[prep-release-3.0.8] Incrementing version number to 3.0.8 and update changelog

* ticket/9903:
  [ticket/9903] Script for detecting potentially malicious flash bbcodes
  [ticket/9903] Fix XSS in BBcode-parser's Flash-BBcode.

.gitignore

@@ -0,0 +1,8 @@
+*~
+phpBB/cache/*.php
+phpBB/config.php
+phpBB/files/*
+phpBB/images/avatars/upload/*
+phpBB/store/*
+tests/phpbb_unit_tests.sqlite2
+tests/test_config.php

build/build.xml

@@ -0,0 +1,149 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<project name="phpBB" description="The phpBB forum software" default="all" basedir="../">
+	<!-- a few settings for the build -->
+	<property name="newversion" value="3.0.8" />
+	<property name="prevversion" value="3.0.8-RC1" />
+	<property name="olderversions" value="3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7-PL1" />
+	<!-- no configuration should be needed beyond this point -->
+
+	<property name="oldversions" value="${olderversions}, ${prevversion}" />
+	<property name="versions" value="${oldversions}, ${newversion}" />
+
+	<!-- These are the main targets which you will probably want to use -->
+	<target name="package" depends="clean,prepare,create-package" />
+	<target name="all" depends="clean,prepare,test,create-package" />
+
+	<target name="prepare">
+		<mkdir dir="build/logs" />
+		<mkdir dir="build/api" />
+		<mkdir dir="build/codebrowser" />
+		<mkdir dir="build/coverage" />
+		<mkdir dir="build/cpd" />
+		<mkdir dir="build/dependencies" />
+		<mkdir dir="build/new_version" />
+		<mkdir dir="build/new_version/files" />
+		<mkdir dir="build/new_version/patches" />
+		<mkdir dir="build/new_version/release_files" />
+		<mkdir dir="build/new_version/update" />
+		<mkdir dir="build/old_versions" />
+		<mkdir dir="build/save" />
+	</target>
+
+	<target name="clean">
+		<delete dir="build/logs" />
+		<delete dir="build/api" />
+		<delete dir="build/codebrowser" />
+		<delete dir="build/coverage" />
+		<delete dir="build/cpd" />
+		<delete dir="build/dependencies" />
+		<delete dir="build/new_version" />
+		<delete dir="build/old_versions" />
+		<delete dir="build/save" />
+	</target>
+
+	<target name="test">
+		<exec dir="tests"
+			command="phpunit --log-junit ../build/logs/phpunit.xml
+			--coverage-clover ../build/logs/clover.xml
+			--coverage-html ../build/coverage
+			phpbb_all_tests all_tests.php"
+			passthru="true" />
+
+
+		<!-- Does not allow changing the working directory to tests/
+			 so this approach does not work for us unfortunately
+		<phpunit codecoverage="true" haltonfailure="true">
+			<formatter todir="build/logs" type="xml"/>
+			<batchtest>
+				<fileset dir="tests">
+					<include name="all_tests.php"/>
+				</fileset>
+			</batchtest>
+		</phpunit>
+		-->
+	</target>
+
+	<target name="old-version-diffs">
+		<foreach list="${oldversions}" param="version" target="old-version-diff" />
+	</target>
+
+	<!-- This target retrieves an old version from the git tag release-${version}
+	     and creates a diff between that release and the new one -->
+	<target name="old-version-diff">
+		<echo msg="Retrieving version ${version}" />
+		<mkdir dir="build/old_versions/release-${version}" />
+
+		<phingcall target="export">
+			<property name="revision" value="release-${version}" />
+			<property name="dir" value="build/old_versions/release-${version}" />
+		</phingcall>
+
+		<phingcall target="clean-diff-dir">
+			<property name="dir" value="build/old_versions/release-${version}" />
+		</phingcall>
+
+		<exec dir="build/old_versions" command="diff -crNEBwd release-${version} release-${newversion} >
+			../new_version/patches/phpBB-${version}_to_${newversion}.patch" escape="false" />
+	</target>
+
+	<target name="prepare-new-version">
+		<!-- select the currently checked out commit (HEAD) for packaging -->
+		<mkdir dir="build/new_version/phpBB3" />
+		<phingcall target="export">
+			<property name="revision" value="HEAD" />
+			<property name="dir" value="build/new_version/phpBB3" />
+		</phingcall>
+
+		<!-- copy into directory for diffs -->
+		<exec dir="build" command="cp -rp new_version/phpBB3 old_versions/release-${newversion}" />
+		<!-- and clean up -->
+		<phingcall target="clean-diff-dir">
+			<property name="dir" value="build/old_versions/release-${newversion}" />
+		</phingcall>
+
+		<!-- create an empty config.php file (not for diffs) -->
+		<touch file="build/new_version/phpBB3/config.php" />
+
+	</target>
+
+	<target name="create-package" depends="prepare-new-version,old-version-diffs">
+		<exec dir="build" command="php -f package.php '${versions}' > logs/package.log" escape="false" />
+		<exec dir="build" command="php -f build_diff.php '${prevversion}' '${newversion}' > logs/build_diff.log" escape="false" />
+	</target>
+
+	<!--
+		This target can be called using phingcall to retrieve a clean
+		checkout of a commit from git. It will only export the phpBB directory.
+		The properties revision and dir are required.
+		This target will remove directories that are not needed in distribution
+		and set correct permissions.
+	-->
+	<target name="export">
+		<exec dir="phpBB"
+			command="git archive ${revision} | tar -x -C ../${dir}"
+			checkreturn="true" />
+		<delete file="${dir}/config.php" />
+		<delete dir="${dir}/develop" />
+		<delete dir="${dir}/install/data" />
+
+		<echo msg="Setting permissions for checkout of ${revision} in ${dir}" />
+		<!-- set permissions of all files to 644, directories to 755 -->
+		<exec dir="${dir}" command="find -type f|xargs chmod 644" escape="false" />
+		<exec dir="${dir}" command="find -type d|xargs chmod 755" escape="false" />
+		<!-- set permissions of some directories to 777 -->
+		<chmod mode="0777" file="${dir}/cache" />
+		<chmod mode="0777" file="${dir}/store" />
+		<chmod mode="0777" file="${dir}/files" />
+		<chmod mode="0777" file="${dir}/images/avatars/upload" />
+	</target>
+
+	<target name="clean-diff-dir">
+		<delete dir="${dir}/cache" />
+		<delete dir="${dir}/docs" />
+		<delete dir="${dir}/files" />
+		<delete dir="${dir}/install" />
+		<delete dir="${dir}/store" />
+	</target>
+
+</project>

build/build_diff.php

@@ -0,0 +1,415 @@
+#!/usr/bin/env php
+<?php
+/**
+*
+* @package build
+* @version $Id$
+* @copyright (c) 2010 phpBB Group
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License
+*
+*/
+
+if ($_SERVER['argc'] != 3)
+{
+	die("Please specify the previous and current version as arguments (e.g. build_diff.php '1.0.2' '1.0.3').");
+}
+
+$old_version = trim($_SERVER['argv'][1]);
+$new_version = trim($_SERVER['argv'][2]);
+
+$substitute_old = $old_version;
+$substitute_new = $new_version;
+$simple_name_old = 'release-' . $old_version;
+$simple_name_new = 'release-' . $new_version;
+$echo_changes = false;
+
+// DO NOT EVER USE THE FOLLOWING! Fix the script to generate proper changes,
+// do NOT manually create them.
+
+// Set this to true to just compress the changes and do not build them again
+// This should be used for building custom modified txt file. ;)
+$package_changed_files = false;
+
+//$debug_file = 'includes/functions_user.php'; //'styles/prosilver/style.cfg';
+$debug_file = false;
+
+if ($debug_file !== false)
+{
+	$echo_changes = false;
+}
+
+$s_name = 'save_' . $substitute_old . '_to_' . $substitute_new;
+
+$location = dirname(__FILE__);
+
+if (!$package_changed_files)
+{
+	if (!$echo_changes)
+	{
+		// Create directory...
+		run_command("mkdir $location/save/{$s_name}");
+		run_command("mkdir $location/save/{$s_name}/language");
+		run_command("mkdir $location/save/{$s_name}/prosilver");
+		run_command("mkdir $location/save/{$s_name}/subsilver2");
+	}
+}
+
+// Build code changes and place them into 'save'
+if (!$package_changed_files)
+{
+	build_code_changes('language');
+	build_code_changes('prosilver');
+	build_code_changes('subsilver2');
+}
+
+// Package code changes
+$code_changes_filename = 'phpBB-' . $substitute_old . '_to_' . $substitute_new . '-codechanges';
+
+if (!$echo_changes)
+{
+	// Now compress the files...
+	// Build Main phpBB Release
+	$compress_programs = array(
+//		'tar.gz'	=> 'tar -czf',
+		'tar.bz2'	=> 'tar -cjf',
+		'zip'		=> 'zip -r'
+	);
+
+	chdir($location . '/save/' . $s_name);
+	foreach ($compress_programs as $extension => $compress_command)
+	{
+		echo "Packaging code changes for $extension\n";
+		run_command("rm ./../../new_version/release_files/{$code_changes_filename}.{$extension}");
+		flush();
+
+		// Build Package
+		run_command("$compress_command ./../../new_version/release_files/{$code_changes_filename}.{$extension} *");
+
+		// Build MD5 Sum
+		run_command("md5sum ./../../new_version/release_files/{$code_changes_filename}.{$extension} > ./../../new_version/release_files/{$code_changes_filename}.{$extension}.md5");
+		flush();
+	}
+}
+
+/**
+* $output_format can be: language, prosilver and subsilver2
+*/
+function build_code_changes($output_format)
+{
+	global $substitute_new, $substitute_old, $simple_name_old, $simple_name_new, $echo_changes, $package_changed_files, $location, $debug_file, $s_name;
+
+	// Global array holding the data entries
+	$data = array(
+		'header'		=> array(),
+		'diff'			=> array(),
+	);
+
+	// Read diff file and prepare the output filedata...
+	//$patch_filename = '../new_version/patches/phpBB-' . $substitute_old . '_to_' . $substitute_new . '.patch';
+	$release_filename = 'phpbb-' . $substitute_old . '_to_' . $substitute_new . '_' . $output_format . '.txt';
+
+	if (!$package_changed_files)
+	{
+		if (!$echo_changes)
+		{
+			$fp = fopen('save/' . $s_name . '/' . $output_format . '/' . $release_filename, 'wb');
+
+			if (!$fp)
+			{
+				die('Unable to create ' . $release_filename);
+			}
+		}
+	}
+
+	include_once($location . '/build_helper.php');
+	$package = new build_package(array($substitute_old, $substitute_new), false);
+
+	$titles = array(
+		'language'		=> 'phpBB ' . $substitute_old . ' to phpBB ' . $substitute_new . ' Language Pack Changes',
+		'prosilver'		=> 'phpBB ' . $substitute_old . ' to phpBB ' . $substitute_new . ' prosilver Changes',
+		'subsilver2'	=> 'phpBB ' . $substitute_old . ' to phpBB ' . $substitute_new . ' subsilver2 Changes',
+	);
+
+	$data['header'] = array(
+		'title'		=> $titles[$output_format],
+		'intro'		=> '
+
+These are the ' . $titles[$output_format] . ' summed up into a little Mod. These changes are only partial and do not include any code changes, therefore not meant for updating phpBB.
+
+	',
+		'included_files'	=> array(),
+	);
+
+	// We collect the files we want to diff first (ironically we grab this from a diff file)
+	if (!$echo_changes)
+	{
+		echo "\n\nCollecting Filenames:";
+	}
+
+	// We re-create the patch file
+	foreach ($package->old_packages as $_package_name => $dest_package_filename)
+	{
+		chdir($package->locations['old_versions']);
+
+		if (!$echo_changes)
+		{
+			echo "\n\n" . 'Creating patch/diff files for phpBB-' . $dest_package_filename . $package->get('new_version_number');
+		}
+
+		$dest_package_filename = $location . '/save/' . $s_name . '/phpBB-' . $dest_package_filename . $package->get('new_version_number') . '.patch';
+		$package->run_command('diff ' . $package->diff_options . ' ' . $_package_name . ' ' . $package->get('simple_name') . ' > ' . $dest_package_filename);
+
+		// Parse this diff to determine file changes from the checked versions and save them
+		$result = $package->collect_diff_files($dest_package_filename, $_package_name);
+		$package->run_command('rm ' . $dest_package_filename);
+	}
+
+	chdir($location);
+
+	$filenames = array();
+	foreach ($result['files'] as $filename)
+	{
+		if ($debug_file !== false && $filename != $debug_file)
+		{
+			continue;
+		}
+
+		// Decide which files to compare...
+		switch ($output_format)
+		{
+			case 'language':
+				if (strpos($filename, 'language/en/') !== 0)
+				{
+					continue 2;
+				}
+			break;
+
+			case 'prosilver':
+				if (strpos($filename, 'styles/prosilver/') !== 0)
+				{
+					continue 2;
+				}
+			break;
+
+			case 'subsilver2':
+				if (strpos($filename, 'styles/subsilver2/') !== 0)
+				{
+					continue 2;
+				}
+			break;
+		}
+
+		if (!file_exists($location . '/old_versions/' . $simple_name_old . '/' . $filename))
+		{
+			// New file... include it
+			$data['header']['included_files'][] = array(
+				'old'				=> $location . '/old_versions/' . $simple_name_old . '/' . $filename,
+				'new'				=> $location . '/old_versions/' . $simple_name_new . '/' . $filename,
+				'phpbb_filename'	=> $filename,
+			);
+			continue;
+		}
+
+		$filenames[] = array(
+			'old'				=> $location . '/old_versions/' . $simple_name_old . '/' . $filename,
+			'new'				=> $location . '/old_versions/' . $simple_name_new . '/' . $filename,
+			'phpbb_filename'	=> $filename,
+		);
+	}
+
+	// Now let us go through the filenames list and create a more comprehensive diff
+	if (!$echo_changes)
+	{
+		fwrite($fp, build_header($output_format, $filenames, $data['header']));
+	}
+	else
+	{
+		//echo build_header('text', $filenames, $data['header']);
+	}
+
+	// Copy files...
+	$files_to_copy = array();
+
+	foreach ($data['header']['included_files'] as $filename)
+	{
+		$files_to_copy[] = $filename['phpbb_filename'];
+	}
+
+	// First step is to copy the new version over (clean structure)
+	if (!$echo_changes && sizeof($files_to_copy))
+	{
+		foreach ($files_to_copy as $file)
+		{
+			// Create directory?
+			$dirname = dirname($file);
+
+			if ($dirname)
+			{
+				$dirname = explode('/', $dirname);
+				$__dir = array();
+
+				foreach ($dirname as $i => $dir)
+				{
+					$__dir[] = $dir;
+					run_command("mkdir -p $location/save/" . $s_name . '/' . $output_format . '/' . implode('/', $__dir));
+				}
+			}
+
+			$source_file = $location . '/new_version/phpBB3/' . $file;
+			$dest_file = $location . '/save/' . $s_name . '/' . $output_format . '/';
+			$dest_file .= $file;
+
+			$command = "cp -p $source_file $dest_file";
+			$result = trim(`$command`);
+			echo "- Copied File: " . $source_file . " -> " . $dest_file . "\n";
+		}
+	}
+
+	include_once('diff_class.php');
+
+	if (!$echo_changes)
+	{
+		echo "\n\nDiffing Codebases:";
+	}
+
+	foreach ($filenames as $file_ary)
+	{
+		if (!file_exists($file_ary['old']))
+		{
+			$lines1 = array();
+		}
+		else
+		{
+			$lines1 = file($file_ary['old']);
+		}
+		$lines2 = file($file_ary['new']);
+
+		if (!sizeof($lines1))
+		{
+			// New File
+		}
+		else
+		{
+			$diff = new Diff($lines1, $lines2);
+			$fmt = new BBCodeDiffFormatter(false, 5, $debug_file);
+
+			if (!$echo_changes)
+			{
+				fwrite($fp, $fmt->format_open($file_ary['phpbb_filename']));
+				fwrite($fp, $fmt->format($diff, $lines1));
+				fwrite($fp, $fmt->format_close($file_ary['phpbb_filename']));
+			}
+			else
+			{
+				echo $fmt->format_open($file_ary['phpbb_filename']);
+				echo $fmt->format($diff, $lines1);
+				echo $fmt->format_close($file_ary['phpbb_filename']);
+			}
+
+			if ($debug_file !== false)
+			{
+				echo $fmt->format_open($file_ary['phpbb_filename']);
+				echo $fmt->format($diff, $lines1);
+				echo $fmt->format_close($file_ary['phpbb_filename']);
+				exit;
+			}
+		}
+	}
+
+	if (!$echo_changes)
+	{
+		fwrite($fp, build_footer($output_format));
+
+		// Close file
+		fclose($fp);
+
+		chmod('save/' . $s_name . '/' . $output_format . '/' . $release_filename, 0666);
+	}
+	else
+	{
+		echo build_footer($output_format);
+	}
+}
+
+/**
+* Build Footer
+*/
+function build_footer($mode)
+{
+	$html = '';
+
+	$html .= "# \n";
+	$html .= "#-----[ SAVE/CLOSE ALL FILES ]------------------------------------------ \n";
+	$html .= "# \n";
+	$html .= "# EoM";
+
+	return $html;
+}
+
+/**
+* Build Header
+*/
+function build_header($mode, $filenames, $header)
+{
+	global $substitute_old;
+
+	$html = '';
+
+	$html .= "############################################################## \n";
+	$html .= "## Title: " . $header['title'] . "\n";
+	$html .= "## Author: naderman < naderman@phpbb.com > (Nils Adermann) http://www.phpbb.com \n";
+	$html .= "## Description: \n";
+
+	$intr = explode("\n", $header['intro']);
+	$introduction = '';
+	foreach ($intr as $_line)
+	{
+		$introduction .= wordwrap($_line, 80) . "\n";
+	}
+	$intr = explode("\n", $introduction);
+
+	foreach ($intr as $_line)
+	{
+		$html .= "##		" . $_line . "\n";
+	}
+	$html .= "## \n";
+	$html .= "## Files To Edit: \n";
+
+	foreach ($filenames as $file_ary)
+	{
+		$html .= "##		" . $file_ary['phpbb_filename'] . "\n";
+	}
+	$html .= "##\n";
+	if (sizeof($header['included_files']))
+	{
+		$html .= "## Included Files: \n";
+		foreach ($header['included_files'] as $filename)
+		{
+			$html .= "##		{$filename['phpbb_filename']}\n";
+		}
+	}
+	$html .= "## License: http://opensource.org/licenses/gpl-license.php GNU General Public License v2 \n";
+	$html .= "############################################################## \n";
+	$html .= "\n";
+
+	// COPY Statement?
+	if (sizeof($header['included_files']))
+	{
+		$html .= "#\n#-----[ COPY ]------------------------------------------\n#\n";
+		foreach ($header['included_files'] as $filename)
+		{
+			$html .= "copy {$filename['phpbb_filename']} to {$filename['phpbb_filename']}\n";
+		}
+		$html .= "\n";
+	}
+
+	return $html;
+}
+
+function run_command($command)
+{
+	$result = trim(`$command`);
+	echo "\n- Command Run: " . $command . "\n";
+}
+
+?>

build/build_helper.php

@@ -0,0 +1,316 @@
+<?php
+/**
+*
+* @package build
+* @version $Id$
+* @copyright (c) 2010 phpBB Group
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License
+*
+*/
+
+class build_package
+{
+	var $package_infos;
+	var $old_packages;
+	var $versions;
+	var $locations;
+
+	// -c - context diff
+	// -r - compare recursive
+	// -N - Treat missing files as empty
+	// -E - Ignore tab expansions
+	//		not used: -b - Ignore space changes.
+	// -w - Ignore all whitespace
+	// -B - Ignore blank lines
+	// -d - Try to find smaller set of changes
+	var $diff_options = '-crNEBwd';
+	var $diff_options_long = '-x images -crNEB'; // -x fonts -x imageset //imageset not used here, because it includes the imageset.cfg file. ;)
+
+	var $verbose = false;
+	var $status_begun = false;
+	var $num_dots = 0;
+
+	function build_package($versions, $verbose = false)
+	{
+		$this->versions = $versions;
+		$this->verbose = $verbose;
+
+		// Get last two entries
+		$_latest = $this->versions[sizeof($this->versions) - 1];
+		$_before = $this->versions[sizeof($this->versions) - 2];
+
+		$this->locations = array(
+			'new_version'	=> dirname(dirname(__FILE__)) . '/phpBB/',
+			'old_versions'	=> dirname(__FILE__) . '/old_versions/',
+			'root'			=> dirname(__FILE__) . '/',
+			'package_dir'	=> dirname(__FILE__) . '/new_version/'
+		);
+
+		$this->package_infos = array(
+			'package_name'			=> 'phpBB3',
+			'name_prefix'			=> 'phpbb',
+			'simple_name'			=> 'release-' . $_latest,
+			'new_version_number'	=> $_latest,
+			'short_version_number'	=> str_replace('.', '', $_latest),
+			'release_filename'		=> 'phpBB-' . $_latest,
+			'last_version'			=> 'release-' . $_before,
+			'last_version_number'	=> $_before,
+		);
+
+		$this->package_infos['dest_dir'] = $this->locations['package_dir'] . $this->package_infos['package_name'];
+		$this->package_infos['diff_dir'] = $this->locations['old_versions'] . $this->package_infos['simple_name'];
+		$this->package_infos['patch_directory'] = $this->locations['package_dir'] . 'patches';
+		$this->package_infos['files_directory'] = $this->locations['package_dir'] . 'files';
+		$this->package_infos['update_directory'] = $this->locations['package_dir'] . 'update';
+		$this->package_infos['release_directory'] = $this->locations['package_dir'] . 'release_files';
+
+		// Old packages always exclude the latest version. ;)
+		$this->old_packages = array();
+
+		foreach ($this->versions as $package_version)
+		{
+			if ($package_version == $_latest)
+			{
+				continue;
+			}
+
+			$this->old_packages['release-' . $package_version] = $package_version . '_to_';
+		}
+	}
+
+	function get($var)
+	{
+		return $this->package_infos[$var];
+	}
+
+	function begin_status($headline)
+	{
+		if ($this->status_begun)
+		{
+			echo "\nDone.\n\n";
+		}
+
+		$this->num_dots = 0;
+
+		echo $headline . "\n    ";
+
+		$this->status_begun = true;
+	}
+
+	function run_command($command)
+	{
+		$result = trim(`$command`);
+
+		if ($this->verbose)
+		{
+			echo "    command : " . getcwd() . '$ ' . $command . "\n";
+			echo "    result  : " . $result . "\n";
+		}
+		else
+		{
+			if ($this->num_dots > 70)
+			{
+				echo "\n";
+				$this->num_dots = 0;
+			}
+			echo '.';
+			$this->num_dots++;
+		}
+
+		flush();
+	}
+
+	function create_directory($directory, $dir_struct)
+	{
+		if (!file_exists($directory))
+		{
+			$this->run_command("mkdir $directory");
+		}
+
+		if (is_array($dir_struct))
+		{
+			foreach ($dir_struct as $_dir => $_dir_struct)
+			{
+				$this->create_directory($directory . '/' . $_dir, $_dir_struct);
+			}
+		}
+	}
+
+	function collect_diff_files($diff_filename, $package_name)
+	{
+		$diff_result = $binary = array();
+		$diff_contents = file($diff_filename);
+
+		$special_diff_contents = array();
+
+		foreach ($diff_contents as $num => $line)
+		{
+			$line = trim($line);
+
+			if (!$line)
+			{
+				continue;
+			}
+
+			// Special diff content?
+			if (strpos($line, 'diff ' . $this->diff_options . ' ') === 0 || strpos($line, '*** ') === 0 || strpos($line, '--- ') === 0 || (strpos($line, ' Exp $') !== false && strpos($line, '$Id:') !== false))
+			{
+				$special_diff_contents[] = $line;
+			}
+			else if (strpos($line, 'diff ' . $this->diff_options . ' ') === 0 || strpos($line, '*** ') === 0 || strpos($line, '--- ') === 0 || (strpos($line, ' Exp $') !== false && strpos($line, '$Id:') !== false) || (strpos($line, ' $') !== false && strpos($line, '$Id:') !== false))
+			{
+				$special_diff_contents[] = $line;
+			}
+
+			// Is diffing line?
+			if (strstr($line, 'diff ' . $this->diff_options . ' '))
+			{
+				$next_line = $diff_contents[$num+1];
+				if (strpos($next_line, '***') === 0)
+				{
+	//			*** phpbb208/admin/admin_board.php	Sat Jul 10 20:16:26 2004
+					$next_line = explode("\t", $next_line);
+					$next_line = trim($next_line[0]);
+					$next_line = str_replace('*** ' . $package_name . '/', '', $next_line);
+					$diff_result[] = $next_line;
+				}
+			}
+
+			// Is binary?
+			if (preg_match('/^Binary files ' . $package_name . '\/(.*) and [a-z0-9_-]+\/\1 differ/i', $line, $match))
+			{
+				$binary[] = trim($match[1]);
+			}
+		}
+
+		// Now go through the list again and find out which files have how many changes...
+		$num_changes = array();
+
+	/*  [1070] => diff -crN phpbb200/includes/usercp_avatar.php phpbb2023/includes/usercp_avatar.php
+		[1071] => *** phpbb200/includes/usercp_avatar.php	Sat Jul 10 20:16:13 2004
+		[1072] => --- phpbb2023/includes/usercp_avatar.php	Wed Feb  6 22:28:04 2008
+		[1073] => *** 6,12 ****
+		[1074] => !  *   $Id$
+		[1075] => --- 6,12 ----
+		[1076] => *** 51,59 ****
+		[1077] => --- 51,60 ----
+		[1078] => *** 62,80 ****
+		[1079] => --- 63,108 ----
+		[1080] => *** 87,97 ****
+	*/
+		while (($line = array_shift($special_diff_contents)) !== NULL)
+		{
+			$line = trim($line);
+
+			if (!$line)
+			{
+				continue;
+			}
+
+			// Is diffing line?
+			if (strstr($line, 'diff ' . $this->diff_options . ' '))
+			{
+				$next_line = array_shift($special_diff_contents);
+				if (strpos($next_line, '*** ') === 0)
+				{
+	//			*** phpbb208/admin/admin_board.php	Sat Jul 10 20:16:26 2004
+					$next_line = explode("\t", $next_line);
+					$next_line = trim($next_line[0]);
+					$next_line = str_replace('*** ' . $package_name . '/', '', $next_line);
+
+					$is_reached = false;
+					$prev_line = '';
+
+					while (!$is_reached)
+					{
+						$line = array_shift($special_diff_contents);
+
+						if (strpos($line, 'diff ' . $this->diff_options) === 0 || empty($special_diff_contents))
+						{
+							$is_reached = true;
+							array_unshift($special_diff_contents, $line);
+							continue;
+						}
+
+						if (strpos($line, '*** ') === 0 && strpos($line, ' ****') !== false)
+						{
+							$is_comment = false;
+							while (!(strpos($line, '--- ') === 0 && strpos($line, ' ----') !== false))
+							{
+								$line = array_shift($special_diff_contents);
+								if (strpos($line, ' Exp $') !== false || strpos($line, '$Id:') !== false)
+								{
+									$is_comment = true;
+								}
+							}
+
+							if (!$is_comment)
+							{
+								if (!isset($num_changes[$next_line]))
+								{
+									$num_changes[$next_line] = 1;
+								}
+								else
+								{
+									$num_changes[$next_line]++;
+								}
+							}
+						}
+					}
+				}
+			}
+		}
+
+		// Now remove those results not having changes
+		$return = array();
+
+		foreach ($diff_result as $key => $value)
+		{
+			if (isset($num_changes[$value]))
+			{
+				$return[] = $value;
+			}
+		}
+
+		foreach ($binary as $value)
+		{
+			$return[] = $value;
+		}
+
+		$diff_result = $return;
+		unset($return);
+		unset($special_diff_contents);
+
+		$result = array(
+			'files'		=> array(),
+			'binary'	=> array(),
+			'all'		=> $diff_result,
+		);
+
+		$binary_extensions = array('gif', 'jpg', 'jpeg', 'png', 'ttf');
+
+		// Split into file and binary
+		foreach ($diff_result as $filename)
+		{
+			if (strpos($filename, '.') === false)
+			{
+				$result['files'][] = $filename;
+				continue;
+			}
+
+			$extension = explode('.', $filename);
+			$extension = array_pop($extension);
+
+			if (in_array($extension, $binary_extensions))
+			{
+				$result['binary'][] = $filename;
+			}
+			else
+			{
+				$result['files'][] = $filename;
+			}
+		}
+
+		return $result;
+	}
+}

build/compare.sh

@@ -0,0 +1,39 @@
+#!/usr/bin/env bash
+orig_dir="../../phpBB"
+
+
+rm -rf test_release_files
+mkdir test_release_files
+cd test_release_files
+
+for ext in "tar.bz2" "zip"
+do
+	cp "../new_version/release_files/$1.$ext" ./
+
+	if [ "$ext" = "tar.bz2" ]
+	then
+		command="tar -xjf"
+	else
+		command="unzip -q"
+	fi
+
+	$command "$1.$ext"
+
+	for file in `find phpBB3 -name '.svn' -prune -o -type f -print`
+	do
+		orig_file="${file/#phpBB3/$orig_dir}"
+		diff_result=`diff $orig_file $file`
+
+		if [ -n "$diff_result" ]
+		then
+			echo "Difference in package $1.$ext"
+			echo $diff_result
+		fi
+	done
+
+	rm -rf phpBB3
+done
+
+cd ..
+rm -rf test_release_files
+

build/package.php

@@ -0,0 +1,409 @@
+#!/usr/bin/env php
+<?php
+/**
+*
+* @package build
+* @version $Id$
+* @copyright (c) 2010 phpBB Group
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License
+*
+*/
+
+//$versions = array('3.0.2', '3.0.3', '3.0.4', '3.0.5', '3.0.6', '3.0.7-RC1', '3.0.7-RC2', '3.0.7', '3.0.7-PL1');
+
+if ($_SERVER['argc'] < 2)
+{
+	die("Please specify a list of versions as the first argument (e.g. package.php '1.0.0, 1.0.1, 1.0.2').");
+}
+
+$versions = explode(',', $_SERVER['argv'][1]);
+$versions = array_map('trim', $versions);
+
+$verbose = true;
+
+require('build_helper.php');
+
+$package = new build_package($versions, $verbose);
+
+echo "Building Release Packages\n";
+echo "Now all three package types (patch, files, release) are built as well as the update package (update).\n";
+
+// Go trough all versions making a diff if we even have old versions
+// For phpBB 3.0.x we might choose a different update method, rendering the things below useless...
+if (sizeof($package->old_packages))
+{
+	chdir($package->locations['old_versions']);
+
+	// This array is for holding the filenames change
+	$diff_file_changes = array();
+
+	foreach ($package->old_packages as $_package_name => $dest_package_filename)
+	{
+		$package->begin_status('Parsing patch/diff files for phpBB-' . $dest_package_filename . $package->get('new_version_number'));
+
+		// Parse this diff to determine file changes from the checked versions and save them
+		$diff_file_changes[$_package_name] = $package->collect_diff_files(
+			$package->get('patch_directory') . '/phpBB-' . $dest_package_filename . $package->get('new_version_number') . '.patch',
+			$_package_name
+		);
+	}
+
+	// Now put those files determined within the correct directories
+	foreach ($diff_file_changes as $_package_name => $file_contents)
+	{
+		$package->begin_status('Creating files-only informations for ' . $package->old_packages[$_package_name] . $package->get('new_version_number'));
+
+		$dest_filename_dir = $package->get('files_directory') . '/' . $package->old_packages[$_package_name] . $package->get('new_version_number');
+
+		if (!file_exists($dest_filename_dir))
+		{
+			$package->run_command('mkdir ' . $dest_filename_dir);
+		}
+
+		// Now copy the file contents
+		foreach ($file_contents['all'] as $file)
+		{
+			$source_filename = $package->get('dest_dir') . '/' . $file;
+			$dest_filename = $dest_filename_dir . '/' . $file;
+
+			// Create Directories along the way?
+			$file = explode('/', $file);
+			// Remove filename portion
+			$file[sizeof($file)-1] = '';
+
+			chdir($dest_filename_dir);
+			foreach ($file as $entry)
+			{
+				$entry = trim($entry);
+				if ($entry)
+				{
+					if (!file_exists('./' . $entry))
+					{
+						$package->run_command('mkdir ' . $entry);
+					}
+					chdir('./' . $entry);
+				}
+			}
+
+			$package->run_command('cp ' . $source_filename . ' ' . $dest_filename);
+		}
+	}
+
+	// Because there might be binary changes, we re-create the patch files... without parsing file differences.
+	$package->run_command('rm -Rv ' . $package->get('patch_directory'));
+
+	if (!file_exists($package->get('patch_directory')))
+	{
+		$package->run_command('mkdir ' . $package->get('patch_directory'));
+	}
+
+	chdir($package->locations['old_versions']);
+
+	foreach ($package->old_packages as $_package_name => $dest_package_filename)
+	{
+		$package->begin_status('Creating patch/diff files for phpBB-' . $dest_package_filename . $package->get('new_version_number'));
+
+		$dest_package_filename = $package->get('patch_directory') . '/phpBB-' . $dest_package_filename . $package->get('new_version_number') . '.patch';
+		$package->run_command('diff ' . $package->diff_options_long . ' ' . $_package_name . ' ' . $package->get('simple_name') . ' > ' . $dest_package_filename);
+	}
+
+	$packages = $diff_file_changes;
+
+	foreach ($packages as $_package_name => $file_contents)
+	{
+		$package->begin_status('Building specific update files for ' . $package->old_packages[$_package_name] . $package->get('new_version_number'));
+
+		$dest_filename_dir = $package->get('update_directory') . '/' . $package->old_packages[$_package_name] . $package->get('new_version_number');
+
+		if (!file_exists($dest_filename_dir))
+		{
+			$package->run_command('mkdir ' . $dest_filename_dir);
+		}
+
+		$package->run_command('cp -Rp ' . $package->get('dest_dir') . '/docs ' . $dest_filename_dir);
+		$package->run_command('cp -Rp ' . $package->get('dest_dir') . '/install ' . $dest_filename_dir);
+
+		$package->run_command('mkdir ' . $dest_filename_dir . '/install/update');
+		$package->run_command('mkdir ' . $dest_filename_dir . '/install/update/old');
+		$package->run_command('mkdir ' . $dest_filename_dir . '/install/update/new');
+
+		// Remove some files
+		$package->run_command('rm -v ' . $dest_filename_dir . '/install/install_install.php');
+		$package->run_command('rm -v ' . $dest_filename_dir . '/install/install_convert.php');
+		$package->run_command('rm -Rv ' . $dest_filename_dir . '/install/schemas');
+		$package->run_command('rm -Rv ' . $dest_filename_dir . '/install/convertors');
+
+		foreach ($file_contents['all'] as $index => $file)
+		{
+			if (strpos($file, 'recode_cjk') !== false)
+			{
+				unset($file_contents['all'][$index]);
+			}
+		}
+
+		// First of all, fill the 'old' directory
+		foreach ($file_contents['all'] as $file)
+		{
+			$source_filename = $package->locations['old_versions'] . $_package_name . '/' . $file;
+			$dest_filename = $dest_filename_dir . '/install/update/old/' . $file;
+
+			if (!file_exists($source_filename))
+			{
+				continue;
+			}
+
+			// Create Directories along the way?
+			$file = explode('/', $file);
+			// Remove filename portion
+			$file[sizeof($file)-1] = '';
+
+			chdir($dest_filename_dir . '/install/update/old');
+			foreach ($file as $entry)
+			{
+				$entry = trim($entry);
+				if ($entry)
+				{
+					if (!file_exists('./' . $entry))
+					{
+						$package->run_command('mkdir ' . $entry);
+					}
+					chdir('./' . $entry);
+				}
+			}
+
+			$package->run_command('cp ' . $source_filename . ' ' . $dest_filename);
+		}
+
+		// Then fill the 'new' directory
+		foreach ($file_contents['all'] as $file)
+		{
+			$source_filename = $package->locations['old_versions'] . $package->get('simple_name') . '/' . $file;
+			$dest_filename = $dest_filename_dir . '/install/update/new/' . $file;
+
+			if (!file_exists($source_filename))
+			{
+				continue;
+			}
+
+			// Create Directories along the way?
+			$file = explode('/', $file);
+			// Remove filename portion
+			$file[sizeof($file)-1] = '';
+
+			chdir($dest_filename_dir . '/install/update/new');
+			foreach ($file as $entry)
+			{
+				$entry = trim($entry);
+				if ($entry)
+				{
+					if (!file_exists('./' . $entry))
+					{
+						$package->run_command('mkdir ' . $entry);
+					}
+					chdir('./' . $entry);
+				}
+			}
+
+			$package->run_command('cp ' . $source_filename . ' ' . $dest_filename);
+		}
+
+		// Build index.php file for holding the file structure
+		$index_contents = '<?php
+
+if (!defined(\'IN_PHPBB\'))
+{
+	exit;
+}
+
+// Set update info with file structure to update
+$update_info = array(
+	\'version\'	=> array(\'from\' => \'' . str_replace('_to_', '', $package->old_packages[$_package_name]) . '\', \'to\' => \'' . $package->get('new_version_number') . '\'),
+';
+
+		if (sizeof($file_contents['all']))
+		{
+			$index_contents .= '\'files\'		=> array(\'' . implode("',\n\t'", $file_contents['all']) . '\'),
+';
+		}
+		else
+		{
+			$index_contents .= '\'files\'		=> array(),
+';
+		}
+
+		if (sizeof($file_contents['binary']))
+		{
+			$index_contents .= '\'binary\'		=> array(\'' . implode("',\n\t'", $file_contents['binary']) . '\'),
+';
+		}
+		else
+		{
+			$index_contents .= '\'binary\'		=> array(),
+';
+		}
+
+		$index_contents .= ');
+
+?' . '>';
+
+		$fp = fopen($dest_filename_dir . '/install/update/index.php', 'wt');
+		fwrite($fp, $index_contents);
+		fclose($fp);
+	}
+	unset($diff_file_changes);
+
+	$package->begin_status('Clean up all install files');
+
+	// Copy the install files to their respective locations
+	$package->run_command('cp -Rp ' . $package->get('dest_dir') . '/docs ' . $package->get('patch_directory'));
+	$package->run_command('cp -Rp ' . $package->get('dest_dir') . '/install ' . $package->get('patch_directory'));
+
+	// Remove some files
+	chdir($package->get('patch_directory') . '/install');
+
+	$package->run_command('rm -v install_install.php');
+	$package->run_command('rm -v install_update.php');
+	$package->run_command('rm -v install_convert.php');
+	$package->run_command('rm -Rv schemas');
+	$package->run_command('rm -Rv convertors');
+}
+
+// Build Main phpBB Release
+$compress_programs = array(
+//	'tar.gz'	=> 'tar -czf',
+	'tar.bz2'	=> 'tar -cjf',
+	'zip'		=> 'zip -r'
+);
+
+if (sizeof($package->old_packages))
+{
+	// Build Patch Files
+	chdir($package->get('patch_directory'));
+
+	foreach ($compress_programs as $extension => $compress_command)
+	{
+		$package->begin_status('Packaging phpBB Patch Files for ' . $extension);
+
+		// Build Package
+		$package->run_command($compress_command . ' ../release_files/' . $package->get('release_filename') . '-patch.' . $extension . ' *');
+
+		// Build MD5 Sum
+		$package->run_command('md5sum ../release_files/' . $package->get('release_filename') . '-patch.' . $extension . ' > ../release_files/' . $package->get('release_filename') . '-patch.' . $extension . '.md5');
+	}
+
+	// Build Files Package
+	chdir($package->get('files_directory'));
+
+	foreach ($compress_programs as $extension => $compress_command)
+	{
+		$package->begin_status('Packaging phpBB Files for ' . $extension);
+
+		$package->run_command('mkdir ' . $package->get('files_directory') . '/release');
+		$package->run_command('cp -Rp ' . $package->get('dest_dir') . '/docs ' . $package->get('files_directory') . '/release');
+		$package->run_command('cp -Rp ' . $package->get('dest_dir') . '/install ' . $package->get('files_directory') . '/release');
+
+		$package->run_command('rm -v ' . $package->get('files_directory') . '/release/install/install_install.php');
+		$package->run_command('rm -v ' . $package->get('files_directory') . '/release/install/install_update.php');
+		$package->run_command('rm -v ' . $package->get('files_directory') . '/release/install/install_convert.php');
+		$package->run_command('rm -Rv ' . $package->get('files_directory') . '/release/install/schemas');
+		$package->run_command('rm -Rv ' . $package->get('files_directory') . '/release/install/convertors');
+
+		// Pack files
+		foreach ($package->old_packages as $_package_name => $package_path)
+		{
+			chdir($package_path . $package->get('new_version_number'));
+			$command = ($extension == 'zip') ? 'zip -r' : 'tar cf';
+			$_ext = ($extension == 'zip') ? 'zip' : 'tar';
+			$package->run_command("$command ../release/phpBB-$package_path" . $package->get('new_version_number') . ".$_ext *");
+			chdir('..');
+		}
+
+		chdir('./release');
+		$package->run_command("$compress_command ../../release_files/" . $package->get('release_filename') . '-files.' . $extension . ' *');
+		// Build MD5 Sum
+		$package->run_command('md5sum ../../release_files/' . $package->get('release_filename') . '-files.' . $extension . ' > ../../release_files/' . $package->get('release_filename') . '-files.' . $extension . '.md5');
+		chdir('..');
+
+		$package->run_command('rm -Rv ' . $package->get('files_directory') . '/release');
+	}
+
+	// Build Update Package
+	foreach ($compress_programs as $extension => $compress_command)
+	{
+		chdir($package->get('update_directory'));
+
+		$package->begin_status('Packaging phpBB Update for ' . $extension);
+
+		$package->run_command('mkdir ' . $package->get('update_directory') . '/release');
+
+		// Pack update files
+		$packages = $package->old_packages;
+
+		foreach ($packages as $_package_name => $package_path)
+		{
+			chdir($package_path . $package->get('new_version_number'));
+
+			$package->run_command('rm -v install/install_install.php');
+			$package->run_command('rm -v install/install_convert.php');
+			$package->run_command('rm -v includes/utf/data/recode_cjk.php');
+			$package->run_command('rm -Rv install/schemas');
+			$package->run_command('rm -Rv install/convertors');
+
+			$command = ($extension == 'zip') ? 'zip -r' : 'tar cf';
+			$_ext = ($extension == 'zip') ? 'zip' : 'tar';
+			$package->run_command("$command ../release/$package_path" . $package->get('new_version_number') . ".$_ext *");
+			chdir('..');
+
+			$last_version = $package_path . $package->get('new_version_number');
+
+//			chdir('./release');
+//			$package->run_command("$compress_command ../../release_files/" . $package->get('release_filename') . '-update.' . $extension . ' *');
+//			chdir('..');
+
+			chdir('./' . $last_version);
+			// Copy last package over...
+			$package->run_command('rm -v ../release_files/phpBB-' . $last_version . ".$extension");
+			$package->run_command("$compress_command ../../release_files/phpBB-$last_version.$extension *");
+
+			// Build MD5 Sum
+			$package->run_command("md5sum ../../release_files/phpBB-$last_version.$extension > ../../release_files/phpBB-$last_version.$extension.md5");
+			chdir('..');
+		}
+
+		$package->run_command('rm -Rv ' . $package->get('update_directory') . '/release');
+	}
+
+}
+
+// Delete updater and convertor from main archive
+chdir($package->get('dest_dir') . '/install');
+
+// $package->run_command('rm -v database_update.php');
+$package->run_command('rm -v install_update.php');
+
+chdir($package->locations['package_dir']);
+foreach ($compress_programs as $extension => $compress_command)
+{
+	$package->begin_status('Packaging phpBB for ' . $extension);
+	$package->run_command('rm -v ./release_files/' . $package->get('release_filename') . ".{$extension}");
+
+	// Build Package
+	$package->run_command("$compress_command ./release_files/" . $package->get('release_filename') . '.' . $extension . ' ' . $package->get('package_name'));
+
+	// Build MD5 Sum
+	$package->run_command('md5sum ./release_files/' . $package->get('release_filename') . '.' . $extension . ' > ./release_files/' . $package->get('release_filename') . '.' . $extension . '.md5');
+}
+
+// Microsoft Web PI packaging
+$package->begin_status('Packaging phpBB for Microsoft WebPI');
+$file = './release_files/' . $package->get('release_filename') . '.webpi.zip';
+$package->run_command('cp -p ./release_files/' . $package->get('release_filename') . ".zip $file");
+$package->run_command('cd ./../webpi && ' . $compress_programs['zip'] . " ./../new_version/$file *");
+$package->run_command("md5sum $file  > $file.md5");
+
+// verify results
+chdir($package->locations['root']);
+$package->begin_status('********** Verifying packages **********');
+$package->run_command('./compare.sh ' . $package->package_infos['release_filename']);
+
+echo "Done.\n";

build/webpi/install/mssql.sql

@@ -0,0 +1,39 @@
+/**********************************************************************/
+/* Install.SQL                                                        */
+/* Creates a login and makes the user a member of db roles            */
+/*                                                                    */
+/**********************************************************************/
+
+-- Declare variables for database name, username and password
+DECLARE @dbName sysname,
+      @dbUser sysname,
+      @dbPwd nvarchar(max);
+
+-- Set variables for database name, username and password
+SET @dbName = 'PlaceHolderForDb';
+SET @dbUser = 'PlaceHolderForUser';
+SET @dbPwd = 'PlaceHolderForPassword';
+
+DECLARE @cmd nvarchar(max)
+
+-- Create login
+IF( SUSER_SID(@dbUser) is null )
+BEGIN
+    print '-- Creating login '
+    SET @cmd = N'CREATE LOGIN ' + quotename(@dbUser) + N' WITH PASSWORD ='''+ replace(@dbPwd, '''', '''''') + N''''
+    EXEC(@cmd)
+END
+
+-- Create database user and map to login
+-- and add user to the datareader, datawriter, ddladmin and securityadmin roles
+--
+SET @cmd = N'USE ' + quotename(@DBName) + N'; 
+IF( NOT EXISTS (SELECT * FROM sys.database_principals WHERE name = ''' + replace(@dbUser, '''', '''''') + N'''))
+BEGIN
+    print ''-- Creating user'';
+    CREATE USER ' + quotename(@dbUser) + N' FOR LOGIN ' + quotename(@dbUser) + N';
+    print ''-- Adding user'';
+    EXEC sp_addrolemember ''db_owner'', ''' + replace(@dbUser, '''', '''''') + N''';
+END'
+EXEC(@cmd)
+GO

build/webpi/install/mysql.sql

@@ -0,0 +1,15 @@
+USE PlaceHolderForDb$$
+
+DROP PROCEDURE IF EXISTS add_user $$
+
+CREATE PROCEDURE add_user()
+BEGIN
+DECLARE EXIT HANDLER FOR 1044 BEGIN END;
+GRANT ALL PRIVILEGES ON PlaceHolderForDb.* to 'PlaceHolderForUser'@'PlaceHolderForServer' IDENTIFIED BY 'PlaceHolderForPassword';
+FLUSH PRIVILEGES;
+END
+$$
+
+CALL add_user() $$
+
+DROP PROCEDURE IF EXISTS add_user $$

build/webpi/manifest.xml

@@ -0,0 +1,13 @@
+<msdeploy.iisapp>
+	<iisapp path="phpBB3" />
+
+	<dbmysql path="install/mysql.sql" commandDelimiter="$$"	removeCommandDelimiter="true" />
+
+	<dbfullsql path="install/mssql.sql" />
+
+	<setAcl path="phpBB3/cache" setAclAccess="Modify" setAclUser="anonymousAuthenticationUser" />
+	<setAcl path="phpBB3/files" setAclAccess="Modify" setAclUser="anonymousAuthenticationUser" />
+	<setAcl path="phpBB3/store" setAclAccess="Modify" setAclUser="anonymousAuthenticationUser" />
+	<setAcl path="phpBB3/images/avatars/upload" setAclAccess="Modify" setAclUser="anonymousAuthenticationUser" />
+	<setAcl path="phpBB3/config.php" setAclAccess="Modify" setAclUser="anonymousAuthenticationUser" setAclResourceType="File" />
+</msdeploy.iisapp>

build/webpi/parameters.xml

@@ -0,0 +1,256 @@
+<parameters>
+	<parameter
+		name="AppPath"
+		defaultValue="Default Web Site/phpBB3"
+		tags="iisapp">
+		
+		<parameterEntry
+			type="ProviderPath"
+			scope="iisapp"
+			match="phpBB3" />
+	</parameter>
+	<!--ACLs-->
+	<parameter
+		name="aclCache"
+		description="Sets the ACL on the cache/ folder"
+		defaultValue="{AppPath}/cache"
+		tags="Hidden">
+
+		<parameterEntry
+			type="ProviderPath"
+			scope="setAcl"
+			match="phpBB3/cache$" />
+	</parameter>
+
+	<parameter
+		name="aclFiles"
+		description="Sets the ACL on the files/ folder"
+		defaultValue="{AppPath}/files"
+		tags="Hidden">
+
+		<parameterEntry
+			type="ProviderPath"
+			scope="setAcl"
+			match="phpBB3/files$" />
+	</parameter>
+
+	<parameter
+		name="aclStore"
+		description="Sets the ACL on the store/ folder"
+		defaultValue="{AppPath}/store"
+		tags="Hidden">
+
+		<parameterEntry
+			type="ProviderPath"
+			scope="setAcl"
+			match="phpBB3/store$" />
+	</parameter>
+
+	<parameter
+		name="aclAvatarUpload"
+		description="Sets the ACL on the avatars/upload/ folder"
+		defaultValue="{AppPath}/images/avatars/upload"
+		tags="Hidden">
+
+		<parameterEntry
+			type="ProviderPath"
+			scope="setAcl"
+			match="phpBB3/images/avatars/upload$" />
+	</parameter>
+
+	<parameter
+		name="aclConfig"
+		description="Sets the ACL on the config.php file"
+		defaultValue="{AppPath}/config.php"
+		tags="Hidden">
+
+		<parameterEntry
+			type="ProviderPath"
+			scope="setAcl"
+			match="phpBB3/config.php$" />
+	</parameter>
+
+	<!-- SQL parameters -->
+	<parameter  name="SQL Database Server"  description="Enter the database server (usually machine name ) "  defaultValue="."  tags="SQL">
+	</parameter>
+
+	<parameter name="SQL DatabaseServer Instance" description="Enter the database instance name" defaultValue="SQLExpress" tags="SQL">
+	</parameter>
+	<!-- Read database server from config.php . Update 'dbhost' in config.php on publish -->
+	<parameter name="SQL Automatic DatabaseServer" defaultValue="dbhost = '{SQL Database Server}\\{SQL DatabaseServer Instance}';" tags="Hidden,SQL">
+		<parameterEntry kind="TextFile" scope="\\config\.php$" match="dbhost\s*=\s*'([^']*)'\s*;" />
+	</parameter>
+	<parameter
+		name="SQL DatabaseName" description="Database name for your application." defaultValue="phpbb" tags="SQL, dbName">
+
+		<parameterEntry type="TextFile" scope="install/mssql.sql" match="PlaceHolderForDb" />   
+	</parameter>
+	<!-- Read database name from config.php . Update 'dbname' in config.php on publish -->
+	<parameter name="SQL Automatic DatabaseName" defaultValue="dbname = '{SQL DatabaseName}';" tags="Hidden,SQL">
+		<parameterEntry kind="TextFile" scope="\\config\.php$" match="dbname\s*=\s*'([^']*)'\s*;" />
+	</parameter>
+  
+	<parameter
+		name="SQL DatabaseAdministrator"
+		description="Database server administartor username."
+		defaultValue="sa"
+		tags="SQL, DbAdminUsername" >
+	</parameter>
+
+	<parameter
+		name="SQL DatabaseAdministratorPassword"
+		description="Database server administrator password."
+		tags="Password,SQL,DbAdminPassword">
+	</parameter>
+
+	<parameter
+		name="SQL Database Username"
+		description="Username to access your database."
+		defaultValue="phpbb"
+		tags="SQL, DbUsername">
+
+		<parameterEntry
+			type="TextFile"
+			scope="install/mssql.sql"
+			match="PlaceHolderForUser" />
+	</parameter>
+	<!-- Read database user from config.php . Update 'dbuser' in config.php on publish -->
+	<parameter name="SQL Automatic Database User" defaultValue="dbuser = '{SQL Database Username}';" tags="Hidden,SQL">
+		<parameterEntry kind="TextFile" scope="\\config\.php$" match="dbuser\s*=\s*'([^']*)'\s*;" />
+	</parameter>
+  
+	<parameter
+		name="SQL Database Password"
+		description="Password for your phpBB database. (Must be at least 8 characters, contain at least one lower case letter, one upper case letter and one digit)"
+		tags="New, Password,SQL,  DbUserPassword">
+
+		<parameterValidation
+			type = "RegularExpression"   
+			validationString = "^.*(?=.{8,})(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).*$" />
+
+		<parameterEntry
+			type="TextFile"
+			scope="install/mssql.sql"
+			match="PlaceHolderForPassword" />
+	</parameter>
+
+	<!-- Read database user password from config.php . Update 'dbpasswd' in config.php on publish -->
+	<parameter name="SQL Automatic Database Password" defaultValue="dbpasswd = '{SQL Database Password}';" tags="Hidden,SQL">
+		<parameterEntry kind="TextFile" scope="\\config\.php$" match="dbpasswd\s*=\s*'([^']*)'\s*;" />
+	</parameter>
+
+	<!-- SQL Connection string -->
+	<parameter
+		name="SQL ConnectionString"
+		description="Automatically sets the connection string for the connection request."
+		defaultValue="Server={SQL Database Server}\{SQL DatabaseServer Instance};Database={SQL DatabaseName};uid={SQL DatabaseAdministrator};Pwd={SQL DatabaseAdministratorPassword};"
+		tags="Hidden,SQLConnectionString,Validate">
+
+		<parameterEntry
+			type="ProviderPath"
+			scope="dbfullsql"
+			match="install/mssql.sql" />
+	</parameter>
+
+	<parameter
+		name="SQL Database type"
+		description="SQL database type"
+		defaultValue="mssql"
+		tags="SQL,Hidden">
+	</parameter>
+
+	<!-- MYSQL parameters -->
+	<parameter
+		name="MySQL Database Server"
+		description="Enter the hostname"
+		defaultValue="localhost"
+		tags="MySQL, dbServer">
+
+		<parameterEntry
+			type="TextFile"
+			scope="install/mysql.sql"
+			match="PlaceHolderForServer" />
+	</parameter>
+
+	<!-- Read database server from config.php . Update 'dbhost' in config.php on publish -->
+	<parameter name="Automatic MySQL DatabaseServer" defaultValue="dbhost = '{MySQL Database Server}';" tags="Hidden,MySQL">
+		<parameterEntry kind="TextFile" scope="\\config\.php$" match="dbhost\s*=\s*'([^']*)'\s*;" />
+	</parameter>
+  
+	<parameter
+		name="MySQL Database Name"
+		description="Database Name for your application."
+		defaultValue="phpbb"
+		tags="MySQL, dbName">
+
+		<parameterEntry
+			type="TextFile"
+			scope="install/mysql.sql"
+			match="PlaceHolderForDb"  />
+	</parameter>
+	<!-- Read database name from config.php . Update 'dbname' in config.php on publish -->
+	<parameter name="Automatic MySQL Database Name" defaultValue="dbname = '{MySQL Database Name}';" tags="Hidden,MySQL">
+		<parameterEntry kind="TextFile" scope="\\config\.php$" match="dbname\s*=\s*'([^']*)'\s*;" />
+	</parameter>
+
+	<parameter
+		name="MySQL Database Username"
+		description="Username to access your phpBB database."
+		defaultValue="phpbb"
+		tags="MySQL, DbUsername">
+
+		<parameterEntry
+			type="TextFile"
+			scope="install/mysql.sql"
+			match="PlaceHolderForUser" />
+	</parameter>
+	<!-- Read database user from config.php . Update 'dbuser' in config.php on publish -->
+	<parameter name="Automatic MySQL Database User" defaultValue="dbuser = '{MySQL Database Username}';" tags="Hidden,MySQL">
+		<parameterEntry kind="TextFile" scope="\\config\.php$" match="dbuser\s*=\s*'([^']*)'\s*;" />
+	</parameter>
+
+	<parameter
+		name="MySQL Database Password"
+		description="Password for your phpBB database. (Minimum 4 characters)"
+		tags="New, Password,MySQL,DbUserPassword">
+
+		<parameterValidation
+			type = "RegularExpression"
+			validationString = "^.{4,}$" />
+
+		<parameterEntry
+			type="TextFile"
+			scope="install/mysql.sql"
+			match="PlaceHolderForPassword" />
+		</parameter>
+		<!-- Read database password from config.php . Update 'dbpasswd' in config.php on publish -->
+		<parameter name="MySQL Automatic Database Password" defaultValue="dbpasswd = '{MySQL Database Password}';" tags="Hidden,MySQL">
+			<parameterEntry kind="TextFile" scope="\\config\.php$" match="dbpasswd\s*=\s*'([^']*)'\s*;" />
+		</parameter>
+
+	<!-- MySQL admin credentials -->
+	<parameter
+		name="MySQL Database Administrator"
+		description="Database administrator username."
+		defaultValue="root"
+		tags="MySQL, DbAdminUsername" >
+	</parameter>
+	<parameter
+		name="MySQL Database Administrator Password"
+		description="Database administrator password."
+		tags="Password,MySQL,DbAdminPassword" >
+	</parameter>
+
+	<!-- MySQL Connectionstring -->
+	<parameter
+		name="MySQLConnectionString"
+		description="Automatically sets the connection string for the connection request."
+		defaultValue="Server={MySQL Database Server};Database={MySQL Database Name};uid={MySQL Database Administrator};Pwd={MySQL Database Administrator Password};"
+		tags="Hidden,MySQLConnectionString,Validate">
+
+		<parameterEntry
+			type="ProviderPath"
+			scope="dbmysql"
+			match="install/mysql.sql" />
+	</parameter>
+</parameters>

git-tools/hooks/commit-msg

@@ -0,0 +1,258 @@
+#!/bin/sh
+#
+# A hook to check syntax of a phpBB3 commit message, per:
+# * <http://wiki.phpbb.com/display/DEV/Git>
+# * <http://area51.phpbb.com/phpBB/viewtopic.php?p=209919#p209919>
+#
+# This is a commit-msg hook.
+#
+# To install this you can either copy or symlink it to
+# $GIT_DIR/hooks, example:
+#
+# ln -s ../../git-tools/hooks/commit-msg \\
+#   .git/hooks/commit-msg
+
+config_ns="phpbb.hooks.commit-msg";
+
+if [ "$(git config --bool $config_ns.fatal)" = "false" ]
+then
+	fatal=0;
+else
+	fatal=1;
+fi
+
+debug_level=$(git config --int $config_ns.debug || echo 0);
+
+# Error codes
+ERR_LENGTH=1;
+ERR_HEADER=2;
+ERR_EMPTY=3;
+ERR_DESCRIPTION=4;
+ERR_FOOTER=5;
+ERR_EOF=6;
+ERR_UNKNOWN=42;
+
+debug()
+{
+	local level;
+
+	level=$1;
+	shift;
+
+	if [ $debug_level -ge $level ]
+	then
+		echo $@;
+	fi
+}
+
+quit()
+{
+	if [ $1 -gt 0 ] && [ $1 -ne $ERR_UNKNOWN ] && [ $fatal -eq 0 ]
+	then
+		exit 0;
+	else
+		exit $1;
+	fi
+}
+
+msg=$(grep -nE '.{81,}' "$1");
+
+if [ $? -eq 0 ]
+then
+	echo "The following lines are greater than 80 characters long:\n" >&2;
+	echo $msg >&2;
+
+	quit $ERR_LENGTH;
+fi
+
+lines=$(wc -l "$1" | awk '{ print $1; }');
+expecting=header;
+in_description=0;
+in_empty=0;
+ticket=0;
+branch_regex="[a-z]+[a-z0-9-]*[a-z0-9]+";
+i=1;
+tickets="";
+
+while [ $i -le $lines ]
+do
+	# Grab the line we are studying
+	line=$(head -n$i "$1" | tail -n1);
+
+	debug 1 "==> [$i] $line (description: $in_description, empty: $in_empty)";
+
+	err=$ERR_UNKNOWN;
+
+	if [ -z "$expecting" ]
+	then
+		quit $err;
+	fi
+
+	if [ "${expecting#comment}" = "$expecting" ]
+	then
+		# Prefix comments to the expected tokens list
+		expecting="comment $expecting";
+	fi
+
+	debug 2 "Expecting: $expecting";
+
+	# Loop over each of the expected line formats
+	for expect in $expecting
+	do
+		# Reset the error code each iteration
+		err=$ERR_UNKNOWN;
+
+		# Test for validity of each line format
+		# This is done first so $? contains the result
+		case $expect in
+			"header")
+				err=$ERR_HEADER;
+				echo "$line" | grep -Eq "^\[(ticket/[0-9]+|feature/$branch_regex|task/$branch_regex)\] [A-Z].+$"
+			;;
+			"empty")
+				err=$ERR_EMPTY;
+				echo "$line" | grep -Eq "^$"
+			;;
+			"description")
+				err=$ERR_DESCRIPTION;
+				# Free flow text, the line length was constrained by the initial check
+				echo "$line" | grep -Eq "^.+$";
+			;;
+			"footer")
+				err=$ERR_FOOTER;
+				# Each ticket is on its own line
+				echo "$line" | grep -Eq "^PHPBB3-[0-9]+$";
+			;;
+			"eof")
+				err=$ERR_EOF;
+				# Should not end up here
+				false
+			;;
+			"comment")
+				echo "$line" | grep -Eq "^#";
+			;;
+			*)
+				echo "Unrecognised token $expect" >&2;
+				quit $err;
+			;;
+		esac
+
+		# Preserve the result of the line check
+		result=$?;
+
+		debug 2 "$expect - '$line' - $result";
+
+		if [ $result -eq 0 ]
+		then
+			# Break out the loop on success
+			# otherwise roll on round and keep looking for a match
+			break;
+		fi
+	done
+
+	if [ $result -eq 0 ]
+	then
+		# Have we switched out of description mode?
+		if [ $in_description -eq 1 ] && [ "$expect" != "description" ] && [ "$expect" != "empty" ] && [ "$expect" != "comment" ]
+		then
+			# Yes, okay we need to backtrace one line and reanalyse
+			in_description=0;
+			i=$(( $i - $in_empty ));
+
+			# Reset the empty counter
+			in_empty=0;
+			continue;
+		fi
+
+		# Successful match, but on which line format
+		case $expect in
+			"header")
+				expecting="empty";
+
+				echo "$line" | grep -Eq "^\[ticket/[0-9]+\]$" && (
+					ticket=$(echo "$line" | sed 's,\[ticket/\([0-9]*\)\].*,\1,');
+				)
+			;;
+			"empty")
+				# Description might have empty lines as spacing
+				expecting="footer description";
+				in_empty=$(($in_empty + 1));
+
+				if [ $in_description -eq 1 ]
+				then
+					expecting="$expecting empty";
+				fi
+			;;
+			"description")
+				expecting="description empty";
+				in_description=1;
+			;;
+			"footer")
+				expecting="footer eof";
+				if [ "$tickets" = "" ]
+				then
+					tickets="$line";
+				else
+					tickets="$tickets $line";
+				fi
+			;;
+			"comment")
+				# Comments should expect the same thing again
+			;;
+			*)
+				echo "Unrecognised token $expect" >&2;
+				quit 254;
+			;;
+		esac
+
+		if [ "$expect" != "empty" ]
+		then
+			in_empty=0;
+		fi
+
+		debug 3 "Now expecting: $expecting";
+	else
+		# None of the expected line formats matched
+		# Guess we'll call it a day here then
+		echo "Syntax error on line $i:" >&2;
+		echo ">> $line" >&2;
+		echo -n "Expecting: " >&2;
+		echo "$expecting" | sed 's/ /, /g' >&2;
+		exit $err;
+	fi
+
+	i=$(( $i + 1 ));
+done
+
+# If EOF is expected exit cleanly
+echo "$expecting" | grep -q "eof" || (
+	# Unexpected EOF, error
+	echo "Unexpected EOF encountered" >&2;
+	quit $ERR_EOF;
+) && (
+	# Do post scan checks
+	if [ ! -z "$tickets" ]
+	then
+		# Check for duplicate tickets
+		dupes=$(echo "$tickets" | sed 's/ /\n/g' | sort | uniq -d);
+
+		if [ ! -z "$dupes" ]
+		then
+			echo "The following tickets are repeated:" >&2;
+			echo "$dupes" | sed 's/ /\n/g;s/^/* /g' >&2;
+			quit $ERR_FOOTER;
+		fi
+	fi
+	# Check the branch ticket is mentioned, doesn't make sense otherwise
+	if [ $ticket -gt 0 ]
+	then
+		echo "$tickets" | grep -Eq "\bPHPBB3-$ticket\b" || (
+			echo "Ticket ID [$ticket] of branch missing from list of tickets:" >&2;
+			echo "$tickets" | sed 's/ /\n/g;s/^/* /g' >&2;
+			quit $ERR_FOOTER;
+		) || exit $?;
+	fi
+	# Got here okay exit to reality
+	exit 0;
+);
+exit $?;

git-tools/hooks/install

@@ -0,0 +1,17 @@
+#!/bin/sh
+#
+# Script to install the git hooks
+# by symlinking them into the .git/hooks directory
+#
+# Usage (from within git-tools/hooks):
+# ./install
+
+dir=$(dirname $0)
+
+for file in $(ls $dir)
+do
+	if [ $file != "install" ] && [ $file != "uninstall" ]
+	then
+		ln -s "../../git-tools/hooks/$file" "$dir/../../.git/hooks/$file"
+	fi
+done

git-tools/hooks/pre-commit

@@ -0,0 +1,82 @@
+#!/bin/sh
+#
+# A hook to disallow php syntax errors to be committed
+# by running php -l (lint) on them. It requires php-cli
+# to be installed.
+#
+# This is a pre-commit hook.
+#
+# To install this you can either copy or symlink it to
+# $GIT_DIR/hooks, example:
+#
+# ln -s ../../git-tools/hooks/pre-commit \\
+#   .git/hooks/pre-commit
+
+# NOTE: this is run through /usr/bin/env
+PHP_BIN=php
+
+# necessary check for initial commit
+if git rev-parse --verify HEAD >/dev/null 2>&1
+then
+	against=HEAD
+else
+	# Initial commit: diff against an empty tree object
+	against=4b825dc642cb6eb9a060e54bf8d69288fbee4904
+fi
+
+error=0
+errors=""
+
+if ! which $PHP_BIN >/dev/null 2>&1
+then
+	echo "PHP Syntax check failed:"
+	echo "PHP binary does not exist or is not in path: $PHP_BIN"
+	exit 1
+fi
+
+# dash does not support $'\n':
+# http://forum.soft32.com/linux2/Bug-409179-DASH-Settings-IFS-work-properly-ftopict70039.html
+IFS='
+'
+# get a list of staged files
+for line in $(git diff-index --cached --full-index $against)
+do
+	# split needed values
+	sha=$(echo $line | cut -d' ' -f4)
+	temp=$(echo $line | cut -d' ' -f5)
+	status=$(echo $temp | cut -d'	' -f1)
+	filename=$(echo $temp | cut -d'	' -f2)
+
+	# file extension
+	ext=$(echo $filename | sed 's/^.*\.//')
+
+	# only check files with php extension
+	if [ $ext != "php" ]
+	then
+		continue
+	fi
+
+	# do not check deleted files
+	if [ $status = "D" ]
+	then
+		continue
+	fi
+
+	# check the staged file content for syntax errors
+	# using php -l (lint)
+	result=$(git cat-file -p $sha | /usr/bin/env $PHP_BIN -l 2>/dev/null)
+	if [ $? -ne 0 ]
+	then
+		error=1
+		# Swap back in correct filenames
+		errors=$(echo "$errors"; echo "$result" |sed -e "s@in - on@in $filename on@g")
+	fi
+done
+unset IFS
+
+if [ $error -eq 1 ]
+then
+	echo -e "PHP Syntax check failed:";
+	echo -e "$errors" | grep "^Parse error:"
+	exit 1
+fi

git-tools/hooks/prepare-commit-msg

@@ -0,0 +1,42 @@
+#!/bin/sh
+#
+# A hook to add [$branch] to the beginning of a commit message
+# if certain conditions are met.
+#
+# This is a prepare-commit-msg hook.
+#
+# To install this you can either copy or symlink it to
+# $GIT_DIR/hooks, example:
+#
+# ln -s ../../git-tools/hooks/prepare-commit-msg \\
+#   .git/hooks/prepare-commit-msg
+
+# get branch name
+branch="$(git symbolic-ref HEAD)"
+
+# exit if no branch name is present
+# (eg. detached HEAD)
+if [ $? -ne 0 ]
+then
+	exit
+fi
+
+# strip off refs/heads/
+branch="$(echo "$branch" | sed "s/refs\/heads\///g")"
+
+# add [branchname] to commit message
+# * only run when normal commit is made (without -m or -F;
+#   not a merge, etc.)
+# * also make sure the branch name begins with bug/ or feature/
+if [ "$2" = "" ]
+then
+	tail="";
+
+	# Branch is prefixed with 'ticket/', append ticket ID to message
+	if [ "$branch" != "${branch##ticket/}" ];
+	then
+		tail="\n\nPHPBB3-${branch##ticket/}";
+	fi
+
+	echo "[$branch]$tail $(cat "$1")" > "$1"
+fi

git-tools/hooks/uninstall

@@ -0,0 +1,16 @@
+#!/bin/sh
+#
+# Script to uninstall the git hooks
+#
+# Usage (from within git-tools/hooks):
+# ./uninstall
+
+dir=$(dirname $0)
+
+for file in $(ls $dir)
+do
+	if [ $file != "install" ] && [ $file != "uninstall" ]
+	then
+		rm -f "$dir/../../.git/hooks/$file"
+	fi
+done

phpBB/.htaccess

@@ -1,3 +1,13 @@
+#
+# Uncomment the statement below if you want to make use of
+# HTTP authentication and it does not already work.
+# This could be required if you are for example using PHP via Apache CGI.
+#
+#<IfModule mod_rewrite.c>
+#RewriteEngine on
+#RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
+#</IfModule>
+
 <Files "config.php">
 Order Allow,Deny
 Deny from All

phpBB/adm/index.php

@@ -246,7 +246,7 @@ function h_radio($name, &$input_ary, $input_default = false, $id = false, $key =
 	foreach ($input_ary as $value => $title)
 	{
 		$selected = ($input_default !== false && $value == $input_default) ? ' checked="checked"' : '';
-		$html .= '<label><input type="radio" name="' . $name . '"' . (($id && !$id_assigned) ? ' id="' . $id . '"' : '') . ' value="' . $value . '"' . $selected . (($key) ? ' accesskey="' . $key . '"' : '') . ' class="radio" /> ' . $user->lang[$title] . '</label> ';
+		$html .= '<label><input type="radio" name="' . $name . '"' . (($id && !$id_assigned) ? ' id="' . $id . '"' : '') . ' value="' . $value . '"' . $selected . (($key) ? ' accesskey="' . $key . '"' : '') . ' class="radio" /> ' . $user->lang[$title] . '</label>';
 		$id_assigned = true;
 	}
 
@@ -432,6 +432,20 @@ function validate_config_vars($config_vars, &$cfg_array, &$error)
 				{
 					$error[] = sprintf($user->lang['SETTING_TOO_BIG'], $user->lang[$config_definition['lang']], $validator[$max]);
 				}
+
+				if (strpos($config_name, '_max') !== false)
+				{
+					// Min/max pairs of settings should ensure that min <= max
+					// Replace _max with _min to find the name of the minimum
+					// corresponding configuration variable
+					$min_name = str_replace('_max', '_min', $config_name);
+
+					if (isset($cfg_array[$min_name]) && is_numeric($cfg_array[$min_name]) && $cfg_array[$config_name] < $cfg_array[$min_name])
+					{
+						// A minimum value exists and the maximum value is less than it
+						$error[] = sprintf($user->lang['SETTING_TOO_LOW'], $user->lang[$config_definition['lang']], (int) $cfg_array[$min_name]);
+					}
+				}
 			break;
 
 			// Absolute path
@@ -533,7 +547,7 @@ function validate_config_vars($config_vars, &$cfg_array, &$error)
 				// Check if the path is writable
 				if ($config_definition['validate'] == 'wpath' || $config_definition['validate'] == 'rwpath')
 				{
-					if (file_exists($phpbb_root_path . $cfg_array[$config_name]) && !@is_writable($phpbb_root_path . $cfg_array[$config_name]))
+					if (file_exists($phpbb_root_path . $cfg_array[$config_name]) && !phpbb_is_writable($phpbb_root_path . $cfg_array[$config_name]))
 					{
 						$error[] = sprintf($user->lang['DIRECTORY_NOT_WRITABLE'], $cfg_array[$config_name]);
 					}

phpBB/adm/style/acp_ban.html

@@ -31,9 +31,9 @@
 
 	function display_details(option)
 	{
-		document.getElementById('acp_unban').unbangivereason.value = ban_give_reason[option];
-		document.getElementById('acp_unban').unbanreason.value = ban_reason[option];
-		document.getElementById('acp_unban').unbanlength.value = ban_length[option];
+		document.getElementById('acp_unban').unbangivereason.innerHTML = ban_give_reason[option];
+		document.getElementById('acp_unban').unbanreason.innerHTML = ban_reason[option];
+		document.getElementById('acp_unban').unbanlength.innerHTML = ban_length[option];
 	}
 
 // ]]>
@@ -93,15 +93,15 @@
 	</dl>
 	<dl>
 		<dt><label for="unbanlength">{L_BAN_LENGTH}:</label></dt>
-		<dd><input style="border: 0;" type="text" class="text full" disabled="disabled" name="unbanlength" id="unbanlength" /></dd>
+		<dd><input style="border: 0;" type="text" class="text full" readonly="readonly" name="unbanlength" id="unbanlength" /></dd>
 	</dl>
 	<dl>
 		<dt><label for="unbanreason">{L_BAN_REASON}:</label></dt>
-		<dd><textarea style="border: 0;" class="text full" disabled="disabled" name="unbanreason" id="unbanreason" rows="5" cols="80">&nbsp;</textarea></dd>
+		<dd><textarea style="border: 0;" class="text full" readonly="readonly" name="unbanreason" id="unbanreason" rows="5" cols="80">&nbsp;</textarea></dd>
 	</dl>
 	<dl>
 		<dt><label for="unbangivereason">{L_BAN_GIVE_REASON}:</label></dt>
-		<dd><textarea style="border: 0;" class="text full" disabled="disabled" name="unbangivereason" id="unbangivereason" rows="5" cols="80">&nbsp;</textarea></dd>
+		<dd><textarea style="border: 0;" class="text full" readonly="readonly" name="unbangivereason" id="unbangivereason" rows="5" cols="80">&nbsp;</textarea></dd>
 	</dl>
 
 	<p class="submit-buttons">

phpBB/adm/style/acp_captcha.html

@@ -21,6 +21,10 @@
 	<dt><label for="max_reg_attempts">{L_REG_LIMIT}:</label><br /><span>{L_REG_LIMIT_EXPLAIN}</span></dt>
 	<dd><input id="max_reg_attempts" type="text" size="4" maxlength="4" name="max_reg_attempts" value="{REG_LIMIT}" /></dd>
 </dl>
+<dl>
+	<dt><label for="max_login_attempts">{L_MAX_LOGIN_ATTEMPTS}:</label><br /><span>{L_MAX_LOGIN_ATTEMPTS_EXPLAIN}</span></dt>
+	<dd><input id="max_login_attempts" type="text" size="4" maxlength="4" name="max_login_attempts" value="{MAX_LOGIN_ATTEMPTS}" /></dd>
+</dl>
 <dl>
 	<dt><label for="enable_post_confirm">{L_VISUAL_CONFIRM_POST}:</label><br /><span>{L_VISUAL_CONFIRM_POST_EXPLAIN}</span></dt>
 	<dd><label><input type="radio" class="radio" id="enable_post_confirm" name="enable_post_confirm" value="1"<!-- IF POST_ENABLE --> checked="checked"<!-- ENDIF --> /> {L_ENABLED}</label>
@@ -54,10 +58,12 @@
 </fieldset>
 <!-- ENDIF -->
 
-<fieldset class="submit-buttons">
-	<legend>{L_SUBMIT}</legend>
-	<input class="button1" type="submit" id="main_submit" name="main_submit" value="{L_SUBMIT}" />&nbsp;
-	<input class="button2" type="reset" id="form_reset" name="reset" value="{L_RESET}" />&nbsp;
+<fieldset>
+	<legend>{L_ACP_SUBMIT_CHANGES}</legend>
+	<p class="submit-buttons">
+		<input class="button1" type="submit" id="main_submit" name="main_submit" value="{L_SUBMIT}" />&nbsp;
+		<input class="button2" type="reset" id="form_reset" name="reset" value="{L_RESET}" />&nbsp;
+	</p>
 	{S_FORM_TOKEN}
 </fieldset>
 </form>

phpBB/adm/style/acp_database.html

@@ -71,8 +71,9 @@
 	<dl>
 		<dt><label for="where">{L_ACTION}:</label></dt>
 		<dd>
-			<label><input type="radio" class="radio" name="where" value="store" checked="checked" /> {L_STORE_LOCAL}</label>
-			<label><input type="radio" class="radio" name="where" value="download" /> {L_DOWNLOAD}</label></dd>
+			<label><input id="where" type="radio" class="radio" name="where" value="store" checked="checked" /> {L_STORE_LOCAL}</label>
+			<label><input type="radio" class="radio" name="where" value="download" /> {L_DOWNLOAD}</label>
+		</dd>
 	</dl>
 	<dl>
 		<dt><label for="table">{L_TABLE_SELECT}:</label></dt>

phpBB/adm/style/acp_forums.html

@@ -189,8 +189,8 @@
 			<legend>{L_GENERAL_FORUM_SETTINGS}</legend>
 		<dl>
 			<dt><label for="display_active">{L_DISPLAY_ACTIVE_TOPICS}:</label><br /><span>{L_DISPLAY_ACTIVE_TOPICS_EXPLAIN}</span></dt>
-			<dd><label><input type="radio" class="radio" name="display_active" value="1"<!-- IF S_DISPLAY_ACTIVE_TOPICS --> id="display_active" checked="checked"<!-- ENDIF --> /> {L_YES}</label>
-				<label><input type="radio" class="radio" name="display_active" value="0"<!-- IF not S_DISPLAY_ACTIVE_TOPICS --> id="display_active" checked="checked"<!-- ENDIF --> /> {L_NO}</label></dd>
+			<dd><label><input type="radio" class="radio" name="display_active" value="1"<!-- IF S_ENABLE_ACTIVE_TOPICS --> id="display_active" checked="checked"<!-- ENDIF --> /> {L_YES}</label>
+				<label><input type="radio" class="radio" name="display_active" value="0"<!-- IF not S_ENABLE_ACTIVE_TOPICS --> id="display_active" checked="checked"<!-- ENDIF --> /> {L_NO}</label></dd>
 		</dl>
 		</fieldset>
 	</div>

phpBB/adm/style/acp_forums_copy_perm.html

@@ -1,21 +1,22 @@
 <!-- INCLUDE overall_header.html -->
 
+<h1>{L_COPY_PERMISSIONS}</h1>
+
+<p>{L_COPY_PERMISSIONS_EXPLAIN}</p>
+<p>{L_ACL_LINK}</p>
+
 <form id="confirm" method="post" action="{S_COPY_ACTION}">
 
 <fieldset>
-	<h1>{L_COPY_PERMISSIONS}</h1>
-	<p>{L_COPY_PERMISSIONS_EXPLAIN}</p>
-	<p>{L_ACL_LINK}</p>	
 	<dl>
 		<dt><label for="forum_perm_from">{L_COPY_PERMISSIONS}:</label><br /><span>{L_COPY_PERMISSIONS_EXPLAIN}</span></dt>
 		<dd><select id="forum_perm_from" name="forum_perm_from"><option value="0">{L_NO_PERMISSIONS}</option>{S_FORUM_OPTIONS}</select></dd>
 	</dl>
 	<div style="text-align: center;">{S_FORM_TOKEN}{S_HIDDEN_FIELDS}
-		<input type="submit" name="update" value="{L_CONTINUE}" class="button2" />&nbsp; 
+		<input type="submit" name="update" value="{L_CONTINUE}" class="button2" />&nbsp;
 	</div>
-
 </fieldset>
-		
+
 </form>
 
 <!-- INCLUDE overall_footer.html -->

phpBB/adm/style/acp_groups.html

@@ -120,7 +120,7 @@
 		</dl>
 		<dl>
 			<dt><label for="width">{L_LINK_REMOTE_SIZE}:</label><br /><span>{L_LINK_REMOTE_SIZE_EXPLAIN}</span></dt>
-			<dd><input name="width" type="text" id="width" size="3" value="{AVATAR_WIDTH}" /> <span>px X </span> <input type="text" name="height" size="3" value="{AVATAR_HEIGHT}" /> <span>px</span></dd>
+			<dd><input name="width" type="text" id="width" size="3" value="{AVATAR_WIDTH}" /> <span>{L_PIXEL} &times; </span> <input type="text" name="height" size="3" value="{AVATAR_HEIGHT}" /> <span>{L_PIXEL}</span></dd>
 		</dl>
 		<!-- IF S_DISPLAY_GALLERY -->
 			<dl>

phpBB/adm/style/acp_icons.html

@@ -139,9 +139,9 @@
 		<td><input class="text post" type="text" size="3" name="add_width" id="add_width" value="{WIDTH}" /></td>
 		<td><input class="text post" type="text" size="3" name="add_height" id="add_height" value="{HEIGHT}" /></td>
 		<td><input type="checkbox" class="radio" name="add_display_on_posting" checked="checked" onclick="toggle_select('add', this.checked, 'add_order');"/></td>
- 		<td><select id="add_order" name="add_order">
-				<optgroup id="order_disp[add]" label="{L_DISPLAY_POSTING}">{S_ADD_ORDER_LIST_DISPLAY}</optgroup>
-				<optgroup id="order_no_disp[add]" label="{L_DISPLAY_POSTING_NO}" disabled="disabled" class="disabled-options" >{S_ADD_ORDER_LIST_UNDISPLAY}</optgroup>
+ 		<td><select id="order_add_order" name="add_order">
+				<optgroup id="order_disp_add_order" label="{L_DISPLAY_POSTING}">{S_ADD_ORDER_LIST_DISPLAY}</optgroup>
+				<optgroup id="order_no_disp_add_order" label="{L_DISPLAY_POSTING_NO}" disabled="disabled" class="disabled-options" >{S_ADD_ORDER_LIST_UNDISPLAY}</optgroup>
 		</select></td>
 		<td><input type="checkbox" class="radio" name="add_additional_code" value="1" /></td>
 	</tr>

phpBB/adm/style/acp_inactive.html

@@ -41,6 +41,7 @@
 		<td style="vertical-align: top;">
 			{inactive.REASON}
 			<!-- IF inactive.REMINDED --><br />{inactive.REMINDED_EXPLAIN}<!-- ENDIF -->
+		</td>
 		<td>&nbsp;<input type="checkbox" class="radio" name="mark[]" value="{inactive.USER_ID}" />&nbsp;</td>
 	</tr>
 <!-- BEGINELSE -->
@@ -67,7 +68,7 @@
 <fieldset class="quick">
 	<select name="action">{S_INACTIVE_OPTIONS}</select>
 	<input class="button2" type="submit" name="submit" value="{L_SUBMIT}" />
-	<p class="small"><a href="#" onclick="marklist('inactive', 'mark', true); return false;">{L_MARK_ALL}</a> &bull; <a href="#" onclick="marklist('inactive', 'mark', false); return false;">{L_UNMARK_ALL}</a></p>		
+	<p class="small"><a href="#" onclick="marklist('inactive', 'mark', true); return false;">{L_MARK_ALL}</a> &bull; <a href="#" onclick="marklist('inactive', 'mark', false); return false;">{L_UNMARK_ALL}</a></p>
 	{S_FORM_TOKEN}
 </fieldset>
 

phpBB/adm/style/acp_jabber.html

@@ -38,7 +38,7 @@
 	<dd><input type="text" id="jab_username" name="jab_username" value="{JAB_USERNAME}" /></dd>
 </dl>
 <dl>
-	<dt><label for="jab_password">{L_JAB_PASSWORD}:</label></dt>
+	<dt><label for="jab_password">{L_JAB_PASSWORD}:</label><br /><span>{L_JAB_PASSWORD_EXPLAIN}</span></dt>
 	<dd><input type="password" id="jab_password" name="jab_password" value="{JAB_PASSWORD}" /></dd>
 </dl>
 <!-- IF S_CAN_USE_SSL -->

phpBB/adm/style/acp_logs.html

@@ -14,11 +14,12 @@
 
 <!-- IF PAGINATION -->
 <div class="pagination" style="float: right; margin: 15px 0 2px 0">
-		<a href="#" onclick="jumpto(); return false;" title="{L_JUMP_TO_PAGE}">{S_ON_PAGE}</a> &bull; <span>{PAGINATION}</span>
+	<a href="#" onclick="jumpto(); return false;" title="{L_JUMP_TO_PAGE}">{S_ON_PAGE}</a> &bull; <span>{PAGINATION}</span>
 </div>
 <!-- ENDIF -->
 
-<div class="clearfix">&nbsp;</div><br style="clear: both;" />
+<div class="clearfix">&nbsp;</div>
+<div><br style="clear: both;" /></div>
 
 <!-- IF .log -->
 	<table cellspacing="1">

phpBB/adm/style/acp_main.html

@@ -40,6 +40,12 @@
 		</div>
 	<!-- ENDIF -->
 
+	<!-- IF S_PHP_VERSION_OLD -->
+		<div class="errorbox notice">
+			<p>{L_PHP_VERSION_OLD}</p>
+		</div>
+	<!-- ENDIF -->
+
 	<table cellspacing="1">
 		<caption>{L_FORUM_STATS}</caption>
 		<col class="col1" /><col class="col2" /><col class="col1" /><col class="col2" />
@@ -232,6 +238,7 @@
 				<td style="vertical-align: top;">
 					{inactive.REASON}
 					<!-- IF inactive.REMINDED --><br />{inactive.REMINDED_EXPLAIN}<!-- ENDIF -->
+				</td>
 			</tr>
 		<!-- BEGINELSE -->
 			<tr>

phpBB/adm/style/acp_styles.html

@@ -20,7 +20,7 @@
 	</dl>
 	<dl>
 		<dt><label for="new_id">{L_REPLACE}:</label><br /><span>{L_REPLACE_EXPLAIN}</span></dt>
-		<dd><select name="new_id">{S_REPLACE_OPTIONS}</select></dd>
+		<dd><select id="new_id" name="new_id">{S_REPLACE_OPTIONS}</select></dd>
 	</dl>
 
 	<p class="quick">
@@ -135,11 +135,11 @@
 	<div id="img_dimensions">
 		<dl>
 			<dt><label for="imgwidth">{L_IMAGE_WIDTH}:</label><br /><span>{L_AUTOMATIC_EXPLAIN}</span></dt>
-			<dd><input type="text" name="imgwidth" value="{IMAGE_SIZE}" /></dd>
+			<dd><input id="imgwidth" type="text" name="imgwidth" value="{IMAGE_SIZE}" /></dd>
 		</dl>
 		<dl>
 			<dt><label for="imgheight">{L_IMAGE_HEIGHT}:</label><br /><span>{L_AUTOMATIC_EXPLAIN}</span></dt>
-			<dd><input type="text" name="imgheight" value="{IMAGE_HEIGHT}" /></dd>
+			<dd><input id="imgheight" type="text" name="imgheight" value="{IMAGE_HEIGHT}" /></dd>
 		</dl>
 	</div>
 	</fieldset>
@@ -266,7 +266,7 @@
 
 	<p>{L_TEMPLATE_CACHE_EXPLAIN}</p>
 
-	<form name="acp_styles" method="post" action="{U_ACTION}">
+	<form id="acp_styles" method="post" action="{U_ACTION}">
 	<fieldset class="tabulated">
 	<legend>{L_TEMPLATE_CACHE}</legend>
 

phpBB/adm/style/acp_update.html

@@ -18,6 +18,12 @@
 		</div>
 	<!-- ENDIF -->
 
+	<!-- IF NEXT_FEATURE_VERSION -->
+		<div class="errorbox">
+			<p>{UPGRADE_INSTRUCTIONS}</p>
+		</div>
+	<!-- ENDIF -->
+
 	<fieldset>
 		<legend></legend>
 	<dl>

phpBB/adm/style/acp_users_avatar.html

@@ -27,7 +27,7 @@
 			</dl>
 			<dl>
 				<dt><label for="width">{L_LINK_REMOTE_SIZE}:</label><br /><span>{L_LINK_REMOTE_SIZE_EXPLAIN}</span></dt>
-				<dd><input name="width" type="text" id="width" size="3" value="{USER_AVATAR_WIDTH}" /> <span>px X </span> <input type="text" name="height" size="3" value="{USER_AVATAR_HEIGHT}" /> <span>px</span></dd>
+				<dd><input name="width" type="text" id="width" size="3" value="{USER_AVATAR_WIDTH}" /> <span>{L_PIXEL} &times; </span> <input type="text" name="height" size="3" value="{USER_AVATAR_HEIGHT}" /> <span>{L_PIXEL}</span></dd>
 			</dl>
 		<!-- ENDIF -->
 		<!-- IF S_DISPLAY_GALLERY -->

phpBB/adm/style/acp_users_overview.html

@@ -124,13 +124,6 @@
 			<dd><input name="ban_give_reason" type="text" class="text medium" maxlength="3000" id="ban_give_reason" /></dd>
 		</dl>
 	</div>
-		<!-- IF not S_OWN_ACCOUNT -->
-			<dl>
-				<dt><label for="delete_user">{L_DELETE_USER}:</label><br /><span>{L_DELETE_USER_EXPLAIN}</span></dt>
-				<dd><input type="checkbox" class="radio" name="delete" value="1" /></dd>
-				<dd><select id="delete_user" name="delete_type"><option value="retain">{L_RETAIN_POSTS}</option><option value="remove">{L_DELETE_POSTS}</option></select></dd>
-			</dl>
-		<!-- ENDIF -->
 
 	<p class="quick">
 		<input class="button1" type="submit" name="update" value="{L_SUBMIT}" />
@@ -141,4 +134,20 @@
 
 	</form>
 
+	<!-- IF not S_OWN_ACCOUNT -->
+	<form id="user_delete" method="post" action="{U_ACTION}">
+	<fieldset>
+		<legend>{L_DELETE_USER}</legend>
+		<dl>
+			<dt><label for="delete_type">{L_DELETE_USER}:</label><br /><span>{L_DELETE_USER_EXPLAIN}</span></dt>
+			<dd><select id="delete_type" name="delete_type"><option class="sep" value="">{L_SELECT_OPTION}</option><option value="retain">{L_RETAIN_POSTS}</option><option value="remove">{L_DELETE_POSTS}</option></select></dd>
+		</dl>
+		<p class="quick">
+			<input class="button1" type="submit" name="update" value="{L_SUBMIT}" />
+			<input type="hidden" name="delete" value="1" />
+			{S_FORM_TOKEN}
+		</p>
+	</fieldset>
+	</form>
+	<!-- ENDIF -->
 <!-- ENDIF -->

phpBB/adm/style/acp_users_signature.html

@@ -56,7 +56,7 @@
 			<input type="button" class="button2" accesskey="c" name="addbbcode8" value="Code" style="width: 40px" onclick="bbstyle(8)" onmouseover="helpline('c')" onmouseout="helpline('tip')" />
 			<input type="button" class="button2" accesskey="l" name="addbbcode10" value="List" style="width: 40px" onclick="bbstyle(10)" onmouseover="helpline('l')" onmouseout="helpline('tip')" />
 			<input type="button" class="button2" accesskey="o" name="addbbcode12" value="List=" style="width: 40px" onclick="bbstyle(12)" onmouseover="helpline('o')" onmouseout="helpline('tip')" />
-			<input type="button" class="button2" accesskey="t" name="addlitsitem" value="[*]" style="width: 40px" onclick="bbstyle(-1)" onmouseover="helpline('e')" onmouseout="helpline('tip')" />
+			<input type="button" class="button2" accesskey="y" name="addlitsitem" value="[*]" style="width: 40px" onclick="bbstyle(-1)" onmouseover="helpline('e')" onmouseout="helpline('tip')" />
 			<!-- IF S_BBCODE_IMG -->
 				<input type="button" class="button2" accesskey="p" name="addbbcode14" value="Img" style="width: 40px" onclick="bbstyle(14)" onmouseover="helpline('p')" onmouseout="helpline('tip')" />
 			<!-- ENDIF -->
@@ -93,8 +93,8 @@
 				// ]]>
 				</script>
 			</dt>
-			<dd style="margin-left: 90px;"><textarea name="signature" rows="10" cols="60" style="width: 95%;" onselect="storeCaret(this);" onclick="storeCaret(this);" onkeyup="storeCaret(this);" onfocus="initInsertions();">{SIGNATURE}</textarea></dd>
-			<dd style="margin-left: 90px; margin-top: 5px;">
+			<dd style="margin-{S_CONTENT_FLOW_BEGIN}: 90px;"><textarea name="signature" rows="10" cols="60" style="width: 95%;" onselect="storeCaret(this);" onclick="storeCaret(this);" onkeyup="storeCaret(this);" onfocus="initInsertions();">{SIGNATURE}</textarea></dd>
+			<dd style="margin-{S_CONTENT_FLOW_BEGIN}: 90px; margin-top: 5px;">
 			<!-- IF S_BBCODE_ALLOWED -->
 				<label><input type="checkbox" class="radio" name="disable_bbcode"{S_BBCODE_CHECKED} /> {L_DISABLE_BBCODE}</label>
 			<!-- ENDIF -->
@@ -105,7 +105,7 @@
 				<label><input type="checkbox" class="radio" name="disable_magic_url"{S_MAGIC_URL_CHECKED} /> {L_DISABLE_MAGIC_URL}</label>
 			<!-- ENDIF -->
 			</dd>
-			<dd style="margin-left: 90px; margin-top: 10px;"><strong>{L_OPTIONS}: </strong>{BBCODE_STATUS} :: {IMG_STATUS} :: {FLASH_STATUS} :: {URL_STATUS} :: {SMILIES_STATUS}</dd>
+			<dd style="margin-{S_CONTENT_FLOW_BEGIN}: 90px; margin-top: 10px;"><strong>{L_OPTIONS}: </strong>{BBCODE_STATUS} :: {IMG_STATUS} :: {FLASH_STATUS} :: {URL_STATUS} :: {SMILIES_STATUS}</dd>
 		</dl>
 	</fieldset>
 

phpBB/adm/style/acp_users_warnings.html

@@ -7,17 +7,16 @@
 		<th>{L_REPORT_BY}</th>
 		<th>{L_TIME}</th>
 		<th>{L_FEEDBACK}</th>
-		<!-- IF S_CLEARLOGS --><th>{L_MARK}</th><!-- ENDIF -->
+		<th>{L_MARK}</th>
 	</tr>
 	</thead>
 	<tbody>
 	<!-- BEGIN warn -->
 		<!-- IF warn.S_ROW_COUNT is even --><tr class="row1"><!-- ELSE --><tr class="row2"><!-- ENDIF -->
-
 			<td>{warn.USERNAME}</td>
 			<td style="text-align: center; nowrap: nowrap;">{warn.DATE}</td>
 			<td>{warn.ACTION}</td>
-			<!-- IF S_CLEARLOGS --><td style="text-align: center;"><input type="checkbox" class="radio" name="mark[]" value="{warn.ID}" /></td><!-- ENDIF -->
+			<td style="text-align: center;"><input type="checkbox" class="radio" name="mark[]" value="{warn.ID}" /></td>
 		</tr>
 	<!-- END warn -->
 	</tbody>
@@ -28,12 +27,10 @@
 		</div>
 	<!-- ENDIF -->
 
-	<!-- IF S_CLEARLOGS -->
-		<fieldset class="quick">
-			<input class="button2" type="submit" name="delall" value="{L_DELETE_ALL}" />&nbsp;
-			<input class="button2" type="submit" name="delmarked" value="{L_DELETE_MARKED}" />
-			<p class="small"><a href="#" onclick="marklist('list', 'mark', true);">{L_MARK_ALL}</a> &bull; <a href="#" onclick="marklist('list', 'mark', false);">{L_UNMARK_ALL}</a></p>
-		</fieldset>
-	<!-- ENDIF -->
+	<fieldset class="quick">
+		<input class="button2" type="submit" name="delall" value="{L_DELETE_ALL}" />&nbsp;
+		<input class="button2" type="submit" name="delmarked" value="{L_DELETE_MARKED}" />
+		<p class="small"><a href="#" onclick="marklist('list', 'mark', true);">{L_MARK_ALL}</a> &bull; <a href="#" onclick="marklist('list', 'mark', false);">{L_UNMARK_ALL}</a></p>
+	</fieldset>
 	{S_FORM_TOKEN}
 	</form>

phpBB/adm/style/admin.css

@@ -69,8 +69,8 @@ h2, caption {
 h3, h4 {
 	font-family: "Trebuchet MS", Helvetica, sans-serif;
 	font-size: 1.20em;
-	text-decoration: none; 
-	line-height: 1.20em; 
+	text-decoration: none;
+	line-height: 1.20em;
 	margin-top: 25px;
 }
 
@@ -97,8 +97,8 @@ hr {
 	height: 1px;
 }
 
-.small { 
-	font-size: 0.85em; 
+.small {
+	font-size: 0.85em;
 }
 
 /* General links  */
@@ -195,7 +195,6 @@ li {
 	width: 76%;
 	margin: 0 0 0 3%;
 	min-height: 350px;
-	overflow-y: auto;
 }
 
 .rtl #main {
@@ -203,8 +202,8 @@ li {
 	margin: 0 3% 0 0;
 }
 
-* html #main { 
-	height: 350px; 
+* html #main {
+	height: 350px;
 }
 
 #page-body.simple-page-body {
@@ -316,7 +315,7 @@ li {
 	padding: 0;
 }
 
-span.corners-top, span.corners-bottom, 
+span.corners-top, span.corners-bottom,
 span.corners-top span, span.corners-bottom span {
 	font-size: 1px;
 	line-height: 1px;
@@ -671,14 +670,10 @@ legend {
 	position: relative;
 	text-transform: none;
 	line-height: 1.2em;
-	top: 0;
+	top: -.2em;
 	vertical-align: middle;
 }
 
-/* Hide from macIE \*/
-legend { top: -1.2em; }
-/* end */
-
 * html legend {
 	margin: 0 0 -10px -7px;
 	line-height: 1em;
@@ -795,7 +790,7 @@ label img {
 
 fieldset.quick, p.quick {
 	margin: 0 0 5px;
-	padding: 5px 0 0; 
+	padding: 5px 0 0;
 	border: none;
 	background-color: transparent;
 	text-align: right;
@@ -848,7 +843,7 @@ select option.disabled {
 }
 
 /* Special case inputs */
-select#board_timezone, 
+select#board_timezone,
 select#full_folder_action {
 	width: 95%;
 }
@@ -1245,12 +1240,12 @@ input.disabled {
 }
 
 /* Nice method for clearing floated blocks without having to insert any extra markup
-	From http://www.positioniseverything.net/easyclearing.html 
+	From http://www.positioniseverything.net/easyclearing.html
 .clearfix:after, #tabs:after, .row:after, #content:after, fieldset dl:after, #page-body:after {
-	content: "."; 
-	display: block; 
-	height: 0; 
-	clear: both; 
+	content: ".";
+	display: block;
+	height: 0;
+	clear: both;
 	visibility: hidden;
 }*/
 
@@ -1317,7 +1312,7 @@ fieldset.permissions legend input{
 	height: 1.1em;
 }
 
-/* Permission sections */ 
+/* Permission sections */
 fieldset.permissions .permissions-simple {
 	text-align: left;
 	padding-top: 3px;
@@ -1528,7 +1523,7 @@ fieldset.permissions .padding {
 	background-image: url("../images/corners_right2.gif");
 }
 
-.permissions-panel span.corners-top, .permissions-panel span.corners-bottom, 
+.permissions-panel span.corners-top, .permissions-panel span.corners-bottom,
 .permissions-panel span.corners-top span, .permissions-panel span.corners-bottom span {
 	font-size: 1px;
 	line-height: 1px;
@@ -1606,7 +1601,7 @@ fieldset.permissions .padding {
 }
 
 .permissions-panel th.row4 {
-	background-image: none;	
+	background-image: none;
 	background-color: #E4E8EB;
 	color: #536482;
 	border: none;
@@ -1614,8 +1609,8 @@ fieldset.permissions .padding {
 
 .permissions-panel th a:link, .permissions-panel th a:hover, .permissions-panel th a:visited {
 	display: block;
-	color: #FFFFFF; 
-	text-decoration: underline; 
+	color: #FFFFFF;
+	text-decoration: underline;
 }
 
 .permissions-panel td.permissions-yes label:hover {

phpBB/adm/style/captcha_gd_acp.html

@@ -56,11 +56,13 @@
 
 </fieldset>
 
-<fieldset class="submit-buttons">
-	<legend>{L_SUBMIT}</legend>
-	<input class="button1" type="submit" id="submit" name="submit" value="{L_SUBMIT}" />&nbsp;
-	<input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" />&nbsp;
-	<input class="button2" type="submit" id="preview" name="preview" value="{L_PREVIEW}" />&nbsp;
+<fieldset>
+	<legend>{L_ACP_SUBMIT_CHANGES}</legend>
+	<p class="submit-buttons">
+		<input class="button1" type="submit" id="submit" name="submit" value="{L_SUBMIT}" />&nbsp;
+		<input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" />&nbsp;
+		<input class="button2" type="submit" id="preview" name="preview" value="{L_PREVIEW}" />&nbsp;
+	</p>
 
 	<input type="hidden" name="select_captcha" value="{CAPTCHA_NAME}" />
 	<input type="hidden" name="configure" value="1" />

phpBB/adm/style/captcha_qa_acp_demo.html

@@ -1,5 +1,5 @@
 <dl>
-	<dt><label for="answer">{L_CONFIRM_QUESTION}:</label><br /><span>{L_CONFIRM_QUESTION_EXPLAIN}</span></dt>
+	<dt><label for="answer"><!-- IF QA_CONFIRM_QUESTION --> {QA_CONFIRM_QUESTION} <!-- ELSE --> {L_CONFIRM_QUESTION} <!-- ENDIF -->:</label><br /><span>{L_CONFIRM_QUESTION_EXPLAIN}</span></dt>
 
 	<dd>
 		<input type="text" tabindex="10" name="answer" id="answer" size="45" class="inputbox autowidth" title="{L_ANSWER}"  />

phpBB/adm/style/captcha_recaptcha.html

@@ -1,13 +1,22 @@
 <!-- IF S_RECAPTCHA_AVAILABLE -->
 	<dl>
 	<dd>
-		<script type="text/javascript" src="{RECAPTCHA_SERVER}/challenge?k={RECAPTCHA_PUBKEY}{RECAPTCHA_ERRORGET}">
+		<script type="text/javascript">
 		// <![CDATA[
 		var RecaptchaOptions = {
-		   lang : {L_RECAPTCHA_LANG}
+			lang : '{LA_RECAPTCHA_LANG}',
+			theme : 'clean',
 		};
 		// ]]>
 		</script>
+		<script type="text/javascript" src="{RECAPTCHA_SERVER}/challenge?k={RECAPTCHA_PUBKEY}{RECAPTCHA_ERRORGET}"></script>
+		<script type="text/javascript">
+		// <![CDATA[
+		<!-- IF S_CONTENT_DIRECTION eq 'rtl' -->
+			document.getElementById('recaptcha_table').style.direction = 'ltr';
+		<!-- ENDIF -->
+		// ]]>
+		</script>
 
 
 	<noscript>

phpBB/adm/style/captcha_recaptcha_acp.html

@@ -34,10 +34,12 @@
 <!-- INCLUDE {CAPTCHA_PREVIEW} -->
 </fieldset>
 
-<fieldset class="submit-buttons">
-	<legend>{L_SUBMIT}</legend>
-	<input class="button1" type="submit" id="submit" name="submit" value="{L_SUBMIT}" />&nbsp;
-	<input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" />&nbsp;
+<fieldset>
+	<legend>{L_ACP_SUBMIT_CHANGES}</legend>
+	<p class="submit-buttons">
+		<input class="button1" type="submit" id="submit" name="submit" value="{L_SUBMIT}" />&nbsp;
+		<input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" />&nbsp;
+	</p>
 	<input type="hidden" name="select_captcha" value="{CAPTCHA_NAME}" />
 	<input type="hidden" name="configure" value="1" />
 

phpBB/adm/style/confirm_bbcode.html

@@ -0,0 +1,22 @@
+<!-- INCLUDE overall_header.html -->
+
+<form id="confirm" method="post" action="{S_CONFIRM_ACTION}">
+	<div class="errorbox">
+		<h3>{L_WARNING}</h3>
+		<p>{MESSAGE_TEXT}</p>
+	</div>
+<fieldset>
+
+
+	{S_HIDDEN_FIELDS}
+
+	<div style="text-align: center;">
+		<input type="submit" name="confirm" value="{L_YES}" class="button2" />&nbsp; 
+		<input type="submit" name="cancel" value="{L_CANCEL}" class="button2" />
+	</div>
+
+</fieldset>
+		
+</form>
+
+<!-- INCLUDE overall_footer.html -->

phpBB/adm/style/editor.js

@@ -46,7 +46,11 @@ function initInsertions()
 	{
 		textarea.focus();
 		baseHeight = doc.selection.createRange().duplicate().boundingHeight;
-		// document.body.focus();
+
+		if (!document.forms[form_name])
+		{
+			document.body.focus();
+		}
 	}
 }
 
@@ -152,7 +156,7 @@ function insert_text(text, spaces, popup)
 		var sel_start = textarea.selectionStart;
 		var sel_end = textarea.selectionEnd;
 
-		mozWrap(textarea, text, '')
+		mozWrap(textarea, text, '');
 		textarea.selectionStart = sel_start + text.length;
 		textarea.selectionEnd = sel_end + text.length;
 	}	
@@ -230,6 +234,7 @@ function addquote(post_id, username)
 			theSelection = theSelection.replace(/&lt\;/ig, '<');
 			theSelection = theSelection.replace(/&gt\;/ig, '>');
 			theSelection = theSelection.replace(/&amp\;/ig, '&');			
+			theSelection = theSelection.replace(/&nbsp\;/ig, ' ');
 		}
 		else if (document.all)
 		{
@@ -269,12 +274,12 @@ function mozWrap(txtarea, open, close)
 	}
 
 	var s1 = (txtarea.value).substring(0,selStart);
-	var s2 = (txtarea.value).substring(selStart, selEnd)
+	var s2 = (txtarea.value).substring(selStart, selEnd);
 	var s3 = (txtarea.value).substring(selEnd, selLength);
 
 	txtarea.value = s1 + open + s2 + close + s3;
-	txtarea.selectionStart = selEnd + open.length + close.length;
-	txtarea.selectionEnd = txtarea.selectionStart;
+	txtarea.selectionStart = selStart + open.length;
+	txtarea.selectionEnd = selEnd + open.length;
 	txtarea.focus();
 	txtarea.scrollTop = scrollTop;
 
@@ -327,8 +332,8 @@ function colorPalette(dir, width, height)
 			for (b = 0; b < 5; b++)
 			{
 				color = String(numberList[r]) + String(numberList[g]) + String(numberList[b]);
-				document.write('<td bgcolor="#' + color + '">');
-				document.write('<a href="#" onclick="bbfontstyle(\'[color=#' + color + ']\', \'[/color]\'); return false;" onmouseover="helpline(\'s\');"  onmouseout="helpline(\'tip\');"><img src="images/spacer.gif" width="' + width + '" height="' + height + '" alt="#' + color + '" title="#' + color + '" /></a>');
+				document.write('<td bgcolor="#' + color + '" style="width: ' + width + 'px; height: ' + height + 'px;">');
+				document.write('<a href="#" onclick="bbfontstyle(\'[color=#' + color + ']\', \'[/color]\'); return false;"><img src="images/spacer.gif" width="' + width + '" height="' + height + '" alt="#' + color + '" title="#' + color + '" /></a>');
 				document.writeln('</td>');
 			}
 

phpBB/adm/style/install_update.html

@@ -200,7 +200,7 @@
 				<legend><img src="{T_IMAGE_PATH}file_up_to_date.gif" alt="{L_STATUS_UP_TO_DATE}" /></legend>
 			<!-- BEGIN up_to_date -->
 				<dl>
-					<dd class="full" style="text-align: left;"><strong>{up_to_date.FILENAME}</strong></dd>
+					<dd class="full" style="text-align: {S_CONTENT_FLOW_BEGIN};"><strong>{up_to_date.FILENAME}</strong></dd>
 				</dl>
 			<!-- END up_to_date -->
 			</fieldset>
@@ -218,11 +218,11 @@
 					<dt style="width: 60%;"><strong><!-- IF new.DIR_PART -->{new.DIR_PART}<br /><!-- ENDIF -->{new.FILE_PART}</strong>
 					<!-- IF new.S_CUSTOM --><br /><span><em>{L_FILE_USED}: </em>{new.CUSTOM_ORIGINAL}</span><!-- ENDIF -->
 				</dt>
-				<dd style="margin-left: 60%;">
+				<dd style="margin-{S_CONTENT_FLOW_BEGIN}: 60%;">
 					<!-- IF not new.S_BINARY -->[<a href="{new.U_SHOW_DIFF}" onclick="diff_popup(this.href); return false;">{new.L_SHOW_DIFF}</a>]<!-- ELSE -->{L_BINARY_FILE}<!-- ENDIF -->
 				</dd>
 				<!-- IF new.S_CUSTOM -->
-					<dd style="margin-left: 60%;"><label><input type="checkbox" name="no_update[]" value="{new.FILENAME}" class="radio" /> {L_DO_NOT_UPDATE}</label></dd>
+					<dd style="margin-{S_CONTENT_FLOW_BEGIN}: 60%;"><label><input type="checkbox" name="no_update[]" value="{new.FILENAME}" class="radio" /> {L_DO_NOT_UPDATE}</label></dd>
 				<!-- ENDIF -->
 				</dl>
 			<!-- END new -->
@@ -242,9 +242,9 @@
 					<dt style="width: 60%;"><strong><!-- IF not_modified.DIR_PART -->{not_modified.DIR_PART}<br /><!-- ENDIF -->{not_modified.FILE_PART}</strong>
 						<!-- IF not_modified.S_CUSTOM --><br /><span><em>{L_FILE_USED}: </em>{not_modified.CUSTOM_ORIGINAL}</span><!-- ENDIF -->
 					</dt>
-					<dd style="margin-left: 60%;"><!-- IF not not_modified.S_BINARY -->[<a href="{not_modified.U_SHOW_DIFF}" onclick="diff_popup(this.href); return false;">{not_modified.L_SHOW_DIFF}</a>]<!-- ELSE -->{L_BINARY_FILE}<!-- ENDIF --></dd>
+					<dd style="margin-{S_CONTENT_FLOW_BEGIN}: 60%;"><!-- IF not not_modified.S_BINARY -->[<a href="{not_modified.U_SHOW_DIFF}" onclick="diff_popup(this.href); return false;">{not_modified.L_SHOW_DIFF}</a>]<!-- ELSE -->{L_BINARY_FILE}<!-- ENDIF --></dd>
 					<!-- IF not_modified.S_CUSTOM -->
-						<dd style="margin-left: 60%;"><label><input type="checkbox" name="no_update[]" value="{not_modified.FILENAME}" class="radio" /> {L_DO_NOT_UPDATE}</label></dd>
+						<dd style="margin-{S_CONTENT_FLOW_BEGIN}: 60%;"><label><input type="checkbox" name="no_update[]" value="{not_modified.FILENAME}" class="radio" /> {L_DO_NOT_UPDATE}</label></dd>
 					<!-- ENDIF -->
 				</dl>
 			<!-- END not_modified -->
@@ -263,22 +263,22 @@
 					<dt style="width: 60%;"><strong><!-- IF modified.DIR_PART -->{modified.DIR_PART}<br /><!-- ENDIF -->{modified.FILE_PART}</strong>
 					<!-- IF modified.S_CUSTOM --><br /><span><em>{L_FILE_USED}: </em>{modified.CUSTOM_ORIGINAL}</span><!-- ENDIF -->
 				</dt>
-				<dd style="margin-left: 60%;">&nbsp;</dd>
+				<dd style="margin-{S_CONTENT_FLOW_BEGIN}: 60%;">&nbsp;</dd>
 				<!-- IF modified.S_CUSTOM -->
-					<dd style="margin-left: 60%;"><label><input type="checkbox" name="no_update[]" value="{modified.FILENAME}" class="radio" /> {L_DO_NOT_UPDATE}</label></dd>
+					<dd style="margin-{S_CONTENT_FLOW_BEGIN}: 60%;"><label><input type="checkbox" name="no_update[]" value="{modified.FILENAME}" class="radio" /> {L_DO_NOT_UPDATE}</label></dd>
 				<!-- ENDIF -->
 				</dl>
 				<dl>
 					<dt style="width: 60%"><label><input type="radio" class="radio" name="modified[{modified.FILENAME}]" value="0" checked="checked" /> {L_MERGE_MODIFICATIONS_OPTION}</label></dt>
-					<dd style="margin-left: 60%;"><!-- IF not modified.S_BINARY -->[<a href="{modified.U_SHOW_DIFF}" onclick="diff_popup(this.href); return false;">{modified.L_SHOW_DIFF}</a>]<!-- ELSE -->{L_BINARY_FILE}<!-- ENDIF --></dd>
+					<dd style="margin-{S_CONTENT_FLOW_BEGIN}: 60%;"><!-- IF not modified.S_BINARY -->[<a href="{modified.U_SHOW_DIFF}" onclick="diff_popup(this.href); return false;">{modified.L_SHOW_DIFF}</a>]<!-- ELSE -->{L_BINARY_FILE}<!-- ENDIF --></dd>
 				</dl>
 				<dl>
 					<dt style="width: 60%"><label><input type="radio" class="radio" name="modified[{modified.FILENAME}]" value="1" /> {L_MERGE_NO_MERGE_NEW_OPTION}</label></dt>
-					<dd style="margin-left: 60%;"><!-- IF not modified.S_BINARY -->[<a href="{modified.U_VIEW_NO_MERGE_NEW}" onclick="diff_popup(this.href); return false;">{L_SHOW_DIFF_FINAL}</a>]<!-- ELSE -->&nbsp;<!-- ENDIF --></dd>
+					<dd style="margin-{S_CONTENT_FLOW_BEGIN}: 60%;"><!-- IF not modified.S_BINARY -->[<a href="{modified.U_VIEW_NO_MERGE_NEW}" onclick="diff_popup(this.href); return false;">{L_SHOW_DIFF_FINAL}</a>]<!-- ELSE -->&nbsp;<!-- ENDIF --></dd>
 				</dl>
 				<dl>
 					<dt style="width: 60%"><label><input type="radio" class="radio" name="modified[{modified.FILENAME}]" value="2" /> {L_MERGE_NO_MERGE_MOD_OPTION}</label></dt>
-					<dd style="margin-left: 60%;"><!-- IF not modified.S_BINARY -->[<a href="{modified.U_VIEW_NO_MERGE_MOD}" onclick="diff_popup(this.href); return false;">{L_SHOW_DIFF_FINAL}</a>]<!-- ELSE -->&nbsp;<!-- ENDIF --></dd>
+					<dd style="margin-{S_CONTENT_FLOW_BEGIN}: 60%;"><!-- IF not modified.S_BINARY -->[<a href="{modified.U_VIEW_NO_MERGE_MOD}" onclick="diff_popup(this.href); return false;">{L_SHOW_DIFF_FINAL}</a>]<!-- ELSE -->&nbsp;<!-- ENDIF --></dd>
 				</dl>
 			</fieldset>
 			<!-- END modified -->
@@ -296,11 +296,11 @@
 					<dt style="width: 60%;"><strong><!-- IF new_conflict.DIR_PART -->{new_conflict.DIR_PART}<br /><!-- ENDIF -->{new_conflict.FILE_PART}</strong>
 					<!-- IF new_conflict.S_CUSTOM --><br /><span><em>{L_FILE_USED}: </em>{new_conflict.CUSTOM_ORIGINAL}</span><!-- ENDIF -->
 				</dt>
-				<dd style="margin-left: 60%;">
+				<dd style="margin-{S_CONTENT_FLOW_BEGIN}: 60%;">
 					<!-- IF not new_conflict.S_BINARY -->[<a href="{new_conflict.U_SHOW_DIFF}" onclick="diff_popup(this.href); return false;">{new_conflict.L_SHOW_DIFF}</a>]<!-- ELSE -->{L_BINARY_FILE}<!-- ENDIF -->
 				</dd>
 				<!-- IF new_conflict.S_CUSTOM -->
-					<dd style="margin-left: 60%;"><label><input type="checkbox" name="no_update[]" value="{new_conflict.FILENAME}" class="radio" /> {L_DO_NOT_UPDATE}</label></dd>
+					<dd style="margin-{S_CONTENT_FLOW_BEGIN}: 60%;"><label><input type="checkbox" name="no_update[]" value="{new_conflict.FILENAME}" class="radio" /> {L_DO_NOT_UPDATE}</label></dd>
 				<!-- ENDIF -->
 				</dl>
 			<!-- END new_conflict -->
@@ -320,35 +320,35 @@
 						<!-- IF conflict.S_CUSTOM --><br /><span><em>{L_FILE_USED}: </em>{conflict.CUSTOM_ORIGINAL}</span><!-- ENDIF -->
 						<!-- IF conflict.NUM_CONFLICTS --><br /><span>{L_NUM_CONFLICTS}: {conflict.NUM_CONFLICTS}</span><!-- ENDIF -->
 					</dt>
-					<dd style="margin-left: 60%;">
+					<dd style="margin-{S_CONTENT_FLOW_BEGIN}: 60%;">
 						<!-- IF not conflict.S_BINARY -->[<a href="{conflict.U_SHOW_DIFF}">{L_DOWNLOAD_CONFLICTS}</a>]<br />{L_DOWNLOAD_CONFLICTS_EXPLAIN}
 						<!-- ELSE -->{L_BINARY_FILE}<!-- ENDIF -->
 					</dd>
 					<!-- IF conflict.S_CUSTOM -->
-						<dd style="margin-left: 60%;"><label><input type="checkbox" name="no_update[]" value="{conflict.FILENAME}" class="radio" /> {L_DO_NOT_UPDATE}</label></dd>
+						<dd style="margin-{S_CONTENT_FLOW_BEGIN}: 60%;"><label><input type="checkbox" name="no_update[]" value="{conflict.FILENAME}" class="radio" /> {L_DO_NOT_UPDATE}</label></dd>
 					<!-- ENDIF -->
 				</dl>
 				<!-- IF conflict.S_BINARY -->
 					<dl>
 						<dt style="width: 60%"><label><input type="radio" class="radio" name="conflict[{conflict.FILENAME}]" value="1" checked="checked" /> {L_MERGE_NO_MERGE_NEW_OPTION}</label></dt>
-						<dd style="margin-left: 60%;">&nbsp;</dd>
+						<dd style="margin-{S_CONTENT_FLOW_BEGIN}: 60%;">&nbsp;</dd>
 					</dl>
 				<!-- ELSE -->
 					<dl>
 						<dt style="width: 60%"><label><input type="radio" class="radio" name="conflict[{conflict.FILENAME}]" value="3" checked="checked" /> {L_MERGE_NEW_FILE_OPTION}</label></dt>
-						<dd style="margin-left: 60%;">[<a href="{conflict.U_VIEW_NEW_FILE}" onclick="diff_popup(this.href); return false;">{L_SHOW_DIFF_MODIFIED}</a>]</dd>
+						<dd style="margin-{S_CONTENT_FLOW_BEGIN}: 60%;">[<a href="{conflict.U_VIEW_NEW_FILE}" onclick="diff_popup(this.href); return false;">{L_SHOW_DIFF_MODIFIED}</a>]</dd>
 					</dl>
 					<dl>
 						<dt style="width: 60%"><label><input type="radio" class="radio" name="conflict[{conflict.FILENAME}]" value="4" /> {L_MERGE_MOD_FILE_OPTION}</label></dt>
-						<dd style="margin-left: 60%;">[<a href="{conflict.U_VIEW_MOD_FILE}" onclick="diff_popup(this.href); return false;">{L_SHOW_DIFF_MODIFIED}</a>]</dd>
+						<dd style="margin-{S_CONTENT_FLOW_BEGIN}: 60%;">[<a href="{conflict.U_VIEW_MOD_FILE}" onclick="diff_popup(this.href); return false;">{L_SHOW_DIFF_MODIFIED}</a>]</dd>
 					</dl>
 					<dl>
 						<dt style="width: 60%"><label><input type="radio" class="radio" name="conflict[{conflict.FILENAME}]" value="1" /> {L_MERGE_NO_MERGE_NEW_OPTION}</label></dt>
-						<dd style="margin-left: 60%;">[<a href="{conflict.U_VIEW_NO_MERGE_NEW}" onclick="diff_popup(this.href); return false;">{L_SHOW_DIFF_FINAL}</a>]</dd>
+						<dd style="margin-{S_CONTENT_FLOW_BEGIN}: 60%;">[<a href="{conflict.U_VIEW_NO_MERGE_NEW}" onclick="diff_popup(this.href); return false;">{L_SHOW_DIFF_FINAL}</a>]</dd>
 					</dl>
 					<dl>
 						<dt style="width: 60%"><label><input type="radio" class="radio" name="conflict[{conflict.FILENAME}]" value="2" /> {L_MERGE_NO_MERGE_MOD_OPTION}</label></dt>
-						<dd style="margin-left: 60%;">[<a href="{conflict.U_VIEW_NO_MERGE_MOD}" onclick="diff_popup(this.href); return false;">{L_SHOW_DIFF_FINAL}</a>]</dd>
+						<dd style="margin-{S_CONTENT_FLOW_BEGIN}: 60%;">[<a href="{conflict.U_VIEW_NO_MERGE_MOD}" onclick="diff_popup(this.href); return false;">{L_SHOW_DIFF_FINAL}</a>]</dd>
 					</dl>
 				<!-- ENDIF -->
 			</fieldset>

phpBB/adm/style/install_update_diff.html

@@ -15,9 +15,9 @@
 // <![CDATA[
 function resize_panel()
 {
-	var block = document.getElementById('codepanel');	
+	var block = document.getElementById('codepanel');
 	var height;
-	
+
 	if (window.innerHeight)
 	{
 		height = window.innerHeight - 150;
@@ -26,7 +26,7 @@ function resize_panel()
 	else
 	{
 		//whatever IE needs to do this
-	}	
+	}
 }
 
 window.onresize = resize_panel;
@@ -54,7 +54,7 @@ div#codepanel {
 	width: 100%;
 }
 <!-- ELSE -->
-div#codepanel {	
+div#codepanel {
 	background-color: #eee;
 }
 <!-- ENDIF -->
@@ -149,10 +149,10 @@ table.hrdiff tbody th {
 
 table.hrdiff tbody td.old {
 	border-left: 1px solid #999;
-	border-right: 1px solid #999;	
+	border-right: 1px solid #999;
 }
 table.hrdiff tbody td.new {
-	border-right: 1px solid #999;	
+	border-right: 1px solid #999;
 }
 
 table.hrdiff td pre {
@@ -237,19 +237,19 @@ table.hrdiff caption span {
 			<input class="button1" type="submit" id="submit" name="submit" value="{L_CHANGE}" />
 		</fieldset>
 		</form>
+<!-- ENDIF -->
+<!-- IF S_DIFF_CONFLICT_FILE -->
+		<div style="float: {S_CONTENT_FLOW_BEGIN};"><strong>{L_NUM_CONFLICTS}: {NUM_CONFLICTS}</strong></div>
+		<br style="clear: both;" />
 <!-- ENDIF -->
 	</div>
-	
+
 	<div id="page-body">
 		<div id="acp">
 		<div class="panel" id="codepanel">
 			<span class="corners-top"><span></span></span>
 				<div id="diff_content">
 					<div id="main">
-
-<!-- IF S_DIFF_CONFLICT_FILE -->
-		<div style="float: {S_CONTENT_FLOW_END};"><strong>{L_NUM_CONFLICTS}: {NUM_CONFLICTS}</strong></div>
-<!-- ENDIF -->
 						{DIFF_CONTENT}
 					</div>
 				</div>
@@ -257,6 +257,6 @@ table.hrdiff caption span {
 		</div>
 		</div>
 	</div>
-	
+
 
 <!-- INCLUDE simple_footer.html -->

phpBB/adm/style/permission_mask.html

@@ -40,7 +40,7 @@
 		<dl class="permissions-simple">
 			<dt style="width: 20%"><label for="role{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}">{L_ROLE}:</label></dt>
 			<!-- IF p_mask.f_mask.S_ROLE_OPTIONS -->
-				<dd style="margin-left: 20%"><select id="role{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}" name="role[{p_mask.f_mask.UG_ID}][{p_mask.f_mask.FORUM_ID}]" onchange="set_role_settings(this.options[selectedIndex].value, 'advanced{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}'); init_colours('{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}')">{p_mask.f_mask.S_ROLE_OPTIONS}</select></dd>
+				<dd style="margin-{S_CONTENT_FLOW_BEGIN}: 20%"><select id="role{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}" name="role[{p_mask.f_mask.UG_ID}][{p_mask.f_mask.FORUM_ID}]" onchange="set_role_settings(this.options[selectedIndex].value, 'advanced{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}'); init_colours('{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}')">{p_mask.f_mask.S_ROLE_OPTIONS}</select></dd>
 			<!-- ELSE -->
 				<dd>{L_NO_ROLE_AVAILABLE}</dd>
 			<!-- ENDIF -->
@@ -118,7 +118,7 @@
 			</div>
 			
 			<!-- IF not p_mask.S_VIEW -->
-			<fieldset class="quick" style="margin-right: 11px;">
+			<fieldset class="quick" style="margin-{S_CONTENT_FLOW_END}: 11px;">
 				<p class="small">{L_APPLY_PERMISSIONS_EXPLAIN}</p>
 				<input class="button1" type="submit" name="psubmit[{p_mask.f_mask.UG_ID}][{p_mask.f_mask.FORUM_ID}]" value="{L_APPLY_PERMISSIONS}" />
 				<!-- IF .p_mask.f_mask gt 1 or .p_mask gt 1 -->

phpBB/common.php

@@ -19,8 +19,12 @@ if (!defined('IN_PHPBB'))
 $starttime = explode(' ', microtime());
 $starttime = $starttime[1] + $starttime[0];
 
-// Report all errors, except notices
-error_reporting(E_ALL ^ E_NOTICE);
+// Report all errors, except notices and deprecation messages
+if (!defined('E_DEPRECATED'))
+{
+	define('E_DEPRECATED', 8192);
+}
+error_reporting(E_ALL ^ E_NOTICE ^ E_DEPRECATED);
 
 /*
 * Remove variables created by register_globals from the global scope
@@ -119,13 +123,11 @@ if (defined('IN_CRON'))
 	$phpbb_root_path = dirname(__FILE__) . DIRECTORY_SEPARATOR;
 }
 
-if (!file_exists($phpbb_root_path . 'config.' . $phpEx))
+if (file_exists($phpbb_root_path . 'config.' . $phpEx))
 {
-	die("<p>The config.$phpEx file could not be found.</p><p><a href=\"{$phpbb_root_path}install/index.$phpEx\">Click here to install phpBB</a></p>");
+	require($phpbb_root_path . 'config.' . $phpEx);
 }
 
-require($phpbb_root_path . 'config.' . $phpEx);
-
 if (!defined('PHPBB_INSTALLED'))
 {
 	// Redirect the user to the installer
@@ -172,7 +174,8 @@ if (defined('DEBUG_EXTRA'))
 }
 
 // Load Extensions
-if (!empty($load_extensions))
+// dl() is deprecated and disabled by default as of PHP 5.3.
+if (!empty($load_extensions) && function_exists('dl'))
 {
 	$load_extensions = explode(',', $load_extensions);
 

phpBB/develop/check_flash_bbcodes.php

@@ -0,0 +1,163 @@
+<?php
+/**
+*
+* @package phpBB3
+* @version $Id$
+* @copyright (c) 2009, 2010 phpBB Group
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License
+*
+*/
+
+/**
+* This script will check your database for potentially dangerous flash BBCode tags
+*/
+
+//
+// Security message:
+//
+// This script is potentially dangerous.
+// Remove or comment the next line (die(".... ) to enable this script.
+// Do NOT FORGET to either remove this script or disable it after you have used it.
+//
+die("Please read the first lines of this script for instructions on how to enable it\n");
+
+/**
+*/
+define('IN_PHPBB', true);
+$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './';
+$phpEx = substr(strrchr(__FILE__, '.'), 1);
+include($phpbb_root_path . 'common.' . $phpEx);
+
+if (php_sapi_name() != 'cli')
+{
+	header('Content-Type: text/plain');
+}
+
+check_table_flash_bbcodes(POSTS_TABLE, 'post_id', 'post_text', 'bbcode_uid', 'bbcode_bitfield');
+check_table_flash_bbcodes(PRIVMSGS_TABLE, 'msg_id', 'message_text', 'bbcode_uid', 'bbcode_bitfield');
+check_table_flash_bbcodes(USERS_TABLE, 'user_id', 'user_sig', 'user_sig_bbcode_uid', 'user_sig_bbcode_bitfield');
+check_table_flash_bbcodes(FORUMS_TABLE, 'forum_id', 'forum_desc', 'forum_desc_uid', 'forum_desc_bitfield');
+check_table_flash_bbcodes(FORUMS_TABLE, 'forum_id', 'forum_rules', 'forum_rules_uid', 'forum_rules_bitfield');
+check_table_flash_bbcodes(GROUPS_TABLE, 'group_id', 'group_desc', 'group_desc_uid', 'group_desc_bitfield');
+
+echo "If potentially dangerous flash bbcodes were found, please reparse the posts using the Support Toolkit (http://www.phpbb.com/support/stk/) and/or file a ticket in the Incident Tracker (http://www.phpbb.com/incidents/).\n";
+
+function check_table_flash_bbcodes($table_name, $id_field, $content_field, $uid_field, $bitfield_field)
+{
+	echo "Checking $content_field on $table_name\n";
+
+	$ids = get_table_flash_bbcode_pkids($table_name, $id_field, $content_field, $uid_field, $bitfield_field);
+
+	$size = sizeof($ids);
+	if ($size)
+	{
+		echo "Found $size potentially dangerous flash bbcodes.\n";
+		echo "$id_field: " . implode(', ', $ids) . "\n";
+	}
+	else
+	{
+		echo "No potentially dangerous flash bbcodes found.\n";
+	}
+
+	echo "\n";
+}
+
+function get_table_flash_bbcode_pkids($table_name, $id_field, $content_field, $uid_field, $bitfield_field)
+{
+	global $db;
+
+	$ids = array();
+
+	$sql = "SELECT $id_field, $content_field, $uid_field, $bitfield_field
+		FROM $table_name
+		WHERE $content_field LIKE '%[/flash:%'
+			AND $bitfield_field <> ''";
+
+	$result = $db->sql_query($sql);
+	while ($row = $db->sql_fetchrow($result))
+	{
+		$uid = $row[$uid_field];
+
+		// thanks support toolkit
+		$content = html_entity_decode_utf8($row[$content_field]);
+		set_var($content, $content, 'string', true);
+		$content = utf8_normalize_nfc($content);
+
+		$bitfield_data = $row[$bitfield_field];
+
+		if (!is_valid_flash_bbcode($content, $uid) && has_flash_enabled($bitfield_data))
+		{
+			$ids[] = (int) $row[$id_field];
+		}
+	}
+	$db->sql_freeresult($result);
+
+	return $ids;
+}
+
+function get_flash_regex($uid)
+{
+	return "#\[flash=([0-9]+),([0-9]+):$uid\](.*?)\[/flash:$uid\]#";
+}
+
+// extract all valid flash bbcodes
+// check if the bbcode content is a valid URL for each match
+function is_valid_flash_bbcode($cleaned_content, $uid)
+{
+	$regex = get_flash_regex($uid);
+
+	$url_regex = get_preg_expression('url');
+	$www_url_regex = get_preg_expression('www_url');
+
+	if (preg_match_all($regex, $cleaned_content, $matches))
+	{
+		foreach ($matches[3] as $flash_url)
+		{
+			if (!preg_match("#^($url_regex|$www_url_regex)$#i", $flash_url))
+			{
+				return false;
+			}
+		}
+	}
+
+	return true;
+}
+
+// check if a bitfield includes flash
+// 11 = flash bit
+function has_flash_enabled($bitfield_data)
+{
+	$bitfield = new bitfield($bitfield_data);
+	return $bitfield->get(11);
+}
+
+// taken from support toolkit
+function html_entity_decode_utf8($string)
+{
+	static $trans_tbl;
+
+	// replace numeric entities
+	$string = preg_replace('~&#x([0-9a-f]+);~ei', 'code2utf8(hexdec("\\1"))', $string);
+	$string = preg_replace('~&#([0-9]+);~e', 'code2utf8(\\1)', $string);
+
+	// replace literal entities
+	if (!isset($trans_tbl))
+	{
+		$trans_tbl = array();
+
+		foreach (get_html_translation_table(HTML_ENTITIES) as $val=>$key)
+			$trans_tbl[$key] = utf8_encode($val);
+	}
+	return strtr($string, $trans_tbl);
+}
+
+// taken from support toolkit
+// Returns the utf string corresponding to the unicode value (from php.net, courtesy - romans@void.lv)
+function code2utf8($num)
+{
+	if ($num < 128) return chr($num);
+	if ($num < 2048) return chr(($num >> 6) + 192) . chr(($num & 63) + 128);
+	if ($num < 65536) return chr(($num >> 12) + 224) . chr((($num >> 6) & 63) + 128) . chr(($num & 63) + 128);
+	if ($num < 2097152) return chr(($num >> 18) + 240) . chr((($num >> 12) & 63) + 128) . chr((($num >> 6) & 63) + 128) . chr(($num & 63) + 128);
+	return '';
+}

phpBB/develop/create_schema_files.php

@@ -266,7 +266,8 @@ foreach ($supported_dbms as $dbms)
 
 		case 'mssql':
 			$line = "/*\n\n \$I" . "d: $\n\n*/\n\n";
-			$line .= "BEGIN TRANSACTION\nGO\n\n";
+			// no need to do this, no transaction support for schema changes
+			//$line .= "BEGIN TRANSACTION\nGO\n\n";
 		break;
 
 		case 'oracle':
@@ -749,7 +750,8 @@ foreach ($supported_dbms as $dbms)
 	switch ($dbms)
 	{
 		case 'mssql':
-			$line = "\nCOMMIT\nGO\n\n";
+			// No need to do this, no transaction support for schema changes
+			//$line = "\nCOMMIT\nGO\n\n";
 		break;
 
 		case 'sqlite':
@@ -1198,7 +1200,6 @@ function get_schema_struct()
 		'PRIMARY_KEY'	=> 'log_id',
 		'KEYS'			=> array(
 			'log_type'				=> array('INDEX', 'log_type'),
-			'log_time'				=> array('INDEX', 'log_time'),
 			'forum_id'				=> array('INDEX', 'forum_id'),
 			'topic_id'				=> array('INDEX', 'topic_id'),
 			'reportee_id'			=> array('INDEX', 'reportee_id'),
@@ -1747,6 +1748,7 @@ function get_schema_struct()
 		),
 		'PRIMARY_KEY'	=> array('user_id', 'topic_id'),
 		'KEYS'			=> array(
+			'topic_id'			=> array('INDEX', 'topic_id'),
 			'forum_id'			=> array('INDEX', 'forum_id'),
 		),
 	);

phpBB/develop/fix_files.sh

@@ -14,16 +14,16 @@ find . > FILELIST.$$
 grep -sv FILELIST FILELIST.$$ > FILELIST2.$$
 grep -sv $(basename $0) FILELIST2.$$ > FILELIST.$$
 grep -sv "^\.$" FILELIST.$$ > FILELIST2.$$
-file -f FILELIST2.$$  |grep text | sed -e 's/^\([^\:]*\)\:.*$/\1/' > FILELIST
+file -f FILELIST2.$$  |grep text | grep -v icon_textbox_search.gif | sed -e 's/^\([^\:]*\)\:.*$/\1/' > FILELIST
 file -f FILELIST2.$$  |grep -sv text | sed -e 's/^\([^\:]*\)\:.*$/Not Modifying file: \1/'
 rm FILELIST2.$$
 rm FILELIST.$$
 
 for i in $(cat FILELIST); do
 	if [ -f $i ]; then  	 
-		sed -e s/
-//g $i > $i.tmp
-  		mv $i.tmp $i
+		cat $i | tr -d '\r' > $i.tmp
+		mv $i.tmp $i
 	fi	
 done
 rm FILELIST
+

phpBB/develop/generate_utf_confusables.php

@@ -114,10 +114,14 @@ $uniarray = array(
 
 $copy = $uniarray;
 
+/**
+* @todo we need to check that the $uniarray does not reverse any of the mappings defined in the unicode definition
+*/
+
 foreach ($array as $value)
 {
 	$temp_hold = implode(array_map('utf8_chr', array_map('hexdec', explode(' ', trim($value[2])))));
-	
+
 	if (isset($copy[utf8_chr(hexdec((string)$value[1]))]))
 	{
 		$num = '';

phpBB/develop/mysql_upgrader.php

@@ -688,7 +688,6 @@ function get_schema_struct()
 		'PRIMARY_KEY'	=> 'log_id',
 		'KEYS'			=> array(
 			'log_type'				=> array('INDEX', 'log_type'),
-			'log_time'				=> array('INDEX', 'log_time'),
 			'forum_id'				=> array('INDEX', 'forum_id'),
 			'topic_id'				=> array('INDEX', 'topic_id'),
 			'reportee_id'			=> array('INDEX', 'reportee_id'),
@@ -796,6 +795,7 @@ function get_schema_struct()
 			'poster_ip'				=> array('INDEX', 'poster_ip'),
 			'poster_id'				=> array('INDEX', 'poster_id'),
 			'post_approved'			=> array('INDEX', 'post_approved'),
+			'post_username'			=> array('INDEX', 'post_username'),
 			'tid_post_time'			=> array('INDEX', array('topic_id', 'post_time')),
 		),
 	);
@@ -1236,6 +1236,7 @@ function get_schema_struct()
 		),
 		'PRIMARY_KEY'	=> array('user_id', 'topic_id'),
 		'KEYS'			=> array(
+			'topic_id'			=> array('INDEX', 'topic_id'),
 			'forum_id'			=> array('INDEX', 'forum_id'),
 		),
 	);

phpBB/develop/regex.php

@@ -18,14 +18,15 @@ $ls32 = "(?:$h16:$h16|$ipv4)";
 
 $ipv6_construct = array(
 	array(false,	'',		'{6}',	$ls32),
-	array(false,	'::',	'{5}',	$ls32),
+	array(false,	'::',	'{0,5}', "(?:$h16(?::$h16)?|$ipv4)"),
 	array('',		':',	'{4}',	$ls32),
 	array('{1,2}',	':',	'{3}',	$ls32),
 	array('{1,3}',	':',	'{2}',	$ls32),
 	array('{1,4}',	':',	'',		$ls32),
 	array('{1,5}',	':',	false,	$ls32),
 	array('{1,6}',	':',	false,	$h16),
-	array('{1,7}',	':',	false,	'')
+	array('{1,7}',	':',	false,	''),
+	array(false, '::', false, '')
 );
 
 $ipv6 = '(?:';

phpBB/develop/set_permissions.sh

@@ -0,0 +1,9 @@
+#!/bin/sh
+# set permissions required for installation
+
+dir=$(dirname $0)
+
+for file in cache files store config.php images/avatars/upload
+do
+	chmod a+w $dir/../$file
+done

phpBB/docs/AUTHORS

@@ -1,6 +1,6 @@
 /**
 *
-* phpBB3 <EFBFBD> Copyright 2000, 2002, 2005, 2007 phpBB Group
+* phpBB3 © Copyright 2000, 2002, 2005, 2007 phpBB Group
 * http://www.phpbb.com
 *
 * This program is free software: you can redistribute it and/or modify
@@ -20,39 +20,42 @@
 Please see: http://www.phpbb.com/about/team/ for a list of all the people currently
 involved in phpBB.
 
-phpBB Lead Developer	:	Acyd Burn (Meik Sievertsen)
+phpBB Lead Developer:  naderman (Nils Adermann)
 
-phpBB Developers	:	APTX (Marek A. R.)
-				bantu (Andreas Fischer)
-				DavidMJ (David M.)
-				dhn (Dominik Dr<44>scher)
-				kellanved (Henry Sudhof)
-				naderman (Nils Adermann)
-				Terrafrost (Jim Wigginton)
-				ToonArmy (Chris Smith)
+phpBB Developers:      A_Jelly_Doughnut (Josh Woody)
+                       Acyd Burn (Meik Sievertsen) [Lead 09/2005 - 01/2010]
+                       APTX (Marek A. R.)
+                       bantu (Andreas Fischer)
+                       dhn (Dominik Dröscher)
+                       igorw (Igor Wiedler)
+                       kellanved (Henry Sudhof)
+                       nickvergessen (Joas Schilling)
+                       rxu (Ruslan Uzdenov)
+                       Terrafrost (Jim Wigginton)
+                       ToonArmy (Chris Smith)
 
-Contributions by	:	leviatan21 (Gabriel Vazquez)
-				nickvergessen (Joas Schilling)
-				Raimon (Raimon Meuldijk)
-				rxu (Ruslan Uzdenov)
-				Xore (Robert Hetzler)
+Contributions by:      Brainy (Cullen Walsh)
+                       leviatan21 (Gabriel Vazquez)
+                       Raimon (Raimon Meuldijk)
+                       Xore (Robert Hetzler)
 
 
--- Previous Contributors --
+-- Former Contributors --
 
-phpBB Project Manager	:	theFinn (James Atkinson) [Founder - 04/2007]
-				SHS` (Jonathan Stanley)
+phpBB Project Manager: theFinn (James Atkinson) [Founder - 04/2007]
+                       SHS` (Jonathan Stanley)
 
-phpBB Lead Developer	:	psoTFX (Paul S. Owen) [2001 - 09/2005]
+phpBB Lead Developer:  psoTFX (Paul S. Owen) [2001 - 09/2005]
 
-phpBB Developers	:	Ashe (Ludovic Arnaud)       [10/2002 - 11/2003, 06/2006 - 10/2006]
-				BartVB (Bart van Bragt)     [11/2000 - 03/2006]
-				GrahamJE (Graham Eames)     [09/2005 - 11/2006]
-				Vic D'Elfant (Vic D'Elfant) [04/2007 - 04/2009]
+phpBB Developers:      Ashe (Ludovic Arnaud)       [10/2002 - 11/2003, 06/2006 - 10/2006]
+                       BartVB (Bart van Bragt)     [11/2000 - 03/2006]
+                       DavidMJ (David M.)          [12/2005 - 08/2009]
+                       GrahamJE (Graham Eames)     [09/2005 - 11/2006]
+                       Vic D'Elfant (Vic D'Elfant) [04/2007 - 04/2009]
 
 -- Copyrights --
 
-Visual Confirmation	:	Xore (Robert Hetzler)
+Visual Confirmation:   Xore (Robert Hetzler)
 
 Original subSilver by subBlue Design, Tom Beddard, (c) 2001 phpBB Group
 prosilver by subBlue Design, Tom Beddard, (c) 2004 phpBB Group

phpBB/docs/INSTALL.html

@@ -273,7 +273,7 @@
 
 	<p>This package is meant for those wanting to only replace changed files from a previous version to the latest version. This package normally contains the changed files from up to five previous versions.</p>
 
-	<p>This package contains a number of archives, each contains the files changed from a given release to the latest version. You should select the appropriate archive for your current version, e.g. if you currently have <samp>3.0.5</samp> you should select the phpBB-3.0.5_to_3.0.6.zip/tar.gz file.</p>
+	<p>This package contains a number of archives, each contains the files changed from a given release to the latest version. You should select the appropriate archive for your current version, e.g. if you currently have <samp>3.0.7-PL1</samp> you should select the phpBB-3.0.7-PL1_to_3.0.8.zip/tar.gz file.</p>
 
 	<p>The directory structure has been preserved enabling you (if you wish) to simply upload the contents of the archive to the appropriate location on your server, i.e. simply overwrite the existing files with the new versions. Do not forget that if you have installed any MODs these files will overwrite the originals possibly destroying them in the process. You will need to re-add MODs to any affected file before uploading.</p>
 
@@ -285,7 +285,7 @@
 
 	<p>The patch file is one solution for those with many Modifications (MODs) or other changes who do not want to re-add them back to all the changed files if they use the method explained above. To use this you will need command line access to a standard UNIX type <strong>patch</strong> application. If you do not have access to such an application but still want to use this update approach, we strongly recommend the <a href="#update_auto">Automatic update package</a> explained below. It is also the recommended update method.</p>
 
-	<p>A number of patch files are provided to allow you to update from previous stable releases. Select the correct patch, e.g. if your current version is 3.0.5 you need the phpBB-3.0.5_to_3.0.6.patch file. Place the correct patch in the parent directory containing the phpBB3 core files (i.e. index.php, viewforum.php, etc.). With this done you should run the following command: <strong>patch -cl -d [PHPBB DIRECTORY] -p1 &lt; [PATCH NAME]</strong> (where PHPBB DIRECTORY is the directory name your phpBB Installation resides in, for example phpBB3, and where PATCH NAME is the relevant filename of the selected patch file). This should complete quickly, hopefully without any HUNK FAILED comments.</p>
+	<p>A number of patch files are provided to allow you to update from previous stable releases. Select the correct patch, e.g. if your current version is 3.0.5 you need the phpBB-3.0.7-PL1_to_3.0.8.patch file. Place the correct patch in the parent directory containing the phpBB3 core files (i.e. index.php, viewforum.php, etc.). With this done you should run the following command: <strong>patch -cl -d [PHPBB DIRECTORY] -p1 &lt; [PATCH NAME]</strong> (where PHPBB DIRECTORY is the directory name your phpBB Installation resides in, for example phpBB3, and where PATCH NAME is the relevant filename of the selected patch file). This should complete quickly, hopefully without any HUNK FAILED comments.</p>
 
 	<p>If you do get failures you should look at using the <a href="#update_files">Changed files only</a> package to replace the files which failed to patch, please note that you will need to manually re-add any Modifications (MODs) to these particular files. Alternatively if you know how you can examine the .rej files to determine what failed where and make manual adjustments to the relevant source.</p>
 

phpBB/docs/README.html

@@ -242,7 +242,7 @@
 
 	<p>The phpBB Group uses a bug tracking system to store, list and manage all reported bugs, it can be found at the location listed below. Please <strong>DO NOT</strong> post bug reports to our forums, they will be locked. In addition please <strong>DO NOT</strong> use the bug tracker for support requests. Posting such a request will only see you directed to the support forums (while taking time away from working on real bugs).</p>
 
-	<p><a href="http://www.phpbb.com/bugs/">http://www.phpbb.com/bugs/</a></p>
+	<p><a href="http://tracker.phpbb.com/">http://tracker.phpbb.com/</a></p>
 
 	<p>While we very much appreciate receiving bug reports (the more reports the more stable phpBB will be) we ask you carry out a few steps before adding new entries:</p>
 

phpBB/docs/auth_api.html

@@ -61,6 +61,9 @@
 		<li><a href="#acl_getf">acl_getf</a></li>
 		<li><a href="#acl_getf_global">acl_getf_global</a></li>
 		<li><a href="#acl_cache">acl_cache</a></li>
+		<li><a href="#acl_clear_prefetch">acl_clear_prefetch</a></li>
+		<li><a href="#acl_get_list">acl_get_list</a></li>
+		<li><a href="#misc">Miscellaneous</a></li>
 	</ol>
 	</li>
 	<li><a href="#admin_related">Admin related functions</a></li>
@@ -176,7 +179,7 @@ array(<em>forum_id1</em> =&gt; array(<em>option</em> =&gt; <em>integer</em>), <e
 	<p>This method is used to find out whether a user has a permission in at least one forum or globally. This method is similar to checking whether <code>acl_getf(option, true)</code> returned one or more forums but it's faster. It should be called in the following way:</p>
 
 	<div class="codebox"><pre>
-$result = acl_getf_global(<code>option</code>)
+$result = $auth-&gt;acl_getf_global(<code>option</code>)
 	</pre></div>
 
 	<p>As with the previous methods option is a string specifying the permission which has to be checked.</p>
@@ -187,6 +190,49 @@ $result = acl_getf_global(<code>option</code>)
 
 	<p>This should be considered a private method and not be called externally. It handles the generation of the user_permissions data from the basic user and group authorisation data. When necessary this method is called automatically by <code>acl</code>.</p>
 
+	<a name="acl_clear_prefetch"></a><h3>2.vii. acl_clear_prefetch</h3>
+
+	<p>This method clears the user_permissions column in the users table for the given user.  If the user ID passed is zero, the permissions cache is cleared for all users.  This method should be called whenever permissions are set.</p>
+
+	<div class="codebox"><pre>
+// clear stored permissions for user 2
+$user_id = 2;
+$auth->acl_clear_prefetch($user_id);
+</pre></div>
+
+	<p>This method returns void.</p>
+
+	<a name="acl_get_list"></a><h3>2.viii. acl_get_list</h3>
+
+	<p>This method returns an an array describing which users have permissions in given fora.  The resultant array contains an entry for permission that every user has in every forum when no arguments are passed.</p>
+
+	<div class="codebox"><pre>
+$user_id = array(2, 53);
+$permissions = array('f_list', 'f_read');
+$forum_id = array(1, 2, 3);
+$result = $auth-&gt;acl_get_list($user_id, $permissions, $forum_id);
+</pre></div>
+
+	<p>The parameters may be of the following legal types:</p>
+		<ul>
+			<li><strong>$user_id</strong>: <code>false</code>, int, array(int, int, int, ...)</li>
+			<li><strong>$permissions</strong>: <code>false</code>, string, array(string, string, ...)</li>
+			<li><strong>$forum_id</strong>: <code>false</code>, int, array(int, int, int, ...)</li>
+		</ul>
+
+	<a name="misc"></a><h3>2.ix. Miscellaneous</h3>
+
+	<p>There are other methods defined in the auth class which serve mostly as private methods, but are available for use if needed.  Each of them is used to pull data directly from the database tables.  They are:</p>
+		<ul>
+			<li><pre>function acl_group_raw_data($group_id = false, $opts = false, $forum_id = false)</pre></li>
+			<li><pre>function acl_user_raw_data($user_id = false, $opts = false, $forum_id = false)</pre></li>
+			<li><pre>function acl_raw_data_single_user($user_id)</pre></li>
+			<li><pre>function acl_raw_data($user_id = false, $opts = false, $forum_id = false)</pre></li>
+			<li><pre>function acl_role_data($user_type, $role_type, $ug_id = false, $forum_id = false)</pre></li>
+		</ul>
+
+	<p>Of these, <code>acl_raw_data</code> is the most general, but the others will be faster if you need a smaller amount of data.</p>
+
 		</div>
 
 		<div class="back2top"><a href="#wrap" class="top">Back to Top</a></div>
@@ -241,7 +287,7 @@ $auth_admin = new auth_admin();
 <!-- END DOCUMENT -->
 
 	<div id="page-footer">
-		<div class="version"> $Id$ </div>
+		<div class="version">&nbsp;</div>
 	</div>
 </div></div>
 

phpBB/docs/coding-guidelines.html

@@ -69,7 +69,7 @@
 		<li><a href="#general">General Guidelines</a></li>
 	</ol>
 	</li>
-	<li><a href="#styling">Styling</a></li>
+	<li><a href="#styling">Styling</a>
 	<ol style="list-style-type: lower-roman;">
 		<li><a href="#cfgfiles">Style Config Files</a></li>
 		<li><a href="#genstyling">General Styling Rules</a></li>
@@ -90,10 +90,9 @@
 	<li><a href="#vcs">VCS Guidelines</a>
 	<ol style="list-style-type: lower-roman;">
 		<li><a href="#repostruct">Repository structure</a></li>
-		<li><a href="#commitmessage">Commit messages</a></li>
+		<li><a href="#commitmessage">Commit Messages and Repository Rules</a></li>
 	</ol>
 	</li>
-	<li><a href="#changes">Guidelines Changelog</a></li>
 	<li><a href="#disclaimer">Copyright and disclaimer</a></li>
 </ol>
 
@@ -125,7 +124,7 @@
 	<p>If entered with tabs (replace the {TAB}) both equal signs need to be on the same column.</p>
 
 	<h3>Linefeeds:</h3>
-	<p>Ensure that your editor is saving files in the UNIX (LF) line ending format. This means that lines are terminated with a newline, not with Windows Line endings (CR/LF combo) as they are on Win32 or Classic Mac (CR) Line endings. Any decent editor should be able to do this, but it might not always be the default setting. Know your editor. If you want advice for an editor for your Operating System, just ask one of the developers. Some of them do their editing on Win32.
+	<p>Ensure that your editor is saving files in the UNIX (LF) line ending format. This means that lines are terminated with a newline, not with Windows Line endings (CR/LF combo) as they are on Win32 or Classic Mac (CR) Line endings. Any decent editor should be able to do this, but it might not always be the default setting. Know your editor. If you want advice for an editor for your Operating System, just ask one of the developers. Some of them do their editing on Win32.</p>
 
 	<a name="fileheader"></a><h3>1.ii. File Header</h3>
 
@@ -203,7 +202,7 @@ class ...
 				<li><code>/includes/db/firebird.php</code><br />Firebird/Interbase Database Abstraction Layer</li>
 				<li><code>/includes/db/msssql.php</code><br />MSSQL Database Abstraction Layer</li>
 				<li><code>/includes/db/mssql_odbc.php</code><br />MSSQL ODBC Database Abstraction Layer for MSSQL</li>
-				<li><code>/includes/db/mysql.php</code><br />MySQL Database Abstraction Layer for MySQL 3.x/4.0.x/4.1.x/5.x
+				<li><code>/includes/db/mysql.php</code><br />MySQL Database Abstraction Layer for MySQL 3.x/4.0.x/4.1.x/5.x</li>
 				<li><code>/includes/db/mysqli.php</code><br />MySQLi Database Abstraction Layer</li>
 				<li><code>/includes/db/oracle.php</code><br />Oracle Database Abstraction Layer</li>
 				<li><code>/includes/db/postgres.php</code><br />PostgreSQL Database Abstraction Layer</li>
@@ -224,7 +223,7 @@ class ...
 		<li><strong>styles</strong><br /><code>/styles</code>, <code>style.php</code><br />phpBB Styles/Templates/Themes/Imagesets</li>
 	</ul>
 
-	<a name="constants"></a></h3>1.iv. Special Constants</h3>
+	<a name="constants"></a><h3>1.iv. Special Constants</h3>
 
 	<p>There are some special constants application developers are able to utilize to bend some of phpBB's internal functionality to suit their needs.</p>
 
@@ -288,7 +287,7 @@ PHPBB_QA                   (Set board to QA-Mode, which means the updater also c
 
 		<div class="content">
 
-	<p>Please note that these Guidelines applies to all php, html, javascript and css files.</p>
+	<p>Please note that these guidelines apply to all php, html, javascript and css files.</p>
 
 	<a name="namingvars"></a><h3>2.i. Variable/Function Naming</h3>
 
@@ -1170,24 +1169,13 @@ append_sid(&quot;{$phpbb_root_path}memberlist.$phpEx&quot;, 'mode=group&amp;amp;
 <span class="comment">&lt;!-- INCLUDE {FILE_VAR} --&gt;</span>
 </pre></div>
 
-<p>Template defined variables can also be utilised.
+<p>Template defined variables can also be utilised.</p>
 
 <div class="codebox"><pre>
 <span class="comment">&lt;!-- DEFINE $SOME_VAR = 'my_file.html' --&gt;</span>
 <span class="comment">&lt;!-- INCLUDE {$SOME_VAR} --&gt;</span>
 </pre></div>
-<!-- no longer added in 3.0.6
-<p>Also added in <strong>3.0.6</strong> is the ability to increment or decrement a variable on use. This can be used for instances like tabindexes, where the amount of entries is not statically known.
-The INC (for incrementing) and DEC (for decrementing) commands will print the <strong>current</strong> state of a defined var and then increment/decrement it by one (postincrement/postdecrement).</p>
 
-<div class="codebox"><pre>
-<span class="comment">&lt;!-- DEFINE $SOME_VAR = 1 --&gt;</span>
-<span class="comment">&lt;!-- INC $SOME_VAR --&gt;</span>
-Result: 1<br />
-<span class="comment">{$SOME_VAR}</span>
-Result: 2<br />
-</pre></div>
-//-->
 <h4>PHP</h4>
 <p>A contentious decision has seen the ability to include PHP within the template introduced. This is achieved by enclosing the PHP within relevant tags:</p>
 
@@ -1541,11 +1529,11 @@ div
 &lt;form method=&quot;post&quot; id=&quot;mcp&quot; action=&quot;{U_POST_ACTION}&quot;&gt;
 
 	&lt;fieldset class="submit-buttons"&gt;
-		&lt;input type=&quot;reset&quot; value=&quot;{L_RESET}&quot; name=&quot;reset&quot; class=&quot;button2&quot; /&gt&nbsp;
-		&lt;input type=&quot;submit&quot; name=&quot;action[add_warning]&quot; value=&quot;{L_SUBMIT}&quot; class=&quot;button1&quot; /&gt
+		&lt;input type=&quot;reset&quot; value=&quot;{L_RESET}&quot; name=&quot;reset&quot; class=&quot;button2&quot; /&gt;&nbsp;
+		&lt;input type=&quot;submit&quot; name=&quot;action[add_warning]&quot; value=&quot;{L_SUBMIT}&quot; class=&quot;button1&quot; /&gt;
 		{S_FORM_TOKEN}
-	&lt;/fieldset&gt
-&lt;/form&gt
+	&lt;/fieldset&gt;
+&lt;/form&gt;
 		</pre></div><br />
 
 	<a name="inheritance"></a><h3>4.ii. Template Inheritance</h3>
@@ -2337,126 +2325,33 @@ if (utf8_case_fold_nfc($string1) == utf8_case_fold_nfc($string2))
 
 		<div class="content">
 
-	<p>The version control system for phpBB3 is subversion. The repository is available at <a href="http://code.phpbb.com/svn/phpbb" title="repository">http://code.phpbb.com/svn/phpbb</a>.
+	<p>The version control system for phpBB3 is git. The repository is available at <a href="http://github.com/phpbb/phpbb3" title="repository">http://github.com/phpbb/phpbb3</a>.</p>
 
 	<a name="repostruct"></a><h3>7.i. Repository Structure</h3>
 
 	<ul>
-		<li><strong>trunk</strong><br />The latest unstable development version with new features etc. Contains the actual board in <code>/trunk/phpBB</code></li>
-		<li><strong>branches</strong><br />Development branches of stable phpBB releases. Copied from <code>/trunk</code> at the time of release.
+		<li><strong>develop</strong><br />The latest unstable development version with new features etc.</li>
+		<li><strong>develop-*</strong><br />Development branches of stable phpBB releases. Branched off of <code>develop</code> at the time of feature freeze.
 			<ul>
-				<li><strong>phpBB3.0</strong><code>/branches/phpBB-3_0_0/phpBB</code><br />Development branch of the stable 3.0 line. Bug fixes are applied here.</li>
-				<li><strong>phpBB2</strong><code>/branches/phpBB-2_0_0/phpBB</code><br />Old phpBB2 development branch.</li>
+				<li><strong>phpBB3.0</strong><code>develop-olympus</code><br />Development branch of the stable 3.0 line. Bug fixes are applied here.</li>
+				<li><strong>phpBB3.1</strong><code>develop-ascraeus</code><br />Development branch of the stable 3.1 line. Bug fixes are applied here.</li>
 			</ul>
 		</li>
-		<li><strong>tags</strong><br />Released versions. Copies of trunk or the respective branch, made at the time of release.
+		<li><strong>master</strong><br />A branch containing all stable phpBB3 release points</li>
+		<li><strong>tags</strong><br />Released versions. Stable ones get merged into the master branch.
 			<ul>
-				<li><code>/tags/release_3_0_BX</code><br />Beta release X of the 3.0 line.</li>
-				<li><code>/tags/release_3_0_RCX</code><br />Release candidate X of the 3.0 line.</li>
-				<li><code>/tags/release_3_0_X-RCY</code><br />Release candidate Y of the stable 3.0.X release.</li>
-				<li><code>/tags/release_3_0_X</code><br />Stable <strong>3.0.X</strong> release.</li>
-				<li><code>/tags/release_2_0_X</code><br />Old stable 2.0.X release.</li>
+				<li><code>release-3.Y-BX</code><br />Beta release X of the 3.Y line.</li>
+				<li><code>release-3.Y-RCX</code><br />Release candidate X of the 3.Y line.</li>
+				<li><code>release-3.Y.Z-RCX</code><br />Release candidate X of the stable 3.Y.Z release.</li>
+				<li><code>release-3.0.X</code><br />Stable <strong>3.0.X</strong> release.</li>
+				<li><code>release-2.0.X</code><br />Old stable 2.0.X release.</li>
 			</ul>
 		</li>
 	</ul>
 
-	<a name="commitmessage"></a><h3>7.ii. Commit Messages</h3>
-
-	<p>The commit message should contain a brief explanation of all changes made within the commit. Often identical to the changelog entry. A bug ticket can be referenced by specifying the ticket ID with a hash, e.g. #12345. A reference to another revision should simply be prefixed with r, e.g. r12345.</p>
-
-	<p>Junior Developers need to have their patches approved by a development team member first. The commit message must end in a line with the following format:</p>
-
-	<div class="codebox"><pre>
-Authorised by: developer1[, developer2[, ...]]
-	</pre></div>
-
-		</div>
-
-		<div class="back2top"><a href="#wrap" class="top">Back to Top</a></div>
-
-		<span class="corners-bottom"><span></span></span></div>
-	</div>
-
-	<hr />
-
-<a name="changes"></a><h2>8. Guidelines Changelog</h2>
-	<div class="paragraph">
-		<div class="inner"><span class="corners-top"><span></span></span>
-
-		<div class="content">
-<h3>Revision 10007</h3>
-
-<ul>
-	<li>Added <a href="#constants">Special Constants</a> section.</li>
-</ul>
-
-<h3>Revision 9817</h3>
-
-<ul>
-	<li>Added VCS section.</li>
-</ul>
-
-<h3>Revision 8732</h3>
-
-<ul>
-	<li>Added cfg files.</li>
-	<li>Added template <a href="#inheritance">inheritance</a>.</li>
-</ul>
-
-<h3>Revision 8596+</h3>
-
-<ul>
-	<li>Removed sql_build_array('MULTI_INSERT'... statements.</li>
-	<li>Added sql_multi_insert() explanation.</li>
-</ul>
-
-<h3>Revision 1.31</h3>
-
-<ul>
-	<li>Added add_form_key and check_form_key. </li>
-</ul>
-
-<h3>Revision 1.24</h3>
-
-<ul>
-	<li>Added <a href="#translation">5. Character Sets and Encodings</a> section to explain the recommended treatment of strings in phpBB.</li>
-</ul>
-
-<h3>Revision 1.16</h3>
-
-<ul>
-	<li>Added <a href="#translation">6. Translation (<abbr title="Internationalisation">i18n</abbr>/<abbr title="Localisation">L10n</abbr>) Guidelines</a> section to explain expected format and authoring considerations for language packs that are to be created for phpBB.</li>
-</ul>
-
-<h3>Revision 1.11-1.15</h3>
-
-<ul>
-	<li>Various document formatting, spelling, punctuation, grammar bugs.</li>
-</ul>
-
-<h3>Revision 1.9-1.10</h3>
-
-<ul>
-	<li>Added sql_query_limit to <a href="#sql">2.iii. SQL/SQL Layout</a>.</li>
-</ul>
-
-<h3>Revision 1.8</h3>
-
-<ul>
-	<li>Some adjustements to wordings</li>
-	<li>Updated paragraph <a href="#locations">1.iii. File Locations</a> to reflect recent changes</li>
-	<li>Extended paragraph <a href="#codelayout">2.ii. Code Layout</a>.</li>
-	<li>Added sql_in_set and sql_build_query explanation to <a href="#sql">2.iii. SQL/SQL Layout</a>.</li>
-	<li>Updated paragraph <a href="#styling">3. Styling</a>.</li>
-	<li>Updated paragraph <a href="#templating">4. Templating</a> to explain loop checking, loop breaking and other changes we recently made.</li>
-</ul>
-
-<h3>Revision 1.5</h3>
-
-<ul>
-	<li>Changed General function usage paragraph in <a href="#general">2.v. General Guidelines</a></li>
-</ul>
+	<a name="commitmessage"></a><h3>7.ii. Commit Messages and Repository Rules</h3>
 
+	<p>Information on repository rules, such as commit messages can be found at <a href="http://wiki.phpbb.com/display/DEV/Git" title="phpBB Git Information">http://wiki.phpbb.com/display/DEV/Git</a>.</p>
 
 		</div>
 
@@ -2486,7 +2381,7 @@ Authorised by: developer1[, developer2[, ...]]
 <!-- END DOCUMENT -->
 
 	<div id="page-footer">
-		<div class="version"> $Id$ </div>
+		<div class="version">&nbsp;</div>
 	</div>
 </div></div>
 

phpBB/docs/hook_system.html

@@ -875,7 +875,7 @@ function phpbb_hook_register(&$hook)
 	</div>
 
 	<div id="page-footer">
-		<div class="version">$Id$</div>
+		<div class="version">&nbsp;</div>
 	</div>
 </div></div>
 

phpBB/docs/nginx.conf.sample

@@ -0,0 +1,70 @@
+# Sample nginx configuration file for phpBB.
+# Global settings have been removed, copy them
+# from your system's nginx.conf.
+# Tested with nginx 0.8.35.
+
+http {
+    # Compression - requires gzip and gzip static modules.
+    gzip on;
+    gzip_static on;
+    gzip_vary on;
+    gzip_http_version 1.1;
+    gzip_min_length 700;
+    gzip_comp_level 6;
+    gzip_disable "MSIE [1-6]\.";
+
+    # Catch-all server for requests to invalid hosts.
+    # Also catches vulnerability scanners probing IP addresses.
+    # Should be first.
+    server {
+        listen 80;
+        server_name bogus;
+        return 444;
+        root /var/empty;
+    }
+
+    # If you have domains with and without www prefix,
+    # redirect one to the other.
+    server {
+        listen 80;
+        server_name myforums.com;
+        rewrite ^(.*)$ http://www.myforums.com$1 permanent;
+    }
+
+    # The actual board domain.
+    server {
+        listen 80;
+        server_name www.myforums.com;
+
+        root /path/to/phpbb;
+
+        location / {
+            # phpbb uses index.htm
+            index index.php index.html index.htm;
+        }
+
+        # Deny access to internal phpbb files.
+        location ~ /(config\.php|common\.php|includes|cache|files|store|images/avatars/upload) {
+            deny all;
+        }
+
+        # Pass the php scripts to fastcgi server specified in upstream declaration.
+        location ~ \.php$ {
+            fastcgi_pass php;
+            # Necessary for php.
+            fastcgi_param SCRIPT_FILENAME  $document_root$fastcgi_script_name;
+            # Unmodified fastcgi_params from nginx distribution.
+            include fastcgi_params;
+        }
+
+        # Deny access to version control system directories.
+        location ~ /\.svn|/\.git {
+            deny all;
+        }
+    }
+
+    # If running php as fastcgi, specify php upstream.
+    upstream php {
+        server unix:/tmp/php.sock;
+    }
+}

phpBB/download/file.php

@@ -31,6 +31,12 @@ else if (isset($_SERVER['HTTP_USER_AGENT']) && strpos($_SERVER['HTTP_USER_AGENT'
 
 if (isset($_GET['avatar']))
 {
+	if (!defined('E_DEPRECATED'))
+	{
+		define('E_DEPRECATED', 8192);
+	}
+	error_reporting(E_ALL ^ E_NOTICE ^ E_DEPRECATED);
+
 	require($phpbb_root_path . 'config.' . $phpEx);
 
 	if (!defined('PHPBB_INSTALLED') || empty($dbms) || empty($acm_type))
@@ -42,6 +48,7 @@ if (isset($_GET['avatar']))
 	require($phpbb_root_path . 'includes/cache.' . $phpEx);
 	require($phpbb_root_path . 'includes/db/' . $dbms . '.' . $phpEx);
 	require($phpbb_root_path . 'includes/constants.' . $phpEx);
+	require($phpbb_root_path . 'includes/functions.' . $phpEx);
 
 	$db = new $sql_db();
 	$cache = new cache();
@@ -61,7 +68,7 @@ if (isset($_GET['avatar']))
 	$avatar_group = false;
 	$exit = false;
 
-	if ($filename[0] === 'g')
+	if (isset($filename[0]) && $filename[0] === 'g')
 	{
 		$avatar_group = true;
 		$filename = substr($filename, 1);
@@ -70,7 +77,7 @@ if (isset($_GET['avatar']))
 	// '==' is not a bug - . as the first char is as bad as no dot at all
 	if (strpos($filename, '.') == false)
 	{
-		header('HTTP/1.0 403 Forbidden');
+		send_status_line(403, 'Forbidden');
 		$exit = true;
 	}
 
@@ -84,7 +91,7 @@ if (isset($_GET['avatar']))
 	if (!$exit && !in_array($ext, array('png', 'gif', 'jpg', 'jpeg')))
 	{
 		// no way such an avatar could exist. They are not following the rules, stop the show.
-		header("HTTP/1.0 403 Forbidden");
+		send_status_line(403, 'Forbidden');
 		$exit = true;
 	}
 
@@ -94,7 +101,7 @@ if (isset($_GET['avatar']))
 		if (!$filename)
 		{
 			// no way such an avatar could exist. They are not following the rules, stop the show.
-			header("HTTP/1.0 403 Forbidden");
+			send_status_line(403, 'Forbidden');
 		}
 		else
 		{
@@ -192,7 +199,7 @@ else
 		$row['forum_id'] = false;
 		if (!$auth->acl_get('u_pm_download'))
 		{
-			header('HTTP/1.0 403 Forbidden');
+			send_status_line(403, 'Forbidden');
 			trigger_error('SORRY_AUTH_VIEW_ATTACH');
 		}
 
@@ -215,7 +222,7 @@ else
 
 		if (!$allowed)
 		{
-			header('HTTP/1.0 403 Forbidden');
+			send_status_line(403, 'Forbidden');
 			trigger_error('ERROR_NO_ATTACHMENT');
 		}
 	}
@@ -230,7 +237,7 @@ else
 
 if (!download_allowed())
 {
-	header('HTTP/1.0 403 Forbidden');
+	send_status_line(403, 'Forbidden');
 	trigger_error($user->lang['LINKAGE_FORBIDDEN']);
 }
 
@@ -376,7 +383,7 @@ function send_avatar_to_browser($file, $browser)
 	}
 	else
 	{
-		header('HTTP/1.0 404 Not Found');
+		send_status_line(404, 'Not Found');
 	}
 }
 
@@ -668,17 +675,9 @@ function set_modified_headers($stamp, $browser)
 	$last_load 	=  isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) ? strtotime(trim($_SERVER['HTTP_IF_MODIFIED_SINCE'])) : false;
 	if ((strpos(strtolower($browser), 'msie 6.0') === false) && (strpos(strtolower($browser), 'msie 8.0') === false))
 	{
-		if ($last_load !== false && $last_load <= $stamp)
+		if ($last_load !== false && $last_load >= $stamp)
 		{
-			if (substr(strtolower(@php_sapi_name()),0,3) === 'cgi')
-			{
-				// in theory, we shouldn't need that due to php doing it. Reality offers a differing opinion, though
-				header('Status: 304 Not Modified', true, 304);
-			}
-			else
-			{
-				header('HTTP/1.0 304 Not Modified', true, 304);
-			}
+			send_status_line(304, 'Not Modified');
 			// seems that we need those too ... browsers
 			header('Pragma: public');
 			header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', time() + 31536000));

phpBB/includes/.htaccess

@@ -0,0 +1,4 @@
+<Files *>
+	Order Allow,Deny
+	Deny from All
+</Files>

phpBB/includes/acm/acm_eaccelerator.php

@@ -30,6 +30,7 @@ if (!class_exists('acm_memory'))
 class acm extends acm_memory
 {
 	var $extension = 'eaccelerator';
+	var $function = 'eaccelerator_get';
 
 	var $serialize_header = '#phpbb-serialized#';
 

phpBB/includes/acm/acm_file.php

@@ -78,8 +78,14 @@ class acm
 
 		if (!$this->_write('data_global'))
 		{
+			if (!function_exists('phpbb_is_writable'))
+			{
+				global $phpbb_root_path;
+				include($phpbb_root_path . 'includes/functions.' . $phpEx);
+			}
+
 			// Now, this occurred how often? ... phew, just tell the user then...
-			if (!@is_writable($this->cache_dir))
+			if (!phpbb_is_writable($this->cache_dir))
 			{
 				// We need to use die() here, because else we may encounter an infinite loop (the message handler calls $cache->unload())
 				die($this->cache_dir . ' is NOT writable.');
@@ -410,7 +416,7 @@ class acm
 	{
 		if ($this->sql_row_pointer[$query_id] < sizeof($this->sql_rowset[$query_id]))
 		{
-			return (isset($this->sql_rowset[$query_id][$this->sql_row_pointer[$query_id]][$field])) ? $this->sql_rowset[$query_id][$this->sql_row_pointer[$query_id]][$field] : false;
+			return (isset($this->sql_rowset[$query_id][$this->sql_row_pointer[$query_id]][$field])) ? $this->sql_rowset[$query_id][$this->sql_row_pointer[$query_id]++][$field] : false;
 		}
 
 		return false;
@@ -707,7 +713,13 @@ class acm
 	*/
 	function remove_file($filename, $check = false)
 	{
-		if ($check && !@is_writable($this->cache_dir))
+		if (!function_exists('phpbb_is_writable'))
+		{
+			global $phpbb_root_path, $phpEx;
+			include($phpbb_root_path . 'includes/functions.' . $phpEx);
+		}
+
+		if ($check && !phpbb_is_writable($this->cache_dir))
 		{
 			// E_USER_ERROR - not using language entry - intended.
 			trigger_error('Unable to remove files within ' . $this->cache_dir . '. Please check directory permissions.', E_USER_ERROR);

phpBB/includes/acm/acm_memcache.php

@@ -37,6 +37,12 @@ if (!defined('PHPBB_ACM_MEMCACHE_HOST'))
 	define('PHPBB_ACM_MEMCACHE_HOST', 'localhost');
 }
 
+if (!defined('PHPBB_ACM_MEMCACHE'))
+{
+	//can define multiple servers with host1/port1,host2/port2 format
+	define('PHPBB_ACM_MEMCACHE', PHPBB_ACM_MEMCACHE_HOST . '/' . PHPBB_ACM_MEMCACHE_PORT);
+}
+
 /**
 * ACM for Memcached
 * @package acm
@@ -54,7 +60,11 @@ class acm extends acm_memory
 		parent::acm_memory();
 
 		$this->memcache = new Memcache;
-		$this->memcache->connect(PHPBB_ACM_MEMCACHE_HOST, PHPBB_ACM_MEMCACHE_PORT);
+		foreach(explode(',', PHPBB_ACM_MEMCACHE) as $u)
+		{
+			$parts = explode('/', $u);
+			$this->memcache->addServer(trim($parts[0]), trim($parts[1]));
+		}
 		$this->flags = (PHPBB_ACM_MEMCACHE_COMPRESS) ? MEMCACHE_COMPRESSED : 0;
 	}
 
@@ -105,7 +115,11 @@ class acm extends acm_memory
 	*/
 	function _write($var, $data, $ttl = 2592000)
 	{
-		return $this->memcache->set($this->key_prefix . $var, $data, $this->flags, $ttl);
+		if (!$this->memcache->replace($this->key_prefix . $var, $data, $this->flags, $ttl))
+		{
+			return $this->memcache->set($this->key_prefix . $var, $data, $this->flags, $ttl);
+		}
+		return true;
 	}
 
 	/**
@@ -121,4 +135,4 @@ class acm extends acm_memory
 	}
 }
 
-?>
+?>

phpBB/includes/acm/acm_memory.php

@@ -47,6 +47,13 @@ class acm_memory
 
 			trigger_error("Could not find required extension [{$this->extension}] for the ACM module $acm_type.", E_USER_ERROR);
 		}
+
+		if (isset($this->function) && !function_exists($this->function))
+		{
+			global $acm_type;
+
+			trigger_error("The required function [{$this->function}] is not available for the ACM module $acm_type.", E_USER_ERROR);
+		}
 	}
 
 	/**
@@ -359,7 +366,7 @@ class acm_memory
 	{
 		if ($this->sql_row_pointer[$query_id] < sizeof($this->sql_rowset[$query_id]))
 		{
-			return (isset($this->sql_rowset[$query_id][$this->sql_row_pointer[$query_id]][$field])) ? $this->sql_rowset[$query_id][$this->sql_row_pointer[$query_id]][$field] : false;
+			return (isset($this->sql_rowset[$query_id][$this->sql_row_pointer[$query_id]][$field])) ? $this->sql_rowset[$query_id][$this->sql_row_pointer[$query_id]++][$field] : false;
 		}
 
 		return false;
@@ -400,7 +407,13 @@ class acm_memory
 	*/
 	function remove_file($filename, $check = false)
 	{
-		if ($check && !@is_writable($this->cache_dir))
+		if (!function_exists('phpbb_is_writable'))
+		{
+			global $phpbb_root_path, $phpEx;
+			include($phpbb_root_path . 'includes/functions.' . $phpEx);
+		}
+
+		if ($check && !phpbb_is_writable($this->cache_dir))
 		{
 			// E_USER_ERROR - not using language entry - intended.
 			trigger_error('Unable to remove files within ' . $this->cache_dir . '. Please check directory permissions.', E_USER_ERROR);

phpBB/includes/acp/acp_attachments.php

@@ -90,6 +90,7 @@ class acp_attachments
 				$s_assigned_groups = array();
 				while ($row = $db->sql_fetchrow($result))
 				{
+					$row['group_name'] = (isset($user->lang['EXT_GROUP_' . $row['group_name']])) ? $user->lang['EXT_GROUP_' . $row['group_name']] : $row['group_name'];
 					$s_assigned_groups[$row['cat_id']][] = $row['group_name'];
 				}
 				$db->sql_freeresult($result);
@@ -124,11 +125,11 @@ class acp_attachments
 						'legend2'					=> $l_legend_cat_images,
 						'img_display_inlined'		=> array('lang' => 'DISPLAY_INLINED',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'img_create_thumbnail'		=> array('lang' => 'CREATE_THUMBNAIL',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
-						'img_max_thumb_width'		=> array('lang' => 'MAX_THUMB_WIDTH',		'validate' => 'int',	'type' => 'text:7:15', 'explain' => true, 'append' => ' px'),
+						'img_max_thumb_width'		=> array('lang' => 'MAX_THUMB_WIDTH',		'validate' => 'int',	'type' => 'text:7:15', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
 						'img_min_thumb_filesize'	=> array('lang' => 'MIN_THUMB_FILESIZE',	'validate' => 'int',	'type' => 'text:7:15', 'explain' => true, 'append' => ' ' . $user->lang['BYTES']),
 						'img_imagick'				=> array('lang' => 'IMAGICK_PATH',			'validate' => 'string',	'type' => 'text:20:200', 'explain' => true, 'append' => '&nbsp;&nbsp;<span>[ <a href="' . $this->u_action . '&amp;action=imgmagick">' . $user->lang['SEARCH_IMAGICK'] . '</a> ]</span>'),
-						'img_max'					=> array('lang' => 'MAX_IMAGE_SIZE',		'validate' => 'int',	'type' => 'dimension:3:4', 'explain' => true, 'append' => ' px'),
-						'img_link'					=> array('lang' => 'IMAGE_LINK_SIZE',		'validate' => 'int',	'type' => 'dimension:3:4', 'explain' => true, 'append' => ' px'),
+						'img_max'					=> array('lang' => 'MAX_IMAGE_SIZE',		'validate' => 'int',	'type' => 'dimension:3:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
+						'img_link'					=> array('lang' => 'IMAGE_LINK_SIZE',		'validate' => 'int',	'type' => 'dimension:3:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
 					)
 				);
 
@@ -494,6 +495,10 @@ class acp_attachments
 						$sql = 'SELECT group_id
 							FROM ' . EXTENSION_GROUPS_TABLE . "
 							WHERE LOWER(group_name) = '" . $db->sql_escape(utf8_strtolower($new_group_name)) . "'";
+						if ($group_id)
+						{
+							$sql .= ' AND group_id <> ' . $group_id;
+						}
 						$result = $db->sql_query($sql);
 
 						if ($db->sql_fetchrow($result))
@@ -551,6 +556,7 @@ class acp_attachments
 							$group_id = $db->sql_nextid();
 						}
 
+						$group_name = (isset($user->lang['EXT_GROUP_' . $group_name])) ? $user->lang['EXT_GROUP_' . $group_name] : $group_name;
 						add_log('admin', 'LOG_ATTACH_EXTGROUP_' . strtoupper($action), $group_name);
 					}
 
@@ -858,7 +864,7 @@ class acp_attachments
 						'U_EDIT'		=> $this->u_action . "&amp;action=edit&amp;g={$row['group_id']}",
 						'U_DELETE'		=> $this->u_action . "&amp;action=delete&amp;g={$row['group_id']}",
 
-						'GROUP_NAME'	=> $row['group_name'],
+						'GROUP_NAME'	=> (isset($user->lang['EXT_GROUP_' . $row['group_name']])) ? $user->lang['EXT_GROUP_' . $row['group_name']] : $row['group_name'],
 						'CATEGORY'		=> $cat_lang[$row['cat_id']],
 						)
 					);
@@ -1118,6 +1124,7 @@ class acp_attachments
 		$group_name = array();
 		while ($row = $db->sql_fetchrow($result))
 		{
+			$row['group_name'] = (isset($user->lang['EXT_GROUP_' . $row['group_name']])) ? $user->lang['EXT_GROUP_' . $row['group_name']] : $row['group_name'];
 			$group_name[] = $row;
 		}
 		$db->sql_freeresult($result);
@@ -1215,7 +1222,7 @@ class acp_attachments
 			return;
 		}
 
-		if (!is_writable($phpbb_root_path . $upload_dir))
+		if (!phpbb_is_writable($phpbb_root_path . $upload_dir))
 		{
 			$error[] = sprintf($user->lang['NO_WRITE_UPLOAD'], $upload_dir);
 			return;

phpBB/includes/acp/acp_ban.php

@@ -224,7 +224,7 @@ class acp_ban
 				$template->assign_block_vars('ban_reason', array(
 					'BAN_ID'	=> $ban_id,
 					'REASON'	=> $reason,
-					'A_REASON'	=> addslashes(htmlspecialchars_decode($reason)),
+					'A_REASON'	=> addslashes($reason),
 				));
 			}
 		}
@@ -236,7 +236,7 @@ class acp_ban
 				$template->assign_block_vars('ban_give_reason', array(
 					'BAN_ID'	=> $ban_id,
 					'REASON'	=> $reason,
-					'A_REASON'	=> addslashes(htmlspecialchars_decode($reason)),
+					'A_REASON'	=> addslashes($reason),
 				));
 			}
 		}

phpBB/includes/acp/acp_bbcodes.php

@@ -124,121 +124,137 @@ class acp_bbcodes
 			case 'modify':
 			case 'create':
 
-				$data = $this->build_regexp($bbcode_match, $bbcode_tpl);
-
-				// Make sure the user didn't pick a "bad" name for the BBCode tag.
-				$hard_coded = array('code', 'quote', 'quote=', 'attachment', 'attachment=', 'b', 'i', 'url', 'url=', 'img', 'size', 'size=', 'color', 'color=', 'u', 'list', 'list=', 'email', 'email=', 'flash', 'flash=');
-
-				if (($action == 'modify' && strtolower($data['bbcode_tag']) !== strtolower($row['bbcode_tag'])) || ($action == 'create'))
+				$warn_text = preg_match('%<[^>]*\{text[\d]*\}[^>]*>%i', $bbcode_tpl);
+				if (!$warn_text || confirm_box(true))
 				{
-					$sql = 'SELECT 1 as test
-						FROM ' . BBCODES_TABLE . "
-						WHERE LOWER(bbcode_tag) = '" . $db->sql_escape(strtolower($data['bbcode_tag'])) . "'";
-					$result = $db->sql_query($sql);
-					$info = $db->sql_fetchrow($result);
-					$db->sql_freeresult($result);
+					$data = $this->build_regexp($bbcode_match, $bbcode_tpl);
 
-					// Grab the end, interrogate the last closing tag
-					if ($info['test'] === '1' || in_array(strtolower($data['bbcode_tag']), $hard_coded) || (preg_match('#\[/([^[]*)]$#', $bbcode_match, $regs) && in_array(strtolower($regs[1]), $hard_coded)))
+					// Make sure the user didn't pick a "bad" name for the BBCode tag.
+					$hard_coded = array('code', 'quote', 'quote=', 'attachment', 'attachment=', 'b', 'i', 'url', 'url=', 'img', 'size', 'size=', 'color', 'color=', 'u', 'list', 'list=', 'email', 'email=', 'flash', 'flash=');
+
+					if (($action == 'modify' && strtolower($data['bbcode_tag']) !== strtolower($row['bbcode_tag'])) || ($action == 'create'))
 					{
-						trigger_error($user->lang['BBCODE_INVALID_TAG_NAME'] . adm_back_link($this->u_action), E_USER_WARNING);
-					}
-				}
+						$sql = 'SELECT 1 as test
+							FROM ' . BBCODES_TABLE . "
+							WHERE LOWER(bbcode_tag) = '" . $db->sql_escape(strtolower($data['bbcode_tag'])) . "'";
+						$result = $db->sql_query($sql);
+						$info = $db->sql_fetchrow($result);
+						$db->sql_freeresult($result);
 
-				if (substr($data['bbcode_tag'], -1) === '=')
-				{
-					$test = substr($data['bbcode_tag'], 0, -1);
-				}
-				else
-				{
-					$test = $data['bbcode_tag'];
-				}
-
-				if (!preg_match('%\\[' . $test . '[^]]*].*?\\[/' . $test . ']%s', $bbcode_match))
-				{
-					trigger_error($user->lang['BBCODE_OPEN_ENDED_TAG'] . adm_back_link($this->u_action), E_USER_WARNING);
-				}
-
-				if (strlen($data['bbcode_tag']) > 16)
-				{
-					trigger_error($user->lang['BBCODE_TAG_TOO_LONG'] . adm_back_link($this->u_action), E_USER_WARNING);
-				}
-
-				if (strlen($bbcode_match) > 4000)
-				{
-					trigger_error($user->lang['BBCODE_TAG_DEF_TOO_LONG'] . adm_back_link($this->u_action), E_USER_WARNING);
-				}
-				
-				
-				if (strlen($bbcode_helpline) > 255)
-				{
-					trigger_error($user->lang['BBCODE_HELPLINE_TOO_LONG'] . adm_back_link($this->u_action), E_USER_WARNING);
-				}
-
-				$sql_ary = array(
-					'bbcode_tag'				=> $data['bbcode_tag'],
-					'bbcode_match'				=> $bbcode_match,
-					'bbcode_tpl'				=> $bbcode_tpl,
-					'display_on_posting'		=> $display_on_posting,
-					'bbcode_helpline'			=> $bbcode_helpline,
-					'first_pass_match'			=> $data['first_pass_match'],
-					'first_pass_replace'		=> $data['first_pass_replace'],
-					'second_pass_match'			=> $data['second_pass_match'],
-					'second_pass_replace'		=> $data['second_pass_replace']
-				);
-
-				if ($action == 'create')
-				{
-					$sql = 'SELECT MAX(bbcode_id) as max_bbcode_id
-						FROM ' . BBCODES_TABLE;
-					$result = $db->sql_query($sql);
-					$row = $db->sql_fetchrow($result);
-					$db->sql_freeresult($result);
-
-					if ($row)
-					{
-						$bbcode_id = $row['max_bbcode_id'] + 1;
-
-						// Make sure it is greater than the core bbcode ids...
-						if ($bbcode_id <= NUM_CORE_BBCODES)
+						// Grab the end, interrogate the last closing tag
+						if ($info['test'] === '1' || in_array(strtolower($data['bbcode_tag']), $hard_coded) || (preg_match('#\[/([^[]*)]$#', $bbcode_match, $regs) && in_array(strtolower($regs[1]), $hard_coded)))
 						{
-							$bbcode_id = NUM_CORE_BBCODES + 1;
+							trigger_error($user->lang['BBCODE_INVALID_TAG_NAME'] . adm_back_link($this->u_action), E_USER_WARNING);
 						}
 					}
+
+					if (substr($data['bbcode_tag'], -1) === '=')
+					{
+						$test = substr($data['bbcode_tag'], 0, -1);
+					}
 					else
 					{
-						$bbcode_id = NUM_CORE_BBCODES + 1;
+						$test = $data['bbcode_tag'];
 					}
 
-					if ($bbcode_id > 1511)
+					if (!preg_match('%\\[' . $test . '[^]]*].*?\\[/' . $test . ']%s', $bbcode_match))
 					{
-						trigger_error($user->lang['TOO_MANY_BBCODES'] . adm_back_link($this->u_action), E_USER_WARNING);
+						trigger_error($user->lang['BBCODE_OPEN_ENDED_TAG'] . adm_back_link($this->u_action), E_USER_WARNING);
 					}
 
-					$sql_ary['bbcode_id'] = (int) $bbcode_id;
+					if (strlen($data['bbcode_tag']) > 16)
+					{
+						trigger_error($user->lang['BBCODE_TAG_TOO_LONG'] . adm_back_link($this->u_action), E_USER_WARNING);
+					}
 
-					$db->sql_query('INSERT INTO ' . BBCODES_TABLE . $db->sql_build_array('INSERT', $sql_ary));
-					$cache->destroy('sql', BBCODES_TABLE);
+					if (strlen($bbcode_match) > 4000)
+					{
+						trigger_error($user->lang['BBCODE_TAG_DEF_TOO_LONG'] . adm_back_link($this->u_action), E_USER_WARNING);
+					}
 
-					$lang = 'BBCODE_ADDED';
-					$log_action = 'LOG_BBCODE_ADD';
+
+					if (strlen($bbcode_helpline) > 255)
+					{
+						trigger_error($user->lang['BBCODE_HELPLINE_TOO_LONG'] . adm_back_link($this->u_action), E_USER_WARNING);
+					}
+
+					$sql_ary = array(
+						'bbcode_tag'				=> $data['bbcode_tag'],
+						'bbcode_match'				=> $bbcode_match,
+						'bbcode_tpl'				=> $bbcode_tpl,
+						'display_on_posting'		=> $display_on_posting,
+						'bbcode_helpline'			=> $bbcode_helpline,
+						'first_pass_match'			=> $data['first_pass_match'],
+						'first_pass_replace'		=> $data['first_pass_replace'],
+						'second_pass_match'			=> $data['second_pass_match'],
+						'second_pass_replace'		=> $data['second_pass_replace']
+					);
+
+					if ($action == 'create')
+					{
+						$sql = 'SELECT MAX(bbcode_id) as max_bbcode_id
+							FROM ' . BBCODES_TABLE;
+						$result = $db->sql_query($sql);
+						$row = $db->sql_fetchrow($result);
+						$db->sql_freeresult($result);
+
+						if ($row)
+						{
+							$bbcode_id = $row['max_bbcode_id'] + 1;
+
+							// Make sure it is greater than the core bbcode ids...
+							if ($bbcode_id <= NUM_CORE_BBCODES)
+							{
+								$bbcode_id = NUM_CORE_BBCODES + 1;
+							}
+						}
+						else
+						{
+							$bbcode_id = NUM_CORE_BBCODES + 1;
+						}
+
+						if ($bbcode_id > 1511)
+						{
+							trigger_error($user->lang['TOO_MANY_BBCODES'] . adm_back_link($this->u_action), E_USER_WARNING);
+						}
+
+						$sql_ary['bbcode_id'] = (int) $bbcode_id;
+
+						$db->sql_query('INSERT INTO ' . BBCODES_TABLE . $db->sql_build_array('INSERT', $sql_ary));
+						$cache->destroy('sql', BBCODES_TABLE);
+
+						$lang = 'BBCODE_ADDED';
+						$log_action = 'LOG_BBCODE_ADD';
+					}
+					else
+					{
+						$sql = 'UPDATE ' . BBCODES_TABLE . '
+							SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
+							WHERE bbcode_id = ' . $bbcode_id;
+						$db->sql_query($sql);
+						$cache->destroy('sql', BBCODES_TABLE);
+
+						$lang = 'BBCODE_EDITED';
+						$log_action = 'LOG_BBCODE_EDIT';
+					}
+
+					add_log('admin', $log_action, $data['bbcode_tag']);
+
+					trigger_error($user->lang[$lang] . adm_back_link($this->u_action));
 				}
 				else
 				{
-					$sql = 'UPDATE ' . BBCODES_TABLE . '
-						SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
-						WHERE bbcode_id = ' . $bbcode_id;
-					$db->sql_query($sql);
-					$cache->destroy('sql', BBCODES_TABLE);
-
-					$lang = 'BBCODE_EDITED';
-					$log_action = 'LOG_BBCODE_EDIT';
+					confirm_box(false, $user->lang['BBCODE_DANGER'], build_hidden_fields(array(
+						'action'				=> $action,
+						'bbcode'				=> $bbcode_id,
+						'bbcode_match'			=> $bbcode_match,
+						'bbcode_tpl'			=> htmlspecialchars($bbcode_tpl),
+						'bbcode_helpline'		=> $bbcode_helpline,
+						'display_on_posting'	=> $display_on_posting,
+						))
+					, 'confirm_bbcode.html');
 				}
 
-				add_log('admin', $log_action, $data['bbcode_tag']);
-
-				trigger_error($user->lang[$lang] . adm_back_link($this->u_action));
-
 			break;
 
 			case 'delete':
@@ -299,6 +315,18 @@ class acp_bbcodes
 	{
 		$bbcode_match = trim($bbcode_match);
 		$bbcode_tpl = trim($bbcode_tpl);
+		$utf8 = strpos($bbcode_match, 'INTTEXT') !== false;
+
+		// make sure we have utf8 support
+		$utf8_pcre_properties = false;
+		if (version_compare(PHP_VERSION, '5.1.0', '>=') || (version_compare(PHP_VERSION, '5.0.0-dev', '<=') && version_compare(PHP_VERSION, '4.4.0', '>=')))
+		{
+			// While this is the proper range of PHP versions, PHP may not be linked with the bundled PCRE lib and instead with an older version
+			if (@preg_match('/\p{L}/u', 'a') !== false)
+			{
+				$utf8_pcre_properties = true;
+			}
+		}
 
 		$fp_match = preg_quote($bbcode_match, '!');
 		$fp_replace = preg_replace('#^\[(.*?)\]#', '[$1:$uid]', $bbcode_match);
@@ -326,6 +354,9 @@ class acp_bbcodes
 			'SIMPLETEXT' => array(
 				'!([a-zA-Z0-9-+.,_ ]+)!'	 =>	"$1"
 			),
+			'INTTEXT' => array(
+				($utf8_pcre_properties) ? '!([\p{L}\p{N}\-+,_. ]+)!u' : '!([a-zA-Z0-9\-+,_. ]+)!u'	 =>	"$1"
+			),
 			'IDENTIFIER' => array(
 				'!([a-zA-Z0-9-_]+)!'	 =>	"$1"
 			),
@@ -343,6 +374,7 @@ class acp_bbcodes
 			'EMAIL' => '(' . get_preg_expression('email') . ')',
 			'TEXT' => '(.*?)',
 			'SIMPLETEXT' => '([a-zA-Z0-9-+.,_ ]+)',
+			'INTTEXT' => ($utf8_pcre_properties) ? '([\p{L}\p{N}\-+,_. ]+)' : '([a-zA-Z0-9\-+,_. ]+)',
 			'IDENTIFIER' => '([a-zA-Z0-9-_]+)',
 			'COLOR' => '([a-zA-Z]+|#[0-9abcdefABCDEF]+)',
 			'NUMBER' => '([0-9]+)',
@@ -350,6 +382,7 @@ class acp_bbcodes
 
 		$pad = 0;
 		$modifiers = 'i';
+		$modifiers .= ($utf8 && $utf8_pcre_properties) ? 'u' : '';
 
 		if (preg_match_all('/\{(' . implode('|', array_keys($tokens)) . ')[0-9]*\}/i', $bbcode_match, $m))
 		{
@@ -398,7 +431,7 @@ class acp_bbcodes
 			}
 
 			$fp_match = '!' . $fp_match . '!' . $modifiers;
-			$sp_match = '!' . $sp_match . '!s';
+			$sp_match = '!' . $sp_match . '!s' . (($utf8) ? 'u' : '');
 
 			if (strpos($fp_match, 'e') !== false)
 			{

phpBB/includes/acp/acp_board.php

@@ -29,11 +29,12 @@ class acp_board
 	{
 		global $db, $user, $auth, $template;
 		global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx;
+		global $cache;
 
 		$user->add_lang('acp/board');
 
 		$action	= request_var('action', '');
-		$submit = (isset($_POST['submit'])) ? true : false;
+		$submit = (isset($_POST['submit']) || isset($_POST['allow_quick_reply_enable'])) ? true : false;
 
 		$form_key = 'acp_board';
 		add_form_key($form_key);
@@ -57,7 +58,7 @@ class acp_board
 						'board_disable_msg'		=> false,
 						'default_lang'			=> array('lang' => 'DEFAULT_LANGUAGE',		'validate' => 'lang',	'type' => 'select', 'function' => 'language_select', 'params' => array('{CONFIG_VALUE}'), 'explain' => false),
 						'default_dateformat'	=> array('lang' => 'DEFAULT_DATE_FORMAT',	'validate' => 'string',	'type' => 'custom', 'method' => 'dateformat_select', 'explain' => true),
-						'board_timezone'		=> array('lang' => 'SYSTEM_TIMEZONE',		'validate' => 'string',	'type' => 'select', 'function' => 'tz_select', 'params' => array('{CONFIG_VALUE}', 1), 'explain' => false),
+						'board_timezone'		=> array('lang' => 'SYSTEM_TIMEZONE',		'validate' => 'string',	'type' => 'select', 'function' => 'tz_select', 'params' => array('{CONFIG_VALUE}', 1), 'explain' => true),
 						'board_dst'				=> array('lang' => 'SYSTEM_DST',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
 						'default_style'			=> array('lang' => 'DEFAULT_STYLE',			'validate' => 'int',	'type' => 'select', 'function' => 'style_select', 'params' => array('{CONFIG_VALUE}', false), 'explain' => false),
 						'override_user_style'	=> array('lang' => 'OVERRIDE_STYLE',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
@@ -88,7 +89,7 @@ class acp_board
 						'allow_nocensors'		=> array('lang' => 'ALLOW_NO_CENSORS',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'allow_bookmarks'		=> array('lang' => 'ALLOW_BOOKMARKS',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'allow_birthdays'		=> array('lang' => 'ALLOW_BIRTHDAYS',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
-						'allow_quick_reply'		=> array('lang' => 'ALLOW_QUICK_REPLY',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
+						'allow_quick_reply'		=> array('lang' => 'ALLOW_QUICK_REPLY',		'validate' => 'bool',	'type' => 'custom', 'method' => 'quick_reply', 'explain' => true),
 
 						'legend2'				=> 'ACP_LOAD_SETTINGS',
 						'load_birthdays'		=> array('lang' => 'YES_BIRTHDAYS',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
@@ -172,7 +173,7 @@ class acp_board
 						'allow_nocensors'		=> array('lang' => 'ALLOW_NO_CENSORS',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'allow_bookmarks'		=> array('lang' => 'ALLOW_BOOKMARKS',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'enable_post_confirm'	=> array('lang' => 'VISUAL_CONFIRM_POST',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
-						'allow_quick_reply'		=> array('lang' => 'ALLOW_QUICK_REPLY',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
+						'allow_quick_reply'		=> array('lang' => 'ALLOW_QUICK_REPLY',		'validate' => 'bool',	'type' => 'custom', 'method' => 'quick_reply', 'explain' => true),
 
 						'legend2'				=> 'POSTING',
 						'bump_type'				=> false,
@@ -266,14 +267,22 @@ class acp_board
 						'legend1'					=> 'ACP_FEED_GENERAL',
 						'feed_enable'				=> array('lang' => 'ACP_FEED_ENABLE',				'validate' => 'bool',	'type' => 'radio:enabled_disabled',	'explain' => true ),
 						'feed_item_statistics'		=> array('lang' => 'ACP_FEED_ITEM_STATISTICS',		'validate' => 'bool',	'type' => 'radio:enabled_disabled',	'explain' => true),
-						'feed_limit'				=> array('lang' => 'ACP_FEED_LIMIT',				'validate' => 'int:5',	'type' => 'text:3:4',				'explain' => true),
-						'feed_overall_forums'		=> array('lang'	=> 'ACP_FEED_OVERALL_FORUMS',		'validate' => 'bool',	'type' => 'radio:enabled_disabled',	'explain' => true ),
-						'feed_overall_forums_limit'	=> array('lang' => 'ACP_FEED_OVERALL_FORUMS_LIMIT',	'validate' => 'int:5',	'type' => 'text:3:4',				'explain' => false),
-						'feed_overall_topics'		=> array('lang' => 'ACP_FEED_OVERALL_TOPIC',		'validate' => 'bool',	'type' => 'radio:enabled_disabled',	'explain' => true ),
-						'feed_overall_topics_limit'	=> array('lang' => 'ACP_FEED_OVERALL_TOPIC_LIMIT',	'validate' => 'int:5',	'type' => 'text:3:4',				'explain' => false),
+						'feed_http_auth'			=> array('lang' => 'ACP_FEED_HTTP_AUTH',			'validate' => 'bool',	'type' => 'radio:enabled_disabled',	'explain' => true),
+
+						'legend2'					=> 'ACP_FEED_POST_BASED',
+						'feed_limit_post'			=> array('lang' => 'ACP_FEED_LIMIT',				'validate' => 'int:5',	'type' => 'text:3:4',				'explain' => true),
+						'feed_overall'				=> array('lang' => 'ACP_FEED_OVERALL',				'validate' => 'bool',	'type' => 'radio:enabled_disabled',	'explain' => true ),
 						'feed_forum'				=> array('lang' => 'ACP_FEED_FORUM',				'validate' => 'bool',	'type' => 'radio:enabled_disabled',	'explain' => true ),
 						'feed_topic'				=> array('lang' => 'ACP_FEED_TOPIC',				'validate' => 'bool',	'type' => 'radio:enabled_disabled',	'explain' => true ),
+
+						'legend3'					=> 'ACP_FEED_TOPIC_BASED',
+						'feed_limit_topic'			=> array('lang' => 'ACP_FEED_LIMIT',				'validate' => 'int:5',	'type' => 'text:3:4',				'explain' => true),
+						'feed_topics_new'			=> array('lang' => 'ACP_FEED_TOPICS_NEW',			'validate' => 'bool',	'type' => 'radio:enabled_disabled',	'explain' => true ),
+						'feed_topics_active'		=> array('lang' => 'ACP_FEED_TOPICS_ACTIVE',		'validate' => 'bool',	'type' => 'radio:enabled_disabled',	'explain' => true ),
 						'feed_news_id'				=> array('lang' => 'ACP_FEED_NEWS',					'validate' => 'string',	'type' => 'custom', 'method' => 'select_news_forums', 'explain' => true),
+
+						'legend4'					=> 'ACP_FEED_SETTINGS_OTHER',
+						'feed_overall_forums'		=> array('lang'	=> 'ACP_FEED_OVERALL_FORUMS',		'validate' => 'bool',	'type' => 'radio:enabled_disabled',	'explain' => true ),
 						'feed_exclude_id'			=> array('lang' => 'ACP_FEED_EXCLUDE_ID',			'validate' => 'string',	'type' => 'custom', 'method' => 'select_exclude_forums', 'explain' => true),
 					)
 				);
@@ -310,6 +319,7 @@ class acp_board
 						'load_online_guests'	=> array('lang' => 'YES_ONLINE_GUESTS',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'load_onlinetrack'		=> array('lang' => 'YES_ONLINE_TRACK',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'load_birthdays'		=> array('lang' => 'YES_BIRTHDAYS',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
+						'load_unreads_search'	=> array('lang' => 'YES_UNREAD_SEARCH',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
 						'load_moderators'		=> array('lang' => 'YES_MODERATORS',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
 						'load_jumpbox'			=> array('lang' => 'YES_JUMPBOX',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
 						'load_user_activity'	=> array('lang' => 'LOAD_USER_ACTIVITY',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
@@ -463,12 +473,20 @@ class acp_board
 			if ($submit)
 			{
 				set_config($config_name, $config_value);
+
+				if ($config_name == 'allow_quick_reply' && isset($_POST['allow_quick_reply_enable']))
+				{
+					enable_bitfield_column_flag(FORUMS_TABLE, 'forum_flags', log(FORUM_FLAG_QUICK_REPLY, 2));
+				}
 			}
 		}
 
 		// Store news and exclude ids
 		if ($mode == 'feed' && $submit)
 		{
+			$cache->destroy('_feed_news_forum_ids');
+			$cache->destroy('_feed_excluded_forum_ids');
+
 			$this->store_feed_forums(FORUM_OPTION_FEED_NEWS, 'feed_news_id');
 			$this->store_feed_forums(FORUM_OPTION_FEED_EXCLUDE, 'feed_exclude_id');
 		}
@@ -846,6 +864,20 @@ class acp_board
 		return h_radio('config[board_disable]', $radio_ary, $value) . '<br /><input id="' . $key . '" type="text" name="config[board_disable_msg]" maxlength="255" size="40" value="' . $this->new_config['board_disable_msg'] . '" />';
 	}
 
+	/**
+	* Global quick reply enable/disable setting and button to enable in all forums
+	*/
+	function quick_reply($value, $key)
+	{
+		global $user;
+
+		$radio_ary = array(1 => 'YES', 0 => 'NO');
+
+		return h_radio('config[allow_quick_reply]', $radio_ary, $value) .
+			'<br /><br /><input class="button2" type="submit" id="' . $key . '_enable" name="' . $key . '_enable" value="' . $user->lang['ALLOW_QUICK_REPLY_BUTTON'] . '" />';
+	}
+
+
 	/**
 	* Select default dateformat
 	*/
@@ -857,8 +889,8 @@ class acp_board
 		$old_tz = $user->timezone;
 		$old_dst = $user->dst;
 
-		$user->timezone = $config['board_timezone'];
-		$user->dst = $config['board_dst'];
+		$user->timezone = $config['board_timezone'] * 3600;
+		$user->dst = $config['board_dst'] * 3600;
 
 		$dateformat_options = '';
 
@@ -910,7 +942,7 @@ class acp_board
 	{
 		global $user, $config;
 
-		$forum_list = make_forum_select(false, false, true, false, false, false, true);
+		$forum_list = make_forum_select(false, false, true, true, true, false, true);
 
 		// Build forum options
 		$s_forum_options = '<select id="' . $key . '" name="' . $key . '[]" multiple="multiple">';

phpBB/includes/acp/acp_captcha.php

@@ -30,10 +30,13 @@ class acp_captcha
 		$user->add_lang('acp/board');
 
 		include($phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx);
+		$captchas = phpbb_captcha_factory::get_captcha_types();
 
 		$selected = request_var('select_captcha', $config['captcha_plugin']);
+		$selected = (isset($captchas['available'][$selected]) || isset($captchas['unavailable'][$selected])) ? $selected : $config['captcha_plugin'];
 		$configure = request_var('configure', false);
 
+
 		// Oh, they are just here for the view
 		if (isset($_GET['captcha_demo']))
 		{
@@ -45,17 +48,15 @@ class acp_captcha
 		{
 			$config_captcha =& phpbb_captcha_factory::get_instance($selected);
 			$config_captcha->acp_page($id, $this);
-			add_log('admin', 'LOG_CONFIG_VISUAL');
 		}
 		else
 		{
-			$captchas = phpbb_captcha_factory::get_captcha_types();
-
 			$config_vars = array(
 				'enable_confirm'		=> array('tpl' => 'REG_ENABLE', 'default' => false),
 				'enable_post_confirm'	=> array('tpl' => 'POST_ENABLE', 'default' => false),
 				'confirm_refresh'		=> array('tpl' => 'CONFIRM_REFRESH', 'default' => false),
 				'max_reg_attempts'		=> array('tpl' => 'REG_LIMIT', 'default' => 0),
+				'max_login_attempts'		=> array('tpl' => 'MAX_LOGIN_ATTEMPTS', 'default' => 0),
 			);
 
 			$this->tpl_name = 'acp_captcha';
@@ -88,14 +89,14 @@ class acp_captcha
 					}
 					else
 					{
-						trigger_error($user->lang['CAPTCHA_UNAVAILABLE'] . adm_back_link($this->u_action));
+						trigger_error($user->lang['CAPTCHA_UNAVAILABLE'] . adm_back_link($this->u_action), E_USER_WARNING);
 					}
 				}
 				trigger_error($user->lang['CONFIG_UPDATED'] . adm_back_link($this->u_action));
 			}
 			else if ($submit)
 			{
-				trigger_error($user->lang['FORM_INVALID'] . adm_back_link());
+				trigger_error($user->lang['FORM_INVALID'] . adm_back_link(), E_USER_WARNING);
 			}
 			else
 			{

phpBB/includes/acp/acp_database.php

@@ -109,6 +109,7 @@ class acp_database
 
 							case 'mssql':
 							case 'mssql_odbc':
+							case 'mssqlnative':
 								$extractor = new mssql_extractor($download, $store, $format, $filename, $time);
 							break;
 
@@ -138,11 +139,12 @@ class acp_database
 
 									case 'mssql':
 									case 'mssql_odbc':
+									case 'mssqlnative':
 										$extractor->flush('TRUNCATE TABLE ' . $table_name . "GO\n");
 									break;
 
 									case 'oracle':
-										$extractor->flush('TRUNCATE TABLE ' . $table_name . "\\\n");
+										$extractor->flush('TRUNCATE TABLE ' . $table_name . "/\n");
 									break;
 
 									default:
@@ -392,6 +394,7 @@ class acp_database
 
 								case 'mssql':
 								case 'mssql_odbc':
+								case 'mssqlnative':
 									while (($sql = $fgetd($fp, "GO\n", $read, $seek, $eof)) !== false)
 									{
 										$db->sql_query($sql);
@@ -435,7 +438,7 @@ class acp_database
 								{
 									if (in_array($matches[2], $methods))
 									{
-										$backup_files[gmdate("d-m-Y H:i:s", $matches[1])] = $file;
+										$backup_files[(int) $matches[1]] = $file;
 									}
 								}
 							}
@@ -450,7 +453,7 @@ class acp_database
 							{
 								$template->assign_block_vars('files', array(
 									'FILE'		=> $file,
-									'NAME'		=> $name,
+									'NAME'		=> $user->format_date($name, 'd-m-Y H:i:s', true),
 									'SUPPORTED'	=> true,
 								));
 							}
@@ -1509,6 +1512,10 @@ class mssql_extractor extends base_extractor
 		{
 			$this->write_data_mssql($table_name);
 		}
+		else if($db->sql_layer === 'mssqlnative')
+		{
+			$this->write_data_mssqlnative($table_name);
+		}
 		else
 		{
 			$this->write_data_odbc($table_name);
@@ -1608,7 +1615,111 @@ class mssql_extractor extends base_extractor
 		}
 		$this->flush($sql_data);
 	}
+	
+	function write_data_mssqlnative($table_name)
+	{
+		global $db;
+		$ary_type = $ary_name = array();
+		$ident_set = false;
+		$sql_data = '';
 
+		// Grab all of the data from current table.
+		$sql = "SELECT * FROM $table_name";
+		$db->mssqlnative_set_query_options(array('Scrollable' => SQLSRV_CURSOR_STATIC));
+		$result = $db->sql_query($sql);
+
+		$retrieved_data = $db->mssqlnative_num_rows($result);
+
+		if (!$retrieved_data)
+		{
+			$db->sql_freeresult($result);
+			return;
+		}
+
+		$sql = "SELECT * FROM $table_name";
+		$result_fields = $db->sql_query_limit($sql, 1);
+
+		$row = new result_mssqlnative($result_fields);
+		$i_num_fields = $row->num_fields();
+		
+		for ($i = 0; $i < $i_num_fields; $i++)
+		{
+			$ary_type[$i] = $row->field_type($i);
+			$ary_name[$i] = $row->field_name($i);
+		}
+		$db->sql_freeresult($result_fields);
+
+		$sql = "SELECT 1 as has_identity
+			FROM INFORMATION_SCHEMA.COLUMNS
+			WHERE COLUMNPROPERTY(object_id('$table_name'), COLUMN_NAME, 'IsIdentity') = 1";
+		$result2 = $db->sql_query($sql);
+		$row2 = $db->sql_fetchrow($result2);
+		
+		if (!empty($row2['has_identity']))
+		{
+			$sql_data .= "\nSET IDENTITY_INSERT $table_name ON\nGO\n";
+			$ident_set = true;
+		}
+		$db->sql_freeresult($result2);
+
+		while ($row = $db->sql_fetchrow($result))
+		{
+			$schema_vals = $schema_fields = array();
+
+			// Build the SQL statement to recreate the data.
+			for ($i = 0; $i < $i_num_fields; $i++)
+			{
+				$str_val = $row[$ary_name[$i]];
+
+				// defaults to type number - better quote just to be safe, so check for is_int too
+				if (is_int($ary_type[$i]) || preg_match('#char|text|bool|varbinary#i', $ary_type[$i]))
+				{
+					$str_quote = '';
+					$str_empty = "''";
+					$str_val = sanitize_data_mssql(str_replace("'", "''", $str_val));
+				}
+				else if (preg_match('#date|timestamp#i', $ary_type[$i]))
+				{
+					if (empty($str_val))
+					{
+						$str_quote = '';
+					}
+					else
+					{
+						$str_quote = "'";
+					}
+				}
+				else
+				{
+					$str_quote = '';
+					$str_empty = 'NULL';
+				}
+
+				if (empty($str_val) && $str_val !== '0' && !(is_int($str_val) || is_float($str_val)))
+				{
+					$str_val = $str_empty;
+				}
+
+				$schema_vals[$i] = $str_quote . $str_val . $str_quote;
+				$schema_fields[$i] = $ary_name[$i];
+			}
+
+			// Take the ordered fields and their associated data and build it
+			// into a valid sql statement to recreate that field in the data.
+			$sql_data .= "INSERT INTO $table_name (" . implode(', ', $schema_fields) . ') VALUES (' . implode(', ', $schema_vals) . ");\nGO\n";
+
+			$this->flush($sql_data);
+			$sql_data = '';
+		}
+		$db->sql_freeresult($result);
+
+		if ($ident_set)
+		{
+			$sql_data .= "\nSET IDENTITY_INSERT $table_name OFF\nGO\n";
+		}
+		$this->flush($sql_data);
+	}	
+	
 	function write_data_odbc($table_name)
 	{
 		global $db;
@@ -1716,8 +1827,7 @@ class oracle_extractor extends base_extractor
 	{
 		global $db;
 		$sql_data = '-- Table: ' . $table_name . "\n";
-		$sql_data .= "DROP TABLE $table_name;\n";
-		$sql_data .= '\\' . "\n";
+		$sql_data .= "DROP TABLE $table_name\n/\n";
 		$sql_data .= "\nCREATE TABLE $table_name (\n";
 
 		$sql = "SELECT COLUMN_NAME, DATA_TYPE, DATA_PRECISION, DATA_LENGTH, NULLABLE, DATA_DEFAULT
@@ -1732,7 +1842,7 @@ class oracle_extractor extends base_extractor
 
 			if ($row['data_type'] !== 'CLOB')
 			{
-				if ($row['data_type'] !== 'VARCHAR2')
+				if ($row['data_type'] !== 'VARCHAR2' && $row['data_type'] !== 'CHAR')
 				{
 					$line .= '(' . $row['data_precision'] . ')';
 				}
@@ -1762,12 +1872,20 @@ class oracle_extractor extends base_extractor
 				AND A.TABLE_NAME = '{$table_name}'";
 		$result = $db->sql_query($sql);
 
+		$primary_key = array();
+		$contraint_name = '';
 		while ($row = $db->sql_fetchrow($result))
 		{
-			$rows[] = "  CONSTRAINT {$row['constraint_name']} PRIMARY KEY ({$row['column_name']})";
+			$constraint_name = '"' . $row['constraint_name'] . '"';
+			$primary_key[] = '"' . $row['column_name'] . '"';
 		}
 		$db->sql_freeresult($result);
 
+		if (sizeof($primary_key))
+		{
+			$rows[] = "  CONSTRAINT {$constraint_name} PRIMARY KEY (" . implode(', ', $primary_key) . ')';
+		}
+
 		$sql = "SELECT A.CONSTRAINT_NAME, A.COLUMN_NAME
 			FROM USER_CONS_COLUMNS A, USER_CONSTRAINTS B
 			WHERE A.CONSTRAINT_NAME = B.CONSTRAINT_NAME
@@ -1775,24 +1893,44 @@ class oracle_extractor extends base_extractor
 				AND A.TABLE_NAME = '{$table_name}'";
 		$result = $db->sql_query($sql);
 
+		$unique = array();
+		$contraint_name = '';
 		while ($row = $db->sql_fetchrow($result))
 		{
-			$rows[] = "  CONSTRAINT {$row['constraint_name']} UNIQUE ({$row['column_name']})";
+			$constraint_name = '"' . $row['constraint_name'] . '"';
+			$unique[] = '"' . $row['column_name'] . '"';
 		}
 		$db->sql_freeresult($result);
 
-		$sql_data .= implode(",\n", $rows);
-		$sql_data .= "\n)\n\\";
+		if (sizeof($unique))
+		{
+			$rows[] = "  CONSTRAINT {$constraint_name} UNIQUE (" . implode(', ', $unique) . ')';
+		}
 
-		$sql = "SELECT A.REFERENCED_NAME
-			FROM USER_DEPENDENCIES A, USER_TRIGGERS B
+		$sql_data .= implode(",\n", $rows);
+		$sql_data .= "\n)\n/\n";
+
+		$sql = "SELECT A.REFERENCED_NAME, C.*
+			FROM USER_DEPENDENCIES A, USER_TRIGGERS B, USER_SEQUENCES C
 			WHERE A.REFERENCED_TYPE = 'SEQUENCE'
 				AND A.NAME = B.TRIGGER_NAME
-				AND B. TABLE_NAME = '{$table_name}'";
+				AND B.TABLE_NAME = '{$table_name}'
+				AND C.SEQUENCE_NAME = A.REFERENCED_NAME";
 		$result = $db->sql_query($sql);
+
+		$type = request_var('type', '');
+
 		while ($row = $db->sql_fetchrow($result))
 		{
-			$sql_data .= "\nCREATE SEQUENCE {$row['referenced_name']}\\\n";
+			$sql_data .= "\nDROP SEQUENCE \"{$row['referenced_name']}\"\n/\n";
+			$sql_data .= "\nCREATE SEQUENCE \"{$row['referenced_name']}\"";
+
+			if ($type == 'full')
+			{
+				$sql_data .= ' START WITH ' . $row['last_number'];
+			}
+
+			$sql_data .= "\n/\n";
 		}
 		$db->sql_freeresult($result);
 
@@ -1802,7 +1940,7 @@ class oracle_extractor extends base_extractor
 		$result = $db->sql_query($sql);
 		while ($row = $db->sql_fetchrow($result))
 		{
-			$sql_data .= "\nCREATE OR REPLACE TRIGGER {$row['description']}WHEN ({$row['when_clause']})\n{$row['trigger_body']}\\";
+			$sql_data .= "\nCREATE OR REPLACE TRIGGER {$row['description']}WHEN ({$row['when_clause']})\n{$row['trigger_body']}\n/\n";
 		}
 		$db->sql_freeresult($result);
 
@@ -1822,7 +1960,7 @@ class oracle_extractor extends base_extractor
 
 		foreach ($index as $index_name => $column_names)
 		{
-			$sql_data .= "\nCREATE INDEX $index_name ON $table_name(" . implode(', ', $column_names) . ")\n\\";
+			$sql_data .= "\nCREATE INDEX $index_name ON $table_name(" . implode(', ', $column_names) . ")\n/\n";
 		}
 		$db->sql_freeresult($result);
 		$this->flush($sql_data);
@@ -1858,7 +1996,7 @@ class oracle_extractor extends base_extractor
 				// Oracle uses uppercase - we use lowercase
 				$str_val = $row[strtolower($ary_name[$i])];
 
-				if (preg_match('#char|text|bool|raw#i', $ary_type[$i]))
+				if (preg_match('#char|text|bool|raw|clob#i', $ary_type[$i]))
 				{
 					$str_quote = '';
 					$str_empty = "''";
@@ -1892,7 +2030,7 @@ class oracle_extractor extends base_extractor
 
 			// Take the ordered fields and their associated data and build it
 			// into a valid sql statement to recreate that field in the data.
-			$sql_data = "INSERT INTO $table_name (" . implode(', ', $schema_fields) . ') VALUES (' . implode(', ', $schema_vals) . ");\n";
+			$sql_data = "INSERT INTO $table_name (" . implode(', ', $schema_fields) . ') VALUES (' . implode(', ', $schema_vals) . ")\n/\n";
 
 			$this->flush($sql_data);
 		}
@@ -2211,8 +2349,10 @@ function sanitize_data_mssql($text)
 
 function sanitize_data_oracle($text)
 {
-	$data = preg_split('/[\0\n\t\r\b\f\'"\\\]/', $text);
-	preg_match_all('/[\0\n\t\r\b\f\'"\\\]/', $text, $matches);
+//	$data = preg_split('/[\0\n\t\r\b\f\'"\/\\\]/', $text);
+//	preg_match_all('/[\0\n\t\r\b\f\'"\/\\\]/', $text, $matches);
+	$data = preg_split('/[\0\b\f\'\/]/', $text);
+	preg_match_all('/[\0\r\b\f\'\/]/', $text, $matches);
 
 	$val = array();
 

phpBB/includes/acp/acp_forums.php

@@ -75,13 +75,6 @@ class acp_forums
 					trigger_error($user->lang['NO_PERMISSION_FORUM_ADD'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id), E_USER_WARNING);
 				}
 
-			case 'copy_perm':
-
-				if (!(($auth->acl_get('a_fauth') && $auth->acl_get('a_authusers') && $auth->acl_get('a_authgroups') && $auth->acl_get('a_mauth'))))
-				{
-					trigger_error($user->lang['NO_PERMISSION_COPY'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id), E_USER_WARNING);
-				}
-
 			break;
 		}
 
@@ -125,7 +118,6 @@ class acp_forums
 						'type_action'			=> request_var('type_action', ''),
 						'forum_status'			=> request_var('forum_status', ITEM_UNLOCKED),
 						'forum_parents'			=> '',
-						'forum_options'			=> 0,
 						'forum_name'			=> utf8_normalize_nfc(request_var('forum_name', '', true)),
 						'forum_link'			=> request_var('forum_link', ''),
 						'forum_link_track'		=> request_var('forum_link_track', false),
@@ -159,6 +151,12 @@ class acp_forums
 						'forum_password_unset'	=> request_var('forum_password_unset', false),
 					);
 
+					// On add, add empty forum_options... else do not consider it (not updating it)
+					if ($action == 'add')
+					{
+						$forum_data['forum_options'] = 0;
+					}
+
 					// Use link_display_on_index setting if forum type is link
 					if ($forum_data['forum_type'] == FORUM_LINK)
 					{
@@ -171,7 +169,7 @@ class acp_forums
 						$forum_data['forum_status'] = ITEM_UNLOCKED;
 					}
 
-					$forum_data['show_active'] = ($forum_data['forum_type'] == FORUM_POST) ? request_var('display_recent', false) : request_var('display_active', false);
+					$forum_data['show_active'] = ($forum_data['forum_type'] == FORUM_POST) ? request_var('display_recent', true) : request_var('display_active', false);
 
 					// Get data for forum rules if specified...
 					if ($forum_data['forum_rules'])
@@ -192,19 +190,22 @@ class acp_forums
 						$forum_perm_from = request_var('forum_perm_from', 0);
 						$cache->destroy('sql', FORUMS_TABLE);
 
+						$copied_permissions = false;
 						// Copy permissions?
-						if (!empty($forum_perm_from) && $forum_perm_from != $forum_data['forum_id'] &&
-							(($action != 'edit') || empty($forum_id) || ($auth->acl_get('a_fauth') && $auth->acl_get('a_authusers') && $auth->acl_get('a_authgroups') && $auth->acl_get('a_mauth'))))
+						if ($forum_perm_from && $forum_perm_from != $forum_data['forum_id'] &&
+							($action != 'edit' || empty($forum_id) || ($auth->acl_get('a_fauth') && $auth->acl_get('a_authusers') && $auth->acl_get('a_authgroups') && $auth->acl_get('a_mauth'))))
 						{
 							copy_forum_permissions($forum_perm_from, $forum_data['forum_id'], ($action == 'edit') ? true : false);
 							cache_moderators();
+							$copied_permissions = true;
 						}
-						else if (($action != 'edit') && $auth->acl_get('a_fauth') && $auth->acl_get('a_authusers') && $auth->acl_get('a_authgroups') && $auth->acl_get('a_mauth'))
+/* Commented out because of questionable UI workflow - re-visit for 3.0.7
+						else if (!$this->parent_id && $action != 'edit' && $auth->acl_get('a_fauth') && $auth->acl_get('a_authusers') && $auth->acl_get('a_authgroups') && $auth->acl_get('a_mauth'))
 						{
 							$this->copy_permission_page($forum_data);
 							return;
 						}
-
+*/
 						$auth->acl_clear_prefetch();
 
 						$acl_url = '&mode=setting_forum_local&forum_id[]=' . $forum_data['forum_id'];
@@ -212,13 +213,13 @@ class acp_forums
 						$message = ($action == 'add') ? $user->lang['FORUM_CREATED'] : $user->lang['FORUM_UPDATED'];
 
 						// Redirect to permissions
-						if ($auth->acl_get('a_fauth'))
+						if ($auth->acl_get('a_fauth') && !$copied_permissions)
 						{
 							$message .= '<br /><br />' . sprintf($user->lang['REDIRECT_ACL'], '<a href="' . append_sid("{$phpbb_admin_path}index.$phpEx", 'i=permissions' . $acl_url) . '">', '</a>');
 						}
 
 						// redirect directly to permission settings screen if authed
-						if ($action == 'add' && !$forum_perm_from && $auth->acl_get('a_fauth'))
+						if ($action == 'add' && !$copied_permissions && $auth->acl_get('a_fauth'))
 						{
 							meta_refresh(4, append_sid("{$phpbb_admin_path}index.$phpEx", 'i=permissions' . $acl_url));
 						}
@@ -443,7 +444,7 @@ class acp_forums
 							'prune_days'			=> 7,
 							'prune_viewed'			=> 7,
 							'prune_freq'			=> 1,
-							'forum_flags'			=> FORUM_FLAG_POST_REVIEW,
+							'forum_flags'			=> FORUM_FLAG_POST_REVIEW + FORUM_FLAG_ACTIVE_TOPICS,
 							'forum_options'			=> 0,
 							'forum_password'		=> '',
 							'forum_password_confirm'=> '',
@@ -640,7 +641,8 @@ class acp_forums
 					'S_PRUNE_OLD_POLLS'			=> ($forum_data['forum_flags'] & FORUM_FLAG_PRUNE_POLL) ? true : false,
 					'S_PRUNE_ANNOUNCE'			=> ($forum_data['forum_flags'] & FORUM_FLAG_PRUNE_ANNOUNCE) ? true : false,
 					'S_PRUNE_STICKY'			=> ($forum_data['forum_flags'] & FORUM_FLAG_PRUNE_STICKY) ? true : false,
-					'S_DISPLAY_ACTIVE_TOPICS'	=> ($forum_data['forum_flags'] & FORUM_FLAG_ACTIVE_TOPICS) ? true : false,
+					'S_DISPLAY_ACTIVE_TOPICS'	=> ($forum_data['forum_type'] == FORUM_POST) ? ($forum_data['forum_flags'] & FORUM_FLAG_ACTIVE_TOPICS) : true,
+					'S_ENABLE_ACTIVE_TOPICS'	=> ($forum_data['forum_type'] == FORUM_CAT) ? ($forum_data['forum_flags'] & FORUM_FLAG_ACTIVE_TOPICS) : false,
 					'S_ENABLE_POST_REVIEW'		=> ($forum_data['forum_flags'] & FORUM_FLAG_POST_REVIEW) ? true : false,
 					'S_ENABLE_QUICK_REPLY'		=> ($forum_data['forum_flags'] & FORUM_FLAG_QUICK_REPLY) ? true : false,
 					'S_CAN_COPY_PERMISSIONS'	=> ($action != 'edit' || empty($forum_id) || ($auth->acl_get('a_fauth') && $auth->acl_get('a_authusers') && $auth->acl_get('a_authgroups') && $auth->acl_get('a_mauth'))) ? true : false,
@@ -907,7 +909,7 @@ class acp_forums
 			array('lang' => 'FORUM_TOPICS_PAGE', 'value' => $forum_data['forum_topics_per_page'], 'column_type' => 'TINT:0'),
 		);
 
-		if (!file_exists($phpbb_root_path . $forum_data['forum_image']))
+		if (!empty($forum_data['forum_image']) && !file_exists($phpbb_root_path . $forum_data['forum_image']))
 		{
 			$errors[] = $user->lang['FORUM_IMAGE_NO_EXIST'];
 		}
@@ -981,7 +983,7 @@ class acp_forums
 
 				if (!$row)
 				{
-					trigger_error($user->lang['PARENT_NOT_EXIST'] . adm_back_link($this->u_action . '&amp;' . $this->parent_id), E_USER_WARNING);
+					trigger_error($user->lang['PARENT_NOT_EXIST'] . adm_back_link($this->u_action . '&amp;parent_id=' . $this->parent_id), E_USER_WARNING);
 				}
 
 				if ($row['forum_type'] == FORUM_LINK)
@@ -1640,6 +1642,9 @@ class acp_forums
 
 		delete_attachments('topic', $topic_ids, false);
 
+		// Delete shadow topics pointing to topics in this forum
+		delete_topic_shadows($forum_id);
+
 		// Before we remove anything we make sure we are able to adjust the post counts later. ;)
 		$sql = 'SELECT poster_id
 			FROM ' . POSTS_TABLE . '
@@ -1706,6 +1711,9 @@ class acp_forums
 					)
 				);
 
+				// Amount of rows we select and delete in one iteration.
+				$batch_size = 500;
+
 				foreach ($tables_ary as $field => $tables)
 				{
 					$start = 0;
@@ -1715,7 +1723,7 @@ class acp_forums
 						$sql = "SELECT $field
 							FROM " . POSTS_TABLE . '
 							WHERE forum_id = ' . $forum_id;
-						$result = $db->sql_query_limit($sql, 500, $start);
+						$result = $db->sql_query_limit($sql, $batch_size, $start);
 
 						$ids = array();
 						while ($row = $db->sql_fetchrow($result))
@@ -1734,7 +1742,7 @@ class acp_forums
 							}
 						}
 					}
-					while ($row);
+					while (sizeof($ids) == $batch_size);
 				}
 				unset($ids);
 
@@ -1919,6 +1927,7 @@ class acp_forums
 
 	/**
 	* Display copy permission page
+	* Not used at the moment - we will have a look at it for 3.0.7
 	*/
 	function copy_permission_page($forum_data)
 	{

phpBB/includes/acp/acp_groups.php

@@ -49,7 +49,7 @@ class acp_groups
 
 
 		// Clear some vars
-		$can_upload = (file_exists($phpbb_root_path . $config['avatar_path']) && @is_writable($phpbb_root_path . $config['avatar_path']) && $file_uploads) ? true : false;
+		$can_upload = (file_exists($phpbb_root_path . $config['avatar_path']) && phpbb_is_writable($phpbb_root_path . $config['avatar_path']) && $file_uploads) ? true : false;
 		$group_row = array();
 
 		// Grab basic data for group, if group_id is set and exists
@@ -394,6 +394,15 @@ class acp_groups
 						}
 					}
 
+					// Validate the length of "Maximum number of allowed recipients per private message" setting.
+					// We use 16777215 as a maximum because it matches MySQL unsigned mediumint maximum value
+					// which is the lowest amongst DBMSes supported by phpBB3
+					if ($max_recipients_error = validate_data($submit_ary, array('max_recipients' => array('num', false, 0, 16777215))))
+					{
+						// Replace "error" string with its real, localised form
+						$error = array_merge($error, array_map(array(&$user, 'lang'), $max_recipients_error));
+					}
+
 					if (!sizeof($error))
 					{
 						// Only set the rank, colour, etc. if it's changed or if we're adding a new

phpBB/includes/acp/acp_icons.php

@@ -89,16 +89,19 @@ class acp_icons
 						continue;
 					}
 
-					// adjust the width and height to be lower than 128px while perserving the aspect ratio
-					if ($img_size[0] > 127 && $img_size[0] > $img_size[1])
+					// adjust the width and height to be lower than 128px while perserving the aspect ratio (for icons)
+					if ($mode == 'icons')
 					{
-						$img_size[1] = (int) ($img_size[1] * (127 / $img_size[0]));
-						$img_size[0] = 127;
-					}
-					else if ($img_size[1] > 127)
-					{
-						$img_size[0] = (int) ($img_size[0] * (127 / $img_size[1]));
-						$img_size[1] = 127;
+						if ($img_size[0] > 127 && $img_size[0] > $img_size[1])
+						{
+							$img_size[1] = (int) ($img_size[1] * (127 / $img_size[0]));
+							$img_size[0] = 127;
+						}
+						else if ($img_size[1] > 127)
+						{
+							$img_size[0] = (int) ($img_size[0] * (127 / $img_size[1]));
+							$img_size[1] = 127;
+						}
 					}
 
 					$_images[$path . $img]['file'] = $path . $img;
@@ -363,7 +366,7 @@ class acp_icons
 				if ($mode == 'smilies' && $action == 'create')
 				{
 					$smiley_count = $this->item_count($table);
-					
+
 					$addable_smileys_count = sizeof($images);
 					foreach ($images as $image)
 					{
@@ -372,7 +375,7 @@ class acp_icons
 							--$addable_smileys_count;
 						}
 					}
-					
+
 					if ($smiley_count + $addable_smileys_count > SMILEY_LIMIT)
 					{
 						trigger_error(sprintf($user->lang['TOO_MANY_SMILIES'], SMILEY_LIMIT) . adm_back_link($this->u_action), E_USER_WARNING);
@@ -400,15 +403,19 @@ class acp_icons
 							$image_height[$image] = $img_size[1];
 						}
 
-						if ($image_width[$image] > 127 && $image_width[$image] > $image_height[$image])
+						// Adjust image width/height for icons
+						if ($mode == 'icons')
 						{
-							$image_height[$image] = (int) ($image_height[$image] * (127 / $image_width[$image]));
-							$image_width[$image] = 127;
-						}
-						else if ($image_height[$image] > 127)
-						{
-							$image_width[$image] = (int) ($image_width[$image] * (127 / $image_height[$image]));
-							$image_height[$image] = 127;
+							if ($image_width[$image] > 127 && $image_width[$image] > $image_height[$image])
+							{
+								$image_height[$image] = (int) ($image_height[$image] * (127 / $image_width[$image]));
+								$image_width[$image] = 127;
+							}
+							else if ($image_height[$image] > 127)
+							{
+								$image_width[$image] = (int) ($image_width[$image] * (127 / $image_height[$image]));
+								$image_height[$image] = 127;
+							}
 						}
 
 						$img_sql = array(
@@ -923,7 +930,7 @@ class acp_icons
 			generate_pagination($this->u_action, $item_count, $config['smilies_per_page'], $pagination_start, true)
 		);
 	}
-	
+
 	/**
 	 * Returns the count of smilies or icons in the database
 	 *
@@ -934,11 +941,12 @@ class acp_icons
 	{
 		global $db;
 
-		$sql = "SELECT COUNT(*) AS count
+		$sql = "SELECT COUNT(*) AS item_count
 			FROM $table";
 		$result = $db->sql_query($sql);
-		$item_count = (int) $db->sql_fetchfield('count');
+		$item_count = (int) $db->sql_fetchfield('item_count');
 		$db->sql_freeresult($result);
+
 		return $item_count;
 	}
 }

phpBB/includes/acp/acp_inactive.php

@@ -90,22 +90,19 @@ class acp_inactive
 
 					if ($action == 'activate')
 					{
-						if ($config['require_activation'] == USER_ACTIVATION_ADMIN)
-						{
-							// Get those 'being activated'...
-							$sql = 'SELECT user_id, username, user_email, user_lang
-								FROM ' . USERS_TABLE . '
-								WHERE ' . $db->sql_in_set('user_id', $mark) . '
-									AND user_type = ' . USER_INACTIVE;
-							$result = $db->sql_query($sql);
+						// Get those 'being activated'...
+						$sql = 'SELECT user_id, username' . (($config['require_activation'] == USER_ACTIVATION_ADMIN) ? ', user_email, user_lang' : '') . '
+							FROM ' . USERS_TABLE . '
+							WHERE ' . $db->sql_in_set('user_id', $mark) . '
+								AND user_type = ' . USER_INACTIVE;
+						$result = $db->sql_query($sql);
 
-							$inactive_users = array();
-							while ($row = $db->sql_fetchrow($result))
-							{
-								$inactive_users[] = $row;
-							}
-							$db->sql_freeresult($result);
+						$inactive_users = array();
+						while ($row = $db->sql_fetchrow($result))
+						{
+							$inactive_users[] = $row;
 						}
+						$db->sql_freeresult($result);
 
 						user_active_flip('activate', $mark);
 
@@ -136,6 +133,15 @@ class acp_inactive
 							$messenger->save_queue();
 						}
 
+						if (!empty($inactive_users))
+						{
+							foreach ($inactive_users as $row)
+							{
+								add_log('admin', 'LOG_USER_ACTIVE', $row['username']);
+								add_log('user', $row['user_id'], 'LOG_USER_ACTIVE_USER');
+							}
+						}
+
 						// For activate we really need to redirect, else a refresh can result in users being deactivated again
 						$u_action = $this->u_action . "&$u_sort_param&start=$start";
 						$u_action .= ($per_page != $config['topics_per_page']) ? "&users_per_page=$per_page" : '';

phpBB/includes/acp/acp_jabber.php

@@ -44,13 +44,13 @@ class acp_jabber
 		$this->tpl_name = 'acp_jabber';
 		$this->page_title = 'ACP_JABBER_SETTINGS';
 
-		$jab_enable			= request_var('jab_enable', $config['jab_enable']);
-		$jab_host			= request_var('jab_host', $config['jab_host']);
-		$jab_port			= request_var('jab_port', $config['jab_port']);
-		$jab_username		= request_var('jab_username', $config['jab_username']);
-		$jab_password		= request_var('jab_password', $config['jab_password']);
-		$jab_package_size	= request_var('jab_package_size', $config['jab_package_size']);
-		$jab_use_ssl		= request_var('jab_use_ssl', $config['jab_use_ssl']);
+		$jab_enable			= request_var('jab_enable',			(bool)		$config['jab_enable']);
+		$jab_host			= request_var('jab_host',			(string)	$config['jab_host']);
+		$jab_port			= request_var('jab_port',			(int)		$config['jab_port']);
+		$jab_username		= request_var('jab_username',		(string)	$config['jab_username']);
+		$jab_password		= request_var('jab_password',		(string)	$config['jab_password']);
+		$jab_package_size	= request_var('jab_package_size',	(int)		$config['jab_package_size']);
+		$jab_use_ssl		= request_var('jab_use_ssl',		(bool)		$config['jab_use_ssl']);
 
 		$form_name = 'acp_jabber';
 		add_form_key($form_name);
@@ -117,7 +117,7 @@ class acp_jabber
 			'JAB_ENABLE'			=> $jab_enable,
 			'L_JAB_SERVER_EXPLAIN'	=> sprintf($user->lang['JAB_SERVER_EXPLAIN'], '<a href="http://www.jabber.org/">', '</a>'),
 			'JAB_HOST'				=> $jab_host,
-			'JAB_PORT'				=> $jab_port,
+			'JAB_PORT'				=> ($jab_port) ? $jab_port : '',
 			'JAB_USERNAME'			=> $jab_username,
 			'JAB_PASSWORD'			=> $jab_password,
 			'JAB_PACKAGE_SIZE'		=> $jab_package_size,

phpBB/includes/acp/acp_language.php

@@ -1120,7 +1120,12 @@ class acp_language
 		{
 			while (($file = readdir($dp)) !== false)
 			{
-				if ($file[0] != '.' && file_exists("{$phpbb_root_path}language/$file/iso.txt"))
+				if ($file[0] == '.' || !is_dir($phpbb_root_path . 'language/' . $file))
+				{
+					continue;
+				}
+
+				if (file_exists("{$phpbb_root_path}language/$file/iso.txt"))
 				{
 					if (!in_array($file, $installed))
 					{

phpBB/includes/acp/acp_main.php

@@ -398,6 +398,14 @@ class acp_main
 		// Version check
 		$user->add_lang('install');
 
+		if ($auth->acl_get('a_server') && version_compare(PHP_VERSION, '5.2.0', '<'))
+		{
+			$template->assign_vars(array(
+				'S_PHP_VERSION_OLD'	=> true,
+				'L_PHP_VERSION_OLD'	=> sprintf($user->lang['PHP_VERSION_OLD'], '<a href="http://www.phpbb.com/community/viewtopic.php?f=14&amp;t=1958605">', '</a>'),
+			));
+		}
+
 		$latest_version_info = false;
 		if (($latest_version_info = obtain_latest_version_info(request_var('versioncheck_force', false))) === false)
 		{

phpBB/includes/acp/acp_php_info.php

@@ -35,9 +35,9 @@ class acp_php_info
 
 		$this->tpl_name = 'acp_php_info';
 		$this->page_title = 'ACP_PHP_INFO';
-		
+
 		ob_start();
-		@phpinfo(INFO_GENERAL | INFO_CONFIGURATION | INFO_MODULES | INFO_VARIABLES);
+		phpinfo(INFO_GENERAL | INFO_CONFIGURATION | INFO_MODULES | INFO_VARIABLES);
 		$phpinfo = ob_get_clean();
 
 		$phpinfo = trim($phpinfo);

phpBB/includes/acp/acp_profile.php

@@ -509,6 +509,14 @@ class acp_profile
 						// Get the number of options if this key is 'field_maxlen'
 						$var = request_var('field_default_value', 0);
 					}*/
+					else if ($field_type == FIELD_INT && $key == 'field_default_value')
+					{
+						// Permit an empty string
+						if (request_var('field_default_value', '') === '')
+						{
+							$var = '';
+						}
+					}
 
 					$cp->vars[$key] = $var;
 				}
@@ -1472,6 +1480,7 @@ class acp_profile
 
 			case 'mssql':
 			case 'mssql_odbc':
+			case 'mssqlnative':
 
 				// We are defining the biggest common value, because of the possibility to edit the min/max values of each field.
 				$sql = 'ALTER TABLE [' . PROFILE_FIELDS_DATA_TABLE . "] ADD [$field_ident] ";

phpBB/includes/acp/acp_prune.php

@@ -315,8 +315,8 @@ class acp_prune
 					'mode'			=> $mode,
 					'prune'			=> 1,
 
-					'users'			=> request_var('users', '', true),
-					'username'		=> request_var('username', '', true),
+					'users'			=> utf8_normalize_nfc(request_var('users', '', true)),
+					'username'		=> utf8_normalize_nfc(request_var('username', '', true)),
 					'email'			=> request_var('email', ''),
 					'joined_select'	=> request_var('joined_select', ''),
 					'joined'		=> request_var('joined', ''),
@@ -369,7 +369,7 @@ class acp_prune
 	{
 		global $user, $db;
 
-		$users = request_var('users', '', true);
+		$users = utf8_normalize_nfc(request_var('users', '', true));
 		
 		if ($users)
 		{
@@ -378,7 +378,7 @@ class acp_prune
 		}
 		else
 		{
-			$username = request_var('username', '', true);
+			$username = utf8_normalize_nfc(request_var('username', '', true));
 			$email = request_var('email', '');
 
 			$joined_select = request_var('joined_select', 'lt');

phpBB/includes/acp/acp_reasons.php

@@ -233,6 +233,7 @@ class acp_reasons
 						// Standard? What's that?
 						case 'mssql':
 						case 'mssql_odbc':
+						case 'mssqlnative':
 							// Change the reports using this reason to 'other'
 							$sql = "DECLARE @ptrval binary(16)
 

phpBB/includes/acp/acp_styles.php

@@ -643,8 +643,13 @@ parse_css_file = {PARSE_CSS_FILE}
 		{
 			while (($file = readdir($dp)) !== false)
 			{
+				if ($file[0] == '.' || !is_dir($phpbb_root_path . 'styles/' . $file))
+				{
+					continue;
+				}
+
 				$subpath = ($mode != 'style') ? "$mode/" : '';
-				if ($file[0] != '.' && file_exists("{$phpbb_root_path}styles/$file/$subpath$mode.cfg"))
+				if (file_exists("{$phpbb_root_path}styles/$file/$subpath$mode.cfg"))
 				{
 					if ($cfg = file("{$phpbb_root_path}styles/$file/$subpath$mode.cfg"))
 					{
@@ -743,7 +748,7 @@ parse_css_file = {PARSE_CSS_FILE}
 			$additional = '';
 
 			// If the template is stored on the filesystem try to write the file else store it in the database
-			if (!$safe_mode && !$template_info['template_storedb'] && file_exists($file) && @is_writable($file))
+			if (!$safe_mode && !$template_info['template_storedb'] && file_exists($file) && phpbb_is_writable($file))
 			{
 				if (!($fp = @fopen($file, 'wb')))
 				{
@@ -1150,7 +1155,7 @@ parse_css_file = {PARSE_CSS_FILE}
 			$message = $user->lang['THEME_UPDATED'];
 
 			// If the theme is stored on the filesystem try to write the file else store it in the database
-			if (!$safe_mode && !$theme_info['theme_storedb'] && file_exists($file) && @is_writable($file))
+			if (!$safe_mode && !$theme_info['theme_storedb'] && file_exists($file) && phpbb_is_writable($file))
 			{
 				if (!($fp = @fopen($file, 'wb')))
 				{
@@ -2035,23 +2040,18 @@ parse_css_file = {PARSE_CSS_FILE}
 			{
 				case 'tar':
 					$ext = '.tar';
-					$mimetype = 'x-tar';
-					$compress = 'compress_tar';
 				break;
 
 				case 'zip':
 					$ext = '.zip';
-					$mimetype = 'zip';
 				break;
 
 				case 'tar.gz':
 					$ext = '.tar.gz';
-					$mimetype = 'x-gzip';
 				break;
 
 				case 'tar.bz2':
 					$ext = '.tar.bz2';
-					$mimetype = 'x-bzip2';
 				break;
 
 				default:
@@ -2241,7 +2241,7 @@ parse_css_file = {PARSE_CSS_FILE}
 			{
 				// a rather elaborate check we have to do here once to avoid trouble later
 				$check = "{$phpbb_root_path}styles/" . $style_row["{$mode}_path"] . (($mode === 'theme') ? '/theme/stylesheet.css' : '/template');
-				if (($style_row["{$mode}_storedb"] != $store_db) && !$store_db && ($safe_mode || !@is_writable($check)))
+				if (($style_row["{$mode}_storedb"] != $store_db) && !$store_db && ($safe_mode || !phpbb_is_writable($check)))
 				{
 					$error[] = $user->lang['EDIT_' . strtoupper($mode) . '_STORED_DB'];
 					$store_db = 1;
@@ -2321,7 +2321,7 @@ parse_css_file = {PARSE_CSS_FILE}
 						{
 							$theme_data = $this->db_theme_data($style_row);
 						}
-						else if (!$store_db && !$safe_mode && @is_writable("{$phpbb_root_path}styles/{$style_row['theme_path']}/theme/stylesheet.css"))
+						else if (!$store_db && !$safe_mode && phpbb_is_writable("{$phpbb_root_path}styles/{$style_row['theme_path']}/theme/stylesheet.css"))
 						{
 							$store_db = 1;
 							$theme_data = $style_row['theme_data'];
@@ -2352,7 +2352,7 @@ parse_css_file = {PARSE_CSS_FILE}
 						}
 						else
 						{
-							if (!$store_db && !$safe_mode && @is_writable("{$phpbb_root_path}styles/{$style_row['template_path']}/template"))
+							if (!$store_db && !$safe_mode && phpbb_is_writable("{$phpbb_root_path}styles/{$style_row['template_path']}/template"))
 							{
 								$err = $this->store_in_fs('template', $style_row['template_id']);
 								if ($err)
@@ -2526,13 +2526,21 @@ parse_css_file = {PARSE_CSS_FILE}
 
 		// Match CSS imports
 		$matches = array();
-		preg_match_all('/@import url\(["\'](.*)["\']\);/i', $stylesheet, $matches);
+		preg_match_all('/@import url\((["\'])(.*)\1\);/i', $stylesheet, $matches);
+
+		// remove commented stylesheets (very simple parser, allows only whitespace
+		// around an @import statement)
+		preg_match_all('#/\*\s*@import url\((["\'])(.*)\1\);\s\*/#i', $stylesheet, $commented);
+		$matches[2] = array_diff($matches[2], $commented[2]);
 
 		if (sizeof($matches))
 		{
 			foreach ($matches[0] as $idx => $match)
 			{
-				$stylesheet = str_replace($match, acp_styles::load_css_file($theme_row['theme_path'], $matches[1][$idx]), $stylesheet);
+				if (isset($matches[2][$idx]))
+				{
+					$stylesheet = str_replace($match, acp_styles::load_css_file($theme_row['theme_path'], $matches[2][$idx]), $stylesheet);
+				}
 			}
 		}
 
@@ -3723,7 +3731,7 @@ parse_css_file = {PARSE_CSS_FILE}
 
 		$store_db = 0;
 		$error = array();
-		if (!$safe_mode && @is_writable("{$phpbb_root_path}styles/{$path}/template"))
+		if (!$safe_mode && phpbb_is_writable("{$phpbb_root_path}styles/{$path}/template"))
 		{
 			$sql = 'SELECT *
 					FROM ' . STYLES_TEMPLATE_DATA_TABLE . "

phpBB/includes/acp/acp_update.php

@@ -39,12 +39,26 @@ class acp_update
 
 		$info = obtain_latest_version_info(request_var('versioncheck_force', false), true);
 
+		if ($info === false)
+		{
+			trigger_error('VERSIONCHECK_FAIL', E_USER_WARNING);
+		}
+
 		$info = explode("\n", $info);
 		$latest_version = trim($info[0]);
 
 		$announcement_url = trim($info[1]);
+		$announcement_url = (strpos($announcement_url, '&') === false) ? str_replace('&', '&', $announcement_url) : $announcement_url;
 		$update_link = append_sid($phpbb_root_path . 'install/index.' . $phpEx, 'mode=update');
 
+		// next feature release
+		$next_feature_version = $next_feature_announcement_url = false;
+		if (isset($info[2]) && trim($info[2]) !== '')
+		{
+			$next_feature_version = trim($info[2]);
+			$next_feature_announcement_url = trim($info[3]);
+		}
+
 		// Determine automatic update...
 		$sql = 'SELECT config_value
 			FROM ' . CONFIG_TABLE . "
@@ -68,8 +82,10 @@ class acp_update
 			'LATEST_VERSION'	=> $latest_version,
 			'CURRENT_VERSION'	=> $config['version'],
 			'AUTO_VERSION'		=> $version_update_from,
+			'NEXT_FEATURE_VERSION'	=> $next_feature_version,
 
 			'UPDATE_INSTRUCTIONS'	=> sprintf($user->lang['UPDATE_INSTRUCTIONS'], $announcement_url, $update_link),
+			'UPGRADE_INSTRUCTIONS'	=> $next_feature_version ? $user->lang('UPGRADE_INSTRUCTIONS', $next_feature_version, $next_feature_announcement_url) : false,
 		));
 	}
 }

phpBB/includes/acp/acp_users.php

@@ -105,7 +105,7 @@ class acp_users
 				LEFT JOIN ' . SESSIONS_TABLE . ' s ON (s.session_user_id = u.user_id)
 			WHERE u.user_id = ' . $user_id . '
 			ORDER BY s.session_time DESC';
-		$result = $db->sql_query($sql);
+		$result = $db->sql_query_limit($sql, 1);
 		$user_row = $db->sql_fetchrow($result);
 		$db->sql_freeresult($result);
 
@@ -191,24 +191,31 @@ class acp_users
 							trigger_error($user->lang['CANNOT_REMOVE_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
 						}
 
-						if (confirm_box(true))
+						if ($delete_type)
 						{
-							user_delete($delete_type, $user_id, $user_row['username']);
+							if (confirm_box(true))
+							{
+								user_delete($delete_type, $user_id, $user_row['username']);
 
-							add_log('admin', 'LOG_USER_DELETED', $user_row['username']);
-							trigger_error($user->lang['USER_DELETED'] . adm_back_link($this->u_action));
+								add_log('admin', 'LOG_USER_DELETED', $user_row['username']);
+								trigger_error($user->lang['USER_DELETED'] . adm_back_link($this->u_action));
+							}
+							else
+							{
+								confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
+									'u'				=> $user_id,
+									'i'				=> $id,
+									'mode'			=> $mode,
+									'action'		=> $action,
+									'update'		=> true,
+									'delete'		=> 1,
+									'delete_type'	=> $delete_type))
+								);
+							}
 						}
 						else
 						{
-							confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
-								'u'				=> $user_id,
-								'i'				=> $id,
-								'mode'			=> $mode,
-								'action'		=> $action,
-								'update'		=> true,
-								'delete'		=> 1,
-								'delete_type'	=> $delete_type))
-							);
+							trigger_error($user->lang['NO_MODE'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
 						}
 					}
 
@@ -224,6 +231,11 @@ class acp_users
 								trigger_error($user->lang['CANNOT_BAN_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
 							}
 
+							if ($user_id == ANONYMOUS)
+							{
+								trigger_error($user->lang['CANNOT_BAN_ANONYMOUS'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
+							}
+
 							if ($user_row['user_type'] == USER_FOUNDER)
 							{
 								trigger_error($user->lang['CANNOT_BAN_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
@@ -307,10 +319,7 @@ class acp_users
 
 								$server_url = generate_board_url();
 
-								$user_actkey = gen_rand_string(10);
-								$key_len = 54 - (strlen($server_url));
-								$key_len = ($key_len > 6) ? $key_len : 6;
-								$user_actkey = substr($user_actkey, 0, $key_len);
+								$user_actkey = gen_rand_string(mt_rand(6, 10));
 								$email_template = ($user_row['user_type'] == USER_NORMAL) ? 'user_reactivate_account' : 'user_resend_inactive';
 
 								if ($user_row['user_type'] == USER_NORMAL)
@@ -1023,7 +1032,7 @@ class acp_users
 					'U_WHOIS'		=> $this->u_action . "&action=whois&user_ip={$user_row['user_ip']}",
 					'U_MCP_QUEUE'	=> ($auth->acl_getf_global('m_approve')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue', true, $user->session_id) : '',
 
-					'U_SWITCH_PERMISSIONS'	=> ($auth->acl_get('a_switchperm') && $user->data['user_id'] != $user_row['user_id']) ? append_sid("{$phpbb_root_path}ucp.$phpEx", "mode=switch_perm&u={$user_row['user_id']}") : '',
+					'U_SWITCH_PERMISSIONS'	=> ($auth->acl_get('a_switchperm') && $user->data['user_id'] != $user_row['user_id']) ? append_sid("{$phpbb_root_path}ucp.$phpEx", "mode=switch_perm&u={$user_row['user_id']}&hash=" . generate_link_hash('switchperm')) : '',
 
 					'POSTS_IN_QUEUE'	=> $user_row['posts_in_queue'],
 					'USER'				=> $user_row['username'],
@@ -1167,13 +1176,7 @@ class acp_users
 						$deleteall = request_var('delall', 0);
 						if ($deletemark && $marked)
 						{
-							$sql_in = array();
-							foreach ($marked as $mark)
-							{
-								$sql_in[] = $mark;
-							}
-							$where_sql = ' AND ' . $db->sql_in_set('warning_id', $sql_in);
-							unset($sql_in);
+							$where_sql = ' AND ' . $db->sql_in_set('warning_id', array_values($marked));
 						}
 
 						if ($where_sql || $deleteall)
@@ -1291,7 +1294,6 @@ class acp_users
 
 				$template->assign_vars(array(
 					'S_WARNINGS'	=> true,
-					'S_CLEARLOGS'	=> $auth->acl_get('a_clearlogs'),
 				));
 
 			break;
@@ -1423,7 +1425,7 @@ class acp_users
 
 				$now = getdate();
 				$s_birthday_year_options = '<option value="0"' . ((!$data['bday_year']) ? ' selected="selected"' : '') . '>--</option>';
-				for ($i = $now['year'] - 100; $i < $now['year']; $i++)
+				for ($i = $now['year'] - 100; $i <= $now['year']; $i++)
 				{
 					$selected = ($i == $data['bday_year']) ? ' selected="selected"' : '';
 					$s_birthday_year_options .= "<option value=\"$i\"$selected>$i</option>";
@@ -1557,6 +1559,31 @@ class acp_users
 							WHERE user_id = $user_id";
 						$db->sql_query($sql);
 
+						// Check if user has an active session
+						if ($user_row['session_id'])
+						{
+							// We'll update the session if user_allow_viewonline has changed and the user is a bot
+							// Or if it's a regular user and the admin set it to hide the session
+							if ($user_row['user_allow_viewonline'] != $sql_ary['user_allow_viewonline'] && $user_row['user_type'] == USER_IGNORE
+								|| $user_row['user_allow_viewonline'] && !$sql_ary['user_allow_viewonline'])
+							{
+								// We also need to check if the user has the permission to cloak.
+								$user_auth = new auth();
+								$user_auth->acl($user_row);
+
+								$session_sql_ary = array(
+									'session_viewonline'	=> ($user_auth->acl_get('u_hideonline')) ? $sql_ary['user_allow_viewonline'] : true,
+								);
+
+								$sql = 'UPDATE ' . SESSIONS_TABLE . '
+									SET ' . $db->sql_build_array('UPDATE', $session_sql_ary) . "
+									WHERE session_user_id = $user_id";
+								$db->sql_query($sql);
+
+								unset($user_auth);
+							}
+						}
+
 						trigger_error($user->lang['USER_PREFS_UPDATED'] . adm_back_link($this->u_action . '&amp;u=' . $user_id));
 					}
 
@@ -1671,7 +1698,7 @@ class acp_users
 				include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
 				include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
 
-				$can_upload = (file_exists($phpbb_root_path . $config['avatar_path']) && @is_writable($phpbb_root_path . $config['avatar_path']) && $file_uploads) ? true : false;
+				$can_upload = (file_exists($phpbb_root_path . $config['avatar_path']) && phpbb_is_writable($phpbb_root_path . $config['avatar_path']) && $file_uploads) ? true : false;
 
 				if ($submit)
 				{
@@ -1681,7 +1708,7 @@ class acp_users
 							trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&amp;u=' . $user_id), E_USER_WARNING);
 					}
 
-					if (avatar_process_user($error, $user_row))
+					if (avatar_process_user($error, $user_row, $can_upload))
 					{
 						trigger_error($user->lang['USER_AVATAR_UPDATED'] . adm_back_link($this->u_action . '&amp;u=' . $user_row['user_id']));
 					}
@@ -1715,6 +1742,7 @@ class acp_users
 
 				$template->assign_vars(array(
 					'S_AVATAR'			=> true,
+					'S_CAN_UPLOAD'		=> $can_upload,
 					'S_UPLOAD_FILE'		=> ($config['allow_avatar'] && $can_upload && $config['allow_avatar_upload']) ? true : false,
 					'S_REMOTE_UPLOAD'	=> ($config['allow_avatar'] && $can_upload && $config['allow_avatar_remote_upload']) ? true : false,
 					'S_ALLOW_REMOTE'	=> ($config['allow_avatar'] && $config['allow_avatar_remote']) ? true : false,
@@ -2090,7 +2118,7 @@ class acp_users
 									LEFT JOIN ' . SESSIONS_TABLE . ' s ON (s.session_user_id = u.user_id)
 								WHERE u.user_id = ' . $user_id . '
 								ORDER BY s.session_time DESC';
-							$result = $db->sql_query($sql);
+							$result = $db->sql_query_limit($sql, 1);
 							$user_row = $db->sql_fetchrow($result);
 							$db->sql_freeresult($result);
 						}

phpBB/includes/acp/info/acp_board.php

@@ -24,7 +24,7 @@ class acp_board_info
 				'features'		=> array('title' => 'ACP_BOARD_FEATURES', 'auth' => 'acl_a_board', 'cat' => array('ACP_BOARD_CONFIGURATION')),
 				'avatar'		=> array('title' => 'ACP_AVATAR_SETTINGS', 'auth' => 'acl_a_board', 'cat' => array('ACP_BOARD_CONFIGURATION')),
 				'message'		=> array('title' => 'ACP_MESSAGE_SETTINGS', 'auth' => 'acl_a_board', 'cat' => array('ACP_BOARD_CONFIGURATION', 'ACP_MESSAGES')),
-				'post'			=> array('title' => 'ACP_POST_SETTINGS', 'auth' => 'acl_a_board', 'cat' => array('ACP_BOARD_CONFIGURATION')),
+				'post'			=> array('title' => 'ACP_POST_SETTINGS', 'auth' => 'acl_a_board', 'cat' => array('ACP_BOARD_CONFIGURATION', 'ACP_MESSAGES')),
 				'signature'		=> array('title' => 'ACP_SIGNATURE_SETTINGS', 'auth' => 'acl_a_board', 'cat' => array('ACP_BOARD_CONFIGURATION')),
 				'feed'			=> array('title' => 'ACP_FEED_SETTINGS', 'auth' => 'acl_a_board', 'cat' => array('ACP_BOARD_CONFIGURATION')),
 				'registration'	=> array('title' => 'ACP_REGISTER_SETTINGS', 'auth' => 'acl_a_board', 'cat' => array('ACP_BOARD_CONFIGURATION')),

phpBB/includes/auth/auth_db.php

@@ -62,15 +62,23 @@ function login_db(&$username, &$password)
 			'user_row'	=> array('user_id' => ANONYMOUS),
 		);
 	}
+	$show_captcha = $config['max_login_attempts'] && $row['user_login_attempts'] >= $config['max_login_attempts'];
 
 	// If there are too much login attempts, we need to check for an confirm image
 	// Every auth module is able to define what to do by itself...
-	if ($config['max_login_attempts'] && $row['user_login_attempts'] >= $config['max_login_attempts'])
+	if ($show_captcha)
 	{
-		$confirm_id = request_var('confirm_id', '');
-
 		// Visual Confirmation handling
-		if (!$confirm_id)
+		if (!class_exists('phpbb_captcha_factory'))
+		{
+			global $phpbb_root_path, $phpEx;
+			include ($phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx);
+		}
+
+		$captcha =& phpbb_captcha_factory::get_instance($config['captcha_plugin']);
+		$captcha->init(CONFIRM_LOGIN);
+		$vc_response = $captcha->validate($row);
+		if ($vc_response)
 		{
 			return array(
 				'status'		=> LOGIN_ERROR_ATTEMPTS,
@@ -80,19 +88,9 @@ function login_db(&$username, &$password)
 		}
 		else
 		{
-			$captcha =& phpbb_captcha_factory::get_instance($config['captcha_plugin']);
-			$captcha->init(CONFIRM_LOGIN);
-			$vc_response = $captcha->validate();
-
-			if ($vc_response)
-			{
-				return array(
-					'status'		=> LOGIN_ERROR_ATTEMPTS,
-					'error_msg'		=> 'LOGIN_ERROR_ATTEMPTS',
-					'user_row'		=> $row,
-				);
-			}
+			$captcha->reset();
 		}
+		
 	}
 
 	// If the password convert flag is set we need to convert it
@@ -136,7 +134,8 @@ function login_db(&$username, &$password)
 				// increase login attempt count to make sure this cannot be exploited
 				$sql = 'UPDATE ' . USERS_TABLE . '
 					SET user_login_attempts = user_login_attempts + 1
-					WHERE user_id = ' . $row['user_id'];
+					WHERE user_id = ' . (int) $row['user_id'] . '
+						AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX;
 				$db->sql_query($sql);
 
 				return array(
@@ -196,13 +195,14 @@ function login_db(&$username, &$password)
 	// Password incorrect - increase login attempts
 	$sql = 'UPDATE ' . USERS_TABLE . '
 		SET user_login_attempts = user_login_attempts + 1
-		WHERE user_id = ' . $row['user_id'];
+		WHERE user_id = ' . (int) $row['user_id'] . '
+			AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX;
 	$db->sql_query($sql);
 
 	// Give status about wrong password...
 	return array(
-		'status'		=> LOGIN_ERROR_PASSWORD,
-		'error_msg'		=> 'LOGIN_ERROR_PASSWORD',
+		'status'		=> ($show_captcha) ? LOGIN_ERROR_ATTEMPTS : LOGIN_ERROR_PASSWORD,
+		'error_msg'		=> ($show_captcha) ? 'LOGIN_ERROR_ATTEMPTS' : 'LOGIN_ERROR_PASSWORD',
 		'user_row'		=> $row,
 	);
 }

phpBB/includes/auth/auth_ldap.php

@@ -74,7 +74,7 @@ function init_ldap()
 
 	if ($search === false)
 	{
-		return $user->lang['LDAP_NO_SERVER_CONNECTION'];
+		return $user->lang['LDAP_SEARCH_FAILED'];
 	}
 
 	$result = @ldap_get_entries($ldap, $search);

phpBB/includes/bbcode.php

@@ -128,7 +128,7 @@ class bbcode
 	*/
 	function bbcode_cache_init()
 	{
-		global $user, $phpbb_root_path;
+		global $phpbb_root_path, $template, $user;
 
 		if (empty($this->template_filename))
 		{
@@ -360,7 +360,7 @@ class bbcode
 								// In order to use templates with custom bbcodes we need
 								// to replace all {VARS} to corresponding backreferences
 								// Note that backreferences are numbered from bbcode_match
-								if (preg_match_all('/\{(URL|LOCAL_URL|EMAIL|TEXT|SIMPLETEXT|IDENTIFIER|COLOR|NUMBER)[0-9]*\}/', $rowset[$bbcode_id]['bbcode_match'], $m))
+								if (preg_match_all('/\{(URL|LOCAL_URL|EMAIL|TEXT|SIMPLETEXT|INTTEXT|IDENTIFIER|COLOR|NUMBER)[0-9]*\}/', $rowset[$bbcode_id]['bbcode_match'], $m))
 								{
 									foreach ($m[0] as $i => $tok)
 									{

phpBB/includes/cache.php

@@ -82,11 +82,20 @@ class cache extends acm
 			$result = $db->sql_query($sql);
 
 			$censors = array();
+			$unicode = ((version_compare(PHP_VERSION, '5.1.0', '>=') || (version_compare(PHP_VERSION, '5.0.0-dev', '<=') && version_compare(PHP_VERSION, '4.4.0', '>='))) && @preg_match('/\p{L}/u', 'a') !== false) ? true : false;
+
 			while ($row = $db->sql_fetchrow($result))
 			{
-				if ((version_compare(PHP_VERSION, '5.1.0', '>=') || (version_compare(PHP_VERSION, '5.0.0-dev', '<=') && version_compare(PHP_VERSION, '4.4.0', '>='))) && @preg_match('/\p{L}/u', 'a') !== false)
+				if ($unicode)
 				{
-					$censors['match'][] = '#(?<![\p{Nd}\p{L}_])(' . str_replace('\*', '[\p{Nd}\p{L}_]*?', preg_quote($row['word'], '#')) . ')(?![\p{Nd}\p{L}_])#u';
+					// Unescape the asterisk to simplify further conversions
+					$row['word'] = str_replace('\*', '*', preg_quote($row['word'], '#'));
+					
+					// Replace the asterisk inside the pattern, at the start and at the end of it with regexes
+					$row['word'] = preg_replace(array('#(?<=[\p{Nd}\p{L}_])\*(?=[\p{Nd}\p{L}_])#iu', '#^\*#', '#\*$#'), array('([\x20]*?|[\p{Nd}\p{L}_-]*?)', '[\p{Nd}\p{L}_-]*?', '[\p{Nd}\p{L}_-]*?'), $row['word']);
+
+					// Generate the final substitution
+					$censors['match'][] = '#(?<![\p{Nd}\p{L}_-])(' . $row['word'] . ')(?![\p{Nd}\p{L}_-])#iu';
 				}
 				else
 				{
@@ -297,6 +306,7 @@ class cache extends acm
 			{
 				case 'mssql':
 				case 'mssql_odbc':
+				case 'mssqlnative':
 					$sql = 'SELECT user_id, bot_agent, bot_ip
 						FROM ' . BOTS_TABLE . '
 						WHERE bot_active = 1

phpBB/includes/captcha/captcha_factory.php

@@ -35,7 +35,7 @@ class phpbb_captcha_factory
 		{
 			include($phpbb_root_path . "includes/captcha/plugins/{$name}_plugin." . $phpEx);
 		}
-		$instance =& call_user_func(array($name, 'get_instance'));
+		$instance = call_user_func(array($name, 'get_instance'));
 		return $instance;
 	}
 

phpBB/includes/captcha/plugins/captcha_abstract.php

@@ -59,7 +59,7 @@ class phpbb_default_captcha
 	{
 		global $user;
 
-		$this->code = gen_rand_string(mt_rand(CAPTCHA_MIN_CHARS, CAPTCHA_MAX_CHARS));
+		$this->code = gen_rand_string_friendly(mt_rand(CAPTCHA_MIN_CHARS, CAPTCHA_MAX_CHARS));
 		$this->seed = hexdec(substr(unique_id(), 4, 10));
 
 		// compute $seed % 0x7fffffff
@@ -193,6 +193,11 @@ class phpbb_default_captcha
 	{
 		global $config, $db, $user;
 
+		if (empty($user->lang))
+		{
+			$user->setup();
+		}
+
 		$error = '';
 		if (!$this->confirm_id)
 		{
@@ -230,7 +235,7 @@ class phpbb_default_captcha
 	{
 		global $db, $user;
 
-		$this->code = gen_rand_string(mt_rand(CAPTCHA_MIN_CHARS, CAPTCHA_MAX_CHARS));
+		$this->code = gen_rand_string_friendly(mt_rand(CAPTCHA_MIN_CHARS, CAPTCHA_MAX_CHARS));
 		$this->confirm_id = md5(unique_id($user->ip));
 		$this->seed = hexdec(substr(unique_id(), 4, 10));
 		$this->solved = 0;
@@ -254,7 +259,7 @@ class phpbb_default_captcha
 	{
 		global $db, $user;
 
-		$this->code = gen_rand_string(mt_rand(CAPTCHA_MIN_CHARS, CAPTCHA_MAX_CHARS));
+		$this->code = gen_rand_string_friendly(mt_rand(CAPTCHA_MIN_CHARS, CAPTCHA_MAX_CHARS));
 		$this->seed = hexdec(substr(unique_id(), 4, 10));
 		$this->solved = 0;
 		// compute $seed % 0x7fffffff
@@ -276,7 +281,7 @@ class phpbb_default_captcha
 	{
 		global $db, $user;
 
-		$this->code = gen_rand_string(mt_rand(CAPTCHA_MIN_CHARS, CAPTCHA_MAX_CHARS));
+		$this->code = gen_rand_string_friendly(mt_rand(CAPTCHA_MIN_CHARS, CAPTCHA_MAX_CHARS));
 		$this->seed = hexdec(substr(unique_id(), 4, 10));
 		$this->solved = 0;
 		// compute $seed % 0x7fffffff

phpBB/includes/captcha/plugins/phpbb_captcha_gd_plugin.php

@@ -80,7 +80,7 @@ class phpbb_captcha_gd extends phpbb_default_captcha
 	{
 		return true;
 	}
-	
+
 	function get_name()
 	{
 		return 'CAPTCHA_GD';
@@ -123,6 +123,8 @@ class phpbb_captcha_gd extends phpbb_default_captcha
 					set_config($captcha_var, $value);
 				}
 			}
+
+			add_log('admin', 'LOG_CONFIG_VISUAL');
 			trigger_error($user->lang['CONFIG_UPDATED'] . adm_back_link($module->u_action));
 		}
 		else if ($submit)
@@ -148,7 +150,7 @@ class phpbb_captcha_gd extends phpbb_default_captcha
 	function execute_demo()
 	{
 		global $config;
-		
+
 		$config_old = $config;
 		foreach ($this->captcha_vars as $captcha_var => $template_var)
 		{

phpBB/includes/captcha/plugins/phpbb_captcha_qa_plugin.php

@@ -53,16 +53,16 @@ class phpbb_captcha_qa
 
 		// read input
 		$this->confirm_id = request_var('qa_confirm_id', '');
-		$this->answer = request_var('qa_answer', '', true);
+		$this->answer = utf8_normalize_nfc(request_var('qa_answer', '', true));
 
 		$this->type = (int) $type;
-		$this->question_lang = $user->data['user_lang'];
+		$this->question_lang = $user->lang_name;
 
 		// we need all defined questions - shouldn't be too many, so we can just grab them
 		// try the user's lang first
 		$sql = 'SELECT question_id
 			FROM ' . CAPTCHA_QUESTIONS_TABLE . "
-			WHERE lang_iso = '" . $db->sql_escape($user->data['user_lang']) . "'";
+			WHERE lang_iso = '" . $db->sql_escape($user->lang_name) . "'";
 		$result = $db->sql_query($sql, 3600);
 
 		while ($row = $db->sql_fetchrow($result))
@@ -87,9 +87,9 @@ class phpbb_captcha_qa
 			}
 			$db->sql_freeresult($result);
 		}
-
-		// okay, if there is a confirm_id, we try to load that confirm's state
-		if (!strlen($this->confirm_id) || !$this->load_answer())
+	
+		// okay, if there is a confirm_id, we try to load that confirm's state. If not, we try to find one
+		if (!$this->load_answer() && (!$this->load_confirm_id() || !$this->load_answer()))
 		{
 			// we have no valid confirm ID, better get ready to ask something
 			$this->select_question();
@@ -137,14 +137,14 @@ class phpbb_captcha_qa
 			return false;
 		}
 
-		$sql = 'SELECT COUNT(question_id) as count
+		$sql = 'SELECT COUNT(question_id) AS question_count
 			FROM ' . CAPTCHA_QUESTIONS_TABLE . "
 			WHERE lang_iso = '" . $db->sql_escape($config['default_lang']) . "'";
 		$result = $db->sql_query($sql);
 		$row = $db->sql_fetchrow($result);
 		$db->sql_freeresult($result);
 
-		return ((bool) $row['count']);
+		return ((bool) $row['question_count']);
 	}
 
 	/**
@@ -214,6 +214,22 @@ class phpbb_captcha_qa
 	*/
 	function get_demo_template()
 	{
+		global $config, $db, $template;
+
+		if ($this->is_available())
+		{
+			$sql = 'SELECT question_text
+				FROM ' . CAPTCHA_QUESTIONS_TABLE . "
+				WHERE lang_iso = '" . $db->sql_escape($config['default_lang']) . "'";
+			$result = $db->sql_query_limit($sql, 1);
+			if ($row = $db->sql_fetchrow($result))
+			{
+				$template->assign_vars(array(
+					'QA_CONFIRM_QUESTION'		=> $row['question_text'],
+				));
+			}
+			$db->sql_freeresult($result);
+		}
 		return 'captcha_qa_acp_demo.html';
 	}
 
@@ -237,11 +253,11 @@ class phpbb_captcha_qa
 	/**
 	*  API function
 	*/
-	function garbage_collect($type)
+	function garbage_collect($type = 0)
 	{
 		global $db, $config;
 
-		$sql = 'SELECT DISTINCT c.session_id
+		$sql = 'SELECT c.confirm_id
 			FROM ' . CAPTCHA_QA_CONFIRM_TABLE . ' c
 			LEFT JOIN ' . SESSIONS_TABLE . ' s
 				ON (c.session_id = s.session_id)
@@ -255,14 +271,14 @@ class phpbb_captcha_qa
 
 			do
 			{
-				$sql_in[] = (string) $row['session_id'];
+				$sql_in[] = (string) $row['confirm_id'];
 			}
 			while ($row = $db->sql_fetchrow($result));
 
 			if (sizeof($sql_in))
 			{
 				$sql = 'DELETE FROM ' . CAPTCHA_QA_CONFIRM_TABLE . '
-					WHERE ' . $db->sql_in_set('session_id', $sql_in);
+					WHERE ' . $db->sql_in_set('confirm_id', $sql_in);
 				$db->sql_query($sql);
 			}
 		}
@@ -349,7 +365,12 @@ class phpbb_captcha_qa
 		global $config, $db, $user;
 
 		$error = '';
-
+		
+		if (!sizeof($this->question_ids))
+		{
+			return false;
+		}
+		
 		if (!$this->confirm_id)
 		{
 			$error = $user->lang['CONFIRM_QUESTION_WRONG'];
@@ -388,6 +409,10 @@ class phpbb_captcha_qa
 	{
 		global $db, $user;
 
+		if (!sizeof($this->question_ids))
+		{
+			return false;
+		}
 		$this->confirm_id = md5(unique_id($user->ip));
 		$this->question = (int) array_rand($this->question_ids);
 
@@ -409,6 +434,11 @@ class phpbb_captcha_qa
 	function reselect_question()
 	{
 		global $db, $user;
+		
+		if (!sizeof($this->question_ids))
+		{
+			return false;
+		}
 
 		$this->question = (int) array_rand($this->question_ids);
 		$this->solved = 0;
@@ -443,12 +473,43 @@ class phpbb_captcha_qa
 		$this->load_answer();
 	}
 
+
+	/**
+	* See if there is already an entry for the current session.
+	*/
+	function load_confirm_id()
+	{
+		global $db, $user;
+
+		$sql = 'SELECT confirm_id
+			FROM ' . CAPTCHA_QA_CONFIRM_TABLE . " 
+			WHERE 
+				session_id = '" . $db->sql_escape($user->session_id) . "'
+				AND lang_iso = '" . $db->sql_escape($this->question_lang) . "'
+				AND confirm_type = " . $this->type;
+		$result = $db->sql_query_limit($sql, 1);
+		$row = $db->sql_fetchrow($result);
+		$db->sql_freeresult($result);
+
+		if ($row)
+		{
+			$this->confirm_id = $row['confirm_id'];
+			return true;
+		}
+		return false;
+	}
+
 	/**
 	* Look up everything we need and populate the instance variables.
 	*/
 	function load_answer()
 	{
 		global $db, $user;
+		
+		if (!strlen($this->confirm_id) || !sizeof($this->question_ids))
+		{
+			return false;
+		}
 
 		$sql = 'SELECT con.question_id, attempts, question_text, strict
 			FROM ' . CAPTCHA_QA_CONFIRM_TABLE . ' con, ' . CAPTCHA_QUESTIONS_TABLE . " qes
@@ -482,7 +543,7 @@ class phpbb_captcha_qa
 	{
 		global $db;
 
-		$answer = ($this->question_strict) ? request_var('qa_answer', '', true) : utf8_clean_string(request_var('qa_answer', '', true));
+		$answer = ($this->question_strict) ? utf8_normalize_nfc(request_var('qa_answer', '', true)) : utf8_clean_string(utf8_normalize_nfc(request_var('qa_answer', '', true)));
 
 		$sql = 'SELECT answer_text
 			FROM ' . CAPTCHA_ANSWERS_TABLE . '
@@ -597,21 +658,28 @@ class phpbb_captcha_qa
 		}
 		else if ($question_id && $action == 'delete')
 		{
-			if (confirm_box(true))
+			if ($this->get_class_name() !== $config['captcha_plugin'] || !$this->acp_is_last($question_id))
 			{
-				$this->acp_delete_question($question_id);
+				if (confirm_box(true))
+				{
+					$this->acp_delete_question($question_id);
 
-				trigger_error($user->lang['QUESTION_DELETED'] . adm_back_link($list_url));
+					trigger_error($user->lang['QUESTION_DELETED'] . adm_back_link($list_url));
+				}
+				else
+				{
+					confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
+						'question_id'		=> $question_id,
+						'action'			=> $action,
+						'configure'			=> 1,
+						'select_captcha'	=> $this->get_class_name(),
+						))
+					);
+				}
 			}
 			else
 			{
-				confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
-					'question_id'		=> $question_id,
-					'action'			=> $action,
-					'configure'			=> 1,
-					'select_captcha'	=> $this->get_class_name(),
-					))
-				);
+				trigger_error($user->lang['QA_LAST_QUESTION'] . adm_back_link($list_url), E_USER_WARNING);
 			}
 		}
 		else
@@ -685,12 +753,13 @@ class phpbb_captcha_qa
 						$this->acp_add_question($data);
 					}
 
+					add_log('admin', 'LOG_CONFIG_VISUAL');
 					trigger_error($user->lang['CONFIG_UPDATED'] . adm_back_link($list_url));
 				}
 			}
 			else if ($submit)
 			{
-				trigger_error($user->lang['FORM_INVALID'] . adm_back_link($list_url));
+				trigger_error($user->lang['FORM_INVALID'] . adm_back_link($list_url), E_USER_WARNING);
 			}
 		}
 	}
@@ -768,11 +837,12 @@ class phpbb_captcha_qa
 	*/
 	function acp_get_question_input()
 	{
+		$answers = utf8_normalize_nfc(request_var('answers', '', true));
 		$question = array(
 			'question_text'	=> request_var('question_text', '', true),
 			'strict'		=> request_var('strict', false),
 			'lang_iso'		=> request_var('lang_iso', ''),
-			'answers'		=> explode("\n", request_var('answers', '', true)),
+			'answers'		=> (strlen($answers)) ? explode("\n", $answers) : '',
 		);
 
 		return $question;
@@ -887,8 +957,9 @@ class phpbb_captcha_qa
 		}
 
 		if (!isset($langs[$question_data['lang_iso']]) ||
-			!$question_data['question_text'] ||
-			!sizeof($question_data['answers']))
+			!strlen($question_data['question_text']) ||
+			!sizeof($question_data['answers']) ||
+			!is_array($question_data['answers']))
 		{
 			return false;
 		}
@@ -919,6 +990,33 @@ class phpbb_captcha_qa
 
 		return $langs;
 	}
+	
+	
+	
+	/**
+	*  See if there is a question other than the one we have
+	*/
+	function acp_is_last($question_id)
+	{
+		global $config, $db;
+
+		if ($question_id)
+		{
+			$sql = 'SELECT question_id
+				FROM ' . CAPTCHA_QUESTIONS_TABLE . "
+				WHERE lang_iso = '" . $db->sql_escape($config['default_lang']) . "'
+					AND  question_id <> " .  (int) $question_id;
+			$result = $db->sql_query_limit($sql, 1);
+			$question = $db->sql_fetchrow($result);
+			$db->sql_freeresult($result);
+
+			if (!$question)
+			{
+				return true;
+			}
+			return false;
+		}
+	}
 }
 
 ?>

phpBB/includes/captcha/plugins/phpbb_recaptcha_plugin.php

@@ -28,10 +28,17 @@ if (!class_exists('phpbb_default_captcha'))
 class phpbb_recaptcha extends phpbb_default_captcha
 {
 	var $recaptcha_server = 'http://api.recaptcha.net';
+	var $recaptcha_server_secure = 'https://api-secure.recaptcha.net'; // class constants :(
 	var $recaptcha_verify_server = 'api-verify.recaptcha.net';
 	var $challenge;
 	var $response;
 
+	// PHP4 Constructor
+	function phpbb_recaptcha()
+	{
+		$this->recaptcha_server = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? $this->recaptcha_server_secure : $this->recaptcha_server;
+	}
+
 	function init($type)
 	{
 		global $config, $db, $user;
@@ -100,6 +107,8 @@ class phpbb_recaptcha extends phpbb_default_captcha
 					set_config($captcha_var, $value);
 				}
 			}
+
+			add_log('admin', 'LOG_CONFIG_VISUAL');
 			trigger_error($user->lang['CONFIG_UPDATED'] . adm_back_link($module->u_action));
 		}
 		else if ($submit)
@@ -305,10 +314,7 @@ class phpbb_recaptcha extends phpbb_default_captcha
 		}
 		else
 		{
-			if ($answers[1] === 'incorrect-captcha-sol')
-			{
-				return $user->lang['RECAPTCHA_INCORRECT'];
-			}
+			return $user->lang['RECAPTCHA_INCORRECT'];
 		}
 	}
 

phpBB/includes/constants.php

@@ -25,7 +25,7 @@ if (!defined('IN_PHPBB'))
 */
 
 // phpBB Version
-define('PHPBB_VERSION', '3.0.6-RC1');
+define('PHPBB_VERSION', '3.0.8');
 
 // QA-related
 // define('PHPBB_QA', 1);
@@ -69,6 +69,10 @@ define('LOGIN_ERROR_ATTEMPTS', 13);
 define('LOGIN_ERROR_EXTERNAL_AUTH', 14);
 define('LOGIN_ERROR_PASSWORD_CONVERT', 15);
 
+// Maximum login attempts
+// The value is arbitrary, but it has to fit into the user_login_attempts field.
+define('LOGIN_ATTEMPTS_MAX', 100);
+
 // Group settings
 define('GROUP_OPEN', 0);
 define('GROUP_CLOSED', 1);
@@ -117,6 +121,10 @@ define('NOTIFY_EMAIL', 0);
 define('NOTIFY_IM', 1);
 define('NOTIFY_BOTH', 2);
 
+// Notify status
+define('NOTIFY_YES', 0);
+define('NOTIFY_NO', 1);
+
 // Email Priority Settings
 define('MAIL_LOW_PRIORITY', 4);
 define('MAIL_NORMAL_PRIORITY', 3);