- fixes for the following bugs:

#5326 #5318 #5304 #5290 #5288 #5278 #5276 #5272 #5266 - also fixed the "Call-time pass-by-reference" bug #5252 - within this step changed the normalize calls to require references. - added captcha size variables to the class scope (suggestion was posted at area51) git-svn-id: file:///svn/phpbb/trunk@6584 89ea8834-ac86-4346-8a33-228a782c2dd0
2025-06-29 06:38:52 +00:00 · 2006-11-15 15:35:50 +00:00 · 2006-11-15 15:35:50 +00:00 · 548cc2c10b
commit 548cc2c10b
parent 979e36077f
38 changed files with 240 additions and 234 deletions
--- a/phpBB/adm/index.php
+++ b/phpBB/adm/index.php
@ -206,6 +206,7 @@ function adm_page_footer($copyright_html = true)
 	$template->assign_vars(array(
 		'DEBUG_OUTPUT'		=> (defined('DEBUG')) ? $debug_output : '',
 		'TRANSLATION_INFO'	=> (!empty($user->lang['TRANSLATION_INFO'])) ? $user->lang['TRANSLATION_INFO'] : '',
 		'S_COPYRIGHT_HTML'	=> $copyright_html,
 		'VERSION'			=> $config['version'])
 	);
--- a/phpBB/adm/style/overall_footer.html
+++ b/phpBB/adm/style/overall_footer.html
@ -19,7 +19,7 @@
 	<div id="page-footer">
 		<!-- IF S_COPYRIGHT_HTML -->
 			Powered by phpBB {VERSION} &copy; 2006 <a href="http://www.phpbb.com/">phpBB Group</a>
-			{L_TRANSLATION_INFO}
+			<!-- IF TRANSLATION_INFO --><br />{TRANSLATION_INFO}<!-- ENDIF -->
 		<!-- ENDIF -->
 		<!-- IF DEBUG_OUTPUT -->
--- a/phpBB/adm/style/simple_footer.html
+++ b/phpBB/adm/style/simple_footer.html
@ -17,7 +17,7 @@
 	<!-- IF S_COPYRIGHT_HTML -->
 		<br />Powered by phpBB {VERSION} &copy; 2006 <a href="http://www.phpbb.com/">phpBB Group</a>
-		{TRANSLATION_INFO}
+		<!-- IF TRANSLATION_INFO --><br />{TRANSLATION_INFO}<!-- ENDIF -->
 	<!-- ENDIF -->
 	<!-- IF DEBUG_OUTPUT -->
--- a/phpBB/develop/create_schema_files.php
+++ b/phpBB/develop/create_schema_files.php
@ -889,7 +889,7 @@ function get_schema_struct()
 		'COLUMNS'		=> array(
 			'bbcode_id'				=> array('TINT:3', 0),
 			'bbcode_tag'			=> array('VCHAR:16', ''),
-			'bbcode_helpline'		=> array('VCHAR', ''),
+			'bbcode_helpline'		=> array('VCHAR_UNI', ''),
 			'display_on_posting'	=> array('BOOL', 0),
 			'bbcode_match'			=> array('TEXT_UNI', ''),
 			'bbcode_tpl'			=> array('MTEXT_UNI', ''),
--- a/phpBB/includes/acp/acp_bbcodes.php
+++ b/phpBB/includes/acp/acp_bbcodes.php
@ -76,7 +76,7 @@ class acp_bbcodes
 				$bbcode_match = request_var('bbcode_match', '');
 				$bbcode_tpl = htmlspecialchars_decode(request_var('bbcode_tpl', ''));
-				$bbcode_helpline = request_var('bbcode_helpline', '');
+				$bbcode_helpline = request_var('bbcode_helpline', '', true);
 			break;
 		}
--- a/phpBB/includes/acp/acp_board.php
+++ b/phpBB/includes/acp/acp_board.php
@ -346,11 +346,7 @@ class acp_board
 		}
 		$this->new_config = $config;
-		$cfg_array = (isset($_REQUEST['config'])) ? request_var('config', array('' => ''), true) : $this->new_config;
+		$cfg_array = (isset($_REQUEST['config'])) ? utf8_normalize_nfc(request_var('config', array('' => ''), true)) : $this->new_config;
 		if (isset($_REQUEST['config']))
 		{
 			utf8_normalize_nfc(&$cfg_array);
 		}
 		$error = array();
 		// We validate the complete config if whished
--- a/phpBB/includes/acp/acp_forums.php
+++ b/phpBB/includes/acp/acp_forums.php
@ -615,8 +615,8 @@ class acp_forums
 				$forum_data = $this->get_forum_info($forum_id);
 				$subforums_id = array();
 				$subforums = get_forum_branch($forum_id, 'children');
 				foreach ($subforums as $row)
 				{
 					$subforums_id[] = $row['forum_id'];
@ -647,6 +647,7 @@ class acp_forums
 					'FORUM_NAME'			=> $forum_data['forum_name'],
 					'S_FORUM_POST'			=> ($forum_data['forum_type'] == FORUM_POST) ? true : false,
 					'S_FORUM_LINK'			=> ($forum_data['forum_type'] == FORUM_LINK) ? true : false,
 					'S_HAS_SUBFORUMS'		=> ($forum_data['right_id'] - $forum_data['left_id'] > 1) ? true : false,
 					'S_FORUMS_LIST'			=> $forums_list,
 					'S_ERROR'				=> (sizeof($errors)) ? true : false,
--- a/phpBB/includes/acp/acp_language.php
+++ b/phpBB/includes/acp/acp_language.php
@ -107,11 +107,11 @@ class acp_language
 				$hidden_data = build_hidden_fields(array(
 					'file'		=> $this->language_file,
 					'dir'		=> $this->language_directory,
-					'method'	=> $method,
+					'method'	=> $method)
 					'entry'		=> $_POST['entry']),
 					true
 				);
 				$hidden_data .= build_hidden_fields(array('entry' => $_POST['entry']), true, STRIP);
 				$template->assign_vars(array(
 					'S_UPLOAD'	=> true,
 					'NAME'		=> $method,
--- a/phpBB/includes/acp/acp_users.php
+++ b/phpBB/includes/acp/acp_users.php
@ -983,16 +983,14 @@ class acp_users
 					'yim'			=> request_var('yim', $user_row['user_yim']),
 					'jabber'		=> request_var('jabber', $user_row['user_jabber']),
 					'website'		=> request_var('website', $user_row['user_website']),
-					'location'		=> request_var('location', $user_row['user_from'], true),
+					'location'		=> utf8_normalize_nfc(request_var('location', $user_row['user_from'], true)),
-					'occupation'	=> request_var('occupation', $user_row['user_occ'], true),
+					'occupation'	=> utf8_normalize_nfc(request_var('occupation', $user_row['user_occ'], true)),
-					'interests'		=> request_var('interests', $user_row['user_interests'], true),
+					'interests'		=> utf8_normalize_nfc(request_var('interests', $user_row['user_interests'], true)),
 					'bday_day'		=> 0,
 					'bday_month'	=> 0,
 					'bday_year'		=> 0,
 				);
 				utf8_normalize_nfc(array(&$data['location'], &$data['occupation'], &$data['interests']));
 				if ($user_row['user_birthday'])
 				{
 					list($data['bday_day'], $data['bday_month'], $data['bday_year']) = explode('-', $user_row['user_birthday']);
@ -1551,9 +1549,7 @@ class acp_users
 				$enable_bbcode	= ($config['allow_sig_bbcode']) ? request_var('enable_bbcode', $this->optionget($user_row, 'bbcode')) : false;
 				$enable_smilies	= ($config['allow_sig_smilies']) ? request_var('enable_smilies', $this->optionget($user_row, 'smilies')) : false;
 				$enable_urls	= request_var('enable_urls', true);
-				$signature		= request_var('signature', $user_row['user_sig'], true);
+				$signature		= utf8_normalize_nfc(request_var('signature', $user_row['user_sig'], true));
 				utf8_normalize_nfc(&$signature);
 				$preview		= (isset($_POST['preview'])) ? true : false;
--- a/phpBB/includes/acp/acp_words.php
+++ b/phpBB/includes/acp/acp_words.php
@ -69,10 +69,8 @@ class acp_words
 			case 'save':
 				$word_id		= request_var('id', 0);
-				$word = request_var('word', '', true);
+				$word			= utf8_normalize_nfc(request_var('word', '', true));
-				$replacement = request_var('replacement', '', true);
+				$replacement	= utf8_normalize_nfc(request_var('replacement', '', true));
 				utf8_normalize_nfc(array(&$word, &$replacement));
 				if (!$word || !$replacement)
 				{
--- a/phpBB/includes/captcha/captcha_gd.php
+++ b/phpBB/includes/captcha/captcha_gd.php
@ -16,33 +16,18 @@
 */
 class captcha
 {
 	var $width = 360;
 	var $height = 96;
 	function execute($code)
 	{
 		global $config;
 		$stats = gd_info();
-		if (substr($stats['GD Version'], 0, 7) === 'bundled')
+		$bundled = (substr($stats['GD Version'], 0, 7) === 'bundled') ? true : false;
 		{
 			$bundled = true;
 		}
 		else
 		{
 			$bundled = false;
 		}
 		preg_match('/[\\d.]+/', $stats['GD Version'], $version);
-		if (version_compare($version[0], '2.0.1', '>='))
+		$gd_version = (version_compare($version[0], '2.0.1', '>=')) ? 2 : 1;
 		{
 			$gd_version = 2;
 		}
 		else
 		{
 			$gd_version = 1;
 		}
 		// set dimension of image
 		$lx = 360;
 		$ly = 96;
 		// create the image, stay compat with older versions of GD
 		if ($gd_version === 2)
@ -56,7 +41,7 @@ class captcha
 			$func2 = 'imagecolorclosest';
 		}
-		$image = $func1($lx, $ly);
+		$image = $func1($this->width, $this->height);
 		if ($bundled)
 		{
@ -65,7 +50,7 @@ class captcha
 		// set background color
 		$back =  imagecolorallocate($image, mt_rand(224, 255), mt_rand(224, 255), mt_rand(224, 255));
-		imagefilledrectangle($image, 0, 0, $lx, $ly, $back);
+		imagefilledrectangle($image, 0, 0, $this->width, $this->height, $back);
 		// allocates the 216 websafe color palette to the image
 		if ($gd_version === 1)
@ -82,7 +67,6 @@ class captcha
 			}
 		}
 		// fill with noise or grid
 		if ($config['captcha_gd_noise'])
 		{
@ -92,7 +76,7 @@ class captcha
 				$size	= mt_rand(8, 23);
 				$angle	= mt_rand(0, 360);
 				$x		= mt_rand(0, 360);
-				$y		= mt_rand(0, (int)($ly - ($size / 5)));
+				$y		= mt_rand(0, (int)($this->height - ($size / 5)));
 				$color	= $func2($image, mt_rand(160, 224), mt_rand(160, 224), mt_rand(160, 224));
 				$text	= chr(mt_rand(45, 250));
 				imagettftext($image, $size, $angle, $x, $y, $color, $this->get_font(), $text);
@ -101,15 +85,16 @@ class captcha
 		else
 		{
 			// generate grid
-			for ($i = 0; $i < $lx; $i += 13)
+			for ($i = 0; $i < $this->width; $i += 13)
 			{
 				$color	= $func2($image, mt_rand(160, 224), mt_rand(160, 224), mt_rand(160, 224));
-				imageline($image, $i, 0, $i, $ly, $color);
+				imageline($image, $i, 0, $i, $this->height, $color);
 			}
-			for ($i = 0; $i < $ly; $i += 11)
+
 			for ($i = 0; $i < $this->height; $i += 11)
 			{
 				$color	= $func2($image, mt_rand(160, 224), mt_rand(160, 224), mt_rand(160, 224));
-				imageline($image, 0, $i, $lx, $i, $color);
+				imageline($image, 0, $i, $this->width, $i, $color);
 			}
 		}
@ -120,7 +105,7 @@ class captcha
 			$text	= strtoupper($code[$i]);
 			$angle	= mt_rand(-30, 30);
 			$size	= mt_rand(20, 40);
-			$y		= mt_rand((int)($size * 1.5), (int)($ly - ($size / 7)));
+			$y		= mt_rand((int)($size * 1.5), (int)($this->height - ($size / 7)));
 			$color	= $func2($image, mt_rand(0, 127), mt_rand(0, 127), mt_rand(0, 127));
 			$shadow = $func2($image, mt_rand(127, 254), mt_rand(127, 254), mt_rand(127, 254));
--- a/phpBB/includes/captcha/captcha_non_gd.php
+++ b/phpBB/includes/captcha/captcha_non_gd.php
@ -17,6 +17,8 @@
 class captcha
 {
 	var $filtered_pngs;
 	var $width = 320;
 	var $height = 50;
 	/**
 	* Define filtered pngs on init
@ -32,9 +34,7 @@ class captcha
 	*/
 	function execute($code)
 	{
-		$total_width = 320;
+		$img_height = $this->height - 10;
 		$total_height = 50;
 		$img_height = 40;
 		$img_width = 0;
 		list($usec, $sec) = explode(' ', microtime()); 
@ -45,7 +45,7 @@ class captcha
 		for ($i = 0; $i < $code_len; $i++)
 		{
-			$char = $code{$i};
+			$char = $code[$i];
 			$width = mt_rand(0, 4);
 			$raw_width = $this->filtered_pngs[$char]['width'];
@ -59,11 +59,11 @@ class captcha
 			}
 		}
-		$offset_x = mt_rand(0, $total_width - $img_width);
+		$offset_x = mt_rand(0, $this->width - $img_width);
-		$offset_y = mt_rand(0, $total_height - $img_height);
+		$offset_y = mt_rand(0, $this->height - $img_height);
 		$image = '';
-		for ($i = 0; $i < $total_height; $i++)
+		for ($i = 0; $i < $this->height; $i++)
 		{
 			$image .= chr(0);
@ -79,14 +79,14 @@ class captcha
 					$image .= $this->randomise(substr($hold_chars[$code{$j}][$i - $offset_y - 1], 1), $char_widths[$j]);
 				}
-				for ($j = $offset_x + $img_width; $j < $total_width; $j++)
+				for ($j = $offset_x + $img_width; $j < $this->width; $j++)
 				{
 					$image .= chr(mt_rand(140, 255));
 				}
 			}
 			else
 			{
-				for ($j = 0; $j < $total_width; $j++)
+				for ($j = 0; $j < $this->width; $j++)
 				{
 					$image .= chr(mt_rand(140, 255));
 				}
@ -94,7 +94,7 @@ class captcha
 		}
 		unset($hold_chars);
-		$image = $this->create_png($image, $total_width, $total_height);
+		$image = $this->create_png($image, $this->width, $this->height);
 		// Output image
 		header('Content-Type: image/png');
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@ -614,6 +614,10 @@ else
 if (!function_exists('htmlspecialchars_decode'))
 {
 	/**
 	* A wrapper for htmlspecialchars_decode
 	* @ignore
 	*/
 	function htmlspecialchars_decode($string, $quote_style = ENT_COMPAT)
 	{
 		return strtr($string, array_flip(get_html_translation_table(HTML_SPECIALCHARS, $quote_style)));
@ -2493,14 +2497,14 @@ function extension_allowed($forum_id, $extension, &$extensions)
 /**
 * Little helper for the build_hidden_fields function
 */
-function _build_hidden_fields($key, $value, $specialchar)
+function _build_hidden_fields($key, $value, $specialchar, $stripslashes)
 {
 	$hidden_fields = '';
 	if (!is_array($value))
 	{
-		$key = ($specialchar) ? htmlspecialchars($key) : $key;
+		$value = ($stripslashes) ? stripslashes($value) : $value;
-		$value = ($specialchar) ? htmlspecialchars($value) : $value;
+		$value = ($specialchar) ? htmlspecialchars($value, ENT_COMPAT, 'UTF-8') : $value;
 		$hidden_fields .= '<input type="hidden" name="' . $key . '" value="' . $value . '" />' . "\n";
 	}
@ -2508,7 +2512,10 @@ function _build_hidden_fields($key, $value, $specialchar)
 	{
 		foreach ($value as $_key => $_value)
 		{
-			$hidden_fields .= _build_hidden_fields($key . '[' . $_key . ']', $_value, $specialchar);
+			$_key = ($stripslashes) ? stripslashes($_key) : $key;
 			$_key = ($specialchar) ? htmlspecialchars($_key, ENT_COMPAT, 'UTF-8') : $_key;
 			$hidden_fields .= _build_hidden_fields($key . '[' . $_key . ']', $_value, $specialchar, $stripslashes);
 		}
 	}
@ -2517,14 +2524,23 @@ function _build_hidden_fields($key, $value, $specialchar)
 /**
 * Build simple hidden fields from array
 *
 * @param array $field_ary an array of values to build the hidden field from
 * @param bool $specialchar if true, keys and values get specialchared
 * @param bool $stripslashes if true, keys and values get stripslashed
 *
 * @return string the hidden fields
 */
-function build_hidden_fields($field_ary, $specialchar = false)
+function build_hidden_fields($field_ary, $specialchar = false, $stripslashes = false)
 {
 	$s_hidden_fields = '';
 	foreach ($field_ary as $name => $vars)
 	{
-		$s_hidden_fields .= _build_hidden_fields($name, $vars, $specialchar);
+		$name = ($stripslashes) ? stripslashes($name) : $name;
 		$name = ($specialchar) ? htmlspecialchars($name, ENT_COMPAT, 'UTF-8') : $name;
 		$s_hidden_fields .= _build_hidden_fields($name, $vars, $specialchar, $stripslashes);
 	}
 	return $s_hidden_fields;
@ -2773,6 +2789,12 @@ function phpbb_checkdnsrr($host, $type = '')
 		@exec('nslookup -type=' . escapeshellarg($type) . ' ' . escapeshellarg($host), $output);
 		// If output is empty, the nslookup failed
 		if (empty($output))
 		{
 			return NULL;
 		}
 		foreach ($output as $line)
 		{
 			if (!trim($line))
@ -3345,6 +3367,7 @@ function page_footer($run_cron = true)
 	$template->assign_vars(array(
 		'DEBUG_OUTPUT'			=> (defined('DEBUG')) ? $debug_output : '',
 		'TRANSLATION_INFO'		=> (!empty($user->lang['TRANSLATION_INFO'])) ? $user->lang['TRANSLATION_INFO'] : '',
 		'U_ACP' => ($auth->acl_get('a_') && $user->data['is_registered']) ? append_sid("{$phpbb_root_path}adm/index.$phpEx", '', true, $user->session_id) : '')
 	);
@ -3385,7 +3408,7 @@ function page_footer($run_cron = true)
 		if ($cron_type)
 		{
-			$template->assign_var('RUN_CRON_TASK', '<img src="' . $phpbb_root_path . 'cron.' . $phpEx . '?cron_type=' . $cron_type . '" width="1" height="1" alt="cron" />');
+			$template->assign_var('RUN_CRON_TASK', '<img src="' . append_sid($phpbb_root_path . 'cron.' . $phpEx, 'cron_type=' . $cron_type) . '" width="1" height="1" alt="cron" />');
 		}
 	}
--- a/phpBB/includes/functions_admin.php
+++ b/phpBB/includes/functions_admin.php
@ -482,6 +482,7 @@ function delete_topics($where_type, $where_ids, $auto_sync = true)
 {
 	global $db, $config;
 	$approved_topics = 0;
 	$forum_ids = $topic_ids = array();
 	if (is_array($where_ids))
@ -502,7 +503,7 @@ function delete_topics($where_type, $where_ids, $auto_sync = true)
 		'posts'	=>	delete_posts($where_type, $where_ids, false, true)
 	);
-	$sql = 'SELECT topic_id, forum_id
+	$sql = 'SELECT topic_id, forum_id, topic_approved
 		FROM ' . TOPICS_TABLE . '
 		WHERE ' . $db->sql_in_set($where_type, $where_ids);
 	$result = $db->sql_query($sql);
@ -511,6 +512,11 @@ function delete_topics($where_type, $where_ids, $auto_sync = true)
 	{
 		$forum_ids[] = $row['forum_id'];
 		$topic_ids[] = $row['topic_id'];
 		if ($row['topic_approved'])
 		{
 			$approved_topics++;
 		}
 	}
 	$db->sql_freeresult($result);
@ -545,7 +551,10 @@ function delete_topics($where_type, $where_ids, $auto_sync = true)
 		sync('topic_reported', $where_type, $where_ids);
 	}
-	set_config('num_topics', $config['num_topics'] - sizeof($return['topics']), true);
+	if ($approved_topics)
 	{
 		set_config('num_topics', $config['num_topics'] - $approved_topics, true);
 	}
 	return $return;
 }
@ -571,9 +580,10 @@ function delete_posts($where_type, $where_ids, $auto_sync = true, $posted_sync =
 		return false;
 	}
 	$approved_posts = 0;
 	$post_ids = $topic_ids = $forum_ids = $post_counts = array();
-	$sql = 'SELECT post_id, poster_id, post_postcount, topic_id, forum_id
+	$sql = 'SELECT post_id, poster_id, post_approved, post_postcount, topic_id, forum_id
 		FROM ' . POSTS_TABLE . '
 		WHERE ' . $db->sql_in_set($where_type, array_map('intval', $where_ids));
 	$result = $db->sql_query($sql);
@ -589,6 +599,11 @@ function delete_posts($where_type, $where_ids, $auto_sync = true, $posted_sync =
 		{
 			$post_counts[$row['poster_id']] = (!empty($post_counts[$row['poster_id']])) ? $post_counts[$row['poster_id']] + 1 : 1;
 		}
 		if ($row['post_approved'])
 		{
 			$approved_posts++;
 		}
 	}
 	$db->sql_freeresult($result);
@ -658,7 +673,10 @@ function delete_posts($where_type, $where_ids, $auto_sync = true, $posted_sync =
 		sync('forum', 'forum_id', $forum_ids, true);
 	}
-	set_config('num_posts', $config['num_posts'] - sizeof($post_ids), true);
+	if ($approved_posts)
 	{
 		set_config('num_posts', $config['num_posts'] - $approved_posts, true);
 	}
 	return sizeof($post_ids);
 }
--- a/phpBB/includes/functions_display.php
+++ b/phpBB/includes/functions_display.php
@ -974,7 +974,7 @@ function display_custom_bbcodes()
 			'BBCODE_NAME'		=> "'[{$row['bbcode_tag']}]', '[/" . str_replace('=', '', $row['bbcode_tag']) . "]'",
 			'BBCODE_ID'			=> $num_predefined_bbcodes + ($i * 2),
 			'BBCODE_TAG'		=> $row['bbcode_tag'],
-			'BBCODE_HELPLINE'	=> str_replace(array('&amp;', '&quot;', '&#039;', '&lt;', '&gt;'), array('\&', '\"', '\\\'', '<', '>'), $row['bbcode_helpline']))
+			'BBCODE_HELPLINE'	=> str_replace(array('&amp;', '&quot;', "'", '&lt;', '&gt;'), array('\&', '\"', '\\\'', '<', '>'), $row['bbcode_helpline']))
 		);
 		$i++;
--- a/phpBB/includes/functions_profile_fields.php
+++ b/phpBB/includes/functions_profile_fields.php
@ -579,7 +579,7 @@ class custom_profile
 			if (gettype($value) == 'string')
 			{
-				utf8_normalize_nfc(&$value);
+				$value = utf8_normalize_nfc($value);
 			}
 		}
@ -865,8 +865,7 @@ class custom_profile
 			case FIELD_STRING:
 			case FIELD_TEXT:
-				$var = request_var($var_name, $profile_row['field_default_value'], true);
+				$var = utf8_normalize_nfc(request_var($var_name, $profile_row['field_default_value'], true));
 				utf8_normalize_nfc(&$var);
 			break;
 			case FIELD_INT:
--- a/phpBB/includes/mcp/mcp_topic.php
+++ b/phpBB/includes/mcp/mcp_topic.php
@ -32,14 +32,12 @@ function mcp_topic_view($id, $mode, $action)
 	// Set up some vars
 	$icon_id		= request_var('icon', 0);
-	$subject		= request_var('subject', '', true);
+	$subject		= utf8_normalize_nfc(request_var('subject', '', true));
 	$start			= request_var('start', 0);
 	$to_topic_id	= request_var('to_topic_id', 0);
 	$to_forum_id	= request_var('to_forum_id', 0);
 	$post_id_list	= request_var('post_id_list', array(0));
 	utf8_normalize_nfc(&$subject);
 	// Split Topic?
 	if ($action == 'split_all' || $action == 'split_beyond')
 	{
--- a/phpBB/includes/message_parser.php
+++ b/phpBB/includes/message_parser.php
@ -88,8 +88,11 @@ class bbcode_firstpass extends bbcode
 		{
 			$in = str_replace("\r\n", "\n", $this->message);
-			$this->message = preg_replace(array('#\[quote(=&quot;.*?&quot;)?\]([^\n])#is', '#([^\n])\[\/quote\]#is'), array("[quote\\1]\n\\2", "\\1\n[/quote]"), $this->message);
+			// We strip newlines and spaces after and before quotes in quotes (trimming)
-			$this->message = preg_replace(array('#\[quote(=&quot;.*?&quot;)?\]([^\n])#is', '#([^\n])\[\/quote\]#is'), array("[quote\\1]\n\\2", "\\1\n[/quote]"), $this->message);
+			$this->message = preg_replace(array('#\[quote(=&quot;.*?&quot;)?\]([\s|\n]+)#is', '#([\s|\n]+)\[\/quote\]#is'), array("[quote\\1]", "[/quote]"), $this->message);
 			// Now we add exactly one newline
 			$this->message = preg_replace(array('#\[quote(=&quot;.*?&quot;)?\]#is', '#\[\/quote\]#is'), array("[quote\\1]\n", "\n[/quote]"), $this->message);
 		}
 		// Add other checks which needs to be placed before actually parsing anything (be it bbcodes, smilies, urls...)
@ -600,7 +603,7 @@ class bbcode_firstpass extends bbcode
 			$pos = strlen($in);
 			for ($i = 0, $tok_len = strlen($tok); $i < $tok_len; ++$i)
 			{
-				$tmp_pos = strpos($in, $tok{$i});
+				$tmp_pos = strpos($in, $tok[$i]);
 				if ($tmp_pos !== false && $tmp_pos < $pos)
 				{
 					$pos = $tmp_pos;
@ -608,7 +611,7 @@ class bbcode_firstpass extends bbcode
 			}
 			$buffer .= substr($in, 0, $pos);
-			$tok = $in{$pos};
+			$tok = $in[$pos];
 			$in = substr($in, $pos + 1);
 			if ($tok == ']')
@ -616,10 +619,15 @@ class bbcode_firstpass extends bbcode
 				if ($buffer == '/quote' && sizeof($close_tags))
 				{
 					// we have found a closing tag
-					// Add space at the end of the closing tag to allow following urls/smilies to be parsed correctly
+					$out .= array_pop($close_tags) . ']';
 					$out .= array_pop($close_tags) . '] ';
 					$tok = '[';
 					$buffer = '';
 					// Add space at the end of the closing tag if not happened before to allow following urls/smilies to be parsed correctly
 					if (!$in || $in[0] !== ' ')
 					{
 						$out .= ' ';
 					}
 				}
 				else if (preg_match('#^quote(?:=&quot;(.*?)&quot;)?$#is', $buffer, $m))
 				{
@ -1138,8 +1146,7 @@ class parse_message extends bbcode_firstpass
 		$error = array();
 		$num_attachments = sizeof($this->attachment_data);
-		$this->filename_data['filecomment'] = request_var('filecomment', '', true);
+		$this->filename_data['filecomment'] = utf8_normalize_nfc(request_var('filecomment', '', true));
 		utf8_normalize_nfc(&$this->filename_data['filecomment']);
 		$upload_file = (isset($_FILES[$form_name]) && $_FILES[$form_name]['name'] != 'none' && trim($_FILES[$form_name]['name'])) ? true : false;
 		$add_file		= (isset($_POST['add_file'])) ? true : false;
@ -1256,8 +1263,7 @@ class parse_message extends bbcode_firstpass
 			{
 				if ($edit_comment)
 				{
-					$actual_comment_list = request_var('comment_list', array(''), true);
+					$actual_comment_list = utf8_normalize_nfc(request_var('comment_list', array(''), true));
 					utf8_normalize_nfc(&$actual_comment_list);
 					$edit_comment = request_var('edit_comment', array(0 => ''));
 					$edit_comment = key($edit_comment);
@ -1322,8 +1328,7 @@ class parse_message extends bbcode_firstpass
 	{
 		global $user, $db, $phpbb_root_path, $phpEx, $config;
-		$this->filename_data['filecomment'] = request_var('filecomment', '', true);
+		$this->filename_data['filecomment'] = utf8_normalize_nfc(request_var('filecomment', '', true));
 		utf8_normalize_nfc(&$this->filename_data['filecomment']);
 		$attachment_data = (isset($_POST['attachment_data'])) ? $_POST['attachment_data'] : array();
 		$this->attachment_data = array();
--- a/phpBB/includes/search/fulltext_native.php
+++ b/phpBB/includes/search/fulltext_native.php
@ -1296,6 +1296,8 @@ class fulltext_native extends search_backend
 	* @param	string	$allowed_chars	String of special chars to allow
 	* @param	string	$encoding		Text encoding
 	* @return	string					Cleaned up text, only alphanumeric chars are left
 	*
 	* @todo normalizer::cleanup being able to be used?
 	*/
 	function cleanup($text, $allowed_chars = null, $encoding = 'utf-8')
 	{
@ -1303,9 +1305,7 @@ class fulltext_native extends search_backend
 		static $conv = array(), $conv_loaded = array();
 		$words = $allow = array();
-		/**
+		// Convert the text to UTF-8
 		* Convert the text to UTF-8
 		*/
 		$encoding = strtolower($encoding);
 		if ($encoding != 'utf-8')
 		{
@ -1330,7 +1330,7 @@ class fulltext_native extends search_backend
 		* If we use it more widely, an instance of that class should be held in a
 		* a global variable instead
 		*/
-		$text = utf_normalizer::nfc($text);
+		utf_normalizer::nfc($text);
 		/**
 		* The first thing we do is:
--- a/phpBB/includes/session.php
+++ b/phpBB/includes/session.php
@ -450,7 +450,6 @@ class session
 			$this->check_ban($this->data['user_id'], $this->ip);
 		}
 		$this->data['is_registered'] = (!$bot && $this->data['user_id'] != ANONYMOUS && ($this->data['user_type'] == USER_NORMAL || $this->data['user_type'] == USER_FOUNDER)) ? true : false;
 		$this->data['is_bot'] = ($bot) ? true : false;
@ -471,6 +470,8 @@ class session
 				// Only update session DB a minute or so after last update or if page changes
 				if ($this->time_now - $this->data['session_time'] > 60 || ($this->update_session_page && $this->data['session_page'] != $this->page['page']))
 				{
 					$this->data['session_time'] = $this->data['session_last_visit'] = $this->time_now;
 					$sql_ary = array('session_time' => $this->time_now, 'session_last_visit' => $this->time_now, 'session_admin' => 0);
 					if ($this->update_session_page)
@ -481,6 +482,12 @@ class session
 					$sql = 'UPDATE ' . SESSIONS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
 						WHERE session_id = '" . $db->sql_escape($this->session_id) . "'";
 					$db->sql_query($sql);
 					// Update the last visit time
 					$sql = 'UPDATE ' . USERS_TABLE . '
 						SET user_lastvisit = ' . (int) $this->data['session_time'] . '
 						WHERE user_id = ' . (int) $this->data['user_id'];
 					$db->sql_query($sql);
 				}
 				$SID = '?sid=';
--- a/phpBB/includes/ucp/ucp_main.php
+++ b/phpBB/includes/ucp/ucp_main.php
@ -660,10 +660,8 @@ class ucp_main
 				if ($submit && $edit)
 				{
-					$draft_subject = request_var('subject', '', true);
+					$draft_subject = utf8_normalize_nfc(request_var('subject', '', true));
-					$draft_message = request_var('message', '', true);
+					$draft_message = utf8_normalize_nfc(request_var('message', '', true));
 					utf8_normalize_nfc(array(&$draft_subject, &$draft_message));
 					if ($draft_message && $draft_subject)
 					{
--- a/phpBB/includes/ucp/ucp_pm_compose.php
+++ b/phpBB/includes/ucp/ucp_pm_compose.php
@ -396,11 +396,9 @@ function compose_pm($id, $mode, $action)
 	// Save Draft
 	if ($save && $auth->acl_get('u_savedrafts'))
 	{
-		$subject = request_var('subject', '', true);
+		$subject = utf8_normalize_nfc(request_var('subject', '', true));
 		$subject = (!$subject && $action != 'post') ? $user->lang['NEW_MESSAGE'] : $subject;
-		$message = request_var('message', '', true);
+		$message = utf8_normalize_nfc(request_var('message', '', true));
 		utf8_normalize_nfc(array(&$subject, &$message));
 		if ($subject && $message)
 		{
@ -476,10 +474,8 @@ function compose_pm($id, $mode, $action)
 	if ($submit || $preview || $refresh)
 	{
-		$subject = request_var('subject', '', true);
+		$subject = utf8_normalize_nfc(request_var('subject', '', true));
-		$message_parser->message = request_var('message', '', true);
+		$message_parser->message = utf8_normalize_nfc(request_var('message', '', true));
 		utf8_normalize_nfc(array(&$subject, &$message_parser->message));
 		$icon_id			= request_var('icon', 0);
--- a/phpBB/includes/ucp/ucp_pm_options.php
+++ b/phpBB/includes/ucp/ucp_pm_options.php
@ -247,12 +247,10 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit
 		$rule_option	= request_var('rule_option', 0);
 		$cond_option	= request_var('cond_option', '');
 		$action_option	= explode('|', request_var('action_option', ''));
-		$rule_string	= ($cond_option != 'none') ? request_var('rule_string', '', true) : '';
+		$rule_string	= ($cond_option != 'none') ? utf8_normalize_nfc(request_var('rule_string', '', true)) : '';
 		$rule_user_id	= ($cond_option != 'none') ? request_var('rule_user_id', 0) : 0;
 		$rule_group_id	= ($cond_option != 'none') ? request_var('rule_group_id', 0) : 0;
 		utf8_normalize_nfc(&$rule_string);
 		$action = (int) $action_option[0];
 		$folder_id = (int) $action_option[1];
@ -640,9 +638,7 @@ function define_cond_option($hardcoded, $cond_option, $rule_option, $global_rule
 	switch ($condition)
 	{
 		case 'text':
-			$rule_string = request_var('rule_string', '', true);
+			$rule_string = utf8_normalize_nfc(request_var('rule_string', '', true));
 			utf8_normalize_nfc(&$rule_string);
 			$template->assign_vars(array(
 				'S_TEXT_CONDITION'	=> true,
@ -656,9 +652,7 @@ function define_cond_option($hardcoded, $cond_option, $rule_option, $global_rule
 		case 'user':
 			$rule_user_id = request_var('rule_user_id', 0);
-			$rule_string = request_var('rule_string', '', true);
+			$rule_string = utf8_normalize_nfc(request_var('rule_string', '', true));
 			utf8_normalize_nfc(&$rule_string);
 			if ($rule_string && !$rule_user_id)
 			{
@ -701,9 +695,7 @@ function define_cond_option($hardcoded, $cond_option, $rule_option, $global_rule
 		case 'group':
 			$rule_group_id = request_var('rule_group_id', 0);
-			$rule_string = request_var('rule_string', '', true);
+			$rule_string = utf8_normalize_nfc(request_var('rule_string', '', true));
 			utf8_normalize_nfc(&$rule_string);
 			$sql_and = ($auth->acl_gets('a_group', 'a_groupadd', 'a_groupdel')) ? '<> ' . GROUP_SPECIAL : 'NOT IN (' . GROUP_SPECIAL . ', ' . GROUP_HIDDEN . ')';
 			$sql = 'SELECT group_id, group_name, group_type
--- a/phpBB/includes/ucp/ucp_profile.php
+++ b/phpBB/includes/ucp/ucp_profile.php
@ -250,16 +250,14 @@ class ucp_profile
 					'yim'			=> request_var('yim', $user->data['user_yim']),
 					'jabber'		=> request_var('jabber', $user->data['user_jabber']),
 					'website'		=> request_var('website', $user->data['user_website']),
-					'location'		=> request_var('location', $user->data['user_from'], true),
+					'location'		=> utf8_normalize_nfc(request_var('location', $user->data['user_from'], true)),
-					'occupation'	=> request_var('occupation', $user->data['user_occ'], true),
+					'occupation'	=> utf8_normalize_nfc(request_var('occupation', $user->data['user_occ'], true)),
-					'interests'		=> request_var('interests', $user->data['user_interests'], true),
+					'interests'		=> utf8_normalize_nfc(request_var('interests', $user->data['user_interests'], true)),
 					'bday_day'		=> 0,
 					'bday_month'	=> 0,
 					'bday_year'		=> 0,
 				);
 				utf8_normalize_nfc(array(&$data['location'], &$data['occupation'], &$data['interests']));
 				if ($user->data['user_birthday'])
 				{
 					list($data['bday_day'], $data['bday_month'], $data['bday_year']) = explode('-', $user->data['user_birthday']);
@ -412,9 +410,7 @@ class ucp_profile
 				$enable_bbcode	= ($config['allow_sig_bbcode']) ? request_var('enable_bbcode', $user->optionget('bbcode')) : false;
 				$enable_smilies	= ($config['allow_sig_smilies']) ? request_var('enable_smilies', $user->optionget('smilies')) : false;
 				$enable_urls	= request_var('enable_urls', true);
-				$signature		= request_var('signature', (string) $user->data['user_sig'], true);
+				$signature		= utf8_normalize_nfc(request_var('signature', (string) $user->data['user_sig'], true));
 				utf8_normalize_nfc(&$signature);
 				if ($submit || $preview)
 				{
--- a/phpBB/includes/utf/utf_normalizer.php
+++ b/phpBB/includes/utf/utf_normalizer.php
@ -67,10 +67,10 @@ class utf_normalizer
 	* The ultimate convenience function! Clean up invalid UTF-8 sequences,
 	* and convert to Normal Form C, canonical composition.
 	*
-	* @param	string	$str	The dirty string
+	* @param	string	&$str	The dirty string
 	* @return	string			The same string, all shiny and cleaned-up
 	*/
-	function cleanup($str)
+	function cleanup(&$str)
 	{
 		// The string below is the list of all autorized characters, sorted by frequency in latin text
 		$pos = strspn($str, "\x20\x65\x69\x61\x73\x6E\x74\x72\x6F\x6C\x75\x64\x5D\x5B\x63\x6D\x70\x27\x0A\x67\x7C\x68\x76\x2E\x66\x62\x2C\x3A\x3D\x2D\x71\x31\x30\x43\x32\x2A\x79\x78\x29\x28\x4C\x39\x41\x53\x2F\x50\x22\x45\x6A\x4D\x49\x6B\x33\x3E\x35\x54\x3C\x44\x34\x7D\x42\x7B\x38\x46\x77\x52\x36\x37\x55\x47\x4E\x3B\x4A\x7A\x56\x23\x48\x4F\x57\x5F\x26\x21\x4B\x3F\x58\x51\x25\x59\x5C\x09\x5A\x2B\x7E\x5E\x24\x40\x60\x7F\x0D");
@ -79,7 +79,7 @@ class utf_normalizer
 		if ($pos == $len)
 		{
 			// ASCII strings with no special chars return immediately
-			return $str;
+			return;
 		}
 		// Note: we do not check for $GLOBALS['utf_canonical_decomp']. It is assumed they are always loaded together
@ -91,23 +91,22 @@ class utf_normalizer
 		// Replace any byte in the range 0x00..0x1F, except for \r, \n and \t
 		// We replace those characters with a 0xFF byte, which is illegal in UTF-8 and will in turn be replaced with a UTF replacement char
-		return utf_normalizer::recompose(
+		$str = strtr(
 			strtr(
 			$str,
 			"\x00\x01\x02\x03\x04\x05\x06\x07\x08\x0B\x0C\x0E\x0F\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1A\x1B\x1C\x1D\x1E\x1F",
 			"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF"
 			),
 			$pos, $len, $GLOBALS['utf_nfc_qc'], $GLOBALS['utf_canonical_decomp']
 		);
 		$str = utf_normalizer::recompose($str, $pos, $len, $GLOBALS['utf_nfc_qc'], $GLOBALS['utf_canonical_decomp']);
 	}
 	/**
 	* Validate and normalize a UTF string to NFC
 	*
-	* @param	string	$str	Unchecked UTF string
+	* @param	string	&$str	Unchecked UTF string
 	* @return	string			The string, validated and in normal form
 	*/
-	function nfc($str)
+	function nfc(&$str)
 	{
 		$pos = strspn($str, UTF8_ASCII_RANGE);
 		$len = strlen($str);
@ -115,7 +114,7 @@ class utf_normalizer
 		if ($pos == $len)
 		{
 			// ASCII strings return immediately
-			return $str;
+			return;
 		}
 		if (!isset($GLOBALS['utf_nfc_qc']))
@ -124,16 +123,16 @@ class utf_normalizer
 			include($phpbb_root_path . 'includes/utf/data/utf_nfc_qc.' . $phpEx);
 		}
-		return utf_normalizer::recompose($str, $pos, $len, $GLOBALS['utf_nfc_qc'], $GLOBALS['utf_canonical_decomp']);
+		$str = utf_normalizer::recompose($str, $pos, $len, $GLOBALS['utf_nfc_qc'], $GLOBALS['utf_canonical_decomp']);
 	}
 	/**
 	* Validate and normalize a UTF string to NFKC
 	*
-	* @param	string	$str	Unchecked UTF string
+	* @param	string	&$str	Unchecked UTF string
 	* @return	string			The string, validated and in normal form
 	*/
-	function nfkc($str)
+	function nfkc(&$str)
 	{
 		$pos = strspn($str, UTF8_ASCII_RANGE);
 		$len = strlen($str);
@ -141,7 +140,7 @@ class utf_normalizer
 		if ($pos == $len)
 		{
 			// ASCII strings return immediately
-			return $str;
+			return;
 		}
 		if (!isset($GLOBALS['utf_nfkc_qc']))
@ -156,16 +155,16 @@ class utf_normalizer
 			include($phpbb_root_path . 'includes/utf/data/utf_canonical_comp.' . $phpEx);
 		}
-		return utf_normalizer::recompose($str, $pos, $len, $GLOBALS['utf_nfkc_qc'], $GLOBALS['utf_compatibility_decomp']);
+		$str = utf_normalizer::recompose($str, $pos, $len, $GLOBALS['utf_nfkc_qc'], $GLOBALS['utf_compatibility_decomp']);
 	}
 	/**
 	* Validate and normalize a UTF string to NFD
 	*
-	* @param	string	$str	Unchecked UTF string
+	* @param	string	&$str	Unchecked UTF string
 	* @return	string			The string, validated and in normal form
 	*/
-	function nfd($str)
+	function nfd(&$str)
 	{
 		$pos = strspn($str, UTF8_ASCII_RANGE);
 		$len = strlen($str);
@ -173,7 +172,7 @@ class utf_normalizer
 		if ($pos == $len)
 		{
 			// ASCII strings return immediately
-			return $str;
+			return;
 		}
 		if (!isset($GLOBALS['utf_canonical_decomp']))
@ -182,16 +181,16 @@ class utf_normalizer
 			include($phpbb_root_path . 'includes/utf/data/utf_canonical_decomp.' . $phpEx);
 		}
-		return utf_normalizer::decompose($str, $pos, $len, $GLOBALS['utf_canonical_decomp']);
+		$str = utf_normalizer::decompose($str, $pos, $len, $GLOBALS['utf_canonical_decomp']);
 	}
 	/**
 	* Validate and normalize a UTF string to NFKD
 	*
-	* @param	string	$str	Unchecked UTF string
+	* @param	string	&$str	Unchecked UTF string
 	* @return	string			The string, validated and in normal form
 	*/
-	function nfkd($str)
+	function nfkd(&$str)
 	{
 		$pos = strspn($str, UTF8_ASCII_RANGE);
 		$len = strlen($str);
@ -199,7 +198,7 @@ class utf_normalizer
 		if ($pos == $len)
 		{
 			// ASCII strings return immediately
-			return $str;
+			return;
 		}
 		if (!isset($GLOBALS['utf_compatibility_decomp']))
@ -208,7 +207,7 @@ class utf_normalizer
 			include($phpbb_root_path . 'includes/utf/data/utf_compatibility_decomp.' . $phpEx);
 		}
-		return utf_normalizer::decompose($str, $pos, $len, $GLOBALS['utf_compatibility_decomp']);
+		$str = utf_normalizer::decompose($str, $pos, $len, $GLOBALS['utf_compatibility_decomp']);
 	}
@ -239,14 +238,7 @@ class utf_normalizer
 		$tmp = '';
 		$i = $tmp_pos = $last_cc = 0;
-		if ($pos)
+		$buffer = ($pos) ? array(++$i => $str[$pos - 1]) : array();
 		{
 			$buffer = array(++$i => $str[$pos - 1]);
 		}
 		else
 		{
 			$buffer = array();
 		}
 		// UTF char length array
 		// This array is used to determine the length of a UTF character.
@ -325,6 +317,9 @@ class utf_normalizer
 						{
 							// Current char isn't well-formed or legal: either one or several trailing bytes are missing, or the Unicode char
 							// has been encoded in a five- or six- byte sequence
 							/**
 							* @todo $trailing_bytes always == 5?
 							*/
 							if ($utf_char[0] >= "\xF8")
 							{
 								if ($utf_char[0] < "\xF8")
@ -421,6 +416,9 @@ class utf_normalizer
 								default:
 									// Five- and six- byte sequences do not need being checked for here anymore
 									/**
 									* @todo $trailing_bytes always == 5?
 									*/
 									if ($utf_char > UTF8_MAX)
 									{
 										// Out of the Unicode range
@ -1011,7 +1009,7 @@ class utf_normalizer
 								ksort($utf_sort);
 							}
-							foreach($utf_sort as $utf_chars)
+							foreach ($utf_sort as $utf_chars)
 							{
 								$tmp .= implode('', $utf_chars);
 							}
@ -1365,17 +1363,17 @@ class utf_normalizer
 						// LIndex can only range from 0 to 18, therefore it cannot influence the first two bytes of the L Jamo, which allows us to hardcode them (based on LBase).
 						//
 						// The same goes for VIndex, but for TIndex there's a catch: the value of the third byte could exceed 0xBF and we would have to increment the second byte
-						if ($tIndex = $idx % UNICODE_HANGUL_TCOUNT)
+						if ($t_index = $idx % UNICODE_HANGUL_TCOUNT)
 						{
-							if ($tIndex < 25)
+							if ($t_index < 25)
 							{
 								$utf_char = "\xE1\x84\x00\xE1\x85\x00\xE1\x86\x00";
-								$utf_char[8] = chr(0xA7 + $tIndex);
+								$utf_char[8] = chr(0xA7 + $t_index);
 							}
 							else
 							{
 								$utf_char = "\xE1\x84\x00\xE1\x85\x00\xE1\x87\x00";
-								$utf_char[8] = chr(0x67 + $tIndex);
+								$utf_char[8] = chr(0x67 + $t_index);
 							}
 						}
 						else
@ -1478,7 +1476,6 @@ class utf_normalizer
 			}
 			return $tmp;
 		}
 		else if ($tmp_pos)
 		{
--- a/phpBB/includes/utf/utf_tools.php
+++ b/phpBB/includes/utf/utf_tools.php
@ -933,30 +933,35 @@ function utf8_case_fold($text, $option = 'full')
 * A wrapper function for the normalizer which takes care of including the class if required and modifies the passed strings
 * to be in NFC (Normalization Form Composition).
 *
-* @param	mixed	$strings Either an array of references to strings, a reference to an array of strings or a reference to a single string
+* @param	mixed	$strings a string or an array of strings to normalize
 * @return	mixed	the normalized content, preserving array keys if array given.
 */
 function utf8_normalize_nfc($strings)
 {
-	if (!is_array($strings) || (sizeof($strings) > 0))
+	if (empty($strings))
 	{
 		return $strings;
 	}
 	if (!class_exists('utf_normalizer'))
 	{
 		global $phpbb_root_path, $phpEx;
 		include($phpbb_root_path . 'includes/utf/utf_normalizer.' . $phpEx);
 	}
-		if (is_array($strings))
+	if (!is_array($strings))
 	{
 		utf_normalizer::nfc($strings);
 	}
 	else if (is_array($strings))
 	{
 		foreach ($strings as $key => $string)
 		{
-				$strings[$key] = utf_normalizer::nfc($strings[$key]);
+			utf_normalizer::nfc($strings[$key]);
 			}
 		}
 		else
 		{
 			$strings = utf_normalizer::nfc($strings);
 		}
 	}
 	return $strings;
 }
 /**
@ -982,7 +987,7 @@ function utf8_clean_string($text)
 		include($phpbb_root_path . 'includes/utf/utf_normalizer.' . $phpEx);
 	}
-	$text = utf_normalizer::nfc($text);
+	utf_normalizer::nfc($text);
 	static $homographs = array(
 		// cyrllic
--- a/phpBB/install/database_update.php
+++ b/phpBB/install/database_update.php
@ -8,7 +8,7 @@
 *
 */
-$updates_to_version = '3.0.B2';
+$updates_to_version = '3.0.B4-dev';
 if (defined('IN_PHPBB') && defined('IN_INSTALL'))
 {
@ -284,23 +284,21 @@ $unsigned_types = array('UINT', 'UINT:', 'USINT', 'BOOL', 'TIMESTAMP');
 $database_update_info = array(
 	// Changes within this version
 	'3.0.b3'		=> array(
 /*
 		// Change the following columns...
 		'change_columns'	=> array(
-			{table}			=> array(
+			BBCODES_TABLE		=> array(
-				{column_name}			=> array('USINT', 0), -> column type
+				'bbcode_helpline'		=> array('VCHAR_UNI', ''),
 			),
 		),
-		// Add the following columns
+		/* Add the following columns
 		'add_columns'		=> array(
 			{table}			=> array(
 				{column_name}			=> array('USINT', 0), -> column type
 			),
-		),
+		),*/
 */
 	),
 	// Latest version
-	'3.0.0'			=> array(),
+	'3.0.b4-dev'			=> array(),
 );
 // Determine mapping database type
@ -459,7 +457,7 @@ switch ($current_version)
 	// No need to change here, before no break should appear
 	break;
-	case '3.0.0':
+	case '3.0.b4-dev':
 	default:
 		$no_updates = true;
 	break;
@ -483,13 +481,13 @@ flush();
 /* update the version
 $sql = "UPDATE " . CONFIG_TABLE . "
 	SET config_value = '$updates_to_version'
 	WHERE config_name = 'version'";
 _sql($sql, $errored, $error_ary);
 */
-// Optimize/vacuum analyze the tables where appropriate 
+/* Optimize/vacuum analyze the tables where appropriate 
 // this should be done for each version in future along with 
 // the version number update
 switch ($db->sql_layer)
@ -534,7 +532,7 @@ $cache->purge();
 	</div>
 	<div id="page-footer">
-		Powered by phpBB &copy; 2006 <a href="http://www.phpbb.com/">phpBB Group</a>
+		Powered by phpBB &copy; <?php echo date('Y'); ?> <a href="http://www.phpbb.com/">phpBB Group</a>
 	</div>
 </div>
@ -550,6 +548,11 @@ function _sql($sql, &$errored, &$error_ary, $echo_dot = true)
 {
 	global $db;
 	if (defined('DEBUG_EXTRA'))
 	{
 		echo "\n{$sql}\n";
 	}
 	$db->sql_return_on_error(true);
 	$result = $db->sql_query($sql);
@ -732,7 +735,7 @@ function prepare_column_data($dbms, $column_data)
 			$sql .= " {$column_type} ";
 			// For hexadecimal values do not use single quotes
-			if (!is_null($column_data[1]))
+			if (!is_null($column_data[1]) && substr($column_type, -4) !== 'text')
 			{
 				$sql .= (strpos($column_data[1], '0x') === 0) ? "DEFAULT {$column_data[1]} " : "DEFAULT '{$column_data[1]}' ";
 			}
--- a/phpBB/install/install_install.php
+++ b/phpBB/install/install_install.php
@ -1471,12 +1471,13 @@ class install_install extends module
 			if (is_dir($path) && !is_link($path) && file_exists($path . '/iso.txt'))
 			{
 				$lang_pack = file("{$phpbb_root_path}language/$path/iso.txt");
 				$sql_ary = array(
 					'lang_iso'			=> basename($path),
 					'lang_dir'			=> basename($path),
 					'lang_english_name'	=> trim(htmlspecialchars($lang_pack[0])),
-					'lang_local_name'	=> trim(htmlspecialchars($lang_pack[1])),
+					'lang_local_name'	=> trim(htmlspecialchars($lang_pack[1], ENT_COMPAT, 'UTF-8')),
-					'lang_author'		=> trim(htmlspecialchars($lang_pack[2])),
+					'lang_author'		=> trim(htmlspecialchars($lang_pack[2], ENT_COMPAT, 'UTF-8')),
 				);
 				$db->sql_query('INSERT INTO ' . LANG_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary));
--- a/phpBB/install/schemas/firebird_schema.sql
+++ b/phpBB/install/schemas/firebird_schema.sql
@ -161,7 +161,7 @@ END;;
 CREATE TABLE phpbb_bbcodes (
 	bbcode_id INTEGER DEFAULT 0 NOT NULL,
 	bbcode_tag VARCHAR(16) CHARACTER SET NONE DEFAULT '' NOT NULL,
-	bbcode_helpline VARCHAR(255) CHARACTER SET NONE DEFAULT '' NOT NULL,
+	bbcode_helpline VARCHAR(255) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE,
 	display_on_posting INTEGER DEFAULT 0 NOT NULL,
 	bbcode_match BLOB SUB_TYPE TEXT CHARACTER SET UTF8 DEFAULT '' NOT NULL,
 	bbcode_tpl BLOB SUB_TYPE TEXT CHARACTER SET UTF8 DEFAULT '' NOT NULL,
--- a/phpBB/install/schemas/mysql_40_schema.sql
+++ b/phpBB/install/schemas/mysql_40_schema.sql
@ -111,7 +111,7 @@ CREATE TABLE phpbb_banlist (
 CREATE TABLE phpbb_bbcodes (
 	bbcode_id tinyint(3) DEFAULT '0' NOT NULL,
 	bbcode_tag varchar(16) DEFAULT '' NOT NULL,
-	bbcode_helpline varchar(255) DEFAULT '' NOT NULL,
+	bbcode_helpline text NOT NULL,
 	display_on_posting tinyint(1) UNSIGNED DEFAULT '0' NOT NULL,
 	bbcode_match text NOT NULL,
 	bbcode_tpl mediumtext NOT NULL,
--- a/phpBB/install/schemas/oracle_schema.sql
+++ b/phpBB/install/schemas/oracle_schema.sql
@ -252,7 +252,7 @@ END;
 CREATE TABLE phpbb_bbcodes (
 	bbcode_id number(3) DEFAULT '0' NOT NULL,
 	bbcode_tag varchar2(16) DEFAULT '' ,
-	bbcode_helpline varchar2(255) DEFAULT '' ,
+	bbcode_helpline varchar2(765) DEFAULT '' ,
 	display_on_posting number(1) DEFAULT '0' NOT NULL,
 	bbcode_match clob DEFAULT '' ,
 	bbcode_tpl clob DEFAULT '' ,
--- a/phpBB/language/en/acp/forums.php
+++ b/phpBB/language/en/acp/forums.php
@ -67,7 +67,7 @@ $lang = array_merge($lang, array(
 	'FORUM_CREATED'						=> 'Forum created successfully.',
 	'FORUM_DATA_NEGATIVE'				=> 'Pruning parameters cannot be negative.',
 	'FORUM_DELETE'						=> 'Delete forum',
-	'FORUM_DELETE_EXPLAIN'				=> 'The form below will allow you to delete a forum and decide where you want to put all topics (or forums) it contained.',
+	'FORUM_DELETE_EXPLAIN'				=> 'The form below will allow you to delete a forum. If the forum is postable you are able to decide where you want to put all topics (or forums) it contained.',
 	'FORUM_DELETED'						=> 'Forum successfully deleted.',
 	'FORUM_DESC'						=> 'Description',
 	'FORUM_DESC_EXPLAIN'				=> 'Any markup entered here will displayed as is.',
--- a/phpBB/language/en/acp/posting.php
+++ b/phpBB/language/en/acp/posting.php
@ -95,7 +95,7 @@ $lang = array_merge($lang, array(
 	'EXPORT_ICONS'				=> 'Export and download icons.pak',
 	'EXPORT_ICONS_EXPLAIN'		=> '%sOn clicking this link, the configuration for your installed icons will be packaged into <samp>icons.pak</samp> which once downloaded can be used to create a <samp>.zip</samp> or <samp>.tgz</samp> file containing all of your icons plus this <samp>icons.pak</samp> configuration file%s.',
 	'EXPORT_SMILIES'			=> 'Export and download smilies.pak',
-	'EXPORT_SMILIES_EXPLAIN'	=> '%sOn clicking this link, the configuration for your installed smilies will be packaged into <samp>smilies.pak</samp> which once downloaded can be used to create a <samp>.zip</samp> or <samp>.tgz</samp> file containing all of your smilies plus this <samp>icons.pak</samp> configuration file%s.',
+	'EXPORT_SMILIES_EXPLAIN'	=> '%sOn clicking this link, the configuration for your installed smilies will be packaged into <samp>smilies.pak</samp> which once downloaded can be used to create a <samp>.zip</samp> or <samp>.tgz</samp> file containing all of your smilies plus this <samp>smilies.pak</samp> configuration file%s.',
 	'FIRST'			=> 'First',
--- a/phpBB/language/en/install.php
+++ b/phpBB/language/en/install.php
@ -157,8 +157,7 @@ $lang = array_merge($lang, array(
 	'INST_ERR_DB_CONNECT'		=> 'Could not connect to the database, see error message below',
 	'INST_ERR_DB_FORUM_PATH'	=> 'The database file specified is within your forum directory tree. You should put this file in a non web-accessible location',
 	'INST_ERR_DB_NO_ERROR'		=> 'No error message given',
-	'INST_ERR_DB_NO_MYSQL4'		=> 'The version of MySQL installed on this machine is incompatible with the “MySQL 4.x/5.x” option you have selected. Please try the “MySQL 3.23.x/4.x” option instead.',
+	'INST_ERR_DB_NO_MYSQLI'		=> 'The version of MySQL installed on this machine is incompatible with the “MySQL with MySQLi Extension” option you have selected. Please try the “MySQL” option instead.',
 	'INST_ERR_DB_NO_MYSQLI'		=> 'The version of MySQL installed on this machine is incompatible with the “MySQL 4.1.x/5.x with MySQLi Extension” option you have selected. Please try the “MySQL 3.23.x/4.x” option instead.',
 	'INST_ERR_DB_NO_SQLITE'		=> 'The version of the SQLite extension you have installed is too old, it must be upgraded to at least 2.8.2.',
 	'INST_ERR_DB_NO_ORACLE'		=> 'The version of Oracle installed on this machine requires you to set the <var>NLS_CHARACTERSET</var> parameter to <var>UTF8</var>. Either upgrade your installation to 9.2+ or change the parameter.',
 	'INST_ERR_DB_NO_FIREBIRD'	=> 'The version of Firebird installed on this machine is older than 2.0, please upgrade to a newer version.',
--- a/phpBB/posting.php
+++ b/phpBB/posting.php
@ -445,11 +445,9 @@ $quote_status	= ($auth->acl_get('f_reply', $forum_id)) ? true : false;
 // Save Draft
 if ($save && $user->data['is_registered'] && $auth->acl_get('u_savedrafts'))
 {
-	$subject = request_var('subject', '', true);
+	$subject = utf8_normalize_nfc(request_var('subject', '', true));
 	$subject = (!$subject && $mode != 'post') ? $post_data['topic_title'] : $subject;
-	$message = request_var('message', '', true);
+	$message = utf8_normalize_nfc(request_var('message', '', true));
 	utf8_normalize_nfc(array(&$subject, &$message));
 	if ($subject && $message)
 	{
@ -529,13 +527,11 @@ $solved_captcha = false;
 if ($submit || $preview || $refresh)
 {
 	$post_data['topic_cur_post_id']	= request_var('topic_cur_post_id', 0);
-	$post_data['post_subject'] = request_var('subject', '', true);
+	$post_data['post_subject']		= utf8_normalize_nfc(request_var('subject', '', true));
-	$message_parser->message = request_var('message', '', true);
+	$message_parser->message		= utf8_normalize_nfc(request_var('message', '', true));
-	$post_data['username']			= request_var('username', $post_data['username'], true);
+	$post_data['username']			= utf8_normalize_nfc(request_var('username', $post_data['username'], true));
-	$post_data['post_edit_reason']	= (!empty($_POST['edit_reason']) && $mode == 'edit' && $auth->acl_get('m_edit', $forum_id)) ? request_var('edit_reason', '', true) : '';
+	$post_data['post_edit_reason']	= (!empty($_POST['edit_reason']) && $mode == 'edit' && $auth->acl_get('m_edit', $forum_id)) ? utf8_normalize_nfc(request_var('edit_reason', '', true)) : '';
 	utf8_normalize_nfc(array(&$post_data['post_subject'], &$message_parser->message, &$post_data['username'], &$post_data['post_edit_reason']));
 	$post_data['topic_type']		= request_var('topic_type', (($mode != 'post') ? (int) $post_data['topic_type'] : POST_NORMAL));
 	$post_data['topic_time_limit']	= request_var('topic_time_limit', (($mode != 'post') ? (int) $post_data['topic_time_limit'] : 0));
@ -603,13 +599,11 @@ if ($submit || $preview || $refresh)
 	}
 	else
 	{
-		$post_data['poll_title']		= request_var('poll_title', '', true);
+		$post_data['poll_title']		= utf8_normalize_nfc(request_var('poll_title', '', true));
 		$post_data['poll_length']		= request_var('poll_length', 0);
-		$post_data['poll_option_text']	= request_var('poll_option_text', '', true);
+		$post_data['poll_option_text']	= utf8_normalize_nfc(request_var('poll_option_text', '', true));
 		$post_data['poll_max_options']	= request_var('poll_max_options', 1);
 		$post_data['poll_vote_change']	= ($auth->acl_get('f_votechg', $forum_id) && isset($_POST['poll_vote_change'])) ? 1 : 0;
 		utf8_normalize_nfc(array(&$post_data['poll_title'], &$post_data['poll_option_text']));
 	}
 	// If replying/quoting and last post id has changed
--- a/phpBB/report.php
+++ b/phpBB/report.php
@ -25,9 +25,7 @@ $user->setup('mcp');
 $forum_id		= request_var('f', 0);
 $post_id		= request_var('p', 0);
 $reason_id		= request_var('reason_id', 0);
-$report_text	= request_var('report_text', '', true);
+$report_text	= utf8_normalize_nfc(request_var('report_text', '', true));
 utf8_normalize_nfc(&$report_text);
 $user_notify = (isset($_POST['notify']) && $user->data['is_registered']) ? true : false;
 $submit = (isset($_POST['submit'])) ? true : false;
--- a/phpBB/styles/subSilver/template/overall_footer.html
+++ b/phpBB/styles/subSilver/template/overall_footer.html
@ -15,7 +15,7 @@
 <div id="wrapfooter">
 	<!-- IF U_ACP --><span class="gensmall">[ <a href="{U_ACP}">{L_ACP}</a> ]</span><br /><br /><!-- ENDIF -->
 	<span class="copyright">Powered by <a href="http://www.phpbb.com/" target="_blank">phpBB</a> &copy; 2002, 2006 phpBB Group
-	<!-- IF L_TRANSLATION_INFO --><br />{L_TRANSLATION_INFO}<!-- ENDIF -->
+	<!-- IF TRANSLATION_INFO --><br />{TRANSLATION_INFO}<!-- ENDIF -->
 	<!-- IF DEBUG_OUTPUT --><br />[ {DEBUG_OUTPUT} ]<!-- ENDIF --></span>
 </div>
--- a/phpBB/viewforum.php
+++ b/phpBB/viewforum.php
@ -173,7 +173,7 @@ if ($forum_data['forum_topics_per_page'])
 // Do the forum Prune thang - cron type job ...
 if ($forum_data['prune_next'] < time() && $forum_data['enable_prune'])
 {
-	$template->assign_var('RUN_CRON_TASK', '<img src="' . $phpbb_root_path . 'cron.' . $phpEx . '?cron_type=prune_forum&amp;f=' . $forum_id . '" width="1" height="1" />');
+	$template->assign_var('RUN_CRON_TASK', '<img src="' . append_sid($phpbb_root_path . 'cron.' . $phpEx, 'cron_type=prune_forum&amp;f=' . $forum_id) . '" alt="cron" width="1" height="1" />');
 }
 // Forum rules and subscription info