diff --git a/phpBB/adm/admin_attachments.php b/phpBB/adm/admin_attachments.php
index bdf8849ade..bc0f5593d8 100644
--- a/phpBB/adm/admin_attachments.php
+++ b/phpBB/adm/admin_attachments.php
@@ -50,8 +50,7 @@ foreach ($config_sizes as $cfg_key => $var)
 $submit = (isset($_POST['submit'])) ? TRUE : FALSE;
 $search_imagick = (isset($_POST['search_imagick'])) ? TRUE : FALSE;
 
-$error = $notify = false;
-$error_msg = $notify_msg = '';
+$error = $notify = array();
 
 // Pull all config data
 $sql = 'SELECT *
@@ -75,14 +74,7 @@ while ($row = $db->sql_fetchrow($result))
 
 		if (!$submit && $config_name == $cfg_key)
 		{
-			if ($new[$config_name] >= 1048576)
-			{
-				$new[$config_name] = round($new[$config_name] / 1048576 * 100) / 100;
-			}
-			else if($new[$config_name] >= 1024)
-			{
-				$new[$config_name] = round($new[$config_name] / 1024 * 100) / 100;
-			}
+			$new[$config_name] = ($new[$config_name] >= 1048576) ? round($new[$config_name] / 1048576 * 100) / 100 : (($new[$config_name] >= 1024) ? round($new[$config_name] / 1024 * 100) / 100 : $new[$config_name]);
 		}
 
 		if ($submit && $mode == 'manage' && $config_name == $cfg_key)
@@ -122,19 +114,11 @@ while ($row = $db->sql_fetchrow($result))
 if ($submit && ($mode == 'manage' || $mode == 'cats'))
 {
 	add_log('admin', 'LOG_ATTACH_CONFIG');
-	$notify = TRUE;
-	$notify_msg = $user->lang['ATTACH_CONFIG_UPDATED'];
+	$notify[] = $user->lang['ATTACH_CONFIG_UPDATED'];
 }
 
-// Adjust the Upload Directory
-if (!$new['use_ftp_upload'])
-{
-	$upload_dir = ($new['upload_dir'][0] == '/' || ($new['upload_dir'][0] != '/' && $new['upload_dir'][1] == ':')) ? $new['upload_dir'] : $phpbb_root_path . $new['upload_dir'];
-}
-else
-{
-	$upload_dir = $new['download_path'];
-}
+// Adjust the Upload Directory - relative or absolute, this is the question here.
+$upload_dir = ($new['upload_dir'][0] == '/' || ($new['upload_dir'][0] != '/' && $new['upload_dir'][1] == ':')) ? $new['upload_dir'] : $phpbb_root_path . $new['upload_dir'];
 
 switch ($mode)
 {
@@ -189,21 +173,20 @@ if ($search_imagick)
 // Check Settings
 if ($submit && $mode == 'manage')
 {
-	test_upload($error, $error_msg, $upload_dir, $new['ftp_path'], $new['use_ftp_upload'], false);
+	test_upload($error, $upload_dir, false);
 }
 
-
 if ($submit && $mode == 'cats')
 {
-	test_upload($error, $error_msg, $upload_dir, $new['ftp_path'] . '/thumbs', $new['use_ftp_upload'], true);
+	test_upload($error, $upload_dir . '/thumbs', true);
 }
 
 if ($submit && $mode == 'extensions')
 {
 	// Change Extensions ?
-	$extension_change_list	= (isset($_POST['extension_change_list'])) ? $_POST['extension_change_list'] : array();
-	$extension_explain_list	= (isset($_POST['extension_explain_list'])) ? $_POST['extension_explain_list'] : array();
-	$group_select_list		= (isset($_POST['group_select'])) ? $_POST['group_select'] : array();
+	$extension_change_list	= (isset($_POST['extension_change_list'])) ? array_map('intval', $_POST['extension_change_list']) : array();
+	$extension_explain_list	= (isset($_POST['extension_explain_list'])) ? array_map('trim', $_POST['extension_explain_list']) : array();
+	$group_select_list		= (isset($_POST['group_select'])) ? array_map('intval', $_POST['group_select']) : array();
 
 	// Generate correct Change List
 	$extensions = array();
@@ -211,7 +194,7 @@ if ($submit && $mode == 'extensions')
 	for ($i = 0; $i < count($extension_change_list); $i++)
 	{
 		$extensions[$extension_change_list[$i]]['comment'] = stripslashes(htmlspecialchars($extension_explain_list[$i]));
-		$extensions[$extension_change_list[$i]]['group_id'] = intval($group_select_list[$i]);
+		$extensions[$extension_change_list[$i]]['group_id'] = $group_select_list[$i];
 	}
 
 	$sql = 'SELECT *
@@ -221,7 +204,7 @@ if ($submit && $mode == 'extensions')
 
 	while ($row = $db->sql_fetchrow($result))
 	{
-		if ($row['comment'] != $extensions[$row['extension_id']]['comment'] || intval($row['group_id']) != intval($extensions[$row['extension_id']]['group_id']))
+		if ($row['comment'] != $extensions[$row['extension_id']]['comment'] || $row['group_id'] != $extensions[$row['extension_id']]['group_id'])
 		{
 			$sql = "UPDATE " . EXTENSIONS_TABLE . " 
 				SET comment = '" . $extensions[$row['extension_id']]['comment'] . "', group_id = " . $extensions[$row['extension_id']]['group_id'] . "
@@ -233,29 +216,28 @@ if ($submit && $mode == 'extensions')
 	$db->sql_freeresult($result);
 
 	// Delete Extension ?
-	$extension_id_list = (isset($_POST['extension_id_list'])) ? $_POST['extension_id_list'] : array();
-	$extension_id_sql = implode(', ', $extension_id_list);
+	$extension_id_list = (isset($_POST['extension_id_list'])) ? array_map('intval', $_POST['extension_id_list']) : array();
 
-	if ($extension_id_sql != '')
+	if (count($extension_id_list))
 	{
-		$sql = 'DELETE 
-			FROM ' . EXTENSIONS_TABLE . "
-			WHERE extension_id IN ($extension_id_sql)";
+		$sql = "DELETE 
+			FROM " . EXTENSIONS_TABLE . "
+			WHERE extension_id IN (" . implode(', ', $extension_id_list) . ")";
 		$db->sql_query($sql);
 
-		$sql = 'SELECT extension 
-			FROM ' . EXTENSIONS_TABLE . "
-			WHERE extension_id IN ($extension_id_sql)";
+		$sql = "SELECT extension 
+			FROM " . EXTENSIONS_TABLE . "
+			WHERE extension_id IN (" . implode(', ', $extension_id_list) . ")";
 		$result = $db->sql_query($sql);
 		
-		$extension_list = array();
+		$extension_list = '';
 		while ($row = $db->sql_fetchrow($result))
 		{
-			$extension_list[] = $row['extension'];
+			$extension_list .= ($extension_list == '') ? $row['extension'] : ', ' . $row['extension'];
 		}
 		$db->sql_freeresult($result);
 
-		add_log('admin', 'LOG_ATTACH_EXT_DEL', implode(', ', $extension_list));
+		add_log('admin', 'LOG_ATTACH_EXT_DEL', $extension_list);
 	}
 		
 	// Add Extension ?
@@ -266,73 +248,50 @@ if ($submit && $mode == 'extensions')
 
 	if ($add_extension != '' && $add)
 	{
-		if (!$error)
+		if (!count($error))
 		{
-			// check extension
-			$sql = 'SELECT extension 
-				FROM ' . EXTENSIONS_TABLE;
-			$result = $db->sql_query($sql);
-			
-			while ($row = $db->sql_fetchrow($result))
-			{
-				if ($row['extension'] == $add_extension)
-				{
-					$error = TRUE;
-					if( isset($error_msg) )
-					{
-						$error_msg .= '<br />';
-					}
-					$error_msg .= sprintf($user->lang['EXTENSION_EXIST'], $add_extension);
-				}
-			}
-			$db->sql_freeresult($result);
+			$extension_check = array(EXTENSIONS_TABLE => 'EXTENSION_EXIST', FORBIDDEN_EXTENSIONS_TABLE => 'CANNOT_ADD_FORBIDDEN_EXTENSION');
 
-			// Extension Forbidden ?
-			if (!$error)
+			foreach ($extension_check as $table => $error_msg)
 			{
-				$sql = 'SELECT extension 
-					FROM ' . FORBIDDEN_EXTENSIONS_TABLE;
+				$sql = "SELECT extension 
+					FROM $table";
 				$result = $db->sql_query($sql);
 			
 				while ($row = $db->sql_fetchrow($result))
 				{
 					if ($row['extension'] == $add_extension)
 					{
-						$error = TRUE;
-						if( isset($error_msg) )
-						{
-							$error_msg .= '<br />';
-						}
-						$error_msg .= sprintf($user->lang['CANNOT_ADD_FORBIDDEN_EXTENSION'], $add_extension);
+						$error[] = sprintf($user->lang[$error_msg], $add_extension);
 					}
 				}
+				$db->sql_freeresult($result);
 			}
 
-			if (!$error)
+			if (!count($error))
 			{
 				$sql = 'INSERT INTO ' . EXTENSIONS_TABLE . " (group_id, extension, comment) 
-					VALUES ($add_extension_group, '" . $add_extension . "', '" . trim($add_extension_explain) . "')";
-				$db->sql_query($sql);	
+					VALUES ($add_extension_group, '" . $add_extension . "', '" . $add_extension_explain . "')";
+				$db->sql_query($sql);
 				add_log('admin', 'LOG_ATTACH_EXT_ADD', $add_extension);
 			}
 		}
 	}
 
-	if (!$error)
+	if (!count($error))
 	{
-		$notify = true;
-		$notify_msg = $user->lang['EXTENSIONS_UPDATED'];
+		$notify[] = $user->lang['EXTENSIONS_UPDATED'];
 	}
 }
 
 if ($submit && $mode == 'ext_groups')
 {
 	// Change Extension Groups ?
-	$group_change_list		= (isset($_POST['group_change_list'])) ? $_POST['group_change_list'] : array();
+	$group_change_list		= (isset($_POST['group_change_list'])) ? array_map('intval', $_POST['group_change_list']) : array();
 	$extension_group_list	= (isset($_POST['extension_group_list'])) ? $_POST['extension_group_list'] : array();
-	$group_allowed_list		= (isset($_POST['allowed_list'])) ? $_POST['allowed_list'] : array();
+	$group_allowed_list		= (isset($_POST['allowed_list'])) ? array_map('intval', $_POST['allowed_list']) : array();
 	$download_mode_list		= (isset($_POST['download_mode_list'])) ? $_POST['download_mode_list'] : array();
-	$category_list			= (isset($_POST['category_list'])) ? $_POST['category_list'] : array();
+	$category_list			= (isset($_POST['category_list'])) ? array_map('intval', $_POST['category_list']) : array();
 	$upload_icon_list		= (isset($_POST['upload_icon_list'])) ? $_POST['upload_icon_list'] : array();
 	$filesize_list			= (isset($_POST['max_filesize_list'])) ? $_POST['max_filesize_list'] : array();
 	$size_select_list		= (isset($_POST['size_select_list'])) ? $_POST['size_select_list'] : array();
@@ -357,7 +316,7 @@ if ($submit && $mode == 'ext_groups')
 		$filesize_list[$i] = ($size_select_list[$i] == 'kb') ? round($filesize_list[$i] * 1024) : (($size_select_list[$i] == 'mb') ? round($filesize_list[$i] * 1048576) : $filesize_list[$i]);
 
 		$group_sql = array(
-			'group_name'	=> $extension_group_list[$i],
+			'group_name'	=> trim(htmlspecialchars($extension_group_list[$i])),
 			'cat_id'		=> $category_list[$i],
 			'allow_group'	=> $allowed,
 			'download_mode'	=> $download_mode_list[$i],
@@ -365,14 +324,14 @@ if ($submit && $mode == 'ext_groups')
 			'max_filesize'	=> $filesize_list[$i]
 		);
 		
-		$sql = 'UPDATE ' . EXTENSION_GROUPS_TABLE . " 
+		$sql = "UPDATE " . EXTENSION_GROUPS_TABLE . " 
 			SET " . $db->sql_build_array('UPDATE', $group_sql) . " 
 			WHERE group_id = " . $group_change_list[$i];
 		$db->sql_query($sql);
 	}
 	
 	// Delete Extension Groups
-	$group_id_list = (isset($_POST['group_id_list'])) ?  $_POST['group_id_list'] : array();
+	$group_id_list = (isset($_POST['group_id_list'])) ? array_map('intval', $_POST['group_id_list']) : array();
 
 	if (count($group_id_list))
 	{
@@ -418,23 +377,18 @@ if ($submit && $mode == 'ext_groups')
 		// check Extension Group
 		$sql = 'SELECT group_name 
 			FROM ' . EXTENSION_GROUPS_TABLE;
-		$result = $db->sql_query($sql);
+		$result = $db->sql_query_limit($sql, 1);
 			
-		while ($row = $db->sql_fetchrow($result))
+		if ($row = $db->sql_fetchrow($result))
 		{
 			if ($row['group_name'] == $extension_group)
 			{
-				$error = TRUE;
-				if (isset($error_msg))
-				{
-					$error_msg .= '<br />';
-				}
-				$error_msg .= sprintf($user->lang['EXTENSION_GROUP_EXIST'], $extension_group);
+				$error[] = sprintf($user->lang['EXTENSION_GROUP_EXIST'], $extension_group);
 			}
 		}
 		$db->sql_freeresult($result);
 		
-		if (!$error)
+		if (!count($error))
 		{
 			$filesize = ($size_select == 'kb') ? round($filesize * 1024) : (($size_select == 'mb') ? round($filesize * 1048576) : $filesize);
 		
@@ -477,10 +431,9 @@ if ($submit && $mode == 'ext_groups')
 	$cache->destroy('extensions');
 	$cache->put('extensions', $extensions);
 
-	if (!$error)
+	if (!count($error))
 	{
-		$notify = true;
-		$notify_msg = $user->lang['EXTENSION_GROUPS_UPDATED'];
+		$notify[] = $user->lang['EXTENSION_GROUPS_UPDATED'];
 	}
 }
 
@@ -491,23 +444,24 @@ if ($submit && $mode == 'ext_groups')
 <p><?php echo $user->lang[$l_title . '_EXPLAIN']; ?></p>
 
 <?php 
-if ($error)
+if (count($error))
 {
 ?>
 
 <h2 style="color:red"><?php echo $user->lang['WARNING']; ?></h2>
 
-<p><?php echo $error_msg; ?></p>
+<p><?php echo implode('<br />', $error); ?></p>
 
 <?php
 }
-else if ($notify)
+
+if (count($notify))
 {
 ?>
 
 <h2 style="color:green"><?php echo $user->lang['NOTIFY']; ?></h2>
 
-<p><?php echo $notify_msg; ?></p>
+<p><?php echo implode('<br />', $notify); ?></p>
 
 <?php
 }
@@ -551,7 +505,7 @@ $select_pm_size_mode = size_select('pm_size', $pm_size);
 if ($mode == 'manage')
 {
 
-	$yes_no_switches = array('disable_mod', 'allow_pm_attach', 'use_ftp_upload', 'display_order', 'ftp_pasv_mode');
+	$yes_no_switches = array('disable_mod', 'allow_pm_attach', 'display_order');
 
 	for ($i = 0; $i < count($yes_no_switches); $i++)
 	{
@@ -613,59 +567,6 @@ if ($mode == 'manage')
 		<td class="row1" width="50%"><?php echo $user->lang['PM_ATTACH']; ?>:<br /><span class="gensmall"><?php echo $user->lang['PM_ATTACH_EXPLAIN']; ?></span></td>
 		<td class="row2"><input type="radio" name="allow_pm_attach" value="1" <?php echo $allow_pm_attach_yes; ?> /> <?php echo $user->lang['YES']; ?>&nbsp;&nbsp;<input type="radio" name="allow_pm_attach" value="0" <?php echo $allow_pm_attach_no; ?> /> <?php echo $user->lang['NO']; ?></td>
 	</tr>
-<?php
-	if (!function_exists('ftp_connect'))
-	{
-?>
-
-	<input type="hidden" name="use_ftp_upload" value="0" />
-	<tr>
-		<td class="spacer" colspan="2" height="1"><img src="../images/spacer.gif" alt="" width="1" height="1" /></td>
-	</tr>
-	<tr>
-	  <td class="row1" colspan="2" align="center"><span class="gen"><?php echo $user->lang['NO_FTP_EXTENSIONS_INSTALLED']; ?></span></td>
-	</tr>
-
-<?php
-	}
-	else
-	{
-?>
-
-	<tr>
-		<td class="row1" width="50%"><?php echo $user->lang['FTP_UPLOAD']; ?>:<br /><span class="gensmall"><?php echo $user->lang['FTP_UPLOAD_EXPLAIN']; ?></span></td>
-		<td class="row2"><input type="radio" name="use_ftp_upload" value="1" <?php echo $use_ftp_upload_yes; ?> /> <?php echo $user->lang['YES']; ?>&nbsp;&nbsp;<input type="radio" name="use_ftp_upload" value="0" <?php echo $use_ftp_upload_no; ?> /> <?php echo $user->lang['NO']; ?></td>
-	</tr>
-	<tr>
-		<td class="spacer" colspan="2" height="1"><img src="../images/spacer.gif" alt="" width="1" height="1" /></td>
-	</tr>
-	<tr>
-		<td class="row1" width="50%"><?php echo $user->lang['FTP_SERVER']; ?>:<br /><span class="gensmall"><?php echo $user->lang['FTP_SERVER_EXPLAIN']; ?></span></td>
-		<td class="row2"><input type="text" size="20" maxlength="100" name="ftp_server" class="post" value="<?php echo $new['ftp_server']; ?>" /></td>
-	</tr>
-	<tr>
-		<td class="row1" width="50%"><?php echo $user->lang['ATTACH_FTP_PATH']; ?>:<br /><span class="gensmall"><?php echo $user->lang['ATTACH_FTP_PATH_EXPLAIN']; ?></span></td>
-		<td class="row2"><input type="text" size="20" maxlength="100" name="ftp_path" class="post" value="<?php echo $new['ftp_path']; ?>" /></td>
-	</tr>
-	<tr>
-		<td class="row1" width="50%"><?php echo $user->lang['FTP_DOWNLOAD_PATH']; ?>:<br /><span class="gensmall"><?php echo $user->lang['FTP_DOWNLOAD_PATH_EXPLAIN']; ?></span></td>
-		<td class="row2"><input type="text" size="20" maxlength="100" name="download_path" class="post" value="<?php echo $new['download_path']; ?>" /></td>
-	</tr>
-	<tr>
-		<td class="row1" width="50%"><?php echo $user->lang['FTP_PASSIVE_MODE']; ?>:<br /><span class="gensmall"><?php echo $user->lang['FTP_PASSIVE_MODE_EXPLAIN']; ?></span></td>
-		<td class="row2"><input type="radio" name="ftp_pasv_mode" value="1" <?php echo $ftp_pasv_mode_yes; ?> /> <?php echo $user->lang['YES']; ?>&nbsp;&nbsp;<input type="radio" name="ftp_pasv_mode" value="0" <?php echo $ftp_pasv_mode_no; ?> /> <?php echo $user->lang['NO']; ?></td>
-	</tr>
-	<tr>
-		<td class="row1" width="50%"><?php echo $user->lang['FTP_USER']; ?>:</td>
-		<td class="row2"><input type="text" size="20" maxlength="100" name="ftp_user" class="post" value="<?php echo $new['ftp_user']; ?>" /></td>
-	</tr>
-	<tr>
-		<td class="row1" width="50%"><?php echo $user->lang['FTP_PASS']; ?>:</td>
-		<td class="row2"><input type="password" size="10" maxlength="20" name="ftp_pass" class="post" value="<?php echo $new['ftp_path']; ?>" /></td>
-	</tr>
-<?php
-	}
-?>
 	<tr>
 		<td class="cat" colspan="2" align="center"><input type="submit" name="submit" value="<?php echo $user->lang['SUBMIT']; ?>" class="mainoption" />&nbsp;&nbsp;<input type="reset" value="<?php echo $user->lang['RESET']; ?>" class="liteoption" /></td>
 	</tr>
@@ -712,7 +613,7 @@ if ($mode == 'cats')
 <?php
 	
 	// Check Thumbnail Support
-	if ($new['img_imagick'] == '' && count(get_supported_image_types()) == 0)
+	if ($new['img_imagick'] == '' && !count(get_supported_image_types()))
 	{
 		$new['img_create_thumbnail'] = '0';
 	}
@@ -773,14 +674,7 @@ if ($mode == 'ext_groups')
 		$size = ($max_add_filesize >= 1048576) ? 'mb' : (($max_add_filesize >= 1024) ? 'kb' : 'b');
 	}
 
-	if ($max_add_filesize >= 1048576)
-	{
-		$max_add_filesize = round($max_add_filesize / 1048576 * 100) / 100;
-	}
-	else if ( $max_add_filesize >= 1024)
-	{
-		$max_add_filesize = round($max_add_filesize / 1024 * 100) / 100;
-	}
+	$max_add_filesize = ($max_add_filesize >= 1048576) ? round($max_add_filesize / 1048576 * 100) / 100 : (($max_add_filesize >= 1024) ? round($max_add_filesize / 1024 * 100) / 100 : $max_add_filesize);
 
 	$viewgroup = (!empty($_REQUEST['g'])) ? $_REQUEST['g'] : -1;
 ?>
@@ -873,20 +767,13 @@ if ($mode == 'ext_groups')
 			$row['max_filesize'] = intval($config['max_filesize']);
 		}
 
-		$size_format = ($row['max_filesize'] >= 1048576) ? 'mb' : ( ($row['max_filesize'] >= 1024) ? 'kb' : 'b' );
+		$size_format = ($row['max_filesize'] >= 1048576) ? 'mb' : (($row['max_filesize'] >= 1024) ? 'kb' : 'b');
 
-		if ($row['max_filesize'] >= 1048576)
-		{
-			$row['max_filesize'] = round($row['max_filesize'] / 1048576 * 100) / 100;
-		}
-		else if($row['max_filesize'] >= 1024)
-		{
-			$row['max_filesize'] = round($row['max_filesize'] / 1024 * 100) / 100;
-		}
+		$row['max_filesize'] = ($row['max_filesize'] >= 1048576) ? round($row['max_filesize'] / 1048576 * 100) / 100 : (($row['max_filesize'] >= 1024) ? round($row['max_filesize'] / 1024 * 100) / 100 : $row['max_filesize']);
 
 		$s_allowed = ($row['allow_group'] == 1) ? 'checked="checked"' : '';
 		$edit_img = ($row['upload_icon'] != '') ? $row['upload_icon'] : '';
-			
+
 		$filename_list = '';
 		$no_image_select = false;
 		foreach ($imglist as $img)
@@ -1020,125 +907,40 @@ if ($mode == 'extensions')
 adm_page_footer();
 
 // Test Settings
-function test_upload(&$error, &$error_msg, $upload_dir, $ftp_path, $ftp_upload_allowed, $create_directory = false)
+function test_upload(&$error, $upload_dir, $create_directory = false)
 {
 	global $user;
 
-	$error = FALSE;
-
-	// Does the target directory exist, is it a directory and writeable. (only test if ftp upload is disabled)
-	if (!$ftp_upload_allowed)
+	// Does the target directory exist, is it a directory and writeable.
+	if ($create_directory)
 	{
-		if ($create_directory)
+		if (!file_exists($upload_dir))
 		{
-			if (!@file_exists($upload_dir))
-			{
-				@mkdir($upload_dir, 0755);
-				@chmod($upload_dir, 0777);
-			}
-		}
-		
-		if (!@file_exists($upload_dir))
-		{
-			$error = TRUE;
-			$error_msg = sprintf($user->lang['DIRECTORY_DOES_NOT_EXIST'], $new['upload_dir']) . '<br />';
-		}
-	
-		if (!$error && !is_dir($upload_dir))
-		{
-			$error = TRUE;
-			$error_msg = sprintf($user->lang['DIRECTORY_IS_NOT_A_DIR'], $new['upload_dir']) . '<br />';
-		}
-	
-		if (!$error)
-		{
-			if ( !($fp = @fopen($upload_dir . '/0_000000.000', 'w')) )
-			{
-				$error = TRUE;
-				$error_msg = sprintf($user->lang['DIRECTORY_NOT_WRITEABLE'], $new['upload_dir']) . '<br />';
-			}
-			else
-			{
-				@fclose($fp);
-				@unlink($upload_dir . '/0_000000.000');
-			}
+			@mkdir($upload_dir, 0755);
+			@chmod($upload_dir, 0777);
 		}
 	}
-	else
-	{
-		// Check FTP Settings
-		$server = ( empty($new['ftp_server']) ) ? 'localhost' : $new['ftp_server'];
-		$conn_id = @ftp_connect($server);
-
-		if (!$conn_id)
-		{
-			$error = TRUE;
-			$error_msg = sprintf($user->lang['FTP_ERROR_CONNECT'], $server) . '<br />';
-		}
-
-		$login_result = @ftp_login($conn_id, $new['ftp_user'], $new['ftp_pass']);
-
-		if (!$login_result && !$error)
-		{
-			$error = TRUE;
-			$error_msg = sprintf($user->lang['FTP_ERROR_LOGIN'], $new['ftp_user']) . '<br />';
-		}
 		
-		if (!@ftp_pasv($conn_id, intval($new['ftp_pasv_mode'])))
+	if (!file_exists($upload_dir))
+	{
+		$error[] = sprintf($user->lang['DIRECTORY_DOES_NOT_EXIST'], $upload_dir);
+	}
+	
+	if (!count($error) && !is_dir($upload_dir))
+	{
+		$error[] = sprintf($user->lang['DIRECTORY_IS_NOT_A_DIR'], $upload_dir);
+	}
+	
+	if (!count($error))
+	{
+		if (!($fp = @fopen($upload_dir . '/0_000000.000', 'w')))
 		{
-			$error = TRUE;
-			$error_msg = $user->lang['FTP_ERROR_PASV_MODE'];
+			$error[] = sprintf($user->lang['DIRECTORY_NOT_WRITEABLE'], $new['upload_dir']);
 		}
-
-		if (!$error)
+		else
 		{
-			// Check Upload
-			$tmpfname = @tempnam('/tmp', 't0000');
-			@unlink($tmpfname); // unlink for safety on php4.0.3+
-			$fp = @fopen($tmpfname, 'w');
-			@fwrite($fp, 'test');
 			@fclose($fp);
-
-			if ($create_directory)
-			{
-				$result = @ftp_chdir($conn_id, $ftp_path);
-			
-				if (!$result)
-				{
-					@ftp_mkdir($conn_id, $ftp_path);
-				}
-			}
-
-			$result = @ftp_chdir($conn_id, $ftp_path);
-
-			if (!$result)
-			{
-				$error = TRUE;
-				$error_msg = sprintf($user->lang['FTP_ERROR_PATH'], $ftp_path) . '<br />';
-			}
-			else
-			{
-				$res = @ftp_put($conn_id, 't0000', $tmpfname, FTP_ASCII);
-			
-				if (!$res)
-				{
-					$error = TRUE;
-					$error_msg = sprintf($user->lang['FTP_ERROR_UPLOAD'], $ftp_path) . '<br />';
-				}
-				else
-				{
-					$res = @ftp_delete($conn_id, 't0000');
-
-					if (!$res)
-					{
-						$error = TRUE;
-						$error_msg = sprintf($user->lang['FTP_ERROR_DELETE'], $ftp_path) . '<br />';
-					}
-				}
-			}
-
-			@ftp_quit($conn_id);
-			@unlink($tmpfname);
+			@unlink($upload_dir . '/0_000000.000');
 		}
 	}
 }
@@ -1156,7 +958,6 @@ function size_select($select_name, $size_compare)
 	for ($i = 0; $i < count($size_types_text); $i++)
 	{
 		$selected = ($size_compare == $size_types[$i]) ? ' selected="selected"' : '';
-
 		$select_field .= '<option value="' . $size_types[$i] . '"' . $selected . '>' . $size_types_text[$i] . '</option>';
 	}
 	
diff --git a/phpBB/includes/emailer.php b/phpBB/includes/emailer.php
index f0d330dfbe..594e1e386d 100755
--- a/phpBB/includes/emailer.php
+++ b/phpBB/includes/emailer.php
@@ -208,7 +208,7 @@ class emailer
 		}
 
 		// Build header
-		$this->extra_headers = (($this->replyto !='') ? "Reply-to: <$this->replyto>\r\n" : '') . (($this->from != '') ? "From: <$this->from>\r\n" : "From: <" . $config['board_email'] . ">\r\n") . "Return-Path: <" . $config['board_email'] . ">\r\nMessage-ID: <" . md5(uniqid(time())) . "@" . $config['server_name'] . ">\r\nMIME-Version: 1.0\r\nContent-type: text/plain; charset=" . $this->encoding . "\r\nContent-transfer-encoding: 8bit\r\nDate: " . gmdate('D, d M Y H:i:s Z', time()) . "\r\nX-Priority: 3\r\nX-MSMail-Priority: Normal\r\nX-Mailer: PHP\r\nX-MimeOLE: Produced By phpBB2\r\n" . trim($this->extra_headers) . (($cc != '') ? "Cc:$cc\r\n" : '')  . (($bcc != '') ? "Bcc:$bcc\r\n" : ''); 
+		$this->extra_headers = (($this->replyto !='') ? "Reply-to: <$this->replyto>\r\n" : '') . (($this->from != '') ? "From: <$this->from>\r\n" : "From: <" . $config['board_email'] . ">\r\n") . "Return-Path: <" . $config['board_email'] . ">\r\nMessage-ID: <" . md5(uniqid(time())) . "@" . $config['server_name'] . ">\r\nMIME-Version: 1.0\r\nContent-type: text/plain; charset=" . $this->encoding . "\r\nContent-transfer-encoding: 8bit\r\nDate: " . gmdate('D, d M Y H:i:s Z', time()) . "\r\nX-Priority: 3\r\nX-MSMail-Priority: Normal\r\nX-Mailer: PHP\r\nX-MimeOLE: Produced By phpBB2\r\n" . $this->extra_headers . (($cc != '') ? "Cc:$cc\r\n" : '')  . (($bcc != '') ? "Bcc:$bcc\r\n" : ''); 
 
 		// Send message ... removed $this->encode() from subject for time being
 		if (!$this->use_queue)
diff --git a/phpBB/includes/functions_display.php b/phpBB/includes/functions_display.php
index e9d9dbd6bd..e80d29c89f 100644
--- a/phpBB/includes/functions_display.php
+++ b/phpBB/includes/functions_display.php
@@ -386,26 +386,19 @@ function display_attachments($attachment_data, &$update_count, $force_physical =
 		$filesize = $attachment['filesize'];
 		$size_lang = ($filesize >= 1048576) ? $user->lang['MB'] : ( ($filesize >= 1024) ? $user->lang['KB'] : $user->lang['BYTES'] );
 
-		if ($filesize >= 1048576)
-		{
-			$filesize = (round((round($filesize / 1048576 * 100) / 100), 2));
-		}
-		else if ($filesize >= 1024)
-		{
-			$filesize = (round((round($filesize / 1024 * 100) / 100), 2));
-		}
+		$filesize = ($filesize >= 1048576) ? round((round($filesize / 1048576 * 100) / 100), 2) : (($filesize >= 1024) ? round((round($filesize / 1024 * 100) / 100), 2) : $filesize);
 
 		$display_name = $attachment['real_filename']; 
 		$comment = stripslashes(trim(str_replace("\n", '<br />', $attachment['comment'])));
 
-		$denied = false;
+		$denied = FALSE;
 			
 		if (!in_array($attachment['extension'], $extensions['_allowed_']))
 		{
-			$denied = true;
+			$denied = TRUE;
 
 			$template->assign_block_vars('postrow.attachment', array(
-				'IS_DENIED'		=> true,	
+				'IS_DENIED'		=> TRUE,
 
 				'L_DENIED'		=> sprintf($user->lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension']))
 			);
@@ -431,7 +424,7 @@ function display_attachments($attachment_data, &$update_count, $force_physical =
 					{
 						if ($config['img_link_width'] || $config['img_link_height'])
 						{
-							list($width, $height) = image_getdimension($filename);
+							list($width, $height) = getimagesize($filename);
 
 							$display_cat = (!$width && !$height) ? IMAGE_CAT : (($width <= $config['img_link_width'] && $height <= $config['img_link_height']) ? IMAGE_CAT : NONE_CAT);
 						}
@@ -440,22 +433,15 @@ function display_attachments($attachment_data, &$update_count, $force_physical =
 					{
 						$display_cat = NONE_CAT;
 					}
-				}					
+				}
 			}
 
 			switch ($display_cat)
 			{
 				// Images
 				case IMAGE_CAT:
-					if (!empty($config['ftp_upload']) && trim($config['upload_dir']) == '' && !$force_physical)
-					{
-						$img_source = $phpbb_root_path . "download.$phpEx$SID&amp;id=" . $attachment['attach_id'];
-					}
-					else
-					{
-						$img_source = $filename;
-						$update_count[] = $attachment['attach_id'];
-					}
+					$img_source = $filename;
+					$update_count[] = $attachment['attach_id'];
 
 					$l_downloaded_viewed = $user->lang['VIEWED'];
 					$download_link = $img_source;
@@ -463,14 +449,7 @@ function display_attachments($attachment_data, &$update_count, $force_physical =
 					
 				// Images, but display Thumbnail
 				case THUMB_CAT:
-					if (!empty($config['use_ftp_upload']) && trim($config['upload_dir']) == '' && !$force_physical)
-					{
-						$thumb_source = $phpbb_root_path . "download.$phpEx$SID&amp;id=" . $attachment['attach_id'] . '&thumb=1';
-					}
-					else
-					{
-						$thumb_source = $thumbnail_filename;
-					}
+					$thumb_source = $thumbnail_filename;
 
 					$l_downloaded_viewed = $user->lang['VIEWED'];
 					$download_link = (!$force_physical) ? $phpbb_root_path . "download.$phpEx$SID&amp;id=" . $attachment['attach_id'] : $filename;
diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php
index 8f89d2669b..b27c88c3cf 100644
--- a/phpBB/includes/functions_posting.php
+++ b/phpBB/includes/functions_posting.php
@@ -460,14 +460,7 @@ function upload_attachment($filename)
 	{
 		$size_lang = ($allowed_filesize >= 1048576) ? $user->lang['MB'] : ( ($allowed_filesize >= 1024) ? $user->lang['KB'] : $user->lang['BYTES'] );
 
-		if ($allowed_filesize >= 1048576)
-		{
-			$allowed_filesize = round($allowed_filesize / 1048576 * 100) / 100;
-		}
-		else if($allowed_filesize >= 1024)
-		{
-			$allowed_filesize = round($allowed_filesize / 1024 * 100) / 100;
-		}
+		$allowed_filesize = ($allowed_filesize >= 1048576) ? round($allowed_filesize / 1048576 * 100) / 100 : (($allowed_filesize >= 1024) ? round($allowed_filesize / 1024 * 100) / 100 : $allowed_filesize);
 			
 		$filedata['error'][] = sprintf($user->lang['ATTACHMENT_TOO_BIG'], $allowed_filesize, $size_lang);
 		$filedata['post_attach'] = false;
@@ -502,27 +495,8 @@ function upload_attachment($filename)
 		$filedata['thumbnail'] = 1;
 	}
 
-	// Upload Attachment
-	if (!$config['use_ftp_upload'])
-	{
-		// Descide the Upload method
-		if ( @ini_get('open_basedir') )
-		{
-			$upload_mode = 'move';
-		}
-		else if ( @ini_get('safe_mode') )
-		{
-			$upload_mode = 'move';
-		}
-		else
-		{
-			$upload_mode = 'copy';
-		}
-	}
-	else
-	{
-		$upload_mode = 'ftp';
-	}
+	// Descide the Upload method
+	$upload_mode = (@ini_get('open_basedir') || @ini_get('safe_mode')) ? 'move' : 'copy';
 
 	// Ok, upload the File
 	$result = move_uploaded_attachment($upload_mode, $file, $filedata);
@@ -546,7 +520,6 @@ function move_uploaded_attachment($upload_mode, $source_filename, &$filedata)
 	switch ($upload_mode)
 	{
 		case 'copy':
-
 			if ( !@copy($source_filename, $config['upload_dir'] . '/' . $destination_filename) ) 
 			{
 				if ( !@move_uploaded_file($source_filename, $config['upload_dir'] . '/' . $destination_filename) ) 
@@ -567,41 +540,10 @@ function move_uploaded_attachment($upload_mode, $source_filename, &$filedata)
 			} 
 			@chmod($config['upload_dir'] . '/' . $destination_filename, 0666);
 			break;
-
-		case 'ftp':
-/*
-			$conn_id = init_ftp();
-
-			// Binary or Ascii ?
-			$mode = FTP_BINARY;
-			if ( (preg_match("/text/i", $filedata['mimetype'])) || (preg_match("/html/i", $filedata['mimetype'])) )
-			{
-				$mode = FTP_ASCII;
-			}
-
-			$res = @ftp_put($conn_id, $destination_filename, $source_filename, $mode);
-				
-			if (!$res)
-			{
-				@ftp_quit($conn_id);
-				return sprintf($user->lang['Ftp_error_upload'], $config['ftp_path']);
-			}
-
-			@ftp_site($conn_id, 'CHMOD 0644 ' . $destination_filename);
-			@ftp_quit($conn_id);
-			break;
-*/
 	}
 
 	if ($filedata['thumbnail'])
 	{
-/*		if ($upload_mode == 'ftp')
-		{
-			$source = $source_filename;
-			$destination = 'thumbs/t_' . $destination_filename;
-		}
-		else
-		{*/
 		$source = $config['upload_dir'] . '/' . $destination_filename;
 		$destination = $config['upload_dir'] . '/thumbs/t_' . $destination_filename;
 
@@ -621,271 +563,28 @@ function phpbb_unlink($filename, $mode = 'file', $use_ftp = false)
 {
 	global $config, $user;
 
-	if (!$use_ftp)
+	$filename = ($mode == 'thumbnail') ? $config['upload_dir'] . '/thumbs/t_' . $filename : $config['upload_dir'] . '/' . $filename;
+	$deleted = @unlink($filename);
+
+	if (file_exists($filename))
 	{
-		$filename = ($mode == 'thumbnail') ? $config['upload_dir'] . '/thumbs/t_' . $filename : $config['upload_dir'] . '/' . $filename;
-		$deleted = @unlink($filename);
+		$filesys = eregi_replace('/','\\', $filename);
+		$deleted = @system("del $filesys");
 
-		if (@file_exists($filename))
+		if (file_exists($filename)) 
 		{
-			$filesys = eregi_replace('/','\\', $filename);
-			$deleted = @system("del $filesys");
-
-			if (@file_exists($filename)) 
+			@chmod($filename, 0777);
+			$deleted = @unlink($filename);
+			if (!$deleted)
 			{
-				@chmod($filename, 0777);
-				$deleted = @unlink($filename);
-				if (!$deleted)
-				{
-					$deleted = @system("del $filename");
-				}
+				$deleted = @system("del $filename");
 			}
 		}
 	}
-	else
-	{
-/*		$conn_id = attach_init_ftp($mode);
-
-		if ($mode == MODE_THUMBNAIL)
-		{
-			$filename = 't_' . $filename;
-		}
-		
-		$res = @ftp_delete($conn_id, $filename);
-		if (!$res)
-		{
-			if (defined('DEBUG_EXTRA'))
-			{
-				$add = ( $mode == MODE_THUMBNAIL ) ? ('/' . THUMB_DIR) : ''; 
-				message_die(GENERAL_ERROR, sprintf($lang['Ftp_error_delete'], $config['ftp_path'] . $add));
-			}
-
-			return $deleted;
-		}
-
-		@ftp_quit($conn_id);
-
-		$deleted = TRUE;*/
-	}
 
 	return $deleted;
 }
 
-// Read DWord (4 Bytes) from File
-function read_dword($fp)
-{
-	$data = fread($fp, 4);
-	$value = ord($data[0]) + (ord($data[1])<<8)+(ord($data[2])<<16)+(ord($data[3])<<24);
-	if ($value >= 4294967294)
-	{
-		$value -= 4294967296;
-	}
-	return $value;
-}
-
-// Read Word (2 Bytes) from File - Note: It's an Intel Word
-function read_word($fp)
-{
-	$data = fread($fp, 2);
-	return ord($data[1]) * 256 + ord($data[0]);
-}
-
-// Read Byte
-function read_byte($fp)
-{
-	$data = fread($fp, 1);
-	return ord($data);
-}
-
-
-// Get Image Dimensions... only a test for now, used within create_thumbnail
-function image_getdimension($file)
-{
-	$size = @getimagesize($file);
-
-	if ($size[0] != 0 || $size[1] != 0)
-	{
-		return $size;
-	}
-
-	// Try to get the Dimension manually, depending on the mimetype
-	if (!($fp = @fopen($file, 'rb')))
-	{
-		return $size;
-	}
-	
-	$error = FALSE;
-
-	// BMP - IMAGE
-	$tmp_str = fread($fp, 2);
-	if ($tmp_str == 'BM')
-	{
-		$length = read_dword($fp);
-
-		if ($length <= 6)
-		{
-			$error = TRUE;
-		}
-
-		if (!$error)
-		{
-			$i = read_dword($fp); 
-			if ($i != 0)
-			{		  
-				$error = TRUE;
-			}
-		}
-
-		if (!$error)
-		{
-			$i = read_dword($fp);
-
-			if ($i != 0x3E && $i != 0x76 && $i != 0x436 && $i != 0x36)
-			{
-				$error = TRUE;
-			}
-		}
-
-		if (!$error)
-		{
-			$tmp_str = fread($fp, 4); 
-			$width = read_dword($fp); 
-			$height = read_dword($fp);
-
-			if ($width > 3000 || $height > 3000)
-			{
-				$error = TRUE;
-			}
-		}
-	}
-	else
-	{
-		$error = TRUE;
-	}
-
-	if (!$error)
-	{
-		fclose($fp);
-		return array(
-			$width,
-			$height,
-			'6'
-		);
-	}
-	
-	$error = FALSE;
-	fclose($fp);
-
-	// GIF - IMAGE
-	$fp = @fopen($file, 'rb');
-
-	$tmp_str = fread($fp, 3);
-	
-	if ($tmp_str == 'GIF')
-	{
-		$tmp_str = fread($fp, 3);
-		$width = read_word($fp);
-		$height = read_word($fp);
-
-		$info_byte = fread($fp, 1);
-		$info_byte = ord($info_byte);
-		if (($info_byte & 0x80) != 0x80 && ($info_byte & 0x80) != 0)
-		{
-			$error = TRUE;
-		}
-		
-		if (!$error)
-		{
-			if (($info_byte & 8) != 0)
-			{
-				$error = TRUE;
-			}
-
-		}
-	}
-	else
-	{
-		$error = TRUE;
-	}
-
-	if (!$error)
-	{
-		fclose($fp);
-		return array(
-			$width,
-			$height,
-			'1'
-		);
-	}
-	
-	$error = FALSE;
-	fclose($fp);
-
-	// JPG - IMAGE
-	$fp = @fopen($file, 'rb');
-
-	$tmp_str = fread($fp, 4);
-	$w1 = read_word($fp);
-	if (intval($w1) < 16)
-	{
-		$error = TRUE;
-	}
-	
-	if (!$error)
-	{
-		$tmp_str = fread($fp, 4);
-		if ($tmp_str == 'JFIF')
-		{
-			$o_byte = fread($fp, 1);
-			if (intval($o_byte) != 0)
-			{
-				$error = TRUE;
-			}
-
-			if (!$error)
-			{
-				$str = fread($fp, 2);
-				$b = read_byte($fp);
-
-				if ($b != 0 && $b != 1 && $b != 2)
-				{
-					$error = TRUE;
-				}
-			}
-
-			if (!$error)
-			{
-				$width = read_word($fp);
-				$height = read_word($fp);
-
-				if ($width <= 0 || $height <= 0)
-				{
-					$error = TRUE;
-				}
-			}
-		}
-	}
-	else
-	{
-		$error = TRUE;
-	}
-
-	if (!$error)
-	{
-		fclose($fp);
-		return array(
-			$width,
-			$height,
-			'2'
-		);
-	}
-	
-	$error = FALSE;
-	fclose($fp);
-
-	return $size;
-}
-
 // Calculate the needed size for Thumbnail
 // I am sure i had this grabbed from some site... source: unknown
 function get_img_size_format($width, $height)
@@ -956,16 +655,16 @@ function create_thumbnail($source, $new_file, $mimetype)
 	global $config;
 
 	$source = realpath($source);
-	$min_filesize = intval($config['img_min_thumb_filesize']);
+	$min_filesize = (int) $config['img_min_thumb_filesize'];
 
 	$img_filesize = (file_exists($source)) ? @filesize($source) : FALSE;
 
-	if (!$img_filesize || $img_filesize <= $min_filesize) 
+	if (!$img_filesize || $img_filesize <= $min_filesize)
 	{
 		return FALSE;
 	}
     
-	$size = image_getdimension($source);
+	$size = getimagesize($source);
 
 	if ($size[0] == 0 && $size[1] == 0)
 	{
@@ -977,31 +676,6 @@ function create_thumbnail($source, $new_file, $mimetype)
 	$tmp_path = '';
 	$old_file = '';
 
-/*
-	if ($config['allow_ftp_upload'])
-	{
-		$old_file = $new_file;
-
-		$tmp_path = explode('/', $source);
-		$tmp_path[count($tmp_path)-1] = '';
-		$tmp_path = implode('/', $tmp_path);
-
-		if ($tmp_path == '')
-		{
-			$tmp_path = '/tmp';
-		}
-
-		$value = trim($tmp_path);
-
-		if ($value[strlen($value)-1] == '/')
-		{
-			$value[strlen($value)-1] = ' ';
-		}
-			
-		$new_file = trim($value) . '/t00000';
-	}
-*/
-
 	$used_imagick = FALSE;
 
 	if ($config['img_imagick']) 
@@ -1054,17 +728,6 @@ function create_thumbnail($source, $new_file, $mimetype)
 		return FALSE;
 	}
 
-/*	if (intval($config['allow_ftp_upload']))
-	{
-		$result = ftp_file($new_file, $old_file, $this->type, TRUE); // True for disable error-mode
-		if (!$result)
-		{
-			return (FALSE);
-		}
-	}
-	else
-	{*/
-
 	@chmod($new_file, 0666);
 	
 	return TRUE;
diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php
index 4e04cec0e8..5d58845303 100644
--- a/phpBB/includes/message_parser.php
+++ b/phpBB/includes/message_parser.php
@@ -672,7 +672,7 @@ class parse_message
 		$error = array();
 
 		$num_attachments = count($this->attachment_data);
-		$this->filename_data['filecomment'] = (isset($_POST['filecomment'])) ? trim( strip_tags($_POST['filecomment'])) : '';
+		$this->filename_data['filecomment'] = (isset($_POST['filecomment'])) ? trim(strip_tags($_POST['filecomment'])) : '';
 		$this->filename_data['filename'] = ($_FILES['fileupload']['name'] != 'none') ? trim($_FILES['fileupload']['name']) : '';
 		
 		$add_file		= (isset($_POST['add_file'])) ? TRUE : FALSE;
diff --git a/phpBB/install/schemas/schema_data.sql b/phpBB/install/schemas/schema_data.sql
index ceee25cb86..d3c287f470 100644
--- a/phpBB/install/schemas/schema_data.sql
+++ b/phpBB/install/schemas/schema_data.sql
@@ -112,7 +112,6 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('ldap_base_dn', '')
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('ldap_uid', '');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('lastread', '432000');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('display_order', '0');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('use_ftp_upload', '0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('max_filesize', '262144');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('max_filesize_pm','262144');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('attachment_quota', '52428800');
@@ -120,12 +119,6 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('max_attachments',
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('max_attachments_pm', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_pm_attach', '0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_dir', 'files');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('ftp_server', '');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('ftp_path','');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('download_path','');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('ftp_user','');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('ftp_pass','');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('ftp_pasv_mode','1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('img_display_inlined','1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('img_max_width','0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('img_max_height','0');
diff --git a/phpBB/templates/subSilver/editor.js b/phpBB/templates/subSilver/editor.js
index 3bcd035346..dfe9e4c9d5 100644
--- a/phpBB/templates/subSilver/editor.js
+++ b/phpBB/templates/subSilver/editor.js
@@ -54,8 +54,8 @@ function emoticon(text) {
 		caretPos.text = caretPos.text.charAt(caretPos.text.length - 1) == ' ' ? text + ' ' : text;
 		document.forms[form_name].elements[text_name].focus();
 	} else {
-	document.forms[form_name].elements[text_name].value  += text;
-	document.forms[form_name].elements[text_name].focus();
+		document.forms[form_name].elements[text_name].value  += text;
+		document.forms[form_name].elements[text_name].focus();
 	}
 }
 
@@ -63,7 +63,7 @@ function bbfontstyle(bbopen, bbclose) {
 	if ((clientVer >= 4) && is_ie && is_win) {
 		theSelection = document.selection.createRange().text;
 		if (!theSelection) {
-			document.forms[form_name].elements[text_name].value += bbopen + bbclose;
+			insert_text(bbopen + bbclose);
 			document.forms[form_name].elements[text_name].focus();
 			return;
 		}
@@ -71,13 +71,21 @@ function bbfontstyle(bbopen, bbclose) {
 		document.forms[form_name].elements[text_name].focus();
 		return;
 	} else {
-		document.forms[form_name].elements[text_name].value += bbopen + bbclose;
+		insert_text(bbopen + bbclose);
 		document.forms[form_name].elements[text_name].focus();
 		return;
 	}
-	storeCaret(document.forms[form_name].message);
+	storeCaret(document.forms[form_name].elements[text_name]);
 }
 
+function insert_text(text) {
+	if (document.forms[form_name].elements[text_name].createTextRange && document.forms[form_name].elements[text_name].caretPos) {
+		var caretPos = document.forms[form_name].elements[text_name].caretPos;
+		caretPos.text = caretPos.text.charAt(caretPos.text.length - 1) == '' ? text : text;
+	} else {
+		document.forms[form_name].elements[text_name].value += text;
+	}
+}
 
 function bbstyle(bbnumber) {
 
@@ -169,11 +177,11 @@ function bbstyle(bbnumber) {
 				butnumber = arraypop(bbcode) - 1;
 				if (bbtags[butnumber] != "[*]")
 				{
-					document.forms[form_name].elements[text_name].value += bbtags[butnumber + 1];
+					insert_text(bbtags[butnumber + 1]);
 				}
 				else
 				{
-					document.forms[form_name].elements[text_name].value += bbtags[butnumber];
+					insert_text(bbtags[butnumber]);
 				}
 				buttext = eval('document.forms[form_name].addbbcode' + butnumber + '.value');
 				if (bbtags[butnumber] != "[*]")
@@ -187,14 +195,16 @@ function bbstyle(bbnumber) {
 	} else { // Open tags
 
 		if (imageTag && (bbnumber != 14)) {		// Close image tag before adding another
-			document.forms[form_name].elements[text_name].value += bbtags[15];
+			insert_text(bbtags[15]);
+
 			lastValue = arraypop(bbcode) - 1;	// Remove the close image tag from the list
 			document.forms[form_name].addbbcode14.value = "Img";	// Return button back to normal state
 			imageTag = false;
 		}
 
 		// Open tag
-		document.forms[form_name].elements[text_name].value += bbtags[bbnumber];
+		insert_text(bbtags[bbnumber]);
+
 		if ((bbnumber == 14) && (imageTag == false)) imageTag = 1; // Check to stop additional tags after an unclosed image tag
 		if (bbtags[bbnumber] != "[*]")
 		{
@@ -205,7 +215,7 @@ function bbstyle(bbnumber) {
 		return;
 	}
 
-	storeCaret(document.forms[form_name].message);
+	storeCaret(document.forms[form_name].elements[text_name]);
 }
 
 // Insert at Claret position. Code from