql_escape($config['default_lang']) . "'";
@@ -253,7 +253,7 @@ class acp_profile
 				{
 					trigger_error($user->lang['NO_FIELD_ID'] . adm_back_link($this->u_action), E_USER_WARNING);
 				}
-	
+
 				$sql = 'UPDATE ' . PROFILE_FIELDS_TABLE . "
 					SET field_active = 0
 					WHERE field_id = $field_id";
@@ -285,7 +285,7 @@ class acp_profile
 
 			case 'create':
 			case 'edit':
-		
+
 				$field_id = request_var('field_id', 0);
 				$step = request_var('step', 1);
 
@@ -354,18 +354,19 @@ class acp_profile
 				{
 					// We are adding a new field, define basic params
 					$lang_options = $field_row = array();
-		
+
 					$field_type = request_var('field_type', 0);
-			
+
 					if (!$field_type)
 					{
 						trigger_error($user->lang['NO_FIELD_TYPE'] . adm_back_link($this->u_action), E_USER_WARNING);
 					}
 
 					$field_row = array_merge($default_values[$field_type], array(
-						'field_ident'		=> utf8_clean_string(request_var('field_ident', '', true)),
+						'field_ident'		=> str_replace(' ', '_', utf8_clean_string(request_var('field_ident', '', true))),
 						'field_required'	=> 0,
 						'field_hide'		=> 0,
+						'field_show_profile'=> 0,
 						'field_no_view'		=> 0,
 						'field_show_on_reg'	=> 0,
 						'lang_name'			=> utf8_normalize_nfc(request_var('field_ident', '', true)),
@@ -378,7 +379,7 @@ class acp_profile
 
 				// $exclude contains the data we gather in each step
 				$exclude = array(
-					1	=> array('field_ident', 'lang_name', 'lang_explain', 'field_option', 'field_no_view'),
+					1	=> array('field_ident', 'lang_name', 'lang_explain', 'field_option_none', 'field_show_on_reg', 'field_required', 'field_hide', 'field_show_profile', 'field_no_view'),
 					2	=> array('field_length', 'field_maxlen', 'field_minlen', 'field_validation', 'field_novalue', 'field_default_value'),
 					3	=> array('l_lang_name', 'l_lang_explain', 'l_lang_default_value', 'l_lang_options')
 				);
@@ -400,25 +401,20 @@ class acp_profile
 				$cp->vars['lang_explain']		= utf8_normalize_nfc(request_var('lang_explain', $field_row['lang_explain'], true));
 				$cp->vars['lang_default_value']	= utf8_normalize_nfc(request_var('lang_default_value', $field_row['lang_default_value'], true));
 
-				// Field option...
-				if (isset($_REQUEST['field_option']))
-				{
-					$field_option = request_var('field_option', '');
+				// Visibility Options...
+				$visibility_ary = array(
+					'field_required',
+					'field_show_on_reg',
+					'field_show_profile',
+					'field_hide',
+				);
 
-					$cp->vars['field_required'] = ($field_option == 'field_required') ? 1 : 0;
-					$cp->vars['field_show_on_reg'] = ($field_option == 'field_show_on_reg') ? 1 : 0;
-					$cp->vars['field_hide'] = ($field_option == 'field_hide') ? 1 : 0;
-				}
-				else
+				foreach ($visibility_ary as $val)
 				{
-					$cp->vars['field_required'] = $field_row['field_required'];
-					$cp->vars['field_show_on_reg'] = $field_row['field_show_on_reg'];
-					$cp->vars['field_hide'] = $field_row['field_hide'];
-
-					$field_option = ($field_row['field_required']) ? 'field_required' : (($field_row['field_show_on_reg']) ? 'field_show_on_reg' : (($field_row['field_hide']) ? 'field_hide' : ''));
+					$cp->vars[$val] = ($submit || $save) ? request_var($val, 0) : $field_row[$val];
 				}
 
-				$cp->vars['field_no_view'] = request_var('field_no_view', $field_row['field_no_view']);
+				$cp->vars['field_no_view'] = request_var('field_no_view', (int) $field_row['field_no_view']);
 
 				// A boolean field expects an array as the lang options
 				if ($field_type == FIELD_BOOL)
@@ -481,7 +477,7 @@ class acp_profile
 					else if ($field_type == FIELD_DATE && $key == 'field_default_value')
 					{
 						$always_now = request_var('always_now', -1);
-						
+
 						if ($always_now == 1 || ($always_now === -1 && $var == 'now'))
 						{
 							$now = getdate();
@@ -504,7 +500,7 @@ class acp_profile
 							{
 								list($cp->vars['field_default_value_day'], $cp->vars['field_default_value_month'], $cp->vars['field_default_value_year']) = explode('-', $var);
 							}
-						}	
+						}
 					}
 					/* else if ($field_type == FIELD_BOOL && $key == 'field_default_value')
 					{
@@ -533,7 +529,7 @@ class acp_profile
 					}
 					$db->sql_freeresult($result);
 
-		
+
 					$sql = 'SELECT lang_id, lang_name, lang_explain, lang_default_value
 						FROM ' . PROFILE_LANG_TABLE . '
 						WHERE lang_id <> ' . $this->edit_lang_id . "
@@ -550,7 +546,7 @@ class acp_profile
 					}
 					$db->sql_freeresult($result);
 				}
-		
+
 				foreach ($exclude[3] as $key)
 				{
 					$cp->vars[$key] = utf8_normalize_nfc(request_var($key, array(0 => ''), true));
@@ -569,7 +565,7 @@ class acp_profile
 						{
 							$cp->vars[$key][$lang_id] = explode("\n", $options);
 						}
-						
+
 					}
 				}
 
@@ -709,7 +705,7 @@ class acp_profile
 
 					'L_TITLE'			=> $user->lang['STEP_' . $step . '_TITLE_' . strtoupper($action)],
 					'L_EXPLAIN'			=> $user->lang['STEP_' . $step . '_EXPLAIN_' . strtoupper($action)],
-					
+
 					'U_ACTION'			=> $this->u_action . "&amp;action=$action&amp;step=$step",
 					'U_BACK'			=> $this->u_action)
 				);
@@ -719,13 +715,14 @@ class acp_profile
 				{
 					// Create basic options - only small differences between field types
 					case 1:
-	
+
 						// Build common create options
 						$template->assign_vars(array(
 							'S_STEP_ONE'		=> true,
 							'S_FIELD_REQUIRED'	=> ($cp->vars['field_required']) ? true : false,
 							'S_SHOW_ON_REG'		=> ($cp->vars['field_show_on_reg']) ? true : false,
 							'S_FIELD_HIDE'		=> ($cp->vars['field_hide']) ? true : false,
+							'S_SHOW_PROFILE'	=> ($cp->vars['field_show_profile']) ? true : false,
 							'S_FIELD_NO_VIEW'	=> ($cp->vars['field_no_view']) ? true : false,
 
 							'L_LANG_SPECIFIC'	=> sprintf($user->lang['LANG_SPECIFIC_OPTIONS'], $config['default_lang']),
@@ -746,7 +743,7 @@ class acp_profile
 								'LANG_DEFAULT_VALUE'		=> $cp->vars['lang_default_value'])
 							);
 						}
-			
+
 						if ($field_type == FIELD_BOOL || $field_type == FIELD_DROPDOWN)
 						{
 							// Initialize these array elements if we are creating a new field
@@ -775,11 +772,11 @@ class acp_profile
 								'SECOND_LANG_OPTION'		=> ($field_type == FIELD_BOOL) ? $cp->vars['lang_options'][1] : '')
 							);
 						}
-					
+
 					break;
 
 					case 2:
-						
+
 						$template->assign_vars(array(
 							'S_STEP_TWO'		=> true,
 							'L_NEXT_STEP'			=> (sizeof($this->lang_defs['iso']) == 1) ? $user->lang['SAVE'] : $user->lang['PROFILE_LANG_OPTIONS'])
@@ -817,7 +814,7 @@ class acp_profile
 								);
 							}
 						}
-		
+
 					break;
 				}
 
@@ -829,7 +826,7 @@ class acp_profile
 
 			break;
 		}
-		
+
 		$sql = 'SELECT *
 			FROM ' . PROFILE_FIELDS_TABLE . '
 			ORDER BY field_order';
@@ -905,14 +902,14 @@ class acp_profile
 			$languages[$row['lang_id']] = $row['lang_iso'];
 		}
 		$db->sql_freeresult($result);
-		
+
 		$options = array();
 		$options['lang_name'] = 'string';
 		if ($cp->vars['lang_explain'])
 		{
 			$options['lang_explain'] = 'text';
 		}
-	
+
 		switch ($field_type)
 		{
 			case FIELD_BOOL:
@@ -922,7 +919,7 @@ class acp_profile
 			case FIELD_DROPDOWN:
 				$options['lang_options'] = 'optionfield';
 			break;
-			
+
 			case FIELD_TEXT:
 			case FIELD_STRING:
 				if ($cp->vars['lang_default_value'])
@@ -931,7 +928,7 @@ class acp_profile
 				}
 			break;
 		}
-	
+
 		$lang_options = array();
 
 		foreach ($options as $field => $field_type)
@@ -957,7 +954,7 @@ class acp_profile
 				if ($field == 'lang_options')
 				{
 					$var = (!isset($cp->vars['l_lang_options'][$lang_id]) || !is_array($cp->vars['l_lang_options'][$lang_id])) ? $cp->vars['lang_options'] : $cp->vars['l_lang_options'][$lang_id];
-					
+
 					switch ($field_type)
 					{
 						case 'two_options':
@@ -978,7 +975,7 @@ class acp_profile
 							);
 						break;
 					}
-				
+
 					if (isset($user->lang['CP_' . strtoupper($field) . '_EXPLAIN']))
 					{
 						$lang_options[$lang_id]['fields'][$field]['EXPLAIN'] = $user->lang['CP_' . strtoupper($field) . '_EXPLAIN'];
@@ -992,7 +989,7 @@ class acp_profile
 						'TITLE'		=> $user->lang['CP_' . strtoupper($field)],
 						'FIELD'		=> ($field_type == 'string') ? '<dd><input class="medium" type="text" name="l_' . $field . '[' . $lang_id . ']" value="' . ((isset($value[$lang_id])) ? $value[$lang_id] : $var) . '" /></dd>' : '<dd><textarea name="l_' . $field . '[' . $lang_id . ']" rows="3" cols="80">' . ((isset($value[$lang_id])) ? $value[$lang_id] : $var) . '</textarea></dd>'
 					);
-			
+
 					if (isset($user->lang['CP_' . strtoupper($field) . '_EXPLAIN']))
 					{
 						$lang_options[$lang_id]['fields'][$field]['EXPLAIN'] = $user->lang['CP_' . strtoupper($field) . '_EXPLAIN'];
@@ -1040,6 +1037,7 @@ class acp_profile
 			'field_required'		=> $cp->vars['field_required'],
 			'field_show_on_reg'		=> $cp->vars['field_show_on_reg'],
 			'field_hide'			=> $cp->vars['field_hide'],
+			'field_show_profile'	=> $cp->vars['field_show_profile'],
 			'field_no_view'			=> $cp->vars['field_no_view']
 		);
 
@@ -1065,7 +1063,7 @@ class acp_profile
 				WHERE field_id = $field_id";
 			$db->sql_query($sql);
 		}
-		
+
 		if ($action == 'create')
 		{
 			$field_ident = 'pf_' . $field_ident;
@@ -1082,7 +1080,7 @@ class acp_profile
 		{
 			$sql_ary['field_id'] = $field_id;
 			$sql_ary['lang_id'] = $default_lang_id;
-		
+
 			$profile_sql[] = 'INSERT INTO ' . PROFILE_LANG_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
 		}
 		else
@@ -1155,7 +1153,7 @@ class acp_profile
 						AND lang_id = " . (int) $default_lang_id;
 				$db->sql_query($sql);
 			}
-			
+
 			foreach ($cp->vars['lang_options'] as $option_id => $value)
 			{
 				$sql_ary = array(
@@ -1258,7 +1256,7 @@ class acp_profile
 					$lang_id = $sql['lang_id'];
 					$option_id = $sql['option_id'];
 					unset($sql['lang_id'], $sql['field_id'], $sql['option_id']);
-					
+
 					$this->update_insert(PROFILE_FIELDS_LANG_TABLE, $sql, array(
 						'lang_id'	=> $lang_id,
 						'field_id'	=> $field_id,
@@ -1278,7 +1276,7 @@ class acp_profile
 				$db->sql_query($sql);
 			}
 		}
-		
+
 		$db->sql_transaction('commit');
 
 		if ($action == 'edit')
@@ -1324,7 +1322,7 @@ class acp_profile
 		if (!$row)
 		{
 			$sql_ary = array_merge($where_fields, $sql_ary);
-			
+
 			if (sizeof($sql_ary))
 			{
 				$db->sql_query("INSERT INTO $table " . $db->sql_build_array('INSERT', $sql_ary));
@@ -1376,7 +1374,7 @@ class acp_profile
 					case FIELD_BOOL:
 						$sql .= 'TINYINT(2) ';
 					break;
-				
+
 					case FIELD_DROPDOWN:
 						$sql .= 'MEDIUMINT(8) ';
 					break;
@@ -1612,4 +1610,4 @@ class acp_profile
 	}
 }
 
-?>
+?>

phpBB/includes/acp/acp_styles.php

@@ -93,6 +93,15 @@ version = {VERSION}
 parse_css_file = {PARSE_CSS_FILE}
 ';
 
+		$this->template_cfg .= '
+# Some configuration options
+
+#
+# You can use this function to inherit templates from another template.
+# The template of the given name has to be installed.
+# Templates cannot inherit from inheriting templates.
+#';
+
 		$this->imageset_keys = array(
 			'logos' => array(
 				'site_logo',
@@ -670,6 +679,11 @@ parse_css_file = {PARSE_CSS_FILE}
 	{
 		global $phpbb_root_path, $phpEx, $config, $db, $cache, $user, $template, $safe_mode;
 
+		if (defined('PHPBB_DISABLE_ACP_EDITOR'))
+		{
+			trigger_error($user->lang['EDITOR_DISABLED'] . adm_back_link($this->u_action));
+		}
+
 		$this->page_title = 'EDIT_TEMPLATE';
 
 		$filelist = $filelist_cats = array();
@@ -682,7 +696,7 @@ parse_css_file = {PARSE_CSS_FILE}
 
 		// make sure template_file path doesn't go upwards
 		$template_file = str_replace('..', '.', $template_file);
-		
+
 		// Retrieve some information about the template
 		$sql = 'SELECT template_storedb, template_path, template_name
 			FROM ' . STYLES_TEMPLATE_TABLE . "
@@ -696,6 +710,15 @@ parse_css_file = {PARSE_CSS_FILE}
 			trigger_error($user->lang['NO_TEMPLATE'] . adm_back_link($this->u_action), E_USER_WARNING);
 		}
 
+		if ($save_changes && !check_form_key('acp_styles'))
+		{
+			trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+		}
+		else if (!$save_changes)
+		{
+			add_form_key('acp_styles');
+		}
+
 		// save changes to the template if the user submitted any
 		if ($save_changes && $template_file)
 		{
@@ -720,13 +743,14 @@ parse_css_file = {PARSE_CSS_FILE}
 				// If it's not stored in the db yet, then update the template setting and store all template files in the db
 				if (!$template_info['template_storedb'])
 				{
-					$sql = 'UPDATE ' . STYLES_TEMPLATE_TABLE . '
-						SET template_storedb = 1
-						WHERE template_id = ' . $template_id;
-					$db->sql_query($sql);
-
-					$filelist = filelist("{$phpbb_root_path}styles/{$template_info['template_path']}/template", '', 'html');
-					$this->store_templates('insert', $template_id, $template_info['template_path'], $filelist);
+					if ($this->get_super('template', $template_id))
+					{
+						$this->store_in_db('template', $super['template_id']);
+					}
+					else
+					{
+						$this->store_in_db('template', $template_id);
+					}
 
 					add_log('admin', 'LOG_TEMPLATE_EDIT_DETAILS', $template_info['template_name']);
 					$additional .= '<br />' . $user->lang['EDIT_TEMPLATE_STORED_DB'];
@@ -914,7 +938,7 @@ parse_css_file = {PARSE_CSS_FILE}
 			trigger_error($user->lang['TEMPLATE_CACHE_CLEARED'] . adm_back_link($this->u_action . "&amp;action=cache&amp;id=$template_id"));
 		}
 
-		$cache_prefix = 'tpl_' . $template_row['template_path'];
+		$cache_prefix = 'tpl_' . str_replace('_', '-', $template_row['template_path']);
 
 		// Someone wants to see the cached source ... so we'll highlight it,
 		// add line numbers and indent it appropriately. This could be nasty
@@ -966,17 +990,30 @@ parse_css_file = {PARSE_CSS_FILE}
 		$filemtime = array();
 		if ($template_row['template_storedb'])
 		{
-			$sql = 'SELECT template_filename, template_mtime
-				FROM ' . STYLES_TEMPLATE_DATA_TABLE . "
-				WHERE template_id = $template_id";
-			$result = $db->sql_query($sql);
-
-			$filemtime = array();
-			while ($row = $db->sql_fetchrow($result))
+			$ids = array();
+			if (isset($template_row['template_inherits_id']) && $template_row['template_inherits_id'])
 			{
-				$filemtime[$row['template_filename']] = $row['template_mtime'];
+				$ids[] = $template_row['template_inherits_id'];
+			}
+			$ids[] = $template_row['template_id'];
+
+			$filemtime 			= array();
+			$file_template_db	= array();
+
+			foreach ($ids as $id)
+			{
+				$sql = 'SELECT template_filename, template_mtime
+					FROM ' . STYLES_TEMPLATE_DATA_TABLE . "
+					WHERE template_id = $id";
+				$result = $db->sql_query($sql);
+
+				while ($row = $db->sql_fetchrow($result))
+				{
+					$filemtime[$row['template_filename']] = $row['template_mtime'];
+					$file_template_db[$row['template_filename']] = $id;
+				}
+				$db->sql_freeresult($result);
 			}
-			$db->sql_freeresult($result);
 		}
 
 		// Get a list of cached template files and then retrieve additional information about them
@@ -985,12 +1022,12 @@ parse_css_file = {PARSE_CSS_FILE}
 		foreach ($file_ary as $file)
 		{
 			$file 		= str_replace('/', '.', $file);
-			
+
 			// perform some dirty guessing to get the path right.
 			// We assume that three dots in a row were '../'
 			$tpl_file 	= str_replace('.', '/', $file);
 			$tpl_file 	= str_replace('///', '../', $tpl_file);
-			
+
 			$filename = "{$cache_prefix}_$file.html.$phpEx";
 
 			if (!file_exists("{$phpbb_root_path}cache/$filename"))
@@ -998,13 +1035,38 @@ parse_css_file = {PARSE_CSS_FILE}
 				continue;
 			}
 
+			$file_tpl = "{$phpbb_root_path}styles/{$template_row['template_path']}/template/$tpl_file.html";
+			$inherited = false;
+
+			if (isset($template_row['template_inherits_id']) && $template_row['template_inherits_id'])
+			{
+				if (!$template_row['template_storedb'])
+				{
+					if (!file_exists($file_tpl))
+					{
+						$file_tpl = "{$phpbb_root_path}styles/{$template_row['template_inherit_path']}/template/$tpl_file.html";
+						$inherited = true;
+					}
+				}
+				else
+				{
+					if ($file_template_db[$file . '.html'] == $template_row['template_inherits_id'])
+					{
+						$file_tpl = "{$phpbb_root_path}styles/{$template_row['template_inherit_path']}/template/$tpl_file.html";
+						$inherited = true;
+					}
+				}
+			}
+
+
 			$template->assign_block_vars('file', array(
 				'U_VIEWSOURCE'	=> $this->u_action . "&amp;action=cache&amp;id=$template_id&amp;source=$file",
 
 				'CACHED'		=> $user->format_date(filemtime("{$phpbb_root_path}cache/$filename")),
 				'FILENAME'		=> $file,
+				'FILENAME_PATH'	=> $file_tpl,
 				'FILESIZE'		=> sprintf('%.1f ' . $user->lang['KIB'], filesize("{$phpbb_root_path}cache/$filename") / 1024),
-				'MODIFIED'		=> $user->format_date((!$template_row['template_storedb']) ? filemtime("{$phpbb_root_path}styles/{$template_row['template_path']}/template/$tpl_file.html") : $filemtime[$file . '.html']))
+				'MODIFIED'		=> $user->format_date((!$template_row['template_storedb']) ? filemtime($file_tpl) : $filemtime[$file . '.html']))
 			);
 		}
 		unset($filemtime);
@@ -1039,7 +1101,7 @@ parse_css_file = {PARSE_CSS_FILE}
 
 		// make sure theme_file path doesn't go upwards
 		$theme_file = str_replace('..', '.', $theme_file);
-		
+
 		// Retrieve some information about the theme
 		$sql = 'SELECT theme_storedb, theme_path, theme_name, theme_data
 			FROM ' . STYLES_THEME_TABLE . "
@@ -1220,7 +1282,7 @@ parse_css_file = {PARSE_CSS_FILE}
 		$imgsize	= request_var('imgsize', false);
 		$imgwidth	= request_var('imgwidth', 0);
 		$imgheight	= request_var('imgheight', 0);
-		
+
 		$imgname	= preg_replace('#[^a-z0-9\-+_]#i', '', $imgname);
 		$imgpath	= str_replace('..', '.', $imgpath);
 
@@ -1508,6 +1570,18 @@ parse_css_file = {PARSE_CSS_FILE}
 			break;
 		}
 
+		if ($mode === 'template' && ($conflicts = $this->check_inheritance($mode, $style_id)))
+		{
+			$l_type = strtoupper($mode);
+			$msg = $user->lang[$l_type . '_DELETE_DEPENDENT'];
+			foreach ($conflicts as $id => $values)
+			{
+				$msg .= '<br />' . $values['template_name'];
+			}
+
+			trigger_error($msg . adm_back_link($this->u_action), E_USER_WARNING);
+		}
+
 		$l_prefix = strtoupper($mode);
 
 		$sql = "SELECT $sql_select
@@ -1708,7 +1782,7 @@ parse_css_file = {PARSE_CSS_FILE}
 				trigger_error($user->lang['NO_' . $l_prefix] . adm_back_link($this->u_action), E_USER_WARNING);
 			}
 
-			$var_ary = array('style_id', 'style_name', 'style_copyright', 'template_id', 'template_name', 'template_path', 'template_copyright', 'template_storedb', 'bbcode_bitfield', 'theme_id', 'theme_name', 'theme_path', 'theme_copyright', 'theme_storedb', 'theme_mtime', 'theme_data', 'imageset_id', 'imageset_name', 'imageset_path', 'imageset_copyright');
+			$var_ary = array('style_id', 'style_name', 'style_copyright', 'template_id', 'template_name', 'template_path', 'template_copyright', 'template_storedb', 'template_inherits_id', 'bbcode_bitfield', 'theme_id', 'theme_name', 'theme_path', 'theme_copyright', 'theme_storedb', 'theme_mtime', 'theme_data', 'imageset_id', 'imageset_name', 'imageset_path', 'imageset_copyright');
 
 			foreach ($var_ary as $var)
 			{
@@ -1740,7 +1814,23 @@ parse_css_file = {PARSE_CSS_FILE}
 			if ($mode == 'template' || $inc_template)
 			{
 				$template_cfg = str_replace(array('{MODE}', '{NAME}', '{COPYRIGHT}', '{VERSION}'), array($mode, $style_row['template_name'], $style_row['template_copyright'], $config['version']), $this->template_cfg);
-				$template_cfg .= "\nbbcode_bitfield = {$style_row['bbcode_bitfield']}";
+
+				$use_template_name = '';
+
+				// Add the inherit from variable, depending on it's use...
+				if ($style_row['template_inherits_id'])
+				{
+					// Get the template name
+					$sql = 'SELECT template_name
+						FROM ' . STYLES_TEMPLATE_TABLE . '
+						WHERE template_id = ' . (int) $style_row['template_inherits_id'];
+					$result = $db->sql_query($sql);
+					$use_template_name = (string) $db->sql_fetchfield('template_name');
+					$db->sql_freeresult($result);
+				}
+
+				$template_cfg .= ($use_template_name) ? "\ninherit_from = $use_template_name" : "\n#inherit_from = ";
+				$template_cfg .= "\n\nbbcode_bitfield = {$style_row['bbcode_bitfield']}";
 
 				$data[] = array(
 					'src'		=> $template_cfg,
@@ -2086,6 +2176,20 @@ parse_css_file = {PARSE_CSS_FILE}
 			$style_default = request_var('style_default', 0);
 			$store_db = request_var('store_db', 0);
 
+			// If the admin selected the style to be the default style, but forgot to activate it... we will do it for him
+			if ($style_default)
+			{
+				$style_active = 1;
+			}
+
+			$sql = "SELECT {$mode}_id, {$mode}_name
+				FROM $sql_from
+				WHERE {$mode}_id <> $style_id
+				AND LOWER({$mode}_name) = '" . $db->sql_escape(strtolower($name)) . "'";
+			$result = $db->sql_query($sql);
+			$conflict = $db->sql_fetchrow($result);
+			$db->sql_freeresult($result);
+
 			if ($mode == 'style' && (!$template_id || !$theme_id || !$imageset_id))
 			{
 				$error[] = $user->lang['STYLE_ERR_NO_IDS'];
@@ -2096,7 +2200,7 @@ parse_css_file = {PARSE_CSS_FILE}
 				$error[] = $user->lang['DEACTIVATE_DEFAULT'];
 			}
 
-			if (!$name)
+			if (!$name || $conflict)
 			{
 				$error[] = $user->lang[$l_type . '_ERR_STYLE_NAME'];
 			}
@@ -2123,7 +2227,7 @@ parse_css_file = {PARSE_CSS_FILE}
 					}
 				}
 			}
-			
+
 			if (!sizeof($error))
 			{
 				// Check length settings
@@ -2209,51 +2313,38 @@ parse_css_file = {PARSE_CSS_FILE}
 
 					if ($style_row['template_storedb'] != $store_db)
 					{
-						if (!$store_db && !$safe_mode && @is_writable("{$phpbb_root_path}styles/{$style_row['template_path']}/template"))
+						if ($super = $this->get_super($mode, $style_row['template_id']))
 						{
-							$sql = 'SELECT *
-								FROM ' . STYLES_TEMPLATE_DATA_TABLE . "
-								WHERE template_id = $style_id";
-							$result = $db->sql_query($sql);
-
-							while ($row = $db->sql_fetchrow($result))
+							$error[] = (sprintf($user->lang["{$l_type}_INHERITS"], $super['template_name']));
+							$sql_ary = array();
+						}
+						else
+						{
+							if (!$store_db && !$safe_mode && @is_writable("{$phpbb_root_path}styles/{$style_row['template_path']}/template"))
 							{
-								if (!($fp = @fopen("{$phpbb_root_path}styles/{$style_row['template_path']}/template/" . $row['template_filename'], 'wb')))
+								$err = $this->store_in_fs('template', $style_row['template_id']);
+								if ($err)
 								{
-									$store_db = 1;
-									$error[] = $user->lang['EDIT_TEMPLATE_STORED_DB'];
-									break;
+									$error += $err;
 								}
-
-								fwrite($fp, $row['template_data']);
-								fclose($fp);
 							}
-							$db->sql_freeresult($result);
-
-							if (!$store_db)
+							else if ($store_db)
 							{
+								$this->store_in_db('template', $style_row['template_id']);
+							}
+							else
+							{
+								// We no longer store within the db, but are also not able to update the file structure
+								// Since the admin want to switch this, we adhere to his decision. But we also need to remove the cache
 								$sql = 'DELETE FROM ' . STYLES_TEMPLATE_DATA_TABLE . "
 									WHERE template_id = $style_id";
 								$db->sql_query($sql);
 							}
-						}
-						else if ($store_db)
-						{
-							$filelist = filelist("{$phpbb_root_path}styles/{$style_row['template_path']}/template", '', 'html');
-							$this->store_templates('insert', $style_id, $style_row['template_path'], $filelist);
-						}
-						else
-						{
-							// We no longer store within the db, but are also not able to update the file structure
-							// Since the admin want to switch this, we adhere to his decision. But we also need to remove the cache
-							$sql = 'DELETE FROM ' . STYLES_TEMPLATE_DATA_TABLE . "
-								WHERE template_id = $style_id";
-							$db->sql_query($sql);
-						}
 
-						$sql_ary += array(
-							'template_storedb'	=> $store_db,
-						);
+							$sql_ary += array(
+								'template_storedb'	=> $store_db,
+							);
+						}
 					}
 				break;
 			}
@@ -2304,6 +2395,16 @@ parse_css_file = {PARSE_CSS_FILE}
 			}
 		}
 
+
+		if ($mode == 'template')
+		{
+			$super = array();
+			if (isset($style_row[$mode . '_inherits_id']) && $style_row['template_inherits_id'])
+			{
+				$super = $this->get_super($mode, $style_row['template_id']);
+			}
+		}
+
 		$this->page_title = 'EDIT_DETAILS_' . $l_type;
 
 		$template->assign_vars(array(
@@ -2314,8 +2415,10 @@ parse_css_file = {PARSE_CSS_FILE}
 			'S_THEME'				=> ($mode == 'theme') ? true : false,
 			'S_IMAGESET'			=> ($mode == 'imageset') ? true : false,
 			'S_STORE_DB'			=> (isset($style_row[$mode . '_storedb'])) ? $style_row[$mode . '_storedb'] : 0,
+			'S_STORE_DB_DISABLED'	=> (isset($style_row[$mode . '_inherits_id'])) ? $style_row[$mode . '_inherits_id'] : 0,
 			'S_STYLE_ACTIVE'		=> (isset($style_row['style_active'])) ? $style_row['style_active'] : 0,
 			'S_STYLE_DEFAULT'		=> (isset($style_row['style_default'])) ? $style_row['style_default'] : 0,
+			'S_SUPERTEMPLATE'		=> (isset($style_row[$mode . '_inherits_id']) && $style_row[$mode . '_inherits_id']) ? $super['template_name'] : 0,
 
 			'S_TEMPLATE_OPTIONS'	=> ($mode == 'style') ? $template_options : '',
 			'S_THEME_OPTIONS'		=> ($mode == 'style') ? $theme_options : '',
@@ -2354,6 +2457,10 @@ parse_css_file = {PARSE_CSS_FILE}
 		{
 			$content = '';
 		}
+		if (defined('DEBUG'))
+		{
+			$content = "/* BEGIN @include $filename */ \n $content \n /* END @include $filename */ \n";
+		}
 
 		return $content;
 	}
@@ -2478,7 +2585,7 @@ parse_css_file = {PARSE_CSS_FILE}
 	{
 		global $phpbb_root_path, $phpEx, $user;
 
-		$cache_prefix = 'tpl_' . $template_path;
+		$cache_prefix = 'tpl_' . str_replace('_', '-', $template_path);
 
 		if (!($dp = @opendir("{$phpbb_root_path}cache")))
 		{
@@ -2514,7 +2621,7 @@ parse_css_file = {PARSE_CSS_FILE}
 	{
 		global $phpbb_root_path, $phpEx, $user;
 
-		$cache_prefix = 'tpl_' . $template_row['template_path'];
+		$cache_prefix = 'tpl_' . str_replace('_', '-', $template_row['template_path']);
 
 		if (!$file_ary || !is_array($file_ary))
 		{
@@ -2615,6 +2722,23 @@ parse_css_file = {PARSE_CSS_FILE}
 						{
 							$style_row[$element . '_name'] = $reqd_template;
 						}
+
+						// Merge other information to installcfg... if present
+						$cfg_file = $phpbb_root_path . 'styles/' . $install_path . '/' . $element . '/' . $element . '.cfg';
+
+						if (file_exists($cfg_file))
+						{
+							$cfg_contents = parse_cfg_file($cfg_file);
+
+							// Merge only specific things. We may need them later.
+							foreach (array('inherit_from', 'parse_css_file') as $key)
+							{
+								if (!empty($cfg_contents[$key]) && !isset($installcfg[$key]))
+								{
+									$installcfg[$key] = $cfg_contents[$key];
+								}
+							}
+						}
 					}
 
 				break;
@@ -2673,8 +2797,10 @@ parse_css_file = {PARSE_CSS_FILE}
 			'S_DETAILS'			=> true,
 			'S_INSTALL'			=> true,
 			'S_ERROR_MSG'		=> (sizeof($error)) ? true : false,
+			'S_LOCATION'		=> (isset($installcfg['inherit_from']) && $installcfg['inherit_from']) ? false : true,
 			'S_STYLE'			=> ($mode == 'style') ? true : false,
 			'S_TEMPLATE'		=> ($mode == 'template') ? true : false,
+			'S_SUPERTEMPLATE'	=> (isset($installcfg['inherit_from'])) ? $installcfg['inherit_from'] : '',
 			'S_THEME'			=> ($mode == 'theme') ? true : false,
 
 			'S_STORE_DB'			=> (isset($style_row[$mode . '_storedb'])) ? $style_row[$mode . '_storedb'] : 0,
@@ -3025,6 +3151,9 @@ parse_css_file = {PARSE_CSS_FILE}
 	{
 		global $phpbb_root_path, $db, $user;
 
+		// we parse the cfg here (again)
+		$cfg_data = parse_cfg_file("$root_path$mode/$mode.cfg");
+
 		switch ($mode)
 		{
 			case 'template':
@@ -3066,6 +3195,7 @@ parse_css_file = {PARSE_CSS_FILE}
 		$row = $db->sql_fetchrow($result);
 		$db->sql_freeresult($result);
 
+
 		if ($row)
 		{
 			// If it exist, we just use the style on installation
@@ -3078,6 +3208,34 @@ parse_css_file = {PARSE_CSS_FILE}
 			$error[] = $user->lang[$l_type . '_ERR_NAME_EXIST'];
 		}
 
+		if (isset($cfg_data['inherit_from']) && $cfg_data['inherit_from'])
+		{
+			$sql = "SELECT {$mode}_id, {$mode}_name, {$mode}_path, {$mode}_storedb
+				FROM $sql_from
+				WHERE {$mode}_name = '" . $db->sql_escape($cfg_data['inherit_from']) . "'
+					AND {$mode}_inherits_id = 0";
+			$result = $db->sql_query($sql);
+			$row = $db->sql_fetchrow($result);
+			$db->sql_freeresult($result);
+			if (!$row)
+			{
+				$error[] = sprintf($user->lang[$l_type . '_ERR_REQUIRED_OR_INCOMPLETE'], $cfg_data['inherit_from']);
+			}
+			else
+			{
+				$inherit_id = $row["{$mode}_id"];
+				$inherit_path = $row["{$mode}_path"];
+				$cfg_data['store_db'] = $row["{$mode}_storedb"];
+				$store_db = $row["{$mode}_storedb"];
+			}
+		}
+		else
+		{
+			$inherit_id = 0;
+			$inherit_path = '';
+		}
+
+
 		if (sizeof($error))
 		{
 			return false;
@@ -3093,8 +3251,6 @@ parse_css_file = {PARSE_CSS_FILE}
 		{
 			case 'template':
 				// We check if the template author defined a different bitfield
-				$cfg_data = parse_cfg_file("$root_path$mode/template.cfg");
-
 				if (!empty($cfg_data['template_bitfield']))
 				{
 					$sql_ary['bbcode_bitfield'] = $cfg_data['template_bitfield'];
@@ -3106,15 +3262,21 @@ parse_css_file = {PARSE_CSS_FILE}
 
 				// We set a pre-defined bitfield here which we may use further in 3.2
 				$sql_ary += array(
-					'template_storedb'	=> $store_db
+					'template_storedb'		=> $store_db,
 				);
+				if (isset($cfg_data['inherit_from']) && $cfg_data['inherit_from'])
+				{
+					$sql_ary += array(
+						'template_inherits_id'	=> $inherit_id,
+						'template_inherit_path' => $inherit_path,
+					);
+				}
 			break;
 
 			case 'theme':
 				// We are only interested in the theme configuration for now
-				$theme_cfg = parse_cfg_file("{$phpbb_root_path}styles/$path/theme/theme.cfg");
 
-				if (isset($theme_cfg['parse_css_file']) && $theme_cfg['parse_css_file'])
+				if (isset($cfg_data['parse_css_file']) && $cfg_data['parse_css_file'])
 				{
 					$store_db = 1;
 				}
@@ -3254,6 +3416,297 @@ parse_css_file = {PARSE_CSS_FILE}
 		return $store_db;
 	}
 
+	/**
+	* Checks downwards dependencies
+	*
+	* @access public
+	* @param string $mode The element type to check - only template is supported
+	* @param int $id The template id
+	* @returns false if no component inherits, array with name, path and id for each subtemplate otherwise
+	*/
+	function check_inheritance($mode, $id)
+	{
+		global $db;
+
+		$l_type = strtoupper($mode);
+
+		switch ($mode)
+		{
+			case 'template':
+				$sql_from = STYLES_TEMPLATE_TABLE;
+			break;
+
+			case 'theme':
+				$sql_from = STYLES_THEME_TABLE;
+			break;
+
+			case 'imageset':
+				$sql_from = STYLES_IMAGESET_TABLE;
+			break;
+		}
+
+		$sql = "SELECT {$mode}_id, {$mode}_name, {$mode}_path
+			FROM $sql_from
+			WHERE {$mode}_inherits_id = " . (int) $id;
+		$result = $db->sql_query($sql);
+
+		$names = array();
+		while ($row = $db->sql_fetchrow($result))
+		{
+
+			$names[$row["{$mode}_id"]] = array(
+				"{$mode}_id" => $row["{$mode}_id"],
+				"{$mode}_name" => $row["{$mode}_name"],
+				"{$mode}_path" => $row["{$mode}_path"],
+			);
+		}
+		$db->sql_freeresult($result);
+
+		if (sizeof($names))
+		{
+			return $names;
+		}
+		else
+		{
+			return false;
+		}
+	}
+
+	/**
+	* Checks upwards dependencies
+	*
+	* @access public
+	* @param string $mode The element type to check - only template is supported
+	* @param int $id The template id
+	* @returns false if the component does not inherit, array with name, path and id otherwise
+	*/
+	function get_super($mode, $id)
+	{
+		global $db;
+
+		$l_type = strtoupper($mode);
+
+		switch ($mode)
+		{
+			case 'template':
+				$sql_from = STYLES_TEMPLATE_TABLE;
+			break;
+
+			case 'theme':
+				$sql_from = STYLES_THEME_TABLE;
+			break;
+
+			case 'imageset':
+				$sql_from = STYLES_IMAGESET_TABLE;
+			break;
+		}
+
+
+		$sql = "SELECT {$mode}_inherits_id
+			FROM $sql_from
+			WHERE {$mode}_id = " . (int) $id;
+		$result = $db->sql_query_limit($sql, 1);
+
+		if ($row = $db->sql_fetchrow($result))
+		{
+			$db->sql_freeresult($result);
+		}
+		else
+		{
+			return false;
+		}
+
+		$super_id = $row["{$mode}_inherits_id"];
+
+		$sql = "SELECT {$mode}_id, {$mode}_name, {$mode}_path
+			FROM $sql_from
+			WHERE {$mode}_id = " . (int) $super_id;
+
+		$result = $db->sql_query_limit($sql, 1);
+		if ($row = $db->sql_fetchrow($result))
+		{
+			$db->sql_freeresult($result);
+			return $row;
+		}
+
+		return false;
+	}
+
+	/**
+	* Moves a template set and its subtemplates to the database
+	*
+	* @access public
+	* @param string $mode The component to move - only template is supported
+	* @param int $id The template id
+	*/
+	function store_in_db($mode, $id)
+	{
+		global $db, $user;
+
+		$error = array();
+		$l_type = strtoupper($mode);
+		if ($super = $this->get_super($mode, $id))
+		{
+			$error[] = (sprintf($user->lang["{$l_type}_INHERITS"], $super['template_name']));
+			return $error;
+		}
+
+		$sql = "SELECT {$mode}_id, {$mode}_name, {$mode}_path
+			FROM " . STYLES_TEMPLATE_TABLE . '
+			WHERE template_id = ' . (int) $id;
+
+		$result = $db->sql_query_limit($sql, 1);
+		if ($row = $db->sql_fetchrow($result))
+		{
+			$db->sql_freeresult($result);
+			$subs = $this->check_inheritance($mode, $id);
+
+			$this->_store_in_db($mode, $id, $row["{$mode}_path"]);
+			if ($subs && sizeof($subs))
+			{
+				foreach ($subs as $sub_id => $sub)
+				{
+					if ($err = $this->_store_in_db($mode, $sub["{$mode}_id"], $sub["{$mode}_path"]))
+					{
+						$error[] = $err;
+					}
+				}
+			}
+		}
+		if (sizeof($error))
+		{
+			return $error;
+		}
+
+		return false;
+	}
+
+	/**
+	* Moves a template set to the database
+	*
+	* @access private
+	* @param string $mode The component to move - only template is supported
+	* @param int $id The template id
+	* @param string $path TThe path to the template files
+	*/
+	function _store_in_db($mode, $id, $path)
+	{
+		global $phpbb_root_path, $db;
+
+		$filelist = filelist("{$phpbb_root_path}styles/{$path}/template", '', 'html');
+		$this->store_templates('insert', $id, $path, $filelist);
+
+		// Okay, we do the query here -shouldn't be triggered often.
+		$sql = 'UPDATE ' . STYLES_TEMPLATE_TABLE . '
+						SET template_storedb = 1
+						WHERE template_id = ' . $id;
+		$db->sql_query($sql);
+	}
+
+	/**
+	* Moves a template set and its subtemplates to the filesystem
+	*
+	* @access public
+	* @param string $mode The component to move - only template is supported
+	* @param int $id The template id
+	*/
+	function store_in_fs($mode, $id)
+	{
+		global $db, $user;
+
+		$error = array();
+		$l_type = strtoupper($mode);
+		if ($super = $this->get_super($mode, $id))
+		{
+			$error[] = (sprintf($user->lang["{$l_type}_INHERITS"], $super['template_name']));
+			return($error);
+		}
+
+		$sql = "SELECT {$mode}_id, {$mode}_name, {$mode}_path
+			FROM " . STYLES_TEMPLATE_TABLE . '
+			WHERE template_id = ' . (int) $id;
+
+		$result = $db->sql_query_limit($sql, 1);
+		if ($row = $db->sql_fetchrow($result))
+		{
+			$db->sql_freeresult($result);
+			if (!sizeof($error))
+			{
+				$subs = $this->check_inheritance($mode, $id);
+
+				$this->_store_in_fs($mode, $id, $row["{$mode}_path"]);
+
+				if ($subs && sizeof($subs))
+				{
+					foreach ($subs as $sub_id => $sub)
+					{
+						$this->_store_in_fs($mode, $sub["{$mode}_id"], $sub["{$mode}_path"]);
+					}
+				}
+			}
+			if (sizeof($error))
+			{
+				$this->store_in_db($id, $mode);
+				return $error;
+			}
+		}
+		return false;
+	}
+
+	/**
+	* Moves a template set to the filesystem
+	*
+	* @access private
+	* @param string $mode The component to move - only template is supported
+	* @param int $id The template id
+	* @param string $path The path to the template
+	*/
+	function _store_in_fs($mode, $id, $path)
+	{
+		global $phpbb_root_path, $db, $user, $safe_mode;
+
+		$store_db = 0;
+		$error = array();
+		if (!$safe_mode && @is_writable("{$phpbb_root_path}styles/{$path}/template"))
+		{
+			$sql = 'SELECT *
+					FROM ' . STYLES_TEMPLATE_DATA_TABLE . "
+					WHERE template_id = $id";
+			$result = $db->sql_query($sql);
+
+			while ($row = $db->sql_fetchrow($result))
+			{
+				if (!($fp = @fopen("{$phpbb_root_path}styles/{$path}/template/" . $row['template_filename'], 'wb')))
+				{
+					$store_db = 1;
+					$error[] = $user->lang['EDIT_TEMPLATE_STORED_DB'];
+					break;
+				}
+
+				fwrite($fp, $row['template_data']);
+				fclose($fp);
+			}
+			$db->sql_freeresult($result);
+
+			if (!$store_db)
+			{
+				$sql = 'DELETE FROM ' . STYLES_TEMPLATE_DATA_TABLE . "
+						WHERE template_id = $id";
+				$db->sql_query($sql);
+			}
+		}
+		if (sizeof($error))
+		{
+			return $error;
+		}
+		$sql = 'UPDATE ' . STYLES_TEMPLATE_TABLE . '
+				SET template_storedb = 0
+				WHERE template_id = ' . $id;
+		$db->sql_query($sql);
+
+		return false;
+	}
+
 }
 
 ?>

phpBB/includes/acp/acp_users.php

@@ -634,7 +634,7 @@ class acp_users
 
 							if (sizeof($topic_id_ary))
 							{
-								sync('reported', 'topic_id', $topic_id_ary);
+								sync('topic_reported', 'topic_id', $topic_id_ary);
 								sync('topic', 'topic_id', $topic_id_ary);
 							}
 
@@ -891,9 +891,19 @@ class acp_users
 					}
 				}
 
+				// Posts in Queue
+				$sql = 'SELECT COUNT(post_id) as posts_in_queue
+					FROM ' . POSTS_TABLE . '
+					WHERE poster_id = ' . $user_id . '
+						AND post_approved = 0';
+				$result = $db->sql_query($sql);
+				$user_row['posts_in_queue'] = (int) $db->sql_fetchfield('posts_in_queue');
+				$db->sql_freeresult($result);
+
 				$template->assign_vars(array(
 					'L_NAME_CHARS_EXPLAIN'		=> sprintf($user->lang[$config['allow_name_chars'] . '_EXPLAIN'], $config['min_name_chars'], $config['max_name_chars']),
 					'L_CHANGE_PASSWORD_EXPLAIN'	=> sprintf($user->lang[$config['pass_complex'] . '_EXPLAIN'], $config['min_pass_chars'], $config['max_pass_chars']),
+					'L_POSTS_IN_QUEUE'			=> $user->lang('NUM_POSTS_IN_QUEUE', $user_row['posts_in_queue']),
 					'S_FOUNDER'					=> ($user->data['user_type'] == USER_FOUNDER) ? true : false,
 
 					'S_OVERVIEW'		=> true,
@@ -905,9 +915,11 @@ class acp_users
 
 					'U_SHOW_IP'		=> $this->u_action . "&u=$user_id&ip=" . (($ip == 'ip') ? 'hostname' : 'ip'),
 					'U_WHOIS'		=> $this->u_action . "&action=whois&user_ip={$user_row['user_ip']}",
+					'U_MCP_QUEUE'	=> ($auth->acl_getf_global('m_approve')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue', true, $user->session_id) : '',
 
 					'U_SWITCH_PERMISSIONS'	=> ($auth->acl_get('a_switchperm') && $user->data['user_id'] != $user_row['user_id']) ? append_sid("{$phpbb_root_path}ucp.$phpEx", "mode=switch_perm&u={$user_row['user_id']}") : '',
 
+					'POSTS_IN_QUEUE'	=> $user_row['posts_in_queue'],
 					'USER'				=> $user_row['username'],
 					'USER_REGISTERED'	=> $user->format_date($user_row['user_regdate']),
 					'REGISTERED_IP'		=> ($ip == 'hostname') ? gethostbyaddr($user_row['user_ip']) : $user_row['user_ip'],
@@ -1081,7 +1093,7 @@ class acp_users
 						'website'		=> array(
 							array('string', true, 12, 255),
 							array('match', true, '#^http[s]?://(.*?\.)*?[a-z0-9\-]+\.[a-z]{2,4}#i')),
-						'location'		=> array('string', true, 2, 255),
+						'location'		=> array('string', true, 2, 100),
 						'occupation'	=> array('string', true, 2, 500),
 						'interests'		=> array('string', true, 2, 500),
 						'bday_day'		=> array('num', true, 1, 31),

phpBB/includes/acp/info/acp_email.php

@@ -20,7 +20,7 @@ class acp_email_info
 			'title'		=> 'ACP_MASS_EMAIL',
 			'version'	=> '1.0.0',
 			'modes'		=> array(
-				'email'		=> array('title' => 'ACP_MASS_EMAIL', 'auth' => 'acl_a_email', 'cat' => array('ACP_GENERAL_TASKS')),
+				'email'		=> array('title' => 'ACP_MASS_EMAIL', 'auth' => 'acl_a_email && cfg_email_enable', 'cat' => array('ACP_GENERAL_TASKS')),
 			),
 		);
 	}

phpBB/includes/auth.php

@@ -71,7 +71,46 @@ class auth
 			$this->acl_cache($userdata);
 		}
 
-		$user_permissions = explode("\n", $userdata['user_permissions']);
+		// Fill ACL array
+		$this->_fill_acl($userdata['user_permissions']);
+
+		// Verify bitstring length with options provided...
+		$renew = false;
+		$global_length = sizeof($this->acl_options['global']);
+		$local_length = sizeof($this->acl_options['local']);
+
+		// Specify comparing length (bitstring is padded to 31 bits)
+		$global_length = ($global_length % 31) ? ($global_length - ($global_length % 31) + 31) : $global_length;
+		$local_length = ($local_length % 31) ? ($local_length - ($local_length % 31) + 31) : $local_length;
+
+		// You thought we are finished now? Noooo... now compare them.
+		foreach ($this->acl as $forum_id => $bitstring)
+		{
+			if (($forum_id && strlen($bitstring) != $local_length) || (!$forum_id && strlen($bitstring) != $global_length))
+			{
+				$renew = true;
+				break;
+			}
+		}
+
+		// If a bitstring within the list does not match the options, we have a user with incorrect permissions set and need to renew them
+		if ($renew)
+		{
+			$this->acl_cache($userdata);
+			$this->_fill_acl($userdata['user_permissions']);
+		}
+
+		return;
+	}
+
+	/**
+	* Fill ACL array with relevant bitstrings from user_permissions column
+	* @access private
+	*/
+	function _fill_acl($user_permissions)
+	{
+		$this->acl = array();
+		$user_permissions = explode("\n", $user_permissions);
 
 		foreach ($user_permissions as $f => $seq)
 		{
@@ -92,8 +131,6 @@ class auth
 				}
 			}
 		}
-
-		return;
 	}
 
 	/**
@@ -169,7 +206,7 @@ class auth
 
 				$sql = 'SELECT forum_id
 					FROM ' . FORUMS_TABLE;
-				
+
 				if (sizeof($this->acl))
 				{
 					$sql .= ' WHERE ' . $db->sql_in_set('forum_id', array_keys($this->acl), true);
@@ -184,7 +221,7 @@ class auth
 				$db->sql_freeresult($result);
 			}
 		}
-		
+
 		if (isset($this->acl_options['local'][$opt]))
 		{
 			foreach ($this->acl as $f => $bitstring)
@@ -418,7 +455,7 @@ class auth
 
 				// The line number indicates the id, therefore we have to add empty lines for those ids not present
 				$hold_str .= str_repeat("\n", $f - $last_f);
-			
+
 				// Convert bitstring for storage - we do not use binary/bytes because PHP's string functions are not fully binary safe
 				for ($i = 0, $bit_length = strlen($bitstring); $i < $bit_length; $i += 31)
 				{
@@ -549,7 +586,7 @@ class auth
 		// Now the role settings - user-specific
 		$sql_ary[] = 'SELECT a.user_id, a.forum_id, r.auth_option_id, r.auth_setting, r.auth_option_id' . $sql_opts_select . '
 			FROM ' . ACL_USERS_TABLE . ' a, ' . ACL_ROLES_DATA_TABLE . ' r' . $sql_opts_from . '
-			WHERE a.auth_role_id = r.role_id ' . 
+			WHERE a.auth_role_id = r.role_id ' .
 				(($sql_opts_from) ? 'AND r.auth_option_id = ao.auth_option_id ' : '') .
 				(($sql_user) ? 'AND a.' . $sql_user : '') . "
 				$sql_forum
@@ -607,7 +644,7 @@ class auth
 					if ($row['auth_setting'] == ACL_NEVER)
 					{
 						$flag = substr($option, 0, strpos($option, '_') + 1);
-	
+
 						if (isset($hold_ary[$row['user_id']][$row['forum_id']][$flag]) && $hold_ary[$row['user_id']][$row['forum_id']][$flag] == ACL_YES)
 						{
 							unset($hold_ary[$row['user_id']][$row['forum_id']][$flag]);
@@ -800,7 +837,7 @@ class auth
 			{
 				$this->_set_group_hold_ary($hold_ary[$row['forum_id']], $row['auth_option_id'], $row['auth_setting']);
 			}
-			else
+			else if (!empty($this->role_cache[$row['auth_role_id']]))
 			{
 				foreach (unserialize($this->role_cache[$row['auth_role_id']]) as $option_id => $setting)
 				{
@@ -827,7 +864,7 @@ class auth
 			{
 				$flag = substr($this->acl_options['option'][$option_id], 0, strpos($this->acl_options['option'][$option_id], '_') + 1);
 				$flag = (int) $this->acl_options['id'][$flag];
-		
+
 				if (isset($hold_ary[$flag]) && $hold_ary[$flag] == ACL_YES)
 				{
 					unset($hold_ary[$flag]);

phpBB/includes/auth/auth_apache.php

@@ -148,8 +148,8 @@ function autologin_apache()
 
 	if (!empty($php_auth_user) && !empty($php_auth_pw))
 	{
-		set_var($php_auth_user, $php_auth_user, 'string');
-		set_var($php_auth_pw, $php_auth_pw, 'string');
+		set_var($php_auth_user, $php_auth_user, 'string', true);
+		set_var($php_auth_pw, $php_auth_pw, 'string', true);
 
 		$sql = 'SELECT *
 			FROM ' . USERS_TABLE . "
@@ -233,7 +233,7 @@ function validate_session_apache(&$user)
 	}
 
 	$php_auth_user = '';
-	set_var($php_auth_user, $_SERVER['PHP_AUTH_USER'], 'string');
+	set_var($php_auth_user, $_SERVER['PHP_AUTH_USER'], 'string', true);
 
 	return ($php_auth_user === $user['username']) ? true : false;
 }

phpBB/includes/bbcode.php

@@ -134,10 +134,21 @@ class bbcode
 		{
 			$this->template_bitfield = new bitfield($user->theme['bbcode_bitfield']);
 			$this->template_filename = $phpbb_root_path . 'styles/' . $user->theme['template_path'] . '/template/bbcode.html';
-
+			
 			if (!@file_exists($this->template_filename))
 			{
-				trigger_error('The file ' . $this->template_filename . ' is missing.', E_USER_ERROR);
+				if (isset($user->theme['template_inherits_id']) && $user->theme['template_inherits_id'])
+				{
+					$this->template_filename = $phpbb_root_path . 'styles/' . $user->theme['template_inherit_path'] . '/template/bbcode.html';
+					if (!@file_exists($this->template_filename))
+					{
+						trigger_error('The file ' . $this->template_filename . ' is missing.', E_USER_ERROR);
+					}
+				}
+				else
+				{
+					trigger_error('The file ' . $this->template_filename . ' is missing.', E_USER_ERROR);
+				}
 			}
 		}
 

phpBB/includes/cache.php

@@ -63,7 +63,7 @@ class cache extends acm
 
 			$this->put('config', $cached_config);
 		}
-	
+
 		return $config;
 	}
 
@@ -103,7 +103,7 @@ class cache extends acm
 		if (($icons = $this->get('_icons')) === false)
 		{
 			global $db;
-	
+
 			// Topic icons
 			$sql = 'SELECT *
 				FROM ' . ICONS_TABLE . '
@@ -134,7 +134,7 @@ class cache extends acm
 		if (($ranks = $this->get('_ranks')) === false)
 		{
 			global $db;
-	
+
 			$sql = 'SELECT *
 				FROM ' . RANKS_TABLE . '
 				ORDER BY rank_min DESC';
@@ -284,7 +284,7 @@ class cache extends acm
 		if (($bots = $this->get('_bots')) === false)
 		{
 			global $db;
-	
+
 			switch ($db->sql_layer)
 			{
 				case 'mssql':
@@ -321,7 +321,7 @@ class cache extends acm
 
 			$this->put('_bots', $bots);
 		}
-	
+
 		return $bots;
 	}
 

phpBB/includes/constants.php

@@ -24,6 +24,9 @@ if (!defined('IN_PHPBB'))
 * PHPBB_ADMIN_PATH
 */
 
+// phpBB Version
+define('PHPBB_VERSION', '3.0.4');
+
 // QA-related
 // define('PHPBB_QA', 1);
 
@@ -171,6 +174,16 @@ define('FIELD_BOOL', 4);
 define('FIELD_DROPDOWN', 5);
 define('FIELD_DATE', 6);
 
+// referer validation
+define('REFERER_VALIDATE_NONE', 0);
+define('REFERER_VALIDATE_HOST', 1);
+define('REFERER_VALIDATE_PATH', 2);
+
+// phpbb_chmod() permissions
+@define('CHMOD_ALL', 7);
+@define('CHMOD_READ', 4);
+@define('CHMOD_WRITE', 2);
+@define('CHMOD_EXECUTE', 1);
 
 // Additional constants
 define('VOTE_CONVERTED', 127);

phpBB/includes/db/db_tools.php

@@ -265,7 +265,7 @@ class phpbb_db_tools
 			break;
 
 			case 'mysql4':
-				if (version_compare($this->db->mysql_version, '4.1.3', '>='))
+				if (version_compare($this->db->sql_server_info(true), '4.1.3', '>='))
 				{
 					$this->sql_layer = 'mysql_41';
 				}
@@ -593,7 +593,7 @@ class phpbb_db_tools
 
 	/**
 	* Private method for performing sql statements (either execute them or return them)
-	* @private
+	* @access private
 	*/
 	function _sql_run_sql($statements)
 	{
@@ -624,7 +624,7 @@ class phpbb_db_tools
 
 	/**
 	* Function to prepare some column information for better usage
-	* @private
+	* @access private
 	*/
 	function sql_prepare_column_data($table_name, $column_name, $column_data)
 	{

phpBB/includes/db/dbal.php

@@ -34,7 +34,7 @@ class dbal
 	var $query_hold = '';
 	var $html_hold = '';
 	var $sql_report = '';
-	
+
 	var $persistency = false;
 	var $user = '';
 	var $server = '';
@@ -47,7 +47,7 @@ class dbal
 	var $sql_error_sql = '';
 	// Holding the error information - only populated if sql_error_triggered is set
 	var $sql_error_returned = array();
-	
+
 	// Holding transaction count
 	var $transactions = 0;
 
@@ -65,6 +65,11 @@ class dbal
 	var $any_char;
 	var $one_char;
 
+	/**
+	* Exact version of the DBAL, directly queried
+	*/
+	var $sql_server_version = false;
+
 	/**
 	* Constructor
 	*/
@@ -137,8 +142,14 @@ class dbal
 		{
 			$this->sql_freeresult($query_id);
 		}
-		
-		return $this->_sql_close();
+
+		// Connection closed correctly. Set db_connect_id to false to prevent errors
+		if ($result = $this->_sql_close())
+		{
+			$this->db_connect_id = false;
+		}
+
+		return $result;
 	}
 
 	/**
@@ -179,7 +190,7 @@ class dbal
 
 			return $result;
 		}
-		
+
 		return false;
 	}
 
@@ -300,7 +311,7 @@ class dbal
 	* Build sql statement from array for insert/update/select statements
 	*
 	* Idea for this from Ikonboard
-	* Possible query values: INSERT, INSERT_SELECT, MULTI_INSERT, UPDATE, SELECT
+	* Possible query values: INSERT, INSERT_SELECT, UPDATE, SELECT
 	*
 	*/
 	function sql_build_array($query, $assoc_ary = false)
@@ -333,24 +344,7 @@ class dbal
 		}
 		else if ($query == 'MULTI_INSERT')
 		{
-			$ary = array();
-			foreach ($assoc_ary as $id => $sql_ary)
-			{
-				// If by accident the sql array is only one-dimensional we build a normal insert statement
-				if (!is_array($sql_ary))
-				{
-					return $this->sql_build_array('INSERT', $assoc_ary);
-				}
-
-				$values = array();
-				foreach ($sql_ary as $key => $var)
-				{
-					$values[] = $this->_sql_validate_value($var);
-				}
-				$ary[] = '(' . implode(', ', $values) . ')';
-			}
-
-			$query = ' (' . implode(', ', array_keys($assoc_ary[0])) . ') VALUES ' . implode(', ', $ary);
+			trigger_error('The MULTI_INSERT query value is no longer supported. Please use sql_multi_insert() instead.', E_USER_ERROR);
 		}
 		else if ($query == 'UPDATE' || $query == 'SELECT')
 		{
@@ -435,7 +429,25 @@ class dbal
 
 		if ($this->multi_insert)
 		{
-			$this->sql_query('INSERT INTO ' . $table . ' ' . $this->sql_build_array('MULTI_INSERT', $sql_ary));
+			$ary = array();
+			foreach ($sql_ary as $id => $_sql_ary)
+			{
+				// If by accident the sql array is only one-dimensional we build a normal insert statement
+				if (!is_array($_sql_ary))
+				{
+					$this->sql_query('INSERT INTO ' . $table . ' ' . $this->sql_build_array('INSERT', $sql_ary));
+					return true;
+				}
+
+				$values = array();
+				foreach ($_sql_ary as $key => $var)
+				{
+					$values[] = $this->_sql_validate_value($var);
+				}
+				$ary[] = '(' . implode(', ', $values) . ')';
+			}
+
+			$this->sql_query('INSERT INTO ' . $table . ' ' . ' (' . implode(', ', array_keys($sql_ary[0])) . ') VALUES ' . implode(', ', $ary));
 		}
 		else
 		{
@@ -488,19 +500,62 @@ class dbal
 
 				$sql = str_replace('_', ' ', $query) . ' ' . $array['SELECT'] . ' FROM ';
 
-				$table_array = array();
+				// Build table array. We also build an alias array for later checks.
+				$table_array = $aliases = array();
+				$used_multi_alias = false;
+
 				foreach ($array['FROM'] as $table_name => $alias)
 				{
 					if (is_array($alias))
 					{
+						$used_multi_alias = true;
+
 						foreach ($alias as $multi_alias)
 						{
 							$table_array[] = $table_name . ' ' . $multi_alias;
+							$aliases[] = $multi_alias;
 						}
 					}
 					else
 					{
 						$table_array[] = $table_name . ' ' . $alias;
+						$aliases[] = $alias;
+					}
+				}
+
+				// We run the following code to determine if we need to re-order the table array. ;)
+				// The reason for this is that for multi-aliased tables (two equal tables) in the FROM statement the last table need to match the first comparison.
+				// DBMS who rely on this: Oracle, PostgreSQL and MSSQL. For all other DBMS it makes absolutely no difference in which order the table is.
+				if (!empty($array['LEFT_JOIN']) && sizeof($array['FROM']) > 1 && $used_multi_alias !== false)
+				{
+					// Take first LEFT JOIN
+					$join = current($array['LEFT_JOIN']);
+
+					// Determine the table used there (even if there are more than one used, we only want to have one
+					preg_match('/(' . implode('|', $aliases) . ')\.[^\s]+/U', str_replace(array('(', ')', 'AND', 'OR', ' '), '', $join['ON']), $matches);
+
+					// If there is a first join match, we need to make sure the table order is correct
+					if (!empty($matches[1]))
+					{
+						$first_join_match = trim($matches[1]);
+						$table_array = $last = array();
+
+						foreach ($array['FROM'] as $table_name => $alias)
+						{
+							if (is_array($alias))
+							{
+								foreach ($alias as $multi_alias)
+								{
+									($multi_alias === $first_join_match) ? $last[] = $table_name . ' ' . $multi_alias : $table_array[] = $table_name . ' ' . $multi_alias;
+								}
+							}
+							else
+							{
+								($alias === $first_join_match) ? $last[] = $table_name . ' ' . $alias : $table_array[] = $table_name . ' ' . $alias;
+							}
+						}
+
+						$table_array = array_merge($table_array, $last);
 					}
 				}
 
@@ -700,7 +755,7 @@ class dbal
 					</tr>
 					</tbody>
 					</table>
-					
+
 					' . $this->html_hold . '
 
 					<p style="text-align: center;">
@@ -728,24 +783,24 @@ class dbal
 			case 'start':
 				$this->query_hold = $query;
 				$this->html_hold = '';
-			
+
 				$this->_sql_report($mode, $query);
 
 				$this->curtime = explode(' ', microtime());
 				$this->curtime = $this->curtime[0] + $this->curtime[1];
 
 			break;
-			
+
 			case 'add_select_row':
 
 				$html_table = func_get_arg(2);
 				$row = func_get_arg(3);
-				
+
 				if (!$html_table && sizeof($row))
 				{
 					$html_table = true;
 					$this->html_hold .= '<table cellspacing="1"><tr>';
-								
+
 					foreach (array_keys($row) as $val)
 					{
 						$this->html_hold .= '<th>' . (($val) ? ucwords(str_replace('_', ' ', $val)) : '&nbsp;') . '</th>';
@@ -761,7 +816,7 @@ class dbal
 					$this->html_hold .= '<td class="' . $class . '">' . (($val) ? $val : '&nbsp;') . '</td>';
 				}
 				$this->html_hold .= '</tr>';
-			
+
 				return $html_table;
 
 			break;
@@ -792,7 +847,7 @@ class dbal
 			break;
 
 			default:
-			
+
 				$this->_sql_report($mode, $query);
 
 			break;

phpBB/includes/db/firebird.php

@@ -37,26 +37,42 @@ class dbal_firebird extends dbal
 		$this->persistency = $persistency;
 		$this->user = $sqluser;
 		$this->server = $sqlserver . (($port) ? ':' . $port : '');
-		$this->dbname = $database;
+		$this->dbname = str_replace('\\', '/', $database);
 
-		$this->db_connect_id = ($this->persistency) ? @ibase_pconnect($this->server . ':' . $this->dbname, $this->user, $sqlpassword, false, false, 3) : @ibase_connect($this->server . ':' . $this->dbname, $this->user, $sqlpassword, false, false, 3);
+		// There are three possibilities to connect to an interbase db
+		if (!$this->server)
+		{
+			$use_database = $this->dbname;
+		}
+		else if (strpos($this->server, '//') === 0)
+		{
+			$use_database = $this->server . $this->dbname;
+		}
+		else
+		{
+			$use_database = $this->server . ':' . $this->dbname;
+		}
 
-		$this->service_handle = (function_exists('ibase_service_attach')) ? @ibase_service_attach($this->server, $this->user, $sqlpassword) : false;
+		$this->db_connect_id = ($this->persistency) ? @ibase_pconnect($use_database, $this->user, $sqlpassword, false, false, 3) : @ibase_connect($use_database, $this->user, $sqlpassword, false, false, 3);
+
+		$this->service_handle = (function_exists('ibase_service_attach') && $this->server) ? @ibase_service_attach($this->server, $this->user, $sqlpassword) : false;
 
 		return ($this->db_connect_id) ? $this->db_connect_id : $this->sql_error('');
 	}
 
 	/**
 	* Version information about used database
+	* @param bool $raw if true, only return the fetched sql_server_version
+	* @return string sql server version
 	*/
-	function sql_server_info()
+	function sql_server_info($raw = false)
 	{
 		if ($this->service_handle !== false && function_exists('ibase_server_info'))
 		{
 			return @ibase_server_info($this->service_handle, IBASE_SVC_SERVER_VERSION);
 		}
 
-		return 'Firebird/Interbase';
+		return ($raw) ? '2.0' : 'Firebird/Interbase';
 	}
 
 	/**
@@ -238,7 +254,7 @@ class dbal_firebird extends dbal
 			return false;
 		}
 
-		return ($this->query_result) ? $this->query_result : false;
+		return $this->query_result;
 	}
 
 	/**
@@ -409,7 +425,7 @@ class dbal_firebird extends dbal
 	*/
 	function sql_escape($msg)
 	{
-		return str_replace("'", "''", $msg);
+		return str_replace(array("'", "\0"), array("''", ''), $msg);
 	}
 
 	/**

phpBB/includes/db/mssql.php

@@ -32,9 +32,11 @@ class dbal_mssql extends dbal
 	{
 		$this->persistency = $persistency;
 		$this->user = $sqluser;
-		$this->server = $sqlserver . (($port) ? ':' . $port : '');
 		$this->dbname = $database;
 
+		$port_delimiter = (defined('PHP_OS') && substr(PHP_OS, 0, 3) === 'WIN') ? ',' : ':';
+		$this->server = $sqlserver . (($port) ? $port_delimiter . $port : '');
+
 		@ini_set('mssql.charset', 'UTF-8');
 		@ini_set('mssql.textlimit', 2147483647);
 		@ini_set('mssql.textsize', 2147483647);
@@ -62,24 +64,38 @@ class dbal_mssql extends dbal
 
 	/**
 	* Version information about used database
+	* @param bool $raw if true, only return the fetched sql_server_version
+	* @return string sql server version
 	*/
-	function sql_server_info()
+	function sql_server_info($raw = false)
 	{
-		$result_id = @mssql_query("SELECT SERVERPROPERTY('productversion'), SERVERPROPERTY('productlevel'), SERVERPROPERTY('edition')", $this->db_connect_id);
+		global $cache;
 
-		$row = false;
-		if ($result_id)
+		if (empty($cache) || ($this->sql_server_version = $cache->get('mssql_version')) === false)
 		{
-			$row = @mssql_fetch_assoc($result_id);
-			@mssql_free_result($result_id);
+			$result_id = @mssql_query("SELECT SERVERPROPERTY('productversion'), SERVERPROPERTY('productlevel'), SERVERPROPERTY('edition')", $this->db_connect_id);
+
+			$row = false;
+			if ($result_id)
+			{
+				$row = @mssql_fetch_assoc($result_id);
+				@mssql_free_result($result_id);
+			}
+
+			$this->sql_server_version = ($row) ? trim(implode(' ', $row)) : 0;
+
+			if (!empty($cache))
+			{
+				$cache->put('mssql_version', $this->sql_server_version);
+			}
 		}
 
-		if ($row)
+		if ($raw)
 		{
-			return 'MSSQL<br />' . implode(' ', $row);
+			return $this->sql_server_version;
 		}
 
-		return 'MSSQL';
+		return ($this->sql_server_version) ? 'MSSQL<br />' . $this->sql_server_version : 'MSSQL';
 	}
 
 	/**
@@ -162,7 +178,7 @@ class dbal_mssql extends dbal
 			return false;
 		}
 
-		return ($this->query_result) ? $this->query_result : false;
+		return $this->query_result;
 	}
 
 	/**
@@ -312,7 +328,7 @@ class dbal_mssql extends dbal
 	*/
 	function sql_escape($msg)
 	{
-		return str_replace("'", "''", $msg);
+		return str_replace(array("'", "\0"), array("''", ''), $msg);
 	}
 
 	/**

phpBB/includes/db/mssql_odbc.php

@@ -40,9 +40,11 @@ class dbal_mssql_odbc extends dbal
 	{
 		$this->persistency = $persistency;
 		$this->user = $sqluser;
-		$this->server = $sqlserver . (($port) ? ':' . $port : '');
 		$this->dbname = $database;
 
+		$port_delimiter = (defined('PHP_OS') && substr(PHP_OS, 0, 3) === 'WIN') ? ',' : ':';
+		$this->server = $sqlserver . (($port) ? $port_delimiter . $port : '');
+
 		$max_size = @ini_get('odbc.defaultlrl');
 		if (!empty($max_size))
 		{
@@ -73,24 +75,38 @@ class dbal_mssql_odbc extends dbal
 
 	/**
 	* Version information about used database
+	* @param bool $raw if true, only return the fetched sql_server_version
+	* @return string sql server version
 	*/
-	function sql_server_info()
+	function sql_server_info($raw = false)
 	{
-		$result_id = @odbc_exec($this->db_connect_id, "SELECT SERVERPROPERTY('productversion'), SERVERPROPERTY('productlevel'), SERVERPROPERTY('edition')");
+		global $cache;
 
-		$row = false;
-		if ($result_id)
+		if (empty($cache) || ($this->sql_server_version = $cache->get('mssqlodbc_version')) === false)
 		{
-			$row = @odbc_fetch_array($result_id);
-			@odbc_free_result($result_id);
+			$result_id = @odbc_exec($this->db_connect_id, "SELECT SERVERPROPERTY('productversion'), SERVERPROPERTY('productlevel'), SERVERPROPERTY('edition')");
+
+			$row = false;
+			if ($result_id)
+			{
+				$row = @odbc_fetch_array($result_id);
+				@odbc_free_result($result_id);
+			}
+
+			$this->sql_server_version = ($row) ? trim(implode(' ', $row)) : 0;
+
+			if (!empty($cache))
+			{
+				$cache->put('mssqlodbc_version', $this->sql_server_version);
+			}
 		}
 
-		if ($row)
+		if ($raw)
 		{
-			return 'MSSQL (ODBC)<br />' . implode(' ', $row);
+			return $this->sql_server_version;
 		}
 
-		return 'MSSQL (ODBC)';
+		return ($this->sql_server_version) ? 'MSSQL (ODBC)<br />' . $this->sql_server_version : 'MSSQL (ODBC)';
 	}
 
 	/**
@@ -174,7 +190,7 @@ class dbal_mssql_odbc extends dbal
 			return false;
 		}
 
-		return ($this->query_result) ? $this->query_result : false;
+		return $this->query_result;
 	}
 
 	/**
@@ -333,7 +349,7 @@ class dbal_mssql_odbc extends dbal
 	*/
 	function sql_escape($msg)
 	{
-		return str_replace("'", "''", $msg);
+		return str_replace(array("'", "\0"), array("''", ''), $msg);
 	}
 
 	/**

phpBB/includes/db/mysql.php

@@ -29,7 +29,6 @@ include_once($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
 */
 class dbal_mysql extends dbal
 {
-	var $mysql_version;
 	var $multi_insert = true;
 
 	/**
@@ -52,13 +51,12 @@ class dbal_mysql extends dbal
 			if (@mysql_select_db($this->dbname, $this->db_connect_id))
 			{
 				// Determine what version we are using and if it natively supports UNICODE
-				$this->mysql_version = mysql_get_server_info($this->db_connect_id);
-
-				if (version_compare($this->mysql_version, '4.1.3', '>='))
+				if (version_compare($this->sql_server_info(true), '4.1.3', '>='))
 				{
 					@mysql_query("SET NAMES 'utf8'", $this->db_connect_id);
+
 					// enforce strict mode on databases that support it
-					if (version_compare($this->mysql_version, '5.0.2', '>='))
+					if (version_compare($this->sql_server_info(true), '5.0.2', '>='))
 					{
 						$result = @mysql_query('SELECT @@session.sql_mode AS sql_mode', $this->db_connect_id);
 						$row = @mysql_fetch_assoc($result);
@@ -83,7 +81,7 @@ class dbal_mysql extends dbal
 						@mysql_query("SET SESSION sql_mode='{$mode}'", $this->db_connect_id);
 					}
 				}
-				else if (version_compare($this->mysql_version, '4.0.0', '<'))
+				else if (version_compare($this->sql_server_info(true), '4.0.0', '<'))
 				{
 					$this->sql_layer = 'mysql';
 				}
@@ -97,10 +95,28 @@ class dbal_mysql extends dbal
 
 	/**
 	* Version information about used database
+	* @param bool $raw if true, only return the fetched sql_server_version
+	* @return string sql server version
 	*/
-	function sql_server_info()
+	function sql_server_info($raw = false)
 	{
-		return 'MySQL ' . $this->mysql_version;
+		global $cache;
+
+		if (empty($cache) || ($this->sql_server_version = $cache->get('mysql_version')) === false)
+		{
+			$result = @mysql_query('SELECT VERSION() AS version', $this->db_connect_id);
+			$row = @mysql_fetch_assoc($result);
+			@mysql_free_result($result);
+
+			$this->sql_server_version = $row['version'];
+
+			if (!empty($cache))
+			{
+				$cache->put('mysql_version', $this->sql_server_version);
+			}
+		}
+
+		return ($raw) ? $this->sql_server_version : 'MySQL ' . $this->sql_server_version;
 	}
 
 	/**
@@ -183,7 +199,7 @@ class dbal_mysql extends dbal
 			return false;
 		}
 
-		return ($this->query_result) ? $this->query_result : false;
+		return $this->query_result;
 	}
 
 	/**
@@ -367,13 +383,9 @@ class dbal_mysql extends dbal
 		if ($test_prof === null)
 		{
 			$test_prof = false;
-			if (strpos($this->mysql_version, 'community') !== false)
+			if (version_compare($this->sql_server_info(true), '5.0.37', '>=') && version_compare($this->sql_server_info(true), '5.1', '<'))
 			{
-				$ver = substr($this->mysql_version, 0, strpos($this->mysql_version, '-'));
-				if (version_compare($ver, '5.0.37', '>=') && version_compare($ver, '5.1', '<'))
-				{
-					$test_prof = true;
-				}
+				$test_prof = true;
 			}
 		}
 

phpBB/includes/db/mysqli.php

@@ -45,12 +45,14 @@ class dbal_mysqli extends dbal
 		if ($this->db_connect_id && $this->dbname != '')
 		{
 			@mysqli_query($this->db_connect_id, "SET NAMES 'utf8'");
+
 			// enforce strict mode on databases that support it
-			if (mysqli_get_server_version($this->db_connect_id) >= 50002)
+			if (version_compare($this->sql_server_info(true), '5.0.2', '>='))
 			{
 				$result = @mysqli_query($this->db_connect_id, 'SELECT @@session.sql_mode AS sql_mode');
 				$row = @mysqli_fetch_assoc($result);
 				@mysqli_free_result($result);
+
 				$modes = array_map('trim', explode(',', $row['sql_mode']));
 
 				// TRADITIONAL includes STRICT_ALL_TABLES and STRICT_TRANS_TABLES
@@ -78,10 +80,28 @@ class dbal_mysqli extends dbal
 
 	/**
 	* Version information about used database
+	* @param bool $raw if true, only return the fetched sql_server_version
+	* @return string sql server version
 	*/
-	function sql_server_info()
+	function sql_server_info($raw = false)
 	{
-		return 'MySQL(i) ' . @mysqli_get_server_info($this->db_connect_id);
+		global $cache;
+
+		if (empty($cache) || ($this->sql_server_version = $cache->get('mysqli_version')) === false)
+		{
+			$result = @mysqli_query($this->db_connect_id, 'SELECT VERSION() AS version');
+			$row = @mysqli_fetch_assoc($result);
+			@mysqli_free_result($result);
+
+			$this->sql_server_version = $row['version'];
+
+			if (!empty($cache))
+			{
+				$cache->put('mysqli_version', $this->sql_server_version);
+			}
+		}
+
+		return ($raw) ? $this->sql_server_version : 'MySQL(i) ' . $this->sql_server_version;
 	}
 
 	/**
@@ -163,7 +183,7 @@ class dbal_mysqli extends dbal
 			return false;
 		}
 
-		return ($this->query_result) ? $this->query_result : false;
+		return $this->query_result;
 	}
 
 	/**

phpBB/includes/db/oracle.php

@@ -55,10 +55,31 @@ class dbal_oracle extends dbal
 
 	/**
 	* Version information about used database
+	* @param bool $raw if true, only return the fetched sql_server_version
+	* @return string sql server version
 	*/
-	function sql_server_info()
+	function sql_server_info($raw = false)
 	{
-		return @ociserverversion($this->db_connect_id);
+/*
+		global $cache;
+
+		if (empty($cache) || ($this->sql_server_version = $cache->get('oracle_version')) === false)
+		{
+			$result = @ociparse($this->db_connect_id, 'SELECT * FROM v$version WHERE banner LIKE \'Oracle%\'');
+			@ociexecute($result, OCI_DEFAULT);
+			@ocicommit($this->db_connect_id);
+
+			$row = array();
+			@ocifetchinto($result, $row, OCI_ASSOC + OCI_RETURN_NULLS);
+			@ocifreestatement($result);
+			$this->sql_server_version = trim($row['BANNER']);
+
+			$cache->put('oracle_version', $this->sql_server_version);
+		}
+*/
+		$this->sql_server_version = @ociserverversion($this->db_connect_id);
+
+		return $this->sql_server_version;
 	}
 
 	/**
@@ -168,7 +189,7 @@ class dbal_oracle extends dbal
 					$out .= ' ' . $val[1] . '(';
 					$in_array = array();
 
-					// constuct each IN() clause	
+					// constuct each IN() clause
 					foreach ($in_clause as $in_values)
 					{
 						$in_array[] = $val[2] . ' ' . (isset($val[6]) ? $val[6] : '') . 'IN(' . implode(', ', $in_values) . ')';
@@ -355,7 +376,7 @@ class dbal_oracle extends dbal
 			return false;
 		}
 
-		return ($this->query_result) ? $this->query_result : false;
+		return $this->query_result;
 	}
 
 	/**
@@ -530,7 +551,7 @@ class dbal_oracle extends dbal
 	*/
 	function sql_escape($msg)
 	{
-		return str_replace("'", "''", $msg);
+		return str_replace(array("'", "\0"), array("''", ''), $msg);
 	}
 
 	/**

phpBB/includes/db/postgres.php

@@ -26,7 +26,6 @@ include_once($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
 class dbal_postgres extends dbal
 {
 	var $last_query_text = '';
-	var $pgsql_version;
 	
 	/**
 	* Connect to server
@@ -81,24 +80,7 @@ class dbal_postgres extends dbal
 
 		if ($this->db_connect_id)
 		{
-			// determine what version of PostgreSQL is running, we can be more efficient if they are running 8.2+
-			if (version_compare(PHP_VERSION, '5.0.0', '>='))
-			{
-				$this->pgsql_version = @pg_parameter_status($this->db_connect_id, 'server_version');
-			}
-			else
-			{
-				$query_id = @pg_query($this->db_connect_id, 'SELECT VERSION()');
-				$row = @pg_fetch_assoc($query_id, null);
-				@pg_free_result($query_id);
-
-				if (!empty($row['version']))
-				{
-					$this->pgsql_version = substr($row['version'], 10);
-				}
-			}
-
-			if (!empty($this->pgsql_version) && $this->pgsql_version[0] >= '8' && $this->pgsql_version[2] >= '2')
+			if (version_compare($this->sql_server_info(true), '8.2', '>='))
 			{
 				$this->multi_insert = true;
 			}
@@ -115,10 +97,28 @@ class dbal_postgres extends dbal
 
 	/**
 	* Version information about used database
+	* @param bool $raw if true, only return the fetched sql_server_version
+	* @return string sql server version
 	*/
-	function sql_server_info()
+	function sql_server_info($raw = false)
 	{
-		return 'PostgreSQL ' . $this->pgsql_version;
+		global $cache;
+
+		if (empty($cache) || ($this->sql_server_version = $cache->get('pgsql_version')) === false)
+		{
+			$query_id = @pg_query($this->db_connect_id, 'SELECT VERSION() AS version');
+			$row = @pg_fetch_assoc($query_id, null);
+			@pg_free_result($query_id);
+
+			$this->sql_server_version = (!empty($row['version'])) ? trim(substr($row['version'], 10)) : 0;
+
+			if (!empty($cache))
+			{
+				$cache->put('pgsql_version', $this->sql_server_version);
+			}
+		}
+
+		return ($raw) ? $this->sql_server_version : 'PostgreSQL ' . $this->sql_server_version;
 	}
 
 	/**
@@ -202,7 +202,7 @@ class dbal_postgres extends dbal
 			return false;
 		}
 
-		return ($this->query_result) ? $this->query_result : false;
+		return $this->query_result;
 	}
 
 	/**

phpBB/includes/db/sqlite.php

@@ -41,18 +41,31 @@ class dbal_sqlite extends dbal
 		if ($this->db_connect_id)
 		{
 			@sqlite_query('PRAGMA short_column_names = 1', $this->db_connect_id);
+//			@sqlite_query('PRAGMA encoding = "UTF-8"', $this->db_connect_id);
 		}
 
-		
 		return ($this->db_connect_id) ? true : array('message' => $error);
 	}
 
 	/**
 	* Version information about used database
+	* @param bool $raw if true, only return the fetched sql_server_version
+	* @return string sql server version
 	*/
-	function sql_server_info()
+	function sql_server_info($raw = false)
 	{
-		return 'SQLite ' . @sqlite_libversion();
+		global $cache;
+
+		if (empty($cache) || ($this->sql_server_version = $cache->get('sqlite_version')) === false)
+		{
+			$result = @sqlite_query('SELECT sqlite_version() AS version', $this->db_connect_id);
+			$row = @sqlite_fetch_array($result, SQLITE_ASSOC);
+
+			$this->sql_server_version = (!empty($row['version'])) ? $row['version'] : 0;
+			$cache->put('sqlite_version', $this->sql_server_version);
+		}
+
+		return ($raw) ? $this->sql_server_version : 'SQLite ' . $this->sql_server_version;
 	}
 
 	/**
@@ -135,7 +148,7 @@ class dbal_sqlite extends dbal
 			return false;
 		}
 
-		return ($this->query_result) ? $this->query_result : false;
+		return $this->query_result;
 	}
 
 	/**

phpBB/includes/diff/diff.php

@@ -17,7 +17,7 @@ if (!defined('IN_PHPBB'))
 }
 
 /**
-* Code from pear.php.net, Text_Diff-0.2.1 (beta) package
+* Code from pear.php.net, Text_Diff-1.0.0 package
 * http://pear.php.net/package/Text_Diff/
 *
 * Modified by phpBB Group to meet our coding standards
@@ -26,6 +26,9 @@ if (!defined('IN_PHPBB'))
 * General API for generating and formatting diffs - the differences between
 * two sequences of strings.
 *
+* Copyright 2004 Geoffrey T. Dairiki <dairiki@dairiki.org>
+* Copyright 2004-2008 The Horde Project (http://www.horde.org/)
+*
 * @package diff
 * @author  Geoffrey T. Dairiki <dairiki@dairiki.org>
 */
@@ -45,7 +48,7 @@ class diff
 	*/
 	function diff(&$from_content, &$to_content, $preserve_cr = true)
 	{
-		$diff_engine = &new diff_engine();
+		$diff_engine = new diff_engine();
 		$this->_edits = $diff_engine->diff($from_content, $to_content, $preserve_cr);
 	}
 
@@ -62,7 +65,7 @@ class diff
 	*
 	* Example:
 	* <code>
-	* $diff = &new diff($lines1, $lines2);
+	* $diff = new diff($lines1, $lines2);
 	* $rev = $diff->reverse();
 	* </code>
 	*
@@ -285,7 +288,7 @@ class diff_op
 	var $orig;
 	var $final;
 
-	function reverse()
+	function &reverse()
 	{
 		trigger_error('[diff] Abstract method', E_USER_ERROR);
 	}
@@ -321,7 +324,7 @@ class diff_op_copy extends diff_op
 
 	function &reverse()
 	{
-		$reverse = &new diff_op_copy($this->final, $this->orig);
+		$reverse = new diff_op_copy($this->final, $this->orig);
 		return $reverse;
 	}
 }
@@ -342,7 +345,7 @@ class diff_op_delete extends diff_op
 
 	function &reverse()
 	{
-		$reverse = &new diff_op_add($this->orig);
+		$reverse = new diff_op_add($this->orig);
 		return $reverse;
 	}
 }
@@ -363,7 +366,7 @@ class diff_op_add extends diff_op
 
 	function &reverse()
 	{
-		$reverse = &new diff_op_delete($this->final);
+		$reverse = new diff_op_delete($this->final);
 		return $reverse;
 	}
 }
@@ -384,7 +387,7 @@ class diff_op_change extends diff_op
 
 	function &reverse()
 	{
-		$reverse = &new diff_op_change($this->final, $this->orig);
+		$reverse = new diff_op_change($this->final, $this->orig);
 		return $reverse;
 	}
 }
@@ -413,7 +416,7 @@ class diff3 extends diff
 	*/
 	function diff3(&$orig, &$final1, &$final2)
 	{
-		$diff_engine = &new diff_engine();
+		$diff_engine = new diff_engine();
 
 		$diff_1 = $diff_engine->diff($orig, $final1);
 		$diff_2 = $diff_engine->diff($orig, $final2);
@@ -548,7 +551,7 @@ class diff3 extends diff
 	function _diff3(&$edits1, &$edits2)
 	{
 		$edits = array();
-		$bb = &new diff3_block_builder();
+		$bb = new diff3_block_builder();
 
 		$e1 = current($edits1);
 		$e2 = current($edits2);
@@ -565,7 +568,7 @@ class diff3 extends diff
 				}
 
 				$ncopy = min($e1->norig(), $e2->norig());
-				$edits[] = &new diff3_op_copy(array_slice($e1->orig, 0, $ncopy));
+				$edits[] = new diff3_op_copy(array_slice($e1->orig, 0, $ncopy));
 
 				if ($e1->norig() > $ncopy)
 				{
@@ -759,7 +762,7 @@ class diff3_block_builder
 		}
 		else
 		{
-			$edit = &new diff3_op($this->orig, $this->final1, $this->final2);
+			$edit = new diff3_op($this->orig, $this->final1, $this->final2);
 			$this->_init();
 			return $edit;
 		}

phpBB/includes/diff/engine.php

@@ -17,21 +17,20 @@ if (!defined('IN_PHPBB'))
 }
 
 /**
-* Code from pear.php.net, Text_Diff-0.2.1 (beta) package
-* http://pear.php.net/package/Text_Diff/
+* Code from pear.php.net, Text_Diff-1.0.0 package
+* http://pear.php.net/package/Text_Diff/ (native engine)
 *
 * Modified by phpBB Group to meet our coding standards
 * and being able to integrate into phpBB
 *
-* Class used internally by Diff to actually compute the diffs.  This class is
-* implemented using native PHP code.
+* Class used internally by Text_Diff to actually compute the diffs. This
+* class is implemented using native PHP code.
 *
 * The algorithm used here is mostly lifted from the perl module
 * Algorithm::Diff (version 1.06) by Ned Konz, which is available at:
 * http://www.perl.com/CPAN/authors/id/N/NE/NEDKONZ/Algorithm-Diff-1.06.zip
 *
-* More ideas are taken from:
-* http://www.ics.uci.edu/~eppstein/161/960229.html
+* More ideas are taken from: http://www.ics.uci.edu/~eppstein/161/960229.html
 *
 * Some ideas (and a bit of code) are taken from analyze.c, of GNU
 * diffutils-2.7, which can be found at:
@@ -41,6 +40,8 @@ if (!defined('IN_PHPBB'))
 * Geoffrey T. Dairiki <dairiki@dairiki.org>. The original PHP version of this
 * code was written by him, and is used/adapted with his permission.
 *
+* Copyright 2004-2008 The Horde Project (http://www.horde.org/)
+*
 * @author  Geoffrey T. Dairiki <dairiki@dairiki.org>
 * @package diff
 *
@@ -159,7 +160,7 @@ class diff_engine
 
 			if ($copy)
 			{
-				$edits[] = &new diff_op_copy($copy);
+				$edits[] = new diff_op_copy($copy);
 			}
 
 			// Find deletes & adds.
@@ -177,15 +178,15 @@ class diff_engine
 
 			if ($delete && $add)
 			{
-				$edits[] = &new diff_op_change($delete, $add);
+				$edits[] = new diff_op_change($delete, $add);
 			}
 			else if ($delete)
 			{
-				$edits[] = &new diff_op_delete($delete);
+				$edits[] = new diff_op_delete($delete);
 			}
 			else if ($add)
 			{
-				$edits[] = &new diff_op_add($add);
+				$edits[] = new diff_op_add($add);
 			}
 		}
 
@@ -251,7 +252,7 @@ class diff_engine
 				}
 			}
 
-			$x1 = $xoff + (int)(($numer + ($xlim-$xoff)*$chunk) / $nchunks);
+			$x1 = $xoff + (int)(($numer + ($xlim - $xoff) * $chunk) / $nchunks);
 
 			for (; $x < $x1; $x++)
 			{
@@ -262,7 +263,8 @@ class diff_engine
 				}
 				$matches = $ymatches[$line];
 
-				foreach ($matches as $y)
+				reset($matches);
+				while (list(, $y) = each($matches))
 				{
 					if (empty($this->in_seq[$y]))
 					{
@@ -273,7 +275,7 @@ class diff_engine
 				}
 
 				// no reset() here
-				while (list($junk, $y) = each($matches))
+				while (list(, $y) = each($matches))
 				{
 					if ($y > $this->seq[$k - 1])
 					{

phpBB/includes/diff/renderer.php

@@ -17,7 +17,7 @@ if (!defined('IN_PHPBB'))
 }
 
 /**
-* Code from pear.php.net, Text_Diff-0.2.1 (beta) package
+* Code from pear.php.net, Text_Diff-1.0.0 package
 * http://pear.php.net/package/Text_Diff/
 *
 * Modified by phpBB Group to meet our coding standards
@@ -28,6 +28,8 @@ if (!defined('IN_PHPBB'))
 * This class renders the diff in classic diff format. It is intended that
 * this class be customized via inheritance, to obtain fancier outputs.
 *
+* Copyright 2004-2008 The Horde Project (http://www.horde.org/)
+*
 * @package diff
 */
 class diff_renderer
@@ -105,7 +107,7 @@ class diff_renderer
 
 			unset($diff3);
 
-			$diff = &new diff($diff_1, $diff_2);
+			$diff = new diff($diff_1, $diff_2);
 		}
 
 		$nlead = $this->_leading_context_lines;
@@ -116,33 +118,41 @@ class diff_renderer
 
 		foreach ($diffs as $i => $edit)
 		{
+			// If these are unchanged (copied) lines, and we want to keep leading or trailing context lines, extract them from the copy block.
 			if (is_a($edit, 'diff_op_copy'))
 			{
+				// Do we have any diff blocks yet?
 				if (is_array($block))
 				{
+					// How many lines to keep as context from the copy block.
 					$keep = ($i == sizeof($diffs) - 1) ? $ntrail : $nlead + $ntrail;
 					if (sizeof($edit->orig) <= $keep)
 					{
+						// We have less lines in the block than we want for context => keep the whole block.
 						$block[] = $edit;
 					}
 					else
 					{
 						if ($ntrail)
 						{
+							// Create a new block with as many lines as we need for the trailing context.
 							$context = array_slice($edit->orig, 0, $ntrail);
-							$block[] = &new diff_op_copy($context);
+							$block[] = new diff_op_copy($context);
 						}
 
 						$output .= $this->_block($x0, $ntrail + $xi - $x0, $y0, $ntrail + $yi - $y0, $block);
 						$block = false;
 					}
 				}
+				// Keep the copy block as the context for the next block.
 				$context = $edit->orig;
 			}
 			else
 			{
+				// Don't we have any diff blocks yet?
 				if (!is_array($block))
 				{
+					// Extract context lines from the preceding copy block.
 					$context = array_slice($context, sizeof($context) - $nlead);
 					$x0 = $xi - sizeof($context);
 					$y0 = $yi - sizeof($context);
@@ -150,7 +160,7 @@ class diff_renderer
 
 					if ($context)
 					{
-						$block[] = &new diff_op_copy($context);
+						$block[] = new diff_op_copy($context);
 					}
 				}
 				$block[] = $edit;
@@ -219,6 +229,16 @@ class diff_renderer
 			$ybeg .= ',' . ($ybeg + $ylen - 1);
 		}
 
+		// this matches the GNU Diff behaviour
+		if ($xlen && !$ylen)
+		{
+			$ybeg--;
+		}
+		else if (!$xlen)
+		{
+			$xbeg--;
+		}
+
 		return $xbeg . ($xlen ? ($ylen ? 'c' : 'd') : 'a') . $ybeg;
 	}
 
@@ -449,11 +469,11 @@ class diff_renderer_inline extends diff_renderer
 		$splitted_text_1 = $this->_split_on_words($text1, $nl);
 		$splitted_text_2 = $this->_split_on_words($text2, $nl);
 
-		$diff = &new diff($splitted_text_1, $splitted_text_2);
+		$diff = new diff($splitted_text_1, $splitted_text_2);
 		unset($splitted_text_1, $splitted_text_2);
 
 		// Get the diff in inline format.
-		$renderer = &new diff_renderer_inline(array_merge($this->get_params(), array('split_level' => 'words')));
+		$renderer = new diff_renderer_inline(array_merge($this->get_params(), array('split_level' => 'words')));
 
 		// Run the diff and get the output.
 		return str_replace($nl, "\n", $renderer->render($diff)) . "\n";

phpBB/includes/functions.php

@@ -32,7 +32,7 @@ function set_var(&$result, $var, $type, $multibyte = false)
 
 	if ($type == 'string')
 	{
-		$result = trim(htmlspecialchars(str_replace(array("\r\n", "\r"), array("\n", "\n"), $result), ENT_COMPAT, 'UTF-8'));
+		$result = trim(htmlspecialchars(str_replace(array("\r\n", "\r", "\0"), array("\n", "\n", ''), $result), ENT_COMPAT, 'UTF-8'));
 
 		if (!empty($result))
 		{
@@ -255,7 +255,7 @@ function still_on_time($extra_time = 15)
 
 /**
 *
-* @version Version 0.1 / $Id$
+* @version Version 0.1 / slightly modified for phpBB 3.0.x (using $H$ as hash type identifier)
 *
 * Portable PHP password hashing framework.
 *
@@ -320,6 +320,11 @@ function phpbb_hash($password)
 
 /**
 * Check for correct password
+*
+* @param string $password The password in plain text
+* @param string $hash The stored password hash
+*
+* @return bool Returns true if the password is correct, false if not.
 */
 function phpbb_check_hash($password, $hash)
 {
@@ -454,6 +459,153 @@ function _hash_crypt_private($password, $setting, &$itoa64)
 	return $output;
 }
 
+/**
+* Global function for chmodding directories and files for internal use
+* This function determines owner and group whom the file belongs to and user and group of PHP and then set safest possible file permissions.
+* The function determines owner and group from common.php file and sets the same to the provided file. Permissions are mapped to the group, user always has rw(x) permission.
+* The function uses bit fields to build the permissions.
+* The function sets the appropiate execute bit on directories.
+*
+* Supported constants representing bit fields are:
+*
+* CHMOD_ALL - all permissions (7)
+* CHMOD_READ - read permission (4)
+* CHMOD_WRITE - write permission (2)
+* CHMOD_EXECUTE - execute permission (1)
+*
+* NOTE: The function uses POSIX extension and fileowner()/filegroup() functions. If any of them is disabled, this function tries to build proper permissions, by calling is_readable() and is_writable() functions.
+*
+* @param $filename The file/directory to be chmodded
+* @param $perms Permissions to set
+* @return true on success, otherwise false
+*
+* @author faw, phpBB Group
+*/
+function phpbb_chmod($filename, $perms = CHMOD_READ)
+{
+	// Return if the file no longer exists.
+	if (!file_exists($filename))
+	{
+		return false;
+	}
+
+	if (!function_exists('fileowner') || !function_exists('filegroup'))
+	{
+		$file_uid = $file_gid = false;
+		$common_php_owner = $common_php_group = false;
+	}
+	else
+	{
+		global $phpbb_root_path, $phpEx;
+
+		// Determine owner/group of common.php file and the filename we want to change here
+		$common_php_owner = fileowner($phpbb_root_path . 'common.' . $phpEx);
+		$common_php_group = filegroup($phpbb_root_path . 'common.' . $phpEx);
+
+		$file_uid = fileowner($filename);
+		$file_gid = filegroup($filename);
+
+		// Try to set the owner to the same common.php has
+		if ($common_php_owner !== $file_uid && $common_php_owner !== false && $file_uid !== false)
+		{
+			// Will most likely not work
+			if (@chown($filename, $common_php_owner));
+			{
+				clearstatcache();
+				$file_uid = fileowner($filename);
+			}
+		}
+
+		// Try to set the group to the same common.php has
+		if ($common_php_group !== $file_gid && $common_php_group !== false && $file_gid !== false)
+		{
+			if (@chgrp($filename, $common_php_group));
+			{
+				clearstatcache();
+				$file_gid = filegroup($filename);
+			}
+		}
+	}
+
+	// And the owner and the groups PHP is running under.
+	$php_uid = (function_exists('posix_getuid')) ? @posix_getuid() : false;
+	$php_gids = (function_exists('posix_getgroups')) ? @posix_getgroups() : false;
+
+	// Who is PHP?
+	if ($file_uid === false || $file_gid === false || $php_uid === false || $php_gids === false)
+	{
+		$php = NULL;
+	}
+	else if ($file_uid == $php_uid /* && $common_php_owner !== false && $common_php_owner === $file_uid*/)
+	{
+		$php = 'owner';
+	}
+	else if (in_array($file_gid, $php_gids))
+	{
+		$php = 'group';
+	}
+	else
+	{
+		$php = 'other';
+	}
+
+	// Owner always has read/write permission
+	$owner = CHMOD_READ | CHMOD_WRITE;
+	if (is_dir($filename))
+	{
+		$owner |= CHMOD_EXECUTE;
+
+		// Only add execute bit to the permission if the dir needs to be readable
+		if ($perms & CHMOD_READ)
+		{
+			$perms |= CHMOD_EXECUTE;
+		}
+	}
+
+	switch ($php)
+	{
+		case null:
+		case 'owner':
+			/* ATTENTION: if php is owner or NULL we set it to group here. This is the most failsafe combination for the vast majority of server setups.
+
+			$result = @chmod($filename, ($owner << 6) + (0 << 3) + (0 << 0));
+
+			clearstatcache();
+
+			if (!is_null($php) || (is_readable($filename) && is_writable($filename)))
+			{
+				break;
+			}
+		*/
+
+		case 'group':
+			$result = @chmod($filename, ($owner << 6) + ($perms << 3) + (0 << 0));
+
+			clearstatcache();
+
+			if (!is_null($php) || ((!($perms & CHMOD_READ) || is_readable($filename)) && (!($perms & CHMOD_WRITE) || is_writable($filename))))
+			{
+				break;
+			}
+
+		case 'other':
+			$result = @chmod($filename, ($owner << 6) + ($perms << 3) + ($perms << 0));
+
+			clearstatcache();
+
+			if (!is_null($php) || ((!($perms & CHMOD_READ) || is_readable($filename)) && (!($perms & CHMOD_WRITE) || is_writable($filename))))
+			{
+				break;
+			}
+
+		default:
+			return false;
+		break;
+	}
+
+	return $result;
+}
+
 // Compatibility functions
 
 if (!function_exists('array_combine'))
@@ -822,7 +974,7 @@ function tz_select($default = '', $truncate = false)
 	{
 		if ($truncate)
 		{
-			$zone_trunc = truncate_string($zone, 50, false, '...');
+			$zone_trunc = truncate_string($zone, 50, 255, false, '...');
 		}
 		else
 		{
@@ -1679,6 +1831,33 @@ function append_sid($url, $params = false, $is_amp = true, $session_id = false)
 		}
 	}
 
+	$params_is_array = is_array($params);
+
+	// Get anchor
+	$anchor = '';
+	if (strpos($url, '#') !== false)
+	{
+		list($url, $anchor) = explode('#', $url, 2);
+		$anchor = '#' . $anchor;
+	}
+	else if (!$params_is_array && strpos($params, '#') !== false)
+	{
+		list($params, $anchor) = explode('#', $params, 2);
+		$anchor = '#' . $anchor;
+	}
+
+	// Handle really simple cases quickly
+	if ($_SID == '' && $session_id === false && empty($_EXTRA_URL) && !$params_is_array && !$anchor)
+	{
+		if ($params === false)
+		{
+			return $url;
+		}
+
+		$url_delim = (strpos($url, '?') === false) ? '?' : (($is_amp) ? '&amp;' : '&');
+		return $url . ($params !== false ? $url_delim. $params : '');
+	}
+
 	// Assign sid if session id is not specified
 	if ($session_id === false)
 	{
@@ -1691,18 +1870,6 @@ function append_sid($url, $params = false, $is_amp = true, $session_id = false)
 	// Appending custom url parameter?
 	$append_url = (!empty($_EXTRA_URL)) ? implode($amp_delim, $_EXTRA_URL) : '';
 
-	$anchor = '';
-	if (strpos($url, '#') !== false)
-	{
-		list($url, $anchor) = explode('#', $url, 2);
-		$anchor = '#' . $anchor;
-	}
-	else if (!is_array($params) && strpos($params, '#') !== false)
-	{
-		list($params, $anchor) = explode('#', $params, 2);
-		$anchor = '#' . $anchor;
-	}
-
 	// Use the short variant if possible ;)
 	if ($params === false)
 	{
@@ -1766,6 +1933,7 @@ function generate_board_url($without_script_path = false)
 		$script_path = $config['script_path'];
 
 		$url = $server_protocol . $server_name;
+		$cookie_secure = $config['cookie_secure'];
 	}
 	else
 	{
@@ -1776,9 +1944,9 @@ function generate_board_url($without_script_path = false)
 		$script_path = $user->page['root_script_path'];
 	}
 
-	if ($server_port && (($config['cookie_secure'] && $server_port <> 443) || (!$config['cookie_secure'] && $server_port <> 80)))
+	if ($server_port && (($cookie_secure && $server_port <> 443) || (!$cookie_secure && $server_port <> 80)))
 	{
-		// HTTP HOST can carry a port number...
+		// HTTP HOST can carry a port number (we fetch $user->host, but for old versions this may be true)
 		if (strpos($server_name, ':') === false)
 		{
 			$url .= ':' . $server_port;
@@ -1801,8 +1969,13 @@ function generate_board_url($without_script_path = false)
 
 /**
 * Redirects the user to another page then exits the script nicely
+* This function is intended for urls within the board. It's not meant to redirect to cross-domains.
+*
+* @param string $url The url to redirect to
+* @param bool $return If true, do not redirect but return the sanitized URL. Default is no return.
+* @param bool $disable_cd_check If true, redirect() will redirect to an external domain. If false, the redirect point to the boards url if it does not match the current domain. Default is false.
 */
-function redirect($url, $return = false)
+function redirect($url, $return = false, $disable_cd_check = false)
 {
 	global $db, $cache, $config, $user, $phpbb_root_path;
 
@@ -1829,7 +2002,11 @@ function redirect($url, $return = false)
 	}
 	else if (!empty($url_parts['scheme']) && !empty($url_parts['host']))
 	{
-		// Full URL
+		// Attention: only able to redirect within the same domain if $disable_cd_check is false (yourdomain.com -> www.yourdomain.com will not work)
+		if (!$disable_cd_check && $url_parts['host'] !== $user->host)
+		{
+			$url = generate_board_url();
+		}
 	}
 	else if ($url[0] == '/')
 	{
@@ -1893,7 +2070,7 @@ function redirect($url, $return = false)
 				$url = substr($url, 1);
 			}
 
-			$url = $dir . '/' . $url;
+			$url = (!empty($dir) ? $dir . '/' : '') . $url;
 			$url = generate_board_url() . '/' . $url;
 		}
 	}
@@ -2039,21 +2216,60 @@ function build_url($strip_vars = false)
 
 /**
 * Meta refresh assignment
+* Adds META template variable with meta http tag.
+*
+* @param int $time Time in seconds for meta refresh tag
+* @param string $url URL to redirect to. The url will go through redirect() first before the template variable is assigned
+* @param bool $disable_cd_check If true, meta_refresh() will redirect to an external domain. If false, the redirect point to the boards url if it does not match the current domain. Default is false.
 */
-function meta_refresh($time, $url)
+function meta_refresh($time, $url, $disable_cd_check = false)
 {
 	global $template;
 
-	$url = redirect($url, true);
+	$url = redirect($url, true, $disable_cd_check);
+	$url = str_replace('&', '&amp;', $url);
 
 	// For XHTML compatibility we change back & to &amp;
 	$template->assign_vars(array(
-		'META' => '<meta http-equiv="refresh" content="' . $time . ';url=' . str_replace('&', '&amp;', $url) . '" />')
+		'META' => '<meta http-equiv="refresh" content="' . $time . ';url=' . $url . '" />')
 	);
+
+	return $url;
 }
 
 //Form validation
 
+
+/**
+* Add a secret hash   for use in links/GET requests
+* @param string  $link_name The name of the link; has to match the name used in check_link_hash, otherwise no restrictions apply
+* @return string the hash
+
+*/
+function generate_link_hash($link_name)
+{
+	global $user;
+
+	if (!isset($user->data["hash_$link_name"]))
+	{
+		$user->data["hash_$link_name"] = substr(sha1($user->data['user_form_salt'] . $link_name), 0, 8);
+	}
+
+	return $user->data["hash_$link_name"];
+}
+
+
+/**
+* checks a link hash - for GET requests
+* @param string $token the submitted token
+* @param string $link_name The name of the link
+* @return boolean true if all is fine
+*/
+function check_link_hash($token, $link_name)
+{
+	return $token === generate_link_hash($link_name);
+}
+
 /**
 * Add a secret token to the form (requires the S_FORM_TOKEN template variable)
 * @param string  $form_name The name of the form; has to match the name used in check_form_key, otherwise no restrictions apply
@@ -2061,16 +2277,18 @@ function meta_refresh($time, $url)
 function add_form_key($form_name)
 {
 	global $config, $template, $user;
+
 	$now = time();
 	$token_sid = ($user->data['user_id'] == ANONYMOUS && !empty($config['form_token_sid_guests'])) ? $user->session_id : '';
 	$token = sha1($now . $user->data['user_form_salt'] . $form_name . $token_sid);
 
 	$s_fields = build_hidden_fields(array(
-			'creation_time' => $now,
-			'form_token'	=> $token,
+		'creation_time' => $now,
+		'form_token'	=> $token,
 	));
+
 	$template->assign_vars(array(
-			'S_FORM_TOKEN'	=> $s_fields,
+		'S_FORM_TOKEN'	=> $s_fields,
 	));
 }
 
@@ -2096,23 +2314,26 @@ function check_form_key($form_name, $timespan = false, $return_page = '', $trigg
 		$creation_time	= abs(request_var('creation_time', 0));
 		$token = request_var('form_token', '');
 
-		$diff = (time() - $creation_time);
+		$diff = time() - $creation_time;
 
-		if (($diff <= $timespan) || $timespan === -1)
+		// If creation_time and the time() now is zero we can assume it was not a human doing this (the check for if ($diff)...
+		if ($diff && ($diff <= $timespan || $timespan === -1))
 		{
 			$token_sid = ($user->data['user_id'] == ANONYMOUS && !empty($config['form_token_sid_guests'])) ? $user->session_id : '';
-
 			$key = sha1($creation_time . $user->data['user_form_salt'] . $form_name . $token_sid);
+
 			if ($key === $token)
 			{
 				return true;
 			}
 		}
 	}
+
 	if ($trigger)
 	{
 		trigger_error($user->lang['FORM_INVALID'] . $return_page);
 	}
+
 	return false;
 }
 
@@ -2331,7 +2552,7 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
 				return;
 			}
 
-			meta_refresh(3, $redirect);
+			$redirect = meta_refresh(3, $redirect);
 			trigger_error($message . '<br /><br />' . sprintf($l_redirect, '<a href="' . $redirect . '">', '</a>'));
 		}
 
@@ -2771,7 +2992,7 @@ function get_preg_expression($mode)
 	switch ($mode)
 	{
 		case 'email':
-			return '(?:[a-z0-9\'\.\-_\+\|]|&amp;)+@[a-z0-9\-]+\.(?:[a-z0-9\-]+\.)*[a-z]+';
+			return '(?:[a-z0-9\'\.\-_\+\|]++|&amp;)+@[a-z0-9\-]+\.(?:[a-z0-9\-]+\.)*[a-z]+';
 		break;
 
 		case 'bbcode_htm':
@@ -2872,7 +3093,7 @@ function phpbb_checkdnsrr($host, $type = '')
 		}
 
 		// @exec('nslookup -retry=1 -timout=1 -type=' . escapeshellarg($type) . ' ' . escapeshellarg($host), $output);
-		@exec('nslookup -type=' . escapeshellarg($type) . ' ' . escapeshellarg($host), $output);
+		@exec('nslookup -type=' . escapeshellarg($type) . ' ' . escapeshellarg($host) . '.', $output);
 
 		// If output is empty, the nslookup failed
 		if (empty($output))
@@ -2898,7 +3119,8 @@ function phpbb_checkdnsrr($host, $type = '')
 	}
 	else if (function_exists('checkdnsrr'))
 	{
-		return (checkdnsrr($host, $type)) ? true : false;
+		// The dot indicates to search the DNS root (helps those having DNS prefixes on the same domain)
+		return (checkdnsrr($host . '.', $type)) ? true : false;
 	}
 
 	return NULL;
@@ -2941,9 +3163,15 @@ function msg_handler($errno, $msg_text, $errfile, $errline)
 			if (strpos($errfile, 'cache') === false && strpos($errfile, 'template.') === false)
 			{
 				// flush the content, else we get a white page if output buffering is on
-				if ($config['gzip_compress'])
+				if ((int) @ini_get('output_buffering') === 1 || strtolower(@ini_get('output_buffering')) === 'on')
 				{
-					if (@extension_loaded('zlib') && !headers_sent())
+					@ob_flush();
+				}
+
+				// Another quick fix for those having gzip compression enabled, but do not flush if the coder wants to catch "something". ;)
+				if (!empty($config['gzip_compress']))
+				{
+					if (@extension_loaded('zlib') && !headers_sent() && !ob_get_level())
 					{
 						@ob_flush();
 					}
@@ -3031,6 +3259,9 @@ function msg_handler($errno, $msg_text, $errfile, $errline)
 			echo '</html>';
 
 			exit_handler();
+
+			// On a fatal error (and E_USER_ERROR *is* fatal) we never want other scripts to continue and force an exit here.
+			exit;
 		break;
 
 		case E_USER_WARNING:
@@ -3106,16 +3337,16 @@ function msg_handler($errno, $msg_text, $errfile, $errline)
 function obtain_guest_count($forum_id = 0)
 {
 	global $db, $config;
-	
+
 	if ($forum_id)
 	{
 		$reading_sql = ' AND s.session_forum_id = ' . (int) $forum_id;
-	} 
+	}
 	else
 	{
 		$reading_sql = '';
 	}
-	$time = (time() - (intval($config['load_online_time']) * 60)); 
+	$time = (time() - (intval($config['load_online_time']) * 60));
 
 	// Get number of online guests
 
@@ -3141,7 +3372,7 @@ function obtain_guest_count($forum_id = 0)
 	$result = $db->sql_query($sql, 60);
 	$guests_online = (int) $db->sql_fetchfield('num_guests');
 	$db->sql_freeresult($result);
-	
+
 	return $guests_online;
 }
 
@@ -3173,16 +3404,16 @@ function obtain_users_online($forum_id = 0)
 	{
 		$online_users['guests_online'] = obtain_guest_count($forum_id);
 	}
-	
+
 	// a little discrete magic to cache this for 30 seconds
-	$time = (time() - (intval($config['load_online_time']) * 60)); 
+	$time = (time() - (intval($config['load_online_time']) * 60));
 
 	$sql = 'SELECT s.session_user_id, s.session_ip, s.session_viewonline
 		FROM ' . SESSIONS_TABLE . ' s
 		WHERE s.session_time >= ' . ($time - ((int) ($time % 30))) .
 			$reading_sql .
 		' AND s.session_user_id <> ' . ANONYMOUS;
-	$result = $db->sql_query($sql, 30); 
+	$result = $db->sql_query($sql);
 
 	while ($row = $db->sql_fetchrow($result))
 	{
@@ -3203,7 +3434,7 @@ function obtain_users_online($forum_id = 0)
 	}
 	$online_users['total_online'] = $online_users['guests_online'] + $online_users['visible_online'] + $online_users['hidden_online'];
 	$db->sql_freeresult($result);
-	
+
 	return $online_users;
 }
 
@@ -3390,7 +3621,7 @@ function page_header($page_title = '', $display_online_list = true)
 	$s_privmsg_new = false;
 
 	// Obtain number of new private messages if user is logged in
-	if (isset($user->data['is_registered']) && $user->data['is_registered'])
+	if (!empty($user->data['is_registered']))
 	{
 		if ($user->data['user_new_privmsg'])
 		{
@@ -3481,14 +3712,14 @@ function page_header($page_title = '', $display_online_list = true)
 		'U_SEARCH_UNANSWERED'	=> append_sid("{$phpbb_root_path}search.$phpEx", 'search_id=unanswered'),
 		'U_SEARCH_ACTIVE_TOPICS'=> append_sid("{$phpbb_root_path}search.$phpEx", 'search_id=active_topics'),
 		'U_DELETE_COOKIES'		=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=delete_cookies'),
-		'U_TEAM'				=> append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=leaders'),
+		'U_TEAM'				=> ($user->data['user_id'] != ANONYMOUS && !$auth->acl_get('u_viewprofile')) ? '' : append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=leaders'),
 		'U_RESTORE_PERMISSIONS'	=> ($user->data['user_perm_from'] && $auth->acl_get('a_switchperm')) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=restore_perm') : '',
 
 		'S_USER_LOGGED_IN'		=> ($user->data['user_id'] != ANONYMOUS) ? true : false,
 		'S_AUTOLOGIN_ENABLED'	=> ($config['allow_autologin']) ? true : false,
 		'S_BOARD_DISABLED'		=> ($config['board_disable']) ? true : false,
-		'S_REGISTERED_USER'		=> $user->data['is_registered'],
-		'S_IS_BOT'				=> $user->data['is_bot'],
+		'S_REGISTERED_USER'		=> (!empty($user->data['is_registered'])) ? true : false,
+		'S_IS_BOT'				=> (!empty($user->data['is_bot'])) ? true : false,
 		'S_USER_PM_POPUP'		=> $user->optionget('popuppm'),
 		'S_USER_LANG'			=> $user_lang,
 		'S_USER_BROWSER'		=> (isset($user->data['session_browser'])) ? $user->data['session_browser'] : $user->lang['UNKNOWN_BROWSER'],
@@ -3500,13 +3731,14 @@ function page_header($page_title = '', $display_online_list = true)
 		'S_TIMEZONE'			=> ($user->data['user_dst'] || ($user->data['user_id'] == ANONYMOUS && $config['board_dst'])) ? sprintf($user->lang['ALL_TIMES'], $user->lang['tz'][$tz], $user->lang['tz']['dst']) : sprintf($user->lang['ALL_TIMES'], $user->lang['tz'][$tz], ''),
 		'S_DISPLAY_ONLINE_LIST'	=> ($l_online_time) ? 1 : 0,
 		'S_DISPLAY_SEARCH'		=> (!$config['load_search']) ? 0 : (isset($auth) ? ($auth->acl_get('u_search') && $auth->acl_getf_global('f_search')) : 1),
-		'S_DISPLAY_PM'			=> ($config['allow_privmsg'] && $user->data['is_registered'] && ($auth->acl_get('u_readpm') || $auth->acl_get('u_sendpm'))) ? true : false,
+		'S_DISPLAY_PM'			=> ($config['allow_privmsg'] && !empty($user->data['is_registered']) && ($auth->acl_get('u_readpm') || $auth->acl_get('u_sendpm'))) ? true : false,
 		'S_DISPLAY_MEMBERLIST'	=> (isset($auth)) ? $auth->acl_get('u_viewprofile') : 0,
 		'S_NEW_PM'				=> ($s_privmsg_new) ? 1 : 0,
 		'S_REGISTER_ENABLED'	=> ($config['require_activation'] != USER_ACTIVATION_DISABLE) ? true : false,
 
 		'T_THEME_PATH'			=> "{$phpbb_root_path}styles/" . $user->theme['theme_path'] . '/theme',
 		'T_TEMPLATE_PATH'		=> "{$phpbb_root_path}styles/" . $user->theme['template_path'] . '/template',
+		'T_SUPER_TEMPLATE_PATH'	=> (isset($user->theme['template_inherit_path']) && $user->theme['template_inherit_path']) ? "{$phpbb_root_path}styles/" . $user->theme['template_inherit_path'] . '/template' : "{$phpbb_root_path}styles/" . $user->theme['template_path'] . '/template',
 		'T_IMAGESET_PATH'		=> "{$phpbb_root_path}styles/" . $user->theme['imageset_path'] . '/imageset',
 		'T_IMAGESET_LANG_PATH'	=> "{$phpbb_root_path}styles/" . $user->theme['imageset_path'] . '/imageset/' . $user->data['user_lang'],
 		'T_IMAGES_PATH'			=> "{$phpbb_root_path}images/",
@@ -3519,8 +3751,10 @@ function page_header($page_title = '', $display_online_list = true)
 		'T_STYLESHEET_LINK'		=> (!$user->theme['theme_storedb']) ? "{$phpbb_root_path}styles/" . $user->theme['theme_path'] . '/theme/stylesheet.css' : "{$phpbb_root_path}style.$phpEx?sid=$user->session_id&amp;id=" . $user->theme['style_id'] . '&amp;lang=' . $user->data['user_lang'],
 		'T_STYLESHEET_NAME'		=> $user->theme['theme_name'],
 
-		'SITE_LOGO_IMG'			=> $user->img('site_logo'))
-	);
+		'SITE_LOGO_IMG'			=> $user->img('site_logo'),
+
+		'A_COOKIE_SETTINGS'		=> addslashes('; path=' . $config['cookie_path'] . ((!$config['cookie_domain'] || $config['cookie_domain'] == 'localhost' || $config['cookie_domain'] == '127.0.0.1') ? '' : '; domain=' . $config['cookie_domain']) . ((!$config['cookie_secure']) ? '' : '; secure')),
+	));
 
 	// application/xhtml+xml not used because of IE
 	header('Content-type: text/html; charset=UTF-8');
@@ -3574,7 +3808,7 @@ function page_footer($run_cron = true)
 		'DEBUG_OUTPUT'			=> (defined('DEBUG')) ? $debug_output : '',
 		'TRANSLATION_INFO'		=> (!empty($user->lang['TRANSLATION_INFO'])) ? $user->lang['TRANSLATION_INFO'] : '',
 
-		'U_ACP' => ($auth->acl_get('a_') && $user->data['is_registered']) ? append_sid("{$phpbb_root_path}adm/index.$phpEx", false, true, $user->session_id) : '')
+		'U_ACP' => ($auth->acl_get('a_') && !empty($user->data['is_registered'])) ? append_sid("{$phpbb_root_path}adm/index.$phpEx", false, true, $user->session_id) : '')
 	);
 
 	// Call cron-type script
@@ -3652,7 +3886,7 @@ function garbage_collection()
 */
 function exit_handler()
 {
-	global $phpbb_hook;
+	global $phpbb_hook, $config;
 
 	if (!empty($phpbb_hook) && $phpbb_hook->call_hook(__FUNCTION__))
 	{
@@ -3663,7 +3897,7 @@ function exit_handler()
 	}
 
 	// As a pre-caution... some setups display a blank page if the flush() is not there.
-	@flush();
+	(empty($config['gzip_compress'])) ? @flush() : @ob_flush();
 
 	exit;
 }

phpBB/includes/functions_admin.php

@@ -97,7 +97,7 @@ function recalc_btree($sql_id, $sql_table, $module_class = '')
 			$item_data['left_id'] = $row['right_id'] + 1;
 			$item_data['right_id'] = $row['right_id'] + 2;
 		}
-	
+
 		$sql = "UPDATE $sql_table
 			SET left_id = {$item_data['left_id']}, right_id = {$item_data['right_id']}
 			WHERE $sql_id = " . $item_data[$sql_id];
@@ -551,7 +551,7 @@ function delete_topics($where_type, $where_ids, $auto_sync = true, $post_count_s
 		'posts' => ($call_delete_posts) ? delete_posts($where_type, $where_ids, false, true, $post_count_sync, false) : 0,
 	);
 
-	$sql = 'SELECT topic_id, forum_id, topic_approved
+	$sql = 'SELECT topic_id, forum_id, topic_approved, topic_moved_id
 		FROM ' . TOPICS_TABLE . '
 		WHERE ' . $where_clause;
 	$result = $db->sql_query($sql);
@@ -561,7 +561,7 @@ function delete_topics($where_type, $where_ids, $auto_sync = true, $post_count_s
 		$forum_ids[] = $row['forum_id'];
 		$topic_ids[] = $row['topic_id'];
 
-		if ($row['topic_approved'])
+		if ($row['topic_approved'] && !$row['topic_moved_id'])
 		{
 			$approved_topics++;
 		}
@@ -670,7 +670,7 @@ function delete_posts($where_type, $where_ids, $auto_sync = true, $posted_sync =
 		$topic_ids[] = $row['topic_id'];
 		$forum_ids[] = $row['forum_id'];
 
-		if ($row['post_postcount'] && $post_count_sync)
+		if ($row['post_postcount'] && $post_count_sync && $row['post_approved'])
 		{
 			$post_counts[$row['poster_id']] = (!empty($post_counts[$row['poster_id']])) ? $post_counts[$row['poster_id']] + 1 : 1;
 		}
@@ -709,6 +709,7 @@ function delete_posts($where_type, $where_ids, $auto_sync = true, $posted_sync =
 				WHERE user_id = ' . $poster_id . '
 				AND user_posts < ' . $substract;
 			$db->sql_query($sql);
+
 			$sql = 'UPDATE ' . USERS_TABLE . '
 				SET user_posts = user_posts - ' . $substract . '
 				WHERE user_id = ' . $poster_id . '
@@ -790,8 +791,8 @@ function delete_posts($where_type, $where_ids, $auto_sync = true, $posted_sync =
 /**
 * Delete Attachments
 *
-* @param string $mode can be: post|topic|attach|user
-* @param mixed $ids can be: post_ids, topic_ids, attach_ids, user_ids
+* @param string $mode can be: post|message|topic|attach|user
+* @param mixed $ids can be: post_ids, message_ids, topic_ids, attach_ids, user_ids
 * @param bool $resync set this to false if you are deleting posts or topics
 */
 function delete_attachments($mode, $ids, $resync = true)
@@ -813,42 +814,55 @@ function delete_attachments($mode, $ids, $resync = true)
 		return false;
 	}
 
-	$sql_id = ($mode == 'user') ? 'poster_id' : (($mode == 'post') ? 'post_msg_id' : (($mode == 'topic') ? 'topic_id' : 'attach_id'));
-
-	$post_ids = $topic_ids = $physical = array();
-
-	// Collect post and topics ids for later use
-	if ($mode == 'attach' || $mode == 'user' || ($mode == 'topic' && $resync))
+	switch ($mode)
 	{
-		$sql = 'SELECT post_msg_id as post_id, topic_id, physical_filename, thumbnail, filesize
+		case 'post':
+		case 'message':
+			$sql_id = 'post_msg_id';
+		break;
+
+		case 'topic':
+			$sql_id = 'topic_id';
+		break;
+
+		case 'user':
+			$sql_id = 'poster_id';
+		break;
+
+		case 'attach':
+		default:
+			$sql_id = 'attach_id';
+			$mode = 'attach';
+		break;
+	}
+
+	$post_ids = $message_ids = $topic_ids = $physical = array();
+
+	// Collect post and topic ids for later use if we need to touch remaining entries (if resync is enabled)
+	$sql = 'SELECT post_msg_id, topic_id, in_message, physical_filename, thumbnail, filesize, is_orphan
 			FROM ' . ATTACHMENTS_TABLE . '
 			WHERE ' . $db->sql_in_set($sql_id, $ids);
-		$result = $db->sql_query($sql);
+	$result = $db->sql_query($sql);
 
-		while ($row = $db->sql_fetchrow($result))
-		{
-			$post_ids[] = $row['post_id'];
-			$topic_ids[] = $row['topic_id'];
-			$physical[] = array('filename' => $row['physical_filename'], 'thumbnail' => $row['thumbnail'], 'filesize' => $row['filesize']);
-		}
-		$db->sql_freeresult($result);
-	}
-
-	if ($mode == 'post')
+	while ($row = $db->sql_fetchrow($result))
 	{
-		$sql = 'SELECT topic_id, physical_filename, thumbnail, filesize
-			FROM ' . ATTACHMENTS_TABLE . '
-			WHERE ' . $db->sql_in_set('post_msg_id', $ids) . '
-				AND in_message = 0';
-		$result = $db->sql_query($sql);
-
-		while ($row = $db->sql_fetchrow($result))
+		// We only need to store post/message/topic ids if resync is enabled and the file is not orphaned
+		if ($resync && !$row['is_orphan'])
 		{
-			$topic_ids[] = $row['topic_id'];
-			$physical[] = array('filename' => $row['physical_filename'], 'thumbnail' => $row['thumbnail'], 'filesize' => $row['filesize']);
+			if (!$row['in_message'])
+			{
+				$post_ids[] = $row['post_msg_id'];
+				$topic_ids[] = $row['topic_id'];
+			}
+			else
+			{
+				$message_ids[] = $row['post_msg_id'];
+			}
 		}
-		$db->sql_freeresult($result);
+
+		$physical[] = array('filename' => $row['physical_filename'], 'thumbnail' => $row['thumbnail'], 'filesize' => $row['filesize'], 'is_orphan' => $row['is_orphan']);
 	}
+	$db->sql_freeresult($result);
 
 	// Delete attachments
 	$sql = 'DELETE FROM ' . ATTACHMENTS_TABLE . '
@@ -865,8 +879,9 @@ function delete_attachments($mode, $ids, $resync = true)
 	$space_removed = $files_removed = 0;
 	foreach ($physical as $file_ary)
 	{
-		if (phpbb_unlink($file_ary['filename'], 'file', true))
+		if (phpbb_unlink($file_ary['filename'], 'file', true) && !$file_ary['is_orphan'])
 		{
+			// Only non-orphaned files count to the file size
 			$space_removed += $file_ary['filesize'];
 			$files_removed++;
 		}
@@ -876,122 +891,72 @@ function delete_attachments($mode, $ids, $resync = true)
 			phpbb_unlink($file_ary['filename'], 'thumbnail', true);
 		}
 	}
-	set_config('upload_dir_size', $config['upload_dir_size'] - $space_removed, true);
-	set_config('num_files', $config['num_files'] - $files_removed, true);
 
-	if ($mode == 'topic' && !$resync)
+	if ($space_removed || $files_removed)
+	{
+		set_config('upload_dir_size', $config['upload_dir_size'] - $space_removed, true);
+		set_config('num_files', $config['num_files'] - $files_removed, true);
+	}
+
+	// If we do not resync, we do not need to adjust any message, post, topic or user entries
+	if (!$resync)
 	{
 		return $num_deleted;
 	}
 
-	if ($mode == 'post')
-	{
-		$post_ids = $ids;
-	}
+	// No more use for the original ids
 	unset($ids);
 
+	// Now, we need to resync posts, messages, topics. We go through every one of them
 	$post_ids = array_unique($post_ids);
+	$message_ids = array_unique($message_ids);
 	$topic_ids = array_unique($topic_ids);
 
-	// Update post indicators
+	// Update post indicators for posts now no longer having attachments
 	if (sizeof($post_ids))
 	{
-		if ($mode == 'post' || $mode == 'topic')
-		{
-			$sql = 'UPDATE ' . POSTS_TABLE . '
-				SET post_attachment = 0
-				WHERE ' . $db->sql_in_set('post_id', $post_ids);
-			$db->sql_query($sql);
-		}
-
-		if ($mode == 'user' || $mode == 'attach')
-		{
-			$remaining = array();
-
-			$sql = 'SELECT post_msg_id
-				FROM ' . ATTACHMENTS_TABLE . '
-				WHERE ' . $db->sql_in_set('post_msg_id', $post_ids) . '
-					AND in_message = 0';
-			$result = $db->sql_query($sql);
-
-			while ($row = $db->sql_fetchrow($result))
-			{
-				$remaining[] = $row['post_msg_id'];		
-			}
-			$db->sql_freeresult($result);
-
-			$unset_ids = array_diff($post_ids, $remaining);
-
-			if (sizeof($unset_ids))
-			{
-				$sql = 'UPDATE ' . POSTS_TABLE . '
-					SET post_attachment = 0
-					WHERE ' . $db->sql_in_set('post_id', $unset_ids);
-				$db->sql_query($sql);
-			}
-
-			$remaining = array();
-
-			$sql = 'SELECT post_msg_id
-				FROM ' . ATTACHMENTS_TABLE . '
-				WHERE ' . $db->sql_in_set('post_msg_id', $post_ids) . '
-					AND in_message = 1';
-			$result = $db->sql_query($sql);
-
-			while ($row = $db->sql_fetchrow($result))
-			{
-				$remaining[] = $row['post_msg_id'];		
-			}
-			$db->sql_freeresult($result);
-
-			$unset_ids = array_diff($post_ids, $remaining);
-
-			if (sizeof($unset_ids))
-			{
-				$sql = 'UPDATE ' . PRIVMSGS_TABLE . '
-					SET message_attachment = 0
-					WHERE ' . $db->sql_in_set('msg_id', $unset_ids);
-				$db->sql_query($sql);
-			}
-		}
+		$sql = 'UPDATE ' . POSTS_TABLE . '
+			SET post_attachment = 0
+			WHERE ' . $db->sql_in_set('post_id', $post_ids);
+		$db->sql_query($sql);
 	}
 
+	// Update message table if messages are affected
+	if (sizeof($message_ids))
+	{
+		$sql = 'UPDATE ' . PRIVMSGS_TABLE . '
+			SET message_attachment = 0
+			WHERE ' . $db->sql_in_set('msg_id', $message_ids);
+		$db->sql_query($sql);
+	}
+
+	// Now update the topics. This is a bit trickier, because there could be posts still having attachments within the topic
 	if (sizeof($topic_ids))
 	{
-		// Update topic indicator
-		if ($mode == 'topic')
+		// Just check which topics are still having an assigned attachment not orphaned by querying the attachments table (much less entries expected)
+		$sql = 'SELECT topic_id
+			FROM ' . ATTACHMENTS_TABLE . '
+			WHERE ' . $db->sql_in_set('topic_id', $topic_ids) . '
+				AND is_orphan = 0';
+		$result = $db->sql_query($sql);
+
+		$remaining_ids = array();
+		while ($row = $db->sql_fetchrow($result))
+		{
+			$remaining_ids[] = $row['topic_id'];
+		}
+		$db->sql_freeresult($result);
+
+		// Now only unset those ids remaining
+		$topic_ids = array_diff($topic_ids, $remaining_ids);
+
+		if (sizeof($topic_ids))
 		{
 			$sql = 'UPDATE ' . TOPICS_TABLE . '
 				SET topic_attachment = 0
 				WHERE ' . $db->sql_in_set('topic_id', $topic_ids);
 			$db->sql_query($sql);
 		}
-
-		if ($mode == 'post' || $mode == 'user' || $mode == 'attach')
-		{
-			$remaining = array();
-
-			$sql = 'SELECT topic_id
-				FROM ' . ATTACHMENTS_TABLE . '
-				WHERE ' . $db->sql_in_set('topic_id', $topic_ids);
-			$result = $db->sql_query($sql);
-
-			while ($row = $db->sql_fetchrow($result))
-			{
-				$remaining[] = $row['topic_id'];		
-			}
-			$db->sql_freeresult($result);
-
-			$unset_ids = array_diff($topic_ids, $remaining);
-
-			if (sizeof($unset_ids))
-			{
-				$sql = 'UPDATE ' . TOPICS_TABLE . '
-					SET topic_attachment = 0
-					WHERE ' . $db->sql_in_set('topic_id', $unset_ids);
-				$db->sql_query($sql);
-			}
-		}
 	}
 
 	return $num_deleted;
@@ -1015,7 +980,7 @@ function delete_topic_shadows($max_age, $forum_id = '', $auto_sync = true)
 				. $where;
 			$db->sql_query($sql);
 		break;
-	
+
 		default:
 			$sql = 'SELECT t.topic_id
 				FROM ' . TOPICS_TABLE . ' t, ' . TOPICS_TABLE . ' t2
@@ -1213,7 +1178,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 							AND t1.forum_id = t2.forum_id";
 					$db->sql_query($sql);
 				break;
-			
+
 				default:
 					$sql = 'SELECT t1.topic_id
 						FROM ' .TOPICS_TABLE . ' t1, ' . TOPICS_TABLE . " t2
@@ -1545,7 +1510,8 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 					$sql = 'SELECT SUM(t.topic_replies + 1) AS forum_posts
 						FROM ' . TOPICS_TABLE . ' t
 						WHERE ' . $db->sql_in_set('t.forum_id', $forum_ids) . '
-							AND t.topic_approved = 1';
+							AND t.topic_approved = 1
+							AND t.topic_status <> ' . ITEM_MOVED;
 				}
 				else
 				{
@@ -1553,6 +1519,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 						FROM ' . TOPICS_TABLE . ' t
 						WHERE ' . $db->sql_in_set('t.forum_id', $forum_ids) . '
 							AND t.topic_approved = 1
+							AND t.topic_status <> ' . ITEM_MOVED . '
 						GROUP BY t.forum_id';
 				}
 
@@ -2367,7 +2334,7 @@ function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id
 			$log_type = LOG_USERS;
 			$sql_forum = 'AND l.reportee_id = ' . (int) $user_id;
 		break;
-		
+
 		case 'users':
 			$log_type = LOG_USERS;
 			$sql_forum = '';
@@ -2377,7 +2344,7 @@ function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id
 			$log_type = LOG_CRITICAL;
 			$sql_forum = '';
 		break;
-		
+
 		default:
 			return;
 	}
@@ -2431,8 +2398,14 @@ function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id
 
 			if (isset($user->lang[$row['log_operation']]))
 			{
-				// We supress the warning about inappropriate number of passed parameters here due to possible changes within LOG strings from one version to another.
-				$log[$i]['action'] = @vsprintf($log[$i]['action'], $log_data_ary);
+				// Check if there are more occurrences of % than arguments, if there are we fill out the arguments array
+				// It doesn't matter if we add more arguments than placeholders
+				if ((substr_count($log[$i]['action'], '%') - sizeof($log_data_ary)) > 0)
+				{
+					$log_data_ary = array_merge($log_data_ary, array_fill(0, substr_count($log[$i]['action'], '%') - sizeof($log_data_ary), ''));
+				}
+
+				$log[$i]['action'] = vsprintf($log[$i]['action'], $log_data_ary);
 
 				// If within the admin panel we do not censor text out
 				if (defined('IN_ADMIN'))
@@ -2613,7 +2586,7 @@ function update_foes($group_id = false, $user_id = false)
 		{
 			case 'mysqli':
 			case 'mysql4':
-				$sql = 'DELETE ' . (($db->sql_layer === 'mysqli' || version_compare($db->mysql_version, '4.1', '>=')) ? 'z.*' : ZEBRA_TABLE) . '
+				$sql = 'DELETE ' . (($db->sql_layer === 'mysqli' || version_compare($db->sql_server_info(true), '4.1', '>=')) ? 'z.*' : ZEBRA_TABLE) . '
 					FROM ' . ZEBRA_TABLE . ' z, ' . USER_GROUP_TABLE . ' ug
 					WHERE z.zebra_id = ug.user_id
 						AND z.foe = 1
@@ -2635,7 +2608,7 @@ function update_foes($group_id = false, $user_id = false)
 				$db->sql_freeresult($result);
 
 				if (sizeof($users))
-				{				
+				{
 					$sql = 'DELETE FROM ' . ZEBRA_TABLE . '
 						WHERE ' . $db->sql_in_set('zebra_id', $users) . '
 							AND foe = 1';
@@ -2715,7 +2688,7 @@ function view_inactive_users(&$users, &$user_count, $limit = 0, $offset = 0, $li
 				$row['inactive_reason'] = $user->lang['INACTIVE_REASON_REMIND'];
 			break;
 		}
-	
+
 		$users[] = $row;
 	}
 
@@ -2895,7 +2868,7 @@ function get_remote_file($host, $directory, $filename, &$errstr, &$errno, $port
 		@fputs($fsock, "GET $directory/$filename HTTP/1.1\r\n");
 		@fputs($fsock, "HOST: $host\r\n");
 		@fputs($fsock, "Connection: close\r\n\r\n");
-	
+
 		$file_info = '';
 		$get_info = false;
 
@@ -2934,7 +2907,7 @@ function get_remote_file($host, $directory, $filename, &$errstr, &$errno, $port
 			return false;
 		}
 	}
-	
+
 	return $file_info;
 }
 
@@ -2970,7 +2943,7 @@ function tidy_warnings()
 		$sql = 'DELETE FROM ' . WARNINGS_TABLE . '
 			WHERE ' . $db->sql_in_set('warning_id', $warning_list);
 		$db->sql_query($sql);
-	
+
 		foreach ($user_list as $user_id => $value)
 		{
 			$sql = 'UPDATE ' . USERS_TABLE . " SET user_warnings = user_warnings - $value
@@ -3032,7 +3005,7 @@ function add_permission_language()
 	// Now search in acp and mods folder for permissions_ files.
 	foreach (array('acp/', 'mods/') as $path)
 	{
-		$dh = @opendir($user->lang_path . $path);
+		$dh = @opendir($user->lang_path . $user->lang_name . '/' . $path);
 
 		if ($dh)
 		{

phpBB/includes/functions_compress.php

@@ -179,7 +179,7 @@ class compress_zip extends compress
 	* Extract archive
 	*/
 	function extract($dst)
-	{		
+	{
 		// Loop the file, looking for files and folders
 		$dd_try = false;
 		rewind($this->fp);
@@ -215,6 +215,12 @@ class compress_zip extends compress
 							// Create and folders and subfolders if they do not exist
 							foreach ($folders as $folder)
 							{
+								$folder = trim($folder);
+								if (!$folder)
+								{
+									continue;
+								}
+
 								$str = (!empty($str)) ? $str . '/' . $folder : $folder;
 								if (!is_dir($str))
 								{
@@ -222,7 +228,7 @@ class compress_zip extends compress
 									{
 										trigger_error("Could not create directory $folder");
 									}
-									@chmod($str, 0777);
+									phpbb_chmod($str, CHMOD_READ | CHMOD_WRITE);
 								}
 							}
 						}
@@ -231,13 +237,19 @@ class compress_zip extends compress
 					}
 					else
 					{
-						// Some archivers are punks, they don't don't include folders in their archives!
+						// Some archivers are punks, they don't include folders in their archives!
 						$str = '';
 						$folders = explode('/', pathinfo($target_filename, PATHINFO_DIRNAME));
 
 						// Create and folders and subfolders if they do not exist
 						foreach ($folders as $folder)
 						{
+							$folder = trim($folder);
+							if (!$folder)
+							{
+								continue;
+							}
+
 							$str = (!empty($str)) ? $str . '/' . $folder : $folder;
 							if (!is_dir($str))
 							{
@@ -245,7 +257,7 @@ class compress_zip extends compress
 								{
 									trigger_error("Could not create directory $folder");
 								}
-								@chmod($str, 0777);
+								phpbb_chmod($str, CHMOD_READ | CHMOD_WRITE);
 							}
 						}
 					}
@@ -267,7 +279,7 @@ class compress_zip extends compress
 							// Not compressed
 							fwrite($fp, $content);
 						break;
-					
+
 						case 8:
 							// Deflate
 							fwrite($fp, gzinflate($content, $data['uc_size']));
@@ -278,7 +290,7 @@ class compress_zip extends compress
 							fwrite($fp, bzdecompress($content));
 						break;
 					}
-					
+
 					fclose($fp);
 				break;
 
@@ -288,11 +300,11 @@ class compress_zip extends compress
 				// This case should simply never happen.. but it does exist..
 				case "\x50\x4b\x05\x06":
 				break 2;
-				
+
 				// 'Packed to Removable Disk', ignore it and look for the next signature...
 				case 'PK00':
 				continue 2;
-				
+
 				// We have encountered a header that is weird. Lets look for better data...
 				default:
 					if (!$dd_try)
@@ -507,16 +519,24 @@ class compress_tar extends compress
 				$tmp = unpack('A12size', substr($buffer, 124, 12));
 				$filesize = octdec((int) trim($tmp['size']));
 
+				$target_filename = "$dst$filename";
+
 				if ($filetype == 5)
 				{
-					if (!is_dir("$dst$filename"))
+					if (!is_dir($target_filename))
 					{
 						$str = '';
-						$folders = explode('/', "$dst$filename");
+						$folders = explode('/', $target_filename);
 
 						// Create and folders and subfolders if they do not exist
 						foreach ($folders as $folder)
 						{
+							$folder = trim($folder);
+							if (!$folder)
+							{
+								continue;
+							}
+
 							$str = (!empty($str)) ? $str . '/' . $folder : $folder;
 							if (!is_dir($str))
 							{
@@ -524,22 +544,46 @@ class compress_tar extends compress
 								{
 									trigger_error("Could not create directory $folder");
 								}
-								@chmod($str, 0777);
+								phpbb_chmod($str, CHMOD_READ | CHMOD_WRITE);
 							}
 						}
 					}
 				}
-				else if ($filesize != 0 && ($filetype == 0 || $filetype == "\0"))
+				else if ($filesize >= 0 && ($filetype == 0 || $filetype == "\0"))
 				{
+					// Some archivers are punks, they don't properly order the folders in their archives!
+					$str = '';
+					$folders = explode('/', pathinfo($target_filename, PATHINFO_DIRNAME));
+
+					// Create and folders and subfolders if they do not exist
+					foreach ($folders as $folder)
+					{
+						$folder = trim($folder);
+						if (!$folder)
+						{
+							continue;
+						}
+
+						$str = (!empty($str)) ? $str . '/' . $folder : $folder;
+						if (!is_dir($str))
+						{
+							if (!@mkdir($str, 0777))
+							{
+								trigger_error("Could not create directory $folder");
+							}
+							phpbb_chmod($str, CHMOD_READ | CHMOD_WRITE);
+						}
+					}
+
 					// Write out the files
-					if (!($fp = fopen("$dst$filename", 'wb')))
+					if (!($fp = fopen($target_filename, 'wb')))
 					{
 						trigger_error("Couldn't create file $filename");
 					}
-					@chmod("$dst$filename", 0777);
+					phpbb_chmod($target_filename, CHMOD_READ);
 
 					// Grab the file contents
-					fwrite($fp, $fzread($this->fp, ($filesize + 511) &~ 511), $filesize);
+					fwrite($fp, ($filesize) ? $fzread($this->fp, ($filesize + 511) &~ 511) : '', $filesize);
 					fclose($fp);
 				}
 			}

phpBB/includes/functions_content.php

@@ -41,57 +41,66 @@ if (!defined('IN_PHPBB'))
 /**
 * Generate sort selection fields
 */
-function gen_sort_selects(&$limit_days, &$sort_by_text, &$sort_days, &$sort_key, &$sort_dir, &$s_limit_days, &$s_sort_key, &$s_sort_dir, &$u_sort_param)
+function gen_sort_selects(&$limit_days, &$sort_by_text, &$sort_days, &$sort_key, &$sort_dir, &$s_limit_days, &$s_sort_key, &$s_sort_dir, &$u_sort_param, $def_st = false, $def_sk = false, $def_sd = false)
 {
 	global $user;
 
 	$sort_dir_text = array('a' => $user->lang['ASCENDING'], 'd' => $user->lang['DESCENDING']);
 
-	// Check if the key is selectable. If not, we reset to the first key found.
-	// This ensures the values are always valid.
-	if (!isset($limit_days[$sort_days]))
-	{
-		@reset($limit_days);
-		$sort_days = key($limit_days);
-	}
+	$sorts = array(
+		'st'	=> array(
+			'key'		=> 'sort_days',
+			'default'	=> $def_st,
+			'options'	=> $limit_days,
+			'output'	=> &$s_limit_days,
+		),
 
-	if (!isset($sort_by_text[$sort_key]))
-	{
-		@reset($sort_by_text);
-		$sort_key = key($sort_by_text);
-	}
+		'sk'	=> array(
+			'key'		=> 'sort_key',
+			'default'	=> $def_sk,
+			'options'	=> $sort_by_text,
+			'output'	=> &$s_sort_key,
+		),
 
-	if (!isset($sort_dir_text[$sort_dir]))
-	{
-		@reset($sort_dir_text);
-		$sort_dir = key($sort_dir_text);
-	}
+		'sd'	=> array(
+			'key'		=> 'sort_dir',
+			'default'	=> $def_sd,
+			'options'	=> $sort_dir_text,
+			'output'	=> &$s_sort_dir,
+		),
+	);
+	$u_sort_param  = '';
 
-	$s_limit_days = '<select name="st" id="st">';
-	foreach ($limit_days as $day => $text)
+	foreach ($sorts as $name => $sort_ary)
 	{
-		$selected = ($sort_days == $day) ? ' selected="selected"' : '';
-		$s_limit_days .= '<option value="' . $day . '"' . $selected . '>' . $text . '</option>';
-	}
-	$s_limit_days .= '</select>';
+		$key = $sort_ary['key'];
+		$selected = $$sort_ary['key'];
 
-	$s_sort_key = '<select name="sk" id="sk">';
-	foreach ($sort_by_text as $key => $text)
-	{
-		$selected = ($sort_key == $key) ? ' selected="selected"' : '';
-		$s_sort_key .= '<option value="' . $key . '"' . $selected . '>' . $text . '</option>';
-	}
-	$s_sort_key .= '</select>';
+		// Check if the key is selectable. If not, we reset to the default or first key found.
+		// This ensures the values are always valid. We also set $sort_dir/sort_key/etc. to the
+		// correct value, else the protection is void. ;)
+		if (!isset($sort_ary['options'][$selected]))
+		{
+			if ($sort_ary['default'] !== false)
+			{
+				$selected = $$key = $sort_ary['default'];
+			}
+			else
+			{
+				@reset($sort_ary['options']);
+				$selected = $$key = key($sort_ary['options']);
+			}
+		}
 
-	$s_sort_dir = '<select name="sd" id="sd">';
-	foreach ($sort_dir_text as $key => $value)
-	{
-		$selected = ($sort_dir == $key) ? ' selected="selected"' : '';
-		$s_sort_dir .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>';
-	}
-	$s_sort_dir .= '</select>';
+		$sort_ary['output'] = '<select name="' . $name . '" id="' . $name . '">';
+		foreach ($sort_ary['options'] as $option => $text)
+		{
+			$sort_ary['output'] .= '<option value="' . $option . '"' . (($selected == $option) ? ' selected="selected"' : '') . '>' . $text . '</option>';
+		}
+		$sort_ary['output'] .= '</select>';
 
-	$u_sort_param = "st=$sort_days&amp;sk=$sort_key&amp;sd=$sort_dir";
+		$u_sort_param .= ($selected !== $sort_ary['default']) ? ((strlen($u_sort_param)) ? '&amp;' : '') . "{$name}={$selected}" : '';
+	}
 
 	return;
 }
@@ -239,7 +248,7 @@ function bump_topic_allowed($forum_id, $topic_bumped, $last_post_time, $topic_po
 function get_context($text, $words, $length = 400)
 {
 	// first replace all whitespaces with single spaces
-	$text = preg_replace('/ +/', ' ', strtr($text, "\t\n\r\x0C ", '     '), $text);
+	$text = preg_replace('/ +/', ' ', strtr($text, "\t\n\r\x0C ", '     '));
 
 	$word_indizes = array();
 	if (sizeof($words))
@@ -438,6 +447,7 @@ function generate_text_for_storage(&$text, &$uid, &$bitfield, &$flags, $allow_bb
 	global $phpbb_root_path, $phpEx;
 
 	$uid = $bitfield = '';
+	$flags = (($allow_bbcode) ? OPTION_FLAG_BBCODE : 0) + (($allow_smilies) ? OPTION_FLAG_SMILIES : 0) + (($allow_urls) ? OPTION_FLAG_LINKS : 0);
 
 	if (!$text)
 	{
@@ -461,7 +471,6 @@ function generate_text_for_storage(&$text, &$uid, &$bitfield, &$flags, $allow_bb
 		$uid = '';
 	}
 
-	$flags = (($allow_bbcode) ? OPTION_FLAG_BBCODE : 0) + (($allow_smilies) ? OPTION_FLAG_SMILIES : 0) + (($allow_urls) ? OPTION_FLAG_LINKS : 0);
 	$bitfield = $message_parser->bbcode_bitfield;
 
 	return;
@@ -492,7 +501,8 @@ function generate_text_for_edit($text, $uid, $flags)
 */
 function make_clickable_callback($type, $whitespace, $url, $relative_url, $class)
 {
-	$orig_url		= $url . $relative_url;
+	$orig_url		= $url;
+	$orig_relative	= $relative_url;
 	$append			= '';
 	$url			= htmlspecialchars_decode($url);
 	$relative_url	= htmlspecialchars_decode($relative_url);
@@ -557,6 +567,12 @@ function make_clickable_callback($type, $whitespace, $url, $relative_url, $class
 				$url = substr($url, 0, -1);
 			}
 		break;
+
+		// set last_char to empty here, so the variable can be used later to
+		// check whether a character was removed
+		default:
+			$last_char = '';
+		break;
 	}
 
 	$short_url = (strlen($url) > 55) ? substr($url, 0, 39) . ' ... ' . substr($url, -10) : $url;
@@ -568,13 +584,13 @@ function make_clickable_callback($type, $whitespace, $url, $relative_url, $class
 			$relative_url	= preg_replace('/[&?]sid=[0-9a-f]{32}$/', '', preg_replace('/([&?])sid=[0-9a-f]{32}&/', '$1', $relative_url));
 			$url			= $url . '/' . $relative_url;
 			$text			= $relative_url;
-			
+
 			// this url goes to http://domain.tld/path/to/board/ which
 			// would result in an empty link if treated as local so
 			// don't touch it and let MAGIC_URL_FULL take care of it.
 			if (!$relative_url)
 			{
-				return $orig_url . '/'; // slash is taken away by relative url pattern
+				return $whitespace . $orig_url . '/' . $orig_relative; // slash is taken away by relative url pattern
 			}
 		break;
 
@@ -1066,8 +1082,16 @@ function extension_allowed($forum_id, $extension, &$extensions)
 /**
 * Truncates string while retaining special characters if going over the max length
 * The default max length is 60 at the moment
+* The maximum storage length is there to fit the string within the given length. The string may be further truncated due to html entities.
+* For example: string given is 'a "quote"' (length: 9), would be a stored as 'a &quot;quote&quot;' (length: 19)
+*
+* @param string $string The text to truncate to the given length. String is specialchared.
+* @param int $max_length Maximum length of string (multibyte character count as 1 char / Html entity count as 1 char)
+* @param int $max_store_length Maximum character length of string (multibyte character count as 1 char / Html entity count as entity chars).
+* @param bool $allow_reply Allow Re: in front of string
+* @param string $append String to be appended
 */
-function truncate_string($string, $max_length = 60, $allow_reply = true, $append = '')
+function truncate_string($string, $max_length = 60, $max_store_length = 255, $allow_reply = true, $append = '')
 {
 	$chars = array();
 
@@ -1090,6 +1114,21 @@ function truncate_string($string, $max_length = 60, $allow_reply = true, $append
 		$stripped = true;
 	}
 
+	// Due to specialchars, we may not be able to store the string...
+	if (utf8_strlen($string) > $max_store_length)
+	{
+		// let's split again, we do not want half-baked strings where entities are split
+		$_chars = utf8_str_split(htmlspecialchars_decode($string));
+		$chars = array_map('utf8_htmlspecialchars', $_chars);
+
+		do
+		{
+			array_pop($chars);
+			$string = implode('', $chars);
+		}
+		while (utf8_strlen($string) > $max_store_length || !sizeof($chars));
+	}
+
 	if ($strip_reply)
 	{
 		$string = 'Re: ' . $string;
@@ -1105,6 +1144,7 @@ function truncate_string($string, $max_length = 60, $allow_reply = true, $append
 
 /**
 * Get username details for placing into templates.
+* This function caches all modes on first call, except for no_profile and anonymous user - determined by $user_id.
 *
 * @param string $mode Can be profile (for getting an url to the profile), username (for obtaining the username), colour (for obtaining the user colour), full (for obtaining a html string representing a coloured link to the users profile) or no_profile (the same as full but forcing no profile link)
 * @param int $user_id The users id
@@ -1114,12 +1154,30 @@ function truncate_string($string, $max_length = 60, $allow_reply = true, $append
 * @param string $custom_profile_url optional parameter to specify a profile url. The user id get appended to this url as &amp;u={user_id}
 *
 * @return string A string consisting of what is wanted based on $mode.
+* @author BartVB, Acyd Burn
 */
 function get_username_string($mode, $user_id, $username, $username_colour = '', $guest_username = false, $custom_profile_url = false)
 {
+	static $_profile_cache;
+	static $_base_profile_url;
+
+	$cache_key = $user_id;
+
+	// If the get_username_string() function had been executed once with an (to us) unkown mode, all modes are pre-filled and we can just grab it.
+	if ($user_id && $user_id != ANONYMOUS && isset($_profile_cache[$cache_key][$mode]))
+	{
+		// If the mode is 'no_profile', we simply construct the TPL code due to calls to this mode being very very rare
+		if ($mode == 'no_profile')
+		{
+			$tpl = (!$_profile_cache[$cache_key]['colour']) ? '{USERNAME}' : '<span style="color: {USERNAME_COLOUR};" class="username-coloured">{USERNAME}</span>';
+			return str_replace(array('{USERNAME_COLOUR}', '{USERNAME}'), array($_profile_cache[$cache_key]['colour'], $_profile_cache[$cache_key]['username']), $tpl);
+		}
+
+		return $_profile_cache[$cache_key][$mode];
+	}
+
 	global $phpbb_root_path, $phpEx, $user, $auth;
 
-	$profile_url = '';
 	$username_colour = ($username_colour) ? '#' . $username_colour : '';
 
 	if ($guest_username === false)
@@ -1131,64 +1189,42 @@ function get_username_string($mode, $user_id, $username, $username_colour = '',
 		$username = ($user_id && $user_id != ANONYMOUS) ? $username : ((!empty($guest_username)) ? $guest_username : $user->lang['GUEST']);
 	}
 
-	// Only show the link if not anonymous
-	if ($mode != 'no_profile' && $user_id && $user_id != ANONYMOUS)
+	// Build cache for all modes
+	$_profile_cache[$cache_key]['colour'] = $username_colour;
+	$_profile_cache[$cache_key]['username'] = $username;
+	$_profile_cache[$cache_key]['no_profile'] = true;
+
+	// Profile url - only show if not anonymous and permission to view profile if registered user
+	// For anonymous the link leads to a login page.
+	if ($user_id && $user_id != ANONYMOUS && ($user->data['user_id'] == ANONYMOUS || $auth->acl_get('u_viewprofile')))
 	{
-		// Do not show the link if the user is already logged in but do not have u_viewprofile permissions (relevant for bots mostly).
-		// For all others the link leads to a login page or the profile.
-		if ($user->data['user_id'] != ANONYMOUS && !$auth->acl_get('u_viewprofile'))
+		if (empty($_base_profile_url))
 		{
-			$profile_url = '';
-		}
-		else
-		{
-			$profile_url = ($custom_profile_url !== false) ? $custom_profile_url . '&amp;u=' . (int) $user_id : append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&amp;u=' . (int) $user_id);
+			$_base_profile_url = append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&amp;u={USER_ID}');
 		}
+
+		$profile_url = ($custom_profile_url !== false) ? $custom_profile_url . '&amp;u=' . (int) $user_id : str_replace('={USER_ID}', '=' . (int) $user_id, $_base_profile_url);
+		$tpl = (!$username_colour) ? '<a href="{PROFILE_URL}">{USERNAME}</a>' : '<a href="{PROFILE_URL}" style="color: {USERNAME_COLOUR};" class="username-coloured">{USERNAME}</a>';
+		$_profile_cache[$cache_key]['full'] = str_replace(array('{PROFILE_URL}', '{USERNAME_COLOUR}', '{USERNAME}'), array($profile_url, $username_colour, $username), $tpl);
 	}
 	else
 	{
+		$tpl = (!$username_colour) ? '{USERNAME}' : '<span style="color: {USERNAME_COLOUR};" class="username-coloured">{USERNAME}</span>';
+		$_profile_cache[$cache_key]['full'] = str_replace(array('{USERNAME_COLOUR}', '{USERNAME}'), array($username_colour, $username), $tpl);
 		$profile_url = '';
 	}
 
-	switch ($mode)
+	// Use the profile url from above
+	$_profile_cache[$cache_key]['profile'] = $profile_url;
+
+	// If - by any chance - no_profile is called before any other mode, we need to do the calculation here
+	if ($mode == 'no_profile')
 	{
-		case 'profile':
-			return $profile_url;
-		break;
-
-		case 'username':
-			return $username;
-		break;
-
-		case 'colour':
-			return $username_colour;
-		break;
-
-		case 'no_profile':
-		case 'full':
-		default:
-
-			$tpl = '';
-			if (!$profile_url && !$username_colour)
-			{
-				$tpl = '{USERNAME}';
-			}
-			else if (!$profile_url && $username_colour)
-			{
-				$tpl = '<span style="color: {USERNAME_COLOUR};" class="username-coloured">{USERNAME}</span>';
-			}
-			else if ($profile_url && !$username_colour)
-			{
-				$tpl = '<a href="{PROFILE_URL}">{USERNAME}</a>';
-			}
-			else if ($profile_url && $username_colour)
-			{
-				$tpl = '<a href="{PROFILE_URL}" style="color: {USERNAME_COLOUR};" class="username-coloured">{USERNAME}</a>';
-			}
-
-			return str_replace(array('{PROFILE_URL}', '{USERNAME_COLOUR}', '{USERNAME}'), array($profile_url, $username_colour, $username), $tpl);
-		break;
+		$tpl = (!$_profile_cache[$cache_key]['colour']) ? '{USERNAME}' : '<span style="color: {USERNAME_COLOUR};" class="username-coloured">{USERNAME}</span>';
+		return str_replace(array('{USERNAME_COLOUR}', '{USERNAME}'), array($_profile_cache[$cache_key]['colour'], $_profile_cache[$cache_key]['username']), $tpl);
 	}
+
+	return $_profile_cache[$cache_key][$mode];
 }
 
 /**

phpBB/includes/functions_convert.php

@@ -148,7 +148,7 @@ function auto_id($pad = 0)
 	{
 		return $convert_row['max_id'] + $pad;
 	}
-	
+
 	return $auto_id + $pad;
 }
 
@@ -280,7 +280,7 @@ function get_config_value($config_name)
 	{
 		$convert_config = get_config();
 	}
-	
+
 	if (!isset($convert_config[$config_name]))
 	{
 		return false;
@@ -669,12 +669,12 @@ function import_avatar($source, $use_target = false, $user_id = false)
 	{
 		$convert->p_master->error(sprintf($user->lang['CONV_ERROR_NO_AVATAR_PATH'], 'import_avatar()'), __LINE__, __FILE__);
 	}
-	
+
 	if ($use_target === false && $user_id !== false)
 	{
 		$use_target = $config['avatar_salt'] . '_' . $user_id . '.' . substr(strrchr($source, '.'), 1);
 	}
-	
+
 	$result = _import_check('avatar_path', $source, $use_target);
 
 	return ((!empty($user_id)) ? $user_id : $use_target) . '.' . substr(strrchr($source, '.'), 1);
@@ -946,7 +946,7 @@ function get_remote_avatar_dim($src, $axis)
 		unset($remote_avatar_cache);
 		return $retval;
 	}
-	
+
 	$url_info = @parse_url($src);
 	if (empty($url_info['host']))
 	{
@@ -962,19 +962,19 @@ function get_remote_avatar_dim($src, $axis)
 			case 'ftp':
 				$port = 21;
 				break;
-				
+
 			case 'https':
 				$port = 443;
 				break;
-			
+
 			default:
 				$port = 80;
 		}
 	}
-	
+
 	$timeout = @ini_get('default_socket_timeout');
 	@ini_set('default_socket_timeout', 2);
-	
+
 	// We're just trying to reach the server to avoid timeouts
 	$fp = @fsockopen($host, $port, $errno, $errstr, 1);
 	if ($fp)
@@ -982,11 +982,11 @@ function get_remote_avatar_dim($src, $axis)
 		$remote_avatar_cache[$src] = @getimagesize($src);
 		fclose($fp);
 	}
-	
+
 	$default_x 	= (defined('DEFAULT_AVATAR_X_CUSTOM')) ? DEFAULT_AVATAR_X_CUSTOM : DEFAULT_AVATAR_X;
 	$default_y 	= (defined('DEFAULT_AVATAR_Y_CUSTOM')) ? DEFAULT_AVATAR_Y_CUSTOM : DEFAULT_AVATAR_Y;
 	$default 	= array($default_x, $default_y);
-	
+
 	if (empty($remote_avatar_cache[$src]) || empty($remote_avatar_cache[$src][0]) || empty($remote_avatar_cache[$src][1]))
 	{
 		$remote_avatar_cache[$src] = $default;
@@ -1002,7 +1002,7 @@ function get_remote_avatar_dim($src, $axis)
 			$remote_avatar_cache[$src][1] = (int)($remote_avatar_cache[$src][1] * $ratio);
 		}
 	}
-	
+
 	@ini_set('default_socket_timeout', $timeout);
 	return $remote_avatar_cache[$src][$axis];
 }
@@ -1112,7 +1112,7 @@ function words_unique(&$words)
 function add_user_group($group_id, $user_id, $group_leader=false)
 {
 	global $convert, $phpbb_root_path, $config, $user, $db;
-	
+
 	$sql = 'INSERT INTO ' . USER_GROUP_TABLE . ' ' . $db->sql_build_array('INSERT', array(
 		'group_id'		=> $group_id,
 		'user_id'		=> $user_id,
@@ -1282,7 +1282,7 @@ function restore_config($schema)
 			// Most are...
 			if (is_string($config_value))
 			{
-				$config_value = truncate_string(utf8_htmlspecialchars($config_value), 255, false);
+				$config_value = truncate_string(utf8_htmlspecialchars($config_value), 255, 255, false);
 			}
 
 			set_config($config_name, $config_value);
@@ -1744,6 +1744,7 @@ function sync_post_count($offset, $limit)
 	$sql = 'SELECT COUNT(post_id) AS num_posts, poster_id
 			FROM ' . POSTS_TABLE . '
 			WHERE post_postcount = 1
+				AND post_approved = 1
 			GROUP BY poster_id
 			ORDER BY poster_id';
 	$result = $db->sql_query_limit($sql, $limit, $offset);
@@ -1951,7 +1952,7 @@ function update_dynamic_config()
 		FROM ' . ATTACHMENTS_TABLE . '
 		WHERE is_orphan = 0';
 	$result = $db->sql_query($sql);
-	set_config('upload_dir_size', (int) $db->sql_fetchfield('stat'), true);
+	set_config('upload_dir_size', (float) $db->sql_fetchfield('stat'), true);
 	$db->sql_freeresult($result);
 
 	/**
@@ -2443,7 +2444,7 @@ function get_smiley_display()
 function fill_dateformat($user_dateformat)
 {
 	global $config;
-	
+
 	return ((empty($user_dateformat)) ? $config['default_dateformat'] : $user_dateformat);
 }
 

phpBB/includes/functions_display.php

@@ -205,6 +205,12 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 			$subforums[$parent_id][$forum_id]['display'] = ($row['display_on_index']) ? true : false;
 			$subforums[$parent_id][$forum_id]['name'] = $row['forum_name'];
 			$subforums[$parent_id][$forum_id]['orig_forum_last_post_time'] = $row['forum_last_post_time'];
+			$subforums[$parent_id][$forum_id]['children'] = array();
+
+			if (isset($subforums[$parent_id][$row['parent_id']]) && !$row['display_on_index'])
+			{
+				$subforums[$parent_id][$row['parent_id']]['children'][] = $forum_id;
+			}
 
 			$forum_rows[$parent_id]['forum_topics'] += $row['forum_topics'];
 
@@ -231,23 +237,30 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 	// Handle marking posts
 	if ($mark_read == 'forums' || $mark_read == 'all')
 	{
-		$redirect = build_url('mark');
-
-		if ($mark_read == 'all')
+		$redirect = build_url('mark', 'hash');
+		$token = request_var('hash', '');
+		if (check_link_hash($token, 'global'))
 		{
-			markread('all');
-
-			$message = sprintf($user->lang['RETURN_INDEX'], '<a href="' . $redirect . '">', '</a>');
+			if ($mark_read == 'all')
+			{
+				markread('all');
+				$message = sprintf($user->lang['RETURN_INDEX'], '<a href="' . $redirect . '">', '</a>');
+			}
+			else
+			{
+				markread('topics', $forum_ids);
+				$message = sprintf($user->lang['RETURN_FORUM'], '<a href="' . $redirect . '">', '</a>');
+			}
+			meta_refresh(3, $redirect);
+			trigger_error($user->lang['FORUMS_MARKED'] . '<br /><br />' . $message);
 		}
 		else
 		{
-			markread('topics', $forum_ids);
-
-			$message = sprintf($user->lang['RETURN_FORUM'], '<a href="' . $redirect . '">', '</a>');
+			$message = sprintf($user->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a>');
+			meta_refresh(3, $redirect);
+			trigger_error($message);
 		}
 
-		meta_refresh(3, $redirect);
-		trigger_error($user->lang['FORUMS_MARKED'] . '<br /><br />' . $message);
 	}
 
 	// Grab moderators ... if necessary
@@ -297,6 +310,19 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 			{
 				$subforum_unread = (isset($forum_tracking_info[$subforum_id]) && $subforum_row['orig_forum_last_post_time'] > $forum_tracking_info[$subforum_id]) ? true : false;
 
+				if (!$subforum_unread && !empty($subforum_row['children']))
+				{
+					foreach ($subforum_row['children'] as $child_id)
+					{
+						if (isset($forum_tracking_info[$child_id]) && $subforums[$forum_id][$child_id]['orig_forum_last_post_time'] > $forum_tracking_info[$child_id])
+						{
+							// Once we found an unread child forum, we can drop out of this loop
+							$subforum_unread = true;
+							break;
+						}
+					}
+				}
+
 				if ($subforum_row['display'] && $subforum_row['name'])
 				{
 					$subforums_list[] = array(
@@ -444,7 +470,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 	}
 
 	$template->assign_vars(array(
-		'U_MARK_FORUMS'		=> ($user->data['is_registered'] || $config['load_anon_lastread']) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $root_data['forum_id'] . '&amp;mark=forums') : '',
+		'U_MARK_FORUMS'		=> ($user->data['is_registered'] || $config['load_anon_lastread']) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'hash=' . generate_link_hash('global') . '&amp;f=' . $root_data['forum_id'] . '&amp;mark=forums') : '',
 		'S_HAS_SUBFORUM'	=> ($visible_forums) ? true : false,
 		'L_SUBFORUM'		=> ($visible_forums == 1) ? $user->lang['SUBFORUM'] : $user->lang['SUBFORUMS'],
 		'LAST_POST_IMG'		=> $user->img('icon_topic_latest', 'VIEW_LATEST_POST'))
@@ -630,7 +656,7 @@ function topic_generate_pagination($replies, $url)
 */
 function get_moderators(&$forum_moderators, $forum_id = false)
 {
-	global $config, $template, $db, $phpbb_root_path, $phpEx;
+	global $config, $template, $db, $phpbb_root_path, $phpEx, $user, $auth;
 
 	// Have we disabled the display of moderators? If so, then return
 	// from whence we came ...
@@ -689,7 +715,16 @@ function get_moderators(&$forum_moderators, $forum_id = false)
 		}
 		else
 		{
-			$forum_moderators[$row['forum_id']][] = '<a' . (($row['group_colour']) ? ' style="color:#' . $row['group_colour'] . ';"' : '') . ' href="' . append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=group&amp;g=' . $row['group_id']) . '">' . (($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name']) . '</a>';
+			$group_name = (($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name']);
+
+			if ($user->data['user_id'] != ANONYMOUS && !$auth->acl_get('u_viewprofile'))
+			{
+				$forum_moderators[$row['forum_id']][] = '<span' . (($row['group_colour']) ? ' style="color:#' . $row['group_colour'] . ';"' : '') . '>' . $group_name . '</span>';
+			}
+			else
+			{
+				$forum_moderators[$row['forum_id']][] = '<a' . (($row['group_colour']) ? ' style="color:#' . $row['group_colour'] . ';"' : '') . ' href="' . append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=group&amp;g=' . $row['group_id']) . '">' . $group_name . '</a>';
+			}
 		}
 	}
 	$db->sql_freeresult($result);
@@ -772,7 +807,8 @@ function topic_status(&$topic_row, $replies, $unread_topic, &$folder_img, &$fold
 				$folder = 'topic_read';
 				$folder_new = 'topic_unread';
 
-				if ($config['hot_threshold'] && $replies >= $config['hot_threshold'] && $topic_row['topic_status'] != ITEM_LOCKED)
+				// Hot topic threshold is for posts in a topic, which is replies + the first post. ;)
+				if ($config['hot_threshold'] && ($replies + 1) >= $config['hot_threshold'] && $topic_row['topic_status'] != ITEM_LOCKED)
 				{
 					$folder .= '_hot';
 					$folder_new .= '_hot';
@@ -988,8 +1024,8 @@ function watch_topic_forum($mode, &$s_watching, $user_id, $forum_id, $topic_id,
 	$table_sql = ($mode == 'forum') ? FORUMS_WATCH_TABLE : TOPICS_WATCH_TABLE;
 	$where_sql = ($mode == 'forum') ? 'forum_id' : 'topic_id';
 	$match_id = ($mode == 'forum') ? $forum_id : $topic_id;
-
-	$u_url = ($mode == 'forum') ? 'f' : 'f=' . $forum_id . '&amp;t';
+	$u_url = "uid={$user->data['user_id']}";
+	$u_url .= ($mode == 'forum') ? '&amp;f' : '&amp;f=' . $forum_id . '&amp;t';
 
 	// Is user watching this thread?
 	if ($user_id != ANONYMOUS)
@@ -1010,8 +1046,16 @@ function watch_topic_forum($mode, &$s_watching, $user_id, $forum_id, $topic_id,
 
 		if (!is_null($notify_status) && $notify_status !== '')
 		{
+
 			if (isset($_GET['unwatch']))
 			{
+				$uid = request_var('uid', 0);
+				if ($uid != $user_id)
+				{
+					$redirect_url = append_sid("{$phpbb_root_path}view$mode.$phpEx", "$u_url=$match_id&amp;start=$start");
+					$message = $user->lang['ERR_UNWATCHING'] . '<br /><br />' . sprintf($user->lang['RETURN_' . strtoupper($mode)], '<a href="' . $redirect_url . '">', '</a>');
+					trigger_error($message);
+				}
 				if ($_GET['unwatch'] == $mode)
 				{
 					$is_watching = 0;
@@ -1047,19 +1091,25 @@ function watch_topic_forum($mode, &$s_watching, $user_id, $forum_id, $topic_id,
 		{
 			if (isset($_GET['watch']))
 			{
-				if ($_GET['watch'] == $mode)
+				$token = request_var('hash', '');
+				$redirect_url = append_sid("{$phpbb_root_path}view$mode.$phpEx", "$u_url=$match_id&amp;start=$start");
+
+				if ($_GET['watch'] == $mode && check_link_hash($token, "{$mode}_$match_id"))
 				{
 					$is_watching = true;
 
 					$sql = 'INSERT INTO ' . $table_sql . " (user_id, $where_sql, notify_status)
 						VALUES ($user_id, $match_id, 0)";
 					$db->sql_query($sql);
+					$message = $user->lang['ARE_WATCHING_' . strtoupper($mode)] . '<br /><br />' . sprintf($user->lang['RETURN_' . strtoupper($mode)], '<a href="' . $redirect_url . '">', '</a>');
+				}
+				else
+				{
+					$message = $user->lang['ERR_WATCHING'] . '<br /><br />' . sprintf($user->lang['RETURN_' . strtoupper($mode)], '<a href="' . $redirect_url . '">', '</a>');
 				}
 
-				$redirect_url = append_sid("{$phpbb_root_path}view$mode.$phpEx", "$u_url=$match_id&amp;start=$start");
 				meta_refresh(3, $redirect_url);
 
-				$message = $user->lang['ARE_WATCHING_' . strtoupper($mode)] . '<br /><br />' . sprintf($user->lang['RETURN_' . strtoupper($mode)], '<a href="' . $redirect_url . '">', '</a>');
 				trigger_error($message);
 			}
 			else
@@ -1083,7 +1133,7 @@ function watch_topic_forum($mode, &$s_watching, $user_id, $forum_id, $topic_id,
 
 	if ($can_watch)
 	{
-		$s_watching['link'] = append_sid("{$phpbb_root_path}view$mode.$phpEx", "$u_url=$match_id&amp;" . (($is_watching) ? 'unwatch' : 'watch') . "=$mode&amp;start=$start");
+		$s_watching['link'] = append_sid("{$phpbb_root_path}view$mode.$phpEx", "$u_url=$match_id&amp;" . (($is_watching) ? 'unwatch' : 'watch') . "=$mode&amp;start=$start&amp;hash=" . generate_link_hash("{$mode}_$match_id"));
 		$s_watching['title'] = $user->lang[(($is_watching) ? 'STOP' : 'START') . '_WATCHING_' . strtoupper($mode)];
 		$s_watching['is_watching'] = $is_watching;
 	}
@@ -1100,6 +1150,7 @@ function watch_topic_forum($mode, &$s_watching, $user_id, $forum_id, $topic_id,
 * @param string &$rank_img the rank image as full img tag is stored here after execution
 * @param string &$rank_img_src the rank image source is stored here after execution
 *
+* Note: since we do not want to break backwards-compatibility, this function will only properly assign ranks to guests if you call it for them with user_posts == false
 */
 function get_user_rank($user_rank, $user_posts, &$rank_title, &$rank_img, &$rank_img_src)
 {
@@ -1117,7 +1168,7 @@ function get_user_rank($user_rank, $user_posts, &$rank_title, &$rank_img, &$rank
 		$rank_img = (!empty($ranks['special'][$user_rank]['rank_image'])) ? '<img src="' . $phpbb_root_path . $config['ranks_path'] . '/' . $ranks['special'][$user_rank]['rank_image'] . '" alt="' . $ranks['special'][$user_rank]['rank_title'] . '" title="' . $ranks['special'][$user_rank]['rank_title'] . '" />' : '';
 		$rank_img_src = (!empty($ranks['special'][$user_rank]['rank_image'])) ? $phpbb_root_path . $config['ranks_path'] . '/' . $ranks['special'][$user_rank]['rank_image'] : '';
 	}
-	else
+	else if ($user_posts !== false)
 	{
 		if (!empty($ranks['normal']))
 		{
@@ -1169,7 +1220,7 @@ function get_user_avatar($avatar, $avatar_type, $avatar_width, $avatar_height, $
 	}
 
 	$avatar_img .= $avatar;
-	return '<img src="' . $avatar_img . '" width="' . $avatar_width . '" height="' . $avatar_height . '" alt="' . ((!empty($user->lang[$alt])) ? $user->lang[$alt] : $alt) . '" />';
+	return '<img src="' . (str_replace(' ', '%20', $avatar_img)) . '" width="' . $avatar_width . '" height="' . $avatar_height . '" alt="' . ((!empty($user->lang[$alt])) ? $user->lang[$alt] : $alt) . '" />';
 }
 
 ?>

phpBB/includes/functions_install.php

@@ -286,7 +286,7 @@ function connect_check_db($error_connect, &$error, $dbms_details, $table_prefix,
 	{
 		case 'mysql':
 		case 'mysqli':
-			if (strpos($table_prefix, '-') !== false || strpos($table_prefix, '.') !== false)
+			if (strspn($table_prefix, '-./\\') !== 0)
 			{
 				$error[] = $lang['INST_ERR_PREFIX_INVALID'];
 				return false;

phpBB/includes/functions_jabber.php

@@ -20,7 +20,7 @@ if (!defined('IN_PHPBB'))
 *
 * Jabber class from Flyspray project
 *
-* @version class.jabber2.php 1488 2007-11-25
+* @version class.jabber2.php 1595 2008-09-19 (0.9.9)
 * @copyright 2006 Flyspray.org
 * @author Florian Schmitz (floele)
 *
@@ -35,6 +35,7 @@ class jabber
 	var $timeout = 10;
 
 	var $server;
+	var $connect_server;
 	var $port;
 	var $username;
 	var $password;
@@ -50,9 +51,23 @@ class jabber
 	*/
 	function jabber($server, $port, $username, $password, $use_ssl = false)
 	{
-		$this->server				= ($server) ? $server : 'localhost';
+		$this->connect_server		= ($server) ? $server : 'localhost';
 		$this->port					= ($port) ? $port : 5222;
-		$this->username				= $username;
+
+		// Get the server and the username
+		if (strpos($username, '@') === false)
+		{
+			$this->server = $this->connect_server;
+			$this->username = $username;
+		}
+		else
+		{
+			$jid = explode('@', $username, 2);
+
+			$this->username = $jid[0];
+			$this->server = $jid[1];
+		}
+
 		$this->password				= $password;
 		$this->use_ssl				= ($use_ssl && $this->can_use_ssl()) ? true : false;
 
@@ -123,7 +138,7 @@ class jabber
 
 		$this->session['ssl'] = $this->use_ssl;
 
-		if ($this->open_socket($this->server, $this->port, $this->use_ssl))
+		if ($this->open_socket($this->connect_server, $this->port, $this->use_ssl))
 		{
 			$this->send("<?xml version='1.0' encoding='UTF-8' ?" . ">\n");
 			$this->send("<stream:stream to='{$this->server}' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0'>\n");
@@ -402,8 +417,7 @@ class jabber
 				if ($second_time)
 				{
 					// If we are here for the second time after TLS, we need to continue logging in
-					$this->login();
-					return;
+					return $this->login();
 				}
 
 				// go on with authentication?
@@ -500,14 +514,7 @@ class jabber
 				}
 
 				// better generate a cnonce, maybe it's needed
-				$str = '';
-				mt_srand((double)microtime()*10000000);
-
-				for ($i = 0; $i < 32; $i++)
-				{
-					$str .= chr(mt_rand(0, 255));
-				}
-				$decoded['cnonce'] = base64_encode($str);
+				$decoded['cnonce'] = base64_encode(md5(uniqid(mt_rand(), true)));
 
 				// second challenge?
 				if (isset($decoded['rspauth']))

phpBB/includes/functions_messenger.php

@@ -97,6 +97,12 @@ class messenger
 	*/
 	function im($address, $realname = '')
 	{
+		// IM-Addresses could be empty
+		if (!$address)
+		{
+			return;
+		}
+
 		$pos = isset($this->addresses['im']) ? sizeof($this->addresses['im']) : 0;
 		$this->addresses['im'][$pos]['uid'] = trim($address);
 		$this->addresses['im'][$pos]['name'] = trim($realname);
@@ -443,6 +449,11 @@ class messenger
 			return false;
 		}
 
+		if (empty($this->addresses['im']))
+		{
+			return false;
+		}
+
 		$use_queue = false;
 		if ($config['jab_package_size'] && $this->use_queue)
 		{
@@ -562,7 +573,7 @@ class queue
 
 		$fp = @fopen($this->cache_file . '.lock', 'wb');
 		fclose($fp);
-		@chmod($this->cache_file . '.lock', 0666);
+		@chmod($this->cache_file . '.lock', 0777);
 
 		include($this->cache_file);
 
@@ -683,21 +694,21 @@ class queue
 				break;
 			}
 		}
-	
+
 		if (!sizeof($this->queue_data))
 		{
 			@unlink($this->cache_file);
 		}
 		else
 		{
-			if ($fp = @fopen($this->cache_file, 'w'))
+			if ($fp = @fopen($this->cache_file, 'wb'))
 			{
 				@flock($fp, LOCK_EX);
-				fwrite($fp, "<?php\n\$this->queue_data = " . var_export($this->queue_data, true) . ";\n?>");
+				fwrite($fp, "<?php\n\$this->queue_data = unserialize(" . var_export(serialize($this->queue_data), true) . ");\n\n?>");
 				@flock($fp, LOCK_UN);
 				fclose($fp);
 
-				@chmod($this->cache_file, 0666);
+				phpbb_chmod($this->cache_file, CHMOD_WRITE);
 			}
 		}
 
@@ -713,11 +724,11 @@ class queue
 		{
 			return;
 		}
-		
+
 		if (file_exists($this->cache_file))
 		{
 			include($this->cache_file);
-			
+
 			foreach ($this->queue_data as $object => $data_ary)
 			{
 				if (isset($this->data[$object]) && sizeof($this->data[$object]))
@@ -734,11 +745,11 @@ class queue
 		if ($fp = @fopen($this->cache_file, 'w'))
 		{
 			@flock($fp, LOCK_EX);
-			fwrite($fp, "<?php\n\$this->queue_data = " . var_export($this->data, true) . ";\n?>");
+			fwrite($fp, "<?php\n\$this->queue_data = unserialize(" . var_export(serialize($this->data), true) . ");\n\n?>");
 			@flock($fp, LOCK_UN);
 			fclose($fp);
 
-			@chmod($this->cache_file, 0666);
+			phpbb_chmod($this->cache_file, CHMOD_WRITE);
 		}
 	}
 }
@@ -1047,7 +1058,7 @@ class smtp_class
 			$err_msg .= $message;
 		}
 	}
-	
+
 	/**
 	* Log into server and get possible auth codes if neccessary
 	*/
@@ -1108,7 +1119,7 @@ class smtp_class
 				return false;
 			}
 
-			// If EHLO fails, we try HELO			
+			// If EHLO fails, we try HELO
 			$this->server_send("HELO {$local_host}");
 			if ($err_msg = $this->server_parse('250', __LINE__))
 			{
@@ -1129,7 +1140,7 @@ class smtp_class
 		{
 			return false;
 		}
-		
+
 		if (!isset($this->commands['AUTH']))
 		{
 			return (isset($user->lang['SMTP_NO_AUTH_SUPPORT'])) ? $user->lang['SMTP_NO_AUTH_SUPPORT'] : 'SMTP server does not support authentication';
@@ -1290,7 +1301,7 @@ class smtp_class
 		}
 
 		$md5_challenge = base64_decode($this->responses[0]);
-		
+
 		// Parse the md5 challenge - from AUTH_SASL (PEAR)
 		$tokens = array();
 		while (preg_match('/^([a-z-]+)=("[^"]+(?<!\\\)"|[^,]+)/i', $md5_challenge, $matches))

phpBB/includes/functions_module.php

@@ -28,11 +28,47 @@ class p_master
 	var $p_mode;
 	var $p_parent;
 
+	var $include_path = false;
 	var $active_module = false;
 	var $active_module_row_id = false;
 	var $acl_forum_id = false;
 	var $module_ary = array();
 
+	/**
+	* Constuctor
+	* Set module include path
+	*/
+	function p_master($include_path = false)
+	{
+		global $phpbb_root_path;
+
+		$this->include_path = ($include_path !== false) ? $include_path : $phpbb_root_path . 'includes/';
+
+		// Make sure the path ends with /
+		if (substr($this->include_path, -1) !== '/')
+		{
+			$this->include_path .= '/';
+		}
+	}
+
+	/**
+	* Set custom include path for modules
+	* Schema for inclusion is include_path . modulebase
+	*
+	* @param string $include_path include path to be used.
+	* @access public
+	*/
+	function set_custom_include_path($include_path)
+	{
+		$this->include_path = $include_path;
+
+		// Make sure the path ends with /
+		if (substr($this->include_path, -1) !== '/')
+		{
+			$this->include_path .= '/';
+		}
+	}
+
 	/**
 	* List modules
 	*
@@ -395,7 +431,7 @@ class p_master
 	{
 		global $phpbb_root_path, $phpbb_admin_path, $phpEx, $user;
 
-		$module_path = $phpbb_root_path . 'includes/' . $this->p_class;
+		$module_path = $this->include_path . $this->p_class;
 		$icat = request_var('icat', '');
 
 		if ($this->active_module === false)
@@ -818,11 +854,11 @@ class p_master
 	{
 		global $user, $phpEx;
 
-		if (file_exists($user->lang_path . 'mods'))
+		if (file_exists($user->lang_path . $user->lang_name . '/mods'))
 		{
 			$add_files = array();
 
-			$dir = @opendir($user->lang_path . 'mods');
+			$dir = @opendir($user->lang_path . $user->lang_name . '/mods');
 
 			if ($dir)
 			{

phpBB/includes/functions_posting.php

@@ -358,6 +358,11 @@ function upload_attachment($form_name, $forum_id, $local = false, $local_storage
 	include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx);
 	$upload = new fileupload();
 
+	if ($config['check_attachment_content'])
+	{
+		$upload->set_disallowed_content(explode('|', $config['mime_triggers']));
+	}
+
 	if (!$local)
 	{
 		$filedata['post_attach'] = ($upload->is_valid($form_name)) ? true : false;
@@ -524,6 +529,8 @@ function get_supported_image_types($type = false)
 
 		if ($type !== false)
 		{
+			// Type is one of the IMAGETYPE constants - it is fetched from getimagesize()
+			// We do not use the constants here, because some were not available in PHP 4.3.x
 			switch ($type)
 			{
 				// GIF
@@ -545,8 +552,7 @@ function get_supported_image_types($type = false)
 					$new_type = ($format & IMG_PNG) ? IMG_PNG : false;
 				break;
 
-				// BMP, WBMP
-				case 6:
+				// WBMP
 				case 15:
 					$new_type = ($format & IMG_WBMP) ? IMG_WBMP : false;
 				break;
@@ -682,6 +688,10 @@ function create_thumbnail($source, $destination, $mimetype)
 					return false;
 				}
 
+				// Preserve alpha transparency (png for example)
+				@imagealphablending($new_image, false);
+				@imagesavealpha($new_image, true);
+
 				imagecopyresampled($new_image, $image, 0, 0, 0, 0, $new_width, $new_height, $width, $height);
 			}
 
@@ -723,7 +733,7 @@ function create_thumbnail($source, $destination, $mimetype)
 		return false;
 	}
 
-	@chmod($destination, 0666);
+	phpbb_chmod($destination, CHMOD_READ | CHMOD_WRITE);
 
 	return true;
 }
@@ -755,20 +765,20 @@ function posting_gen_inline_attachments(&$attachment_data)
 /**
 * Generate inline attachment entry
 */
-function posting_gen_attachment_entry($attachment_data, &$filename_data)
+function posting_gen_attachment_entry($attachment_data, &$filename_data, $show_attach_box = true)
 {
-	global $template, $config, $phpbb_root_path, $phpEx, $user;
+	global $template, $config, $phpbb_root_path, $phpEx, $user, $auth;
 
+	// Some default template variables
 	$template->assign_vars(array(
-		'S_SHOW_ATTACH_BOX'	=> true)
-	);
+		'S_SHOW_ATTACH_BOX'	=> $show_attach_box,
+		'S_HAS_ATTACHMENTS'	=> sizeof($attachment_data),
+		'FILESIZE'			=> $config['max_filesize'],
+		'FILE_COMMENT'		=> (isset($filename_data['filecomment'])) ? $filename_data['filecomment'] : '',
+	));
 
 	if (sizeof($attachment_data))
 	{
-		$template->assign_vars(array(
-			'S_HAS_ATTACHMENTS'	=> true)
-		);
-
 		// We display the posted attachments within the desired order.
 		($config['display_order']) ? krsort($attachment_data) : ksort($attachment_data);
 
@@ -798,11 +808,6 @@ function posting_gen_attachment_entry($attachment_data, &$filename_data)
 		}
 	}
 
-	$template->assign_vars(array(
-		'FILE_COMMENT'	=> $filename_data['filecomment'],
-		'FILESIZE'		=> $config['max_filesize'])
-	);
-
 	return sizeof($attachment_data);
 }
 
@@ -1245,6 +1250,7 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id
 			$msg_list_ary[$row['template']][$pos]['jabber']	= $row['user_jabber'];
 			$msg_list_ary[$row['template']][$pos]['name']	= $row['username'];
 			$msg_list_ary[$row['template']][$pos]['lang']	= $row['user_lang'];
+			$msg_list_ary[$row['template']][$pos]['user_id']= $row['user_id'];
 		}
 		unset($msg_users);
 
@@ -1265,8 +1271,8 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id
 					'U_FORUM'				=> generate_board_url() . "/viewforum.$phpEx?f=$forum_id",
 					'U_TOPIC'				=> generate_board_url() . "/viewtopic.$phpEx?f=$forum_id&t=$topic_id",
 					'U_NEWEST_POST'			=> generate_board_url() . "/viewtopic.$phpEx?f=$forum_id&t=$topic_id&p=$post_id&e=$post_id",
-					'U_STOP_WATCHING_TOPIC'	=> generate_board_url() . "/viewtopic.$phpEx?f=$forum_id&t=$topic_id&unwatch=topic",
-					'U_STOP_WATCHING_FORUM'	=> generate_board_url() . "/viewforum.$phpEx?f=$forum_id&unwatch=forum",
+					'U_STOP_WATCHING_TOPIC'	=> generate_board_url() . "/viewtopic.$phpEx?uid={$addr['user_id']}&f=$forum_id&t=$topic_id&unwatch=topic",
+					'U_STOP_WATCHING_FORUM'	=> generate_board_url() . "/viewforum.$phpEx?uid={$addr['user_id']}&f=$forum_id&unwatch=forum",
 				));
 
 				$messenger->send($addr['method']);
@@ -1339,7 +1345,7 @@ function delete_post($forum_id, $topic_id, $post_id, &$data)
 	else if ($data['topic_first_post_id'] == $post_id)
 	{
 		$post_mode = 'delete_first_post';
-	} 
+	}
 	else if ($data['topic_last_post_id'] == $post_id)
 	{
 		$post_mode = 'delete_last_post';
@@ -1431,7 +1437,7 @@ function delete_post($forum_id, $topic_id, $post_id, &$data)
 				$sql_data[FORUMS_TABLE] = ($data['post_approved']) ? 'forum_posts = forum_posts - 1' : '';
 			}
 
-			$sql_data[TOPICS_TABLE] = 'topic_first_post_id = ' . intval($row['post_id']) . ", topic_first_poster_colour = '" . $db->sql_escape($row['user_colour']) . "', topic_first_poster_name = '" . (($row['poster_id'] == ANONYMOUS) ? $db->sql_escape($row['post_username']) : $db->sql_escape($row['username'])) . "'";
+			$sql_data[TOPICS_TABLE] = 'topic_poster = ' . intval($row['poster_id']) . ', topic_first_post_id = ' . intval($row['post_id']) . ", topic_first_poster_colour = '" . $db->sql_escape($row['user_colour']) . "', topic_first_poster_name = '" . (($row['poster_id'] == ANONYMOUS) ? $db->sql_escape($row['post_username']) : $db->sql_escape($row['username'])) . "'";
 
 			// Decrementing topic_replies here is fine because this case only happens if there is more than one post within the topic - basically removing one "reply"
 			$sql_data[TOPICS_TABLE] .= ', topic_replies_real = topic_replies_real - 1' . (($data['post_approved']) ? ', topic_replies = topic_replies - 1' : '');
@@ -1598,10 +1604,18 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 		$data['post_approved'] = $topic_row['post_approved'];
 	}
 
+	// This variable indicates if the user is able to post or put into the queue - it is used later for all code decisions regarding approval
+	$post_approval = 1;
+
+	// Check the permissions for post approval, as well as the queue trigger where users are put on approval with a post count lower than specified. Moderators are not affected.
+	if ((($config['enable_queue_trigger'] && $user->data['user_posts'] < $config['queue_trigger_posts']) || !$auth->acl_get('f_noapprove', $data['forum_id'])) && !$auth->acl_get('m_approve', $data['forum_id']))
+	{
+		$post_approval = 0;
+	}
+
 	// Start the transaction here
 	$db->sql_transaction('begin');
 
-
 	// Collect Information
 	switch ($post_mode)
 	{
@@ -1613,7 +1627,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 				'icon_id'			=> $data['icon_id'],
 				'poster_ip'			=> $user->ip,
 				'post_time'			=> $current_time,
-				'post_approved'		=> (!$auth->acl_get('f_noapprove', $data['forum_id']) && !$auth->acl_get('m_approve', $data['forum_id'])) ? 0 : 1,
+				'post_approved'		=> $post_approval,
 				'enable_bbcode'		=> $data['enable_bbcode'],
 				'enable_smilies'	=> $data['enable_smilies'],
 				'enable_magic_url'	=> $data['enable_urls'],
@@ -1645,7 +1659,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 			// Display edit info if edit reason given or user is editing his post, which is not the last within the topic.
 			if ($data['post_edit_reason'] || (!$auth->acl_get('m_edit', $data['forum_id']) && ($post_mode == 'edit' || $post_mode == 'edit_first_post')))
 			{
-				$data['post_edit_reason']		= truncate_string($data['post_edit_reason'], 255, false);
+				$data['post_edit_reason']		= truncate_string($data['post_edit_reason'], 255, 255, false);
 
 				$sql_data[POSTS_TABLE]['sql']	= array(
 					'post_edit_time'	=> $current_time,
@@ -1679,7 +1693,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 				'forum_id'			=> ($topic_type == POST_GLOBAL) ? 0 : $data['forum_id'],
 				'poster_id'			=> $data['poster_id'],
 				'icon_id'			=> $data['icon_id'],
-				'post_approved'		=> (!$auth->acl_get('f_noapprove', $data['forum_id']) && !$auth->acl_get('m_approve', $data['forum_id'])) ? 0 : $data['post_approved'],
+				'post_approved'		=> (!$post_approval) ? 0 : $data['post_approved'],
 				'enable_bbcode'		=> $data['enable_bbcode'],
 				'enable_smilies'	=> $data['enable_smilies'],
 				'enable_magic_url'	=> $data['enable_urls'],
@@ -1713,7 +1727,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 				'topic_time'				=> $current_time,
 				'forum_id'					=> ($topic_type == POST_GLOBAL) ? 0 : $data['forum_id'],
 				'icon_id'					=> $data['icon_id'],
-				'topic_approved'			=> (!$auth->acl_get('f_noapprove', $data['forum_id']) && !$auth->acl_get('m_approve', $data['forum_id'])) ? 0 : 1,
+				'topic_approved'			=> $post_approval,
 				'topic_title'				=> $subject,
 				'topic_first_poster_name'	=> (!$user->data['is_registered'] && $username) ? $username : (($user->data['user_id'] != ANONYMOUS) ? $user->data['username'] : ''),
 				'topic_first_poster_colour'	=> $user->data['user_colour'],
@@ -1733,24 +1747,23 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 				);
 			}
 
-			$sql_data[USERS_TABLE]['stat'][] = "user_lastpost_time = $current_time" . (($auth->acl_get('f_postcount', $data['forum_id'])) ? ', user_posts = user_posts + 1' : '');
+			$sql_data[USERS_TABLE]['stat'][] = "user_lastpost_time = $current_time" . (($auth->acl_get('f_postcount', $data['forum_id']) && $post_approval) ? ', user_posts = user_posts + 1' : '');
 
 			if ($topic_type != POST_GLOBAL)
 			{
-				if ($auth->acl_get('f_noapprove', $data['forum_id']) || $auth->acl_get('m_approve', $data['forum_id']))
+				if ($post_approval)
 				{
 					$sql_data[FORUMS_TABLE]['stat'][] = 'forum_posts = forum_posts + 1';
 				}
-				$sql_data[FORUMS_TABLE]['stat'][] = 'forum_topics_real = forum_topics_real + 1' . (($auth->acl_get('f_noapprove', $data['forum_id']) || $auth->acl_get('m_approve', $data['forum_id'])) ? ', forum_topics = forum_topics + 1' : '');
+				$sql_data[FORUMS_TABLE]['stat'][] = 'forum_topics_real = forum_topics_real + 1' . (($post_approval) ? ', forum_topics = forum_topics + 1' : '');
 			}
 		break;
 
 		case 'reply':
-			$sql_data[TOPICS_TABLE]['stat'][] = 'topic_replies_real = topic_replies_real + 1, topic_bumped = 0, topic_bumper = 0' . (($auth->acl_get('f_noapprove', $data['forum_id']) || $auth->acl_get('m_approve', $data['forum_id'])) ? ', topic_replies = topic_replies + 1' : '') . ((!empty($data['attachment_data']) || (isset($data['topic_attachment']) && $data['topic_attachment'])) ? ', topic_attachment = 1' : '');
+			$sql_data[TOPICS_TABLE]['stat'][] = 'topic_replies_real = topic_replies_real + 1, topic_bumped = 0, topic_bumper = 0' . (($post_approval) ? ', topic_replies = topic_replies + 1' : '') . ((!empty($data['attachment_data']) || (isset($data['topic_attachment']) && $data['topic_attachment'])) ? ', topic_attachment = 1' : '');
+			$sql_data[USERS_TABLE]['stat'][] = "user_lastpost_time = $current_time" . (($auth->acl_get('f_postcount', $data['forum_id']) && $post_approval) ? ', user_posts = user_posts + 1' : '');
 
-			$sql_data[USERS_TABLE]['stat'][] = "user_lastpost_time = $current_time" . (($auth->acl_get('f_postcount', $data['forum_id'])) ? ', user_posts = user_posts + 1' : '');
-
-			if (($auth->acl_get('f_noapprove', $data['forum_id']) || $auth->acl_get('m_approve', $data['forum_id'])) && $topic_type != POST_GLOBAL)
+			if ($post_approval && $topic_type != POST_GLOBAL)
 			{
 				$sql_data[FORUMS_TABLE]['stat'][] = 'forum_posts = forum_posts + 1';
 			}
@@ -1762,7 +1775,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 			$sql_data[TOPICS_TABLE]['sql'] = array(
 				'forum_id'					=> ($topic_type == POST_GLOBAL) ? 0 : $data['forum_id'],
 				'icon_id'					=> $data['icon_id'],
-				'topic_approved'			=> (!$auth->acl_get('f_noapprove', $data['forum_id']) && !$auth->acl_get('m_approve', $data['forum_id'])) ? 0 : $data['topic_approved'],
+				'topic_approved'			=> (!$post_approval) ? 0 : $data['topic_approved'],
 				'topic_title'				=> $subject,
 				'topic_first_poster_name'	=> $username,
 				'topic_type'				=> $topic_type,
@@ -1777,7 +1790,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 			);
 
 			// Correctly set back the topic replies and forum posts... only if the topic was approved before and now gets disapproved
-			if (!$auth->acl_get('f_noapprove', $data['forum_id']) && !$auth->acl_get('m_approve', $data['forum_id']) && $data['topic_approved'])
+			if (!$post_approval && $data['topic_approved'])
 			{
 				// Do we need to grab some topic informations?
 				if (!sizeof($topic_row))
@@ -1799,6 +1812,12 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 
 				set_config('num_topics', $config['num_topics'] - 1, true);
 				set_config('num_posts', $config['num_posts'] - ($topic_row['topic_replies'] + 1), true);
+
+				// Only decrement this post, since this is the one non-approved now
+				if ($auth->acl_get('f_postcount', $data['forum_id']))
+				{
+					$sql_data[USERS_TABLE]['stat'][] = 'user_posts = user_posts - 1';
+				}
 			}
 
 		break;
@@ -1807,12 +1826,17 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 		case 'edit_last_post':
 
 			// Correctly set back the topic replies and forum posts... but only if the post was approved before.
-			if (!$auth->acl_get('f_noapprove', $data['forum_id']) && !$auth->acl_get('m_approve', $data['forum_id']) && $data['post_approved'])
+			if (!$post_approval && $data['post_approved'])
 			{
 				$sql_data[TOPICS_TABLE]['stat'][] = 'topic_replies = topic_replies - 1';
 				$sql_data[FORUMS_TABLE]['stat'][] = 'forum_posts = forum_posts - 1';
 
 				set_config('num_posts', $config['num_posts'] - 1, true);
+
+				if ($auth->acl_get('f_postcount', $data['forum_id']))
+				{
+					$sql_data[USERS_TABLE]['stat'][] = 'user_posts = user_posts - 1';
+				}
 			}
 
 		break;
@@ -1856,6 +1880,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 				'topic_last_poster_id'		=> (int) $user->data['user_id'],
 				'topic_last_poster_name'	=> (!$user->data['is_registered'] && $username) ? $username : (($user->data['user_id'] != ANONYMOUS) ? $user->data['username'] : ''),
 				'topic_last_poster_colour'	=> $user->data['user_colour'],
+				'topic_last_post_subject'	=> (string) $subject,
 			);
 		}
 
@@ -2112,10 +2137,20 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 			// this post is the latest post in the forum, better update
 			if ($row['forum_last_post_id'] == $data['post_id'])
 			{
-				if ($post_approved && $row['forum_last_post_subject'] !== $subject)
+				// If post approved and subject changed, or poster is anonymous, we need to update the forum_last* rows
+				if ($post_approved && ($row['forum_last_post_subject'] !== $subject || $data['poster_id'] == ANONYMOUS))
 				{
-					// the only data that can really be changed is the post's subject
-					$sql_data[FORUMS_TABLE]['stat'][] = 'forum_last_post_subject = \'' . $db->sql_escape($subject) . '\'';
+					// the post's subject changed
+					if ($row['forum_last_post_subject'] !== $subject)
+					{
+						$sql_data[FORUMS_TABLE]['stat'][] = 'forum_last_post_subject = \'' . $db->sql_escape($subject) . '\'';
+					}
+
+					// Update the user name if poster is anonymous... just in case an admin changed it
+					if ($data['poster_id'] == ANONYMOUS)
+					{
+						$sql_data[FORUMS_TABLE]['stat'][] = "forum_last_poster_name = '" . $db->sql_escape($username) . "'";
+					}
 				}
 				else if ($data['post_approved'] !== $post_approved)
 				{
@@ -2252,6 +2287,12 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 		{
 			// only the subject can be changed from edit
 			$sql_data[TOPICS_TABLE]['stat'][] = "topic_last_post_subject = '" . $db->sql_escape($subject) . "'";
+
+			// Maybe not only the subject, but also changing anonymous usernames. ;)
+			if ($data['poster_id'] == ANONYMOUS)
+			{
+				$sql_data[TOPICS_TABLE]['stat'][] = "topic_last_poster_name = '" . $db->sql_escape($username) . "'";
+			}
 		}
 	}
 	else if (!$data['post_approved'] && ($post_mode == 'edit_last_post' || $post_mode == 'edit_topic' || ($post_mode == 'edit_first_post' && !$data['topic_replies'])))
@@ -2287,7 +2328,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 	}
 
 	// Update total post count, do not consider moderated posts/topics
-	if ($auth->acl_get('f_noapprove', $data['forum_id']) || $auth->acl_get('m_approve', $data['forum_id']))
+	if ($post_approval)
 	{
 		if ($post_mode == 'post')
 		{
@@ -2302,7 +2343,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 	}
 
 	// Update forum stats
-	$where_sql = array(POSTS_TABLE => 'post_id = ' . $data['post_id'], TOPICS_TABLE => 'topic_id = ' . $data['topic_id'], FORUMS_TABLE => 'forum_id = ' . $data['forum_id'], USERS_TABLE => 'user_id = ' . $user->data['user_id']);
+	$where_sql = array(POSTS_TABLE => 'post_id = ' . $data['post_id'], TOPICS_TABLE => 'topic_id = ' . $data['topic_id'], FORUMS_TABLE => 'forum_id = ' . $data['forum_id'], USERS_TABLE => 'user_id = ' . $poster_id);
 
 	foreach ($sql_data as $table => $update_ary)
 	{
@@ -2419,14 +2460,14 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 	}
 
 	// Send Notifications
-	if ($mode != 'edit' && $mode != 'delete' && ($auth->acl_get('f_noapprove', $data['forum_id']) || $auth->acl_get('m_approve', $data['forum_id'])))
+	if ($mode != 'edit' && $mode != 'delete' && $post_approval)
 	{
 		user_notification($mode, $subject, $data['topic_title'], $data['forum_name'], $data['forum_id'], $data['topic_id'], $data['post_id']);
 	}
 
 	$params = $add_anchor = '';
 
-	if ($auth->acl_get('f_noapprove', $data['forum_id']) || $auth->acl_get('m_approve', $data['forum_id']))
+	if ($post_approval)
 	{
 		$params .= '&amp;t=' . $data['topic_id'];
 

phpBB/includes/functions_privmsgs.php

@@ -208,6 +208,11 @@ function get_folder($user_id, $folder_id = false)
 		);
 	}
 
+	if ($folder_id !== false && !isset($folder[$folder_id]))
+	{
+		trigger_error('UNKNOWN_FOLDER');
+	}
+
 	return $folder;
 }
 
@@ -925,7 +930,7 @@ function handle_mark_actions($user_id, $mark_action)
 */
 function delete_pm($user_id, $msg_ids, $folder_id)
 {
-	global $db, $user;
+	global $db, $user, $phpbb_root_path, $phpEx;
 
 	$user_id	= (int) $user_id;
 	$folder_id	= (int) $folder_id;
@@ -974,6 +979,8 @@ function delete_pm($user_id, $msg_ids, $folder_id)
 		return false;
 	}
 
+	$db->sql_transaction('begin');
+
 	// if no one has read the message yet (meaning it is in users outbox)
 	// then mark the message as deleted...
 	if ($folder_id == PRIVMSGS_OUTBOX)
@@ -1051,11 +1058,21 @@ function delete_pm($user_id, $msg_ids, $folder_id)
 
 	if (sizeof($delete_ids))
 	{
+		// Check if there are any attachments we need to remove
+		if (!function_exists('delete_attachments'))
+		{
+			include($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
+		}
+
+		delete_attachments('message', $delete_ids, false);
+
 		$sql = 'DELETE FROM ' . PRIVMSGS_TABLE . '
 			WHERE ' . $db->sql_in_set('msg_id', $delete_ids);
 		$db->sql_query($sql);
 	}
 
+	$db->sql_transaction('commit');
+
 	return true;
 }
 
@@ -1324,12 +1341,17 @@ function submit_pm($mode, $subject, &$data, $put_in_outbox = true)
 
 		if (isset($data['address_list']['g']) && sizeof($data['address_list']['g']))
 		{
+			// We need to check the PM status of group members (do they want to receive PM's?)
+			// Only check if not a moderator or admin, since they are allowed to override this user setting
+			$sql_allow_pm = (!$auth->acl_gets('a_', 'm_') && !$auth->acl_getf_global('m_')) ? ' AND u.user_allow_pm = 1' : '';
+
 			$sql = 'SELECT u.user_type, ug.group_id, ug.user_id
 				FROM ' . USERS_TABLE . ' u, ' . USER_GROUP_TABLE . ' ug
 				WHERE ' . $db->sql_in_set('ug.group_id', array_keys($data['address_list']['g'])) . '
 					AND ug.user_pending = 0
 					AND u.user_id = ug.user_id
-					AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')';
+					AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')' . 
+					$sql_allow_pm;
 			$result = $db->sql_query($sql);
 
 			while ($row = $db->sql_fetchrow($result))
@@ -1751,6 +1773,16 @@ function message_history($msg_id, $user_id, $message_row, $folder, $in_post_mode
 
 		$message = censor_text($message);
 
+		$decoded_message = false;
+
+		if ($in_post_mode && $auth->acl_get('u_sendpm') && $author_id != ANONYMOUS && $author_id != $user->data['user_id'])
+		{
+			$decoded_message = $message;
+			decode_message($decoded_message, $row['bbcode_uid']);
+
+			$decoded_message = bbcode_nl2br($decoded_message);
+		}
+
 		if ($row['bbcode_bitfield'])
 		{
 			$bbcode->bbcode_second_pass($message, $row['bbcode_uid'], $row['bbcode_bitfield']);
@@ -1769,15 +1801,17 @@ function message_history($msg_id, $user_id, $message_row, $folder, $in_post_mode
 		}
 
 		$template->assign_block_vars('history_row', array(
+			'MESSAGE_AUTHOR_QUOTE'		=> (($decoded_message) ? addslashes(get_username_string('username', $author_id, $row['username'], $row['user_colour'], $row['username'])) : ''),
 			'MESSAGE_AUTHOR_FULL'		=> get_username_string('full', $author_id, $row['username'], $row['user_colour'], $row['username']),
 			'MESSAGE_AUTHOR_COLOUR'		=> get_username_string('colour', $author_id, $row['username'], $row['user_colour'], $row['username']),
 			'MESSAGE_AUTHOR'			=> get_username_string('username', $author_id, $row['username'], $row['user_colour'], $row['username']),
 			'U_MESSAGE_AUTHOR'			=> get_username_string('profile', $author_id, $row['username'], $row['user_colour'], $row['username']),
 
-			'SUBJECT'		=> $subject,
-			'SENT_DATE'		=> $user->format_date($row['message_time']),
-			'MESSAGE'		=> $message,
-			'FOLDER'		=> implode(', ', $row['folder']),
+			'SUBJECT'			=> $subject,
+			'SENT_DATE'			=> $user->format_date($row['message_time']),
+			'MESSAGE'			=> $message,
+			'FOLDER'			=> implode(', ', $row['folder']),
+			'DECODED_MESSAGE'	=> $decoded_message,
 
 			'S_CURRENT_MSG'		=> ($row['msg_id'] == $msg_id),
 			'S_AUTHOR_DELETED'	=> ($author_id == ANONYMOUS) ? true : false,
@@ -1803,4 +1837,25 @@ function message_history($msg_id, $user_id, $message_row, $folder, $in_post_mode
 	return true;
 }
 
+/**
+* Set correct users max messages in PM folder.
+* If several group memberships define different amount of messages, the highest will be chosen.
+*/
+function set_user_message_limit()
+{
+	global $user, $db, $config;
+
+	// Get maximum about from user memberships - if it is 0, there is no limit set and we use the maximum value within the config.
+	$sql = 'SELECT MAX(g.group_message_limit) as max_message_limit
+		FROM ' . GROUPS_TABLE . ' g, ' . USER_GROUP_TABLE . ' ug
+		WHERE ug.user_id = ' . $user->data['user_id'] . '
+			AND ug.user_pending = 0
+			AND ug.group_id = g.group_id';
+	$result = $db->sql_query($sql);
+	$message_limit = (int) $db->sql_fetchfield('max_message_limit');
+	$db->sql_freeresult($result);
+
+	$user->data['message_limit'] = (!$message_limit) ? $config['pm_max_msgs'] : $message_limit;
+}
+
 ?>

phpBB/includes/functions_profile_fields.php

@@ -40,14 +40,14 @@ class custom_profile
 		{
 			case 'register':
 				// If the field is required we show it on the registration page and do not show hidden fields
-				$sql_where .= ' AND (f.field_show_on_reg = 1 OR f.field_required = 1) AND f.field_hide = 0';
+				$sql_where .= ' AND f.field_show_on_reg = 1 AND f.field_no_view = 0';
 			break;
 
 			case 'profile':
 				// Show hidden fields to moderators/admins
 				if (!$auth->acl_gets('a_', 'm_') && !$auth->acl_getf_global('m_'))
 				{
-					$sql_where .= ' AND f.field_hide = 0';
+					$sql_where .= ' AND f.field_show_profile = 1';
 				}
 			break;
 
@@ -106,7 +106,7 @@ class custom_profile
 		{
 			case FIELD_DATE:
 				$field_validate = explode('-', $field_value);
-				
+
 				$day = (isset($field_validate[0])) ? (int) $field_validate[0] : 0;
 				$month = (isset($field_validate[1])) ? (int) $field_validate[1] : 0;
 				$year = (isset($field_validate[2])) ? (int) $field_validate[2] : 0;
@@ -154,14 +154,14 @@ class custom_profile
 					return 'FIELD_TOO_LARGE';
 				}
 			break;
-		
+
 			case FIELD_DROPDOWN:
 				if ($field_value == $field_data['field_novalue'] && $field_data['field_required'])
 				{
 					return 'FIELD_REQUIRED';
 				}
 			break;
-			
+
 			case FIELD_STRING:
 			case FIELD_TEXT:
 				if (empty($field_value) && !$field_data['field_required'])
@@ -205,7 +205,7 @@ class custom_profile
 		global $db, $user, $auth;
 
 		$this->profile_cache = array();
-		
+
 		// Display hidden/no_view fields for admin/moderator
 		$sql = 'SELECT l.*, f.*
 			FROM ' . PROFILE_LANG_TABLE . ' l, ' . PROFILE_FIELDS_TABLE . ' f
@@ -234,7 +234,7 @@ class custom_profile
 		if ($preview)
 		{
 			$lang_options = (!is_array($this->vars['lang_options'])) ? explode("\n", $this->vars['lang_options']) : $this->vars['lang_options'];
-			
+
 			foreach ($lang_options as $num => $var)
 			{
 				$this->options_lang[$field_id][$lang_id][($num + 1)] = $var;
@@ -271,14 +271,14 @@ class custom_profile
 		{
 			case 'register':
 				// If the field is required we show it on the registration page and do not show hidden fields
-				$sql_where .= ' AND (f.field_show_on_reg = 1 OR f.field_required = 1) AND f.field_hide = 0';
+				$sql_where .= ' AND f.field_show_on_reg = 1 AND f.field_no_view = 0';
 			break;
 
 			case 'profile':
 				// Show hidden fields to moderators/admins
 				if (!$auth->acl_gets('a_', 'm_') && !$auth->acl_getf_global('m_'))
 				{
-					$sql_where .= ' AND f.field_hide = 0';
+					$sql_where .= ' AND f.field_show_profile = 1';
 				}
 			break;
 
@@ -316,12 +316,12 @@ class custom_profile
 					case 'FIELD_TOO_SMALL':
 						$error = sprintf($user->lang[$cp_result], $row['lang_name'], $row['field_minlen']);
 					break;
-					
+
 					case 'FIELD_TOO_LONG':
 					case 'FIELD_TOO_LARGE':
 						$error = sprintf($user->lang[$cp_result], $row['lang_name'], $row['field_maxlen']);
 					break;
-					
+
 					case 'FIELD_INVALID_CHARS':
 						switch ($row['field_validation'])
 						{
@@ -339,7 +339,7 @@ class custom_profile
 						}
 					break;
 				}
-				
+
 				if ($error != '')
 				{
 					$cp_error[] = $error;
@@ -434,7 +434,7 @@ class custom_profile
 					'S_PROFILE_' . strtoupper($ident)		=> true
 				);
 			}
-		
+
 			return $tpl_fields;
 		}
 		else
@@ -589,7 +589,7 @@ class custom_profile
 		else
 		{
 			$value = (isset($_REQUEST[$profile_row['field_ident']])) ? request_var($profile_row['field_ident'], $default_value, true) : ((!isset($user->profile_fields[$user_ident]) || $preview) ? $default_value : $user->profile_fields[$user_ident]);
-			
+
 			if (gettype($value) == 'string')
 			{
 				$value = utf8_normalize_nfc($value);
@@ -672,7 +672,7 @@ class custom_profile
 			$profile_row['s_year_options'] .= '<option value="' . $i . '"' . (($i == $year) ? ' selected="selected"' : '') . ">$i</option>";
 		}
 		unset($now);
-		
+
 		$profile_row['field_value'] = 0;
 		$template->assign_block_vars($this->profile_types[$profile_row['field_type']], array_change_key_case($profile_row, CASE_UPPER));
 	}
@@ -826,7 +826,7 @@ class custom_profile
 			$cp_data['pf_' . $row['field_ident']] = (in_array($row['field_type'], array(FIELD_TEXT, FIELD_STRING))) ? $row['lang_default_value'] : $row['field_default_value'];
 		}
 		$db->sql_freeresult($result);
-		
+
 		return $cp_data;
 	}
 
@@ -838,9 +838,9 @@ class custom_profile
 	{
 		global $phpbb_root_path, $phpEx;
 		global $config;
-		
+
 		$var_name = 'pf_' . $profile_row['field_ident'];
-		
+
 		switch ($profile_row['field_type'])
 		{
 			case FIELD_DATE:
@@ -860,7 +860,7 @@ class custom_profile
 					$month = request_var($var_name . '_month', 0);
 					$year = request_var($var_name . '_year', 0);
 				}
-				
+
 				$var = sprintf('%2d-%2d-%4d', $day, $month, $year);
 			break;
 
@@ -931,7 +931,7 @@ class custom_profile_admin extends custom_profile
 
 		return $validate_options;
 	}
-	
+
 	/**
 	* Get string options for second step in ACP
 	*/
@@ -1086,4 +1086,4 @@ class custom_profile_admin extends custom_profile
 	}
 }
 
-?>
+?>

phpBB/includes/functions_template.php

@@ -50,7 +50,7 @@ class template_compile
 	{
 		$this->template = &$template;
 	}
-	
+
 	/**
 	* Load template source from file
 	* @access private
@@ -74,7 +74,7 @@ class template_compile
 			global $db, $user;
 
 			$sql_ary = array(
-				'template_id'			=> $user->theme['template_id'],
+				'template_id'			=> $this->template->files_template[$handle],
 				'template_filename'		=> $this->template->filename[$handle],
 				'template_included'		=> '',
 				'template_mtime'		=> time(),
@@ -264,8 +264,8 @@ class template_compile
 		}
 
 		// Handle remaining varrefs
-		$text_blocks = preg_replace('#\{([a-z0-9\-_]*)\}#is', "<?php echo (isset(\$this->_rootref['\\1'])) ? \$this->_rootref['\\1'] : ''; ?>", $text_blocks);
-		$text_blocks = preg_replace('#\{\$([a-z0-9\-_]*)\}#is', "<?php echo (isset(\$this->_tpldata['DEFINE']['.']['\\1'])) ? \$this->_tpldata['DEFINE']['.']['\\1'] : ''; ?>", $text_blocks);
+		$text_blocks = preg_replace('#\{([a-z0-9\-_]+)\}#is', "<?php echo (isset(\$this->_rootref['\\1'])) ? \$this->_rootref['\\1'] : ''; ?>", $text_blocks);
+		$text_blocks = preg_replace('#\{\$([a-z0-9\-_]+)\}#is', "<?php echo (isset(\$this->_tpldata['DEFINE']['.']['\\1'])) ? \$this->_tpldata['DEFINE']['.']['\\1'] : ''; ?>", $text_blocks);
 
 		return;
 	}
@@ -515,11 +515,20 @@ class template_compile
 						}
 						$token = "sizeof($varref)";
 					}
+					else if (!empty($token))
+					{
+						$token = '(' . $token . ')';
+					}
 
 				break;
 			}
 		}
 
+		// If there are no valid tokens left or only control/compare characters left, we do skip this statement
+		if (!sizeof($tokens) || str_replace(array(' ', '=', '!', '<', '>', '&', '|', '%', '(', ')'), '', implode('', $tokens)) == '')
+		{
+			$tokens = array('false');
+		}
 		return (($elseif) ? '} else if (' : 'if (') . (implode(' ', $tokens) . ') { ');
 	}
 
@@ -746,7 +755,7 @@ class template_compile
 			@flock($fp, LOCK_UN);
 			@fclose($fp);
 
-			@chmod($filename, 0666);
+			phpbb_chmod($filename, CHMOD_WRITE);
 		}
 
 		return;

phpBB/includes/functions_upload.php

@@ -121,9 +121,9 @@ class filespec
 			case 'avatar':
 				$this->extension = strtolower($this->extension);
 				$this->realname = $prefix . $user_id . '.' . $this->extension;
-				
+
 			break;
-			
+
 			case 'unique_ext':
 			default:
 				$this->realname = $prefix . md5(unique_id()) . '.' . $this->extension;
@@ -229,16 +229,45 @@ class filespec
 		return @filesize($filename);
 	}
 
+
+	/**
+	* Check the first 256 bytes for forbidden content
+	*/
+	function check_content($disallowed_content)
+	{
+		if (empty($disallowed_content))
+		{
+			return true;
+		}
+
+		$fp = @fopen($this->filename, 'rb');
+
+		if ($fp !== false)
+		{
+			$ie_mime_relevant = fread($fp, 256);
+			fclose($fp);
+			foreach ($disallowed_content as $forbidden)
+			{
+				if (stripos($ie_mime_relevant, '<' . $forbidden) !== false)
+				{
+					return false;
+				}
+			}
+		}
+		return true;
+	}
+
 	/**
 	* Move file to destination folder
 	* The phpbb_root_path variable will be applied to the destination path
 	*
 	* @param string $destination_path Destination path, for example $config['avatar_path']
 	* @param bool $overwrite If set to true, an already existing file will be overwritten
-	* @param octal $chmod Permission mask for chmodding the file after a successful move
+	* @param string $chmod Permission mask for chmodding the file after a successful move. The mode entered here reflects the mode defined by {@link phpbb_chmod()}
+	*
 	* @access public
 	*/
-	function move_file($destination, $overwrite = false, $skip_image_check = false, $chmod = 0666)
+	function move_file($destination, $overwrite = false, $skip_image_check = false, $chmod = false)
 	{
 		global $user, $phpbb_root_path;
 
@@ -247,6 +276,8 @@ class filespec
 			return false;
 		}
 
+		$chmod = ($chmod === false) ? CHMOD_READ | CHMOD_WRITE : $chmod;
+
 		// We need to trust the admin in specifying valid upload directories and an attacker not being able to overwrite it...
 		$this->destination_path = $phpbb_root_path . $destination;
 
@@ -257,7 +288,7 @@ class filespec
 			return false;
 		}
 
-		$upload_mode = (@ini_get('open_basedir') || @ini_get('safe_mode')) ? 'move' : 'copy';
+		$upload_mode = (@ini_get('open_basedir') || @ini_get('safe_mode') || strtolower(@ini_get('safe_mode')) == 'on') ? 'move' : 'copy';
 		$upload_mode = ($this->local) ? 'local' : $upload_mode;
 		$this->destination_file = $this->destination_path . '/' . basename($this->realname);
 
@@ -317,7 +348,7 @@ class filespec
 				break;
 			}
 
-			@chmod($this->destination_file, $chmod);
+			phpbb_chmod($this->destination_file, $chmod);
 		}
 
 		// Try to get real filesize from destination folder
@@ -388,7 +419,7 @@ class filespec
 		{
 			$size_lang = ($this->upload->max_filesize >= 1048576) ? $user->lang['MIB'] : (($this->upload->max_filesize >= 1024) ? $user->lang['KIB'] : $user->lang['BYTES'] );
 			$max_filesize = get_formatted_filesize($this->upload->max_filesize, false);
-	
+
 			$this->error[] = sprintf($user->lang[$this->upload->error_prefix . 'WRONG_FILESIZE'], $max_filesize, $size_lang);
 
 			return false;
@@ -427,6 +458,7 @@ class fileerror extends filespec
 class fileupload
 {
 	var $allowed_extensions = array();
+	var $disallowed_content = array();
 	var $max_filesize = 0;
 	var $min_width = 0;
 	var $min_height = 0;
@@ -446,12 +478,13 @@ class fileupload
 	* @param int $max_height Maximum image height (only checked for images)
 	*
 	*/
-	function fileupload($error_prefix = '', $allowed_extensions = false, $max_filesize = false, $min_width = false, $min_height = false, $max_width = false, $max_height = false)
+	function fileupload($error_prefix = '', $allowed_extensions = false, $max_filesize = false, $min_width = false, $min_height = false, $max_width = false, $max_height = false, $disallowed_content = false)
 	{
 		$this->set_allowed_extensions($allowed_extensions);
 		$this->set_max_filesize($max_filesize);
 		$this->set_allowed_dimensions($min_width, $min_height, $max_width, $max_height);
 		$this->set_error_prefix($error_prefix);
+		$this->set_disallowed_content($disallowed_content);
 	}
 
 	/**
@@ -463,6 +496,7 @@ class fileupload
 		$this->min_width = $this->min_height = $this->max_width = $this->max_height = 0;
 		$this->error_prefix = '';
 		$this->allowed_extensions = array();
+		$this->disallowed_content = array();
 	}
 
 	/**
@@ -498,6 +532,17 @@ class fileupload
 		}
 	}
 
+	/**
+	* Set disallowed strings
+	*/
+	function set_disallowed_content($disallowed_content)
+	{
+		if ($disallowed_content !== false && is_array($disallowed_content))
+		{
+			$this->disallowed_content = $disallowed_content;
+		}
+	}
+
 	/**
 	* Set error prefix
 	*/
@@ -741,7 +786,7 @@ class fileupload
 			return $file;
 		}
 
-		$tmp_path = (!@ini_get('safe_mode')) ? false : $phpbb_root_path . 'cache';
+		$tmp_path = (!@ini_get('safe_mode') || strtolower(@ini_get('safe_mode')) == 'off') ? false : $phpbb_root_path . 'cache';
 		$filename = tempnam($tmp_path, unique_id() . '-');
 
 		if (!($fp = @fopen($filename, 'wb')))
@@ -830,6 +875,12 @@ class fileupload
 		{
 			$file->error[] = sprintf($user->lang[$this->error_prefix . 'DISALLOWED_EXTENSION'], $file->get('extension'));
 		}
+
+		// MIME Sniffing
+		if (!$this->valid_content($file))
+		{
+			$file->error[] = sprintf($user->lang[$this->error_prefix . 'DISALLOWED_CONTENT']);
+		}
 	}
 
 	/**
@@ -869,6 +920,15 @@ class fileupload
 		return (isset($_FILES[$form_name]) && $_FILES[$form_name]['name'] != 'none') ? true : false;
 	}
 
+
+	/**
+	* Check for allowed extension
+	*/
+	function valid_content(&$file)
+	{
+		return ($file->check_content($this->disallowed_content));
+	}
+
 	/**
 	* Return image type/extension mapping
 	*/

phpBB/includes/functions_user.php

@@ -147,7 +147,7 @@ function user_update_name($old_name, $new_name)
 *
 * @param mixed $user_row An array containing the following keys (and the appropriate values): username, group_id (the group to place the user in), user_email and the user_type(usually 0). Additional entries not overridden by defaults will be forwarded.
 * @param string $cp_data custom profile fields, see custom_profile::build_insert_sql_array
-* @return: the new user's ID.
+* @return the new user's ID.
 */
 function user_add($user_row, $cp_data = false)
 {
@@ -183,7 +183,6 @@ function user_add($user_row, $cp_data = false)
 		'user_dateformat'	=> $config['default_dateformat'],
 		'user_lang'			=> $config['default_lang'],
 		'user_style'		=> (int) $config['default_style'],
-		'user_allow_pm'		=> 1,
 		'user_actkey'		=> '',
 		'user_ip'			=> '',
 		'user_regdate'		=> time(),
@@ -316,8 +315,6 @@ function user_delete($mode, $user_id, $post_username = false)
 		return false;
 	}
 
-	$db->sql_transaction('begin');
-
 	// Before we begin, we will remove the reports the user issued.
 	$sql = 'SELECT r.post_id, p.topic_id
 		FROM ' . REPORTS_TABLE . ' r, ' . POSTS_TABLE . ' p
@@ -386,6 +383,8 @@ function user_delete($mode, $user_id, $post_username = false)
 	{
 		case 'retain':
 
+			$db->sql_transaction('begin');
+
 			if ($post_username === false)
 			{
 				$post_username = $user->lang['GUEST'];
@@ -433,6 +432,9 @@ function user_delete($mode, $user_id, $post_username = false)
 					$db->sql_query($sql);
 				}
 			}
+
+			$db->sql_transaction('commit');
+
 		break;
 
 		case 'remove':
@@ -486,7 +488,9 @@ function user_delete($mode, $user_id, $post_username = false)
 		break;
 	}
 
-	$table_ary = array(USERS_TABLE, USER_GROUP_TABLE, TOPICS_WATCH_TABLE, FORUMS_WATCH_TABLE, ACL_USERS_TABLE, TOPICS_TRACK_TABLE, TOPICS_POSTED_TABLE, FORUMS_TRACK_TABLE, PROFILE_FIELDS_DATA_TABLE, MODERATOR_CACHE_TABLE);
+	$db->sql_transaction('begin');
+
+	$table_ary = array(USERS_TABLE, USER_GROUP_TABLE, TOPICS_WATCH_TABLE, FORUMS_WATCH_TABLE, ACL_USERS_TABLE, TOPICS_TRACK_TABLE, TOPICS_POSTED_TABLE, FORUMS_TRACK_TABLE, PROFILE_FIELDS_DATA_TABLE, MODERATOR_CACHE_TABLE, DRAFTS_TABLE, BOOKMARKS_TABLE);
 
 	foreach ($table_ary as $table)
 	{
@@ -554,6 +558,8 @@ function user_delete($mode, $user_id, $post_username = false)
 		$db->sql_query($sql);
 	}
 
+	$db->sql_transaction('commit');
+
 	// Reset newest user info if appropriate
 	if ($config['newest_user_id'] == $user_id)
 	{
@@ -566,8 +572,6 @@ function user_delete($mode, $user_id, $post_username = false)
 		set_config('num_users', $config['num_users'] - 1, true);
 	}
 
-	$db->sql_transaction('commit');
-
 	return false;
 }
 
@@ -735,70 +739,65 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
 		case 'user':
 			$type = 'ban_userid';
 
-			if (in_array('*', $ban_list))
+			// At the moment we do not support wildcard username banning
+
+			// Select the relevant user_ids.
+			$sql_usernames = array();
+
+			foreach ($ban_list as $username)
 			{
-				// Ban all users (it's a good thing that you can exclude people)
-				$banlist_ary[] = '*';
+				$username = trim($username);
+				if ($username != '')
+				{
+					$clean_name = utf8_clean_string($username);
+					if ($clean_name == $user->data['username_clean'])
+					{
+						trigger_error('CANNOT_BAN_YOURSELF', E_USER_WARNING);
+					}
+					if (in_array($clean_name, $founder_names))
+					{
+						trigger_error('CANNOT_BAN_FOUNDER', E_USER_WARNING);
+					}
+					$sql_usernames[] = $clean_name;
+				}
+			}
+
+			// Make sure we have been given someone to ban
+			if (!sizeof($sql_usernames))
+			{
+				trigger_error('NO_USER_SPECIFIED');
+			}
+
+			$sql = 'SELECT user_id
+				FROM ' . USERS_TABLE . '
+				WHERE ' . $db->sql_in_set('username_clean', $sql_usernames);
+
+			// Do not allow banning yourself
+			if (sizeof($founder))
+			{
+				$sql .= ' AND ' . $db->sql_in_set('user_id', array_merge(array_keys($founder), array($user->data['user_id'])), true);
 			}
 			else
 			{
-				// Select the relevant user_ids.
-				$sql_usernames = array();
-
-				foreach ($ban_list as $username)
-				{
-					$username = trim($username);
-					if ($username != '')
-					{
-						$clean_name = utf8_clean_string($username);
-						if ($clean_name == $user->data['username_clean'])
-						{
-							trigger_error('CANNOT_BAN_YOURSELF', E_USER_WARNING);
-						}
-						if (in_array($clean_name, $founder_names))
-						{
-							trigger_error('CANNOT_BAN_FOUNDER', E_USER_WARNING);
-						}
-						$sql_usernames[] = $clean_name;
-					}
-				}
-
-				// Make sure we have been given someone to ban
-				if (!sizeof($sql_usernames))
-				{
-					trigger_error('NO_USER_SPECIFIED');
-				}
-
-				$sql = 'SELECT user_id
-					FROM ' . USERS_TABLE . '
-					WHERE ' . $db->sql_in_set('username_clean', $sql_usernames);
-
-				// Do not allow banning yourself
-				if (sizeof($founder))
-				{
-					$sql .= ' AND ' . $db->sql_in_set('user_id', array_merge(array_keys($founder), array($user->data['user_id'])), true);
-				}
-				else
-				{
-					$sql .= ' AND user_id <> ' . $user->data['user_id'];
-				}
-
-				$result = $db->sql_query($sql);
-
-				if ($row = $db->sql_fetchrow($result))
-				{
-					do
-					{
-						$banlist_ary[] = (int) $row['user_id'];
-					}
-					while ($row = $db->sql_fetchrow($result));
-				}
-				else
-				{
-					trigger_error('NO_USERS');
-				}
-				$db->sql_freeresult($result);
+				$sql .= ' AND user_id <> ' . $user->data['user_id'];
 			}
+
+			$result = $db->sql_query($sql);
+
+			if ($row = $db->sql_fetchrow($result))
+			{
+				do
+				{
+					$banlist_ary[] = (int) $row['user_id'];
+				}
+				while ($row = $db->sql_fetchrow($result));
+			}
+			else
+			{
+				$db->sql_freeresult($result);
+				trigger_error('NO_USERS');
+			}
+			$db->sql_freeresult($result);
 		break;
 
 		case 'ip':
@@ -940,7 +939,7 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
 	$sql = "SELECT $type
 		FROM " . BANLIST_TABLE . "
 		WHERE $sql_where
-			AND ban_exclude = $ban_exclude";
+			AND ban_exclude = " . (int) $ban_exclude;
 	$result = $db->sql_query($sql);
 
 	// Reset $sql_where, because we use it later...
@@ -998,7 +997,7 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
 			switch ($mode)
 			{
 				case 'user':
-					$sql_where = (in_array('*', $banlist_ary)) ? '' : 'WHERE ' . $db->sql_in_set('session_user_id', $banlist_ary);
+					$sql_where = 'WHERE ' . $db->sql_in_set('session_user_id', $banlist_ary);
 				break;
 
 				case 'ip':
@@ -1195,6 +1194,8 @@ function user_ipwhois($ip)
 */
 function validate_data($data, $val_ary)
 {
+	global $user;
+
 	$error = array();
 
 	foreach ($val_ary as $var => $val_seq)
@@ -1211,7 +1212,8 @@ function validate_data($data, $val_ary)
 
 			if ($result = call_user_func_array('validate_' . $function, $validate))
 			{
-				$error[] = $result . '_' . strtoupper($var);
+				// Since errors are checked later for their language file existence, we need to make sure custom errors are not adjusted.
+				$error[] = (empty($user->lang[$result . '_' . strtoupper($var)])) ? $result : $result . '_' . strtoupper($var);
 			}
 		}
 	}
@@ -1611,9 +1613,9 @@ function validate_email($email, $allowed_email = false)
 		}
 	}
 
-	if ($user->check_ban(false, false, $email, true) == true)
+	if (($ban_reason = $user->check_ban(false, false, $email, true)) !== false)
 	{
-		return 'EMAIL_BANNED';
+		return ($ban_reason === true) ? 'EMAIL_BANNED' : $ban_reason;
 	}
 
 	if (!$config['allow_emailreuse'])
@@ -1953,7 +1955,7 @@ function avatar_upload($data, &$error)
 
 	// Init upload class
 	include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx);
-	$upload = new fileupload('AVATAR_', array('jpg', 'jpeg', 'gif', 'png'), $config['avatar_filesize'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height']);
+	$upload = new fileupload('AVATAR_', array('jpg', 'jpeg', 'gif', 'png'), $config['avatar_filesize'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], explode('|', $config['mime_triggers']));
 
 	if (!empty($_FILES['uploadfile']['name']))
 	{
@@ -2300,22 +2302,29 @@ function avatar_process_user(&$error, $custom_userdata = false)
 		// Do we actually have any data to update?
 		if (sizeof($sql_ary))
 		{
+			$ext_new = $ext_old = '';
+			if (isset($sql_ary['user_avatar']))
+			{
+				$userdata = ($custom_userdata === false) ? $user->data : $custom_userdata;
+				$ext_new = (empty($sql_ary['user_avatar'])) ? '' : substr(strrchr($sql_ary['user_avatar'], '.'), 1);
+				$ext_old = (empty($userdata['user_avatar'])) ? '' : substr(strrchr($userdata['user_avatar'], '.'), 1);
+
+				if ($userdata['user_avatar_type'] == AVATAR_UPLOAD)
+				{
+					// Delete old avatar if present
+					if ((!empty($userdata['user_avatar']) && empty($sql_ary['user_avatar']))
+					   || ( !empty($userdata['user_avatar']) && !empty($sql_ary['user_avatar']) && $ext_new !== $ext_old))
+					{
+						avatar_delete('user', $userdata);
+					}
+				}
+			}
+
 			$sql = 'UPDATE ' . USERS_TABLE . '
 				SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
 				WHERE user_id = ' . (($custom_userdata === false) ? $user->data['user_id'] : $custom_userdata['user_id']);
 			$db->sql_query($sql);
 
-			if (isset($sql_ary['user_avatar']))
-			{
-				$userdata = ($custom_userdata === false) ? $user->data : $custom_userdata;
-
-				// Delete old avatar if present
-				if ((!empty($userdata['user_avatar']) && empty($sql_ary['user_avatar']) && $userdata['user_avatar_type'] == AVATAR_UPLOAD)
-				   || ( !empty($userdata['user_avatar']) && !empty($sql_ary['user_avatar']) && $userdata['user_avatar_type'] == AVATAR_UPLOAD && $sql_ary['user_avatar_type'] != AVATAR_UPLOAD))
-				{
-					avatar_delete('user', $userdata);
-				}
-			}
 		}
 	}
 
@@ -2346,12 +2355,13 @@ function group_create(&$group_id, $type, $name, $desc, $group_attributes, $allow
 		'group_receive_pm'		=> 'int',
 		'group_legend'			=> 'int',
 		'group_message_limit'	=> 'int',
+		'group_max_recipients'	=> 'int',
 
 		'group_founder_manage'	=> 'int',
 	);
 
 	// Those are group-only attributes
-	$group_only_ary = array('group_receive_pm', 'group_legend', 'group_message_limit', 'group_founder_manage');
+	$group_only_ary = array('group_receive_pm', 'group_legend', 'group_message_limit', 'group_max_recipients', 'group_founder_manage');
 
 	// Check data. Limit group name length.
 	if (!utf8_strlen($name) || utf8_strlen($name) > 60)
@@ -2909,7 +2919,7 @@ function group_user_attributes($action, $group_id, $user_id_ary = false, $userna
 
 	if (!sizeof($user_id_ary) || $result !== false)
 	{
-		return false;
+		return 'NO_USERS';
 	}
 
 	if (!$group_name)
@@ -2921,9 +2931,23 @@ function group_user_attributes($action, $group_id, $user_id_ary = false, $userna
 	{
 		case 'demote':
 		case 'promote':
+
+			$sql = 'SELECT user_id FROM ' . USER_GROUP_TABLE . "
+				WHERE group_id = $group_id
+					AND user_pending = 1
+					AND " . $db->sql_in_set('user_id', $user_id_ary);
+			$result = $db->sql_query_limit($sql, 1);
+			$not_empty = ($db->sql_fetchrow($result));
+			$db->sql_freeresult($result);
+			if ($not_empty)
+			{
+				return 'NO_VALID_USERS';
+			}
+
 			$sql = 'UPDATE ' . USER_GROUP_TABLE . '
 				SET group_leader = ' . (($action == 'promote') ? 1 : 0) . "
 				WHERE group_id = $group_id
+					AND user_pending = 0
 					AND " . $db->sql_in_set('user_id', $user_id_ary);
 			$db->sql_query($sql);
 
@@ -3017,7 +3041,7 @@ function group_user_attributes($action, $group_id, $user_id_ary = false, $userna
 
 	group_update_listings($group_id);
 
-	return true;
+	return false;
 }
 
 /**
@@ -3069,7 +3093,7 @@ function group_validate_groupname($group_id, $group_name)
 /**
 * Set users default group
 *
-* @private
+* @access private
 */
 function group_set_user_default($group_id, $user_id_ary, $group_attributes = false, $update_listing = false)
 {

phpBB/includes/mcp/mcp_ban.php

@@ -151,7 +151,7 @@ class mcp_ban
 			'U_FIND_USERNAME'	=> append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=mcp_ban&field=ban'),
 		));
 
-		if ($mode != 'user')
+		if ($mode === 'email' && !$auth->acl_get('a_user'))
 		{
 			return;
 		}
@@ -159,15 +159,28 @@ class mcp_ban
 		// As a "service" we will check if any post id is specified and populate the username of the poster id if given
 		$post_id = request_var('p', 0);
 		$user_id = request_var('u', 0);
-		$username = false;
+		$username = $pre_fill = false;
 
 		if ($user_id && $user_id <> ANONYMOUS)
 		{
-			$sql = 'SELECT username
+			$sql = 'SELECT username, user_email, user_ip
 				FROM ' . USERS_TABLE . '
 				WHERE user_id = ' . $user_id;
 			$result = $db->sql_query($sql);
-			$username = (string) $db->sql_fetchfield('username');
+			switch ($mode)
+			{
+				case 'user':
+					$pre_fill = (string) $db->sql_fetchfield('username');
+				break;
+				
+				case 'ip':
+					$pre_fill = (string) $db->sql_fetchfield('user_ip');
+				break;
+
+				case 'email':
+					$pre_fill = (string) $db->sql_fetchfield('user_email');
+				break;
+			}
 			$db->sql_freeresult($result);
 		}
 		else if ($post_id)
@@ -176,13 +189,29 @@ class mcp_ban
 
 			if (sizeof($post_info) && !empty($post_info[$post_id]))
 			{
-				$username = $post_info[$post_id]['username'];
+				switch ($mode)
+				{
+					case 'user':
+						$pre_fill = $post_info[$post_id]['username'];
+					break;
+
+					case 'ip':
+						$pre_fill = $post_info[$post_id]['poster_ip'];
+					break;
+
+					case 'email':
+						$pre_fill = $post_info[$post_id]['user_email'];
+					break;
+				}
+
 			}
 		}
 
-		if ($username)
+		if ($pre_fill)
 		{
-			$template->assign_var('USERNAMES', $username);
+			// left for legacy template compatibility
+			$template->assign_var('USERNAMES', $pre_fill);
+			$template->assign_var('BAN_QUANTIFIER', $pre_fill);
 		}
 	}
 }

phpBB/includes/mcp/mcp_forum.php

@@ -246,7 +246,7 @@ function mcp_forum_view($id, $mode, $action, $forum_info)
 			'LAST_POST_SUBJECT'	=> $row['topic_last_post_subject'],
 			'LAST_VIEW_TIME'	=> $user->format_date($row['topic_last_view_time']),
 
-			'S_TOPIC_REPORTED'		=> (!empty($row['topic_reported']) && $auth->acl_get('m_report', $row['forum_id'])) ? true : false,
+			'S_TOPIC_REPORTED'		=> (!empty($row['topic_reported']) && empty($row['topic_moved_id']) && $auth->acl_get('m_report', $row['forum_id'])) ? true : false,
 			'S_TOPIC_UNAPPROVED'	=> $topic_unapproved,
 			'S_POSTS_UNAPPROVED'	=> $posts_unapproved,
 			'S_UNREAD_TOPIC'		=> $unread_topic,

phpBB/includes/mcp/mcp_front.php

@@ -27,7 +27,7 @@ function mcp_front_view($id, $mode, $action)
 	// Latest 5 unapproved
 	if ($module->loaded('queue'))
 	{
-		$forum_list = get_forum_list('m_approve');
+		$forum_list = array_values(array_intersect(get_forum_list('f_read'), get_forum_list('m_approve')));
 		$post_list = array();
 		$forum_names = array();
 
@@ -81,7 +81,7 @@ function mcp_front_view($id, $mode, $action)
 
 			if ($total)
 			{
-				$sql = 'SELECT p.post_id, p.post_subject, p.post_time, p.poster_id, p.post_username, u.username, u.username_clean, t.topic_id, t.topic_title, t.topic_first_post_id, p.forum_id
+				$sql = 'SELECT p.post_id, p.post_subject, p.post_time, p.poster_id, p.post_username, u.username, u.username_clean, u.user_colour, t.topic_id, t.topic_title, t.topic_first_post_id, p.forum_id
 					FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . USERS_TABLE . ' u
 					WHERE ' . $db->sql_in_set('p.post_id', $post_list) . '
 						AND t.topic_id = p.topic_id
@@ -103,12 +103,15 @@ function mcp_front_view($id, $mode, $action)
 						'U_MCP_TOPIC'		=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=main&mode=topic_view&f=' . $row['forum_id'] . '&t=' . $row['topic_id']),
 						'U_FORUM'			=> (!$global_topic) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $row['forum_id']) : '',
 						'U_TOPIC'			=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $row['forum_id'] . '&t=' . $row['topic_id']),
-						'U_AUTHOR'			=> ($row['poster_id'] == ANONYMOUS) ? '' : append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $row['poster_id']),
+
+						'AUTHOR_FULL'		=> get_username_string('full', $row['poster_id'], $row['username'], $row['user_colour']),
+						'AUTHOR'			=> get_username_string('username', $row['poster_id'], $row['username'], $row['user_colour']),
+						'AUTHOR_COLOUR'		=> get_username_string('colour', $row['poster_id'], $row['username'], $row['user_colour']),
+						'U_AUTHOR'			=> get_username_string('profile', $row['poster_id'], $row['username'], $row['user_colour']),
 
 						'FORUM_NAME'	=> (!$global_topic) ? $forum_names[$row['forum_id']] : $user->lang['GLOBAL_ANNOUNCEMENT'],
 						'POST_ID'		=> $row['post_id'],
 						'TOPIC_TITLE'	=> $row['topic_title'],
-						'AUTHOR'		=> ($row['poster_id'] == ANONYMOUS) ? (($row['post_username']) ? $row['post_username'] : $user->lang['GUEST']) : $row['username'],
 						'SUBJECT'		=> ($row['post_subject']) ? $row['post_subject'] : $user->lang['NO_SUBJECT'],
 						'POST_TIME'		=> $user->format_date($row['post_time']))
 					);
@@ -140,7 +143,7 @@ function mcp_front_view($id, $mode, $action)
 	// Latest 5 reported
 	if ($module->loaded('reports'))
 	{
-		$forum_list = get_forum_list('m_report');
+		$forum_list = array_values(array_intersect(get_forum_list('f_read'), get_forum_list('m_report')));
 
 		$template->assign_var('S_SHOW_REPORTS', (!empty($forum_list)) ? true : false);
 
@@ -243,7 +246,7 @@ function mcp_front_view($id, $mode, $action)
 	// Latest 5 logs
 	if ($module->loaded('logs'))
 	{
-		$forum_list = get_forum_list('m_');
+		$forum_list = array_values(array_intersect(get_forum_list('f_read'), get_forum_list('m_')));
 
 		if (!empty($forum_list))
 		{

phpBB/includes/mcp/mcp_logs.php

@@ -63,7 +63,7 @@ class mcp_logs
 		$this->tpl_name = 'mcp_logs';
 		$this->page_title = 'MCP_LOGS';
 
-		$forum_list = get_forum_list('m_');
+		$forum_list = array_values(array_intersect(get_forum_list('f_read'), get_forum_list('m_')));
 		$forum_list[] = 0;
 
 		$forum_id = $topic_id = 0;

phpBB/includes/mcp/mcp_main.php

@@ -235,7 +235,7 @@ function lock_unlock($action, $ids)
 	}
 	unset($orig_ids);
 
-	$redirect = request_var('redirect', build_url(array('_f_', 'action', 'quickmod')));
+	$redirect = request_var('redirect', build_url(array('action', 'quickmod')));
 
 	$s_hidden_fields = build_hidden_fields(array(
 		$sql_id . '_list'	=> $ids,
@@ -321,7 +321,7 @@ function change_topic_type($action, $topic_ids)
 		break;
 	}
 
-	$redirect = request_var('redirect', build_url(array('_f_', 'action', 'quickmod')));
+	$redirect = request_var('redirect', build_url(array('action', 'quickmod')));
 
 	$s_hidden_fields = array(
 		'topic_id_list'	=> $topic_ids,
@@ -542,7 +542,7 @@ function mcp_move_topic($topic_ids)
 	}
 
 	$to_forum_id = request_var('to_forum_id', 0);
-	$redirect = request_var('redirect', build_url(array('_f_', 'action', 'quickmod')));
+	$redirect = request_var('redirect', build_url(array('action', 'quickmod')));
 	$additional_msg = $success_msg = '';
 
 	$s_hidden_fields = build_hidden_fields(array(
@@ -554,7 +554,7 @@ function mcp_move_topic($topic_ids)
 
 	if ($to_forum_id)
 	{
-		$forum_data = get_forum_data($to_forum_id);
+		$forum_data = get_forum_data($to_forum_id, 'f_post');
 
 		if (!sizeof($forum_data))
 		{
@@ -641,7 +641,7 @@ function mcp_move_topic($topic_ids)
 		{
 			// Get the list of forums to resync, add a log entry
 			$forum_ids[] = $row['forum_id'];
-			add_log('mod', $to_forum_id, $topic_id, 'LOG_MOVE', $row['forum_name']);
+			add_log('mod', $to_forum_id, $topic_id, 'LOG_MOVE', $row['forum_name'], $forum_data['forum_name']);
 
 			// If we have moved a global announcement, we need to correct the topic type
 			if ($row['topic_type'] == POST_GLOBAL)
@@ -659,8 +659,8 @@ function mcp_move_topic($topic_ids)
 					'forum_id'				=>	(int) $row['forum_id'],
 					'icon_id'				=>	(int) $row['icon_id'],
 					'topic_attachment'		=>	(int) $row['topic_attachment'],
-					'topic_approved'		=>	1,
-					'topic_reported'		=>	(int) $row['topic_reported'],
+					'topic_approved'		=>	1, // a shadow topic is always approved
+					'topic_reported'		=>	0, // a shadow topic is never reported
 					'topic_title'			=>	(string) $row['topic_title'],
 					'topic_poster'			=>	(int) $row['topic_poster'],
 					'topic_time'			=>	(int) $row['topic_time'],
@@ -762,7 +762,7 @@ function mcp_delete_topic($topic_ids)
 		return;
 	}
 
-	$redirect = request_var('redirect', build_url(array('_f_', 'action', 'quickmod')));
+	$redirect = request_var('redirect', build_url(array('action', 'quickmod')));
 	$forum_id = request_var('f', 0);
 
 	$s_hidden_fields = build_hidden_fields(array(
@@ -781,7 +781,7 @@ function mcp_delete_topic($topic_ids)
 
 		foreach ($data as $topic_id => $row)
 		{
-			add_log('mod', $row['forum_id'], 0, 'LOG_TOPIC_DELETED', $row['topic_title']);
+			add_log('mod', $row['forum_id'], $topic_id, 'LOG_DELETE_' . ($row['topic_moved_id'] ? 'SHADOW_' : '') . 'TOPIC', $row['topic_title']);
 		}
 
 		$return = delete_topics('topic_id', $topic_ids);
@@ -791,8 +791,17 @@ function mcp_delete_topic($topic_ids)
 		confirm_box(false, (sizeof($topic_ids) == 1) ? 'DELETE_TOPIC' : 'DELETE_TOPICS', $s_hidden_fields);
 	}
 
-	$redirect = request_var('redirect', "index.$phpEx");
-	$redirect = reapply_sid($redirect);
+	if (!isset($_REQUEST['quickmod']))
+	{
+		$redirect = request_var('redirect', "index.$phpEx");
+		$redirect = reapply_sid($redirect);
+		$redirect_message = 'PAGE';
+	}
+	else
+	{
+		$redirect = append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_id);
+		$redirect_message = 'FORUM';
+	}
 
 	if (!$success_msg)
 	{
@@ -800,9 +809,8 @@ function mcp_delete_topic($topic_ids)
 	}
 	else
 	{
-		$redirect_url = append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_id);
-		meta_refresh(3, $redirect_url);
-		trigger_error($user->lang[$success_msg] . '<br /><br />' . sprintf($user->lang['RETURN_FORUM'], '<a href="' . $redirect_url . '">', '</a>'));
+		meta_refresh(3, $redirect);
+		trigger_error($user->lang[$success_msg] . '<br /><br />' . sprintf($user->lang['RETURN_' . $redirect_message], '<a href="' . $redirect . '">', '</a>'));
 	}
 }
 
@@ -818,7 +826,7 @@ function mcp_delete_post($post_ids)
 		return;
 	}
 
-	$redirect = request_var('redirect', build_url(array('_f_', 'action', 'quickmod')));
+	$redirect = request_var('redirect', build_url(array('action', 'quickmod')));
 	$forum_id = request_var('f', 0);
 
 	$s_hidden_fields = build_hidden_fields(array(
@@ -941,7 +949,7 @@ function mcp_fork_topic($topic_ids)
 
 	$to_forum_id = request_var('to_forum_id', 0);
 	$forum_id = request_var('f', 0);
-	$redirect = request_var('redirect', build_url(array('_f_', 'action', 'quickmod')));
+	$redirect = request_var('redirect', build_url(array('action', 'quickmod')));
 	$additional_msg = $success_msg = '';
 
 	$s_hidden_fields = build_hidden_fields(array(
@@ -953,7 +961,7 @@ function mcp_fork_topic($topic_ids)
 
 	if ($to_forum_id)
 	{
-		$forum_data = get_forum_data($to_forum_id);
+		$forum_data = get_forum_data($to_forum_id, 'f_post');
 
 		if (!sizeof($topic_ids))
 		{
@@ -990,7 +998,7 @@ function mcp_fork_topic($topic_ids)
 
 	if (confirm_box(true))
 	{
-		$topic_data = get_topic_data($topic_ids);
+		$topic_data = get_topic_data($topic_ids, 'f_post');
 
 		$total_posts = 0;
 		$new_topic_id_list = array();

phpBB/includes/mcp/mcp_post.php

@@ -415,8 +415,8 @@ function change_poster(&$post_info, $userdata)
 		sync('forum', 'forum_id', $post_info['forum_id'], false, false);
 	}
 
-	// Adjust post counts
-	if ($post_info['post_postcount'])
+	// Adjust post counts... only if the post is approved (else, it was not added the users post count anyway)
+	if ($post_info['post_postcount'] && $post_info['post_approved'])
 	{
 		$sql = 'UPDATE ' . USERS_TABLE . '
 			SET user_posts = user_posts - 1
@@ -470,11 +470,11 @@ function change_poster(&$post_info, $userdata)
 	if (file_exists($phpbb_root_path . 'includes/search/' . $search_type . '.' . $phpEx))
 	{
 		require("{$phpbb_root_path}includes/search/$search_type.$phpEx");
-	
+
 		// We do some additional checks in the module to ensure it can actually be utilised
 		$error = false;
 		$search = new $search_type($error);
-	
+
 		if (!$error && method_exists($search, 'destroy_cache'))
 		{
 			$search->destroy_cache(array(), array($post_info['user_id'], $userdata['user_id']));

phpBB/includes/mcp/mcp_queue.php

@@ -74,7 +74,7 @@ class mcp_queue
 
 				$this->tpl_name = 'mcp_post';
 
-				$user->add_lang('posting');
+				$user->add_lang(array('posting', 'viewtopic'));
 
 				$post_id = request_var('p', 0);
 				$topic_id = request_var('t', 0);
@@ -242,6 +242,17 @@ class mcp_queue
 				}
 
 				$forum_list_approve = get_forum_list('m_approve', false, true);
+				$forum_list_read = array_flip(get_forum_list('f_read', true, true)); // Flipped so we can isset() the forum IDs
+
+				// Remove forums we cannot read
+				foreach ($forum_list_approve as $k => $forum_data)
+				{
+					if (!isset($forum_list_read[$forum_data['forum_id']]))
+					{
+						unset($forum_list_approve[$k]);
+					}
+				}
+				unset($forum_list_read);
 
 				if (!$forum_id)
 				{
@@ -459,7 +470,7 @@ function approve_post($post_id_list, $id, $mode)
 		trigger_error('NOT_AUTHORISED');
 	}
 
-	$redirect = request_var('redirect', build_url(array('_f_', 'quickmod')));
+	$redirect = request_var('redirect', build_url(array('quickmod')));
 	$success_msg = '';
 
 	$s_hidden_fields = build_hidden_fields(array(
@@ -481,6 +492,7 @@ function approve_post($post_id_list, $id, $mode)
 
 		$total_topics = $total_posts = 0;
 		$forum_topics_posts = $topic_approve_sql = $topic_replies_sql = $post_approve_sql = $topic_id_list = $forum_id_list = $approve_log = array();
+		$user_posts_sql = array();
 
 		$update_forum_information = false;
 
@@ -493,6 +505,13 @@ function approve_post($post_id_list, $id, $mode)
 				$forum_id_list[$post_data['forum_id']] = 1;
 			}
 
+			// User post update (we do not care about topic or post, since user posts are strictly connected to posts)
+			// But we care about forums where post counts get not increased. ;)
+			if ($post_data['post_postcount'])
+			{
+				$user_posts_sql[$post_data['poster_id']] = (empty($user_posts_sql[$post_data['poster_id']])) ? 1 : $user_posts_sql[$post_data['poster_id']] + 1;
+			}
+
 			// Topic or Post. ;)
 			if ($post_data['topic_first_post_id'] == $post_id)
 			{
@@ -612,6 +631,25 @@ function approve_post($post_id_list, $id, $mode)
 			}
 		}
 
+		if (sizeof($user_posts_sql))
+		{
+			// Try to minimize the query count by merging users with the same post count additions
+			$user_posts_update = array();
+
+			foreach ($user_posts_sql as $user_id => $user_posts)
+			{
+				$user_posts_update[$user_posts][] = $user_id;
+			}
+
+			foreach ($user_posts_update as $user_posts => $user_id_ary)
+			{
+				$sql = 'UPDATE ' . USERS_TABLE . '
+					SET user_posts = user_posts + ' . $user_posts . '
+					WHERE ' . $db->sql_in_set('user_id', $user_id_ary);
+				$db->sql_query($sql);
+			}
+		}
+
 		if ($total_topics)
 		{
 			set_config('num_topics', $config['num_topics'] + $total_topics, true);
@@ -758,7 +796,7 @@ function disapprove_post($post_id_list, $id, $mode)
 		trigger_error('NOT_AUTHORISED');
 	}
 
-	$redirect = request_var('redirect', build_url(array('t', 'mode', '_f_', 'quickmod')) . "&mode=$mode");
+	$redirect = request_var('redirect', build_url(array('t', 'mode', 'quickmod')) . "&mode=$mode");
 	$reason = utf8_normalize_nfc(request_var('reason', '', true));
 	$reason_id = request_var('reason_id', 0);
 	$success_msg = $additional_msg = '';
@@ -793,6 +831,13 @@ function disapprove_post($post_id_list, $id, $mode)
 			// If the reason is defined within the language file, we will use the localized version, else just use the database entry...
 			$disapprove_reason = (strtolower($row['reason_title']) != 'other') ? ((isset($user->lang['report_reasons']['DESCRIPTION'][strtoupper($row['reason_title'])])) ? $user->lang['report_reasons']['DESCRIPTION'][strtoupper($row['reason_title'])] : $row['reason_description']) : '';
 			$disapprove_reason .= ($reason) ? "\n\n" . $reason : '';
+
+			if (isset($user->lang['report_reasons']['DESCRIPTION'][strtoupper($row['reason_title'])]))
+			{
+				$disapprove_reason_lang = strtoupper($row['reason_title']);
+			}
+
+			$email_disapprove_reason = $disapprove_reason;
 		}
 	}
 
@@ -912,6 +957,8 @@ function disapprove_post($post_id_list, $id, $mode)
 		// Notify Poster?
 		if ($notify_poster)
 		{
+			$lang_reasons = array();
+
 			foreach ($post_info as $post_id => $post_data)
 			{
 				if ($post_data['poster_id'] == ANONYMOUS)
@@ -919,6 +966,35 @@ function disapprove_post($post_id_list, $id, $mode)
 					continue;
 				}
 
+				if (isset($disapprove_reason_lang))
+				{
+					// Okay we need to get the reason from the posters language
+					if (!isset($lang_reasons[$post_data['user_lang']]))
+					{
+						// Assign the current users translation as the default, this is not ideal but getting the board default adds another layer of complexity.
+						$lang_reasons[$post_data['user_lang']] = $user->lang['report_reasons']['DESCRIPTION'][$disapprove_reason_lang];
+
+						// Only load up the language pack if the language is different to the current one
+						if ($post_data['user_lang'] != $user->lang_name && file_exists($phpbb_root_path . '/language/' . $post_data['user_lang'] . '/mcp.' . $phpEx))
+						{
+							// Load up the language pack
+							$lang = array();
+							@include($phpbb_root_path . '/language/' . $post_data['user_lang'] . '/mcp.' . $phpEx);
+
+							// If we find the reason in this language pack use it
+							if (isset($lang['report_reasons']['DESCRIPTION'][$disapprove_reason_lang]))
+							{
+								$lang_reasons[$post_data['user_lang']] = $lang['report_reasons']['DESCRIPTION'][$disapprove_reason_lang];
+							}
+
+							unset($lang); // Free memory
+						}
+					}
+
+					$email_disapprove_reason = $lang_reasons[$post_data['user_lang']];
+					$email_disapprove_reason .= ($reason) ? "\n\n" . $reason : '';
+				}
+
 				$email_template = ($post_data['post_id'] == $post_data['topic_first_post_id'] && $post_data['post_id'] == $post_data['topic_last_post_id']) ? 'topic_disapproved' : 'post_disapproved';
 
 				$messenger->template($email_template, $post_data['user_lang']);
@@ -928,15 +1004,17 @@ function disapprove_post($post_id_list, $id, $mode)
 
 				$messenger->assign_vars(array(
 					'USERNAME'		=> htmlspecialchars_decode($post_data['username']),
-					'REASON'		=> htmlspecialchars_decode($disapprove_reason),
+					'REASON'		=> htmlspecialchars_decode($email_disapprove_reason),
 					'POST_SUBJECT'	=> htmlspecialchars_decode(censor_text($post_data['post_subject'])),
 					'TOPIC_TITLE'	=> htmlspecialchars_decode(censor_text($post_data['topic_title'])))
 				);
 
 				$messenger->send($post_data['user_notify_type']);
 			}
+
+			unset($lang_reasons);
 		}
-		unset($post_info, $disapprove_reason);
+		unset($post_info, $disapprove_reason, $email_disapprove_reason, $disapprove_reason_lang);
 
 		$messenger->save_queue();
 

phpBB/includes/mcp/mcp_reports.php

@@ -65,7 +65,7 @@ class mcp_reports
 		{
 			case 'report_details':
 
-				$user->add_lang('posting');
+				$user->add_lang(array('posting', 'viewforum', 'viewtopic'));
 
 				$post_id = request_var('p', 0);
 
@@ -200,6 +200,7 @@ class mcp_reports
 					'U_MCP_USER_NOTES'			=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=notes&mode=user_notes&u=' . $post_info['user_id']),
 					'U_MCP_WARN_REPORTER'		=> ($auth->acl_get('m_warn')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=warn&mode=warn_user&u=' . $report['user_id']) : '',
 					'U_MCP_WARN_USER'			=> ($auth->acl_get('m_warn')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=warn&mode=warn_user&u=' . $post_info['user_id']) : '',
+					'U_VIEW_FORUM'				=> append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $post_info['forum_id']),
 					'U_VIEW_POST'				=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $post_info['forum_id'] . '&p=' . $post_info['post_id'] . '#p' . $post_info['post_id']),
 					'U_VIEW_TOPIC'				=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $post_info['forum_id'] . '&t=' . $post_info['topic_id']),
 
@@ -245,6 +246,17 @@ class mcp_reports
 
 				$forum_info = array();
 				$forum_list_reports = get_forum_list('m_report', false, true);
+				$forum_list_read = array_flip(get_forum_list('f_read', true, true)); // Flipped so we can isset() the forum IDs
+
+				// Remove forums we cannot read
+				foreach ($forum_list_reports as $k => $forum_data)
+				{
+					if (!isset($forum_list_read[$forum_data['forum_id']]))
+					{
+						unset($forum_list_reports[$k]);
+					}
+				}
+				unset($forum_list_read);
 
 				if ($topic_id && $forum_id)
 				{
@@ -450,15 +462,15 @@ function close_report($report_id_list, $mode, $action)
 
 	if ($action == 'delete' && strpos($user->data['session_page'], 'mode=report_details') !== false)
 	{
-		$redirect = request_var('redirect', build_url(array('mode', '_f_', 'r', 'quickmod')) . '&mode=reports');
+		$redirect = request_var('redirect', build_url(array('mode', 'r', 'quickmod')) . '&mode=reports');
 	}
 	else if ($action == 'close' && !request_var('r', 0))
 	{
-		$redirect = request_var('redirect', build_url(array('mode', '_f_', 'p', 'quickmod')) . '&mode=reports');
+		$redirect = request_var('redirect', build_url(array('mode', 'p', 'quickmod')) . '&mode=reports');
 	}
 	else
 	{
-		$redirect = request_var('redirect', build_url(array('_f_', 'quickmod')));
+		$redirect = request_var('redirect', build_url(array('quickmod')));
 	}
 	$success_msg = '';
 	$forum_ids = array();
@@ -555,7 +567,8 @@ function close_report($report_id_list, $mode, $action)
 				{
 					$sql = 'UPDATE ' . TOPICS_TABLE . '
 						SET topic_reported = 0
-						WHERE ' . $db->sql_in_set('topic_id', $close_report_topics);
+						WHERE ' . $db->sql_in_set('topic_id', $close_report_topics) . '
+							OR ' . $db->sql_in_set('topic_moved_id', $close_report_topics);
 					$db->sql_query($sql);
 				}
 			}
@@ -634,7 +647,7 @@ function close_report($report_id_list, $mode, $action)
 		$return_topic = '';
 		if (sizeof($topic_ids == 1))
 		{
-			$return_topic = sprintf($user->lang['RETURN_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", 't=' . current($topic_ids) . 'f=' . current($forum_ids)) . '">', '</a>') . '<br /><br />';
+			$return_topic = sprintf($user->lang['RETURN_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", 't=' . current($topic_ids) . '&amp;f=' . current($forum_ids)) . '">', '</a>') . '<br /><br />';
 		}
 		
 		trigger_error($user->lang[$success_msg] . '<br /><br />' . $return_forum . $return_topic . sprintf($user->lang['RETURN_PAGE'], "<a href=\"$redirect\">", '</a>'));

phpBB/includes/mcp/mcp_topic.php

@@ -46,8 +46,9 @@ function mcp_topic_view($id, $mode, $action)
 	$forum_id		= request_var('f', 0);
 	$to_topic_id	= request_var('to_topic_id', 0);
 	$to_forum_id	= request_var('to_forum_id', 0);
-	$post_id_list	= request_var('post_id_list', array(0));
 	$sort			= isset($_POST['sort']) ? true : false;
+	$submitted_id_list	= request_var('post_ids', array(0));
+	$checked_ids = $post_id_list = request_var('post_id_list', array(0));
 
 	// Split Topic?
 	if ($action == 'split_all' || $action == 'split_beyond')
@@ -113,11 +114,18 @@ function mcp_topic_view($id, $mode, $action)
 	{
 		$posts_per_page = $total;
 	}
-	if (!empty($sort_days_old) && $sort_days_old != $sort_days)
+
+	if ((!empty($sort_days_old) && $sort_days_old != $sort_days) || $total <= $posts_per_page)
 	{
 		$start = 0;
 	}
 
+	// Make sure $start is set to the last page if it exceeds the amount
+	if ($start < 0 || $start >= $total)
+	{
+		$start = ($start < 0) ? 0 : floor(($total - 1) / $posts_per_page) * $posts_per_page;
+	}
+
 	$sql = 'SELECT u.username, u.username_clean, u.user_colour, p.*
 		FROM ' . POSTS_TABLE . ' p, ' . USERS_TABLE . ' u
 		WHERE ' . (($action == 'reports') ? 'p.post_reported = 1 AND ' : '') . '
@@ -226,7 +234,7 @@ function mcp_topic_view($id, $mode, $action)
 
 			'S_POST_REPORTED'	=> ($row['post_reported']) ? true : false,
 			'S_POST_UNAPPROVED'	=> ($row['post_approved']) ? false : true,
-			'S_CHECKED'			=> ($post_id_list && in_array(intval($row['post_id']), $post_id_list)) ? true : false,
+			'S_CHECKED'			=> (($submitted_id_list && !in_array(intval($row['post_id']), $submitted_id_list)) || in_array(intval($row['post_id']), $checked_ids)) ? true : false,
 			'S_HAS_ATTACHMENTS'	=> (!empty($attachments[$row['post_id']])) ? true : false,
 
 			'U_POST_DETAILS'	=> "$url&amp;i=$id&amp;p={$row['post_id']}&amp;mode=post_details" . (($forum_id) ? "&amp;f=$forum_id" : ''),
@@ -279,6 +287,7 @@ function mcp_topic_view($id, $mode, $action)
 
 	$s_hidden_fields = build_hidden_fields(array(
 		'st_old'	=> $sort_days,
+		'post_ids'	=> $post_id_list,
 	));
 
 	$template->assign_vars(array(
@@ -328,7 +337,7 @@ function mcp_topic_view($id, $mode, $action)
 */
 function split_topic($action, $topic_id, $to_forum_id, $subject)
 {
-	global $db, $template, $user, $phpEx, $phpbb_root_path, $auth;
+	global $db, $template, $user, $phpEx, $phpbb_root_path, $auth, $config;
 
 	$post_id_list	= request_var('post_id_list', array(0));
 	$forum_id		= request_var('forum_id', 0);
@@ -370,11 +379,11 @@ function split_topic($action, $topic_id, $to_forum_id, $subject)
 		return;
 	}
 
-	$forum_info = get_forum_data(array($to_forum_id), 'm_split');
+	$forum_info = get_forum_data(array($to_forum_id), 'f_post');
 
 	if (!sizeof($forum_info))
 	{
-		$template->assign_var('MESSAGE', $user->lang['NOT_MODERATOR']);
+		$template->assign_var('MESSAGE', $user->lang['USER_CANNOT_POST']);
 		return;
 	}
 
@@ -386,7 +395,7 @@ function split_topic($action, $topic_id, $to_forum_id, $subject)
 		return;
 	}
 
-	$redirect = request_var('redirect', build_url(array('_f_', 'quickmod')));
+	$redirect = request_var('redirect', build_url(array('quickmod')));
 
 	$s_hidden_fields = build_hidden_fields(array(
 		'i'				=> 'main',
@@ -491,6 +500,9 @@ function split_topic($action, $topic_id, $to_forum_id, $subject)
 
 		$success_msg = 'TOPIC_SPLIT_SUCCESS';
 
+		// Update forum statistics
+		set_config('num_topics', $config['num_topics'] + 1, true);
+
 		// Link back to both topics
 		$return_link = sprintf($user->lang['RETURN_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $post_info['forum_id'] . '&amp;t=' . $post_info['topic_id']) . '">', '</a>') . '<br /><br />' . sprintf($user->lang['RETURN_NEW_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $to_forum_id . '&amp;t=' . $to_topic_id) . '">', '</a>');
 	}
@@ -550,7 +562,7 @@ function merge_posts($topic_id, $to_topic_id)
 		return;
 	}
 
-	$redirect = request_var('redirect', build_url(array('_f_', 'quickmod')));
+	$redirect = request_var('redirect', build_url(array('quickmod')));
 
 	$s_hidden_fields = build_hidden_fields(array(
 		'i'				=> 'main',

phpBB/includes/mcp/mcp_warn.php

@@ -170,7 +170,7 @@ class mcp_warn
 				'USERNAME'			=> $row['username'],
 				'USERNAME_COLOUR'	=> ($row['user_colour']) ? '#' . $row['user_colour'] : '',
 				'U_USER'			=> append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $row['user_id']),
-			
+
 				'WARNING_TIME'	=> $user->format_date($row['user_last_warning']),
 				'WARNINGS'		=> $row['user_warnings'],
 			));
@@ -249,6 +249,25 @@ class mcp_warn
 			$this->u_action .= "&f=$forum_id&p=$post_id";
 		}
 
+		// Check if can send a notification
+		if ($config['allow_privmsg'])
+		{
+			$auth2 = new auth();
+			$auth2->acl($user_row);
+			$s_can_notify = ($auth2->acl_get('u_readpm')) ? true : false;
+			unset($auth2);
+		}
+		else
+		{
+			$s_can_notify = false;
+		}
+
+		// Prevent against clever people
+		if ($notify && !$s_can_notify)
+		{
+			$notify = false;
+		}
+
 		if ($warning && $action == 'add_warning')
 		{
 			if (check_form_key('mcp_warn'))
@@ -262,11 +281,11 @@ class mcp_warn
 			}
 			$redirect = append_sid("{$phpbb_root_path}mcp.$phpEx", "i=notes&mode=user_notes&u=$user_id");
 			meta_refresh(2, $redirect);
-			trigger_error($user->lang['USER_WARNING_ADDED'] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a>'));
+			trigger_error($msg . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a>'));
 		}
 
 		// OK, they didn't submit a warning so lets build the page for them to do so
-		
+
 		// We want to make the message available here as a reminder
 		// Parse the message and subject
 		$message = censor_text($user_row['post_text']);
@@ -307,6 +326,8 @@ class mcp_warn
 			'RANK_IMG'			=> $rank_img,
 
 			'L_WARNING_POST_DEFAULT'	=> sprintf($user->lang['WARNING_POST_DEFAULT'], generate_board_url() . "/viewtopic.$phpEx?f=$forum_id&amp;p=$post_id#p$post_id"),
+
+			'S_CAN_NOTIFY'		=> $s_can_notify,
 		));
 	}
 
@@ -351,6 +372,25 @@ class mcp_warn
 			$this->u_action .= "&amp;u=$user_id";
 		}
 
+		// Check if can send a notification
+		if ($config['allow_privmsg'])
+		{
+			$auth2 = new auth();
+			$auth2->acl($user_row);
+			$s_can_notify = ($auth2->acl_get('u_readpm')) ? true : false;
+			unset($auth2);
+		}
+		else
+		{
+			$s_can_notify = false;
+		}
+
+		// Prevent against clever people
+		if ($notify && !$s_can_notify)
+		{
+			$notify = false;
+		}
+
 		if ($warning && $action == 'add_warning')
 		{
 			if (check_form_key('mcp_warn'))
@@ -389,6 +429,8 @@ class mcp_warn
 
 			'AVATAR_IMG'		=> $avatar_img,
 			'RANK_IMG'			=> $rank_img,
+
+			'S_CAN_NOTIFY'		=> $s_can_notify,
 		));
 
 		return $user_id;

phpBB/includes/message_parser.php

@@ -346,6 +346,12 @@ class bbcode_firstpass extends bbcode
 		$in = trim($in);
 		$error = false;
 
+		// Do not allow 0-sizes generally being entered
+		if ($width <= 0 || $height <= 0)
+		{
+			return '[flash=' . $width . ',' . $height . ']' . $in . '[/flash]';
+		}
+
 		// Apply the same size checks on flash files as on images
 		if ($config['max_' . $this->mode . '_img_height'] || $config['max_' . $this->mode . '_img_width'])
 		{
@@ -385,7 +391,7 @@ class bbcode_firstpass extends bbcode
 
 	/**
 	* Parse code text from code tag
-	* @private
+	* @access private
 	*/
 	function bbcode_parse_code($stx, &$code)
 	{
@@ -394,7 +400,10 @@ class bbcode_firstpass extends bbcode
 			case 'php':
 
 				$remove_tags = false;
-				$code = str_replace(array('&lt;', '&gt;'), array('<', '>'), $code);
+
+				$str_from = array('&lt;', '&gt;', '&#91;', '&#93;', '&#46;', '&#58;', '&#058;');
+				$str_to = array('<', '>', '[', ']', '.', ':', ':');
+				$code = str_replace($str_from, $str_to, $code);
 
 				if (!preg_match('/\<\?.*?\?\>/is', $code))
 				{
@@ -595,10 +604,10 @@ class bbcode_firstpass extends bbcode
 					$out .= array_pop($list_end_tags) . ']';
 					$tok = '[';
 				}
-				else if (preg_match('#^list(=[0-9a-z])?$#i', $buffer, $m))
+				else if (preg_match('#^list(=[0-9a-z]+)?$#i', $buffer, $m))
 				{
 					// sub-list, add a closing tag
-					if (empty($m[1]) || preg_match('/^(?:disc|square|circle)$/i', $m[1]))
+					if (empty($m[1]) || preg_match('/^=(?:disc|square|circle)$/i', $m[1]))
 					{
 						array_push($list_end_tags, '/list:u:' . $this->bbcode_uid);
 					}