diff --git a/phpBB/adm/admin_attachments.php b/phpBB/adm/admin_attachments.php
index f69bbbd9ef..cd90fd7ef0 100644
--- a/phpBB/adm/admin_attachments.php
+++ b/phpBB/adm/admin_attachments.php
@@ -361,14 +361,14 @@ if ($submit && $mode == 'ext_groups')
 
 if ($submit && $mode == 'orphan')
 {
-	$delete_files = array_keys(request_var('delete', ''));
+	$delete_files = (isset($_REQUEST['delete'])) ? array_keys(request_var('delete', '')) : array();
 	$add_files = (isset($_REQUEST['add'])) ? array_keys(request_var('add', '')) : array();
 	$post_ids = request_var('post_id', 0);
 
 	foreach ($delete_files as $delete)
 	{
-		phpbb_unlink($config['upload_dir'] . '/' . $delete);
-		phpbb_unlink($config['upload_dir'] . '/thumb_' . $delete);
+		phpbb_unlink($delete);
+		phpbb_unlink($delete, 'thumbnail');
 	}
 
 	if (sizeof($delete_files))
@@ -1186,10 +1186,10 @@ if ($mode == 'orphan')
 {
 	$attach_filelist = array();
 
-	$dir = @opendir($config['upload_dir']);
+	$dir = @opendir($phpbb_root_path . $config['upload_dir']);
 	while ($file = @readdir($dir))
 	{
-		if (is_file($config['upload_dir'] . '/' . $file) && filesize($config['upload_dir'] . '/' . $file) && $file{0} != '.' && $file != 'index.htm' && !preg_match('#^thumb\_#', $file))
+		if (is_file($phpbb_root_path . $config['upload_dir'] . '/' . $file) && filesize($phpbb_root_path . $config['upload_dir'] . '/' . $file) && $file{0} != '.' && $file != 'index.htm' && !preg_match('#^thumb\_#', $file))
 		{
 			$attach_filelist[$file] = $file;
 		}
@@ -1241,12 +1241,12 @@ function marklist(match, name, status)
 	foreach ($attach_filelist as $file)
 	{
 		$row_class = (++$i % 2 == 0) ? 'row2' : 'row1';
-		$filesize = @filesize($config['upload_dir'] . '/' . $file);
+		$filesize = @filesize($phpbb_root_path . $config['upload_dir'] . '/' . $file);
 		$size_lang = ($filesize >= 1048576) ? $user->lang['MB'] : ( ($filesize >= 1024) ? $user->lang['KB'] : $user->lang['BYTES'] );
 		$filesize = ($filesize >= 1048576) ? round((round($filesize / 1048576 * 100) / 100), 2) : (($filesize >= 1024) ? round((round($filesize / 1024 * 100) / 100), 2) : $filesize);
 ?>
 		<tr>
-			<td class="<?php echo $row_class; ?>"><a href="<?php echo $config['upload_dir'] . '/' . $file; ?>" class="gen" target="file"><?php echo $file; ?></a></td>
+			<td class="<?php echo $row_class; ?>"><a href="<?php echo $phpbb_root_path . $config['upload_dir'] . '/' . $file; ?>" class="gen" target="file"><?php echo $file; ?></a></td>
 			<td class="<?php echo $row_class; ?>"><?php echo $filesize . ' ' . $size_lang; ?></td>
 			<td class="<?php echo $row_class; ?>"><b class="gen">ID: </b><input type="text" name="post_id[<?php echo $file; ?>]" class="post" size="7" maxlength="10" value="<?php echo (!empty($post_ids[$file])) ? $post_ids[$file] : ''; ?>" /></td>
 			<td class="<?php echo $row_class; ?>"><input type="checkbox" name="add[<?php echo $file; ?>]" /></td>
@@ -1400,14 +1400,14 @@ function download_select($select_name, $group_id = false)
 // Upload already uploaded file... huh? are you kidding?
 function upload_file($post_id, $topic_id, $forum_id, $upload_dir, $filename)
 {
-	global $message_parser, $db, $user;
+	global $message_parser, $db, $user, $phpbb_root_path;
 
 	$message_parser->attachment_data = array();
 
 	$message_parser->filename_data['filecomment'] = '';
-	$message_parser->filename_data['filename'] = $upload_dir . '/' . $filename;
+	$message_parser->filename_data['filename'] = $phpbb_root_path . $upload_dir . '/' . basename($filename);
 
-	$filedata = upload_attachment($forum_id, $filename, true, $upload_dir . '/' . $filename);
+	$filedata = upload_attachment($forum_id, $filename, true, $phpbb_root_path . $upload_dir . '/' . basename($filename));
 
 	if ($filedata['post_attach'] && !sizeof($filedata['error']))
 	{
@@ -1491,35 +1491,31 @@ function test_upload(&$error, $upload_dir, $create_directory = false)
 {
 	global $user, $phpbb_root_path;
 
-	// Adjust the Upload Directory. Relative or absolute, this is the question here.
-	$real_upload_dir = $upload_dir;
-	$upload_dir = ($upload_dir{0} == '/' || ($upload_dir{0} != '/' && $upload_dir{1} == ':')) ? $upload_dir : $phpbb_root_path . $upload_dir;
-
 	// Does the target directory exist, is it a directory and writeable.
 	if ($create_directory)
 	{
-		if (!file_exists($upload_dir))
+		if (!file_exists($phpbb_root_path . $upload_dir))
 		{
-			@mkdir($upload_dir, 0777);
-			@chmod($upload_dir, 0777);
+			@mkdir($phpbb_root_path . $upload_dir, 0777);
+			@chmod($phpbb_root_path . $upload_dir, 0777);
 		}
 	}
 
-	if (!file_exists($upload_dir))
+	if (!file_exists($phpbb_root_path . $upload_dir))
 	{
-		$error[] = sprintf($user->lang['NO_UPLOAD_DIR'], $real_upload_dir);
+		$error[] = sprintf($user->lang['NO_UPLOAD_DIR'], $upload_dir);
 		return;
 	}
 	
-	if (!is_dir($upload_dir))
+	if (!is_dir($phpbb_root_path . $upload_dir))
 	{
-		$error[] = sprintf($user->lang['UPLOAD_NOT_DIR'], $real_upload_dir);
+		$error[] = sprintf($user->lang['UPLOAD_NOT_DIR'], $upload_dir);
 		return;
 	}
 	
-	if (!is_writable($upload_dir))
+	if (!is_writable($phpbb_root_path . $upload_dir))
 	{
-		$error[] = sprintf($user->lang['NO_WRITE_UPLOAD'], $real_upload_dir);
+		$error[] = sprintf($user->lang['NO_WRITE_UPLOAD'], $upload_dir);
 		return;
 	}
 }
diff --git a/phpBB/common.php b/phpBB/common.php
index 40a796b40c..441bd06cfa 100644
--- a/phpBB/common.php
+++ b/phpBB/common.php
@@ -294,9 +294,6 @@ if (method_exists($cache, 'tidy') && time() - $config['cache_gc'] > $config['cac
 	set_config('cache_last_gc', time(), TRUE);
 }
 
-// Adjust storage path's
-$config['upload_dir'] = ($config['upload_dir']{0} == '/' || ($config['upload_dir']{0} != '/' && $config['upload_dir']{1} == ':')) ? $config['upload_dir'] : $phpbb_root_path . $config['upload_dir'];
-
 // Handle email/cron queue.
 if (time() - $config['queue_interval'] >= $config['last_queue_run'] && !defined('IN_ADMIN'))
 {
diff --git a/phpBB/download.php b/phpBB/download.php
index 2cac956a53..691bb9e0b0 100644
--- a/phpBB/download.php
+++ b/phpBB/download.php
@@ -36,7 +36,7 @@ if (!$config['allow_attachments'] && !$config['allow_pm_attach'])
 	trigger_error('ATTACHMENT_FUNCTIONALITY_DISABLED');
 }
 
-$sql = 'SELECT *
+$sql = 'SELECT attach_id, in_message, post_msg_id, extension
 	FROM ' . ATTACHMENTS_TABLE . "
 	WHERE attach_id = $download_id";
 $result = $db->sql_query_limit($sql, 1);
@@ -100,6 +100,20 @@ if (!download_allowed())
 
 $download_mode = (int) $extensions[$attachment['extension']]['download_mode'];
 
+// Fetching filename here to prevent sniffing of filename
+$sql = 'SELECT attach_id, in_message, post_msg_id, extension, physical_filename, real_filename, mimetype
+	FROM ' . ATTACHMENTS_TABLE . "
+	WHERE attach_id = $download_id";
+$result = $db->sql_query_limit($sql, 1);
+
+if (!($attachment = $db->sql_fetchrow($result)))
+{
+	trigger_error('ERROR_NO_ATTACHMENT');
+}
+$db->sql_freeresult($result);
+
+$attachment['physical_filename'] = basename($attachment['physical_filename']);
+
 if ($thumbnail)
 {
 	$attachment['physical_filename'] = 'thumb_' . $attachment['physical_filename'];
@@ -116,12 +130,12 @@ else
 // Determine the 'presenting'-method
 if ($download_mode == PHYSICAL_LINK)
 {
-	if (!@is_dir($config['upload_dir']))
+	if (!@is_dir($phpbb_root_path . $config['upload_dir']))
 	{
 		trigger_error($user->lang['PHYSICAL_DOWNLOAD_NOT_POSSIBLE']);
 	}
 
-	redirect($config['upload_dir'] . '/' . $attachment['physical_filename']);
+	redirect($phpbb_root_path . $config['upload_dir'] . '/' . $attachment['physical_filename']);
 }
 else
 {
@@ -136,9 +150,9 @@ else
 
 function send_file_to_browser($attachment, $upload_dir, $category)
 {
-	global $_SERVER, $HTTP_USER_AGENT, $HTTP_SERVER_VARS, $user, $db, $config;
+	global $user, $db, $config, $phpbb_root_path;
 
-	$filename = $upload_dir . '/' . $attachment['physical_filename'];
+	$filename = $phpbb_root_path . $upload_dir . '/' . $attachment['physical_filename'];
 
 	if (!@file_exists($filename))
 	{
@@ -147,7 +161,7 @@ function send_file_to_browser($attachment, $upload_dir, $category)
 
 	// Determine the Browser the User is using, because of some nasty incompatibilities.
 	// borrowed from phpMyAdmin. :)
-	$user_agent = (!empty($_SERVER['HTTP_USER_AGENT'])) ? $_SERVER['HTTP_USER_AGENT'] : ((!empty($HTTP_SERVER_VARS['HTTP_USER_AGENT'])) ? $HTTP_SERVER_VARS['HTTP_USER_AGENT'] : '');
+	$user_agent = (!empty($_SERVER['HTTP_USER_AGENT'])) ? $_SERVER['HTTP_USER_AGENT'] : '';
 
 	if (ereg('Opera(/| )([0-9].[0-9]{1,2})', $user_agent, $log_version))
 	{
@@ -192,8 +206,12 @@ function send_file_to_browser($attachment, $upload_dir, $category)
 		$attachment['mimetype'] = ($browser_agent == 'ie' || $browser_agent == 'opera') ? 'application/octetstream' : 'application/octet-stream';
 	}
 
+	if ($config['gzip_compress'])
+	{
+		@ob_end_clean();
+	}
+	
 	// Now the tricky part... let's dance
-	// TODO: needs a little bit more testing... seems to break on some configurations (incomplete files)
 	header('Pragma: public');
 //	header('Content-Transfer-Encoding: none');
 
diff --git a/phpBB/includes/functions_admin.php b/phpBB/includes/functions_admin.php
index 3022266f7e..eb1554c234 100644
--- a/phpBB/includes/functions_admin.php
+++ b/phpBB/includes/functions_admin.php
@@ -677,23 +677,13 @@ function phpbb_unlink($filename, $mode = 'file')
 {
 	global $config, $user, $phpbb_root_path;
 
-	$filename = ($mode == 'thumbnail') ? $config['upload_dir'] . '/thumb_' . $filename : $config['upload_dir'] . '/' . $filename;
+	$filename = ($mode == 'thumbnail') ? $phpbb_root_path . $config['upload_dir'] . '/thumb_' . basename($filename) : $phpbb_root_path . $config['upload_dir'] . '/' . basename($filename);
 	$deleted = @unlink($filename);
 
 	if (file_exists($filename))
 	{
 		$filesys = str_replace('/','\\', $filename);
 		$deleted = @system("del $filesys");
-
-		if (file_exists($filename)) 
-		{
-			$filename = realpath($filename);
-			@chmod($filename, 0777);
-			if (!($deleted = @unlink($filename)))
-			{
-				$deleted = @system("del $filename");
-			}
-		}
 	}
 
 	return $deleted;
diff --git a/phpBB/includes/functions_display.php b/phpBB/includes/functions_display.php
index a37b9c77be..70636a8962 100644
--- a/phpBB/includes/functions_display.php
+++ b/phpBB/includes/functions_display.php
@@ -535,8 +535,8 @@ function display_attachments($forum_id, $blockname, &$attachment_data, &$update_
 	{
 		// Some basics...
 		$attachment['extension'] = strtolower(trim($attachment['extension']));
-		$filename = $config['upload_dir'] . '/' . $attachment['physical_filename'];
-		$thumbnail_filename = $config['upload_dir'] . '/thumb_' . $attachment['physical_filename'];
+		$filename = $phpbb_root_path . $config['upload_dir'] . '/' . basename($attachment['physical_filename']);
+		$thumbnail_filename = $phpbb_root_path . $config['upload_dir'] . '/thumb_' . basename($attachment['physical_filename']);
 
 		$upload_image = '';
 
@@ -554,7 +554,7 @@ function display_attachments($forum_id, $blockname, &$attachment_data, &$update_
 
 		$filesize = ($filesize >= 1048576) ? round((round($filesize / 1048576 * 100) / 100), 2) : (($filesize >= 1024) ? round((round($filesize / 1024 * 100) / 100), 2) : $filesize);
 
-		$display_name = $attachment['real_filename']; 
+		$display_name = basename($attachment['real_filename']); 
 		$comment = str_replace("\n", '<br />', censor_text($attachment['comment']));
 
 		$denied = false;
diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php
index ea8f605a72..4353871719 100644
--- a/phpBB/includes/functions_posting.php
+++ b/phpBB/includes/functions_posting.php
@@ -133,7 +133,7 @@ function update_last_post_information($type, $id)
 // Upload Attachment - filedata is generated here
 function upload_attachment($forum_id, $filename, $local = false, $local_storage = '', $is_message = false)
 {
-	global $auth, $user, $config, $db;
+	global $auth, $user, $config, $db, $phpbb_root_path;
 
 	$filedata = array();
 	$filedata['error'] = array();
@@ -144,7 +144,7 @@ function upload_attachment($forum_id, $filename, $local = false, $local_storage
 		return $filedata;
 	}
 
-	$r_file = $filename;
+	$r_file = trim(basename($filename));
 	$file = (!$local) ? $_FILES['fileupload']['tmp_name'] : $local_storage;
 	$filedata['mimetype'] = (!$local) ? $_FILES['fileupload']['type'] : 'application/octet-stream';
 		
@@ -186,56 +186,6 @@ function upload_attachment($forum_id, $filename, $local = false, $local_storage
 		return $filedata;
 	}
 
-	// Check Image Size, if it is an image
-	if (!$auth->acl_gets('m_', 'a_') && $cat_id == ATTACHMENT_CATEGORY_IMAGE)
-	{
-		list($width, $height) = getimagesize($file);
-
-		if ($width != 0 && $height != 0 && $config['img_max_width'] && $config['img_max_height'])
-		{
-			if ($width > $config['img_max_width'] || $height > $config['img_max_height'])
-			{
-				$filedata['error'][] = sprintf($user->lang['ERROR_IMAGESIZE'], $config['img_max_width'], $config['img_max_height']);
-				$filedata['post_attach'] = false;
-				return $filedata;
-			}
-		}
-	}
-
-	// check Filesize 
-	if ($allowed_filesize && $filedata['filesize'] > $allowed_filesize && !$auth->acl_gets('m_', 'a_'))
-	{
-		$size_lang = ($allowed_filesize >= 1048576) ? $user->lang['MB'] : ( ($allowed_filesize >= 1024) ? $user->lang['KB'] : $user->lang['BYTES'] );
-
-		$allowed_filesize = ($allowed_filesize >= 1048576) ? round($allowed_filesize / 1048576 * 100) / 100 : (($allowed_filesize >= 1024) ? round($allowed_filesize / 1024 * 100) / 100 : $allowed_filesize);
-			
-		$filedata['error'][] = sprintf($user->lang['ATTACHMENT_TOO_BIG'], $allowed_filesize, $size_lang);
-		$filedata['post_attach'] = false;
-		return $filedata;
-	}
-
-	// Check our complete quota
-	if ($config['attachment_quota'])
-	{
-		if ($config['upload_dir_size'] + $filedata['filesize'] > $config['attachment_quota'])
-		{
-			$filedata['error'][] = $user->lang['ATTACH_QUOTA_REACHED'];
-			$filedata['post_attach'] = false;
-			return $filedata;
-		}
-	}
-
-	// TODO - Check Free Disk Space - need testing under windows
-	if ($free_space = disk_free_space($config['upload_dir']))
-	{
-		if ($free_space <= $filedata['filesize'])
-		{
-			$filedata['error'][] = $user->lang['ATTACH_QUOTA_REACHED'];
-			$filedata['post_attach'] = false;
-			return $filedata;
-		}
-	}
-
 	$filedata['thumbnail'] = 0;
 				
 	// Prepare Values
@@ -244,10 +194,10 @@ function upload_attachment($forum_id, $filename, $local = false, $local_storage
 
 	$filedata['destination_filename'] = strtolower($filedata['filename']);
 	$filedata['destination_filename'] = $user->data['user_id'] . '_' . $filedata['filetime'] . '.' . $filedata['extension'];
-				
+
 	$filedata['filename'] = str_replace("'", "\'", $filedata['filename']);
-			
-	// Do we have to create a thumbnail ?
+
+	// Do we have to create a thumbnail?
 	if ($cat_id == ATTACHMENT_CATEGORY_IMAGE && $config['img_create_thumbnail'])
 	{
 		$filedata['thumbnail'] = 1;
@@ -264,11 +214,87 @@ function upload_attachment($forum_id, $filename, $local = false, $local_storage
 	{
 		$filedata['error'][] = $result;
 		$filedata['post_attach'] = false;
+
+		return $filedata;
 	}
+
+	$file = (!$local) ? $phpbb_root_path . $config['upload_dir'] . '/' . $filedata['destination_filename'] : $local_storage;
+
+	if (!$filedata['filesize'])
+	{
+		$filedata['filesize'] = @filesize($file);
+	}
+
+	// Check Image Size, if it is an image
+	if (!$auth->acl_gets('m_', 'a_') && $cat_id == ATTACHMENT_CATEGORY_IMAGE)
+	{
+		list($width, $height) = getimagesize($file);
+
+		if ($width != 0 && $height != 0 && $config['img_max_width'] && $config['img_max_height'])
+		{
+			if ($width > $config['img_max_width'] || $height > $config['img_max_height'])
+			{
+				$filedata['error'][] = sprintf($user->lang['ERROR_IMAGESIZE'], $config['img_max_width'], $config['img_max_height']);
+				$filedata['post_attach'] = false;
+	
+				phpbb_unlink($filedata['destination_filename']);
+				phpbb_unlink($filedata['destination_filename'], 'thumbnail');
+				
+				return $filedata;
+			}
+		}
+	}
+
+	// check Filesize 
+	if ($allowed_filesize && $filedata['filesize'] > $allowed_filesize && !$auth->acl_gets('m_', 'a_'))
+	{
+		$size_lang = ($allowed_filesize >= 1048576) ? $user->lang['MB'] : ( ($allowed_filesize >= 1024) ? $user->lang['KB'] : $user->lang['BYTES'] );
+
+		$allowed_filesize = ($allowed_filesize >= 1048576) ? round($allowed_filesize / 1048576 * 100) / 100 : (($allowed_filesize >= 1024) ? round($allowed_filesize / 1024 * 100) / 100 : $allowed_filesize);
+			
+		$filedata['error'][] = sprintf($user->lang['ATTACHMENT_TOO_BIG'], $allowed_filesize, $size_lang);
+		$filedata['post_attach'] = false;
+
+		phpbb_unlink($filedata['destination_filename']);
+		phpbb_unlink($filedata['destination_filename'], 'thumbnail');
+
+		return $filedata;
+	}
+
+	// Check our complete quota
+	if ($config['attachment_quota'])
+	{
+		if ($config['upload_dir_size'] + $filedata['filesize'] > $config['attachment_quota'])
+		{
+			$filedata['error'][] = $user->lang['ATTACH_QUOTA_REACHED'];
+			$filedata['post_attach'] = false;
+
+			phpbb_unlink($filedata['destination_filename']);
+			phpbb_unlink($filedata['destination_filename'], 'thumbnail');
+
+			return $filedata;
+		}
+	}
+
+	// TODO - Check Free Disk Space - need testing under windows
+	if ($free_space = disk_free_space($phpbb_root_path . $config['upload_dir']))
+	{
+		if ($free_space <= $filedata['filesize'])
+		{
+			$filedata['error'][] = $user->lang['ATTACH_QUOTA_REACHED'];
+			$filedata['post_attach'] = false;
+
+			phpbb_unlink($filedata['destination_filename']);
+			phpbb_unlink($filedata['destination_filename'], 'thumbnail');
+			
+			return $filedata;
+		}
+	}
+
 	return $filedata;
 }
 
-// Move/Upload File - could be used for Avatars too ?
+// Move/Upload File - could be used for Avatars too?
 function move_uploaded_attachment($upload_mode, $source_filename, &$filedata)
 {
 	global $user, $config, $phpbb_root_path;
@@ -279,41 +305,41 @@ function move_uploaded_attachment($upload_mode, $source_filename, &$filedata)
 	switch ($upload_mode)
 	{
 		case 'copy':
-			if ( !@copy($source_filename, $config['upload_dir'] . '/' . $destination_filename) ) 
+			if (!@copy($source_filename, $phpbb_root_path . $config['upload_dir'] . '/' . $destination_filename)) 
 			{
-				if ( !@move_uploaded_file($source_filename, $config['upload_dir'] . '/' . $destination_filename) ) 
+				if (!@move_uploaded_file($source_filename, $phpbb_root_path . $config['upload_dir'] . '/' . $destination_filename)) 
 				{
-					return sprintf($user->lang['GENERAL_UPLOAD_ERROR'], $config['upload_dir'] . '/' . $destination_filename);
+					return sprintf($user->lang['GENERAL_UPLOAD_ERROR'], $phpbb_root_path . $config['upload_dir'] . '/' . $destination_filename);
 				}
 			} 
-			@chmod($config['upload_dir'] . '/' . $destination_filename, 0666);
+			@chmod($phpbb_root_path . $config['upload_dir'] . '/' . $destination_filename, 0666);
 			break;
 
 		case 'move':
-			if ( !@move_uploaded_file($source_filename, $config['upload_dir'] . '/' . $destination_filename) ) 
+			if (!@move_uploaded_file($source_filename, $phpbb_root_path . $config['upload_dir'] . '/' . $destination_filename)) 
 			{ 
-				if ( !@copy($source_filename, $config['upload_dir'] . '/' . $destination_filename) ) 
+				if (!@copy($source_filename, $phpbb_root_path . $config['upload_dir'] . '/' . $destination_filename)) 
 				{
-					return sprintf($user->lang['GENERAL_UPLOAD_ERROR'], $config['upload_dir'] . '/' . $destination_filename);
+					return sprintf($user->lang['GENERAL_UPLOAD_ERROR'], $phpbb_root_path . $config['upload_dir'] . '/' . $destination_filename);
 				}
 			} 
-			@chmod($config['upload_dir'] . '/' . $destination_filename, 0666);
+			@chmod($phpbb_root_path . $config['upload_dir'] . '/' . $destination_filename, 0666);
 			break;
 
 		case 'local':
-			if (!@copy($source_filename, $config['upload_dir'] . '/' . $destination_filename))
+			if (!@copy($source_filename, $phpbb_root_path . $config['upload_dir'] . '/' . $destination_filename))
 			{
-				return sprintf($user->lang['GENERAL_UPLOAD_ERROR'], $config['upload_dir'] . '/' . $destination_filename);
+				return sprintf($user->lang['GENERAL_UPLOAD_ERROR'], $phpbb_root_path . $config['upload_dir'] . '/' . $destination_filename);
 			}
-			@chmod($config['upload_dir'] . '/' . $destination_filename, 0666);
+			@chmod($phpbb_root_path . $config['upload_dir'] . '/' . $destination_filename, 0666);
 			@unlink($source_filename);
 			break;
 	}
 
 	if ($filedata['thumbnail'])
 	{
-		$source = $config['upload_dir'] . '/' . $destination_filename;
-		$destination = $config['upload_dir'] . '/thumb_' . $destination_filename;
+		$source = $phpbb_root_path . $config['upload_dir'] . '/' . $destination_filename;
+		$destination = $phpbb_root_path . $config['upload_dir'] . '/thumb_' . $destination_filename;
 
 		if (!create_thumbnail($source, $destination, $filedata['mimetype']))
 		{
@@ -647,18 +673,18 @@ function posting_gen_attachment_entry(&$attachment_data, &$filename_data)
 		foreach ($attachment_data as $attach_row)
 		{
 			$hidden = '';
-			$attach_row['real_filename'] = stripslashes($attach_row['real_filename']);
+			$attach_row['real_filename'] = stripslashes(basename($attach_row['real_filename']));
 
 			foreach ($attach_row as $key => $value)
 			{
 				$hidden .= '<input type="hidden" name="attachment_data[' . $count . '][' . $key . ']" value="' . $value . '" />';
 			}
 			
-			$download_link = (!$attach_row['attach_id']) ? $config['upload_dir'] . '/' . $attach_row['physical_filename'] : $phpbb_root_path . "download.$phpEx$SID&id=" . intval($attach_row['attach_id']);
+			$download_link = (!$attach_row['attach_id']) ? $phpbb_root_path . $config['upload_dir'] . '/' . basename($attach_row['physical_filename']) : $phpbb_root_path . "download.$phpEx$SID&id=" . intval($attach_row['attach_id']);
 				
 			$template->assign_block_vars('attach_row', array(
-				'FILENAME'			=> $attach_row['real_filename'],
-				'ATTACH_FILENAME'	=> $attach_row['physical_filename'],
+				'FILENAME'			=> basename($attach_row['real_filename']),
+				'ATTACH_FILENAME'	=> basename($attach_row['physical_filename']),
 				'FILE_COMMENT'		=> $attach_row['comment'],
 				'ATTACH_ID'			=> $attach_row['attach_id'],
 				'ASSOC_INDEX'		=> $count,
diff --git a/phpBB/includes/functions_privmsgs.php b/phpBB/includes/functions_privmsgs.php
index 0284071fa4..b2a43ec1e6 100644
--- a/phpBB/includes/functions_privmsgs.php
+++ b/phpBB/includes/functions_privmsgs.php
@@ -1278,8 +1278,8 @@ function submit_pm($mode, $subject, &$data, $update_message, $put_in_outbox = tr
 					'topic_id'			=> 0,
 					'in_message'		=> 1,
 					'poster_id'			=> $user->data['user_id'],
-					'physical_filename'	=> $attach_row['physical_filename'],
-					'real_filename'		=> $attach_row['real_filename'],
+					'physical_filename'	=> basename($attach_row['physical_filename']),
+					'real_filename'		=> basename($attach_row['real_filename']),
 					'comment'			=> $attach_row['comment'],
 					'extension'			=> $attach_row['extension'],
 					'mimetype'			=> $attach_row['mimetype'],
diff --git a/phpBB/includes/mcp/mcp_main.php b/phpBB/includes/mcp/mcp_main.php
index 44e6b5acd6..743b745f8f 100644
--- a/phpBB/includes/mcp/mcp_main.php
+++ b/phpBB/includes/mcp/mcp_main.php
@@ -869,8 +869,8 @@ function mcp_fork_topic($topic_ids)
 							'topic_id'			=> (int) $new_topic_id,
 							'in_message'		=> 0,
 							'poster_id'			=> (int) $attach_row['poster_id'],
-							'physical_filename'	=> (string) $attach_row['physical_filename'],
-							'real_filename'		=> (string) $attach_row['real_filename'],
+							'physical_filename'	=> (string) basename($attach_row['physical_filename']),
+							'real_filename'		=> (string) basename($attach_row['real_filename']),
 							'download_count'	=> (int) $attach_row['download_count'],
 							'comment'			=> (string) $attach_row['comment'],
 							'extension'			=> (string) $attach_row['extension'],
diff --git a/phpBB/includes/mcp/mcp_topic.php b/phpBB/includes/mcp/mcp_topic.php
index 2004e51874..683dd0776e 100644
--- a/phpBB/includes/mcp/mcp_topic.php
+++ b/phpBB/includes/mcp/mcp_topic.php
@@ -358,6 +358,12 @@ function split_topic($mode, $topic_id, $to_forum_id, $subject)
 		$to_topic_id = $db->sql_nextid();
 		move_posts($post_id_list, $to_topic_id);
 
+		// Change topic title of first post
+		$sql = 'UPDATE ' . POSTS_TABLE . " 
+			SET post_subject = '" . $db->sql_escape($subject) . "'
+			WHERE post_id = {$post_id_list[0]}";
+		$db->sql_query($sql);
+
 		$success_msg = 'TOPIC_SPLIT_SUCCESS';
 
 		// Link back to both topics
diff --git a/phpBB/posting.php b/phpBB/posting.php
index 974d2b7426..a7d6d6f3fc 100644
--- a/phpBB/posting.php
+++ b/phpBB/posting.php
@@ -910,7 +910,7 @@ if (!sizeof($error) && $preview)
 		$template->assign_var('S_HAS_ATTACHMENTS', true);
 
 		$attachment_data = $message_parser->attachment_data;
-		$unset_attachments = parse_inline_attachments($preview_message, $attachment_data, $update_count, $forum_id);
+		$unset_attachments = parse_inline_attachments($preview_message, $attachment_data, $update_count, $forum_id, true);
 
 		foreach ($unset_attachments as $index)
 		{
@@ -1667,8 +1667,8 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 					'topic_id'			=> $data['topic_id'],
 					'in_message'		=> 0,
 					'poster_id'			=> $poster_id,
-					'physical_filename'	=> $attach_row['physical_filename'],
-					'real_filename'		=> $attach_row['real_filename'],
+					'physical_filename'	=> basename($attach_row['physical_filename']),
+					'real_filename'		=> basename($attach_row['real_filename']),
 					'comment'			=> $attach_row['comment'],
 					'extension'			=> $attach_row['extension'],
 					'mimetype'			=> $attach_row['mimetype'],