Merge commit 'release-3.0.1-RC1'

phpBB/adm/index.php

@@ -45,8 +45,8 @@ define('IN_ADMIN', true);
 $phpbb_admin_path = (defined('PHPBB_ADMIN_PATH')) ? PHPBB_ADMIN_PATH : './';
 
 // Some oft used variables
-$safe_mode		= (@ini_get('safe_mode') || @strtolower(ini_get('safe_mode')) == 'on') ? true : false;
+$safe_mode		= (@ini_get('safe_mode') == '1' || @strtolower(ini_get('safe_mode')) === 'on') ? true : false;
-$file_uploads	= (@ini_get('file_uploads') || strtolower(@ini_get('file_uploads')) == 'on') ? true : false;
+$file_uploads	= (@ini_get('file_uploads') == '1' || strtolower(@ini_get('file_uploads')) === 'on') ? true : false;
 $module_id		= request_var('i', '');
 $mode			= request_var('mode', '');
 
@@ -184,7 +184,7 @@ function adm_page_footer($copyright_html = true)
 				{
 					global $base_memory_usage;
 					$memory_usage -= $base_memory_usage;
-					$memory_usage = ($memory_usage >= 1048576) ? round((round($memory_usage / 1048576 * 100) / 100), 2) . ' ' . $user->lang['MB'] : (($memory_usage >= 1024) ? round((round($memory_usage / 1024 * 100) / 100), 2) . ' ' . $user->lang['KB'] : $memory_usage . ' ' . $user->lang['BYTES']);
+					$memory_usage = get_formatted_filesize($memory_usage);
 
 					$debug_output .= ' | Memory Usage: ' . $memory_usage;
 				}
@@ -367,11 +367,15 @@ function build_cfg_template($tpl_type, $key, &$new, $config_key, $vars)
 }
 
 /**
-* Going through a config array and validate values, writing errors to $error.
+* Going through a config array and validate values, writing errors to $error. The validation method  accepts parameters separated by ':' for string and int.
+* The first parameter defines the type to be used, the second the lower bound and the third the upper bound. Only the type is required.
 */
 function validate_config_vars($config_vars, &$cfg_array, &$error)
 {
 	global $phpbb_root_path, $user;
+	$type	= 0;
+	$min	= 1;
+	$max	= 2;
 	
 	foreach ($config_vars as $config_name => $config_definition)
 	{
@@ -385,15 +389,42 @@ function validate_config_vars($config_vars, &$cfg_array, &$error)
 			continue;
 		}
 		
-		// Validate a bit. ;) String is already checked through request_var(), therefore we do not check this again
+		$validator = explode(':', $config_definition['validate']);
-		switch ($config_definition['validate'])
+
+		// Validate a bit. ;) (0 = type, 1 = min, 2= max)
+		switch ($validator[$type])
 		{
+			case 'string':
+				$length = strlen($cfg_array[$config_name]);
+
+				// the column is a VARCHAR
+				$validator[$max] = (isset($validator[$max])) ? min(255, $validator[$max]) : 255;
+
+				if (isset($validator[$min]) && $length < $validator[$min])
+				{
+					$error[] = sprintf($user->lang['SETTING_TOO_SHORT'], $user->lang[$config_definition['lang']], $validator[$min]);
+				}
+				else if (isset($validator[$max]) && $length > $validator[2])
+				{
+					$error[] = sprintf($user->lang['SETTING_TOO_LONG'], $user->lang[$config_definition['lang']], $validator[$max]);
+				}
+			break;
+
 			case 'bool':
 				$cfg_array[$config_name] = ($cfg_array[$config_name]) ? 1 : 0;
 			break;
 
 			case 'int':
 				$cfg_array[$config_name] = (int) $cfg_array[$config_name];
+
+				if (isset($validator[$min]) && $cfg_array[$config_name] < $validator[$min])
+				{
+					$error[] = sprintf($user->lang['SETTING_TOO_LOW'], $user->lang[$config_definition['lang']], $validator[$min]);
+				}
+				else if (isset($validator[$max]) && $cfg_array[$config_name] > $validator[$max])
+				{
+					$error[] = sprintf($user->lang['SETTING_TOO_BIG'], $user->lang[$config_definition['lang']], $validator[$max]);
+				}
 			break;
 
 			// Absolute path
@@ -508,4 +539,62 @@ function validate_config_vars($config_vars, &$cfg_array, &$error)
 	return;
 }
 
+/**
+* Checks whatever or not a variable is OK for use in the Database
+* param mixed $value_ary An array of the form array(array('lang' => ..., 'value' => ..., 'column_type' =>))'
+* param mixed $error The error array
+*/
+function validate_range($value_ary, &$error)
+{
+	global $user;
+	
+	$column_types = array(
+		'BOOL'	=> array('php_type' => 'int', 		'min' => 0, 				'max' => 1),
+		'USINT'	=> array('php_type' => 'int',		'min' => 0, 				'max' => 65535),
+		'UINT'	=> array('php_type' => 'int', 		'min' => 0, 				'max' => (int) 0x7fffffff),
+		'INT'	=> array('php_type' => 'int', 		'min' => (int) 0x80000000, 	'max' => (int) 0x7fffffff),
+		'TINT'	=> array('php_type' => 'int',		'min' => -128,				'max' => 127),
+		
+		'VCHAR'	=> array('php_type' => 'string', 	'min' => 0, 				'max' => 255),
+	);
+	foreach ($value_ary as $value)
+	{
+		$column = explode(':', $value['column_type']);
+		$max = $min = 0;
+		$type = 0;
+		if (!isset($column_types[$column[0]]))
+		{
+			continue;
+		}
+		else
+		{
+			$type = $column_types[$column[0]];
+		}
+
+		switch ($type['php_type'])
+		{
+			case 'string' :
+				$max = (isset($column[1])) ? min($column[1],$type['max']) : $type['max'];
+				if (strlen($value['value']) > $max)
+				{
+					$error[] = sprintf($user->lang['SETTING_TOO_LONG'], $user->lang[$value['lang']], $max);
+				}
+			break;
+
+			case 'int': 
+				$min = (isset($column[1])) ? max($column[1],$type['min']) : $type['min'];
+				$max = (isset($column[2])) ? min($column[2],$type['max']) : $type['max'];
+				if ($value['value'] < $min)
+				{
+					$error[] = sprintf($user->lang['SETTING_TOO_LOW'], $user->lang[$value['lang']], $min);
+				}
+				else if ($value['value'] > $max)
+				{
+					$error[] = sprintf($user->lang['SETTING_TOO_BIG'], $user->lang[$value['lang']], $max);
+				}
+			break;
+		}
+	}
+}
+
 ?>

phpBB/adm/style/acp_attachments.html

@@ -122,11 +122,11 @@
 			{
 				if (newimage == 'no_image')
 				{
-					document.image_upload_icon.src = "{PHPBB_ROOT_PATH}images/spacer.gif";
+					document.getElementById('image_upload_icon').src = "{PHPBB_ROOT_PATH}images/spacer.gif";
 				}
 				else
 				{
-					document.image_upload_icon.src = "{PHPBB_ROOT_PATH}{IMG_PATH}/" + newimage;
+					document.getElementById('image_upload_icon').src = "{PHPBB_ROOT_PATH}{IMG_PATH}/" + newimage;
 				}
 			}
 
@@ -192,7 +192,7 @@
 			<dd><select name="upload_icon" id="upload_icon" onchange="update_image(this.options[selectedIndex].value);">
 					<option value="no_image"<!-- IF S_NO_IMAGE --> selected="selected"<!-- ENDIF -->>{L_NO_IMAGE}</option>{S_FILENAME_LIST}
 			</select></dd>
-			<dd>&nbsp;<img <!-- IF S_NO_IMAGE -->src="{PHPBB_ROOT_PATH}images/spacer.gif"<!-- ELSE -->src="{UPLOAD_ICON_SRC}"<!-- ENDIF --> name="image_upload_icon" alt="" title="" />&nbsp;</dd>
+			<dd>&nbsp;<img <!-- IF S_NO_IMAGE -->src="{PHPBB_ROOT_PATH}images/spacer.gif"<!-- ELSE -->src="{UPLOAD_ICON_SRC}"<!-- ENDIF --> id="image_upload_icon" alt="" title="" />&nbsp;</dd>
 		</dl>
 		<dl>
 			<dt><label for="extgroup_filesize">{L_MAX_EXTGROUP_FILESIZE}:</label></dt>

phpBB/adm/style/acp_bbcodes.html

@@ -103,6 +103,10 @@
 			<td style="text-align: center;">{bbcodes.BBCODE_TAG}</td>
 			<td style="text-align: right; width: 40px;"><a href="{bbcodes.U_EDIT}">{ICON_EDIT}</a> <a href="{bbcodes.U_DELETE}">{ICON_DELETE}</a></td>
 		</tr>
+	<!-- BEGINELSE -->
+		<tr class="row3">
+			<td colspan="2">{L_ACP_NO_ITEMS}</td>
+		</tr>
 	<!-- END bbcodes -->
 	</tbody>
 	</table>

phpBB/adm/style/acp_database.html

@@ -7,6 +7,7 @@
 
 	<p>{L_ACP_RESTORE_EXPLAIN}</p>
 
+	<!-- IF .files -->
 	<form id="acp_backup" method="post" action="{U_ACTION}">
 
 	<fieldset>
@@ -16,16 +17,19 @@
 		<dd><select id="file" name="file" size="10"><!-- BEGIN files --><option value="{files.FILE}"<!-- IF files.S_LAST_ROW --> selected="selected"<!-- ENDIF -->>{files.NAME}</option><!-- END files --></select></dd>
 	</dl>
 
-	<!-- IF .files -->
 	<p class="submit-buttons">
 		<input class="button1" type="submit" id="submit" name="submit" value="{L_START_RESTORE}" />&nbsp;
 		<input class="button2" type="submit" id="delete" name="delete" value="{L_DELETE_BACKUP}" />&nbsp;
 		<input class="button2" type="submit" id="download" name="download" value="{L_DOWNLOAD_BACKUP}" />
 	</p>
-	<!-- ENDIF -->
 	{S_FORM_TOKEN}
 	</fieldset>
 	</form>
+	<!-- ELSE -->
+		<div class="errorbox">
+			<p>{L_ACP_NO_ITEMS}</p>
+		</div>
+	<!-- ENDIF -->
 
 <!-- ELSE -->
 	<h1>{L_ACP_BACKUP}</h1>
@@ -77,7 +81,7 @@
 			<option value="{tables.TABLE}">{tables.TABLE}</option>
 		<!-- END tables -->
 		</select></dd>
-		<dd><a href="#" onclick="selector(true)">{L_SELECT_ALL}</a> :: <a href="#" onclick="selector(false)">{L_DESELECT_ALL}</a></dd>
+		<dd><a href="#" onclick="selector(true); return false;">{L_SELECT_ALL}</a> :: <a href="#" onclick="selector(false); return false;">{L_DESELECT_ALL}</a></dd>
 	</dl>
 
 	<p class="submit-buttons">

phpBB/adm/style/acp_forums.html

@@ -202,6 +202,11 @@
 			<dt><label for="forum_status">{L_FORUM_STATUS}:</label></dt>
 			<dd><select id="forum_status" name="forum_status">{S_STATUS_OPTIONS}</select></dd>
 		</dl>
+		<dl>
+			<dt><label for="display_subforum_list">{L_LIST_SUBFORUMS}:</label><br /><span>{L_LIST_SUBFORUMS_EXPLAIN}</span></dt>
+			<dd><label><input type="radio" class="radio" name="display_subforum_list" value="1"<!-- IF S_DISPLAY_SUBFORUM_LIST --> id="display_subforum_list" checked="checked"<!-- ENDIF --> /> {L_YES}</label>
+				<label><input type="radio" class="radio" name="display_subforum_list" value="0"<!-- IF not S_DISPLAY_SUBFORUM_LIST --> id="display_subforum_list" checked="checked"<!-- ENDIF --> /> {L_NO}</label></dd>
+		</dl>
 		<dl>
 			<dt><label for="display_on_index">{L_LIST_INDEX}:</label><br /><span>{L_LIST_INDEX_EXPLAIN}</span></dt>
 			<dd><label><input type="radio" class="radio" name="display_on_index" value="1"<!-- IF S_DISPLAY_ON_INDEX --> id="display_on_index" checked="checked"<!-- ENDIF --> /> {L_YES}</label>
@@ -445,7 +450,7 @@
 					<!-- IF forums.S_FIRST_ROW && not forums.S_LAST_ROW -->
 						{ICON_MOVE_UP_DISABLED}
 						<a href="{forums.U_MOVE_DOWN}">{ICON_MOVE_DOWN}</a>
-					<!-- ELSEIF not forums.S_FIRST_ROW && not forums.S_LAST_ROW-->
+					<!-- ELSEIF not forums.S_FIRST_ROW && not forums.S_LAST_ROW -->
 						<a href="{forums.U_MOVE_UP}">{ICON_MOVE_UP}</a>
 						<a href="{forums.U_MOVE_DOWN}">{ICON_MOVE_DOWN}</a>
 					<!-- ELSEIF forums.S_LAST_ROW && not forums.S_FIRST_ROW -->

phpBB/adm/style/acp_icons.html

@@ -43,19 +43,19 @@
 	
 	function toggle_select(icon, display, select)
 	{
-		var disp = document.getElementById('order_disp[' + icon + ']');
+		var disp = document.getElementById('order_disp_' + select);
-		var nodisp = document.getElementById('order_no_disp[' + icon + ']');
+		var nodisp = document.getElementById('order_no_disp_' + select);
 		disp.disabled = !display;
 		nodisp.disabled = display;
 		if (display)
 		{
-			document.getElementById(select).selectedIndex = 0;
+			document.getElementById('order_' + select).selectedIndex = 0;
 			nodisp.className = 'disabled-options';
 			disp.className = '';
 		}
 		else
 		{
-			document.getElementById(select).selectedIndex = {S_ORDER_LIST_DISPLAY_COUNT};
+			document.getElementById('order_' + select).selectedIndex = {S_ORDER_LIST_DISPLAY_COUNT};
 			disp.className = 'disabled-options';
 			nodisp.className = '';
 		}
@@ -111,15 +111,15 @@
 		<td><input class="text post" type="text" size="3" name="width[{items.IMG}]" value="{items.WIDTH}" /></td>
 		<td><input class="text post" type="text" size="3" name="height[{items.IMG}]" value="{items.HEIGHT}" /></td>
 		<td>
-			<input type="checkbox" class="radio" name="display_on_posting[{items.IMG}]"{items.POSTING_CHECKED} onclick="toggle_select('{items.A_IMG}', this.checked, 'order[{items.A_IMG}]');"/>
+			<input type="checkbox" class="radio" name="display_on_posting[{items.IMG}]"{items.POSTING_CHECKED} onclick="toggle_select('{items.A_IMG}', this.checked, '{items.S_ROW_COUNT}');"/>
 			<!-- IF items.S_ID -->
 				<input type="hidden" name="id[{items.IMG}]" value="{items.ID}" />
 			<!-- ENDIF -->
 		</td>
 		<!-- IF ID or S_ADD -->
-			<td><select id="order[{items.IMG}]" name="order[{items.IMG}]">
+			<td><select id="order_{items.S_ROW_COUNT}" name="order[{items.IMG}]">
-				<optgroup id="order_disp[{items.IMG}]" label="{L_DISPLAY_POSTING}" <!-- IF not items.POSTING_CHECKED -->disabled="disabled" class="disabled-options" <!-- ENDIF -->>{S_ORDER_LIST_DISPLAY}</optgroup>
+				<optgroup id="order_disp_{items.S_ROW_COUNT}" label="{L_DISPLAY_POSTING}" <!-- IF not items.POSTING_CHECKED -->disabled="disabled" class="disabled-options" <!-- ENDIF -->>{S_ORDER_LIST_DISPLAY}</optgroup>
-				<optgroup id="order_no_disp[{items.IMG}]" label="{L_DISPLAY_POSTING_NO}" <!-- IF  items.POSTING_CHECKED -->disabled="disabled" class="disabled-options" <!-- ENDIF -->>{S_ORDER_LIST_UNDISPLAY}</optgroup>
+				<optgroup id="order_no_disp_{items.S_ROW_COUNT}" label="{L_DISPLAY_POSTING_NO}" <!-- IF  items.POSTING_CHECKED -->disabled="disabled" class="disabled-options" <!-- ENDIF -->>{S_ORDER_LIST_UNDISPLAY}</optgroup>
 			</select></td>
 		<!-- ENDIF -->	
 		<!-- IF S_ADD -->
@@ -248,6 +248,10 @@
 				&nbsp;<a href="{items.U_EDIT}">{ICON_EDIT}</a> <a href="{items.U_DELETE}">{ICON_DELETE}</a>
 			</td>
 		</tr>
+	<!-- BEGINELSE -->
+		<tr class="row3">
+			<td colspan="{COLSPAN}">{L_ACP_NO_ITEMS}</td>
+		</tr>
 	<!-- END items -->
 	</tbody>
 	</table>

phpBB/adm/style/acp_language.html

@@ -121,9 +121,11 @@
 
 	<!--[if lt IE 8]>
 	<style type="text/css">
+	/* <![CDATA[ */
 		input.langvalue, textarea.langvalue {
 		width: 450px;
 		}
+	/* ]]> */
 	</style>
 	<![endif]-->
 

phpBB/adm/style/acp_permission_roles.html

@@ -28,11 +28,11 @@
 
 	<p>{L_EXPLAIN}</p>
 
-	<form id="acp_roles" method="post" action="{U_ACTION}">
-
 	<br />
 	<a href="#acl">&raquo; {L_SET_ROLE_PERMISSIONS}</a>
 
+	<form id="acp_roles" method="post" action="{U_ACTION}">
+
 	<fieldset>
 		<legend>{L_ROLE_DETAILS}</legend>
 	<dl>
@@ -46,6 +46,7 @@
 
 	<p class="quick">
 		<input type="submit" class="button1" name="submit" value="{L_SUBMIT}" />
+		{S_FORM_TOKEN}
 	</p>
 	</fieldset>
 
@@ -57,11 +58,15 @@
 
 	<!-- ENDIF -->
 
+	<p>
+
 	<a name="acl"></a>
 
 	<a href="#maincontent">&raquo; {L_BACK_TO_TOP}</a><br />
 	<br /><br />
 
+	</p>
+
 	<h1>{L_ACL_TYPE}</h1>
 
 	<fieldset class="perm nolegend">
@@ -107,9 +112,9 @@
 						<!-- IF auth.mask.S_ROW_COUNT is even --><tr class="row4"><!-- ELSE --><tr class="row3"><!-- ENDIF -->
 						<th class="permissions-name<!-- IF auth.mask.S_ROW_COUNT is even --> row4<!-- ELSE --> row3<!-- ENDIF -->">{auth.mask.PERMISSION}</th>
 							
-						<td class="permissions-yes"><label for="{auth.mask.FIELD_NAME}_y"><input onchange="set_colours('00{auth.S_ROW_COUNT}', false)" id="setting[{auth.mask.FIELD_NAME}]_y" name="setting[{auth.mask.FIELD_NAME}]" class="radio" type="radio"<!-- IF auth.mask.S_YES --> checked="checked"<!-- ENDIF --> value="1" /></label></td>
+						<td class="permissions-yes"><label for="setting_{auth.mask.FIELD_NAME}_y"><input onchange="set_colours('00{auth.S_ROW_COUNT}', false)" id="setting_{auth.mask.FIELD_NAME}_y" name="setting[{auth.mask.FIELD_NAME}]" class="radio" type="radio"<!-- IF auth.mask.S_YES --> checked="checked"<!-- ENDIF --> value="1" /></label></td>
-						<td class="permissions-no"><label for="{auth.mask.FIELD_NAME}_u"><input onchange="set_colours('00{auth.S_ROW_COUNT}', false)" id="setting[{auth.mask.FIELD_NAME}]_u" name="setting[{auth.mask.FIELD_NAME}]" class="radio" type="radio"<!-- IF auth.mask.S_NO --> checked="checked"<!-- ENDIF --> value="-1" /></label></td>
+						<td class="permissions-no"><label for="setting_{auth.mask.FIELD_NAME}_u"><input onchange="set_colours('00{auth.S_ROW_COUNT}', false)" id="setting_{auth.mask.FIELD_NAME}_u" name="setting[{auth.mask.FIELD_NAME}]" class="radio" type="radio"<!-- IF auth.mask.S_NO --> checked="checked"<!-- ENDIF --> value="-1" /></label></td>
-						<td class="permissions-never"><label for="{auth.mask.FIELD_NAME}_n"><input onchange="set_colours('00{auth.S_ROW_COUNT}', false)" id="setting[{auth.mask.FIELD_NAME}]_n" name="setting[{auth.mask.FIELD_NAME}]" class="radio" type="radio"<!-- IF auth.mask.S_NEVER --> checked="checked"<!-- ENDIF --> value="0" /></label></td>
+						<td class="permissions-never"><label for="setting_{auth.mask.FIELD_NAME}_n"><input onchange="set_colours('00{auth.S_ROW_COUNT}', false)" id="setting_{auth.mask.FIELD_NAME}_n" name="setting[{auth.mask.FIELD_NAME}]" class="radio" type="radio"<!-- IF auth.mask.S_NEVER --> checked="checked"<!-- ENDIF --> value="0" /></label></td>
 					</tr>
 					<!-- END mask -->
 					</tbody>

phpBB/adm/style/acp_prune_forums.html

@@ -44,7 +44,7 @@
 		<p>{L_LOOK_UP_FORUMS_EXPLAIN}</p>
 	<dl>
 		<dt><label for="forum">{L_LOOK_UP_FORUM}:</label></dt>
-		<dd><select name="f[]" multiple="multiple" size="10">{S_FORUM_OPTIONS}</select></dd>
+		<dd><select id="forum" name="f[]" multiple="multiple" size="10">{S_FORUM_OPTIONS}</select></dd>
 		<dd><label><input type="checkbox" class="radio" name="all_forums" value="1" /> {L_ALL_FORUMS}</label></dd>
 	</dl>
 	

phpBB/adm/style/acp_styles.html

@@ -459,7 +459,7 @@
 	</dl>
 	<dl>
 		<dt><label for="copyright">{L_COPYRIGHT}:</label></dt>
-		<dd><!-- IF S_INSTALL --><b id="name">{COPYRIGHT}</b><!-- ELSE --><input type="text" id="copyright" name="copyright" value="{COPYRIGHT}" /><!-- ENDIF --></dd>
+		<dd><!-- IF S_INSTALL --><b id="copyright">{COPYRIGHT}</b><!-- ELSE --><input type="text" id="copyright" name="copyright" value="{COPYRIGHT}" /><!-- ENDIF --></dd>
 	</dl>
 	<!-- IF S_STYLE and not S_BASIS -->
 		<dl>

phpBB/adm/style/acp_words.html

@@ -62,6 +62,10 @@
 		<td style="text-align: center;">{words.REPLACEMENT}</td>
 		<td>&nbsp;<a href="{words.U_EDIT}">{ICON_EDIT}</a>&nbsp;&nbsp;<a href="{words.U_DELETE}">{ICON_DELETE}</a>&nbsp;</td>
 	</tr>
+	<!-- BEGINELSE -->
+	<tr class="row3">
+		<td colspan="3">{L_ACP_NO_ITEMS}</td>
+	</tr>
 	<!-- END words -->
 	</tbody>
 	</table>

phpBB/adm/style/colour_swatch.html

@@ -8,7 +8,7 @@
 <title>{L_COLOUR_SWATCH}</title>
 
 <style type="text/css">
-<!--
+/* <![CDATA[ */
 	body {
 		background-color: #404040;
 		color: #fff;
@@ -29,7 +29,7 @@
 	img {
 		border: 0;
 	}
-//-->
+/* ]]> */
 </style>
 </head>
 

phpBB/adm/style/install_update_diff.html

@@ -32,7 +32,7 @@ function resize_panel()
 </script>
 
 <style type="text/css">
-<!--
+/* <![CDATA[ */
 
 #main {
 	font-size: 1em;
@@ -198,7 +198,7 @@ table.hrdiff caption span {
 
 <!-- ENDIF -->
 
-//-->
+/* ]]> */
 </style>
 
 </head>

phpBB/common.php

@@ -131,7 +131,7 @@ if (!defined('PHPBB_INSTALLED'))
 	// Redirect the user to the installer
 	// We have to generate a full HTTP/1.1 header here since we can't guarantee to have any of the information
 	// available as used by the redirect function
-	$server_name = (!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME');
+	$server_name = (!empty($_SERVER['HTTP_HOST'])) ? strtolower($_SERVER['HTTP_HOST']) : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME'));
 	$server_port = (!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT');
 	$secure = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 1 : 0;
 
@@ -149,9 +149,13 @@ if (!defined('PHPBB_INSTALLED'))
 	$url = (($secure) ? 'https://' : 'http://') . $server_name;
 
 	if ($server_port && (($secure && $server_port <> 443) || (!$secure && $server_port <> 80)))
+	{
+		// HTTP HOST can carry a port number...
+		if (strpos($server_name, ':') === false)
 		{
 			$url .= ':' . $server_port;
 		}
+	}
 
 	$url .= $script_path;
 	header('Location: ' . $url);

phpBB/develop/create_schema_files.php

@@ -1072,6 +1072,7 @@ function get_schema_struct()
 			'forum_last_poster_name'=> array('VCHAR_UNI', ''),
 			'forum_last_poster_colour'=> array('VCHAR:6', ''),
 			'forum_flags'			=> array('TINT:4', 32),
+			'display_subforum_list'	=> array('BOOL', 1),
 			'display_on_index'		=> array('BOOL', 1),
 			'enable_indexing'		=> array('BOOL', 1),
 			'enable_icons'			=> array('BOOL', 1),
@@ -1143,7 +1144,7 @@ function get_schema_struct()
 		),
 		'PRIMARY_KEY'	=> 'group_id',
 		'KEYS'			=> array(
-			'group_legend'			=> array('INDEX', 'group_legend'),
+			'group_legend_name'		=> array('INDEX', array('group_legend', 'group_name')),
 		),
 	);
 
@@ -1519,6 +1520,7 @@ function get_schema_struct()
 		'COLUMNS'		=> array(
 			'session_id'			=> array('CHAR:32', ''),
 			'session_user_id'		=> array('UINT', 0),
+			'session_forum_id'		=> array('UINT', 0),
 			'session_last_visit'	=> array('TIMESTAMP', 0),
 			'session_start'			=> array('TIMESTAMP', 0),
 			'session_time'			=> array('TIMESTAMP', 0),
@@ -1534,6 +1536,7 @@ function get_schema_struct()
 		'KEYS'			=> array(
 			'session_time'		=> array('INDEX', 'session_time'),
 			'session_user_id'	=> array('INDEX', 'session_user_id'),
+			'session_forum_id'	=> array('INDEX', 'session_forum_id'),
 		),
 	);
 

phpBB/docs/CHANGELOG.html

@@ -53,6 +53,7 @@
 <ol>
 	<li><a href="#changelog">Changelog</a>
 	<ol style="list-style-type: lower-roman;">
+		<li><a href="#v300">Changes since 3.0.0</a></li>
 		<li><a href="#v30rc8">Changes since RC-8</a></li>
 		<li><a href="#v30rc7">Changes since RC-7</a></li>
 		<li><a href="#v30rc6">Changes since RC-6</a></li>
@@ -80,6 +81,75 @@
 
 		<div class="content">
 
+	<a name="v300"></a><h3>1.i. Changes since 3.0.0</h3>
+
+	<ul>
+		<li>[Change] Validate birthdays (Bug #15004)</li>
+		<li>[Fix] Allow correct avatar caching for CGI installations. (thanks wildbill)</li>
+		<li>[Fix] Fix disabling of word censor, now possible again</li>
+		<li>[Fix] Allow single quotes in db password to be stored within config.php in installer</li>
+		<li>[Fix] Correctly quote db password for re-display in installer (Bug #16695 / thanks to m313 for reporting too - #s17235)</li>
+		<li>[Fix] Correctly handle empty imageset entries (Bug #16865)</li>
+		<li>[Fix] Correctly check empty subjects/messages (Bug #17915)</li>
+		<li>[Change] Do not check usernames against word censor list. Disallowed usernames is already checked and word censor belong to posts. (Bug #17745)</li>
+		<li>[Fix] Additionally include non-postable forums for moderators forums shown within the teams list. (Bug #17265)</li>
+		<li>[Change] Sped up viewforum considerably (also goes towards mcp_forum)</li>
+		<li>[Fix] Do not split topic list for topics being promoted to announcements after been moved to another forum (Bug #18635)</li>
+		<li>[Fix] Allow editing usernames within database_update on username cleanup (Bug #18415)</li>
+		<li>[Fix] Fixing wrong sync() calls if moving all posts by a member in ACP (Bug #18385)</li>
+		<li>[Fix] Check entered imagemagick path for trailing slash (Bug #18205)</li>
+		<li>[Fix] Use proper title on index for new/unread posts (Bug #13101) - patch provided by Pyramide</li>
+		<li>[Fix] Allow calls to $user->set_cookie() define no cookie time for setting session cookies (Bug #18025)</li>
+		<li>[Fix] Stricter checks on smilie packs (Bug #19675)</li>
+		<li>[Fix] Gracefully return from cancelling pm drafts (Bug #19675)</li>
+		<li>[Fix] Possible login problems with IE7 if browser check is activated (Bug #20135)</li>
+		<li>[Fix] Fix possible database transaction errors if code returns on error and rollback happened (Bug #17025)</li>
+		<li>[Change] Allow numbers in permission names for modifications, as well as uppercase letters for the request_ part (Bug #20125)</li>
+		<li>[Fix] Use HTTP_HOST in favor of SERVER_NAME for determining server url for redirection and installation (Bug #19955)</li>
+		<li>[Fix] Removing s_watching_img from watch_topic_forum() function (Bug #20445)</li>
+		<li>[Fix] Changing order for post review if more than one post affected (Bug #15249)</li>
+		<li>[Fix] Language typos/fixes (Bug #20425, #15719, #15429, #14669, #13479, #20795, #21095, #21405, #21715, #21725, #21755, #21865, #15689)</li>
+		<li>[Fix] Style/Template fixes (Bug #20065, #19405, #19205, #15028, #14934, #14821, #14752, #14497, #13707, #14738, #19725)</li>
+		<li>[Fix] Tiny code fixes (Bug #20165, #20025, #19795, #14804)</li>
+		<li>[Fix] Prepend phpbb_root_path to ranks path for displaying ranks (Bug #19075)</li>
+		<li>[Fix] Allow forum notifications if topic notifications are disabled but forum notifications enabled (Bug #14765)</li>
+		<li>[Fix] Fixing realpath issues for provider returning the passed value instead of disabling it. This fixes issues with confirm boxes for those hosted on Network Solutions for example. (Bug #20435)</li>
+		<li>[Fix] Try to sort last active date on memberlist correctly at least on current page (Bug #18665)</li>
+		<li>[Fix] Handle generation of form tokens when maximum time is set to -1</li>
+		<li>[Fix] Correctly delete unapproved posts without deleting the topic (Bug #15120)</li>
+		<li>[Fix] Respect signature permissions in posting (Bug #16029)</li>
+		<li>[Fix] Users allowed to resign only from open and freely open groups (Bug #19355)</li>
+		<li>[Fix] Assign a last viewed date to converted topics (Bug #16565)</li>
+		<li>[Fix] Many minor and/or cosmetic fixes (Including, but not limited to: #21315, #18575, #18435, #21215)</li>
+		<li>[Feature] New option to hide the entire list of subforums on listforums</li>
+		<li>[Fix] Custom BBCode {EMAIL}-Token usage (Bug #21155)</li>
+		<li>[Fix] Do not rely on parameter returned by unlink() for verifying cache directory write permission (Bug #19565)</li>
+		<li>[Change] Use correct string for filesize (MiB instead of MB for example)</li>
+		<li>[Change] Remove left join for query used to retrieve already assigned users and groups within permission panel (Bug #20235)</li>
+		<li>[Fix] Correctly return sole whitespaces if used with BBCodes (Bug #19535)</li>
+		<li>[Fix] Quote bbcode parsing adding too much closing tags on special conditions (Bug #20735)</li>
+		<li>[Change] Added sanity checks to various ACP settings</li>
+		<li>[Change] Removed minimum form times</li>
+		<li>[Fix] Check topics_per_page value in acp_forums (Bug #15539)</li>
+		<li>[Fix] Custom profile fields with date type should be timezone independend (Bug #15003)</li>
+		<li>[Fix] Fixing some XHTML errors/warnings within the ACP (Bug #22875)</li>
+		<li>[Fix] Warnings if poll title/options exceed maximum characters per post (Bug #22865)</li>
+		<li>[Fix] Do not allow selecting non-authorized groups within memberlist by adjusting URL (Bug #22805 - patch provided by ToonArmy)</li>
+		<li>[Fix] Correctly specify &quot;close report action&quot; (Bug #22685)</li>
+		<li>[Fix] Display &quot;empty password error&quot; within the login box instead of issuing a general error (Bug #22525)</li>
+		<li>[Fix] Clean up who is online code in page_header (Bug #22715, thanks HighwayofLife)</li>
+		<li>[Fix] Pertain select single link on memberlist (Bug #23235 - patch provided by Schumi)</li>
+		<li>[Fix] Allow &amp; and | in local part of email addresses (Bug #22995)</li>
+		<li>[Fix] Do not error out if php_uname function disabled / Authenticating on SMTP Server (Bug #22235 - patch by HoL)</li>
+		<li>[Fix] Correctly obtain to be ignored users within topic/forum notification (Bug #21795 - patch provided by dr.death)</li>
+		<li>[Fix] Correctly update board statistics for attaching orphaned files to existing posts (Bug #20185)</li>
+		<li>[Fix] Do not detect the board URL as a link twice in posts (Bug #19215)</li>
+		<li>[Fix] Set correct error reporting in style.php to avoid blank pages after CSS changes (Bug #23885)</li>
+		<li>[Fix] If pruning users based on last activity, do not include users never logged in before (Bug #18105)</li>
+		<li>[Sec] Only allow searching by email address in memberlist for users having the a_user permission (reported by evil&lt;3)</li>
+		<li>[Sec] Limit private message attachments to be viewable only by the recipient(s)/sender (Report #s23535) - reported by AlleyKat</li>
+	</ul>
+
 	<a name="v30rc8"></a><h3>1.i. Changes since 3.0.RC8</h3>
 
 	<ul>

phpBB/docs/INSTALL.html

@@ -281,9 +281,9 @@
 
 <a name="update_patch"></a><h3>4.iii. Patch file</h3>
 
-	<p>The patch file package is for those wanting to update through the patch application, and being compfortable with it.</p>
+	<p>The patch file package is for those wanting to update through the patch application, and being comfortable with it.</p>
 
-	<p>The patch file is one solution for those with many Modifications (MODs) or other changes who do not want to re-add them back to all the changed files if they use the method explained above. To use this you will need command line access to a standard UNIX type <strong>patch</strong> application. If you do not have access to such an application but still want to use this update approach, we strongly recommend the <a href="update_auto">Automatic update package</a> explained below. It is also the preferred update method.</p>
+	<p>The patch file is one solution for those with many Modifications (MODs) or other changes who do not want to re-add them back to all the changed files if they use the method explained above. To use this you will need command line access to a standard UNIX type <strong>patch</strong> application. If you do not have access to such an application but still want to use this update approach, we strongly recommend the <a href="#update_auto">Automatic update package</a> explained below. It is also the preferred update method.</p>
 
 	<p>A number of patch files are provided to allow you to update from previous stable releases. Select the correct patch, e.g. if your current version is 3.0.0 you need the phpBB-3.0.0_to_3.0.1.patch file. Place the correct patch in the parent directory containing the phpBB3 core files (i.e. index.php, viewforum.php, etc.). With this done you should run the following command: <strong>patch -cl -d [PHPBB DIRECTORY] -p1 &lt; [PATCH NAME]</strong> (where PHPBB DIRECTORY is the directory name your phpBB Installation resides in, for example phpBB3, and where PATCH NAME is the relevant filename of the selected patch file). This should complete quickly, hopefully without any HUNK FAILED comments.</p>
 
@@ -369,7 +369,7 @@
 
 	<p><strong>Password conversion</strong> Due to the utf-8 based handling of passwords in phpBB3, it is not always possible to transfer all passwords. For passwords "lost in translation" the easiest workaround is to use the "forgotten password" function.</p>
 
-	<p><strong>Path to your former board</strong> The converter expects the relative path to your old board's files. So, -for instance - if the new board is located at <code>http://www.yourdomain.com/forum</code> and the phpBB3 is located at <code>http://www.yourdomain.com/phpBB3</code>, then the correct value would be <code>../forum</code>. Note that the webserver user must be able to access the source installation's files.</p>
+	<p><strong>Path to your former board</strong> The converter expects the relative path to your old board's files. So, - for instance - if the old board is located at <code>http://www.yourdomain.com/forum</code> and the phpBB3 installation is located at <code>http://www.yourdomain.com/phpBB3</code>, then the correct value would be <code>../forum</code>. Note that the webserver user must be able to access the source installation's files.</p>
 
 	<p><strong>Missing images</strong> If your default board language's language pack does not include all images, then some images might be missing in your installation. Always use a complete language pack as default language.</p> 
 

phpBB/docs/coding-guidelines.html

@@ -110,7 +110,7 @@
 	<p>If entered with tabs (replace the {TAB}) both equal signs need to be on the same column.</p>
 
 	<h3>Linefeeds:</h3>
-	<p>Ensure that your editor is saving files in the UNIX format. This means lines are terminated with a newline, not with a CR/LF combo as they are on Win32, or whatever the Mac uses. Any decent editor should be able to do this, but it might not always be the default. Know your editor. If you want advice on Windows text editors, just ask one of the developers. Some of them do their editing on Win32.</p>
+	<p>Ensure that your editor is saving files in the UNIX (LF) line ending format. This means that lines are terminated with a newline, not with Windows Line endings (CR/LF combo) as they are on Win32 or Classic Mac (CR) Line endings. Any decent editor should be able to do this, but it might not always be the default setting. Know your editor. If you want advice for an editor for your Operating System, just ask one of the developers. Some of them do their editing on Win32.
 
 	<a name="fileheader"></a><h3>1.ii. File Header</h3>
 
@@ -1059,7 +1059,7 @@ append_sid(&quot;{$phpbb_root_path}memberlist.$phpEx&quot;, 'mode=group&amp;amp;
 <span class="comment">&lt;!-- END loopname --&gt;</span>
 </pre></div>
 
-<p>A bit later loops will be explained further. To not irretate you we will explain conditionals as well as other statements first.</p>
+<p>A bit later loops will be explained further. To not irritate you we will explain conditionals as well as other statements first.</p>
 
 <h4>Including files</h4>
 <p>Something that existed in 2.0.x which no longer exists in 3.0.x is the ability to assign a template to a variable. This was used (for example) to output the jumpbox. Instead (perhaps better, perhaps not but certainly more flexible) we now have INCLUDE. This takes the simple form:</p>

phpBB/docs/hook_system.html

@@ -14,7 +14,7 @@
 <title>phpBB3 &bull; Hook System</title>
 
 <style type="text/css">
-<!--
+/* <![CDATA[ */
 
 /*
 	The original "prosilver" theme for phpBB3
@@ -309,7 +309,7 @@ a:active	{ color: #368AD2; }
 	margin-left: 25px;
 }
 
-//-->
+/* ]]> */
 </style>
 
 </head>

phpBB/download/file.php

@@ -48,7 +48,7 @@ if (isset($_GET['avatar']))
 	// '==' is not a bug - . as the first char is as bad as no dot at all
 	if (strpos($filename, '.') == false)
 	{
-		header('HTTP/1.0 403 forbidden');
+		header('HTTP/1.0 403 Forbidden');
 		if (!empty($cache))
 		{
 			$cache->unload();
@@ -67,7 +67,14 @@ if (isset($_GET['avatar']))
 	{
 		if ($last_load !== false && $last_load <= $stamp)
 		{
-			header('Not Modified', true, 304);
+			if (@php_sapi_name() === 'CGI')
+			{
+				header('Status: 304 Not Modified', true, 304);
+			}
+			else
+			{
+				header('HTTP/1.0 304 Not Modified', true, 304);
+			}
 			// seems that we need those too ... browsers
 			header('Pragma: public');
 			header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', time() + 31536000));
@@ -82,7 +89,7 @@ if (isset($_GET['avatar']))
 	if (!in_array($ext, array('png', 'gif', 'jpg', 'jpeg')))
 	{
 		// no way such an avatar could exist. They are not following the rules, stop the show.
-		header("HTTP/1.0 403 forbidden");
+		header("HTTP/1.0 403 Forbidden");
 		if (!empty($cache))
 		{
 			$cache->unload();
@@ -94,7 +101,7 @@ if (isset($_GET['avatar']))
 	if (!$filename)
 	{
 		// no way such an avatar could exist. They are not following the rules, stop the show.
-		header("HTTP/1.0 403 forbidden");
+		header("HTTP/1.0 403 Forbidden");
 		if (!empty($cache))
 		{
 			$cache->unload();
@@ -201,8 +208,32 @@ else
 		$row['forum_id'] = false;
 		if (!$auth->acl_get('u_pm_download'))
 		{
+			header('HTTP/1.0 403 Forbidden');
 			trigger_error('SORRY_AUTH_VIEW_ATTACH');
 		}
+
+		// Check if the attachment is within the users scope...
+		$sql = 'SELECT user_id, author_id
+			FROM ' . PRIVMSGS_TO_TABLE . '
+			WHERE msg_id = ' . $attachment['post_msg_id'];
+		$result = $db->sql_query($sql);
+
+		$allowed = false;
+		while ($user_row = $db->sql_fetchrow($result))
+		{
+			if ($user->data['user_id'] == $user_row['user_id'] || $user->data['user_id'] == $user_row['author_id'])
+			{
+				$allowed = true;
+				break;
+			}
+		}
+		$db->sql_freeresult($result);
+
+		if (!$allowed)
+		{
+			header('HTTP/1.0 403 Forbidden');
+			trigger_error('ERROR_NO_ATTACHMENT');
+		}
 	}
 
 	// disallowed?
@@ -215,6 +246,7 @@ else
 
 if (!download_allowed())
 {
+	header('HTTP/1.0 403 Forbidden');
 	trigger_error($user->lang['LINKAGE_FORBIDDEN']);
 }
 
@@ -551,7 +583,7 @@ function download_allowed()
 	}
 
 	// Check for own server...
-	$server_name = (!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME');
+	$server_name = $user->host;
 
 	// Forcing server vars is the only way to specify/override the protocol
 	if ($config['force_server_vars'] || !$server_name)

phpBB/includes/acm/acm_file.php

@@ -312,7 +312,7 @@ class acm
 
 		if ($var_name[0] == '_')
 		{
-			$this->remove_file($this->cache_dir . 'data' . $var_name . ".$phpEx");
+			$this->remove_file($this->cache_dir . 'data' . $var_name . ".$phpEx", true);
 		}
 		else if (isset($this->vars[$var_name]))
 		{
@@ -375,7 +375,7 @@ class acm
 		}
 		else if ($expired)
 		{
-			$this->remove_file($this->cache_dir . 'sql_' . md5($query) . ".$phpEx");
+			$this->remove_file($this->cache_dir . 'sql_' . md5($query) . ".$phpEx", true);
 			return false;
 		}
 
@@ -489,13 +489,15 @@ class acm
 	/**
 	* Removes/unlinks file
 	*/
-	function remove_file($filename)
+	function remove_file($filename, $check = false)
 	{
-		if (!@unlink($filename))
+		if ($check && !@is_writeable($this->cache_dir))
 		{
 			// E_USER_ERROR - not using language entry - intended.
 			trigger_error('Unable to remove files within ' . $this->cache_dir . '. Please check directory permissions.', E_USER_ERROR);
 		}
+
+		return @unlink($filename);
 	}
 }
 

phpBB/includes/acp/acp_attachments.php

@@ -152,7 +152,7 @@ class acp_attachments
 					if (in_array($config_name, array('attachment_quota', 'max_filesize', 'max_filesize_pm')))
 					{
 						$size_var = request_var($config_name, '');
-						$this->new_config[$config_name] = $config_value = ($size_var == 'kb') ? round($config_value * 1024) : (($size_var == 'mb') ? round($config_value * 1048576) : $config_value);
+						$this->new_config[$config_name] = $config_value = ($size_var == 'kb') ? ($config_value << 10) : (($size_var == 'mb') ? ($config_value << 20) : $config_value);
 					}
 
 					if ($submit)
@@ -184,8 +184,19 @@ class acp_attachments
 				}
 
 				// We strip eventually manual added convert program, we only want the patch
+				if ($this->new_config['img_imagick'])
+				{
+					// Change path separator
+					$this->new_config['img_imagick'] = str_replace('\\', '/', $this->new_config['img_imagick']);
 					$this->new_config['img_imagick'] = str_replace(array('convert', '.exe'), array('', ''), $this->new_config['img_imagick']);
 
+					// Check for trailing slash
+					if (substr($this->new_config['img_imagick'], -1) !== '/')
+					{
+						$this->new_config['img_imagick'] .= '/';
+					}
+				}
+
 				$supported_types = get_supported_image_types();
 
 				// Check Thumbnail Support
@@ -489,7 +500,7 @@ class acp_attachments
 						$allowed_forums	= request_var('allowed_forums', array(0));
 						$allow_in_pm	= (isset($_POST['allow_in_pm'])) ? true : false;
 						$max_filesize	= request_var('max_filesize', 0);
-						$max_filesize	= ($size_select == 'kb') ? round($max_filesize * 1024) : (($size_select == 'mb') ? round($max_filesize * 1048576) : $max_filesize);
+						$max_filesize	= ($size_select == 'kb') ? ($max_filesize << 10) : (($size_select == 'mb') ? ($max_filesize << 20) : $max_filesize);
 						$allow_group	= (isset($_POST['allow_group'])) ? true : false;
 
 						if ($max_filesize == $config['max_filesize'])
@@ -662,8 +673,7 @@ class acp_attachments
 						}
 
 						$size_format = ($ext_group_row['max_filesize'] >= 1048576) ? 'mb' : (($ext_group_row['max_filesize'] >= 1024) ? 'kb' : 'b');
-
+						$ext_group_row['max_filesize'] = get_formatted_filesize($ext_group_row['max_filesize'], false);
-						$ext_group_row['max_filesize'] = ($ext_group_row['max_filesize'] >= 1048576) ? round($ext_group_row['max_filesize'] / 1048576 * 100) / 100 : (($ext_group_row['max_filesize'] >= 1024) ? round($ext_group_row['max_filesize'] / 1024 * 100) / 100 : $ext_group_row['max_filesize']);
 
 						$img_path = $config['upload_icons_path'];
 
@@ -889,7 +899,7 @@ class acp_attachments
 					$upload_list = array();
 					foreach ($add_files as $attach_id)
 					{
-						if (!in_array($attach_id, array_keys($delete_files)) && !empty($post_ids[$attach_id]))
+						if (!isset($delete_files[$attach_id]) && !empty($post_ids[$attach_id]))
 						{
 							$upload_list[$attach_id] = $post_ids[$attach_id];
 						}
@@ -930,6 +940,7 @@ class acp_attachments
 								AND is_orphan = 1';
 						$result = $db->sql_query($sql);
 
+						$files_added = $space_taken = 0;
 						while ($row = $db->sql_fetchrow($result))
 						{
 							$post_row = $post_info[$upload_list[$row['attach_id']]];
@@ -969,9 +980,18 @@ class acp_attachments
 								WHERE topic_id = ' . $post_row['topic_id'];
 							$db->sql_query($sql);
 
+							$space_taken += $row['filesize'];
+							$files_added++;
+
 							add_log('admin', 'LOG_ATTACH_FILEUPLOAD', $post_row['post_id'], $row['real_filename']);
 						}
 						$db->sql_freeresult($result);
+
+						if ($files_added)
+						{
+							set_config('upload_dir_size', $config['upload_dir_size'] + $space_taken, true);
+							set_config('num_files', $config['num_files'] + $files_added, true);
+						}
 					}
 				}
 
@@ -989,11 +1009,8 @@ class acp_attachments
 
 				while ($row = $db->sql_fetchrow($result))
 				{
-					$size_lang = ($row['filesize'] >= 1048576) ? $user->lang['MB'] : (($row['filesize'] >= 1024) ? $user->lang['KB'] : $user->lang['BYTES']);
-					$row['filesize'] = ($row['filesize'] >= 1048576) ? round((round($row['filesize'] / 1048576 * 100) / 100), 2) : (($row['filesize'] >= 1024) ? round((round($row['filesize'] / 1024 * 100) / 100), 2) : $row['filesize']);
-
 					$template->assign_block_vars('orphan', array(
-						'FILESIZE'			=> $row['filesize'] . ' ' . $size_lang,
+						'FILESIZE'			=> get_formatted_filesize($row['filesize']),
 						'FILETIME'			=> $user->format_date($row['filetime']),
 						'REAL_FILENAME'		=> basename($row['real_filename']),
 						'PHYSICAL_FILENAME'	=> basename($row['physical_filename']),
@@ -1134,7 +1151,7 @@ class acp_attachments
 			foreach ($locations as $location)
 			{
 				// The path might not end properly, fudge it
-				if (substr($location, -1, 1) !== '/')
+				if (substr($location, -1) !== '/')
 				{
 					$location .= '/';
 				}
@@ -1399,7 +1416,7 @@ class acp_attachments
 	{
 		// Determine size var and adjust the value accordingly
 		$size_var = ($value >= 1048576) ? 'mb' : (($value >= 1024) ? 'kb' : 'b');
-		$value = ($value >= 1048576) ? round($value / 1048576 * 100) / 100 : (($value >= 1024) ? round($value / 1024 * 100) / 100 : $value);
+		$value = get_formatted_filesize($value, false);
 
 		return '<input type="text" id="' . $key . '" size="8" maxlength="15" name="config[' . $key . ']" value="' . $value . '" /> <select name="' . $key . '">' . size_select_options($size_var) . '</select>';
 	}

phpBB/includes/acp/acp_bbcodes.php

@@ -312,7 +312,7 @@ class acp_bbcodes
 				'!(' . str_replace(array('!', '\#'), array('\!', '#'), get_preg_expression('relative_url')) . ')!e'	=>	"\$this->bbcode_specialchars('$1')"
 			),
 			'EMAIL' => array(
-				'!([a-z0-9]+[a-z0-9\-\._]*@(?:(?:[0-9]{1,3}\.){3,5}[0-9]{1,3}|[a-z0-9]+[a-z0-9\-\._]*\.[a-z]+))!i'	=>	"\$this->bbcode_specialchars('$1')"
+				'!(' . get_preg_expression('email') . ')!ie'	=>	"\$this->bbcode_specialchars('$1')"
 			),
 			'TEXT' => array(
 				'!(.*?)!es'	 =>	"str_replace(array(\"\\r\\n\", '\\\"', '\\'', '(', ')'), array(\"\\n\", '\"', ''', '(', ')'), trim('\$1'))"
@@ -334,7 +334,7 @@ class acp_bbcodes
 		$sp_tokens = array(
 			'URL'	 => '(?i)((?:' . str_replace(array('!', '\#'), array('\!', '#'), get_preg_expression('url')) . ')|(?:' . str_replace(array('!', '\#'), array('\!', '#'), get_preg_expression('www_url')) . '))(?-i)',
 			'LOCAL_URL'	 => '(?i)(' . str_replace(array('!', '\#'), array('\!', '#'), get_preg_expression('relative_url')) . ')(?-i)',
-			'EMAIL' => '([a-zA-Z0-9]+[a-zA-Z0-9\-\._]*@(?:(?:[0-9]{1,3}\.){3,5}[0-9]{1,3}|[a-zA-Z0-9]+[a-zA-Z0-9\-\._]*\.[a-zA-Z]+))',
+			'EMAIL' => '(' . get_preg_expression('email') . ')',
 			'TEXT' => '(.*?)',
 			'SIMPLETEXT' => '([a-zA-Z0-9-+.,_ ]+)',
 			'IDENTIFIER' => '([a-zA-Z0-9-_]+)',

phpBB/includes/acp/acp_board.php

@@ -107,9 +107,9 @@ class acp_board
 						'allow_avatar_local'	=> array('lang' => 'ALLOW_LOCAL',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
 						'allow_avatar_remote'	=> array('lang' => 'ALLOW_REMOTE',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'allow_avatar_upload'	=> array('lang' => 'ALLOW_UPLOAD',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
-						'avatar_filesize'		=> array('lang' => 'MAX_FILESIZE',			'validate' => 'int',	'type' => 'text:4:10', 'explain' => true, 'append' => ' ' . $user->lang['BYTES']),
+						'avatar_filesize'		=> array('lang' => 'MAX_FILESIZE',			'validate' => 'int:0',	'type' => 'text:4:10', 'explain' => true, 'append' => ' ' . $user->lang['BYTES']),
-						'avatar_min'			=> array('lang' => 'MIN_AVATAR_SIZE',		'validate' => 'int',	'type' => 'dimension:3:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
+						'avatar_min'			=> array('lang' => 'MIN_AVATAR_SIZE',		'validate' => 'int:0',	'type' => 'dimension:3:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
-						'avatar_max'			=> array('lang' => 'MAX_AVATAR_SIZE',		'validate' => 'int',	'type' => 'dimension:3:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
+						'avatar_max'			=> array('lang' => 'MAX_AVATAR_SIZE',		'validate' => 'int:0',	'type' => 'dimension:3:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
 						'avatar_path'			=> array('lang' => 'AVATAR_STORAGE_PATH',	'validate' => 'rwpath',	'type' => 'text:20:255', 'explain' => true),
 						'avatar_gallery_path'	=> array('lang' => 'AVATAR_GALLERY_PATH',	'validate' => 'rpath',	'type' => 'text:20:255', 'explain' => true)
 					)
@@ -123,10 +123,10 @@ class acp_board
 					'vars'	=> array(
 						'legend1'				=> 'GENERAL_SETTINGS',
 						'allow_privmsg'			=> array('lang' => 'BOARD_PM',				'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
-						'pm_max_boxes'			=> array('lang' => 'BOXES_MAX',				'validate' => 'int',	'type' => 'text:4:4', 'explain' => true),
+						'pm_max_boxes'			=> array('lang' => 'BOXES_MAX',				'validate' => 'int:0',	'type' => 'text:4:4', 'explain' => true),
-						'pm_max_msgs'			=> array('lang' => 'BOXES_LIMIT',			'validate' => 'int',	'type' => 'text:4:4', 'explain' => true),
+						'pm_max_msgs'			=> array('lang' => 'BOXES_LIMIT',			'validate' => 'int:0',	'type' => 'text:4:4', 'explain' => true),
 						'full_folder_action'	=> array('lang' => 'FULL_FOLDER_ACTION',	'validate' => 'int',	'type' => 'select', 'method' => 'full_folder_select', 'explain' => true),
-						'pm_edit_time'			=> array('lang' => 'PM_EDIT_TIME',			'validate' => 'int',	'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['MINUTES']),
+						'pm_edit_time'			=> array('lang' => 'PM_EDIT_TIME',			'validate' => 'int:0',	'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['MINUTES']),
 
 						'legend2'				=> 'GENERAL_OPTIONS',
 						'allow_mass_pm'			=> array('lang' => 'ALLOW_MASS_PM',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
@@ -160,21 +160,21 @@ class acp_board
 
 						'legend2'				=> 'POSTING',
 						'bump_type'				=> false,
-						'edit_time'				=> array('lang' => 'EDIT_TIME',				'validate' => 'int',	'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['MINUTES']),
+						'edit_time'				=> array('lang' => 'EDIT_TIME',				'validate' => 'int:0',	'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['MINUTES']),
 						'display_last_edited'	=> array('lang' => 'DISPLAY_LAST_EDITED',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
-						'flood_interval'		=> array('lang' => 'FLOOD_INTERVAL',		'validate' => 'int',	'type' => 'text:3:10', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
+						'flood_interval'		=> array('lang' => 'FLOOD_INTERVAL',		'validate' => 'int:0',	'type' => 'text:3:10', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
-						'bump_interval'			=> array('lang' => 'BUMP_INTERVAL',			'validate' => 'int',	'type' => 'custom', 'method' => 'bump_interval', 'explain' => true),
+						'bump_interval'			=> array('lang' => 'BUMP_INTERVAL',			'validate' => 'int:0',	'type' => 'custom', 'method' => 'bump_interval', 'explain' => true),
-						'topics_per_page'		=> array('lang' => 'TOPICS_PER_PAGE',		'validate' => 'int',	'type' => 'text:3:4', 'explain' => false),
+						'topics_per_page'		=> array('lang' => 'TOPICS_PER_PAGE',		'validate' => 'int:1',	'type' => 'text:3:4', 'explain' => false),
-						'posts_per_page'		=> array('lang' => 'POSTS_PER_PAGE',		'validate' => 'int',	'type' => 'text:3:4', 'explain' => false),
+						'posts_per_page'		=> array('lang' => 'POSTS_PER_PAGE',		'validate' => 'int:1',	'type' => 'text:3:4', 'explain' => false),
-						'hot_threshold'			=> array('lang' => 'HOT_THRESHOLD',			'validate' => 'int',	'type' => 'text:3:4', 'explain' => true),
+						'hot_threshold'			=> array('lang' => 'HOT_THRESHOLD',			'validate' => 'int:0',	'type' => 'text:3:4', 'explain' => true),
-						'max_poll_options'		=> array('lang' => 'MAX_POLL_OPTIONS',		'validate' => 'int',	'type' => 'text:4:4', 'explain' => false),
+						'max_poll_options'		=> array('lang' => 'MAX_POLL_OPTIONS',		'validate' => 'int:0',	'type' => 'text:4:4', 'explain' => false),
-						'max_post_chars'		=> array('lang' => 'CHAR_LIMIT',			'validate' => 'int',	'type' => 'text:4:6', 'explain' => true),
+						'max_post_chars'		=> array('lang' => 'CHAR_LIMIT',			'validate' => 'int:0',	'type' => 'text:4:6', 'explain' => true),
-						'max_post_smilies'		=> array('lang' => 'SMILIES_LIMIT',			'validate' => 'int',	'type' => 'text:4:4', 'explain' => true),
+						'max_post_smilies'		=> array('lang' => 'SMILIES_LIMIT',			'validate' => 'int:0',	'type' => 'text:4:4', 'explain' => true),
-						'max_post_urls'			=> array('lang' => 'MAX_POST_URLS',			'validate' => 'int',	'type' => 'text:5:4', 'explain' => true),
+						'max_post_urls'			=> array('lang' => 'MAX_POST_URLS',			'validate' => 'int:0',	'type' => 'text:5:4', 'explain' => true),
-						'max_post_font_size'	=> array('lang' => 'MAX_POST_FONT_SIZE',	'validate' => 'int',	'type' => 'text:5:4', 'explain' => true, 'append' => ' %'),
+						'max_post_font_size'	=> array('lang' => 'MAX_POST_FONT_SIZE',	'validate' => 'int:0',	'type' => 'text:5:4', 'explain' => true, 'append' => ' %'),
-						'max_quote_depth'		=> array('lang' => 'QUOTE_DEPTH_LIMIT',		'validate' => 'int',	'type' => 'text:4:4', 'explain' => true),
+						'max_quote_depth'		=> array('lang' => 'QUOTE_DEPTH_LIMIT',		'validate' => 'int:0',	'type' => 'text:4:4', 'explain' => true),
-						'max_post_img_width'	=> array('lang' => 'MAX_POST_IMG_WIDTH',	'validate' => 'int',	'type' => 'text:5:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
+						'max_post_img_width'	=> array('lang' => 'MAX_POST_IMG_WIDTH',	'validate' => 'int:0',	'type' => 'text:5:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
-						'max_post_img_height'	=> array('lang' => 'MAX_POST_IMG_HEIGHT',	'validate' => 'int',	'type' => 'text:5:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
+						'max_post_img_height'	=> array('lang' => 'MAX_POST_IMG_HEIGHT',	'validate' => 'int:0',	'type' => 'text:5:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
 					)
 				);
 			break;
@@ -192,12 +192,12 @@ class acp_board
 						'allow_sig_links'		=> array('lang' => 'ALLOW_SIG_LINKS',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 
 						'legend2'				=> 'GENERAL_SETTINGS',
-						'max_sig_chars'			=> array('lang' => 'MAX_SIG_LENGTH',		'validate' => 'int',	'type' => 'text:5:4', 'explain' => true),
+						'max_sig_chars'			=> array('lang' => 'MAX_SIG_LENGTH',		'validate' => 'int:0',	'type' => 'text:5:4', 'explain' => true),
-						'max_sig_urls'			=> array('lang' => 'MAX_SIG_URLS',			'validate' => 'int',	'type' => 'text:5:4', 'explain' => true),
+						'max_sig_urls'			=> array('lang' => 'MAX_SIG_URLS',			'validate' => 'int:0',	'type' => 'text:5:4', 'explain' => true),
-						'max_sig_font_size'		=> array('lang' => 'MAX_SIG_FONT_SIZE',		'validate' => 'int',	'type' => 'text:5:4', 'explain' => true, 'append' => ' %'),
+						'max_sig_font_size'		=> array('lang' => 'MAX_SIG_FONT_SIZE',		'validate' => 'int:0',	'type' => 'text:5:4', 'explain' => true, 'append' => ' %'),
-						'max_sig_smilies'		=> array('lang' => 'MAX_SIG_SMILIES',		'validate' => 'int',	'type' => 'text:5:4', 'explain' => true),
+						'max_sig_smilies'		=> array('lang' => 'MAX_SIG_SMILIES',		'validate' => 'int:0',	'type' => 'text:5:4', 'explain' => true),
-						'max_sig_img_width'		=> array('lang' => 'MAX_SIG_IMG_WIDTH',		'validate' => 'int',	'type' => 'text:5:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
+						'max_sig_img_width'		=> array('lang' => 'MAX_SIG_IMG_WIDTH',		'validate' => 'int:0',	'type' => 'text:5:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
-						'max_sig_img_height'	=> array('lang' => 'MAX_SIG_IMG_HEIGHT',	'validate' => 'int',	'type' => 'text:5:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
+						'max_sig_img_height'	=> array('lang' => 'MAX_SIG_IMG_HEIGHT',	'validate' => 'int:0',	'type' => 'text:5:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
 					)
 				);
 			break;
@@ -207,24 +207,22 @@ class acp_board
 					'title'	=> 'ACP_REGISTER_SETTINGS',
 					'vars'	=> array(
 						'legend1'				=> 'GENERAL_SETTINGS',
-						'max_name_chars'		=> false,
+						'max_name_chars'		=> array('lang' => 'USERNAME_LENGTH', 'validate' => 'int:8:180', 'type' => false, 'method' => false, 'explain' => false,),
-						'max_pass_chars'		=> false,
+						'max_pass_chars'		=> array('lang' => 'PASSWORD_LENGTH', 'validate' => 'int:8:255', 'type' => false, 'method' => false, 'explain' => false,),
 
 						'require_activation'	=> array('lang' => 'ACC_ACTIVATION',	'validate' => 'int',	'type' => 'custom', 'method' => 'select_acc_activation', 'explain' => true),
-						'min_name_chars'		=> array('lang' => 'USERNAME_LENGTH',	'validate' => 'int',	'type' => 'custom', 'method' => 'username_length', 'explain' => true),
+						'min_name_chars'		=> array('lang' => 'USERNAME_LENGTH',	'validate' => 'int:1',	'type' => 'custom:5:180', 'method' => 'username_length', 'explain' => true),
-						'min_pass_chars'		=> array('lang' => 'PASSWORD_LENGTH',	'validate' => 'int',	'type' => 'custom', 'method' => 'password_length', 'explain' => true),
+						'min_pass_chars'		=> array('lang' => 'PASSWORD_LENGTH',	'validate' => 'int:1',	'type' => 'custom', 'method' => 'password_length', 'explain' => true),
 						'allow_name_chars'		=> array('lang' => 'USERNAME_CHARS',	'validate' => 'string',	'type' => 'select', 'method' => 'select_username_chars', 'explain' => true),
 						'pass_complex'			=> array('lang' => 'PASSWORD_TYPE',		'validate' => 'string',	'type' => 'select', 'method' => 'select_password_chars', 'explain' => true),
-						'chg_passforce'			=> array('lang' => 'FORCE_PASS_CHANGE',	'validate' => 'int',	'type' => 'text:3:3', 'explain' => true, 'append' => ' ' . $user->lang['DAYS']),
+						'chg_passforce'			=> array('lang' => 'FORCE_PASS_CHANGE',	'validate' => 'int:0',	'type' => 'text:3:3', 'explain' => true, 'append' => ' ' . $user->lang['DAYS']),
 
 						'legend2'				=> 'GENERAL_OPTIONS',
 						'allow_namechange'		=> array('lang' => 'ALLOW_NAME_CHANGE',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
 						'allow_emailreuse'		=> array('lang' => 'ALLOW_EMAIL_REUSE',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'enable_confirm'		=> array('lang' => 'VISUAL_CONFIRM_REG',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
-						'max_login_attempts'	=> array('lang' => 'MAX_LOGIN_ATTEMPTS',	'validate' => 'int',	'type' => 'text:3:3', 'explain' => true),
+						'max_login_attempts'	=> array('lang' => 'MAX_LOGIN_ATTEMPTS',	'validate' => 'int:0',	'type' => 'text:3:3', 'explain' => true),
-						'max_reg_attempts'		=> array('lang' => 'REG_LIMIT',				'validate' => 'int',	'type' => 'text:4:4', 'explain' => true),
+						'max_reg_attempts'		=> array('lang' => 'REG_LIMIT',				'validate' => 'int:0',	'type' => 'text:4:4', 'explain' => true),
-						'min_time_reg'			=> array('lang' => 'MIN_TIME_REG',			'validate' => 'int',	'type' => 'text:3:3', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
-						'min_time_terms'		=> array('lang' => 'MIN_TIME_TERMS',		'validate' => 'int',	'type' => 'text:3:3', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
 
 						'legend3'			=> 'COPPA',
 						'coppa_enable'		=> array('lang' => 'ENABLE_COPPA',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
@@ -253,9 +251,9 @@ class acp_board
 					'vars'	=> array(
 						'legend1'			=> 'GENERAL_SETTINGS',
 						'limit_load'		=> array('lang' => 'LIMIT_LOAD',		'validate' => 'string',	'type' => 'text:4:4', 'explain' => true),
-						'session_length'	=> array('lang' => 'SESSION_LENGTH',	'validate' => 'int',	'type' => 'text:5:10', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
+						'session_length'	=> array('lang' => 'SESSION_LENGTH',	'validate' => 'int:60',	'type' => 'text:5:10', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
-						'active_sessions'	=> array('lang' => 'LIMIT_SESSIONS',	'validate' => 'int',	'type' => 'text:4:4', 'explain' => true),
+						'active_sessions'	=> array('lang' => 'LIMIT_SESSIONS',	'validate' => 'int:0',	'type' => 'text:4:4', 'explain' => true),
-						'load_online_time'	=> array('lang' => 'ONLINE_LENGTH',		'validate' => 'int',	'type' => 'text:4:3', 'explain' => true, 'append' => ' ' . $user->lang['MINUTES']),
+						'load_online_time'	=> array('lang' => 'ONLINE_LENGTH',		'validate' => 'int:0',	'type' => 'text:4:3', 'explain' => true, 'append' => ' ' . $user->lang['MINUTES']),
 
 						'legend2'				=> 'GENERAL_OPTIONS',
 						'load_db_track'			=> array('lang' => 'YES_POST_MARKING',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
@@ -305,7 +303,7 @@ class acp_board
 						'force_server_vars'		=> array('lang' => 'FORCE_SERVER_VARS',	'validate' => 'bool',			'type' => 'radio:yes_no', 'explain' => true),
 						'server_protocol'		=> array('lang' => 'SERVER_PROTOCOL',	'validate' => 'string',			'type' => 'text:10:10', 'explain' => true),
 						'server_name'			=> array('lang' => 'SERVER_NAME',		'validate' => 'string',			'type' => 'text:40:255', 'explain' => true),
-						'server_port'			=> array('lang' => 'SERVER_PORT',		'validate' => 'int',			'type' => 'text:5:5', 'explain' => true),
+						'server_port'			=> array('lang' => 'SERVER_PORT',		'validate' => 'int:0',			'type' => 'text:5:5', 'explain' => true),
 						'script_path'			=> array('lang' => 'SCRIPT_PATH',		'validate' => 'script_path',	'type' => 'text::255', 'explain' => true),
 					)
 				);
@@ -317,18 +315,17 @@ class acp_board
 					'vars'	=> array(
 						'legend1'				=> 'ACP_SECURITY_SETTINGS',
 						'allow_autologin'		=> array('lang' => 'ALLOW_AUTOLOGIN',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
-						'max_autologin_time'	=> array('lang' => 'AUTOLOGIN_LENGTH',		'validate' => 'int',	'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['DAYS']),
+						'max_autologin_time'	=> array('lang' => 'AUTOLOGIN_LENGTH',		'validate' => 'int:0',	'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['DAYS']),
 						'ip_check'				=> array('lang' => 'IP_VALID',				'validate' => 'int',	'type' => 'custom', 'method' => 'select_ip_check', 'explain' => true),
 						'browser_check'			=> array('lang' => 'BROWSER_VALID',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'forwarded_for_check'	=> array('lang' => 'FORWARDED_FOR_VALID',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'check_dnsbl'			=> array('lang' => 'CHECK_DNSBL',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'email_check_mx'		=> array('lang' => 'EMAIL_CHECK_MX',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'pass_complex'			=> array('lang' => 'PASSWORD_TYPE',			'validate' => 'string',	'type' => 'select', 'method' => 'select_password_chars', 'explain' => true),
-						'chg_passforce'			=> array('lang' => 'FORCE_PASS_CHANGE',		'validate' => 'int',	'type' => 'text:3:3', 'explain' => true, 'append' => ' ' . $user->lang['DAYS']),
+						'chg_passforce'			=> array('lang' => 'FORCE_PASS_CHANGE',		'validate' => 'int:0',	'type' => 'text:3:3', 'explain' => true, 'append' => ' ' . $user->lang['DAYS']),
-						'max_login_attempts'	=> array('lang' => 'MAX_LOGIN_ATTEMPTS',	'validate' => 'int',	'type' => 'text:3:3', 'explain' => true),
+						'max_login_attempts'	=> array('lang' => 'MAX_LOGIN_ATTEMPTS',	'validate' => 'int:0',	'type' => 'text:3:3', 'explain' => true),
 						'tpl_allow_php'			=> array('lang' => 'TPL_ALLOW_PHP',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
-						'form_token_lifetime'	=> array('lang' => 'FORM_TIME_MAX',			'validate' => 'int',	'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
+						'form_token_lifetime'	=> array('lang' => 'FORM_TIME_MAX',			'validate' => 'int:-1',	'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
-						'form_token_mintime'	=> array('lang' => 'FORM_TIME_MIN',			'validate' => 'int',	'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
 						'form_token_sid_guests'	=> array('lang' => 'FORM_SID_GUESTS',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 
 					)
@@ -343,7 +340,7 @@ class acp_board
 						'email_enable'			=> array('lang' => 'ENABLE_EMAIL',			'validate' => 'bool',	'type' => 'radio:enabled_disabled', 'explain' => true),
 						'board_email_form'		=> array('lang' => 'BOARD_EMAIL_FORM',		'validate' => 'bool',	'type' => 'radio:enabled_disabled', 'explain' => true),
 						'email_function_name'	=> array('lang' => 'EMAIL_FUNCTION_NAME',	'validate' => 'string',	'type' => 'text:20:50', 'explain' => true),
-						'email_package_size'	=> array('lang' => 'EMAIL_PACKAGE_SIZE',	'validate' => 'int',	'type' => 'text:5:5', 'explain' => true),
+						'email_package_size'	=> array('lang' => 'EMAIL_PACKAGE_SIZE',	'validate' => 'int:0',	'type' => 'text:5:5', 'explain' => true),
 						'board_contact'			=> array('lang' => 'CONTACT_EMAIL',			'validate' => 'string',	'type' => 'text:25:100', 'explain' => true),
 						'board_email'			=> array('lang' => 'ADMIN_EMAIL',			'validate' => 'string',	'type' => 'text:25:100', 'explain' => true),
 						'board_email_sig'		=> array('lang' => 'EMAIL_SIG',				'validate' => 'string',	'type' => 'textarea:5:30', 'explain' => true),
@@ -352,7 +349,7 @@ class acp_board
 						'legend2'				=> 'SMTP_SETTINGS',
 						'smtp_delivery'			=> array('lang' => 'USE_SMTP',				'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'smtp_host'				=> array('lang' => 'SMTP_SERVER',			'validate' => 'string',	'type' => 'text:25:50', 'explain' => false),
-						'smtp_port'				=> array('lang' => 'SMTP_PORT',				'validate' => 'int',	'type' => 'text:4:5', 'explain' => true),
+						'smtp_port'				=> array('lang' => 'SMTP_PORT',				'validate' => 'int:0',	'type' => 'text:4:5', 'explain' => true),
 						'smtp_auth_method'		=> array('lang' => 'SMTP_AUTH_METHOD',		'validate' => 'string',	'type' => 'select', 'method' => 'mail_auth_select', 'explain' => true),
 						'smtp_username'			=> array('lang' => 'SMTP_USERNAME',			'validate' => 'string',	'type' => 'text:25:255', 'explain' => true),
 						'smtp_password'			=> array('lang' => 'SMTP_PASSWORD',			'validate' => 'string',	'type' => 'password:25:255', 'explain' => true)
@@ -556,6 +553,13 @@ class acp_board
 				$l_explain = (isset($user->lang[$vars['lang'] . '_EXPLAIN'])) ? $user->lang[$vars['lang'] . '_EXPLAIN'] : '';
 			}
 			
+			$content = build_cfg_template($type, $config_key, $this->new_config, $config_key, $vars);
+			
+			if (empty($content))
+			{
+				continue;
+			}
+			
 			$template->assign_block_vars('options', array(
 				'KEY'			=> $config_key,
 				'TITLE'			=> (isset($user->lang[$vars['lang']])) ? $user->lang[$vars['lang']] : $vars['lang'],
@@ -795,7 +799,7 @@ class acp_board
 		}
 
 		$dateformat_options .= '<option value="custom"';
-		if (!in_array($value, array_keys($user->lang['dateformats'])))
+		if (!isset($user->lang['dateformats'][$value]))
 		{
 			$dateformat_options .= ' selected="selected"';
 		}

phpBB/includes/acp/acp_forums.php

@@ -132,6 +132,7 @@ class acp_forums
 						'forum_rules_link'		=> request_var('forum_rules_link', ''),
 						'forum_image'			=> request_var('forum_image', ''),
 						'forum_style'			=> request_var('forum_style', 0),
+						'display_subforum_list'	=> request_var('display_subforum_list', false),
 						'display_on_index'		=> request_var('display_on_index', false),
 						'forum_topics_per_page'	=> request_var('topics_per_page', 0),
 						'enable_indexing'		=> request_var('enable_indexing', true),
@@ -471,6 +472,7 @@ class acp_forums
 							'forum_rules_link'		=> '',
 							'forum_image'			=> '',
 							'forum_style'			=> 0,
+							'display_subforum_list'	=> true,
 							'display_on_index'		=> false,
 							'forum_topics_per_page'	=> 0,
 							'enable_indexing'		=> true,
@@ -670,6 +672,7 @@ class acp_forums
 					'S_FORUM_CAT'				=> ($forum_data['forum_type'] == FORUM_CAT) ? true : false,
 					'S_ENABLE_INDEXING'			=> ($forum_data['enable_indexing']) ? true : false,
 					'S_TOPIC_ICONS'				=> ($forum_data['enable_icons']) ? true : false,
+					'S_DISPLAY_SUBFORUM_LIST'	=> ($forum_data['display_subforum_list']) ? true : false,
 					'S_DISPLAY_ON_INDEX'		=> ($forum_data['display_on_index']) ? true : false,
 					'S_PRUNE_ENABLE'			=> ($forum_data['enable_prune']) ? true : false,
 					'S_FORUM_LINK_TRACK'		=> ($forum_data['forum_flags'] & FORUM_FLAG_LINK_TRACK) ? true : false,
@@ -916,6 +919,13 @@ class acp_forums
 			$errors[] = $user->lang['FORUM_DATA_NEGATIVE'];
 		}
 		
+		$range_test_ary = array(
+			array('lang' => 'FORUM_TOPICS_PAGE', 'value' => $forum_data['forum_topics_per_page'], 'column_type' => 'TINT:0'),
+		);
+		validate_range($range_test_ary, $errors);
+
+
+
 		// Set forum flags
 		// 1 = link tracking
 		// 2 = prune old polls

phpBB/includes/acp/acp_icons.php

@@ -337,11 +337,16 @@ class acp_icons
 				}
 
 				$icons_updated = 0;
+				$errors = array();
 				foreach ($images as $image)
 				{
-					if (($mode == 'smilies' && ($image_emotion[$image] == '' || $image_code[$image] == '')) ||
+					if ($mode == 'smilies' && ($image_emotion[$image] == '' || $image_code[$image] == ''))
-						($action == 'create' && !isset($image_add[$image])))
 					{
+						$errors[$image] = 'SMILIE_NO_' . (($image_emotion[$image] == '') ? 'EMOTION' : 'CODE');
+					}
+					else if ($action == 'create' && !isset($image_add[$image]))
+					{
+						// skip images where add wasn't checked
 					}
 					else
 					{
@@ -431,13 +436,18 @@ class acp_icons
 					default:
 						$suc_lang = $lang;
 				}
+				$errormsgs = '<br />';
+				foreach ($errors as $img => $error)
+				{
+					$errormsgs .= '<br />' . sprintf($user->lang[$error], $img);
+				}
 				if ($action == 'modify')
 				{
-					trigger_error($user->lang[$suc_lang . '_EDITED'] . adm_back_link($this->u_action), $level);
+					trigger_error($user->lang[$suc_lang . '_EDITED'] . $errormsgs . adm_back_link($this->u_action), $level);
 				}
 				else
 				{
-					trigger_error($user->lang[$suc_lang . '_ADDED'] . adm_back_link($this->u_action), $level);
+					trigger_error($user->lang[$suc_lang . '_ADDED'] . $errormsgs .adm_back_link($this->u_action), $level);
 				}
 
 			break;
@@ -462,7 +472,7 @@ class acp_icons
 						if (preg_match_all("#'(.*?)', ?#", $pak_entry, $data))
 						{
 							if ((sizeof($data[1]) != 4 && $mode == 'icons') ||
-								(sizeof($data[1]) != 6 && $mode == 'smilies'))
+								((sizeof($data[1]) != 6 || (empty($data[1][4]) || empty($data[1][5]))) && $mode == 'smilies' ))
 							{
 								trigger_error($user->lang['WRONG_PAK_TYPE'] . adm_back_link($this->u_action), E_USER_WARNING);
 							}

phpBB/includes/acp/acp_main.php

@@ -310,7 +310,7 @@ class acp_main
 		$users_per_day = sprintf('%.2f', $total_users / $boarddays);
 		$files_per_day = sprintf('%.2f', $total_files / $boarddays);
 
-		$upload_dir_size = ($config['upload_dir_size'] >= 1048576) ? sprintf('%.2f ' . $user->lang['MB'], ($config['upload_dir_size'] / 1048576)) : (($config['upload_dir_size'] >= 1024) ? sprintf('%.2f ' . $user->lang['KB'], ($config['upload_dir_size'] / 1024)) : sprintf('%.2f ' . $user->lang['BYTES'], $config['upload_dir_size']));
+		$upload_dir_size = get_formatted_filesize($config['upload_dir_size']);
 	
 		$avatar_dir_size = 0;
 
@@ -325,10 +325,7 @@ class acp_main
 			}
 			closedir($avatar_dir);
 
-			// This bit of code translates the avatar directory size into human readable format
+			$avatar_dir_size = get_formatted_filesize($avatar_dir_size);
-			// Borrowed the code from the PHP.net annoted manual, origanally written by:
-			// Jesse (jesse@jess.on.ca)
-			$avatar_dir_size = ($avatar_dir_size >= 1048576) ? sprintf('%.2f ' . $user->lang['MB'], ($avatar_dir_size / 1048576)) : (($avatar_dir_size >= 1024) ? sprintf('%.2f ' . $user->lang['KB'], ($avatar_dir_size / 1024)) : sprintf('%.2f ' . $user->lang['BYTES'], $avatar_dir_size));
 		}
 		else
 		{
@@ -392,7 +389,7 @@ class acp_main
 			'DATABASE_INFO'		=> $db->sql_server_info(),
 			'BOARD_VERSION'		=> $config['version'],
 
-			'U_ACTION'			=> append_sid("{$phpbb_admin_path}index.$phpEx"),
+			'U_ACTION'			=> $this->u_action,
 			'U_ADMIN_LOG'		=> append_sid("{$phpbb_admin_path}index.$phpEx", 'i=logs&mode=admin'),
 			'U_INACTIVE_USERS'	=> append_sid("{$phpbb_admin_path}index.$phpEx", 'i=inactive&mode=list'),
 

phpBB/includes/acp/acp_permissions.php

@@ -48,7 +48,7 @@ class acp_permissions
 
 			$this->tpl_name = 'permission_trace';
 
-			if ($user_id && isset($auth_admin->option_ids[$permission]) && $auth->acl_get('a_viewauth'))
+			if ($user_id && isset($auth_admin->acl_options['id'][$permission]) && $auth->acl_get('a_viewauth'))
 			{
 				$this->page_title = sprintf($user->lang['TRACE_PERMISSION'], $user->lang['acl_' . $permission]['lang']);
 				$this->permission_trace($user_id, $forum_id, $permission);
@@ -124,7 +124,7 @@ class acp_permissions
 			$forum_id = array();
 			while ($row = $db->sql_fetchrow($result))
 			{
-				$forum_id[] = $row['forum_id'];
+				$forum_id[] = (int) $row['forum_id'];
 			}
 			$db->sql_freeresult($result);
 		}
@@ -133,7 +133,7 @@ class acp_permissions
 			$forum_id = array();
 			foreach (get_forum_branch($subforum_id, 'children') as $row)
 			{
-				$forum_id[] = $row['forum_id'];
+				$forum_id[] = (int) $row['forum_id'];
 			}
 		}
 
@@ -598,7 +598,7 @@ class acp_permissions
 			$ids = array();
 			while ($row = $db->sql_fetchrow($result))
 			{
-				$ids[] = $row[$sql_id];
+				$ids[] = (int) $row[$sql_id];
 			}
 			$db->sql_freeresult($result);
 		}
@@ -1117,31 +1117,51 @@ class acp_permissions
 		global $db, $user;
 
 		$sql_forum_id = ($permission_scope == 'global') ? 'AND a.forum_id = 0' : ((sizeof($forum_id)) ? 'AND ' . $db->sql_in_set('a.forum_id', $forum_id) : 'AND a.forum_id <> 0');
-		$sql_permission_option = ' AND o.auth_option ' . $db->sql_like_expression($permission_type . $db->any_char);
 
-		$sql = $db->sql_build_query('SELECT_DISTINCT', array(
+		// Permission options are only able to be a permission set... therefore we will pre-fetch the possible options and also the possible roles
-			'SELECT'	=> 'u.username, u.username_clean, u.user_regdate, u.user_id',
+		$option_ids = $role_ids = array();
 
-			'FROM'		=> array(
+		$sql = 'SELECT auth_option_id
-				USERS_TABLE			=> 'u',
+			FROM ' . ACL_OPTIONS_TABLE . '
-				ACL_OPTIONS_TABLE	=> 'o',
+			WHERE auth_option ' . $db->sql_like_expression($permission_type . $db->any_char);
-				ACL_USERS_TABLE		=> 'a'
+		$result = $db->sql_query($sql);
-			),
 
-			'LEFT_JOIN'	=> array(
+		while ($row = $db->sql_fetchrow($result))
-				array(
+		{
-					'FROM'	=> array(ACL_ROLES_DATA_TABLE => 'r'),
+			$option_ids[] = (int) $row['auth_option_id'];
-					'ON'	=> 'a.auth_role_id = r.role_id'
+		}
-				)
+		$db->sql_freeresult($result);
-			),
 
-			'WHERE'		=> "(a.auth_option_id = o.auth_option_id OR r.auth_option_id = o.auth_option_id)
+		if (sizeof($option_ids))
-				$sql_permission_option
+		{
+			$sql = 'SELECT DISTINCT role_id
+				FROM ' . ACL_ROLES_DATA_TABLE . '
+				WHERE ' . $db->sql_in_set('auth_option_id', $option_ids);
+			$result = $db->sql_query($sql);
+
+			while ($row = $db->sql_fetchrow($result))
+			{
+				$role_ids[] = (int) $row['role_id'];
+			}
+			$db->sql_freeresult($result);
+		}
+
+		if (sizeof($option_ids) && sizeof($role_ids))
+		{
+			$sql_where = 'AND (' . $db->sql_in_set('a.auth_option_id', $option_ids) . ' OR ' . $db->sql_in_set('a.auth_role_id', $role_ids) . ')';
+		}
+		else
+		{
+			$sql_where = 'AND ' . $db->sql_in_set('a.auth_option_id', $option_ids);
+		}
+
+		// Not ideal, due to the filesort, non-use of indexes, etc.
+		$sql = 'SELECT DISTINCT u.user_id, u.username
+			FROM ' . USERS_TABLE . ' u, ' . ACL_USERS_TABLE . " a
+			WHERE u.user_id = a.user_id
 				$sql_forum_id
-				AND u.user_id = a.user_id",
+				$sql_where
-
+			ORDER BY u.username_clean, u.user_regdate ASC";
-			'ORDER_BY'	=> 'u.username_clean, u.user_regdate ASC'
-		));
 		$result = $db->sql_query($sql);
 
 		$s_defined_user_options = '';
@@ -1153,29 +1173,12 @@ class acp_permissions
 		}
 		$db->sql_freeresult($result);
 
-		$sql = $db->sql_build_query('SELECT_DISTINCT', array(
+		$sql = 'SELECT DISTINCT g.group_type, g.group_name, g.group_id
-			'SELECT'	=> 'g.group_type, g.group_name, g.group_id',
+			FROM ' . GROUPS_TABLE . ' g, ' . ACL_GROUPS_TABLE . " a
-
+			WHERE g.group_id = a.group_id
-			'FROM'		=> array(
-				GROUPS_TABLE		=> 'g',
-				ACL_OPTIONS_TABLE	=> 'o',
-				ACL_GROUPS_TABLE	=> 'a'
-			),
-
-			'LEFT_JOIN'	=> array(
-				array(
-					'FROM'	=> array(ACL_ROLES_DATA_TABLE => 'r'),
-					'ON'	=> 'a.auth_role_id = r.role_id'
-				)
-			),
-
-			'WHERE'		=> "(a.auth_option_id = o.auth_option_id OR r.auth_option_id = o.auth_option_id)
-				$sql_permission_option
 				$sql_forum_id
-				AND g.group_id = a.group_id",
+				$sql_where
-
+			ORDER BY g.group_type DESC, g.group_name ASC";
-			'ORDER_BY'	=> 'g.group_type DESC, g.group_name ASC'
-		));
 		$result = $db->sql_query($sql);
 
 		$s_defined_group_options = '';

phpBB/includes/acp/acp_prune.php

@@ -405,7 +405,15 @@ class acp_prune
 			$where_sql .= ($email) ? ' AND user_email ' . $db->sql_like_expression(str_replace('*', $db->any_char, $email)) . ' ' : '';
 			$where_sql .= (sizeof($joined)) ? " AND user_regdate " . $key_match[$joined_select] . ' ' . gmmktime(0, 0, 0, (int) $joined[1], (int) $joined[2], (int) $joined[0]) : '';
 			$where_sql .= ($count !== '') ? " AND user_posts " . $key_match[$count_select] . ' ' . (int) $count . ' ' : '';
-			$where_sql .= (sizeof($active)) ? " AND user_lastvisit " . $key_match[$active_select] . " " . gmmktime(0, 0, 0, (int) $active[1], (int) $active[2], (int) $active[0]) : '';
+
+			if (sizeof($active) && $active_select != 'lt')
+			{
+				$where_sql .= ' AND user_lastvisit ' . $key_match[$active_select] . ' ' . gmmktime(0, 0, 0, (int) $active[1], (int) $active[2], (int) $active[0]);
+			}
+			else if (sizeof($active))
+			{
+				$where_sql .= ' AND (user_lastvisit > 0 AND user_lastvisit < ' . gmmktime(0, 0, 0, (int) $active[1], (int) $active[2], (int) $active[0]) . ')';
+			}
 		}
 
 		// Protect the admin, do not prune if no options are given...

phpBB/includes/acp/acp_search.php

@@ -183,6 +183,26 @@ class acp_search
 				}
 			}
 
+			$search = null;
+			$error = false;
+			if (!$this->init_search($config['search_type'], $search, $error))
+			{
+				if ($updated)
+				{
+					if (method_exists($search, 'config_updated'))
+					{
+						if ($search->config_updated())
+						{
+							trigger_error($error . adm_back_link($this->u_action), E_USER_WARNING);
+						}
+					}
+				}
+			}
+			else
+			{
+				trigger_error($error . adm_back_link($this->u_action), E_USER_WARNING);
+			}
+
 			trigger_error($user->lang['CONFIG_UPDATED'] . $extra_message . adm_back_link($this->u_action));
 		}
 		unset($cfg_array);
@@ -518,9 +538,9 @@ class acp_search
 	function close_popup_js()
 	{
 		return "<script type=\"text/javascript\">\n" .
-			"<!--\n" .
+			"// <![CDATA[\n" .
 			"	close_waitscreen = 1;\n" .
-			"//-->\n" .
+			"// ]]>\n" .
 			"</script>\n";
 	}
 

phpBB/includes/acp/acp_styles.php

@@ -1003,7 +1003,7 @@ parse_css_file = {PARSE_CSS_FILE}
 
 				'CACHED'		=> $user->format_date(filemtime("{$phpbb_root_path}cache/$filename")),
 				'FILENAME'		=> $file,
-				'FILESIZE'		=> sprintf('%.1f KB', filesize("{$phpbb_root_path}cache/$filename") / 1024),
+				'FILESIZE'		=> sprintf('%.1f ' . $user->lang['KIB'], filesize("{$phpbb_root_path}cache/$filename") / 1024),
 				'MODIFIED'		=> $user->format_date((!$template_row['template_storedb']) ? filemtime("{$phpbb_root_path}styles/{$template_row['template_path']}/template/$tpl_file.html") : $filemtime[$file . '.html']))
 			);
 		}

phpBB/includes/acp/acp_users.php

@@ -630,7 +630,7 @@ class acp_users
 							}
 
 							$forum_id_ary = array_unique($forum_id_ary);
-							$topic_id_ary = array_unique(array_merge($topic_id_ary, $new_topic_id_ary));
+							$topic_id_ary = array_unique(array_merge(array_keys($topic_id_ary), $new_topic_id_ary));
 
 							if (sizeof($topic_id_ary))
 							{
@@ -1063,6 +1063,8 @@ class acp_users
 				$data['bday_day']		= request_var('bday_day', $data['bday_day']);
 				$data['bday_month']		= request_var('bday_month', $data['bday_month']);
 				$data['bday_year']		= request_var('bday_year', $data['bday_year']);
+				$data['user_birthday']	= sprintf('%2d-%2d-%4d', $data['bday_day'], $data['bday_month'], $data['bday_year']);
+
 
 				if ($submit)
 				{
@@ -1085,6 +1087,7 @@ class acp_users
 						'bday_day'		=> array('num', true, 1, 31),
 						'bday_month'	=> array('num', true, 1, 12),
 						'bday_year'		=> array('num', true, 1901, gmdate('Y', time())),
+						'user_birthday'	=> array('date', true),
 					));
 
 					// validate custom profile fields
@@ -1111,7 +1114,7 @@ class acp_users
 							'user_from'		=> $data['location'],
 							'user_occ'		=> $data['occupation'],
 							'user_interests'=> $data['interests'],
-							'user_birthday'	=> sprintf('%2d-%2d-%4d', $data['bday_day'], $data['bday_month'], $data['bday_year']),
+							'user_birthday'	=> $data['user_birthday'],
 						);
 
 						$sql = 'UPDATE ' . USERS_TABLE . '
@@ -1344,7 +1347,7 @@ class acp_users
 				$s_custom = false;
 
 				$dateformat_options .= '<option value="custom"';
-				if (!in_array($data['dateformat'], array_keys($user->lang['dateformats'])))
+				if (!isset($user->lang['dateformats'][$data['dateformat']]))
 				{
 					$dateformat_options .= ' selected="selected"';
 					$s_custom = true;
@@ -1744,7 +1747,7 @@ class acp_users
 						'REAL_FILENAME'		=> $row['real_filename'],
 						'COMMENT'			=> nl2br($row['attach_comment']),
 						'EXTENSION'			=> $row['extension'],
-						'SIZE'				=> ($row['filesize'] >= 1048576) ? ($row['filesize'] >> 20) . ' ' . $user->lang['MB'] : (($row['filesize'] >= 1024) ? ($row['filesize'] >> 10) . ' ' . $user->lang['KB'] : $row['filesize'] . ' ' . $user->lang['BYTES']),
+						'SIZE'				=> get_formatted_filesize($row['filesize']),
 						'DOWNLOAD_COUNT'	=> $row['download_count'],
 						'POST_TIME'			=> $user->format_date($row['filetime']),
 						'TOPIC_TITLE'		=> ($row['in_message']) ? $row['message_title'] : $row['topic_title'],

phpBB/includes/acp/auth.php

@@ -22,8 +22,6 @@ if (!defined('IN_PHPBB'))
 */
 class auth_admin extends auth
 {
-	var $option_ids = array();
-
 	/**
 	* Init auth settings
 	*/
@@ -33,7 +31,7 @@ class auth_admin extends auth
 
 		if (($this->acl_options = $cache->get('_acl_options')) === false)
 		{
-			$sql = 'SELECT auth_option, is_global, is_local
+			$sql = 'SELECT auth_option_id, auth_option, is_global, is_local
 				FROM ' . ACL_OPTIONS_TABLE . '
 				ORDER BY auth_option_id';
 			$result = $db->sql_query($sql);
@@ -51,25 +49,14 @@ class auth_admin extends auth
 				{
 					$this->acl_options['local'][$row['auth_option']] = $local++;
 				}
+
+				$this->acl_options['id'][$row['auth_option']] = (int) $row['auth_option_id'];
+				$this->acl_options['option'][(int) $row['auth_option_id']] = $row['auth_option'];
 			}
 			$db->sql_freeresult($result);
 
 			$cache->put('_acl_options', $this->acl_options);
 		}
-
-		if (!sizeof($this->option_ids))
-		{
-			$sql = 'SELECT auth_option_id, auth_option
-				FROM ' . ACL_OPTIONS_TABLE;
-			$result = $db->sql_query($sql);
-
-			$this->option_ids = array();
-			while ($row = $db->sql_fetchrow($result))
-			{
-				$this->option_ids[$row['auth_option']] = $row['auth_option_id'];
-			}
-			$db->sql_freeresult($result);
-		}
 	}
 	
 	/**
@@ -126,7 +113,7 @@ class auth_admin extends auth
 
 			while ($row = $db->sql_fetchrow($result))
 			{
-				$forum_ids[] = $row['forum_id'];
+				$forum_ids[] = (int) $row['forum_id'];
 			}
 			$db->sql_freeresult($result);
 		}
@@ -778,6 +765,10 @@ class auth_admin extends auth
 		$cache->destroy('_acl_options');
 		$this->acl_clear_prefetch();
 
+		// Because we just changed the options and also purged the options cache, we instantly update/regenerate it for later calls to succeed.
+		$this->acl_options = array();
+		$this->auth_admin();
+
 		return true;
 	}
 
@@ -813,7 +804,7 @@ class auth_admin extends auth
 		$flag = substr($flag, 0, strpos($flag, '_') + 1);
 		
 		// This ID (the any-flag) is set if one or more permissions are true...
-		$any_option_id = (int) $this->option_ids[$flag];
+		$any_option_id = (int) $this->acl_options['id'][$flag];
 
 		// Remove any-flag from auth ary
 		if (isset($auth[$flag]))
@@ -825,7 +816,7 @@ class auth_admin extends auth
 		$auth_option_ids = array((int)$any_option_id);
 		foreach ($auth as $auth_option => $auth_setting)
 		{
-			$auth_option_ids[] = (int) $this->option_ids[$auth_option];
+			$auth_option_ids[] = (int) $this->acl_options['id'][$auth_option];
 		}
 
 		$sql = "DELETE FROM $table
@@ -888,7 +879,7 @@ class auth_admin extends auth
 			{
 				foreach ($auth as $auth_option => $setting)
 				{
-					$auth_option_id = (int) $this->option_ids[$auth_option];
+					$auth_option_id = (int) $this->acl_options['id'][$auth_option];
 
 					if ($setting != ACL_NO)
 					{
@@ -944,7 +935,7 @@ class auth_admin extends auth
 		$sql_ary = array();
 		foreach ($auth as $auth_option => $setting)
 		{
-			$auth_option_id = (int) $this->option_ids[$auth_option];
+			$auth_option_id = (int) $this->acl_options['id'][$auth_option];
 
 			if ($setting != ACL_NO)
 			{
@@ -961,7 +952,7 @@ class auth_admin extends auth
 		{
 			$sql_ary[] = array(
 				'role_id'			=> (int) $role_id,
-				'auth_option_id'	=> (int) $this->option_ids[$flag],
+				'auth_option_id'	=> (int) $this->acl_options['id'][$flag],
 				'auth_setting'		=> ACL_NEVER
 			);
 		}
@@ -1238,12 +1229,7 @@ class auth_admin extends auth
 			return false;
 		}
 
-		$hold_ary = $this->acl_raw_data($from_user_id, false, false);
+		$hold_ary = $this->acl_raw_data_single_user($from_user_id);
-
-		if (isset($hold_ary[$from_user_id]))
-		{
-			$hold_ary = $hold_ary[$from_user_id];
-		}
 
 		// Key 0 in $hold_ary are global options, all others are forum_ids
 
@@ -1252,12 +1238,12 @@ class auth_admin extends auth
 		{
 			if (strpos($opt, 'a_') === 0)
 			{
-				$hold_ary[0][$opt] = ACL_NEVER;
+				$hold_ary[0][$this->acl_options['id'][$opt]] = ACL_NEVER;
 			}
 		}
 
 		// Force a_switchperm to be allowed
-		$hold_ary[0]['a_switchperm'] = ACL_YES;
+		$hold_ary[0][$this->acl_options['id']['a_switchperm']] = ACL_YES;
 
 		$user_permissions = $this->build_bitstring($hold_ary);
 

phpBB/includes/auth.php

@@ -39,7 +39,7 @@ class auth
 
 		if (($this->acl_options = $cache->get('_acl_options')) === false)
 		{
-			$sql = 'SELECT auth_option, is_global, is_local
+			$sql = 'SELECT auth_option_id, auth_option, is_global, is_local
 				FROM ' . ACL_OPTIONS_TABLE . '
 				ORDER BY auth_option_id';
 			$result = $db->sql_query($sql);
@@ -57,6 +57,9 @@ class auth
 				{
 					$this->acl_options['local'][$row['auth_option']] = $local++;
 				}
+
+				$this->acl_options['id'][$row['auth_option']] = (int) $row['auth_option_id'];
+				$this->acl_options['option'][(int) $row['auth_option_id']] = $row['auth_option'];
 			}
 			$db->sql_freeresult($result);
 
@@ -301,8 +304,15 @@ class auth
 	* Get permission listing based on user_id/options/forum_ids
 	*/
 	function acl_get_list($user_id = false, $opts = false, $forum_id = false)
+	{
+		if ($user_id !== false && !is_array($user_id) && $opts === false && $forum_id === false)
+		{
+			$hold_ary = array($user_id => $this->acl_raw_data_single_user($user_id));
+		}
+		else
 		{
 			$hold_ary = $this->acl_raw_data($user_id, $opts, $forum_id);
+		}
 
 		$auth_ary = array();
 		foreach ($hold_ary as $user_id => $forum_ary)
@@ -332,12 +342,7 @@ class auth
 		// Empty user_permissions
 		$userdata['user_permissions'] = '';
 
-		$hold_ary = $this->acl_raw_data($userdata['user_id'], false, false);
+		$hold_ary = $this->acl_raw_data_single_user($userdata['user_id']);
-
-		if (isset($hold_ary[$userdata['user_id']]))
-		{
-			$hold_ary = $hold_ary[$userdata['user_id']];
-		}
 
 		// Key 0 in $hold_ary are global options, all others are forum_ids
 
@@ -348,42 +353,11 @@ class auth
 			{
 				if (strpos($opt, 'a_') === 0)
 				{
-					$hold_ary[0][$opt] = ACL_YES;
+					$hold_ary[0][$this->acl_options['id'][$opt]] = ACL_YES;
 				}
 			}
 		}
 
-		// Sometimes, it can happen $hold_ary holding forums which do not exist.
-		// Since this function is not called that often (we are caching the data) we check for this inconsistency.
-		$sql = 'SELECT forum_id
-			FROM ' . FORUMS_TABLE . '
-			WHERE ' . $db->sql_in_set('forum_id', array_keys($hold_ary), false, true);
-		$result = $db->sql_query($sql);
-
-		$forum_ids = (isset($hold_ary[0])) ? array(0) : array();
-		while ($row = $db->sql_fetchrow($result))
-		{
-			$forum_ids[] = $row['forum_id'];
-		}
-		$db->sql_freeresult($result);
-
-		// Now determine forums which do not exist and remove the unneeded information (for modding purposes it is clearly the wrong place. ;))
-		$missing_forums = array_diff(array_keys($hold_ary), $forum_ids);
-
-		if (sizeof($missing_forums))
-		{
-			foreach ($missing_forums as $forum_id)
-			{
-				unset($hold_ary[$forum_id]);
-			}
-
-			$sql = 'DELETE FROM ' . ACL_GROUPS_TABLE . ' WHERE ' . $db->sql_in_set('forum_id', $missing_forums);
-			$db->sql_query($sql);
-
-			$sql = 'DELETE FROM ' . ACL_USERS_TABLE . ' WHERE ' . $db->sql_in_set('forum_id', $missing_forums);
-			$db->sql_query($sql);
-		}
-
 		$hold_str = $this->build_bitstring($hold_ary);
 
 		if ($hold_str)
@@ -420,15 +394,15 @@ class auth
 				$bitstring = array();
 				foreach ($this->acl_options[$ary_key] as $opt => $id)
 				{
-					if (isset($auth_ary[$opt]))
+					if (isset($auth_ary[$this->acl_options['id'][$opt]]))
 					{
-						$bitstring[$id] = $auth_ary[$opt];
+						$bitstring[$id] = $auth_ary[$this->acl_options['id'][$opt]];
 
 						$option_key = substr($opt, 0, strpos($opt, '_') + 1);
 
 						// If one option is allowed, the global permission for this option has to be allowed too
 						// example: if the user has the a_ permission this means he has one or more a_* permissions
-						if ($auth_ary[$opt] == ACL_YES && (!isset($bitstring[$this->acl_options[$ary_key][$option_key]]) || $bitstring[$this->acl_options[$ary_key][$option_key]] == ACL_NEVER))
+						if ($auth_ary[$this->acl_options['id'][$opt]] == ACL_YES && (!isset($bitstring[$this->acl_options[$ary_key][$option_key]]) || $bitstring[$this->acl_options[$ary_key][$option_key]] == ACL_NEVER))
 						{
 							$bitstring[$this->acl_options[$ary_key][$option_key]] = ACL_YES;
 						}
@@ -466,8 +440,31 @@ class auth
 	*/
 	function acl_clear_prefetch($user_id = false)
 	{
-		global $db;
+		global $db, $cache;
 
+		// Rebuild options cache
+		$cache->destroy('_role_cache');
+
+		$sql = 'SELECT *
+			FROM ' . ACL_ROLES_DATA_TABLE . '
+			ORDER BY role_id ASC';
+		$result = $db->sql_query($sql);
+
+		$this->role_cache = array();
+		while ($row = $db->sql_fetchrow($result))
+		{
+			$this->role_cache[$row['role_id']][$row['auth_option_id']] = (int) $row['auth_setting'];
+		}
+		$db->sql_freeresult($result);
+
+		foreach ($this->role_cache as $role_id => $role_options)
+		{
+			$this->role_cache[$role_id] = serialize($role_options);
+		}
+
+		$cache->put('_role_cache', $this->role_cache);
+
+		// Now empty user permissions
 		$where_sql = '';
 
 		if ($user_id !== false)
@@ -528,103 +525,35 @@ class auth
 		$sql_user = ($user_id !== false) ? ((!is_array($user_id)) ? 'user_id = ' . (int) $user_id : $db->sql_in_set('user_id', array_map('intval', $user_id))) : '';
 		$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? 'AND a.forum_id = ' . (int) $forum_id : 'AND ' . $db->sql_in_set('a.forum_id', array_map('intval', $forum_id))) : '';
 
-		$sql_opts = '';
+		$sql_opts = $sql_opts_select = $sql_opts_from = '';
+		$hold_ary = array();
 
 		if ($opts !== false)
 		{
+			$sql_opts_select = ', ao.auth_option';
+			$sql_opts_from = ', ' . ACL_OPTIONS_TABLE . ' ao';
 			$this->build_auth_option_statement('ao.auth_option', $opts, $sql_opts);
 		}
 
-		$hold_ary = array();
+		$sql_ary = array();
 
-		// First grab user settings ... each user has only one setting for each
+		// Grab non-role settings - user-specific
-		// option ... so we shouldn't need any ACL_NEVER checks ... he says ...
+		$sql_ary[] = 'SELECT a.user_id, a.forum_id, a.auth_setting, a.auth_option_id' . $sql_opts_select . '
-		// Grab assigned roles...
+			FROM ' . ACL_USERS_TABLE . ' a' . $sql_opts_from . '
-		$sql = $db->sql_build_query('SELECT', array(
+			WHERE a.auth_role_id = 0 ' .
-			'SELECT'	=> 'ao.auth_option, a.auth_role_id, r.auth_setting as role_auth_setting, a.user_id, a.forum_id, a.auth_setting',
+				(($sql_opts_from) ? 'AND a.auth_option_id = ao.auth_option_id ' : '') .
-
+				(($sql_user) ? 'AND a.' . $sql_user : '') . "
-			'FROM'		=> array(
-				ACL_OPTIONS_TABLE	=> 'ao',
-				ACL_USERS_TABLE		=> 'a'
-			),
-
-			'LEFT_JOIN'	=> array(
-				array(
-					'FROM'	=> array(ACL_ROLES_DATA_TABLE => 'r'),
-					'ON'	=> 'a.auth_role_id = r.role_id'
-				)
-			),
-
-			'WHERE'		=> '(ao.auth_option_id = a.auth_option_id OR ao.auth_option_id = r.auth_option_id)
-				' . (($sql_user) ? 'AND a.' . $sql_user : '') . "
 				$sql_forum
-				$sql_opts",
+				$sql_opts";
-		));
-		$result = $db->sql_query($sql);
 
-		while ($row = $db->sql_fetchrow($result))
+		// Now the role settings - user-specific
-		{
+		$sql_ary[] = 'SELECT a.user_id, a.forum_id, r.auth_option_id, r.auth_setting, r.auth_option_id' . $sql_opts_select . '
-			$setting = ($row['auth_role_id']) ? $row['role_auth_setting'] : $row['auth_setting'];
+			FROM ' . ACL_USERS_TABLE . ' a, ' . ACL_ROLES_DATA_TABLE . ' r' . $sql_opts_from . '
-			$hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']] = $setting;
+			WHERE a.auth_role_id = r.role_id ' . 
-		}
+				(($sql_opts_from) ? 'AND r.auth_option_id = ao.auth_option_id ' : '') .
-		$db->sql_freeresult($result);
+				(($sql_user) ? 'AND a.' . $sql_user : '') . "
-
-		// Now grab group settings ... ACL_NEVER overrides ACL_YES so act appropriatley
-		$sql_ary[] = $db->sql_build_query('SELECT', array(
-			'SELECT'	=> 'ug.user_id, ao.auth_option, a.forum_id, a.auth_setting, a.auth_role_id, r.auth_setting as role_auth_setting',
-
-			'FROM'		=> array(
-				USER_GROUP_TABLE	=> 'ug',
-				ACL_OPTIONS_TABLE	=> 'ao',
-				ACL_GROUPS_TABLE	=> 'a'
-			),
-
-			'LEFT_JOIN'	=> array(
-				array(
-					'FROM'	=> array(ACL_ROLES_DATA_TABLE => 'r'),
-					'ON'	=> 'a.auth_role_id = r.role_id'
-				)
-			),
-
-			'WHERE'		=> 'ao.auth_option_id = a.auth_option_id
-				AND a.group_id = ug.group_id
-				AND ug.user_pending = 0
-				' . (($sql_user) ? 'AND ug.' . $sql_user : '') . "
 				$sql_forum
-				$sql_opts"
+				$sql_opts";
-		));
-
-		$sql_ary[] = $db->sql_build_query('SELECT', array(
-			'SELECT'	=> 'ug.user_id,  a.forum_id, a.auth_setting, a.auth_role_id, r.auth_setting as role_auth_setting, ao.auth_option' ,
-
-			'FROM'		=> array(
-				ACL_OPTIONS_TABLE	=> 'ao'
-				
-			),
-
-			'LEFT_JOIN'	=> array(
-				
-				array(
-					'FROM'	=> array(ACL_ROLES_DATA_TABLE => 'r'),
-					'ON'	=> 'r.auth_option_id = ao.auth_option_id'
-				),
-				array(
-					'FROM'	=> array(ACL_GROUPS_TABLE	=> 'a'),
-					'ON'	=> 'a.auth_role_id = r.role_id'
-				),
-				array(
-					'FROM'	=> array(USER_GROUP_TABLE	=> 'ug'),
-					'ON'	=> 'ug.group_id = a.group_id'
-				)
-				
-			),
-
-			'WHERE'		=> 'ug.user_pending = 0
-				' . (($sql_user) ? 'AND ug.' . $sql_user : '') . "
-				$sql_forum
-				$sql_opts"
-		));
-		
 
 		foreach ($sql_ary as $sql)
 		{
@@ -632,24 +561,62 @@ class auth
 
 			while ($row = $db->sql_fetchrow($result))
 			{
-				if (!isset($hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']]) || (isset($hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']]) && $hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']] != ACL_NEVER))
+				$option = ($sql_opts_select) ? $row['auth_option'] : $this->acl_options['option'][$row['auth_option_id']];
-				{
+				$hold_ary[$row['user_id']][$row['forum_id']][$option] = $row['auth_setting'];
-					$setting = ($row['auth_role_id']) ? $row['role_auth_setting'] : $row['auth_setting'];
+			}
-					$hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']] = $setting;
+			$db->sql_freeresult($result);
+		}
 
-					// Check for existence of ACL_YES if an option got set to ACL_NEVER
+		$sql_ary = array();
-					if ($setting == ACL_NEVER)
+
+		// Now grab group settings - non-role specific...
+		$sql_ary[] = 'SELECT ug.user_id, a.forum_id, a.auth_setting, a.auth_option_id' . $sql_opts_select . '
+			FROM ' . ACL_GROUPS_TABLE . ' a, ' . USER_GROUP_TABLE . ' ug' . $sql_opts_from . '
+			WHERE a.auth_role_id = 0 ' .
+				(($sql_opts_from) ? 'AND a.auth_option_id = ao.auth_option_id ' : '') . '
+				AND a.group_id = ug.group_id
+				AND ug.user_pending = 0
+				' . (($sql_user) ? 'AND ug.' . $sql_user : '') . "
+				$sql_forum
+				$sql_opts";
+
+		// Now grab group settings - role specific...
+		$sql_ary[] = 'SELECT ug.user_id, a.forum_id, r.auth_setting, r.auth_option_id' . $sql_opts_select . '
+			FROM ' . ACL_GROUPS_TABLE . ' a, ' . USER_GROUP_TABLE . ' ug, ' . ACL_ROLES_DATA_TABLE . ' r' . $sql_opts_from . '
+			WHERE a.auth_role_id = r.role_id ' .
+				(($sql_opts_from) ? 'AND r.auth_option_id = ao.auth_option_id ' : '') . '
+				AND a.group_id = ug.group_id
+				AND ug.user_pending = 0
+				' . (($sql_user) ? 'AND ug.' . $sql_user : '') . "
+				$sql_forum
+				$sql_opts";
+
+		foreach ($sql_ary as $sql)
 		{
-						$flag = substr($row['auth_option'], 0, strpos($row['auth_option'], '_') + 1);
+			$result = $db->sql_query($sql);
+
+			while ($row = $db->sql_fetchrow($result))
+			{
+				$option = ($sql_opts_select) ? $row['auth_option'] : $this->acl_options['option'][$row['auth_option_id']];
+
+				if (!isset($hold_ary[$row['user_id']][$row['forum_id']][$option]) || (isset($hold_ary[$row['user_id']][$row['forum_id']][$option]) && $hold_ary[$row['user_id']][$row['forum_id']][$option] != ACL_NEVER))
+				{
+					$hold_ary[$row['user_id']][$row['forum_id']][$option] = $row['auth_setting'];
+
+					// If we detect ACL_NEVER, we will unset the flag option (within building the bitstring it is correctly set again)
+					if ($row['auth_setting'] == ACL_NEVER)
+					{
+						$flag = substr($option, 0, strpos($option, '_') + 1);
 	
 						if (isset($hold_ary[$row['user_id']][$row['forum_id']][$flag]) && $hold_ary[$row['user_id']][$row['forum_id']][$flag] == ACL_YES)
 						{
 							unset($hold_ary[$row['user_id']][$row['forum_id']][$flag]);
 
-							if (in_array(ACL_YES, $hold_ary[$row['user_id']][$row['forum_id']]))
+/*							if (in_array(ACL_YES, $hold_ary[$row['user_id']][$row['forum_id']]))
 							{
 								$hold_ary[$row['user_id']][$row['forum_id']][$flag] = ACL_YES;
 							}
+*/
 						}
 					}
 				}
@@ -671,45 +638,43 @@ class auth
 		$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? 'AND a.forum_id = ' . (int) $forum_id : 'AND ' . $db->sql_in_set('a.forum_id', array_map('intval', $forum_id))) : '';
 
 		$sql_opts = '';
+		$hold_ary = $sql_ary = array();
 
 		if ($opts !== false)
 		{
 			$this->build_auth_option_statement('ao.auth_option', $opts, $sql_opts);
 		}
 
-		$hold_ary = array();
+		// Grab user settings - non-role specific...
-
+		$sql_ary[] = 'SELECT a.user_id, a.forum_id, a.auth_setting, a.auth_option_id, ao.auth_option
-		// Grab user settings...
+			FROM ' . ACL_USERS_TABLE . ' a, ' . ACL_OPTIONS_TABLE . ' ao
-		$sql = $db->sql_build_query('SELECT', array(
+			WHERE a.auth_role_id = 0
-			'SELECT'	=> 'ao.auth_option, a.auth_role_id, r.auth_setting as role_auth_setting, a.user_id, a.forum_id, a.auth_setting',
+				AND a.auth_option_id = ao.auth_option_id ' .
-			
+				(($sql_user) ? 'AND a.' . $sql_user : '') . "
-			'FROM'		=> array(
-				ACL_OPTIONS_TABLE	=> 'ao',
-				ACL_USERS_TABLE		=> 'a'
-			),
-			
-			'LEFT_JOIN'	=> array(
-				array(
-					'FROM'	=> array(ACL_ROLES_DATA_TABLE => 'r'),
-					'ON'	=> 'a.auth_role_id = r.role_id'
-				),
-			),
-
-			'WHERE'		=> '(ao.auth_option_id = a.auth_option_id OR ao.auth_option_id = r.auth_option_id)
-				' . (($sql_user) ? 'AND a.' . $sql_user : '') . "
 				$sql_forum
-				$sql_opts",
+				$sql_opts
+			ORDER BY a.forum_id, ao.auth_option";
 
-			'ORDER_BY'	=> 'a.forum_id, ao.auth_option'
+		// Now the role settings - user-specific
-		));
+		$sql_ary[] = 'SELECT a.user_id, a.forum_id, r.auth_option_id, r.auth_setting, r.auth_option_id, ao.auth_option
+			FROM ' . ACL_USERS_TABLE . ' a, ' . ACL_ROLES_DATA_TABLE . ' r, ' . ACL_OPTIONS_TABLE . ' ao
+			WHERE a.auth_role_id = r.role_id
+				AND r.auth_option_id = ao.auth_option_id ' .
+				(($sql_user) ? 'AND a.' . $sql_user : '') . "
+				$sql_forum
+				$sql_opts
+			ORDER BY a.forum_id, ao.auth_option";
+
+		foreach ($sql_ary as $sql)
+		{
 			$result = $db->sql_query($sql);
 
 			while ($row = $db->sql_fetchrow($result))
 			{
-			$setting = ($row['auth_role_id']) ? $row['role_auth_setting'] : $row['auth_setting'];
+				$hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']] = $row['auth_setting'];
-			$hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']] = $setting;
 			}
 			$db->sql_freeresult($result);
+		}
 
 		return $hold_ary;
 	}
@@ -725,49 +690,158 @@ class auth
 		$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? 'AND a.forum_id = ' . (int) $forum_id : 'AND ' . $db->sql_in_set('a.forum_id', array_map('intval', $forum_id))) : '';
 
 		$sql_opts = '';
+		$hold_ary = $sql_ary = array();
 
 		if ($opts !== false)
 		{
 			$this->build_auth_option_statement('ao.auth_option', $opts, $sql_opts);
 		}
 
-		$hold_ary = array();
+		// Grab group settings - non-role specific...
-
+		$sql_ary[] = 'SELECT a.group_id, a.forum_id, a.auth_setting, a.auth_option_id, ao.auth_option
-		// Grab group settings...
+			FROM ' . ACL_GROUPS_TABLE . ' a, ' . ACL_OPTIONS_TABLE . ' ao
-		$sql = $db->sql_build_query('SELECT', array(
+			WHERE a.auth_role_id = 0
-			'SELECT'	=> 'a.group_id, ao.auth_option, a.forum_id, a.auth_setting, a.auth_role_id, r.auth_setting as role_auth_setting',
+				AND a.auth_option_id = ao.auth_option_id ' .
-
+				(($sql_group) ? 'AND a.' . $sql_group : '') . "
-			'FROM'		=> array(
-				ACL_OPTIONS_TABLE	=> 'ao',
-				ACL_GROUPS_TABLE	=> 'a'
-			),
-
-			'LEFT_JOIN'	=> array(
-				array(
-					'FROM'	=> array(ACL_ROLES_DATA_TABLE => 'r'),
-					'ON'	=> 'a.auth_role_id = r.role_id'
-				),
-			),
-
-			'WHERE'		=> '(ao.auth_option_id = a.auth_option_id OR ao.auth_option_id = r.auth_option_id)
-				' . (($sql_group) ? 'AND a.' . $sql_group : '') . "
 				$sql_forum
-				$sql_opts",
+				$sql_opts
+			ORDER BY a.forum_id, ao.auth_option";
 
-			'ORDER_BY'	=> 'a.forum_id, ao.auth_option'
+		// Now grab group settings - role specific...
-		));
+		$sql_ary[] = 'SELECT a.group_id, a.forum_id, r.auth_setting, r.auth_option_id, ao.auth_option
+			FROM ' . ACL_GROUPS_TABLE . ' a, ' . ACL_ROLES_DATA_TABLE . ' r, ' . ACL_OPTIONS_TABLE . ' ao
+			WHERE a.auth_role_id = r.role_id
+				AND r.auth_option_id = ao.auth_option_id ' .
+				(($sql_group) ? 'AND a.' . $sql_group : '') . "
+				$sql_forum
+				$sql_opts
+			ORDER BY a.forum_id, ao.auth_option";
+
+		foreach ($sql_ary as $sql)
+		{
 			$result = $db->sql_query($sql);
 
 			while ($row = $db->sql_fetchrow($result))
 			{
-			$setting = ($row['auth_role_id']) ? $row['role_auth_setting'] : $row['auth_setting'];
+				$hold_ary[$row['group_id']][$row['forum_id']][$row['auth_option']] = $row['auth_setting'];
-			$hold_ary[$row['group_id']][$row['forum_id']][$row['auth_option']] = $setting;
+			}
+			$db->sql_freeresult($result);
+		}
+
+		return $hold_ary;
+	}
+
+	/**
+	* Get raw acl data based on user for caching user_permissions
+	* This function returns the same data as acl_raw_data(), but without the user id as the first key within the array.
+	*/
+	function acl_raw_data_single_user($user_id)
+	{
+		global $db, $cache;
+
+		// Check if the role-cache is there
+		if (($this->role_cache = $cache->get('_role_cache')) === false)
+		{
+			$this->role_cache = array();
+
+			// We pre-fetch roles
+			$sql = 'SELECT *
+				FROM ' . ACL_ROLES_DATA_TABLE . '
+				ORDER BY role_id ASC';
+			$result = $db->sql_query($sql);
+
+			while ($row = $db->sql_fetchrow($result))
+			{
+				$this->role_cache[$row['role_id']][$row['auth_option_id']] = (int) $row['auth_setting'];
+			}
+			$db->sql_freeresult($result);
+
+			foreach ($this->role_cache as $role_id => $role_options)
+			{
+				$this->role_cache[$role_id] = serialize($role_options);
+			}
+
+			$cache->put('_role_cache', $this->role_cache);
+		}
+
+		$hold_ary = array();
+
+		// Grab user-specific permission settings
+		$sql = 'SELECT forum_id, auth_option_id, auth_role_id, auth_setting
+			FROM ' . ACL_USERS_TABLE . '
+			WHERE user_id = ' . $user_id;
+		$result = $db->sql_query($sql);
+
+		while ($row = $db->sql_fetchrow($result))
+		{
+			// If a role is assigned, assign all options included within this role. Else, only set this one option.
+			if ($row['auth_role_id'])
+			{
+				$hold_ary[$row['forum_id']] = (empty($hold_ary[$row['forum_id']])) ? unserialize($this->role_cache[$row['auth_role_id']]) : $hold_ary[$row['forum_id']] + unserialize($this->role_cache[$row['auth_role_id']]);
+			}
+			else
+			{
+				$hold_ary[$row['forum_id']][$row['auth_option_id']] = $row['auth_setting'];
+			}
+		}
+		$db->sql_freeresult($result);
+
+		// Now grab group-specific permission settings
+		$sql = 'SELECT a.forum_id, a.auth_option_id, a.auth_role_id, a.auth_setting
+			FROM ' . ACL_GROUPS_TABLE . ' a, ' . USER_GROUP_TABLE . ' ug
+			WHERE a.group_id = ug.group_id
+				AND ug.user_pending = 0
+				AND ug.user_id = ' . $user_id;
+		$result = $db->sql_query($sql);
+
+		while ($row = $db->sql_fetchrow($result))
+		{
+			if (!$row['auth_role_id'])
+			{
+				$this->_set_group_hold_ary($hold_ary[$row['forum_id']], $row['auth_option_id'], $row['auth_setting']);
+			}
+			else
+			{
+				foreach (unserialize($this->role_cache[$row['auth_role_id']]) as $option_id => $setting)
+				{
+					$this->_set_group_hold_ary($hold_ary[$row['forum_id']], $option_id, $setting);
+				}
+			}
 		}
 		$db->sql_freeresult($result);
 
 		return $hold_ary;
 	}
 
+	/**
+	* Private function snippet for setting a specific piece of the hold_ary
+	*/
+	function _set_group_hold_ary(&$hold_ary, $option_id, $setting)
+	{
+		if (!isset($hold_ary[$option_id]) || (isset($hold_ary[$option_id]) && $hold_ary[$option_id] != ACL_NEVER))
+		{
+			$hold_ary[$option_id] = $setting;
+
+			// If we detect ACL_NEVER, we will unset the flag option (within building the bitstring it is correctly set again)
+			if ($setting == ACL_NEVER)
+			{
+				$flag = substr($this->acl_options['option'][$option_id], 0, strpos($this->acl_options['option'][$option_id], '_') + 1);
+				$flag = (int) $this->acl_options['id'][$flag];
+		
+				if (isset($hold_ary[$flag]) && $hold_ary[$flag] == ACL_YES)
+				{
+					unset($hold_ary[$flag]);
+
+/*					This is uncommented, because i suspect this being slightly wrong due to mixed permission classes being possible
+					if (in_array(ACL_YES, $hold_ary))
+					{
+						$hold_ary[$flag] = ACL_YES;
+					}*/
+				}
+			}
+		}
+	}
+
 	/**
 	* Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him.
 	*/

phpBB/includes/auth/auth_apache.php

@@ -48,8 +48,18 @@ function login_apache(&$username, &$password)
 	if (!$password)
 	{
 		return array(
-			'status'	=> LOGIN_BREAK,
+			'status'	=> LOGIN_ERROR_PASSWORD,
 			'error_msg'	=> 'NO_PASSWORD_SUPPLIED',
+			'user_row'	=> array('user_id' => ANONYMOUS),
+		);
+	}
+
+	if (!$username)
+	{
+		return array(
+			'status'	=> LOGIN_ERROR_USERNAME,
+			'error_msg'	=> 'LOGIN_ERROR_USERNAME',
+			'user_row'	=> array('user_id' => ANONYMOUS),
 		);
 	}
 

phpBB/includes/auth/auth_db.php

@@ -32,8 +32,18 @@ function login_db(&$username, &$password)
 	if (!$password)
 	{
 		return array(
-			'status'	=> LOGIN_BREAK,
+			'status'	=> LOGIN_ERROR_PASSWORD,
 			'error_msg'	=> 'NO_PASSWORD_SUPPLIED',
+			'user_row'	=> array('user_id' => ANONYMOUS),
+		);
+	}
+
+	if (!$username)
+	{
+		return array(
+			'status'	=> LOGIN_ERROR_USERNAME,
+			'error_msg'	=> 'LOGIN_ERROR_USERNAME',
+			'user_row'	=> array('user_id' => ANONYMOUS),
 		);
 	}
 

phpBB/includes/auth/auth_ldap.php

@@ -104,8 +104,18 @@ function login_ldap(&$username, &$password)
 	if (!$password)
 	{
 		return array(
-			'status'	=> LOGIN_BREAK,
+			'status'	=> LOGIN_ERROR_PASSWORD,
 			'error_msg'	=> 'NO_PASSWORD_SUPPLIED',
+			'user_row'	=> array('user_id' => ANONYMOUS),
+		);
+	}
+
+	if (!$username)
+	{
+		return array(
+			'status'	=> LOGIN_ERROR_USERNAME,
+			'error_msg'	=> 'LOGIN_ERROR_USERNAME',
+			'user_row'	=> array('user_id' => ANONYMOUS),
 		);
 	}
 

phpBB/includes/constants.php

@@ -173,7 +173,7 @@ define('FIELD_DATE', 6);
 
 
 // Additional constants
-define('VOTE_CONVERTED', 9999);
+define('VOTE_CONVERTED', 127);
 
 // Table names
 define('ACL_GROUPS_TABLE',			$table_prefix . 'acl_groups');

phpBB/includes/db/dbal.php

@@ -45,6 +45,8 @@ class dbal
 
 	// Holding the last sql query on sql error
 	var $sql_error_sql = '';
+	// Holding the error information - only populated if sql_error_triggered is set
+	var $sql_error_returned = array();
 	
 	// Holding transaction count
 	var $transactions = 0;
@@ -262,6 +264,13 @@ class dbal
 					return true;
 				}
 
+				// Check if there is a transaction (no transaction can happen if there was an error, with a combined rollback and error returning enabled)
+				// This implies we have transaction always set for autocommit db's
+				if (!$this->transaction)
+				{
+					return false;
+				}
+
 				$result = $this->_sql_transaction('commit');
 
 				if (!$result)
@@ -537,11 +546,11 @@ class dbal
 		$this->sql_error_triggered = true;
 		$this->sql_error_sql = $sql;
 
-		$error = $this->_sql_error();
+		$this->sql_error_returned = $this->_sql_error();
 
 		if (!$this->return_on_error)
 		{
-			$message = 'SQL ERROR [ ' . $this->sql_layer . ' ]<br /><br />' . $error['message'] . ' [' . $error['code'] . ']';
+			$message = 'SQL ERROR [ ' . $this->sql_layer . ' ]<br /><br />' . $this->sql_error_returned['message'] . ' [' . $this->sql_error_returned['code'] . ']';
 
 			// Show complete SQL error and path to administrators only
 			// Additionally show complete error on installation or if extended debug mode is enabled
@@ -598,7 +607,7 @@ class dbal
 			$this->sql_transaction('rollback');
 		}
 
-		return $error;
+		return $this->sql_error_returned;
 	}
 
 	/**

phpBB/includes/diff/renderer.php

@@ -603,7 +603,7 @@ class diff_renderer_side_by_side extends diff_renderer
 			// Iterate through every header block of changes
 			foreach ($this->lines as $header)
 			{
-				$output .= '<tr><th>Line ' . $header['oldline'] . '</th><th>' . $user->lang['LINE'] . ' ' . $header['newline'] . '</th></tr>';
+				$output .= '<tr><th>' . $user->lang['LINE'] . ' ' . $header['oldline'] . '</th><th>' . $user->lang['LINE'] . ' ' . $header['newline'] . '</th></tr>';
 
 				// Each header block consists of a number of changes (add, remove, change).
 				$current_context = '';

phpBB/includes/functions.php

@@ -198,6 +198,26 @@ function unique_id($extra = 'c')
 	return substr($val, 4, 16);
 }
 
+/**
+* Return formatted string for filesizes
+*/
+function get_formatted_filesize($bytes, $add_size_lang = true)
+{
+	global $user;
+
+	if ($bytes >= pow(2, 20))
+	{
+		return ($add_size_lang) ? round($bytes / 1024 / 1024, 2) . ' ' . $user->lang['MIB'] : round($bytes / 1024 / 1024, 2);
+	}
+
+	if ($bytes >= pow(2, 10))
+	{
+		return ($add_size_lang) ? round($bytes / 1024, 2) . ' ' . $user->lang['KIB'] : round($bytes / 1024, 2);
+	}
+
+	return ($add_size_lang) ? ($bytes) . ' ' . $user->lang['BYTES'] : ($bytes);
+}
+
 /**
 * Determine whether we are approaching the maximum execution time. Should be called once
 * at the beginning of the script in which it's used.
@@ -523,27 +543,25 @@ if (!function_exists('stripos'))
 	}
 }
 
-if (!function_exists('realpath'))
+/**
+* Checks if a path ($path) is absolute or relative
+*
+* @param string $path Path to check absoluteness of
+* @return boolean
+*/
+function is_absolute($path)
 {
-	/**
-	* Checks if a path ($path) is absolute or relative
-	*
-	* @param string $path Path to check absoluteness of
-	* @return boolean
-	*/
-	function is_absolute($path)
-	{
 	return ($path[0] == '/' || (DIRECTORY_SEPARATOR == '\\' && preg_match('#^[a-z]:/#i', $path))) ? true : false;
-	}
+}
 
-	/**
+/**
-	* @author Chris Smith <chris@project-minerva.org>
+* @author Chris Smith <chris@project-minerva.org>
-	* @copyright 2006 Project Minerva Team
+* @copyright 2006 Project Minerva Team
-	* @param string $path The path which we should attempt to resolve.
+* @param string $path The path which we should attempt to resolve.
-	* @return mixed
+* @return mixed
-	*/
+*/
-	function phpbb_realpath($path)
+function phpbb_own_realpath($path)
-	{
+{
 	// Now to perform funky shizzle
 
 	// Switch to use UNIX slashes
@@ -691,9 +709,9 @@ if (!function_exists('realpath'))
 	}
 
 	return $resolved; // We got here, in the end!
-	}
 }
-else
+
+if (!function_exists('realpath'))
 {
 	/**
 	* A wrapper for realpath
@@ -701,15 +719,32 @@ else
 	*/
 	function phpbb_realpath($path)
 	{
-		$path = realpath($path);
+		return phpbb_own_realpath($path);
-
+	}
-		// Check for DIRECTORY_SEPARATOR at the end (and remove it!)
+}
-		if (substr($path, -1) == DIRECTORY_SEPARATOR)
+else
+{
+	/**
+	* A wrapper for realpath
+	*/
+	function phpbb_realpath($path)
 	{
-			return substr($path, 0, -1);
+		$realpath = realpath($path);
+
+		// Strangely there are provider not disabling realpath but returning strange values. :o
+		// We at least try to cope with them.
+		if ($realpath === $path || $realpath === false)
+		{
+			return phpbb_own_realpath($path);
 		}
 
-		return $path;
+		// Check for DIRECTORY_SEPARATOR at the end (and remove it!)
+		if (substr($realpath, -1) == DIRECTORY_SEPARATOR)
+		{
+			$realpath = substr($realpath, 0, -1);
+		}
+
+		return $realpath;
 	}
 }
 
@@ -1359,7 +1394,7 @@ function update_forum_tracking_info($forum_id, $forum_last_post_time, $f_mark_ti
 
 			while ($row = $db->sql_fetchrow($result))
 			{
-				if (!in_array(base_convert($row['topic_id'], 10, 36), array_keys($check_forum)))
+				if (!isset($check_forum[base_convert($row['topic_id'], 10, 36)]))
 				{
 					$unread = true;
 					break;
@@ -1719,7 +1754,7 @@ function generate_board_url($without_script_path = false)
 {
 	global $config, $user;
 
-	$server_name = (!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME');
+	$server_name = $user->host;
 	$server_port = (!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT');
 
 	// Forcing server vars is the only way to specify/override the protocol
@@ -1742,9 +1777,13 @@ function generate_board_url($without_script_path = false)
 	}
 
 	if ($server_port && (($config['cookie_secure'] && $server_port <> 443) || (!$config['cookie_secure'] && $server_port <> 80)))
+	{
+		// HTTP HOST can carry a port number...
+		if (strpos($server_name, ':') === false)
 		{
 			$url .= ':' . $server_port;
 		}
+	}
 
 	if (!$without_script_path)
 	{
@@ -2041,9 +2080,8 @@ function add_form_key($form_name)
 * @param int $timespan The maximum acceptable age for a submitted form in seconds. Defaults to the config setting.
 * @param string $return_page The address for the return link
 * @param bool $trigger If true, the function will triger an error when encountering an invalid form
-* @param int $minimum_time The minimum acceptable age for a submitted form in seconds
 */
-function check_form_key($form_name, $timespan = false, $return_page = '', $trigger = false, $minimum_time = false)
+function check_form_key($form_name, $timespan = false, $return_page = '', $trigger = false)
 {
 	global $config, $user;
 
@@ -2052,10 +2090,6 @@ function check_form_key($form_name, $timespan = false, $return_page = '', $trigg
 		// we enforce a minimum value of half a minute here.
 		$timespan = ($config['form_token_lifetime'] == -1) ? -1 : max(30, $config['form_token_lifetime']);
 	}
-	if ($minimum_time === false)
-	{
-		$minimum_time = (int) $config['form_token_mintime'];
-	}
 
 	if (isset($_POST['creation_time']) && isset($_POST['form_token']))
 	{
@@ -2064,7 +2098,7 @@ function check_form_key($form_name, $timespan = false, $return_page = '', $trigg
 
 		$diff = (time() - $creation_time);
 
-		if (($diff >= $minimum_time) && (($diff <= $timespan) || $timespan == -1))
+		if (($diff <= $timespan) || $timespan === -1)
 		{
 			$token_sid = ($user->data['user_id'] == ANONYMOUS && !empty($config['form_token_sid_guests'])) ? $user->session_id : '';
 
@@ -2304,7 +2338,7 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
 		// Something failed, determine what...
 		if ($result['status'] == LOGIN_BREAK)
 		{
-			trigger_error($result['error_msg'], E_USER_ERROR);
+			trigger_error($result['error_msg']);
 		}
 
 		// Special cases... determine
@@ -2419,7 +2453,7 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
 		'PASSWORD_CREDENTIAL'	=> ($admin) ? 'password_' . $credential : 'password',
 	));
 
-	page_header($user->lang['LOGIN']);
+	page_header($user->lang['LOGIN'], false);
 
 	$template->set_filenames(array(
 		'body' => 'login_body.html')
@@ -2737,7 +2771,7 @@ function get_preg_expression($mode)
 	switch ($mode)
 	{
 		case 'email':
-			return '[a-z0-9&\'\.\-_\+]+@[a-z0-9\-]+\.([a-z0-9\-]+\.)*[a-z]+';
+			return '(?:[a-z0-9\'\.\-_\+\|]|&amp;)+@[a-z0-9\-]+\.(?:[a-z0-9\-]+\.)*[a-z]+';
 		break;
 
 		case 'bbcode_htm':
@@ -2962,14 +2996,14 @@ function msg_handler($errno, $msg_text, $errfile, $errline)
 			echo '<head>';
 			echo '<meta http-equiv="content-type" content="text/html; charset=utf-8" />';
 			echo '<title>' . $msg_title . '</title>';
-			echo '<style type="text/css">' . "\n" . '<!--' . "\n";
+			echo '<style type="text/css">' . "\n" . '/* <![CDATA[ */' . "\n";
 			echo '* { margin: 0; padding: 0; } html { font-size: 100%; height: 100%; margin-bottom: 1px; background-color: #E4EDF0; } body { font-family: "Lucida Grande", Verdana, Helvetica, Arial, sans-serif; color: #536482; background: #E4EDF0; font-size: 62.5%; margin: 0; } ';
 			echo 'a:link, a:active, a:visited { color: #006699; text-decoration: none; } a:hover { color: #DD6900; text-decoration: underline; } ';
 			echo '#wrap { padding: 0 20px 15px 20px; min-width: 615px; } #page-header { text-align: right; height: 40px; } #page-footer { clear: both; font-size: 1em; text-align: center; } ';
 			echo '.panel { margin: 4px 0; background-color: #FFFFFF; border: solid 1px  #A9B8C2; } ';
 			echo '#errorpage #page-header a { font-weight: bold; line-height: 6em; } #errorpage #content { padding: 10px; } #errorpage #content h1 { line-height: 1.2em; margin-bottom: 0; color: #DF075C; } ';
 			echo '#errorpage #content div { margin-top: 20px; margin-bottom: 5px; border-bottom: 1px solid #CCCCCC; padding-bottom: 5px; color: #333333; font: bold 1.2em "Lucida Grande", Arial, Helvetica, sans-serif; text-decoration: none; line-height: 120%; text-align: left; } ';
-			echo "\n" . '//-->' . "\n";
+			echo "\n" . '/* ]]> */' . "\n";
 			echo '</style>';
 			echo '</head>';
 			echo '<body id="errorpage">';
@@ -3064,6 +3098,209 @@ function msg_handler($errno, $msg_text, $errfile, $errline)
 	return false;
 }
 
+/**
+* Queries the session table to get information about online guests
+* @param int $forum_id Limits the search to the forum with this id
+* @return int The number of active distinct guest sessions
+*/
+function obtain_guest_count($forum_id = 0)
+{
+	global $db, $config;
+	
+	if ($forum_id)
+	{
+		$reading_sql = ' AND s.session_forum_id = ' . (int) $forum_id;
+	} 
+	else
+	{
+		$reading_sql = '';
+	}
+	$time = (time() - (intval($config['load_online_time']) * 60)); 
+	 
+ 	// Get number of online guests
+
+	if ($db->sql_layer === 'sqlite')
+	{
+		$sql = 'SELECT COUNT(session_ip) as num_guests
+			FROM (
+				SELECT DISTINCT s.session_ip
+				FROM ' . SESSIONS_TABLE . ' s
+				WHERE s.session_user_id = ' . ANONYMOUS . '
+					AND s.session_time >= ' . ($time - ((int) ($time % 60))) .
+				$reading_sql .
+			')';
+	}
+	else
+	{
+		$sql = 'SELECT COUNT(DISTINCT s.session_ip) as num_guests
+			FROM ' . SESSIONS_TABLE . ' s
+			WHERE s.session_user_id = ' . ANONYMOUS . '
+				AND s.session_time >= ' . ($time - ((int) ($time % 60))) .
+			$reading_sql;
+	}
+	$result = $db->sql_query($sql, 60);
+	$guests_online = (int) $db->sql_fetchfield('num_guests');
+	$db->sql_freeresult($result);
+	
+	return $guests_online;
+}
+
+/**
+* Queries the session table to get information about online users
+* @param int $forum_id Limits the search to the forum with this id
+* @return array An array containing the ids of online, hidden and visible users, as well as statistical info
+*/
+function obtain_users_online($forum_id = 0)
+{
+	global $db, $config, $user;
+
+	$reading_sql = '';
+	if ($forum_id !== 0)
+	{
+		$reading_sql = ' AND s.session_forum_id = ' . (int) $forum_id;
+	}
+
+	$online_users = array(
+		'online_users'			=> array(),
+		'hidden_users'			=> array(),
+		'total_online'			=> 0,
+		'visible_online'		=> 0,
+		'hidden_online'			=> 0,
+		'guests_online'			=> 0,
+	);
+
+	if ($config['load_online_guests'])
+	{
+		$online_users['guests_online'] = obtain_guest_count($forum_id);
+	}
+	
+	// a little discrete magic to cache this for 30 seconds
+	$time = (time() - (intval($config['load_online_time']) * 60)); 
+
+	$sql = 'SELECT s.session_user_id, s.session_ip, s.session_viewonline
+		FROM ' . SESSIONS_TABLE . ' s
+		WHERE s.session_time >= ' . ($time - ((int) ($time % 30))) .
+			$reading_sql .
+		' AND s.session_user_id <> ' . ANONYMOUS;
+	$result = $db->sql_query($sql, 30); 
+
+	while ($row = $db->sql_fetchrow($result))
+	{
+		// Skip multiple sessions for one user
+		if (!isset($online_users['online_users'][$row['session_user_id']]))
+		{
+			$online_users['online_users'][$row['session_user_id']] = (int) $row['session_user_id'];
+			if ($row['session_viewonline'])
+			{
+				$online_users['visible_online']++;
+			}
+			else
+			{
+				$online_users['hidden_users'][$row['session_user_id']] = (int) $row['session_user_id'];
+				$online_users['hidden_online']++;
+			}
+		}
+	}
+	$online_users['total_online'] = $online_users['guests_online'] + $online_users['visible_online'] + $online_users['hidden_online'];
+	$db->sql_freeresult($result);
+	
+	return $online_users;
+}
+
+/**
+* Uses the result of obtain_users_online to generate a localized, readable representation.
+* @param mixed $online_users result of obtain_users_online - array with user_id lists for total, hidden and visible users, and statistics
+* @param int $forum_id Indicate that the data is limited to one forum and not global.
+* @return array An array containing the string for output to the template
+*/
+function obtain_users_online_string($online_users, $forum_id = 0)
+{
+	global $db, $user, $auth;
+
+	$user_online_link = $online_userlist = '';
+
+	if (sizeof($online_users['online_users']))
+	{
+		$sql = 'SELECT username, username_clean, user_id, user_type, user_allow_viewonline, user_colour
+				FROM ' . USERS_TABLE . '
+				WHERE ' . $db->sql_in_set('user_id', $online_users['online_users']) . '
+				ORDER BY username_clean ASC';
+		$result = $db->sql_query($sql);
+
+		while ($row = $db->sql_fetchrow($result))
+		{
+			// User is logged in and therefore not a guest
+			if ($row['user_id'] != ANONYMOUS)
+			{
+				if (isset($online_users['hidden_users'][$row['user_id']]))
+				{
+					$row['username'] = '<em>' . $row['username'] . '</em>';
+				}
+
+				if (!isset($online_users['hidden_users'][$row['user_id']]) || $auth->acl_get('u_viewonline'))
+				{
+					$user_online_link = get_username_string(($row['user_type'] <> USER_IGNORE) ? 'full' : 'no_profile', $row['user_id'], $row['username'], $row['user_colour']);
+					$online_userlist .= ($online_userlist != '') ? ', ' . $user_online_link : $user_online_link;
+				}
+			}
+		}
+		$db->sql_freeresult($result);
+	}
+
+	if (!$online_userlist)
+	{
+		$online_userlist = $user->lang['NO_ONLINE_USERS'];
+	}
+
+	if ($forum_id === 0)
+	{
+		$online_userlist = $user->lang['REGISTERED_USERS'] . ' ' . $online_userlist;
+	}
+	else
+	{
+		$l_online = ($online_users['guests_online'] === 1) ? $user->lang['BROWSING_FORUM_GUEST'] : $user->lang['BROWSING_FORUM_GUESTS'];
+		$online_userlist = sprintf($l_online, $online_userlist, $online_users['guests_online']);
+	}
+
+	// Build online listing
+	$vars_online = array(
+		'ONLINE'	=> array('total_online', 'l_t_user_s'),
+		'REG'		=> array('visible_online', 'l_r_user_s'),
+		'HIDDEN'	=> array('hidden_online', 'l_h_user_s'),
+		'GUEST'		=> array('guests_online', 'l_g_user_s')
+	);
+
+	foreach ($vars_online as $l_prefix => $var_ary)
+	{
+		switch ($online_users[$var_ary[0]])
+		{
+			case 0:
+				${$var_ary[1]} = $user->lang[$l_prefix . '_USERS_ZERO_TOTAL'];
+			break;
+
+			case 1:
+				${$var_ary[1]} = $user->lang[$l_prefix . '_USER_TOTAL'];
+			break;
+
+			default:
+				${$var_ary[1]} = $user->lang[$l_prefix . '_USERS_TOTAL'];
+			break;
+		}
+	}
+	unset($vars_online);
+
+	$l_online_users = sprintf($l_t_user_s, $online_users['total_online']);
+	$l_online_users .= sprintf($l_r_user_s, $online_users['visible_online']);
+	$l_online_users .= sprintf($l_h_user_s, $online_users['hidden_online']);
+	$l_online_users .= sprintf($l_g_user_s, $online_users['guests_online']);
+
+	return array(
+		'online_userlist'	=> $online_userlist,
+		'l_online_users'	=> $l_online_users,
+	);
+}
+
+
 /**
 * Generate page header
 */
@@ -3106,109 +3343,15 @@ function page_header($page_title = '', $display_online_list = true)
 	$l_online_users = $online_userlist = $l_online_record = '';
 
 	if ($config['load_online'] && $config['load_online_time'] && $display_online_list)
-	{
-		$logged_visible_online = $logged_hidden_online = $guests_online = $prev_user_id = 0;
-		$prev_session_ip = $reading_sql = '';
-
-		if (!empty($_REQUEST['f']))
 	{
 		$f = request_var('f', 0);
+		$f = max($f, 0);
+		$online_users = obtain_users_online($f);
+		$user_online_strings = obtain_users_online_string($online_users, $f);
 
-			$reading_sql = ' AND s.session_page ' . $db->sql_like_expression("{$db->any_char}_f_={$f}x{$db->any_char}");
+		$l_online_users = $user_online_strings['l_online_users'];
-		}
+		$online_userlist = $user_online_strings['online_userlist'];
-
+		$total_online_users = $online_users['total_online'];
-		// Get number of online guests
-		if (!$config['load_online_guests'])
-		{
-			if ($db->sql_layer === 'sqlite')
-			{
-				$sql = 'SELECT COUNT(session_ip) as num_guests
-					FROM (
-						SELECT DISTINCT s.session_ip
-							FROM ' . SESSIONS_TABLE . ' s
-							WHERE s.session_user_id = ' . ANONYMOUS . '
-								AND s.session_time >= ' . (time() - ($config['load_online_time'] * 60)) .
-								$reading_sql .
-					')';
-			}
-			else
-			{
-				$sql = 'SELECT COUNT(DISTINCT s.session_ip) as num_guests
-					FROM ' . SESSIONS_TABLE . ' s
-					WHERE s.session_user_id = ' . ANONYMOUS . '
-						AND s.session_time >= ' . (time() - ($config['load_online_time'] * 60)) .
-					$reading_sql;
-			}
-			$result = $db->sql_query($sql);
-			$guests_online = (int) $db->sql_fetchfield('num_guests');
-			$db->sql_freeresult($result);
-		}
-
-		$sql = 'SELECT u.username, u.username_clean, u.user_id, u.user_type, u.user_allow_viewonline, u.user_colour, s.session_ip, s.session_viewonline
-			FROM ' . USERS_TABLE . ' u, ' . SESSIONS_TABLE . ' s
-			WHERE s.session_time >= ' . (time() - (intval($config['load_online_time']) * 60)) .
-				$reading_sql .
-				((!$config['load_online_guests']) ? ' AND s.session_user_id <> ' . ANONYMOUS : '') . '
-				AND u.user_id = s.session_user_id
-			ORDER BY u.username_clean ASC, s.session_ip ASC';
-		$result = $db->sql_query($sql);
-
-		while ($row = $db->sql_fetchrow($result))
-		{
-			// User is logged in and therefore not a guest
-			if ($row['user_id'] != ANONYMOUS)
-			{
-				// Skip multiple sessions for one user
-				if ($row['user_id'] != $prev_user_id)
-				{
-					if ($row['session_viewonline'])
-					{
-						$logged_visible_online++;
-					}
-					else
-					{
-						$row['username'] = '<em>' . $row['username'] . '</em>';
-						$logged_hidden_online++;
-					}
-
-					if (($row['session_viewonline']) || $auth->acl_get('u_viewonline'))
-					{
-						$user_online_link = get_username_string(($row['user_type'] <> USER_IGNORE) ? 'full' : 'no_profile', $row['user_id'], $row['username'], $row['user_colour']);
-						$online_userlist .= ($online_userlist != '') ? ', ' . $user_online_link : $user_online_link;
-					}
-				}
-
-				$prev_user_id = $row['user_id'];
-			}
-			else
-			{
-				// Skip multiple sessions for one user
-				if ($row['session_ip'] != $prev_session_ip)
-				{
-					$guests_online++;
-				}
-			}
-
-			$prev_session_ip = $row['session_ip'];
-		}
-		$db->sql_freeresult($result);
-
-		if (!$online_userlist)
-		{
-			$online_userlist = $user->lang['NO_ONLINE_USERS'];
-		}
-
-		if (empty($_REQUEST['f']))
-		{
-			$online_userlist = $user->lang['REGISTERED_USERS'] . ' ' . $online_userlist;
-		}
-		else
-		{
-			$l_online = ($guests_online == 1) ? $user->lang['BROWSING_FORUM_GUEST'] : $user->lang['BROWSING_FORUM_GUESTS'];
-			$online_userlist = sprintf($l_online, $online_userlist, $guests_online);
-		}
-
-		$total_online_users = $logged_visible_online + $logged_hidden_online + $guests_online;
 
 		if ($total_online_users > $config['record_online_users'])
 		{
@@ -3216,38 +3359,6 @@ function page_header($page_title = '', $display_online_list = true)
 			set_config('record_online_date', time(), true);
 		}
 
-		// Build online listing
-		$vars_online = array(
-			'ONLINE'	=> array('total_online_users', 'l_t_user_s'),
-			'REG'		=> array('logged_visible_online', 'l_r_user_s'),
-			'HIDDEN'	=> array('logged_hidden_online', 'l_h_user_s'),
-			'GUEST'		=> array('guests_online', 'l_g_user_s')
-		);
-
-		foreach ($vars_online as $l_prefix => $var_ary)
-		{
-			switch (${$var_ary[0]})
-			{
-				case 0:
-					${$var_ary[1]} = $user->lang[$l_prefix . '_USERS_ZERO_TOTAL'];
-				break;
-
-				case 1:
-					${$var_ary[1]} = $user->lang[$l_prefix . '_USER_TOTAL'];
-				break;
-
-				default:
-					${$var_ary[1]} = $user->lang[$l_prefix . '_USERS_TOTAL'];
-				break;
-			}
-		}
-		unset($vars_online);
-
-		$l_online_users = sprintf($l_t_user_s, $total_online_users);
-		$l_online_users .= sprintf($l_r_user_s, $logged_visible_online);
-		$l_online_users .= sprintf($l_h_user_s, $logged_hidden_online);
-		$l_online_users .= sprintf($l_g_user_s, $guests_online);
-
 		$l_online_record = sprintf($user->lang['RECORD_ONLINE_USERS'], $config['record_online_users'], $user->format_date($config['record_online_date']));
 
 		$l_online_time = ($config['load_online_time'] == 1) ? 'VIEW_ONLINE_TIME' : 'VIEW_ONLINE_TIMES';
@@ -3301,6 +3412,13 @@ function page_header($page_title = '', $display_online_list = true)
 	// Which timezone?
 	$tz = ($user->data['user_id'] != ANONYMOUS) ? strval(doubleval($user->data['user_timezone'])) : strval(doubleval($config['board_timezone']));
 
+	// Send a proper content-language to the output
+	$user_lang = $user->lang['USER_LANG'];
+	if (strpos($user_lang, '-x-') !== false)
+	{
+		$user_lang = substr($user_lang, 0, strpos($user_lang, '-x-'));
+	}
+
 	// The following assigns all _common_ variables that may be used at any point in a template.
 	$template->assign_vars(array(
 		'SITENAME'						=> $config['sitename'],
@@ -3333,7 +3451,6 @@ function page_header($page_title = '', $display_online_list = true)
 		'U_POPUP_PM'			=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&amp;mode=popup'),
 		'UA_POPUP_PM'			=> addslashes(append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&amp;mode=popup')),
 		'U_MEMBERLIST'			=> append_sid("{$phpbb_root_path}memberlist.$phpEx"),
-		'U_MEMBERSLIST'			=> append_sid("{$phpbb_root_path}memberlist.$phpEx"),
 		'U_VIEWONLINE'			=> ($auth->acl_gets('u_viewprofile', 'a_user', 'a_useradd', 'a_userdel')) ? append_sid("{$phpbb_root_path}viewonline.$phpEx") : '',
 		'U_LOGIN_LOGOUT'		=> $u_login_logout,
 		'U_INDEX'				=> append_sid("{$phpbb_root_path}index.$phpEx"),
@@ -3356,7 +3473,7 @@ function page_header($page_title = '', $display_online_list = true)
 		'S_REGISTERED_USER'		=> $user->data['is_registered'],
 		'S_IS_BOT'				=> $user->data['is_bot'],
 		'S_USER_PM_POPUP'		=> $user->optionget('popuppm'),
-		'S_USER_LANG'			=> $user->lang['USER_LANG'],
+		'S_USER_LANG'			=> $user_lang,
 		'S_USER_BROWSER'		=> (isset($user->data['session_browser'])) ? $user->data['session_browser'] : $user->lang['UNKNOWN_BROWSER'],
 		'S_USERNAME'			=> $user->data['username'],
 		'S_CONTENT_DIRECTION'	=> $user->lang['DIRECTION'],
@@ -3369,6 +3486,7 @@ function page_header($page_title = '', $display_online_list = true)
 		'S_DISPLAY_PM'			=> ($config['allow_privmsg'] && $user->data['is_registered'] && ($auth->acl_get('u_readpm') || $auth->acl_get('u_sendpm'))) ? true : false,
 		'S_DISPLAY_MEMBERLIST'	=> (isset($auth)) ? $auth->acl_get('u_viewprofile') : 0,
 		'S_NEW_PM'				=> ($s_privmsg_new) ? 1 : 0,
+		'S_REGISTER_ENABLED'	=> ($config['require_activation'] != USER_ACTIVATION_DISABLE) ? true : false,
 
 		'T_THEME_PATH'			=> "{$phpbb_root_path}styles/" . $user->theme['theme_path'] . '/theme',
 		'T_TEMPLATE_PATH'		=> "{$phpbb_root_path}styles/" . $user->theme['template_path'] . '/template',
@@ -3425,7 +3543,7 @@ function page_footer($run_cron = true)
 				{
 					global $base_memory_usage;
 					$memory_usage -= $base_memory_usage;
-					$memory_usage = ($memory_usage >= 1048576) ? round((round($memory_usage / 1048576 * 100) / 100), 2) . ' ' . $user->lang['MB'] : (($memory_usage >= 1024) ? round((round($memory_usage / 1024 * 100) / 100), 2) . ' ' . $user->lang['KB'] : $memory_usage . ' ' . $user->lang['BYTES']);
+					$memory_usage = get_formatted_filesize($memory_usage);
 
 					$debug_output .= ' | Memory Usage: ' . $memory_usage;
 				}

phpBB/includes/functions_admin.php

@@ -196,7 +196,7 @@ function size_select_options($size_compare)
 {
 	global $user;
 
-	$size_types_text = array($user->lang['BYTES'], $user->lang['KB'], $user->lang['MB']);
+	$size_types_text = array($user->lang['BYTES'], $user->lang['KIB'], $user->lang['MIB']);
 	$size_types = array('b', 'kb', 'mb');
 
 	$s_size_options = '';
@@ -2878,14 +2878,7 @@ function get_database_size()
 		break;
 	}
 
-	if ($database_size !== false)
+	$database_size = ($database_size !== false) ? get_formatted_filesize($database_size) : $user->lang['NOT_AVAILABLE'];
-	{
-		$database_size = ($database_size >= 1048576) ? sprintf('%.2f ' . $user->lang['MB'], ($database_size / 1048576)) : (($database_size >= 1024) ? sprintf('%.2f ' . $user->lang['KB'], ($database_size / 1024)) : sprintf('%.2f ' . $user->lang['BYTES'], $database_size));
-	}
-	else
-	{
-		$database_size = $user->lang['NOT_AVAILABLE'];
-	}
 
 	return $database_size;
 }
@@ -2998,6 +2991,29 @@ function tidy_database()
 {
 	global $db;
 
+	// Here we check permission consistency
+
+	// Sometimes, it can happen permission tables having forums listed which do not exist
+	$sql = 'SELECT forum_id
+		FROM ' . FORUMS_TABLE;
+	$result = $db->sql_query($sql);
+
+	$forum_ids = array(0);
+	while ($row = $db->sql_fetchrow($result))
+	{
+		$forum_ids[] = $row['forum_id'];
+	}
+	$db->sql_freeresult($result);
+
+	// Delete those rows from the acl tables not having listed the forums above
+	$sql = 'DELETE FROM ' . ACL_GROUPS_TABLE . '
+		WHERE ' . $db->sql_in_set('forum_id', $forum_ids, true);
+	$db->sql_query($sql);
+
+	$sql = 'DELETE FROM ' . ACL_USERS_TABLE . '
+		WHERE ' . $db->sql_in_set('forum_id', $forum_ids, true);
+	$db->sql_query($sql);
+
 	set_config('database_last_gc', time(), true);
 }
 

phpBB/includes/functions_content.php

@@ -67,7 +67,7 @@ function gen_sort_selects(&$limit_days, &$sort_by_text, &$sort_days, &$sort_key,
 		$sort_dir = key($sort_dir_text);
 	}
 
-	$s_limit_days = '<select name="st">';
+	$s_limit_days = '<select name="st" id="st">';
 	foreach ($limit_days as $day => $text)
 	{
 		$selected = ($sort_days == $day) ? ' selected="selected"' : '';
@@ -75,7 +75,7 @@ function gen_sort_selects(&$limit_days, &$sort_by_text, &$sort_days, &$sort_key,
 	}
 	$s_limit_days .= '</select>';
 
-	$s_sort_key = '<select name="sk">';
+	$s_sort_key = '<select name="sk" id="sk">';
 	foreach ($sort_by_text as $key => $text)
 	{
 		$selected = ($sort_key == $key) ? ' selected="selected"' : '';
@@ -83,7 +83,7 @@ function gen_sort_selects(&$limit_days, &$sort_by_text, &$sort_days, &$sort_key,
 	}
 	$s_sort_key .= '</select>';
 
-	$s_sort_dir = '<select name="sd">';
+	$s_sort_dir = '<select name="sd" id="sd">';
 	foreach ($sort_dir_text as $key => $value)
 	{
 		$selected = ($sort_dir == $key) ? ' selected="selected"' : '';
@@ -492,6 +492,7 @@ function generate_text_for_edit($text, $uid, $flags)
 */
 function make_clickable_callback($type, $whitespace, $url, $relative_url, $class)
 {
+	$orig_url		= $url . $relative_url;
 	$append			= '';
 	$url			= htmlspecialchars_decode($url);
 	$relative_url	= htmlspecialchars_decode($relative_url);
@@ -558,29 +559,39 @@ function make_clickable_callback($type, $whitespace, $url, $relative_url, $class
 		break;
 	}
 
+	$short_url = (strlen($url) > 55) ? substr($url, 0, 39) . ' ... ' . substr($url, -10) : $url;
+
 	switch ($type)
 	{
 		case MAGIC_URL_LOCAL:
 			$tag			= 'l';
 			$relative_url	= preg_replace('/[&?]sid=[0-9a-f]{32}$/', '', preg_replace('/([&?])sid=[0-9a-f]{32}&/', '$1', $relative_url));
 			$url			= $url . '/' . $relative_url;
-			$text			= ($relative_url) ? $relative_url : $url;
+			$text			= $relative_url;
+			
+			// this url goes to http://domain.tld/path/to/board/ which
+			// would result in an empty link if treated as local so
+			// don't touch it and let MAGIC_URL_FULL take care of it.
+			if (!$relative_url)
+			{
+				return $orig_url . '/'; // slash is taken away by relative url pattern
+			}
 		break;
 
 		case MAGIC_URL_FULL:
 			$tag	= 'm';
-			$text	= (strlen($url) > 55) ? substr($url, 0, 39) . ' ... ' . substr($url, -10) : $url;
+			$text	= $short_url;
 		break;
 
 		case MAGIC_URL_WWW:
 			$tag	= 'w';
 			$url	= 'http://' . $url;
-			$text	= (strlen($url) > 55) ? substr($url, 0, 39) . ' ... ' . substr($url, -10) : $url;
+			$text	= $short_url;
 		break;
 
 		case MAGIC_URL_EMAIL:
 			$tag	= 'e';
-			$text	= (strlen($url) > 55) ? substr($url, 0, 39) . ' ... ' . substr($url, -10) : $url;
+			$text	= $short_url;
 			$url	= 'mailto:' . $url;
 		break;
 	}
@@ -647,13 +658,22 @@ function make_clickable($text, $server_url = false, $class = 'postlink')
 function censor_text($text)
 {
 	static $censors;
-	global $cache;
 
+	// We moved the word censor checks in here because we call this function quite often - and then only need to do the check once
 	if (!isset($censors) || !is_array($censors))
 	{
-		// obtain_word_list is taking care of the users censor option and the board-wide option
+		global $config, $user, $auth, $cache;
+
+		// We check here if the user is having viewing censors disabled (and also allowed to do so).
+		if (!$user->optionget('viewcensors') && $config['allow_nocensors'] && $auth->acl_get('u_chgcensors'))
+		{
+			$censors = array();
+		}
+		else
+		{
 			$censors = $cache->obtain_word_list();
 		}
+	}
 
 	if (sizeof($censors))
 	{
@@ -813,8 +833,8 @@ function parse_attachments($forum_id, &$message, &$attachments, &$update_count,
 		}
 
 		$filesize = $attachment['filesize'];
-		$size_lang = ($filesize >= 1048576) ? $user->lang['MB'] : ( ($filesize >= 1024) ? $user->lang['KB'] : $user->lang['BYTES'] );
+		$size_lang = ($filesize >= 1048576) ? $user->lang['MIB'] : (($filesize >= 1024) ? $user->lang['KIB'] : $user->lang['BYTES']);
-		$filesize = ($filesize >= 1048576) ? round((round($filesize / 1048576 * 100) / 100), 2) : (($filesize >= 1024) ? round((round($filesize / 1024 * 100) / 100), 2) : $filesize);
+		$filesize = get_formatted_filesize($filesize, false);
 
 		$comment = bbcode_nl2br(censor_text($attachment['attach_comment']));
 

phpBB/includes/functions_convert.php

@@ -1282,7 +1282,7 @@ function restore_config($schema)
 			// Most are...
 			if (is_string($config_value))
 			{
-				$config_value = utf8_htmlspecialchars($config_value);
+				$config_value = truncate_string(utf8_htmlspecialchars($config_value), 255, false);
 			}
 
 			set_config($config_name, $config_value);

phpBB/includes/functions_display.php

@@ -371,7 +371,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 		$s_subforums_list = array();
 		foreach ($subforums_list as $subforum)
 		{
-			$s_subforums_list[] = '<a href="' . $subforum['link'] . '" class="subforum ' . (($subforum['unread']) ? 'unread' : 'read') . '">' . $subforum['name'] . '</a>';
+			$s_subforums_list[] = '<a href="' . $subforum['link'] . '" class="subforum ' . (($subforum['unread']) ? 'unread' : 'read') . '" title="' . (($subforum['unread']) ? $user->lang['NEW_POSTS'] : $user->lang['NO_NEW_POSTS']) . '">' . $subforum['name'] . '</a>';
 		}
 		$s_subforums_list = (string) implode(', ', $s_subforums_list);
 		$catless = ($row['parent_id'] == $root_data['forum_id']) ? true : false;
@@ -400,6 +400,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 			'S_IS_LINK'			=> ($row['forum_type'] == FORUM_LINK) ? true : false,
 			'S_UNREAD_FORUM'	=> $forum_unread,
 			'S_LOCKED_FORUM'	=> ($row['forum_status'] == ITEM_LOCKED) ? true : false,
+			'S_LIST_SUBFORUMS'	=> ($row['display_subforum_list']) ? true : false,
 			'S_SUBFORUMS'		=> (sizeof($subforums_list)) ? true : false,
 
 			'FORUM_ID'				=> $row['forum_id'],
@@ -409,6 +410,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 			$l_post_click_count		=> $post_click_count,
 			'FORUM_FOLDER_IMG'		=> $user->img($folder_image, $folder_alt),
 			'FORUM_FOLDER_IMG_SRC'	=> $user->img($folder_image, $folder_alt, false, '', 'src'),
+			'FORUM_FOLDER_IMG_ALT'	=> isset($user->lang[$folder_alt]) ? $user->lang[$folder_alt] : '',
 			'FORUM_IMAGE'			=> ($row['forum_image']) ? '<img src="' . $phpbb_root_path . $row['forum_image'] . '" alt="' . $user->lang[$folder_alt] . '" />' : '',
 			'FORUM_IMAGE_SRC'		=> ($row['forum_image']) ? $phpbb_root_path . $row['forum_image'] : '',
 			'LAST_POST_SUBJECT'		=> censor_text($last_post_subject),
@@ -979,7 +981,7 @@ function display_user_activity(&$userdata)
 /**
 * Topic and forum watching common code
 */
-function watch_topic_forum($mode, &$s_watching, &$s_watching_img, $user_id, $forum_id, $topic_id, $notify_status = 'unset', $start = 0)
+function watch_topic_forum($mode, &$s_watching, $user_id, $forum_id, $topic_id, $notify_status = 'unset', $start = 0)
 {
 	global $template, $db, $user, $phpEx, $start, $phpbb_root_path;
 
@@ -1101,7 +1103,7 @@ function watch_topic_forum($mode, &$s_watching, &$s_watching_img, $user_id, $for
 */
 function get_user_rank($user_rank, $user_posts, &$rank_title, &$rank_img, &$rank_img_src)
 {
-	global $ranks, $config;
+	global $ranks, $config, $phpbb_root_path;
 
 	if (empty($ranks))
 	{
@@ -1112,8 +1114,8 @@ function get_user_rank($user_rank, $user_posts, &$rank_title, &$rank_img, &$rank
 	if (!empty($user_rank))
 	{
 		$rank_title = (isset($ranks['special'][$user_rank]['rank_title'])) ? $ranks['special'][$user_rank]['rank_title'] : '';
-		$rank_img = (!empty($ranks['special'][$user_rank]['rank_image'])) ? '<img src="' . $config['ranks_path'] . '/' . $ranks['special'][$user_rank]['rank_image'] . '" alt="' . $ranks['special'][$user_rank]['rank_title'] . '" title="' . $ranks['special'][$user_rank]['rank_title'] . '" />' : '';
+		$rank_img = (!empty($ranks['special'][$user_rank]['rank_image'])) ? '<img src="' . $phpbb_root_path . $config['ranks_path'] . '/' . $ranks['special'][$user_rank]['rank_image'] . '" alt="' . $ranks['special'][$user_rank]['rank_title'] . '" title="' . $ranks['special'][$user_rank]['rank_title'] . '" />' : '';
-		$rank_img_src = (!empty($ranks['special'][$user_rank]['rank_image'])) ? $config['ranks_path'] . '/' . $ranks['special'][$user_rank]['rank_image'] : '';
+		$rank_img_src = (!empty($ranks['special'][$user_rank]['rank_image'])) ? $phpbb_root_path . $config['ranks_path'] . '/' . $ranks['special'][$user_rank]['rank_image'] : '';
 	}
 	else
 	{
@@ -1124,8 +1126,8 @@ function get_user_rank($user_rank, $user_posts, &$rank_title, &$rank_img, &$rank
 				if ($user_posts >= $rank['rank_min'])
 				{
 					$rank_title = $rank['rank_title'];
-					$rank_img = (!empty($rank['rank_image'])) ? '<img src="' . $config['ranks_path'] . '/' . $rank['rank_image'] . '" alt="' . $rank['rank_title'] . '" title="' . $rank['rank_title'] . '" />' : '';
+					$rank_img = (!empty($rank['rank_image'])) ? '<img src="' . $phpbb_root_path . $config['ranks_path'] . '/' . $rank['rank_image'] . '" alt="' . $rank['rank_title'] . '" title="' . $rank['rank_title'] . '" />' : '';
-					$rank_img_src = (!empty($rank['rank_image'])) ? $config['ranks_path'] . '/' . $rank['rank_image'] : '';
+					$rank_img_src = (!empty($rank['rank_image'])) ? $phpbb_root_path . $config['ranks_path'] . '/' . $rank['rank_image'] : '';
 					break;
 				}
 			}

phpBB/includes/functions_jabber.php

@@ -20,11 +20,11 @@ if (!defined('IN_PHPBB'))
 *
 * Jabber class from Flyspray project
 *
-* @version class.jabber2.php 1306 2007-06-21
+* @version class.jabber2.php 1488 2007-11-25
 * @copyright 2006 Flyspray.org
 * @author Florian Schmitz (floele)
 *
-* Modified by Acyd Burn
+* Only slightly modified by Acyd Burn
 *
 * @package phpBB3
 */
@@ -286,7 +286,7 @@ class jabber
 			$read = trim(fread($this->connection, 4096));
 			$data .= $read;
 		}
-		while (time() <= $start + $timeout && ($wait || $data == '' || $read != '' || (substr(rtrim($data), -1) != '>')));
+		while (time() <= $start + $timeout && !feof($this->connection) && ($wait || $data == '' || $read != '' || (substr(rtrim($data), -1) != '>')));
 
 		if ($data != '')
 		{
@@ -385,7 +385,6 @@ class jabber
 		{
 			case 'stream:stream':
 				// Connection initialised (or after authentication). Not much to do here...
-				$this->session['id'] = $xml['stream:stream'][0]['@']['id'];
 
 				if (isset($xml['stream:stream'][0]['#']['stream:features']))
 				{
@@ -397,6 +396,16 @@ class jabber
 					$this->features = $this->listen();
 				}
 
+				$second_time = isset($this->session['id']);
+				$this->session['id'] = $xml['stream:stream'][0]['@']['id'];
+
+				if ($second_time)
+				{
+					// If we are here for the second time after TLS, we need to continue logging in
+					$this->login();
+					return;
+				}
+
 				// go on with authentication?
 				if (isset($this->features['stream:features'][0]['#']['bind']) || !empty($this->session['tls']))
 				{
@@ -519,9 +528,10 @@ class jabber
 						'response'	=> $this->encrypt_password(array_merge($decoded, array('nc' => '00000001'))),
 						'charset'	=> 'utf-8',
 						'nc'		=> '00000001',
+						'qop'		=> 'auth',			// only auth being supported
 					);
 
-					foreach (array('nonce', 'qop', 'digest-uri', 'realm', 'cnonce') as $key)
+					foreach (array('nonce', 'digest-uri', 'realm', 'cnonce') as $key)
 					{
 						if (isset($decoded[$key]))
 						{

phpBB/includes/functions_messenger.php

@@ -1056,8 +1056,7 @@ class smtp_class
 		global $user;
 
 		$err_msg = '';
-		$local_host = php_uname('n');
+		$local_host = (function_exists('php_uname')) ? php_uname('n') : $user->host;
-		$local_host = (empty($local_host)) ? 'localhost' : $local_host;
 
 		// If we are authenticating through pop-before-smtp, we
 		// have to login ones before we get authenticated
@@ -1332,7 +1331,7 @@ class smtp_class
 		// Realm
 		if (empty($tokens['realm']))
 		{
-			$tokens['realm'] = php_uname('n');
+			$tokens['realm'] = (function_exists('php_uname')) ? php_uname('n') : $user->host;
 		}
 
 		// Maxbuf

phpBB/includes/functions_module.php

@@ -309,7 +309,7 @@ class p_master
 				break;
 
 				default:
-					if (!preg_match('#(?:acl_([a-z_]+)(,\$id)?)|(?:\$id)|(?:aclf_([a-z_]+))|(?:cfg_([a-z_]+))|(?:request_([a-z_]+))#', $token))
+					if (!preg_match('#(?:acl_([a-z0-9_]+)(,\$id)?)|(?:\$id)|(?:aclf_([a-z0-9_]+))|(?:cfg_([a-z0-9_]+))|(?:request_([a-zA-Z0-9_]+))#', $token))
 					{
 						$token = '';
 					}
@@ -325,7 +325,7 @@ class p_master
 		$forum_id = ($forum_id === false) ? $this->acl_forum_id : $forum_id;
 
 		$is_auth = false;
-		eval('$is_auth = (int) (' . preg_replace(array('#acl_([a-z_]+)(,\$id)?#', '#\$id#', '#aclf_([a-z_]+)#', '#cfg_([a-z_]+)#', '#request_([a-z_]+)#'), array('(int) $auth->acl_get(\'\\1\'\\2)', '(int) $forum_id', '(int) $auth->acl_getf_global(\'\\1\')', '(int) $config[\'\\1\']', '!empty($_REQUEST[\'\\1\'])'), $module_auth) . ');');
+		eval('$is_auth = (int) (' . preg_replace(array('#acl_([a-z0-9_]+)(,\$id)?#', '#\$id#', '#aclf_([a-z0-9_]+)#', '#cfg_([a-z0-9_]+)#', '#request_([a-zA-Z0-9_]+)#'), array('(int) $auth->acl_get(\'\\1\'\\2)', '(int) $forum_id', '(int) $auth->acl_getf_global(\'\\1\')', '(int) $config[\'\\1\']', '!empty($_REQUEST[\'\\1\'])'), $module_auth) . ');');
 
 		return $is_auth;
 	}
@@ -677,7 +677,7 @@ class p_master
 			}
 
 			// Select first id we can get
-			if (!$current_id && (in_array($item_ary['id'], array_keys($this->module_cache['parents'])) || $item_ary['id'] == $this->p_id))
+			if (!$current_id && (isset($this->module_cache['parents'][$item_ary['id']]) || $item_ary['id'] == $this->p_id))
 			{
 				$current_id = $item_ary['id'];
 			}
@@ -710,7 +710,7 @@ class p_master
 
 				$tpl_ary = array(
 					'L_TITLE'		=> $item_ary['lang'],
-					'S_SELECTED'	=> (in_array($item_ary['id'], array_keys($this->module_cache['parents'])) || $item_ary['id'] == $this->p_id) ? true : false,
+					'S_SELECTED'	=> (isset($this->module_cache['parents'][$item_ary['id']]) || $item_ary['id'] == $this->p_id) ? true : false,
 					'U_TITLE'		=> $u_title
 				);
 
@@ -719,7 +719,7 @@ class p_master
 
 			$tpl_ary = array(
 				'L_TITLE'		=> $item_ary['lang'],
-				'S_SELECTED'	=> (in_array($item_ary['id'], array_keys($this->module_cache['parents'])) || $item_ary['id'] == $this->p_id) ? true : false,
+				'S_SELECTED'	=> (isset($this->module_cache['parents'][$item_ary['id']]) || $item_ary['id'] == $this->p_id) ? true : false,
 				'U_TITLE'		=> $u_title
 			);
 

phpBB/includes/functions_posting.php

@@ -618,6 +618,11 @@ function create_thumbnail($source, $destination, $mimetype)
 	// Only use imagemagick if defined and the passthru function not disabled
 	if ($config['img_imagick'] && function_exists('passthru'))
 	{
+		if (substr($config['img_imagick'], -1) !== '/')
+		{
+			$config['img_imagick'] .= '/';
+		}
+
 		@passthru(escapeshellcmd($config['img_imagick']) . 'convert' . ((defined('PHP_OS') && preg_match('#^win#i', PHP_OS)) ? '.exe' : '') . ' -quality 85 -antialias -sample ' . $new_width . 'x' . $new_height . ' "' . str_replace('\\', '/', $source) . '" +profile "*" "' . str_replace('\\', '/', $destination) . '"');
 
 		if (file_exists($destination))
@@ -934,7 +939,8 @@ function topic_review($topic_id, $forum_id, $mode = 'topic_review', $cur_post_id
 		WHERE p.topic_id = $topic_id
 			" . ((!$auth->acl_get('m_approve', $forum_id)) ? 'AND p.post_approved = 1' : '') . '
 			' . (($mode == 'post_review') ? " AND p.post_id > $cur_post_id" : '') . '
-		ORDER BY p.post_time DESC';
+		ORDER BY p.post_time ';
+	$sql .= ($mode == 'post_review') ? 'ASC' : 'DESC';
 	$result = $db->sql_query_limit($sql, $config['posts_per_page']);
 
 	$post_list = array();
@@ -1105,7 +1111,7 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id
 		trigger_error('WRONG_NOTIFICATION_MODE');
 	}
 
-	if (!$config['allow_topic_notify'])
+	if (($topic_notification && !$config['allow_topic_notify']) || ($forum_notification && !$config['allow_forum_notify']))
 	{
 		return;
 	}
@@ -1115,16 +1121,15 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id
 
 	// Get banned User ID's
 	$sql = 'SELECT ban_userid
-		FROM ' . BANLIST_TABLE;
+		FROM ' . BANLIST_TABLE . '
+		WHERE ban_userid <> 0
+			AND ban_exclude <> 1';
 	$result = $db->sql_query($sql);
 
 	$sql_ignore_users = ANONYMOUS . ', ' . $user->data['user_id'];
 	while ($row = $db->sql_fetchrow($result))
 	{
-		if (isset($row['ban_userid']))
+		$sql_ignore_users .= ', ' . (int) $row['ban_userid'];
-		{
-			$sql_ignore_users .= ', ' . $row['ban_userid'];
-		}
 	}
 	$db->sql_freeresult($result);
 
@@ -1326,9 +1331,21 @@ function delete_post($forum_id, $topic_id, $post_id, &$data)
 	global $config, $phpEx, $phpbb_root_path;
 
 	// Specify our post mode
-	$post_mode = ($data['topic_first_post_id'] == $data['topic_last_post_id']) ? 'delete_topic' : (($data['topic_first_post_id'] == $post_id) ? 'delete_first_post' : (($data['topic_last_post_id'] == $post_id) ? 'delete_last_post' : 'delete'));
+	$post_mode = 'delete';
+	if (($data['topic_first_post_id'] === $data['topic_last_post_id']) && $data['topic_replies_real'] == 0)
+	{
+		$post_mode = 'delete_topic';
+	}
+	else if ($data['topic_first_post_id'] == $post_id)
+	{
+		$post_mode = 'delete_first_post';
+	} 
+	else if ($data['topic_last_post_id'] == $post_id)
+	{
+		$post_mode = 'delete_last_post';
+	}
 	$sql_data = array();
-	$next_post_id = 0;
+	$next_post_id = false;
 
 	include_once($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
 
@@ -2013,7 +2030,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 
 		foreach ($data['attachment_data'] as $pos => $attach_row)
 		{
-			if ($attach_row['is_orphan'] && !in_array($attach_row['attach_id'], array_keys($orphan_rows)))
+			if ($attach_row['is_orphan'] && !isset($orphan_rows[$attach_row['attach_id']]))
 			{
 				continue;
 			}

phpBB/includes/functions_privmsgs.php

@@ -606,7 +606,7 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false)
 
 		unset($sql_folder);
 
-		if (in_array(PRIVMSGS_INBOX, array_keys($move_into_folder)))
+		if (isset($move_into_folder[PRIVMSGS_INBOX]))
 		{
 			$sql = 'SELECT COUNT(msg_id) as num_messages
 				FROM ' . PRIVMSGS_TO_TABLE . "
@@ -1506,7 +1506,7 @@ function submit_pm($mode, $subject, &$data, $put_in_outbox = true)
 
 		foreach ($data['attachment_data'] as $pos => $attach_row)
 		{
-			if ($attach_row['is_orphan'] && !in_array($attach_row['attach_id'], array_keys($orphan_rows)))
+			if ($attach_row['is_orphan'] && !isset($orphan_rows[$attach_row['attach_id']]))
 			{
 				continue;
 			}

phpBB/includes/functions_profile_fields.php

@@ -488,7 +488,8 @@ class custom_profile
 				else if ($day && $month && $year)
 				{
 					global $user;
-					return $user->format_date(mktime(0, 0, 0, $month, $day, $year), $user->lang['DATE_FORMAT'], true);
+					// d/m/y 00:00 GMT isn't necessarily on the same d/m/y in the user's timezone, so add the timezone seconds
+					return $user->format_date(gmmktime(0, 0, 0, $month, $day, $year) + $user->timezone + $user->dst, $user->lang['DATE_FORMAT'], true);
 				}
 
 				return $value;
@@ -666,7 +667,7 @@ class custom_profile
 		}
 
 		$profile_row['s_year_options'] = '<option value="0"' . ((!$year) ? ' selected="selected"' : '') . '>--</option>';
-		for ($i = $now['year'] - 100; $i <= $now['year']; $i++)
+		for ($i = $now['year'] - 100; $i <= $now['year'] + 100; $i++)
 		{
 			$profile_row['s_year_options'] .= '<option value="' . $i . '"' . (($i == $year) ? ' selected="selected"' : '') . ">$i</option>";
 		}
@@ -871,13 +872,13 @@ class custom_profile
 				}
 				else
 				{
-					$var = request_var($var_name, $profile_row['field_default_value']);
+					$var = request_var($var_name, (int) $profile_row['field_default_value']);
 				}
 			break;
 
 			case FIELD_STRING:
 			case FIELD_TEXT:
-				$var = utf8_normalize_nfc(request_var($var_name, $profile_row['field_default_value'], true));
+				$var = utf8_normalize_nfc(request_var($var_name, (string) $profile_row['field_default_value'], true));
 			break;
 
 			case FIELD_INT:
@@ -887,10 +888,14 @@ class custom_profile
 				}
 				else
 				{
-					$var = request_var($var_name, $profile_row['field_default_value']);
+					$var = request_var($var_name, (int) $profile_row['field_default_value']);
 				}
 			break;
 
+			case FIELD_DROPDOWN:
+				$var = request_var($var_name, (int) $profile_row['field_default_value']);
+			break;
+
 			default:
 				$var = request_var($var_name, $profile_row['field_default_value']);
 			break;

phpBB/includes/functions_upload.php

@@ -386,8 +386,8 @@ class filespec
 		// Filesize is too big or it's 0 if it was larger than the maxsize in the upload form
 		if ($this->upload->max_filesize && ($this->get('filesize') > $this->upload->max_filesize || $this->filesize == 0))
 		{
-			$size_lang = ($this->upload->max_filesize >= 1048576) ? $user->lang['MB'] : (($this->upload->max_filesize >= 1024) ? $user->lang['KB'] : $user->lang['BYTES'] );
+			$size_lang = ($this->upload->max_filesize >= 1048576) ? $user->lang['MIB'] : (($this->upload->max_filesize >= 1024) ? $user->lang['KIB'] : $user->lang['BYTES'] );
-			$max_filesize = ($this->upload->max_filesize >= 1048576) ? round($this->upload->max_filesize / 1048576 * 100) / 100 : (($this->upload->max_filesize >= 1024) ? round($this->upload->max_filesize / 1024 * 100) / 100 : $this->upload->max_filesize);
+			$max_filesize = get_formatted_filesize($this->upload->max_filesize, false);
 	
 			$this->error[] = sprintf($user->lang[$this->upload->error_prefix . 'WRONG_FILESIZE'], $max_filesize, $size_lang);
 
@@ -777,8 +777,8 @@ class fileupload
 			break;
 
 			case 2:
-				$size_lang = ($this->max_filesize >= 1048576) ? $user->lang['MB'] : (($this->max_filesize >= 1024) ? $user->lang['KB'] : $user->lang['BYTES'] );
+				$size_lang = ($this->max_filesize >= 1048576) ? $user->lang['MIB'] : (($this->max_filesize >= 1024) ? $user->lang['KIB'] : $user->lang['BYTES']);
-				$max_filesize = ($this->max_filesize >= 1048576) ? round($this->max_filesize / 1048576 * 100) / 100 : (($this->max_filesize >= 1024) ? round($this->max_filesize / 1024 * 100) / 100 : $this->max_filesize);
+				$max_filesize = get_formatted_filesize($this->max_filesize, false);
 
 				$error = sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize, $size_lang);
 			break;
@@ -813,8 +813,8 @@ class fileupload
 		// Filesize is too big or it's 0 if it was larger than the maxsize in the upload form
 		if ($this->max_filesize && ($file->get('filesize') > $this->max_filesize || $file->get('filesize') == 0))
 		{
-			$size_lang = ($this->max_filesize >= 1048576) ? $user->lang['MB'] : (($this->max_filesize >= 1024) ? $user->lang['KB'] : $user->lang['BYTES'] );
+			$size_lang = ($this->max_filesize >= 1048576) ? $user->lang['MIB'] : (($this->max_filesize >= 1024) ? $user->lang['KIB'] : $user->lang['BYTES']);
-			$max_filesize = ($this->max_filesize >= 1048576) ? round($this->max_filesize / 1048576 * 100) / 100 : (($this->max_filesize >= 1024) ? round($this->max_filesize / 1024 * 100) / 100 : $this->max_filesize);
+			$max_filesize = get_formatted_filesize($this->max_filesize, false);
 
 			$file->error[] = sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize, $size_lang);
 		}

phpBB/includes/functions_user.php

@@ -137,10 +137,17 @@ function user_update_name($old_name, $new_name)
 	{
 		set_config('newest_username', $new_name, true);
 	}
+
+	// Because some tables/caches use username-specific data we need to purge this here.
+	$cache->destroy('sql', MODERATOR_CACHE_TABLE);
 }
 
 /**
-* Add User
+* Adds an user
+*
+* @param mixed $user_row An array containing the following keys (and the appropriate values): username, group_id (the group to place the user in), user_email and the user_type(usually 0). Additional entries not overridden by defaults will be forwarded.
+* @param string $cp_data custom profile fields, see custom_profile::build_insert_sql_array
+* @return: the new user's ID.
 */
 function user_add($user_row, $cp_data = false)
 {
@@ -278,7 +285,7 @@ function user_add($user_row, $cp_data = false)
 
 		$sql = 'SELECT group_colour
 			FROM ' . GROUPS_TABLE . '
-			WHERE group_id = ' . $user_row['group_id'];
+			WHERE group_id = ' . (int) $user_row['group_id'];
 		$result = $db->sql_query_limit($sql, 1);
 		$row = $db->sql_fetchrow($result);
 		$db->sql_freeresult($result);
@@ -1260,6 +1267,45 @@ function validate_num($num, $optional = false, $min = 0, $max = 1E99)
 	return false;
 }
 
+/**
+* Validate Date
+* @param String $string a date in the dd-mm-yyyy format
+* @return	boolean
+*/
+function validate_date($date_string, $optional = false)
+{
+	$date = explode('-', $date_string);
+	if ((empty($date) || sizeof($date) != 3) && $optional)
+	{
+		return false;
+	}
+	else if ($optional)
+	{
+		for ($field = 0; $field <= 1; $field++)
+		{
+			$date[$field] = (int) $date[$field];
+			if (empty($date[$field]))
+			{
+				$date[$field] = 1;
+			}
+		}
+		$date[2] = (int) $date[2];
+		// assume an arbitrary leap year
+		if (empty($date[2]))
+		{
+			$date[2] = 1980;
+		}
+	}
+
+	if (sizeof($date) != 3 || !checkdate($date[1], $date[0], $date[2]))
+	{
+		return 'INVALID';
+	}
+
+	return false;
+}
+
+
 /**
 * Validate Match
 *
@@ -1433,20 +1479,6 @@ function validate_username($username, $allowed_username = false)
 		}
 	}
 
-	$sql = 'SELECT word
-		FROM ' . WORDS_TABLE;
-	$result = $db->sql_query($sql);
-
-	while ($row = $db->sql_fetchrow($result))
-	{
-		if (preg_match('#(' . str_replace('\*', '.*?', preg_quote($row['word'], '#')) . ')#i', $username))
-		{
-			$db->sql_freeresult($result);
-			return 'USERNAME_DISALLOWED';
-		}
-	}
-	$db->sql_freeresult($result);
-
 	return false;
 }
 
@@ -3088,7 +3120,7 @@ function group_set_user_default($group_id, $user_id_ary, $group_attributes = fal
 	}
 
 	// Before we update the user attributes, we will make a list of those having now the group avatar assigned
-	if (in_array('user_avatar', array_keys($sql_ary)))
+	if (isset($sql_ary['user_avatar']))
 	{
 		// Ok, get the original avatar data from users having an uploaded one (we need to remove these from the filesystem)
 		$sql = 'SELECT user_id, group_id, user_avatar
@@ -3114,7 +3146,7 @@ function group_set_user_default($group_id, $user_id_ary, $group_attributes = fal
 		WHERE ' . $db->sql_in_set('user_id', $user_id_ary);
 	$db->sql_query($sql);
 
-	if (in_array('user_colour', array_keys($sql_ary)))
+	if (isset($sql_ary['user_colour']))
 	{
 		// Update any cached colour information for these users
 		$sql = 'UPDATE ' . FORUMS_TABLE . " SET forum_last_poster_colour = '" . $db->sql_escape($sql_ary['user_colour']) . "'

phpBB/includes/mcp/mcp_forum.php

@@ -146,8 +146,8 @@ function mcp_forum_view($id, $mode, $action, $forum_info)
 		$read_tracking_join = $read_tracking_select = '';
 	}
 
-	$sql = "SELECT t.*$read_tracking_select
+	$sql = "SELECT t.topic_id
-		FROM " . TOPICS_TABLE . " t $read_tracking_join
+		FROM " . TOPICS_TABLE . " t
 		WHERE t.forum_id IN($forum_id, 0)
 			" . (($auth->acl_get('m_approve', $forum_id)) ? '' : 'AND t.topic_approved = 1') . "
 			$limit_time_sql
@@ -155,10 +155,21 @@ function mcp_forum_view($id, $mode, $action, $forum_info)
 	$result = $db->sql_query_limit($sql, $topics_per_page, $start);
 
 	$topic_list = $topic_tracking_info = array();
+
+	while ($row = $db->sql_fetchrow($result))
+	{
+		$topic_list[] = $row['topic_id'];
+	}
+	$db->sql_freeresult($result);
+
+	$sql = "SELECT t.*$read_tracking_select
+		FROM " . TOPICS_TABLE . " t $read_tracking_join
+		WHERE " . $db->sql_in_set('t.topic_id', $topic_list);
+
+	$result = $db->sql_query($sql);
 	while ($row = $db->sql_fetchrow($result))
 	{
 		$topic_rows[$row['topic_id']] = $row;
-		$topic_list[] = $row['topic_id'];
 	}
 	$db->sql_freeresult($result);
 
@@ -181,10 +192,12 @@ function mcp_forum_view($id, $mode, $action, $forum_info)
 		}
 	}
 
-	foreach ($topic_rows as $topic_id => $row)
+	foreach ($topic_list as $topic_id)
 	{
 		$topic_title = '';
 
+		$row = &$topic_rows[$topic_id];
+
 		$replies = ($auth->acl_get('m_approve', $forum_id)) ? $row['topic_replies_real'] : $row['topic_replies'];
 
 		if ($row['topic_status'] == ITEM_MOVED)

phpBB/includes/mcp/mcp_reports.php

@@ -186,7 +186,7 @@ class mcp_reports
 
 				$template->assign_vars(array(
 					'S_MCP_REPORT'			=> true,
-					'S_CLOSE_ACTION'		=> $this->u_action . '&p=' . $post_id . '&f=' . $forum_id,
+					'S_CLOSE_ACTION'		=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=reports&mode=report_details&f=' . $post_info['forum_id'] . '&p=' . $post_id),
 					'S_CAN_VIEWIP'			=> $auth->acl_get('m_info', $post_info['forum_id']),
 					'S_POST_REPORTED'		=> $post_info['post_reported'],
 					'S_POST_UNAPPROVED'		=> !$post_info['post_approved'],

phpBB/includes/message_parser.php

@@ -198,7 +198,7 @@ class bbcode_firstpass extends bbcode
 
 		if (!$this->check_bbcode('size', $in))
 		{
-			return '';
+			return $in;
 		}
 
 		if ($config['max_' . $this->mode . '_font_size'] && $config['max_' . $this->mode . '_font_size'] < $stx)
@@ -224,7 +224,7 @@ class bbcode_firstpass extends bbcode
 	{
 		if (!$this->check_bbcode('color', $in))
 		{
-			return '';
+			return $in;
 		}
 
 		return '[color=' . $stx . ':' . $this->bbcode_uid . ']' . $in . '[/color:' . $this->bbcode_uid . ']';
@@ -237,7 +237,7 @@ class bbcode_firstpass extends bbcode
 	{
 		if (!$this->check_bbcode('u', $in))
 		{
-			return '';
+			return $in;
 		}
 
 		return '[u:' . $this->bbcode_uid . ']' . $in . '[/u:' . $this->bbcode_uid . ']';
@@ -250,7 +250,7 @@ class bbcode_firstpass extends bbcode
 	{
 		if (!$this->check_bbcode('b', $in))
 		{
-			return '';
+			return $in;
 		}
 
 		return '[b:' . $this->bbcode_uid . ']' . $in . '[/b:' . $this->bbcode_uid . ']';
@@ -263,7 +263,7 @@ class bbcode_firstpass extends bbcode
 	{
 		if (!$this->check_bbcode('i', $in))
 		{
-			return '';
+			return $in;
 		}
 
 		return '[i:' . $this->bbcode_uid . ']' . $in . '[/i:' . $this->bbcode_uid . ']';
@@ -278,7 +278,7 @@ class bbcode_firstpass extends bbcode
 
 		if (!$this->check_bbcode('img', $in))
 		{
-			return '';
+			return $in;
 		}
 
 		$in = trim($in);
@@ -340,7 +340,7 @@ class bbcode_firstpass extends bbcode
 
 		if (!$this->check_bbcode('flash', $in))
 		{
-			return '';
+			return $in;
 		}
 
 		$in = trim($in);
@@ -377,7 +377,7 @@ class bbcode_firstpass extends bbcode
 	{
 		if (!$this->check_bbcode('attachment', $in))
 		{
-			return '';
+			return $in;
 		}
 
 		return '[attachment=' . $stx . ':' . $this->bbcode_uid . ']<!-- ia' . $stx . ' -->' . trim($in) . '<!-- ia' . $stx . ' -->[/attachment:' . $this->bbcode_uid . ']';
@@ -457,7 +457,7 @@ class bbcode_firstpass extends bbcode
 	{
 		if (!$this->check_bbcode('code', $in))
 		{
-			return '';
+			return $in;
 		}
 
 		// We remove the hardcoded elements from the code block here because it is not used in code blocks
@@ -550,7 +550,7 @@ class bbcode_firstpass extends bbcode
 	{
 		if (!$this->check_bbcode('list', $in))
 		{
-			return '';
+			return $in;
 		}
 
 		// $tok holds characters to stop at. Since the string starts with a '[' we'll get everything up to the first ']' which should be the opening [list] tag
@@ -684,7 +684,8 @@ class bbcode_firstpass extends bbcode
 		* #14667 - [quote]test[/quote] test ] and [ test [quote]test[/quote] (correct: parsed)
 		* #14770 - [quote="["]test[/quote] (correct: parsed)
 		* [quote="[i]test[/i]"]test[/quote] (correct: parsed)
-		* [quote="[quote]test[/quote]"]test[/quote] (correct: NOT parsed)
+		* [quote="[quote]test[/quote]"]test[/quote] (correct: parsed - Username displayed as [quote]test[/quote])
+		* #20735 - [quote]test[/[/b]quote] test [/quote][/quote] test - (correct: quoted: "test[/[/b]quote] test" / non-quoted: "[/quote] test" - also failed if layout distorted)
 		*/
 
 		$in = str_replace("\r\n", "\n", str_replace('\"', '"', trim($in)));
@@ -737,7 +738,7 @@ class bbcode_firstpass extends bbcode
 						$out .= ' ';
 					}*/
 				}
-				else if (preg_match('#^quote(?:=&quot;(.*?)&quot;)?$#is', $buffer, $m))
+				else if (preg_match('#^quote(?:=&quot;(.*?)&quot;)?$#is', $buffer, $m) && substr($out, -1, 1) == '[')
 				{
 					$this->parsed_items['quote']++;
 
@@ -913,9 +914,14 @@ class bbcode_firstpass extends bbcode
 
 		$url = ($var1) ? $var1 : $var2;
 
-		if (!$url || ($var1 && !$var2))
+		if ($var1 && !$var2)
 		{
-			return '';
+			$var2 = $var1;
+		}
+
+		if (!$url)
+		{
+			return '[url' . (($var1) ? '=' . $var1 : '') . ']' . $var2 . '[/url]';
 		}
 
 		$valid = false;
@@ -978,7 +984,7 @@ class bbcode_firstpass extends bbcode
 		// Is the user trying to link to a php file in this domain and script path?
 		if (strpos($url, ".{$phpEx}") !== false && strpos($url, $check_path) !== false)
 		{
-			$server_name = (!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME');
+			$server_name = $user->host;
 
 			// Forcing server vars is the only way to specify/override the protocol
 			if ($config['force_server_vars'] || !$server_name)
@@ -1083,15 +1089,15 @@ class parse_message extends bbcode_firstpass
 			if ((!$msg_len && $mode !== 'sig') || $config['max_' . $mode . '_chars'] && $msg_len > $config['max_' . $mode . '_chars'])
 			{
 				$this->warn_msg[] = (!$msg_len) ? $user->lang['TOO_FEW_CHARS'] : sprintf($user->lang['TOO_MANY_CHARS_' . strtoupper($mode)], $msg_len, $config['max_' . $mode . '_chars']);
-				return $this->warn_msg;
+				return (!$update_this_message) ? $return_message : $this->warn_msg;
 			}
 		}
 
 		// Check for "empty" message
-		if ($mode !== 'sig' && !utf8_clean_string($this->message))
+		if ($mode !== 'sig' && utf8_clean_string($this->message) === '')
 		{
 			$this->warn_msg[] = $user->lang['TOO_FEW_CHARS'];
-			return $this->warn_msg;
+			return (!$update_this_message) ? $return_message : $this->warn_msg;
 		}
 
 		// Prepare BBcode (just prepares some tags for better parsing)
@@ -1140,7 +1146,7 @@ class parse_message extends bbcode_firstpass
 		if ($config['max_' . $mode . '_urls'] && $num_urls > $config['max_' . $mode . '_urls'])
 		{
 			$this->warn_msg[] = sprintf($user->lang['TOO_MANY_URLS'], $config['max_' . $mode . '_urls']);
-			return $this->warn_msg;
+			return (!$update_this_message) ? $return_message : $this->warn_msg;
 		}
 
 		if (!$update_this_message)
@@ -1597,7 +1603,6 @@ class parse_message extends bbcode_firstpass
 		$this->message = $poll['poll_option_text'];
 		$bbcode_bitfield = $this->bbcode_bitfield;
 
-
 		$poll['poll_option_text'] = $this->parse($poll['enable_bbcode'], ($config['allow_post_links']) ? $poll['enable_urls'] : false, $poll['enable_smilies'], $poll['img_status'], false, false, $config['allow_post_links'], false);
 
 		$bbcode_bitfield = base64_encode(base64_decode($bbcode_bitfield) | base64_decode($this->bbcode_bitfield));

phpBB/includes/session.php

@@ -129,7 +129,8 @@ class session
 			'script_path'		=> str_replace(' ', '%20', htmlspecialchars($script_path)),
 			'root_script_path'	=> str_replace(' ', '%20', htmlspecialchars($root_script_path)),
 
-			'page'				=> $page
+			'page'				=> $page,
+			'forum'				=> (isset($_REQUEST['f']) && $_REQUEST['f'] > 0) ? (int) $_REQUEST['f'] : 0,
 		);
 
 		return $page_array;
@@ -158,7 +159,7 @@ class session
 		$this->update_session_page	= $update_session_page;
 		$this->browser				= (!empty($_SERVER['HTTP_USER_AGENT'])) ? htmlspecialchars((string) $_SERVER['HTTP_USER_AGENT']) : '';
 		$this->forwarded_for		= (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) ? (string) $_SERVER['HTTP_X_FORWARDED_FOR'] : '';
-		$this->host					= (!empty($_SERVER['HTTP_HOST'])) ? (string) $_SERVER['HTTP_HOST'] : 'localhost';
+		$this->host					= (!empty($_SERVER['HTTP_HOST'])) ? (string) strtolower($_SERVER['HTTP_HOST']) : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME'));
 		$this->page					= $this->extract_current_page($phpbb_root_path);
 
 		// if the forwarded for header shall be checked we have to validate its contents
@@ -179,9 +180,10 @@ class session
 				}
 			}
 		}
-
+		else
-		// Add forum to the page for tracking online users - also adding a "x" to the end to properly identify the number
+		{
-		$this->page['page'] .= (isset($_REQUEST['f'])) ? ((strpos($this->page['page'], '?') !== false) ? '&' : '?') . '_f_=' . (int) $_REQUEST['f'] . 'x' : '';
+			$this->forwarded_for = '';
+		}
 
 		if (isset($_COOKIE[$config['cookie_name'] . '_sid']) || isset($_COOKIE[$config['cookie_name'] . '_u']))
 		{
@@ -256,8 +258,8 @@ class session
 					$u_ip = implode('.', array_slice(explode('.', $this->ip), 0, $config['ip_check']));
 				}
 
-				$s_browser = ($config['browser_check']) ? strtolower(substr($this->data['session_browser'], 0, 149)) : '';
+				$s_browser = ($config['browser_check']) ? trim(strtolower(substr($this->data['session_browser'], 0, 149))) : '';
-				$u_browser = ($config['browser_check']) ? strtolower(substr($this->browser, 0, 149)) : '';
+				$u_browser = ($config['browser_check']) ? trim(strtolower(substr($this->browser, 0, 149))) : '';
 
 				$s_forwarded_for = ($config['forwarded_for_check']) ? substr($this->data['session_forwarded_for'], 0, 254) : '';
 				$u_forwarded_for = ($config['forwarded_for_check']) ? substr($this->forwarded_for, 0, 254) : '';
@@ -306,6 +308,7 @@ class session
 							if ($this->update_session_page)
 							{
 								$sql_ary['session_page'] = substr($this->page['page'], 0, 199);
+								$sql_ary['session_forum_id'] = $this->page['forum'];
 							}
 
 							$sql = 'UPDATE ' . SESSIONS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
@@ -526,8 +529,8 @@ class session
 				$u_ip = implode('.', array_slice(explode('.', $this->ip), 0, $config['ip_check']));
 			}
 
-			$s_browser = ($config['browser_check']) ? strtolower(substr($this->data['session_browser'], 0, 149)) : '';
+			$s_browser = ($config['browser_check']) ? trim(strtolower(substr($this->data['session_browser'], 0, 149))) : '';
-			$u_browser = ($config['browser_check']) ? strtolower(substr($this->browser, 0, 149)) : '';
+			$u_browser = ($config['browser_check']) ? trim(strtolower(substr($this->browser, 0, 149))) : '';
 
 			$s_forwarded_for = ($config['forwarded_for_check']) ? substr($this->data['session_forwarded_for'], 0, 254) : '';
 			$u_forwarded_for = ($config['forwarded_for_check']) ? substr($this->forwarded_for, 0, 254) : '';
@@ -546,6 +549,7 @@ class session
 					if ($this->update_session_page)
 					{
 						$sql_ary['session_page'] = substr($this->page['page'], 0, 199);
+						$sql_ary['session_forum_id'] = $this->page['forum'];
 					}
 
 					$sql = 'UPDATE ' . SESSIONS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
@@ -579,7 +583,7 @@ class session
 			'session_start'			=> (int) $this->time_now,
 			'session_last_visit'	=> (int) $this->data['session_last_visit'],
 			'session_time'			=> (int) $this->time_now,
-			'session_browser'		=> (string) substr($this->browser, 0, 149),
+			'session_browser'		=> (string) trim(substr($this->browser, 0, 149)),
 			'session_forwarded_for'	=> (string) $this->forwarded_for,
 			'session_ip'			=> (string) $this->ip,
 			'session_autologin'		=> ($session_autologin) ? 1 : 0,
@@ -590,6 +594,7 @@ class session
 		if ($this->update_session_page)
 		{
 			$sql_ary['session_page'] = (string) substr($this->page['page'], 0, 199);
+			$sql_ary['session_forum_id'] = $this->page['forum'];
 		}
 
 		$db->sql_return_on_error(true);
@@ -604,6 +609,8 @@ class session
 			// Limit new sessions in 1 minute period (if required)
 			if (empty($this->data['session_time']) && $config['active_sessions'])
 			{
+//				$db->sql_return_on_error(false);
+
 				$sql = 'SELECT COUNT(session_id) AS sessions
 					FROM ' . SESSIONS_TABLE . '
 					WHERE session_time >= ' . ($this->time_now - 60);
@@ -619,10 +626,15 @@ class session
 			}
 		}
 
+		// Since we re-create the session id here, the inserted row must be unique. Therefore, we display potential errors.
+		// Commented out because it will not allow forums to update correctly
+//		$db->sql_return_on_error(false);
+
 		$this->session_id = $this->data['session_id'] = md5(unique_id());
 
 		$sql_ary['session_id'] = (string) $this->session_id;
 		$sql_ary['session_page'] = (string) substr($this->page['page'], 0, 199);
+		$sql_ary['session_forum_id'] = $this->page['forum'];
 
 		$sql = 'INSERT INTO ' . SESSIONS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
 		$db->sql_query($sql);
@@ -653,7 +665,7 @@ class session
 			$sql = 'SELECT COUNT(session_id) AS sessions
 					FROM ' . SESSIONS_TABLE . '
 					WHERE session_user_id = ' . (int) $this->data['user_id'] . '
-					AND session_time >= ' . ($this->time_now - $config['form_token_lifetime']);
+					AND session_time >= ' . (int) ($this->time_now - (max($config['session_length'], $config['form_token_lifetime'])));
 			$result = $db->sql_query($sql);
 			$row = $db->sql_fetchrow($result);
 			$db->sql_freeresult($result);
@@ -872,7 +884,11 @@ class session
 	/**
 	* Sets a cookie
 	*
-	* Sets a cookie of the given name with the specified data for the given length of time.
+	* Sets a cookie of the given name with the specified data for the given length of time. If no time is specified, a session cookie will be set.
+	*
+	* @param string $name		Name of the cookie, will be automatically prefixed with the phpBB cookie name. track becomes [cookie_name]_track then.
+	* @param string $cookiedata	The data to hold within the cookie
+	* @param int $cookietime	The expiration time as UNIX timestamp. If 0 is provided, a session cookie is set.
 	*/
 	function set_cookie($name, $cookiedata, $cookietime)
 	{
@@ -882,7 +898,7 @@ class session
 		$expire = gmdate('D, d-M-Y H:i:s \\G\\M\\T', $cookietime);
 		$domain = (!$config['cookie_domain'] || $config['cookie_domain'] == 'localhost' || $config['cookie_domain'] == '127.0.0.1') ? '' : '; domain=' . $config['cookie_domain'];
 
-		header('Set-Cookie: ' . $name_data . '; expires=' . $expire . '; path=' . $config['cookie_path'] . $domain . ((!$config['cookie_secure']) ? '' : '; secure') . '; HttpOnly', false);
+		header('Set-Cookie: ' . $name_data . (($cookietime) ? '; expires=' . $expire : '') . '; path=' . $config['cookie_path'] . $domain . ((!$config['cookie_secure']) ? '' : '; secure') . '; HttpOnly', false);
 	}
 
 	/**
@@ -1477,6 +1493,7 @@ class user extends session
 		$sql = 'SELECT image_name, image_filename, image_lang, image_height, image_width
 			FROM ' . STYLES_IMAGESET_DATA_TABLE . '
 			WHERE imageset_id = ' . $this->theme['imageset_id'] . "
+			AND image_filename <> ''
 			AND image_lang IN ('" . $db->sql_escape($this->img_lang) . "', '')";
 		$result = $db->sql_query($sql, 3600);
 

phpBB/includes/ucp/ucp_attachments.php

@@ -150,7 +150,7 @@ class ucp_attachments
 					'FILENAME'			=> $row['real_filename'],
 					'COMMENT'			=> bbcode_nl2br($row['attach_comment']),
 					'EXTENSION'			=> $row['extension'],
-					'SIZE'				=> ($row['filesize'] >= 1048576) ? ($row['filesize'] >> 20) . ' ' . $user->lang['MB'] : (($row['filesize'] >= 1024) ? ($row['filesize'] >> 10) . ' ' . $user->lang['KB'] : $row['filesize'] . ' ' . $user->lang['BYTES']),
+					'SIZE'				=> get_formatted_filesize($row['filesize']),
 					'DOWNLOAD_COUNT'	=> $row['download_count'],
 					'POST_TIME'			=> $user->format_date($row['filetime']),
 					'TOPIC_TITLE'		=> ($row['in_message']) ? $row['message_title'] : $row['topic_title'],

phpBB/includes/ucp/ucp_groups.php

@@ -127,6 +127,18 @@ class ucp_groups
 							}
 							list(, $row) = each($row);
 
+							$sql = 'SELECT group_type
+								FROM ' . GROUPS_TABLE . '
+								WHERE group_id = ' . $group_id;
+							$result = $db->sql_query($sql);
+							$group_type = (int) $db->sql_fetchfield('group_type');
+							$db->sql_freeresult($result);
+
+							if ($group_type != GROUP_OPEN && $group_type != GROUP_FREE)
+							{
+								trigger_error($user->lang['CANNOT_RESIGN_GROUP'] . $return_page);
+							}
+
 							if (confirm_box(true))
 							{
 								group_user_del($group_id, $user->data['user_id']);
@@ -697,8 +709,8 @@ class ucp_groups
 
 							'U_SWATCH'			=> append_sid("{$phpbb_root_path}adm/swatch.$phpEx", 'form=ucp&name=group_colour'),
 							'S_UCP_ACTION'		=> $this->u_action . "&action=$action&g=$group_id",
-							'L_AVATAR_EXPLAIN'	=> sprintf($user->lang['AVATAR_EXPLAIN'], $config['avatar_max_width'], $config['avatar_max_height'], round($config['avatar_filesize'] / 1024)))
+							'L_AVATAR_EXPLAIN'	=> sprintf($user->lang['AVATAR_EXPLAIN'], $config['avatar_max_width'], $config['avatar_max_height'], $config['avatar_filesize'] / 1024),
-						);
+						));
 
 					break;
 
@@ -1002,6 +1014,8 @@ class ucp_groups
 							{
 								trigger_error($user->lang[$error] . $return_page);
 							}
+
+							trigger_error($user->lang['GROUP_USERS_ADDED'] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $this->u_action . '&amp;action=list&amp;g=' . $group_id . '">', '</a>'));
 						}
 						else
 						{
@@ -1016,7 +1030,7 @@ class ucp_groups
 							confirm_box(false, sprintf($user->lang['GROUP_CONFIRM_ADD_USER' . ((sizeof($name_ary) == 1) ? '' : 'S')], implode(', ', $name_ary)), build_hidden_fields($s_hidden_fields));
 						}
 
-						trigger_error($user->lang['GROUP_USERS_ADDED'] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $this->u_action . '&amp;action=list&amp;g=' . $group_id . '">', '</a>'));
+						trigger_error($user->lang['NO_USERS_ADDED'] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $this->u_action . '&amp;action=list&amp;g=' . $group_id . '">', '</a>'));
 
 					break;
 

phpBB/includes/ucp/ucp_pm.php

@@ -92,7 +92,7 @@ class ucp_pm
 				{
 					if ($user->data['user_new_privmsg'])
 					{
-						$l_new_message = ($user->data['user_new_privmsg'] == 1 ) ? $user->lang['YOU_NEW_PM'] : $user->lang['YOU_NEW_PMS'];
+						$l_new_message = ($user->data['user_new_privmsg'] == 1) ? $user->lang['YOU_NEW_PM'] : $user->lang['YOU_NEW_PMS'];
 					}
 					else
 					{

phpBB/includes/ucp/ucp_pm_compose.php

@@ -465,7 +465,8 @@ function compose_pm($id, $mode, $action)
 					'forum_id'		=> 0,
 					'save_time'		=> $current_time,
 					'draft_subject'	=> $subject,
-					'draft_message'	=> $message)
+					'draft_message'	=> $message
+					)
 				);
 				$db->sql_query($sql);
 
@@ -488,18 +489,20 @@ function compose_pm($id, $mode, $action)
 					'g'			=> $to_group_id,
 					'p'			=> $msg_id)
 				);
+				$s_hidden_fields .= build_address_field($address_list);
+
 
 				confirm_box(false, 'SAVE_DRAFT', $s_hidden_fields);
 			}
 		}
 		else
 		{
-			if (!$subject || !utf8_clean_string($subject))
+			if (utf8_clean_string($subject) === '')
 			{
 				$error[] = $user->lang['EMPTY_MESSAGE_SUBJECT'];
 			}
 
-			if (!$message)
+			if (utf8_clean_string($message) === '')
 			{
 				$error[] = $user->lang['TOO_FEW_CHARS'];
 			}
@@ -541,7 +544,7 @@ function compose_pm($id, $mode, $action)
 
 	if ($submit || $preview || $refresh)
 	{
-		if (!check_form_key('ucp_pm_compose'))
+		if (($submit || $preview) && !check_form_key('ucp_pm_compose'))
 		{
 			$error[] = $user->lang['FORM_INVALID'];
 		}
@@ -600,7 +603,7 @@ function compose_pm($id, $mode, $action)
 		// Subject defined
 		if ($submit)
 		{
-			if (!$subject || !utf8_clean_string($subject))
+			if (utf8_clean_string($subject) === '')
 			{
 				$error[] = $user->lang['EMPTY_MESSAGE_SUBJECT'];
 			}
@@ -888,14 +891,8 @@ function compose_pm($id, $mode, $action)
 	}
 
 	// Build hidden address list
-	$s_hidden_address_field = '';
+	$s_hidden_address_field = build_address_field($address_list);
-	foreach ($address_list as $type => $adr_ary)
+	 
-	{
-		foreach ($adr_ary as $id => $field)
-		{
-			$s_hidden_address_field .= '<input type="hidden" name="address_list[' . (($type == 'u') ? 'u' : 'g') . '][' . (int) $id . ']" value="' . (($field == 'to') ? 'to' : 'bcc') . '" />';
-		}
-	}
 	
 	$bbcode_checked		= (isset($enable_bbcode)) ? !$enable_bbcode : (($config['allow_bbcode'] && $auth->acl_get('u_pm_bbcode')) ? !$user->optionget('bbcode') : 1);
 	$smilies_checked	= (isset($enable_smilies)) ? !$enable_smilies : (($config['allow_smilies'] && $auth->acl_get('u_pm_smilies')) ? !$user->optionget('smilies') : 1);
@@ -1117,6 +1114,22 @@ function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove
 	}
 }
 
+/** 
+* Build the hidden field for the recipients. Needed, as the variable is not read via request_var.
+*/
+function build_address_field($address_list)
+{
+	$s_hidden_address_field = '';
+	foreach ($address_list as $type => $adr_ary)
+	{
+		foreach ($adr_ary as $id => $field)
+		{
+			$s_hidden_address_field .= '<input type="hidden" name="address_list[' . (($type == 'u') ? 'u' : 'g') . '][' . (int) $id . ']" value="' . (($field == 'to') ? 'to' : 'bcc') . '" />';
+		}
+	}
+	return $s_hidden_address_field;
+}
+
 /**
 * Return number of private message recipients
 */

phpBB/includes/ucp/ucp_prefs.php

@@ -114,7 +114,7 @@ class ucp_prefs
 				$s_custom = false;
 
 				$dateformat_options .= '<option value="custom"';
-				if (!in_array($data['dateformat'], array_keys($user->lang['dateformats'])))
+				if (!isset($user->lang['dateformats'][$data['dateformat']]))
 				{
 					$dateformat_options .= ' selected="selected"';
 					$s_custom = true;

phpBB/includes/ucp/ucp_profile.php

@@ -295,6 +295,7 @@ class ucp_profile
 					$data['bday_day'] = request_var('bday_day', $data['bday_day']);
 					$data['bday_month'] = request_var('bday_month', $data['bday_month']);
 					$data['bday_year'] = request_var('bday_year', $data['bday_year']);
+					$data['user_birthday'] = sprintf('%2d-%2d-%4d', $data['bday_day'], $data['bday_month'], $data['bday_year']);
 				}
 
 				add_form_key('ucp_profile_info');
@@ -325,6 +326,7 @@ class ucp_profile
 							'bday_day'		=> array('num', true, 1, 31),
 							'bday_month'	=> array('num', true, 1, 12),
 							'bday_year'		=> array('num', true, 1901, gmdate('Y', time()) + 50),
+							'user_birthday' => array('date', true),
 						));
 					}
 
@@ -359,7 +361,7 @@ class ucp_profile
 
 						if ($config['allow_birthdays'])
 						{
-							$sql_ary['user_birthday'] = sprintf('%2d-%2d-%4d', $data['bday_day'], $data['bday_month'], $data['bday_year']);
+							$sql_ary['user_birthday'] = $data['user_birthday'];
 						}
 
 						$sql = 'UPDATE ' . USERS_TABLE . '
@@ -592,8 +594,8 @@ class ucp_profile
 					
 					'S_FORM_ENCTYPE'	=> ($can_upload) ? ' enctype="multipart/form-data"' : '',
 
-					'L_AVATAR_EXPLAIN'	=> sprintf($user->lang['AVATAR_EXPLAIN'], $config['avatar_max_width'], $config['avatar_max_height'], round($config['avatar_filesize'] / 1024)),)
+					'L_AVATAR_EXPLAIN'	=> sprintf($user->lang['AVATAR_EXPLAIN'], $config['avatar_max_width'], $config['avatar_max_height'], $config['avatar_filesize'] / 1024),
-				);
+				));
 
 				if ($display_gallery && $auth->acl_get('u_chgavatar') && $config['allow_avatar_local'])
 				{

phpBB/includes/ucp/ucp_register.php

@@ -44,14 +44,6 @@ class ucp_register
 		$change_lang	= request_var('change_lang', '');
 		$user_lang		= request_var('lang', $user->lang_name);
 		
-
-		// not so fast, buddy
-		if (($submit && !check_form_key('ucp_register', false, '', false, $config['min_time_reg']))
-			|| (!$submit && !check_form_key('ucp_register_terms', false, '', false, $config['min_time_terms'])))
-		{
-			$agreed = false;
-		}
-		
 		if ($agreed)
 		{
 			add_form_key('ucp_register');
@@ -92,7 +84,7 @@ class ucp_register
 
 		$error = $cp_data = $cp_error = array();
 
-		//
+
 		if (!$agreed || ($coppa === false && $config['coppa_enable']) || ($coppa && !$config['coppa_enable']))
 		{
 			$add_lang = ($change_lang) ? '&change_lang=' . urlencode($change_lang) : '';
@@ -103,12 +95,13 @@ class ucp_register
 			// If we change the language, we want to pass on some more possible parameter.
 			if ($change_lang)
 			{
-				// We do not include the password!
+				// We do not include the password
 				$s_hidden_fields = array_merge($s_hidden_fields, array(
 					'username'			=> utf8_normalize_nfc(request_var('username', '', true)),
 					'email'				=> strtolower(request_var('email', '')),
 					'email_confirm'		=> strtolower(request_var('email_confirm', '')),
 					'confirm_code'		=> request_var('confirm_code', ''),
+					'confirm_id'		=> request_var('confirm_id', ''),
 					'lang'				=> $user->lang_name,
 					'tz'				=> request_var('tz', (float) $config['board_timezone']),
 				));
@@ -141,7 +134,6 @@ class ucp_register
 					'S_REGISTRATION'	=> true,
 					'S_HIDDEN_FIELDS'	=> build_hidden_fields($s_hidden_fields),
 					'S_UCP_ACTION'		=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register' . $add_lang . $add_coppa),
-					'S_TIME'			=> 1000 * ((int) $config['min_time_terms']),
 					)
 				);
 			}
@@ -200,7 +192,10 @@ class ucp_register
 				'tz'				=> array('num', false, -14, 14),
 				'lang'				=> array('match', false, '#^[a-z_\-]{2,}$#i'),
 			));
-
+			if (!check_form_key('ucp_register'))
+			{
+				$error[] = $user->lang['FORM_INVALID'];
+			}
 			// Replace "error" strings with their real, localised form
 			$error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error);
 
@@ -451,10 +446,29 @@ class ucp_register
 		$confirm_image = '';
 
 		// Visual Confirmation - Show images
+
 		if ($config['enable_confirm'])
+		{
+			if ($change_lang)
+			{
+				$str = '&change_lang=' . $change_lang;
+				$sql = 'SELECT code
+						FROM ' . CONFIRM_TABLE . "
+						WHERE confirm_id = '" . $db->sql_escape($confirm_id) . "'
+							AND session_id = '" . $db->sql_escape($user->session_id) . "'
+							AND confirm_type = " . CONFIRM_REG;
+				$result = $db->sql_query($sql);
+				if (!$row = $db->sql_fetchrow($result))
+				{
+					$confirm_id = '';
+				}
+				$db->sql_freeresult($result);
+			}
+			else
 			{
 				$str = '';
-			if (!$change_lang)
+			}
+			if (!$change_lang || !$confirm_id)
 			{
 				$user->confirm_gc(CONFIRM_REG);
 					
@@ -487,11 +501,6 @@ class ucp_register
 				);
 				$db->sql_query($sql);
 			}
-			else
-			{
-				$str .= '&change_lang=' . $change_lang;
-			}
-
 			$confirm_image = '<img src="' . append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=confirm&amp;id=' . $confirm_id . '&amp;type=' . CONFIRM_REG . $str) . '" alt="" title="" />';
 			$s_hidden_fields .= '<input type="hidden" name="confirm_id" value="' . $confirm_id . '" />';
 		}
@@ -529,7 +538,6 @@ class ucp_register
 			'S_COPPA'			=> $coppa,
 			'S_HIDDEN_FIELDS'	=> $s_hidden_fields,
 			'S_UCP_ACTION'		=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register'),
-			'S_TIME'			=> 1000 * ((int) $config['min_time_reg']),
 			)
 		);
 

phpBB/install/convertors/convert_phpbb20.php

@@ -482,14 +482,16 @@ if (!$get_info)
 				array('topic_moved_id',			0,									''),
 				array('topic_type',				'topics.topic_type',				'phpbb_convert_topic_type'),
 				array('topic_first_post_id',	'topics.topic_first_post_id',		''),
-
+				array('topic_last_view_time',	'posts.post_time',					''),
 				array('poll_title',				'vote_desc.vote_text',				array('function1' => 'null_to_str', 'function2' => 'phpbb_set_encoding', 'function3' => 'utf8_htmlspecialchars')),
 				array('poll_start',				'vote_desc.vote_start',				'null_to_zero'),
 				array('poll_length',			'vote_desc.vote_length',			'null_to_zero'),
 				array('poll_max_options',		1,									''),
 				array('poll_vote_change',		0,									''),
 
-				'left_join'		=> 'topics LEFT JOIN vote_desc ON topics.topic_id = vote_desc.topic_id AND topics.topic_vote = 1',
+				'left_join'		=>	array (	'topics LEFT JOIN vote_desc ON topics.topic_id = vote_desc.topic_id AND topics.topic_vote = 1', 
+											'topics LEFT JOIN posts ON topics.topic_last_post_id = posts.post_id',
+									),
 				'where'			=> 'topics.topic_moved_id = 0',
 			),
 

phpBB/install/convertors/functions_phpbb20.php

@@ -455,7 +455,7 @@ function phpbb_get_birthday($birthday = '')
 	{
 		$birthday = (int) $birthday;
 
-		if (!$birthday || $birthday == 999999 || $birthday < 0)
+		if (!$birthday || $birthday == 999999 || ((version_compare(PHP_VERSION, '5.1.0') < 0) && $birthday < 0))
 		{
 			return ' 0- 0-   0';
 		}

phpBB/install/database_update.php

@@ -8,9 +8,9 @@
 *
 */
 
-$updates_to_version = '3.0.0';
+$updates_to_version = '3.0.1-RC1';
 
-// Return if we "just include it" to find out for which version the database update is responsuble for
+// Return if we "just include it" to find out for which version the database update is responsible for
 if (defined('IN_PHPBB') && defined('IN_INSTALL'))
 {
 	return;
@@ -473,6 +473,29 @@ $database_update_info = array(
 			),
 		),
 	),
+	// Changes from 3.0.0 to the next version
+	'3.0.0'			=> array(
+		// Add the following columns
+		'add_columns'		=> array(
+			FORUMS_TABLE			=> array(
+				'display_subforum_list'		=> array('BOOL', 1),
+			),
+			SESSIONS_TABLE			=> array(
+				'session_forum_id'		=> array('UINT', 0),
+			),
+		),
+		'add_index'		=> array(
+			SESSIONS_TABLE			=> array(
+				'session_forum_id'		=> array('session_forum_id'),
+			),
+			GROUPS_TABLE			=> array(
+				'group_legend_name'		=> array('group_legend', 'group_name'),
+			),
+		),
+		'drop_keys'		=> array(
+			GROUPS_TABLE			=> array('group_legend'),
+		),
+	),
 );
 
 // Determine mapping database type
@@ -616,6 +639,9 @@ if (version_compare($current_version, '3.0.RC8', '<='))
 	$modify_users	= request_var('modify_users', array(0 => ''));
 	$new_usernames	= request_var('new_usernames', array(0 => ''), true);
 
+	// We need this file if someone wants to edit usernames.
+	include($phpbb_root_path . 'includes/utf/utf_normalizer.' . $phpEx);
+
 	if (!class_exists('utf_new_normalizer'))
 	{
 		if (!file_exists($phpbb_root_path . 'install/data/new_normalizer.' . $phpEx))
@@ -1547,6 +1573,34 @@ if (version_compare($current_version, '3.0.RC5', '<='))
 	$no_updates = false;
 }
 
+
+if (version_compare($current_version, '3.0.0', '<='))
+{
+	$sql = 'UPDATE ' . TOPICS_TABLE . "
+		SET topic_last_view_time = topic_last_post_time
+		WHERE topic_last_view_time = 0";
+	_sql($sql, $errored, $error_ary);
+	
+	// Update smiley sizes
+	$smileys = array('icon_e_surprised.gif', 'icon_eek.gif', 'icon_cool.gif', 'icon_lol.gif', 'icon_mad.gif', 'icon_razz.gif', 'icon_redface.gif', 'icon_cry.gif', 'icon_evil.gif', 'icon_twisted.gif', 'icon_rolleyes.gif', 'icon_exclaim.gif', 'icon_question.gif', 'icon_idea.gif', 'icon_arrow.gif', 'icon_neutral.gif', 'icon_mrgreen.gif', 'icon_e_ugeek.gif');
+	foreach ($smileys as $smiley)
+	{
+		if (file_exists($phpbb_root_path . 'images/smilies/' . $smiley))
+		{
+			list($width, $height) = getimagesize($phpbb_root_path . 'images/smilies/' . $smiley);
+			
+			$sql = 'UPDATE ' . SMILIES_TABLE . '
+				SET smiley_width = ' . $width . ', smiley_height = ' . $height . "
+				WHERE smiley_url = '" . $db->sql_escape($smiley) . "'";
+			
+			_sql($sql, $errored, $error_ary);
+		}
+	}
+	
+	// TODO: remove all form token min times
+	
+	$no_updates = false;
+}
 _write_result($no_updates, $errored, $error_ary);
 
 $error_ary = array();

phpBB/install/index.php

@@ -493,7 +493,8 @@ class module
 	*/
 	function redirect($page)
 	{
-		$server_name = (!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME');
+		// HTTP_HOST is having the correct browser url in most cases...
+		$server_name = (!empty($_SERVER['HTTP_HOST'])) ? strtolower($_SERVER['HTTP_HOST']) : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME'));
 		$server_port = (!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT');
 		$secure = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 1 : 0;
 
@@ -510,9 +511,13 @@ class module
 		$url = (($secure) ? 'https://' : 'http://') . $server_name;
 
 		if ($server_port && (($secure && $server_port <> 443) || (!$secure && $server_port <> 80)))
+		{
+			// HTTP HOST can carry a port number...
+			if (strpos($server_name, ':') === false)
 			{
 				$url .= ':' . $server_port;
 			}
+		}
 
 		$url .= $script_path . '/' . $page;
 		header('Location: ' . $url);

phpBB/install/install_convert.php

@@ -407,7 +407,7 @@ class install_convert extends module
 		$error = array();
 		if ($submit)
 		{
-			if (!file_exists('./../' . $forum_path . '/' . $test_file))
+			if (!@file_exists('./../' . $forum_path . '/' . $test_file))
 			{
 				$error[] = sprintf($lang['COULD_NOT_FIND_PATH'], $forum_path);
 			}
@@ -422,8 +422,7 @@ class install_convert extends module
 			}
 			else
 			{
-				$src_dbpasswd = htmlspecialchars_decode($src_dbpasswd);
+				$connect_test = connect_check_db(true, $error, $available_dbms[$src_dbms], $src_table_prefix, $src_dbhost, $src_dbuser, htmlspecialchars_decode($src_dbpasswd), $src_dbname, $src_dbport, true, ($src_dbms == $dbms) ? false : true, false);
-				$connect_test = connect_check_db(true, $error, $available_dbms[$src_dbms], $src_table_prefix, $src_dbhost, $src_dbuser, $src_dbpasswd, $src_dbname, $src_dbport, true, ($src_dbms == $dbms) ? false : true, false);
 			}
 
 			// The forum prefix of the old and the new forum can only be the same if two different databases are used.
@@ -443,7 +442,7 @@ class install_convert extends module
 				{
 					$sql_db = 'dbal_' . $src_dbms;
 					$src_db = new $sql_db();
-					$src_db->sql_connect($src_dbhost, $src_dbuser, $src_dbpasswd, $src_dbname, $src_dbport, false, true);
+					$src_db->sql_connect($src_dbhost, $src_dbuser, htmlspecialchars_decode($src_dbpasswd), $src_dbname, $src_dbport, false, true);
 					$same_db = false;
 				}
 				else
@@ -666,7 +665,7 @@ class install_convert extends module
 			}
 			$sql_db = 'dbal_' . $convert->src_dbms;
 			$src_db = new $sql_db();
-			$src_db->sql_connect($convert->src_dbhost, $convert->src_dbuser, $convert->src_dbpasswd, $convert->src_dbname, $convert->src_dbport, false, true);
+			$src_db->sql_connect($convert->src_dbhost, $convert->src_dbuser, htmlspecialchars_decode($convert->src_dbpasswd), $convert->src_dbname, $convert->src_dbport, false, true);
 			$same_db = false;
 		}
 		else
@@ -1219,7 +1218,7 @@ class install_convert extends module
 
 				$template->assign_block_vars('checks', array(
 					'TITLE'		=> "skip_rows = $skip_rows",
-					'RESULT'	=> $rows . ((defined('DEBUG_EXTRA') && function_exists('memory_get_usage')) ? ceil(memory_get_usage()/1024) . ' KB' : ''),
+					'RESULT'	=> $rows . ((defined('DEBUG_EXTRA') && function_exists('memory_get_usage')) ? ceil(memory_get_usage()/1024) . ' ' . $user->lang['KIB'] : ''),
 				));
 
 				$mtime = explode(' ', microtime());
@@ -1490,7 +1489,7 @@ class install_convert extends module
 			sync('topic', 'range', 'topic_id BETWEEN ' . $sync_batch . ' AND ' . $end, true, true);
 
 			$template->assign_block_vars('checks', array(
-				'TITLE'		=> sprintf($user->lang['SYNC_TOPIC_ID'], $sync_batch, ($sync_batch + $batch_size)) . ((defined('DEBUG_EXTRA') && function_exists('memory_get_usage')) ? ' [' . ceil(memory_get_usage()/1024) . ' KB]' : ''),
+				'TITLE'		=> sprintf($user->lang['SYNC_TOPIC_ID'], $sync_batch, ($sync_batch + $batch_size)) . ((defined('DEBUG_EXTRA') && function_exists('memory_get_usage')) ? ' [' . ceil(memory_get_usage()/1024) . ' ' . $user->lang['KIB'] . ']' : ''),
 				'RESULT'	=> $user->lang['DONE'],
 			));
 

phpBB/install/install_install.php

@@ -151,7 +151,7 @@ class install_install extends module
 
 			// We also give feedback on whether we're running in safe mode
 			$result = '<strong style="color:green">' . $lang['YES'];
-			if (@ini_get('safe_mode') || strtolower(@ini_get('safe_mode')) == 'on')
+			if (@ini_get('safe_mode') == '1' || strtolower(@ini_get('safe_mode')) == 'on')
 			{
 				$result .= ', ' . $lang['PHP_SAFE_MODE'];
 			}
@@ -551,7 +551,7 @@ class install_install extends module
 			}
 			else
 			{
-				$connect_test = connect_check_db(true, $error, $available_dbms[$data['dbms']], $data['table_prefix'], $data['dbhost'], $data['dbuser'], $data['dbpasswd'], $data['dbname'], $data['dbport']);
+				$connect_test = connect_check_db(true, $error, $available_dbms[$data['dbms']], $data['table_prefix'], $data['dbhost'], $data['dbuser'], htmlspecialchars_decode($data['dbpasswd']), $data['dbname'], $data['dbport']);
 			}
 
 			$template->assign_block_vars('checks', array(
@@ -884,17 +884,26 @@ class install_install extends module
 		// Time to convert the data provided into a config file
 		$config_data = "<?php\n";
 		$config_data .= "// phpBB 3.0.x auto-generated configuration file\n// Do not change anything in this file!\n";
-		$config_data .= "\$dbms = '" . $available_dbms[$data['dbms']]['DRIVER'] . "';\n";
+
-		$config_data .= "\$dbhost = '{$data['dbhost']}';\n";
+		$config_data_array = array(
-		$config_data .= "\$dbport = '{$data['dbport']}';\n";
+			'dbms'			=> $available_dbms[$data['dbms']]['DRIVER'],
-		$config_data .= "\$dbname = '{$data['dbname']}';\n";
+			'dbhost'		=> $data['dbhost'],
-		$config_data .= "\$dbuser = '{$data['dbuser']}';\n";
+			'dbport'		=> $data['dbport'],
-		$config_data .= "\$dbpasswd = '{$data['dbpasswd']}';\n\n";
+			'dbname'		=> $data['dbname'],
-		$config_data .= "\$table_prefix = '{$data['table_prefix']}';\n";
+			'dbuser'		=> $data['dbuser'],
-//		$config_data .= "\$acm_type = '" . (($acm_type) ? $acm_type : 'file') . "';\n";
+			'dbpasswd'		=> htmlspecialchars_decode($data['dbpasswd']),
-		$config_data .= "\$acm_type = 'file';\n";
+			'table_prefix'	=> $data['table_prefix'],
-		$config_data .= "\$load_extensions = '$load_extensions';\n\n";
+			'acm_type'		=> 'file',
-		$config_data .= "@define('PHPBB_INSTALLED', true);\n";
+			'load_extensions'	=> $load_extensions,
+		);
+
+		foreach ($config_data_array as $key => $value)
+		{
+			$config_data .= "\${$key} = '" . str_replace("'", "\\'", str_replace('\\', '\\\\', $value)) . "';\n";
+		}
+		unset($config_data_array);
+
+		$config_data .= "\n@define('PHPBB_INSTALLED', true);\n";
 		$config_data .= "// @define('DEBUG', true);\n";
 		$config_data .= "// @define('DEBUG_EXTRA', true);\n";
 		$config_data .= '?' . '>'; // Done this to prevent highlighting editors getting confused!
@@ -1009,8 +1018,11 @@ class install_install extends module
 		$s_hidden_fields = ($data['img_imagick']) ? '<input type="hidden" name="img_imagick" value="' . addslashes($data['img_imagick']) . '" />' : '';
 		$s_hidden_fields .= '<input type="hidden" name="language" value="' . $data['language'] . '" />';
 
+		// HTTP_HOST is having the correct browser url in most cases...
+		$server_name = (!empty($_SERVER['HTTP_HOST'])) ? strtolower($_SERVER['HTTP_HOST']) : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME'));
+
 		$data['email_enable'] = ($data['email_enable'] !== '') ? $data['email_enable'] : true;
-		$data['server_name'] = ($data['server_name'] !== '') ? $data['server_name'] : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME'));
+		$data['server_name'] = ($data['server_name'] !== '') ? $data['server_name'] : $server_name;
 		$data['server_port'] = ($data['server_port'] !== '') ? $data['server_port'] : ((!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT'));
 		$data['server_protocol'] = ($data['server_protocol'] !== '') ? $data['server_protocol'] : ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 'https://' : 'http://');
 		$data['cookie_secure'] = ($data['cookie_secure'] !== '') ? $data['cookie_secure'] : ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? true : false);
@@ -1100,7 +1112,9 @@ class install_install extends module
 			$this->p_master->redirect("index.$phpEx?mode=install");
 		}
 
-		$cookie_domain = ($data['server_name'] != '') ? $data['server_name'] : (!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME');
+		// HTTP_HOST is having the correct browser url in most cases...
+		$server_name = (!empty($_SERVER['HTTP_HOST'])) ? strtolower($_SERVER['HTTP_HOST']) : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME'));
+		$cookie_domain = ($data['server_name'] != '') ? $data['server_name'] : $server_name;
 
 		// Try to come up with the best solution for cookie domain...
 		if (strpos($cookie_domain, 'www.') === 0)
@@ -1124,7 +1138,7 @@ class install_install extends module
 
 		// Instantiate the database
 		$db = new $sql_db();
-		$db->sql_connect($data['dbhost'], $data['dbuser'], $data['dbpasswd'], $data['dbname'], $data['dbport'], false, false);
+		$db->sql_connect($data['dbhost'], $data['dbuser'], htmlspecialchars_decode($data['dbpasswd']), $data['dbname'], $data['dbport'], false, false);
 
 		// NOTE: trigger_error does not work here.
 		$db->sql_return_on_error(true);
@@ -1408,7 +1422,7 @@ class install_install extends module
 
 		// Instantiate the database
 		$db = new $sql_db();
-		$db->sql_connect($data['dbhost'], $data['dbuser'], $data['dbpasswd'], $data['dbname'], $data['dbport'], false, false);
+		$db->sql_connect($data['dbhost'], $data['dbuser'], htmlspecialchars_decode($data['dbpasswd']), $data['dbname'], $data['dbport'], false, false);
 
 		// NOTE: trigger_error does not work here.
 		$db->sql_return_on_error(true);
@@ -1688,7 +1702,7 @@ class install_install extends module
 
 			if (is_dir($path) && file_exists($path . '/iso.txt'))
 			{
-				$lang_file = file("{$phpbb_root_path}language/$path/iso.txt");
+				$lang_file = file("$path/iso.txt");
 
 				$lang_pack = array(
 					'lang_iso'			=> basename($path),
@@ -1948,7 +1962,7 @@ class install_install extends module
 			'dbhost'		=> request_var('dbhost', ''),
 			'dbport'		=> request_var('dbport', ''),
 			'dbuser'		=> request_var('dbuser', ''),
-			'dbpasswd'		=> htmlspecialchars_decode(request_var('dbpasswd', '', true)),
+			'dbpasswd'		=> request_var('dbpasswd', '', true),
 			'dbname'		=> request_var('dbname', ''),
 			'table_prefix'	=> request_var('table_prefix', ''),
 			'default_lang'	=> basename(request_var('default_lang', '')),

phpBB/install/install_update.php

@@ -1490,7 +1490,7 @@ class install_update extends module
 			return;
 		}
 
-		if (in_array($file, array_keys($this->update_info['custom'])))
+		if (isset($this->update_info['custom'][$file]))
 		{
 			foreach ($this->update_info['custom'][$file] as $_file)
 			{

phpBB/install/schemas/firebird_schema.sql

@@ -362,6 +362,7 @@ CREATE TABLE phpbb_forums (
 	forum_last_poster_name VARCHAR(255) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE,
 	forum_last_poster_colour VARCHAR(6) CHARACTER SET NONE DEFAULT '' NOT NULL,
 	forum_flags INTEGER DEFAULT 32 NOT NULL,
+	display_subforum_list INTEGER DEFAULT 1 NOT NULL,
 	display_on_index INTEGER DEFAULT 1 NOT NULL,
 	enable_indexing INTEGER DEFAULT 1 NOT NULL,
 	enable_icons INTEGER DEFAULT 1 NOT NULL,
@@ -444,7 +445,7 @@ CREATE TABLE phpbb_groups (
 
 ALTER TABLE phpbb_groups ADD PRIMARY KEY (group_id);;
 
-CREATE INDEX phpbb_groups_group_legend ON phpbb_groups(group_legend);;
+CREATE INDEX phpbb_groups_group_legend_name ON phpbb_groups(group_legend, group_name);;
 
 CREATE GENERATOR phpbb_groups_gen;;
 SET GENERATOR phpbb_groups_gen TO 0;;
@@ -959,6 +960,7 @@ CREATE INDEX phpbb_search_wordmatch_post_id ON phpbb_search_wordmatch(post_id);;
 CREATE TABLE phpbb_sessions (
 	session_id CHAR(32) CHARACTER SET NONE DEFAULT '' NOT NULL,
 	session_user_id INTEGER DEFAULT 0 NOT NULL,
+	session_forum_id INTEGER DEFAULT 0 NOT NULL,
 	session_last_visit INTEGER DEFAULT 0 NOT NULL,
 	session_start INTEGER DEFAULT 0 NOT NULL,
 	session_time INTEGER DEFAULT 0 NOT NULL,
@@ -975,6 +977,7 @@ ALTER TABLE phpbb_sessions ADD PRIMARY KEY (session_id);;
 
 CREATE INDEX phpbb_sessions_session_time ON phpbb_sessions(session_time);;
 CREATE INDEX phpbb_sessions_session_user_id ON phpbb_sessions(session_user_id);;
+CREATE INDEX phpbb_sessions_session_forum_id ON phpbb_sessions(session_forum_id);;
 
 # Table: 'phpbb_sessions_keys'
 CREATE TABLE phpbb_sessions_keys (

phpBB/install/schemas/mssql_schema.sql

@@ -438,6 +438,7 @@ CREATE TABLE [phpbb_forums] (
 	[forum_last_poster_name] [varchar] (255) DEFAULT ('') NOT NULL ,
 	[forum_last_poster_colour] [varchar] (6) DEFAULT ('') NOT NULL ,
 	[forum_flags] [int] DEFAULT (32) NOT NULL ,
+	[display_subforum_list] [int] DEFAULT (1) NOT NULL ,
 	[display_on_index] [int] DEFAULT (1) NOT NULL ,
 	[enable_indexing] [int] DEFAULT (1) NOT NULL ,
 	[enable_icons] [int] DEFAULT (1) NOT NULL ,
@@ -555,7 +556,7 @@ ALTER TABLE [phpbb_groups] WITH NOCHECK ADD
 	)  ON [PRIMARY] 
 GO
 
-CREATE  INDEX [group_legend] ON [phpbb_groups]([group_legend]) ON [PRIMARY]
+CREATE  INDEX [group_legend_name] ON [phpbb_groups]([group_legend], [group_name]) ON [PRIMARY]
 GO
 
 
@@ -1152,6 +1153,7 @@ GO
 CREATE TABLE [phpbb_sessions] (
 	[session_id] [char] (32) DEFAULT ('') NOT NULL ,
 	[session_user_id] [int] DEFAULT (0) NOT NULL ,
+	[session_forum_id] [int] DEFAULT (0) NOT NULL ,
 	[session_last_visit] [int] DEFAULT (0) NOT NULL ,
 	[session_start] [int] DEFAULT (0) NOT NULL ,
 	[session_time] [int] DEFAULT (0) NOT NULL ,
@@ -1178,6 +1180,9 @@ GO
 CREATE  INDEX [session_user_id] ON [phpbb_sessions]([session_user_id]) ON [PRIMARY]
 GO
 
+CREATE  INDEX [session_forum_id] ON [phpbb_sessions]([session_forum_id]) ON [PRIMARY]
+GO
+
 
 /*
 	Table: 'phpbb_sessions_keys'

phpBB/install/schemas/mysql_40_schema.sql

@@ -248,6 +248,7 @@ CREATE TABLE phpbb_forums (
 	forum_last_poster_name blob NOT NULL,
 	forum_last_poster_colour varbinary(6) DEFAULT '' NOT NULL,
 	forum_flags tinyint(4) DEFAULT '32' NOT NULL,
+	display_subforum_list tinyint(1) UNSIGNED DEFAULT '1' NOT NULL,
 	display_on_index tinyint(1) UNSIGNED DEFAULT '1' NOT NULL,
 	enable_indexing tinyint(1) UNSIGNED DEFAULT '1' NOT NULL,
 	enable_icons tinyint(1) UNSIGNED DEFAULT '1' NOT NULL,
@@ -313,7 +314,7 @@ CREATE TABLE phpbb_groups (
 	group_message_limit mediumint(8) UNSIGNED DEFAULT '0' NOT NULL,
 	group_legend tinyint(1) UNSIGNED DEFAULT '1' NOT NULL,
 	PRIMARY KEY (group_id),
-	KEY group_legend (group_legend)
+	KEY group_legend_name (group_legend, group_name(255))
 );
 
 
@@ -659,6 +660,7 @@ CREATE TABLE phpbb_search_wordmatch (
 CREATE TABLE phpbb_sessions (
 	session_id binary(32) DEFAULT '' NOT NULL,
 	session_user_id mediumint(8) UNSIGNED DEFAULT '0' NOT NULL,
+	session_forum_id mediumint(8) UNSIGNED DEFAULT '0' NOT NULL,
 	session_last_visit int(11) UNSIGNED DEFAULT '0' NOT NULL,
 	session_start int(11) UNSIGNED DEFAULT '0' NOT NULL,
 	session_time int(11) UNSIGNED DEFAULT '0' NOT NULL,
@@ -671,7 +673,8 @@ CREATE TABLE phpbb_sessions (
 	session_admin tinyint(1) UNSIGNED DEFAULT '0' NOT NULL,
 	PRIMARY KEY (session_id),
 	KEY session_time (session_time),
-	KEY session_user_id (session_user_id)
+	KEY session_user_id (session_user_id),
+	KEY session_forum_id (session_forum_id)
 );
 
 

phpBB/install/schemas/mysql_41_schema.sql

@@ -248,6 +248,7 @@ CREATE TABLE phpbb_forums (
 	forum_last_poster_name varchar(255) DEFAULT '' NOT NULL,
 	forum_last_poster_colour varchar(6) DEFAULT '' NOT NULL,
 	forum_flags tinyint(4) DEFAULT '32' NOT NULL,
+	display_subforum_list tinyint(1) UNSIGNED DEFAULT '1' NOT NULL,
 	display_on_index tinyint(1) UNSIGNED DEFAULT '1' NOT NULL,
 	enable_indexing tinyint(1) UNSIGNED DEFAULT '1' NOT NULL,
 	enable_icons tinyint(1) UNSIGNED DEFAULT '1' NOT NULL,
@@ -313,7 +314,7 @@ CREATE TABLE phpbb_groups (
 	group_message_limit mediumint(8) UNSIGNED DEFAULT '0' NOT NULL,
 	group_legend tinyint(1) UNSIGNED DEFAULT '1' NOT NULL,
 	PRIMARY KEY (group_id),
-	KEY group_legend (group_legend)
+	KEY group_legend_name (group_legend, group_name)
 ) CHARACTER SET `utf8` COLLATE `utf8_bin`;
 
 
@@ -659,6 +660,7 @@ CREATE TABLE phpbb_search_wordmatch (
 CREATE TABLE phpbb_sessions (
 	session_id char(32) DEFAULT '' NOT NULL,
 	session_user_id mediumint(8) UNSIGNED DEFAULT '0' NOT NULL,
+	session_forum_id mediumint(8) UNSIGNED DEFAULT '0' NOT NULL,
 	session_last_visit int(11) UNSIGNED DEFAULT '0' NOT NULL,
 	session_start int(11) UNSIGNED DEFAULT '0' NOT NULL,
 	session_time int(11) UNSIGNED DEFAULT '0' NOT NULL,
@@ -671,7 +673,8 @@ CREATE TABLE phpbb_sessions (
 	session_admin tinyint(1) UNSIGNED DEFAULT '0' NOT NULL,
 	PRIMARY KEY (session_id),
 	KEY session_time (session_time),
-	KEY session_user_id (session_user_id)
+	KEY session_user_id (session_user_id),
+	KEY session_forum_id (session_forum_id)
 ) CHARACTER SET `utf8` COLLATE `utf8_bin`;
 
 

phpBB/install/schemas/oracle_schema.sql

@@ -505,6 +505,7 @@ CREATE TABLE phpbb_forums (
 	forum_last_poster_name varchar2(765) DEFAULT '' ,
 	forum_last_poster_colour varchar2(6) DEFAULT '' ,
 	forum_flags number(4) DEFAULT '32' NOT NULL,
+	display_subforum_list number(1) DEFAULT '1' NOT NULL,
 	display_on_index number(1) DEFAULT '1' NOT NULL,
 	enable_indexing number(1) DEFAULT '1' NOT NULL,
 	enable_icons number(1) DEFAULT '1' NOT NULL,
@@ -606,7 +607,7 @@ CREATE TABLE phpbb_groups (
 )
 /
 
-CREATE INDEX phpbb_groups_group_legend ON phpbb_groups (group_legend)
+CREATE INDEX phpbb_groups_group_legend_name ON phpbb_groups (group_legend, group_name)
 /
 
 CREATE SEQUENCE phpbb_groups_seq
@@ -1280,6 +1281,7 @@ CREATE INDEX phpbb_search_wordmatch_post_id ON phpbb_search_wordmatch (post_id)
 CREATE TABLE phpbb_sessions (
 	session_id char(32) DEFAULT '' ,
 	session_user_id number(8) DEFAULT '0' NOT NULL,
+	session_forum_id number(8) DEFAULT '0' NOT NULL,
 	session_last_visit number(11) DEFAULT '0' NOT NULL,
 	session_start number(11) DEFAULT '0' NOT NULL,
 	session_time number(11) DEFAULT '0' NOT NULL,
@@ -1298,6 +1300,8 @@ CREATE INDEX phpbb_sessions_session_time ON phpbb_sessions (session_time)
 /
 CREATE INDEX phpbb_sessions_session_user_id ON phpbb_sessions (session_user_id)
 /
+CREATE INDEX phpbb_sessions_session_forum_id ON phpbb_sessions (session_forum_id)
+/
 
 /*
 	Table: 'phpbb_sessions_keys'