Merge commit 'release-3.0.8'

* commit 'release-3.0.8': (393 commits)
  [prep-release-3.0.8] Incrementing version number to 3.0.8 and update changelog
  [ticket/9903] Script for detecting potentially malicious flash bbcodes
  [ticket/9904] Update WebPI Parameters.xml to work with WebMatrix.
  [ticket/9899] Change recaptcha theme from default to 'clean' in the ACP.
  [ticket/9509] Fix a typo and wrong period placement
  [ticket/9903] Fix XSS in BBcode-parser's Flash-BBcode.
  [develop-olympus] Updating changelog for last minute 3.0.8-RC1 fixes.
  [ticket/9140] Check current board version in incremental update packages
  [ticket/9891] Updater drops language-selection after database-update
  [develop-olympus] Updating changelog with latest changes for 3.0.8-RC1
  [ticket/9884] Reduce queue interval to 60 seconds, email package size to 20
  [ticket/9886] Update fails on PostgreSQL because of an error in _add_module
  [ticket/9888] Update fails when Bing [Bot] was already added to the users table
  [develop-olympus] Bumping version number for 3.0.8-RC1.
  [ticket/9885] Fix extension group name updater. Loop through all languages.
  [ticket/9847] Fix typo in search synonyms. Use british english for 'judgement'.
  [ticket/9883] Change an American English spelling to British English.
  [task/phing-build] Correct the path for update package patch files.
  [ticket/9880] Change "antibot" to "anti-spambot".
  [ticket/9696] Surpress is_dir() notice when using SQLite with open_basedir.
  ...

.gitignore

@@ -0,0 +1,8 @@
+*~
+phpBB/cache/*.php
+phpBB/config.php
+phpBB/files/*
+phpBB/images/avatars/upload/*
+phpBB/store/*
+tests/phpbb_unit_tests.sqlite2
+tests/test_config.php

build/build.xml

@@ -0,0 +1,149 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<project name="phpBB" description="The phpBB forum software" default="all" basedir="../">
+	<!-- a few settings for the build -->
+	<property name="newversion" value="3.0.8" />
+	<property name="prevversion" value="3.0.8-RC1" />
+	<property name="olderversions" value="3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7-PL1" />
+	<!-- no configuration should be needed beyond this point -->
+
+	<property name="oldversions" value="${olderversions}, ${prevversion}" />
+	<property name="versions" value="${oldversions}, ${newversion}" />
+
+	<!-- These are the main targets which you will probably want to use -->
+	<target name="package" depends="clean,prepare,create-package" />
+	<target name="all" depends="clean,prepare,test,create-package" />
+
+	<target name="prepare">
+		<mkdir dir="build/logs" />
+		<mkdir dir="build/api" />
+		<mkdir dir="build/codebrowser" />
+		<mkdir dir="build/coverage" />
+		<mkdir dir="build/cpd" />
+		<mkdir dir="build/dependencies" />
+		<mkdir dir="build/new_version" />
+		<mkdir dir="build/new_version/files" />
+		<mkdir dir="build/new_version/patches" />
+		<mkdir dir="build/new_version/release_files" />
+		<mkdir dir="build/new_version/update" />
+		<mkdir dir="build/old_versions" />
+		<mkdir dir="build/save" />
+	</target>
+
+	<target name="clean">
+		<delete dir="build/logs" />
+		<delete dir="build/api" />
+		<delete dir="build/codebrowser" />
+		<delete dir="build/coverage" />
+		<delete dir="build/cpd" />
+		<delete dir="build/dependencies" />
+		<delete dir="build/new_version" />
+		<delete dir="build/old_versions" />
+		<delete dir="build/save" />
+	</target>
+
+	<target name="test">
+		<exec dir="tests"
+			command="phpunit --log-junit ../build/logs/phpunit.xml
+			--coverage-clover ../build/logs/clover.xml
+			--coverage-html ../build/coverage
+			phpbb_all_tests all_tests.php"
+			passthru="true" />
+
+
+		<!-- Does not allow changing the working directory to tests/
+			 so this approach does not work for us unfortunately
+		<phpunit codecoverage="true" haltonfailure="true">
+			<formatter todir="build/logs" type="xml"/>
+			<batchtest>
+				<fileset dir="tests">
+					<include name="all_tests.php"/>
+				</fileset>
+			</batchtest>
+		</phpunit>
+		-->
+	</target>
+
+	<target name="old-version-diffs">
+		<foreach list="${oldversions}" param="version" target="old-version-diff" />
+	</target>
+
+	<!-- This target retrieves an old version from the git tag release-${version}
+	     and creates a diff between that release and the new one -->
+	<target name="old-version-diff">
+		<echo msg="Retrieving version ${version}" />
+		<mkdir dir="build/old_versions/release-${version}" />
+
+		<phingcall target="export">
+			<property name="revision" value="release-${version}" />
+			<property name="dir" value="build/old_versions/release-${version}" />
+		</phingcall>
+
+		<phingcall target="clean-diff-dir">
+			<property name="dir" value="build/old_versions/release-${version}" />
+		</phingcall>
+
+		<exec dir="build/old_versions" command="diff -crNEBwd release-${version} release-${newversion} >
+			../new_version/patches/phpBB-${version}_to_${newversion}.patch" escape="false" />
+	</target>
+
+	<target name="prepare-new-version">
+		<!-- select the currently checked out commit (HEAD) for packaging -->
+		<mkdir dir="build/new_version/phpBB3" />
+		<phingcall target="export">
+			<property name="revision" value="HEAD" />
+			<property name="dir" value="build/new_version/phpBB3" />
+		</phingcall>
+
+		<!-- copy into directory for diffs -->
+		<exec dir="build" command="cp -rp new_version/phpBB3 old_versions/release-${newversion}" />
+		<!-- and clean up -->
+		<phingcall target="clean-diff-dir">
+			<property name="dir" value="build/old_versions/release-${newversion}" />
+		</phingcall>
+
+		<!-- create an empty config.php file (not for diffs) -->
+		<touch file="build/new_version/phpBB3/config.php" />
+
+	</target>
+
+	<target name="create-package" depends="prepare-new-version,old-version-diffs">
+		<exec dir="build" command="php -f package.php '${versions}' > logs/package.log" escape="false" />
+		<exec dir="build" command="php -f build_diff.php '${prevversion}' '${newversion}' > logs/build_diff.log" escape="false" />
+	</target>
+
+	<!--
+		This target can be called using phingcall to retrieve a clean
+		checkout of a commit from git. It will only export the phpBB directory.
+		The properties revision and dir are required.
+		This target will remove directories that are not needed in distribution
+		and set correct permissions.
+	-->
+	<target name="export">
+		<exec dir="phpBB"
+			command="git archive ${revision} | tar -x -C ../${dir}"
+			checkreturn="true" />
+		<delete file="${dir}/config.php" />
+		<delete dir="${dir}/develop" />
+		<delete dir="${dir}/install/data" />
+
+		<echo msg="Setting permissions for checkout of ${revision} in ${dir}" />
+		<!-- set permissions of all files to 644, directories to 755 -->
+		<exec dir="${dir}" command="find -type f|xargs chmod 644" escape="false" />
+		<exec dir="${dir}" command="find -type d|xargs chmod 755" escape="false" />
+		<!-- set permissions of some directories to 777 -->
+		<chmod mode="0777" file="${dir}/cache" />
+		<chmod mode="0777" file="${dir}/store" />
+		<chmod mode="0777" file="${dir}/files" />
+		<chmod mode="0777" file="${dir}/images/avatars/upload" />
+	</target>
+
+	<target name="clean-diff-dir">
+		<delete dir="${dir}/cache" />
+		<delete dir="${dir}/docs" />
+		<delete dir="${dir}/files" />
+		<delete dir="${dir}/install" />
+		<delete dir="${dir}/store" />
+	</target>
+
+</project>

build/build_diff.php

@@ -9,16 +9,26 @@
 *
 */
 
-// CONFIG - Begin
+if ($_SERVER['argc'] != 3)
-$substitute_old = '3.0.6';
+{
-$substitute_new = '3.0.7-PL1';
+	die("Please specify the previous and current version as arguments (e.g. build_diff.php '1.0.2' '1.0.3').");
-$simple_name_old = 'phpbb306';
+}
-$simple_name_new = 'phpbb307-PL1';
+
+$old_version = trim($_SERVER['argv'][1]);
+$new_version = trim($_SERVER['argv'][2]);
+
+$substitute_old = $old_version;
+$substitute_new = $new_version;
+$simple_name_old = 'release-' . $old_version;
+$simple_name_new = 'release-' . $new_version;
 $echo_changes = false;
+
+// DO NOT EVER USE THE FOLLOWING! Fix the script to generate proper changes,
+// do NOT manually create them.
+
 // Set this to true to just compress the changes and do not build them again
 // This should be used for building custom modified txt file. ;)
 $package_changed_files = false;
-// CONFIG - End
 
 //$debug_file = 'includes/functions_user.php'; //'styles/prosilver/style.cfg';
 $debug_file = false;
@@ -36,9 +46,6 @@ if (!$package_changed_files)
 {
 	if (!$echo_changes)
 	{
-		// Cleanup...
-		run_command("rm -R $location/save/*");
-
 		// Create directory...
 		run_command("mkdir $location/save/{$s_name}");
 		run_command("mkdir $location/save/{$s_name}/language");
@@ -72,14 +79,14 @@ if (!$echo_changes)
 	foreach ($compress_programs as $extension => $compress_command)
 	{
 		echo "Packaging code changes for $extension\n";
-		run_command("rm ./../../release_files/{$code_changes_filename}.{$extension}");
+		run_command("rm ./../../new_version/release_files/{$code_changes_filename}.{$extension}");
 		flush();
 
 		// Build Package
-		run_command("$compress_command ./../../release_files/{$code_changes_filename}.{$extension} *");
+		run_command("$compress_command ./../../new_version/release_files/{$code_changes_filename}.{$extension} *");
 
 		// Build MD5 Sum
-		run_command("md5sum ./../../release_files/{$code_changes_filename}.{$extension} > ./../../release_files/{$code_changes_filename}.{$extension}.md5");
+		run_command("md5sum ./../../new_version/release_files/{$code_changes_filename}.{$extension} > ./../../new_version/release_files/{$code_changes_filename}.{$extension}.md5");
 		flush();
 	}
 }

build/build_helper.php

@@ -14,10 +14,6 @@ class build_package
 	var $old_packages;
 	var $versions;
 	var $locations;
-	var $clean_directory_structure;
-	var $files_to_copy;
-	var $files_to_remove;
-	var $remove_from_diff_structure;
 
 	// -c - context diff
 	// -r - compare recursive
@@ -53,11 +49,11 @@ class build_package
 		$this->package_infos = array(
 			'package_name'			=> 'phpBB3',
 			'name_prefix'			=> 'phpbb',
-			'simple_name'			=> 'phpbb' . str_replace('.', '', $_latest),
+			'simple_name'			=> 'release-' . $_latest,
 			'new_version_number'	=> $_latest,
 			'short_version_number'	=> str_replace('.', '', $_latest),
 			'release_filename'		=> 'phpBB-' . $_latest,
-			'last_version'			=> 'phpbb' . str_replace('.', '', $_before),
+			'last_version'			=> 'release-' . $_before,
 			'last_version_number'	=> $_before,
 		);
 
@@ -78,112 +74,7 @@ class build_package
 				continue;
 			}
 
-			$this->old_packages['phpbb' . str_replace('.', '', $package_version)] = $package_version . '_to_';
+			$this->old_packages['release-' . $package_version] = $package_version . '_to_';
-		}
-
-		// We need to make sure this is up to date with the latest version
-		$this->clean_directory_structure = array(
-			'adm'		=> array(
-				'images'	=> '',
-				'style'		=> '',
-			),
-			'cache'		=> '',
-			'docs'		=> '',
-			'download'	=> '',
-			'files'		=> '',
-			'images'	=> array(
-				'avatars'	=> array(
-					'gallery'	=> '',
-					'upload'	=> '',
-				),
-				'icons'		=> array(
-					'misc'	=> '',
-					'smile'	=> '',
-				),
-				'ranks'			=> '',
-				'smilies'		=> '',
-				'upload_icons'	=> '',
-			),
-			'includes'		=> array(
-				'acm'		=> '',
-				'acp'		=> array(
-					'info'	=> '',
-				),
-				'auth'		=> '',
-				'captcha'	=> array(
-					'plugins'	=> '',
-				),
-				'diff'		=> '',
-				'db'		=> '',
-				'hooks'		=> '',
-				'mcp'		=> array(
-					'info'	=> '',
-				),
-				'questionnaire' => '',
-				'search'	=> '',
-				'ucp'		=> array(
-					'info'	=> '',
-				),
-				'utf'		=> array(
-					'data'	=> '',
-				),
-			),
-			'install'		=> array(
-				'convertors'=> '',
-				'schemas'	=> '',
-//				'data'		=> '',
-			),
-			'language'		=> array(
-				'en'		=> array(
-					'acp'		=> '',
-					'email'		=> '',
-					'mods'		=> '',
-				),
-			),
-			'store'			=> '',
-			'styles'		=> array(
-				'subsilver2'	=> array(
-					'imageset'		=> array(
-						'en'	=> '',
-					),
-					'template'	=> '',
-					'theme'		=> array(
-						'images'	=> '',
-					),
-				),
-				'prosilver'	=> array(
-					'imageset'		=> array(
-						'en'	=> '',
-					),
-					'template'	=> '',
-					'theme'		=> array(
-						'images'	=> '',
-					),
-				),
-			),
-		);
-
-		// Files to remove (not include within package)
-		$this->files_to_remove = array(); //array('includes/utf/data/recode_cjk.php');
-
-		// Files within the main directory to copy - do not include config.php
-		$this->files_to_copy = array(
-			'.htaccess', 'common.php', 'cron.php', 'faq.php', 'feed.php', 'index.php', 'mcp.php', 'memberlist.php', 'posting.php', 'report.php',
-			'search.php', 'style.php', 'ucp.php', 'viewforum.php', 'viewonline.php', 'viewtopic.php'
-		);
-
-		// These files/directories will be removed and not used for creating the patch files
-		$this->remove_from_diff_structure = array(
-			'config.php', 'cache', 'docs', 'files', 'install', 'store', 'develop'
-		);
-
-		// Writeable directories
-		$this->writeable = array('cache', 'store', 'images/avatars/upload', 'files');
-
-		// Fill the rest of the files_to_copy array
-		foreach ($this->clean_directory_structure as $cur_dir => $dir_struct)
-		{
-			$this->_fill_files_to_copy($this->locations['new_version'] . $cur_dir, $cur_dir, $dir_struct);
 		}
 	}
 
@@ -192,66 +83,6 @@ class build_package
 		return $this->package_infos[$var];
 	}
 
-	function _fill_files_to_copy($directory, $cur_dir, $dir_struct)
-	{
-		$dh = opendir($directory);
-
-		while ($file = readdir($dh))
-		{
-			if (is_file($directory . '/' . $file) && $file != '.' && $file != '..')
-			{
-				$_loc = str_replace($this->locations['new_version'], '', $directory . '/' . $file);
-
-				if (in_array($_loc, $this->files_to_remove))
-				{
-					continue;
-				}
-
-				$this->files_to_copy[] = $cur_dir . '/' . $file;
-			}
-		}
-		closedir($dh);
-
-		if (is_array($dir_struct))
-		{
-			foreach ($dir_struct as $_cur_dir => $_dir_struct)
-			{
-				$this->_fill_files_to_copy($directory . '/' . $_cur_dir, $cur_dir . '/' . $_cur_dir, $_dir_struct);
-			}
-		}
-	}
-
-	function adjust_permissions($directory)
-	{
-		$dh = opendir($directory);
-
-		while ($file = readdir($dh))
-		{
-			if ($file == '.' || $file == '..' || $file == '.svn')
-			{
-				continue;
-			}
-
-			// If file, then 644
-			if (is_file($directory . '/' . $file))
-			{
-				chmod($directory . '/' . $file, 0644);
-			}
-			else if (is_dir($directory . '/' . $file))
-			{
-				$_loc = str_replace($this->package_infos['dest_dir'] . '/', '', $directory . '/' . $file);
-
-				// If directory is within the writeable chmod to 777, else 755
-				$mode = (in_array($_loc, $this->writeable)) ? 0777 : 0755;
-				chmod($directory . '/' . $file, $mode);
-
-				// Now traverse to the directory
-				$this->adjust_permissions($directory . '/' . $file);
-			}
-		}
-		closedir($dh);
-	}
-
 	function begin_status($headline)
 	{
 		if ($this->status_begun)

build/package.php

@@ -9,14 +9,17 @@
 *
 */
 
-// The only thing i need to adjust. ;)
+//$versions = array('3.0.2', '3.0.3', '3.0.4', '3.0.5', '3.0.6', '3.0.7-RC1', '3.0.7-RC2', '3.0.7', '3.0.7-PL1');
-// Please always add the latest version number to the end
+
-// Only have 5 releases here...
+if ($_SERVER['argc'] < 2)
-// If RC8 drops remove the install/data directory
+{
-//$versions = array('3.0.2', '3.0.3-RC1', '3.0.3', '3.0.4-RC1', '3.0.4', '3.0.5-RC1', '3.0.5', '3.0.6-RC1', '3.0.6-RC2', '3.0.6-RC3');
+	die("Please specify a list of versions as the first argument (e.g. package.php '1.0.0, 1.0.1, 1.0.2').");
-//$versions = array('3.0.2', '3.0.3', '3.0.4', '3.0.5', '3.0.6', '3.0.7-RC1', '3.0.7');
+}
-$versions = array('3.0.2', '3.0.3', '3.0.4', '3.0.5', '3.0.6', '3.0.7-RC1', '3.0.7-RC2', '3.0.7', '3.0.7-PL1');
+
-$verbose = false;
+$versions = explode(',', $_SERVER['argv'][1]);
+$versions = array_map('trim', $versions);
+
+$verbose = true;
 
 require('build_helper.php');
 
@@ -25,130 +28,6 @@ $package = new build_package($versions, $verbose);
 echo "Building Release Packages\n";
 echo "Now all three package types (patch, files, release) are built as well as the update package (update).\n";
 
-$package->begin_status('Remove temporary files');
-
-// Cleanup...
-$package->run_command('rm -Rv ' . $package->get('dest_dir'));
-$package->run_command('rm -Rv ' . $package->get('diff_dir'));
-$package->run_command('rm -Rv ' . $package->get('patch_directory'));
-$package->run_command('rm -Rv ' . $package->get('files_directory'));
-$package->run_command('rm -Rv ' . $package->get('update_directory'));
-$package->run_command('rm -Rv ' . $package->get('release_directory'));
-
-$package->begin_status('Create new directories');
-
-// Make sure the directories got removed
-while (file_exists($package->get('update_directory')))
-{
-	sleep(1);
-}
-
-if (!file_exists($package->get('dest_dir')))
-{
-	$package->run_command('mkdir ' . $package->get('dest_dir'));
-}
-
-if (!file_exists($package->get('diff_dir')))
-{
-	$package->run_command('mkdir ' . $package->get('diff_dir'));
-}
-
-if (!file_exists($package->get('patch_directory')))
-{
-	$package->run_command('mkdir ' . $package->get('patch_directory'));
-}
-
-if (!file_exists($package->get('files_directory')))
-{
-	$package->run_command('mkdir ' . $package->get('files_directory'));
-}
-
-if (!file_exists($package->get('update_directory')))
-{
-	$package->run_command('mkdir ' . $package->get('update_directory'));
-}
-
-if (!file_exists($package->get('release_directory')))
-{
-	$package->run_command('mkdir ' . $package->get('release_directory'));
-}
-
-$package->begin_status('Copy release files to clean release directory');
-
-// Create config.php file
-$package->run_command('touch ' . $package->get('dest_dir') . '/config.php');
-//$package->run_command('sudo chown www-data:www-data ' . $package->get('dest_dir') . '/config.php');
-
-// Create new directory structure
-foreach ($package->clean_directory_structure as $dir => $dir_struct)
-{
-	$package->create_directory($package->get('dest_dir') . '/' . $dir, $dir_struct);
-}
-
-// First step is to copy the new version over (clean structure)
-foreach ($package->files_to_copy as $file)
-{
-	$source_file = $package->locations['new_version'] . $file;
-	$dest_file = $package->get('dest_dir') . '/' . $file;
-
-	$package->run_command("cp -p $source_file $dest_file");
-}
-
-// fix line endings
-chdir($package->get('dest_dir'));
-$package->run_command($package->locations['new_version'] . 'develop/fix_files.sh');
-
-// Now clean up the permissions
-$package->begin_status('Adjust permissions');
-
-$package->adjust_permissions($package->get('dest_dir'));
-
-// Now create a version for diffing the version - copy the tree over to old_versions...
-$package->begin_status('Create diff directory for obtaining file differences');
-
-$package->run_command('cp -Rp ' . $package->get('dest_dir') . '/* ' . $package->get('diff_dir'));
-$package->run_command('cp -Rp ' . $package->get('dest_dir') . '/.htaccess ' . $package->get('diff_dir'));
-
-// Cleanup diff directory (only contents to diff)
-foreach ($package->remove_from_diff_structure as $remove_dir)
-{
-	$package->run_command('rm -Rv ' . $package->get('diff_dir') . '/' . $remove_dir);
-}
-
-// Now, first of all we need to rebuild all old packages we want to support
-foreach ($package->old_packages as $package_name => $tag_name)
-{
-	$package->begin_status('Create old packages directory for diffing to ' . $package_name);
-
-	chdir($package->locations['old_versions']);
-
-	if (is_dir($package->locations['old_versions'] . $package_name))
-	{
-		$package->run_command('rm -Rv ' . $package->locations['old_versions'] . $package_name);
-	}
-
-	// Now, create a new one...
-	$tag_name = 'release_' . str_replace(array('.', '_to_'), array('_', ''), $tag_name);
-
-	$package->run_command('svn export --non-interactive http://code.phpbb.com/svn/phpbb/tags/' . $tag_name . '/phpBB/ ' . $package_name);
-
-	$location = $package->locations['old_versions'] . $package_name;
-	chdir($location . '/');
-
-	$package->run_command($package->locations['new_version'] . 'develop/fix_files.sh');
-
-	// Now clean up the permissions
-	$package->begin_status('Adjust permissions for package ' . $package_name);
-
-	$package->adjust_permissions($location);
-
-	// Cleanup diff directory (only contents to diff)
-	foreach ($package->remove_from_diff_structure as $remove_dir)
-	{
-		$package->run_command('rm -Rv ' . $location . '/' . $remove_dir);
-	}
-}
-
 // Go trough all versions making a diff if we even have old versions
 // For phpBB 3.0.x we might choose a different update method, rendering the things below useless...
 if (sizeof($package->old_packages))
@@ -160,13 +39,13 @@ if (sizeof($package->old_packages))
 
 	foreach ($package->old_packages as $_package_name => $dest_package_filename)
 	{
-		$package->begin_status('Creating patch/diff files for phpBB-' . $dest_package_filename . $package->get('new_version_number'));
+		$package->begin_status('Parsing patch/diff files for phpBB-' . $dest_package_filename . $package->get('new_version_number'));
-
-		$dest_package_filename = $package->get('patch_directory') . '/phpBB-' . $dest_package_filename . $package->get('new_version_number') . '.patch';
-		$package->run_command('diff ' . $package->diff_options . ' ' . $_package_name . ' ' . $package->get('simple_name') . ' > ' . $dest_package_filename);
 
 		// Parse this diff to determine file changes from the checked versions and save them
-		$diff_file_changes[$_package_name] = $package->collect_diff_files($dest_package_filename, $_package_name);
+		$diff_file_changes[$_package_name] = $package->collect_diff_files(
+			$package->get('patch_directory') . '/phpBB-' . $dest_package_filename . $package->get('new_version_number') . '.patch',
+			$_package_name
+		);
 	}
 
 	// Now put those files determined within the correct directories
@@ -404,7 +283,6 @@ if (sizeof($package->old_packages))
 	foreach ($compress_programs as $extension => $compress_command)
 	{
 		$package->begin_status('Packaging phpBB Patch Files for ' . $extension);
-		$package->run_command('rm -v ../release_files/' . $package->get('release_filename') . '-patch.' . $extension);
 
 		// Build Package
 		$package->run_command($compress_command . ' ../release_files/' . $package->get('release_filename') . '-patch.' . $extension . ' *');
@@ -420,7 +298,6 @@ if (sizeof($package->old_packages))
 	{
 		$package->begin_status('Packaging phpBB Files for ' . $extension);
 
-		$package->run_command('rm -v ../release_files/' . $package->get('release_filename') . '-files.' . $extension);
 		$package->run_command('mkdir ' . $package->get('files_directory') . '/release');
 		$package->run_command('cp -Rp ' . $package->get('dest_dir') . '/docs ' . $package->get('files_directory') . '/release');
 		$package->run_command('cp -Rp ' . $package->get('dest_dir') . '/install ' . $package->get('files_directory') . '/release');
@@ -457,7 +334,6 @@ if (sizeof($package->old_packages))
 
 		$package->begin_status('Packaging phpBB Update for ' . $extension);
 
-		$package->run_command('rm -v ../release_files/' . $package->get('release_filename') . '-update.' . $extension);
 		$package->run_command('mkdir ' . $package->get('update_directory') . '/release');
 
 		// Pack update files
@@ -518,6 +394,13 @@ foreach ($compress_programs as $extension => $compress_command)
 	$package->run_command('md5sum ./release_files/' . $package->get('release_filename') . '.' . $extension . ' > ./release_files/' . $package->get('release_filename') . '.' . $extension . '.md5');
 }
 
+// Microsoft Web PI packaging
+$package->begin_status('Packaging phpBB for Microsoft WebPI');
+$file = './release_files/' . $package->get('release_filename') . '.webpi.zip';
+$package->run_command('cp -p ./release_files/' . $package->get('release_filename') . ".zip $file");
+$package->run_command('cd ./../webpi && ' . $compress_programs['zip'] . " ./../new_version/$file *");
+$package->run_command("md5sum $file  > $file.md5");
+
 // verify results
 chdir($package->locations['root']);
 $package->begin_status('********** Verifying packages **********');

build/webpi/install/mssql.sql

@@ -0,0 +1,39 @@
+/**********************************************************************/
+/* Install.SQL                                                        */
+/* Creates a login and makes the user a member of db roles            */
+/*                                                                    */
+/**********************************************************************/
+
+-- Declare variables for database name, username and password
+DECLARE @dbName sysname,
+      @dbUser sysname,
+      @dbPwd nvarchar(max);
+
+-- Set variables for database name, username and password
+SET @dbName = 'PlaceHolderForDb';
+SET @dbUser = 'PlaceHolderForUser';
+SET @dbPwd = 'PlaceHolderForPassword';
+
+DECLARE @cmd nvarchar(max)
+
+-- Create login
+IF( SUSER_SID(@dbUser) is null )
+BEGIN
+    print '-- Creating login '
+    SET @cmd = N'CREATE LOGIN ' + quotename(@dbUser) + N' WITH PASSWORD ='''+ replace(@dbPwd, '''', '''''') + N''''
+    EXEC(@cmd)
+END
+
+-- Create database user and map to login
+-- and add user to the datareader, datawriter, ddladmin and securityadmin roles
+--
+SET @cmd = N'USE ' + quotename(@DBName) + N'; 
+IF( NOT EXISTS (SELECT * FROM sys.database_principals WHERE name = ''' + replace(@dbUser, '''', '''''') + N'''))
+BEGIN
+    print ''-- Creating user'';
+    CREATE USER ' + quotename(@dbUser) + N' FOR LOGIN ' + quotename(@dbUser) + N';
+    print ''-- Adding user'';
+    EXEC sp_addrolemember ''db_owner'', ''' + replace(@dbUser, '''', '''''') + N''';
+END'
+EXEC(@cmd)
+GO

build/webpi/install/mysql.sql

@@ -0,0 +1,15 @@
+USE PlaceHolderForDb$$
+
+DROP PROCEDURE IF EXISTS add_user $$
+
+CREATE PROCEDURE add_user()
+BEGIN
+DECLARE EXIT HANDLER FOR 1044 BEGIN END;
+GRANT ALL PRIVILEGES ON PlaceHolderForDb.* to 'PlaceHolderForUser'@'PlaceHolderForServer' IDENTIFIED BY 'PlaceHolderForPassword';
+FLUSH PRIVILEGES;
+END
+$$
+
+CALL add_user() $$
+
+DROP PROCEDURE IF EXISTS add_user $$

build/webpi/manifest.xml

@@ -0,0 +1,13 @@
+<msdeploy.iisapp>
+	<iisapp path="phpBB3" />
+
+	<dbmysql path="install/mysql.sql" commandDelimiter="$$"	removeCommandDelimiter="true" />
+
+	<dbfullsql path="install/mssql.sql" />
+
+	<setAcl path="phpBB3/cache" setAclAccess="Modify" setAclUser="anonymousAuthenticationUser" />
+	<setAcl path="phpBB3/files" setAclAccess="Modify" setAclUser="anonymousAuthenticationUser" />
+	<setAcl path="phpBB3/store" setAclAccess="Modify" setAclUser="anonymousAuthenticationUser" />
+	<setAcl path="phpBB3/images/avatars/upload" setAclAccess="Modify" setAclUser="anonymousAuthenticationUser" />
+	<setAcl path="phpBB3/config.php" setAclAccess="Modify" setAclUser="anonymousAuthenticationUser" setAclResourceType="File" />
+</msdeploy.iisapp>

build/webpi/parameters.xml

@@ -0,0 +1,256 @@
+<parameters>
+	<parameter
+		name="AppPath"
+		defaultValue="Default Web Site/phpBB3"
+		tags="iisapp">
+		
+		<parameterEntry
+			type="ProviderPath"
+			scope="iisapp"
+			match="phpBB3" />
+	</parameter>
+	<!--ACLs-->
+	<parameter
+		name="aclCache"
+		description="Sets the ACL on the cache/ folder"
+		defaultValue="{AppPath}/cache"
+		tags="Hidden">
+
+		<parameterEntry
+			type="ProviderPath"
+			scope="setAcl"
+			match="phpBB3/cache$" />
+	</parameter>
+
+	<parameter
+		name="aclFiles"
+		description="Sets the ACL on the files/ folder"
+		defaultValue="{AppPath}/files"
+		tags="Hidden">
+
+		<parameterEntry
+			type="ProviderPath"
+			scope="setAcl"
+			match="phpBB3/files$" />
+	</parameter>
+
+	<parameter
+		name="aclStore"
+		description="Sets the ACL on the store/ folder"
+		defaultValue="{AppPath}/store"
+		tags="Hidden">
+
+		<parameterEntry
+			type="ProviderPath"
+			scope="setAcl"
+			match="phpBB3/store$" />
+	</parameter>
+
+	<parameter
+		name="aclAvatarUpload"
+		description="Sets the ACL on the avatars/upload/ folder"
+		defaultValue="{AppPath}/images/avatars/upload"
+		tags="Hidden">
+
+		<parameterEntry
+			type="ProviderPath"
+			scope="setAcl"
+			match="phpBB3/images/avatars/upload$" />
+	</parameter>
+
+	<parameter
+		name="aclConfig"
+		description="Sets the ACL on the config.php file"
+		defaultValue="{AppPath}/config.php"
+		tags="Hidden">
+
+		<parameterEntry
+			type="ProviderPath"
+			scope="setAcl"
+			match="phpBB3/config.php$" />
+	</parameter>
+
+	<!-- SQL parameters -->
+	<parameter  name="SQL Database Server"  description="Enter the database server (usually machine name ) "  defaultValue="."  tags="SQL">
+	</parameter>
+
+	<parameter name="SQL DatabaseServer Instance" description="Enter the database instance name" defaultValue="SQLExpress" tags="SQL">
+	</parameter>
+	<!-- Read database server from config.php . Update 'dbhost' in config.php on publish -->
+	<parameter name="SQL Automatic DatabaseServer" defaultValue="dbhost = '{SQL Database Server}\\{SQL DatabaseServer Instance}';" tags="Hidden,SQL">
+		<parameterEntry kind="TextFile" scope="\\config\.php$" match="dbhost\s*=\s*'([^']*)'\s*;" />
+	</parameter>
+	<parameter
+		name="SQL DatabaseName" description="Database name for your application." defaultValue="phpbb" tags="SQL, dbName">
+
+		<parameterEntry type="TextFile" scope="install/mssql.sql" match="PlaceHolderForDb" />   
+	</parameter>
+	<!-- Read database name from config.php . Update 'dbname' in config.php on publish -->
+	<parameter name="SQL Automatic DatabaseName" defaultValue="dbname = '{SQL DatabaseName}';" tags="Hidden,SQL">
+		<parameterEntry kind="TextFile" scope="\\config\.php$" match="dbname\s*=\s*'([^']*)'\s*;" />
+	</parameter>
+  
+	<parameter
+		name="SQL DatabaseAdministrator"
+		description="Database server administartor username."
+		defaultValue="sa"
+		tags="SQL, DbAdminUsername" >
+	</parameter>
+
+	<parameter
+		name="SQL DatabaseAdministratorPassword"
+		description="Database server administrator password."
+		tags="Password,SQL,DbAdminPassword">
+	</parameter>
+
+	<parameter
+		name="SQL Database Username"
+		description="Username to access your database."
+		defaultValue="phpbb"
+		tags="SQL, DbUsername">
+
+		<parameterEntry
+			type="TextFile"
+			scope="install/mssql.sql"
+			match="PlaceHolderForUser" />
+	</parameter>
+	<!-- Read database user from config.php . Update 'dbuser' in config.php on publish -->
+	<parameter name="SQL Automatic Database User" defaultValue="dbuser = '{SQL Database Username}';" tags="Hidden,SQL">
+		<parameterEntry kind="TextFile" scope="\\config\.php$" match="dbuser\s*=\s*'([^']*)'\s*;" />
+	</parameter>
+  
+	<parameter
+		name="SQL Database Password"
+		description="Password for your phpBB database. (Must be at least 8 characters, contain at least one lower case letter, one upper case letter and one digit)"
+		tags="New, Password,SQL,  DbUserPassword">
+
+		<parameterValidation
+			type = "RegularExpression"   
+			validationString = "^.*(?=.{8,})(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).*$" />
+
+		<parameterEntry
+			type="TextFile"
+			scope="install/mssql.sql"
+			match="PlaceHolderForPassword" />
+	</parameter>
+
+	<!-- Read database user password from config.php . Update 'dbpasswd' in config.php on publish -->
+	<parameter name="SQL Automatic Database Password" defaultValue="dbpasswd = '{SQL Database Password}';" tags="Hidden,SQL">
+		<parameterEntry kind="TextFile" scope="\\config\.php$" match="dbpasswd\s*=\s*'([^']*)'\s*;" />
+	</parameter>
+
+	<!-- SQL Connection string -->
+	<parameter
+		name="SQL ConnectionString"
+		description="Automatically sets the connection string for the connection request."
+		defaultValue="Server={SQL Database Server}\{SQL DatabaseServer Instance};Database={SQL DatabaseName};uid={SQL DatabaseAdministrator};Pwd={SQL DatabaseAdministratorPassword};"
+		tags="Hidden,SQLConnectionString,Validate">
+
+		<parameterEntry
+			type="ProviderPath"
+			scope="dbfullsql"
+			match="install/mssql.sql" />
+	</parameter>
+
+	<parameter
+		name="SQL Database type"
+		description="SQL database type"
+		defaultValue="mssql"
+		tags="SQL,Hidden">
+	</parameter>
+
+	<!-- MYSQL parameters -->
+	<parameter
+		name="MySQL Database Server"
+		description="Enter the hostname"
+		defaultValue="localhost"
+		tags="MySQL, dbServer">
+
+		<parameterEntry
+			type="TextFile"
+			scope="install/mysql.sql"
+			match="PlaceHolderForServer" />
+	</parameter>
+
+	<!-- Read database server from config.php . Update 'dbhost' in config.php on publish -->
+	<parameter name="Automatic MySQL DatabaseServer" defaultValue="dbhost = '{MySQL Database Server}';" tags="Hidden,MySQL">
+		<parameterEntry kind="TextFile" scope="\\config\.php$" match="dbhost\s*=\s*'([^']*)'\s*;" />
+	</parameter>
+  
+	<parameter
+		name="MySQL Database Name"
+		description="Database Name for your application."
+		defaultValue="phpbb"
+		tags="MySQL, dbName">
+
+		<parameterEntry
+			type="TextFile"
+			scope="install/mysql.sql"
+			match="PlaceHolderForDb"  />
+	</parameter>
+	<!-- Read database name from config.php . Update 'dbname' in config.php on publish -->
+	<parameter name="Automatic MySQL Database Name" defaultValue="dbname = '{MySQL Database Name}';" tags="Hidden,MySQL">
+		<parameterEntry kind="TextFile" scope="\\config\.php$" match="dbname\s*=\s*'([^']*)'\s*;" />
+	</parameter>
+
+	<parameter
+		name="MySQL Database Username"
+		description="Username to access your phpBB database."
+		defaultValue="phpbb"
+		tags="MySQL, DbUsername">
+
+		<parameterEntry
+			type="TextFile"
+			scope="install/mysql.sql"
+			match="PlaceHolderForUser" />
+	</parameter>
+	<!-- Read database user from config.php . Update 'dbuser' in config.php on publish -->
+	<parameter name="Automatic MySQL Database User" defaultValue="dbuser = '{MySQL Database Username}';" tags="Hidden,MySQL">
+		<parameterEntry kind="TextFile" scope="\\config\.php$" match="dbuser\s*=\s*'([^']*)'\s*;" />
+	</parameter>
+
+	<parameter
+		name="MySQL Database Password"
+		description="Password for your phpBB database. (Minimum 4 characters)"
+		tags="New, Password,MySQL,DbUserPassword">
+
+		<parameterValidation
+			type = "RegularExpression"
+			validationString = "^.{4,}$" />
+
+		<parameterEntry
+			type="TextFile"
+			scope="install/mysql.sql"
+			match="PlaceHolderForPassword" />
+		</parameter>
+		<!-- Read database password from config.php . Update 'dbpasswd' in config.php on publish -->
+		<parameter name="MySQL Automatic Database Password" defaultValue="dbpasswd = '{MySQL Database Password}';" tags="Hidden,MySQL">
+			<parameterEntry kind="TextFile" scope="\\config\.php$" match="dbpasswd\s*=\s*'([^']*)'\s*;" />
+		</parameter>
+
+	<!-- MySQL admin credentials -->
+	<parameter
+		name="MySQL Database Administrator"
+		description="Database administrator username."
+		defaultValue="root"
+		tags="MySQL, DbAdminUsername" >
+	</parameter>
+	<parameter
+		name="MySQL Database Administrator Password"
+		description="Database administrator password."
+		tags="Password,MySQL,DbAdminPassword" >
+	</parameter>
+
+	<!-- MySQL Connectionstring -->
+	<parameter
+		name="MySQLConnectionString"
+		description="Automatically sets the connection string for the connection request."
+		defaultValue="Server={MySQL Database Server};Database={MySQL Database Name};uid={MySQL Database Administrator};Pwd={MySQL Database Administrator Password};"
+		tags="Hidden,MySQLConnectionString,Validate">
+
+		<parameterEntry
+			type="ProviderPath"
+			scope="dbmysql"
+			match="install/mysql.sql" />
+	</parameter>
+</parameters>

git-tools/hooks/commit-msg

@@ -0,0 +1,258 @@
+#!/bin/sh
+#
+# A hook to check syntax of a phpBB3 commit message, per:
+# * <http://wiki.phpbb.com/display/DEV/Git>
+# * <http://area51.phpbb.com/phpBB/viewtopic.php?p=209919#p209919>
+#
+# This is a commit-msg hook.
+#
+# To install this you can either copy or symlink it to
+# $GIT_DIR/hooks, example:
+#
+# ln -s ../../git-tools/hooks/commit-msg \\
+#   .git/hooks/commit-msg
+
+config_ns="phpbb.hooks.commit-msg";
+
+if [ "$(git config --bool $config_ns.fatal)" = "false" ]
+then
+	fatal=0;
+else
+	fatal=1;
+fi
+
+debug_level=$(git config --int $config_ns.debug || echo 0);
+
+# Error codes
+ERR_LENGTH=1;
+ERR_HEADER=2;
+ERR_EMPTY=3;
+ERR_DESCRIPTION=4;
+ERR_FOOTER=5;
+ERR_EOF=6;
+ERR_UNKNOWN=42;
+
+debug()
+{
+	local level;
+
+	level=$1;
+	shift;
+
+	if [ $debug_level -ge $level ]
+	then
+		echo $@;
+	fi
+}
+
+quit()
+{
+	if [ $1 -gt 0 ] && [ $1 -ne $ERR_UNKNOWN ] && [ $fatal -eq 0 ]
+	then
+		exit 0;
+	else
+		exit $1;
+	fi
+}
+
+msg=$(grep -nE '.{81,}' "$1");
+
+if [ $? -eq 0 ]
+then
+	echo "The following lines are greater than 80 characters long:\n" >&2;
+	echo $msg >&2;
+
+	quit $ERR_LENGTH;
+fi
+
+lines=$(wc -l "$1" | awk '{ print $1; }');
+expecting=header;
+in_description=0;
+in_empty=0;
+ticket=0;
+branch_regex="[a-z]+[a-z0-9-]*[a-z0-9]+";
+i=1;
+tickets="";
+
+while [ $i -le $lines ]
+do
+	# Grab the line we are studying
+	line=$(head -n$i "$1" | tail -n1);
+
+	debug 1 "==> [$i] $line (description: $in_description, empty: $in_empty)";
+
+	err=$ERR_UNKNOWN;
+
+	if [ -z "$expecting" ]
+	then
+		quit $err;
+	fi
+
+	if [ "${expecting#comment}" = "$expecting" ]
+	then
+		# Prefix comments to the expected tokens list
+		expecting="comment $expecting";
+	fi
+
+	debug 2 "Expecting: $expecting";
+
+	# Loop over each of the expected line formats
+	for expect in $expecting
+	do
+		# Reset the error code each iteration
+		err=$ERR_UNKNOWN;
+
+		# Test for validity of each line format
+		# This is done first so $? contains the result
+		case $expect in
+			"header")
+				err=$ERR_HEADER;
+				echo "$line" | grep -Eq "^\[(ticket/[0-9]+|feature/$branch_regex|task/$branch_regex)\] [A-Z].+$"
+			;;
+			"empty")
+				err=$ERR_EMPTY;
+				echo "$line" | grep -Eq "^$"
+			;;
+			"description")
+				err=$ERR_DESCRIPTION;
+				# Free flow text, the line length was constrained by the initial check
+				echo "$line" | grep -Eq "^.+$";
+			;;
+			"footer")
+				err=$ERR_FOOTER;
+				# Each ticket is on its own line
+				echo "$line" | grep -Eq "^PHPBB3-[0-9]+$";
+			;;
+			"eof")
+				err=$ERR_EOF;
+				# Should not end up here
+				false
+			;;
+			"comment")
+				echo "$line" | grep -Eq "^#";
+			;;
+			*)
+				echo "Unrecognised token $expect" >&2;
+				quit $err;
+			;;
+		esac
+
+		# Preserve the result of the line check
+		result=$?;
+
+		debug 2 "$expect - '$line' - $result";
+
+		if [ $result -eq 0 ]
+		then
+			# Break out the loop on success
+			# otherwise roll on round and keep looking for a match
+			break;
+		fi
+	done
+
+	if [ $result -eq 0 ]
+	then
+		# Have we switched out of description mode?
+		if [ $in_description -eq 1 ] && [ "$expect" != "description" ] && [ "$expect" != "empty" ] && [ "$expect" != "comment" ]
+		then
+			# Yes, okay we need to backtrace one line and reanalyse
+			in_description=0;
+			i=$(( $i - $in_empty ));
+
+			# Reset the empty counter
+			in_empty=0;
+			continue;
+		fi
+
+		# Successful match, but on which line format
+		case $expect in
+			"header")
+				expecting="empty";
+
+				echo "$line" | grep -Eq "^\[ticket/[0-9]+\]$" && (
+					ticket=$(echo "$line" | sed 's,\[ticket/\([0-9]*\)\].*,\1,');
+				)
+			;;
+			"empty")
+				# Description might have empty lines as spacing
+				expecting="footer description";
+				in_empty=$(($in_empty + 1));
+
+				if [ $in_description -eq 1 ]
+				then
+					expecting="$expecting empty";
+				fi
+			;;
+			"description")
+				expecting="description empty";
+				in_description=1;
+			;;
+			"footer")
+				expecting="footer eof";
+				if [ "$tickets" = "" ]
+				then
+					tickets="$line";
+				else
+					tickets="$tickets $line";
+				fi
+			;;
+			"comment")
+				# Comments should expect the same thing again
+			;;
+			*)
+				echo "Unrecognised token $expect" >&2;
+				quit 254;
+			;;
+		esac
+
+		if [ "$expect" != "empty" ]
+		then
+			in_empty=0;
+		fi
+
+		debug 3 "Now expecting: $expecting";
+	else
+		# None of the expected line formats matched
+		# Guess we'll call it a day here then
+		echo "Syntax error on line $i:" >&2;
+		echo ">> $line" >&2;
+		echo -n "Expecting: " >&2;
+		echo "$expecting" | sed 's/ /, /g' >&2;
+		exit $err;
+	fi
+
+	i=$(( $i + 1 ));
+done
+
+# If EOF is expected exit cleanly
+echo "$expecting" | grep -q "eof" || (
+	# Unexpected EOF, error
+	echo "Unexpected EOF encountered" >&2;
+	quit $ERR_EOF;
+) && (
+	# Do post scan checks
+	if [ ! -z "$tickets" ]
+	then
+		# Check for duplicate tickets
+		dupes=$(echo "$tickets" | sed 's/ /\n/g' | sort | uniq -d);
+
+		if [ ! -z "$dupes" ]
+		then
+			echo "The following tickets are repeated:" >&2;
+			echo "$dupes" | sed 's/ /\n/g;s/^/* /g' >&2;
+			quit $ERR_FOOTER;
+		fi
+	fi
+	# Check the branch ticket is mentioned, doesn't make sense otherwise
+	if [ $ticket -gt 0 ]
+	then
+		echo "$tickets" | grep -Eq "\bPHPBB3-$ticket\b" || (
+			echo "Ticket ID [$ticket] of branch missing from list of tickets:" >&2;
+			echo "$tickets" | sed 's/ /\n/g;s/^/* /g' >&2;
+			quit $ERR_FOOTER;
+		) || exit $?;
+	fi
+	# Got here okay exit to reality
+	exit 0;
+);
+exit $?;

git-tools/hooks/install

@@ -0,0 +1,17 @@
+#!/bin/sh
+#
+# Script to install the git hooks
+# by symlinking them into the .git/hooks directory
+#
+# Usage (from within git-tools/hooks):
+# ./install
+
+dir=$(dirname $0)
+
+for file in $(ls $dir)
+do
+	if [ $file != "install" ] && [ $file != "uninstall" ]
+	then
+		ln -s "../../git-tools/hooks/$file" "$dir/../../.git/hooks/$file"
+	fi
+done

git-tools/hooks/pre-commit

@@ -0,0 +1,82 @@
+#!/bin/sh
+#
+# A hook to disallow php syntax errors to be committed
+# by running php -l (lint) on them. It requires php-cli
+# to be installed.
+#
+# This is a pre-commit hook.
+#
+# To install this you can either copy or symlink it to
+# $GIT_DIR/hooks, example:
+#
+# ln -s ../../git-tools/hooks/pre-commit \\
+#   .git/hooks/pre-commit
+
+# NOTE: this is run through /usr/bin/env
+PHP_BIN=php
+
+# necessary check for initial commit
+if git rev-parse --verify HEAD >/dev/null 2>&1
+then
+	against=HEAD
+else
+	# Initial commit: diff against an empty tree object
+	against=4b825dc642cb6eb9a060e54bf8d69288fbee4904
+fi
+
+error=0
+errors=""
+
+if ! which $PHP_BIN >/dev/null 2>&1
+then
+	echo "PHP Syntax check failed:"
+	echo "PHP binary does not exist or is not in path: $PHP_BIN"
+	exit 1
+fi
+
+# dash does not support $'\n':
+# http://forum.soft32.com/linux2/Bug-409179-DASH-Settings-IFS-work-properly-ftopict70039.html
+IFS='
+'
+# get a list of staged files
+for line in $(git diff-index --cached --full-index $against)
+do
+	# split needed values
+	sha=$(echo $line | cut -d' ' -f4)
+	temp=$(echo $line | cut -d' ' -f5)
+	status=$(echo $temp | cut -d'	' -f1)
+	filename=$(echo $temp | cut -d'	' -f2)
+
+	# file extension
+	ext=$(echo $filename | sed 's/^.*\.//')
+
+	# only check files with php extension
+	if [ $ext != "php" ]
+	then
+		continue
+	fi
+
+	# do not check deleted files
+	if [ $status = "D" ]
+	then
+		continue
+	fi
+
+	# check the staged file content for syntax errors
+	# using php -l (lint)
+	result=$(git cat-file -p $sha | /usr/bin/env $PHP_BIN -l 2>/dev/null)
+	if [ $? -ne 0 ]
+	then
+		error=1
+		# Swap back in correct filenames
+		errors=$(echo "$errors"; echo "$result" |sed -e "s@in - on@in $filename on@g")
+	fi
+done
+unset IFS
+
+if [ $error -eq 1 ]
+then
+	echo -e "PHP Syntax check failed:";
+	echo -e "$errors" | grep "^Parse error:"
+	exit 1
+fi

git-tools/hooks/prepare-commit-msg

@@ -0,0 +1,42 @@
+#!/bin/sh
+#
+# A hook to add [$branch] to the beginning of a commit message
+# if certain conditions are met.
+#
+# This is a prepare-commit-msg hook.
+#
+# To install this you can either copy or symlink it to
+# $GIT_DIR/hooks, example:
+#
+# ln -s ../../git-tools/hooks/prepare-commit-msg \\
+#   .git/hooks/prepare-commit-msg
+
+# get branch name
+branch="$(git symbolic-ref HEAD)"
+
+# exit if no branch name is present
+# (eg. detached HEAD)
+if [ $? -ne 0 ]
+then
+	exit
+fi
+
+# strip off refs/heads/
+branch="$(echo "$branch" | sed "s/refs\/heads\///g")"
+
+# add [branchname] to commit message
+# * only run when normal commit is made (without -m or -F;
+#   not a merge, etc.)
+# * also make sure the branch name begins with bug/ or feature/
+if [ "$2" = "" ]
+then
+	tail="";
+
+	# Branch is prefixed with 'ticket/', append ticket ID to message
+	if [ "$branch" != "${branch##ticket/}" ];
+	then
+		tail="\n\nPHPBB3-${branch##ticket/}";
+	fi
+
+	echo "[$branch]$tail $(cat "$1")" > "$1"
+fi

git-tools/hooks/uninstall

@@ -0,0 +1,16 @@
+#!/bin/sh
+#
+# Script to uninstall the git hooks
+#
+# Usage (from within git-tools/hooks):
+# ./uninstall
+
+dir=$(dirname $0)
+
+for file in $(ls $dir)
+do
+	if [ $file != "install" ] && [ $file != "uninstall" ]
+	then
+		rm -f "$dir/../../.git/hooks/$file"
+	fi
+done

phpBB/adm/index.php

@@ -432,6 +432,20 @@ function validate_config_vars($config_vars, &$cfg_array, &$error)
 				{
 					$error[] = sprintf($user->lang['SETTING_TOO_BIG'], $user->lang[$config_definition['lang']], $validator[$max]);
 				}
+
+				if (strpos($config_name, '_max') !== false)
+				{
+					// Min/max pairs of settings should ensure that min <= max
+					// Replace _max with _min to find the name of the minimum
+					// corresponding configuration variable
+					$min_name = str_replace('_max', '_min', $config_name);
+
+					if (isset($cfg_array[$min_name]) && is_numeric($cfg_array[$min_name]) && $cfg_array[$config_name] < $cfg_array[$min_name])
+					{
+						// A minimum value exists and the maximum value is less than it
+						$error[] = sprintf($user->lang['SETTING_TOO_LOW'], $user->lang[$config_definition['lang']], (int) $cfg_array[$min_name]);
+					}
+				}
 			break;
 
 			// Absolute path
@@ -533,7 +547,7 @@ function validate_config_vars($config_vars, &$cfg_array, &$error)
 				// Check if the path is writable
 				if ($config_definition['validate'] == 'wpath' || $config_definition['validate'] == 'rwpath')
 				{
-					if (file_exists($phpbb_root_path . $cfg_array[$config_name]) && !@is_writable($phpbb_root_path . $cfg_array[$config_name]))
+					if (file_exists($phpbb_root_path . $cfg_array[$config_name]) && !phpbb_is_writable($phpbb_root_path . $cfg_array[$config_name]))
 					{
 						$error[] = sprintf($user->lang['DIRECTORY_NOT_WRITABLE'], $cfg_array[$config_name]);
 					}

phpBB/adm/style/acp_ban.html

@@ -31,9 +31,9 @@
 
 	function display_details(option)
 	{
-		document.getElementById('acp_unban').unbangivereason.value = ban_give_reason[option];
+		document.getElementById('acp_unban').unbangivereason.innerHTML = ban_give_reason[option];
-		document.getElementById('acp_unban').unbanreason.value = ban_reason[option];
+		document.getElementById('acp_unban').unbanreason.innerHTML = ban_reason[option];
-		document.getElementById('acp_unban').unbanlength.value = ban_length[option];
+		document.getElementById('acp_unban').unbanlength.innerHTML = ban_length[option];
 	}
 
 // ]]>

phpBB/adm/style/acp_forums.html

@@ -189,8 +189,8 @@
 			<legend>{L_GENERAL_FORUM_SETTINGS}</legend>
 		<dl>
 			<dt><label for="display_active">{L_DISPLAY_ACTIVE_TOPICS}:</label><br /><span>{L_DISPLAY_ACTIVE_TOPICS_EXPLAIN}</span></dt>
-			<dd><label><input type="radio" class="radio" name="display_active" value="1"<!-- IF S_DISPLAY_ACTIVE_TOPICS --> id="display_active" checked="checked"<!-- ENDIF --> /> {L_YES}</label>
+			<dd><label><input type="radio" class="radio" name="display_active" value="1"<!-- IF S_ENABLE_ACTIVE_TOPICS --> id="display_active" checked="checked"<!-- ENDIF --> /> {L_YES}</label>
-				<label><input type="radio" class="radio" name="display_active" value="0"<!-- IF not S_DISPLAY_ACTIVE_TOPICS --> id="display_active" checked="checked"<!-- ENDIF --> /> {L_NO}</label></dd>
+				<label><input type="radio" class="radio" name="display_active" value="0"<!-- IF not S_ENABLE_ACTIVE_TOPICS --> id="display_active" checked="checked"<!-- ENDIF --> /> {L_NO}</label></dd>
 		</dl>
 		</fieldset>
 	</div>

phpBB/adm/style/acp_update.html

@@ -18,6 +18,12 @@
 		</div>
 	<!-- ENDIF -->
 
+	<!-- IF NEXT_FEATURE_VERSION -->
+		<div class="errorbox">
+			<p>{UPGRADE_INSTRUCTIONS}</p>
+		</div>
+	<!-- ENDIF -->
+
 	<fieldset>
 		<legend></legend>
 	<dl>

phpBB/adm/style/acp_users_overview.html

@@ -140,7 +140,7 @@
 		<legend>{L_DELETE_USER}</legend>
 		<dl>
 			<dt><label for="delete_type">{L_DELETE_USER}:</label><br /><span>{L_DELETE_USER_EXPLAIN}</span></dt>
-			<dd><select id="delete_type" name="delete_type"><option value="retain">{L_RETAIN_POSTS}</option><option value="remove">{L_DELETE_POSTS}</option></select></dd>
+			<dd><select id="delete_type" name="delete_type"><option class="sep" value="">{L_SELECT_OPTION}</option><option value="retain">{L_RETAIN_POSTS}</option><option value="remove">{L_DELETE_POSTS}</option></select></dd>
 		</dl>
 		<p class="quick">
 			<input class="button1" type="submit" name="update" value="{L_SUBMIT}" />
@@ -148,6 +148,6 @@
 			{S_FORM_TOKEN}
 		</p>
 	</fieldset>
-	<!-- ENDIF -->
 	</form>
+	<!-- ENDIF -->
 <!-- ENDIF -->

phpBB/adm/style/acp_users_signature.html

@@ -56,7 +56,7 @@
 			<input type="button" class="button2" accesskey="c" name="addbbcode8" value="Code" style="width: 40px" onclick="bbstyle(8)" onmouseover="helpline('c')" onmouseout="helpline('tip')" />
 			<input type="button" class="button2" accesskey="l" name="addbbcode10" value="List" style="width: 40px" onclick="bbstyle(10)" onmouseover="helpline('l')" onmouseout="helpline('tip')" />
 			<input type="button" class="button2" accesskey="o" name="addbbcode12" value="List=" style="width: 40px" onclick="bbstyle(12)" onmouseover="helpline('o')" onmouseout="helpline('tip')" />
-			<input type="button" class="button2" accesskey="t" name="addlitsitem" value="[*]" style="width: 40px" onclick="bbstyle(-1)" onmouseover="helpline('e')" onmouseout="helpline('tip')" />
+			<input type="button" class="button2" accesskey="y" name="addlitsitem" value="[*]" style="width: 40px" onclick="bbstyle(-1)" onmouseover="helpline('e')" onmouseout="helpline('tip')" />
 			<!-- IF S_BBCODE_IMG -->
 				<input type="button" class="button2" accesskey="p" name="addbbcode14" value="Img" style="width: 40px" onclick="bbstyle(14)" onmouseover="helpline('p')" onmouseout="helpline('tip')" />
 			<!-- ENDIF -->
@@ -93,8 +93,8 @@
 				// ]]>
 				</script>
 			</dt>
-			<dd style="margin-left: 90px;"><textarea name="signature" rows="10" cols="60" style="width: 95%;" onselect="storeCaret(this);" onclick="storeCaret(this);" onkeyup="storeCaret(this);" onfocus="initInsertions();">{SIGNATURE}</textarea></dd>
+			<dd style="margin-{S_CONTENT_FLOW_BEGIN}: 90px;"><textarea name="signature" rows="10" cols="60" style="width: 95%;" onselect="storeCaret(this);" onclick="storeCaret(this);" onkeyup="storeCaret(this);" onfocus="initInsertions();">{SIGNATURE}</textarea></dd>
-			<dd style="margin-left: 90px; margin-top: 5px;">
+			<dd style="margin-{S_CONTENT_FLOW_BEGIN}: 90px; margin-top: 5px;">
 			<!-- IF S_BBCODE_ALLOWED -->
 				<label><input type="checkbox" class="radio" name="disable_bbcode"{S_BBCODE_CHECKED} /> {L_DISABLE_BBCODE}</label>
 			<!-- ENDIF -->
@@ -105,7 +105,7 @@
 				<label><input type="checkbox" class="radio" name="disable_magic_url"{S_MAGIC_URL_CHECKED} /> {L_DISABLE_MAGIC_URL}</label>
 			<!-- ENDIF -->
 			</dd>
-			<dd style="margin-left: 90px; margin-top: 10px;"><strong>{L_OPTIONS}: </strong>{BBCODE_STATUS} :: {IMG_STATUS} :: {FLASH_STATUS} :: {URL_STATUS} :: {SMILIES_STATUS}</dd>
+			<dd style="margin-{S_CONTENT_FLOW_BEGIN}: 90px; margin-top: 10px;"><strong>{L_OPTIONS}: </strong>{BBCODE_STATUS} :: {IMG_STATUS} :: {FLASH_STATUS} :: {URL_STATUS} :: {SMILIES_STATUS}</dd>
 		</dl>
 	</fieldset>
 

phpBB/adm/style/admin.css

@@ -670,14 +670,10 @@ legend {
 	position: relative;
 	text-transform: none;
 	line-height: 1.2em;
-	top: 0;
+	top: -.2em;
 	vertical-align: middle;
 }
 
-/* Hide from macIE \*/
-legend { top: -1.2em; }
-/* end */
-
 * html legend {
 	margin: 0 0 -10px -7px;
 	line-height: 1em;

phpBB/adm/style/captcha_recaptcha.html

@@ -4,7 +4,8 @@
 		<script type="text/javascript">
 		// <![CDATA[
 		var RecaptchaOptions = {
-			lang : '{LA_RECAPTCHA_LANG}'
+			lang : '{LA_RECAPTCHA_LANG}',
+			theme : 'clean',
 		};
 		// ]]>
 		</script>

phpBB/adm/style/editor.js

@@ -46,7 +46,11 @@ function initInsertions()
 	{
 		textarea.focus();
 		baseHeight = doc.selection.createRange().duplicate().boundingHeight;
-		// document.body.focus();
+
+		if (!document.forms[form_name])
+		{
+			document.body.focus();
+		}
 	}
 }
 
@@ -152,7 +156,7 @@ function insert_text(text, spaces, popup)
 		var sel_start = textarea.selectionStart;
 		var sel_end = textarea.selectionEnd;
 
-		mozWrap(textarea, text, '')
+		mozWrap(textarea, text, '');
 		textarea.selectionStart = sel_start + text.length;
 		textarea.selectionEnd = sel_end + text.length;
 	}	
@@ -230,6 +234,7 @@ function addquote(post_id, username)
 			theSelection = theSelection.replace(/&lt\;/ig, '<');
 			theSelection = theSelection.replace(/&gt\;/ig, '>');
 			theSelection = theSelection.replace(/&amp\;/ig, '&');			
+			theSelection = theSelection.replace(/&nbsp\;/ig, ' ');
 		}
 		else if (document.all)
 		{
@@ -269,12 +274,12 @@ function mozWrap(txtarea, open, close)
 	}
 
 	var s1 = (txtarea.value).substring(0,selStart);
-	var s2 = (txtarea.value).substring(selStart, selEnd)
+	var s2 = (txtarea.value).substring(selStart, selEnd);
 	var s3 = (txtarea.value).substring(selEnd, selLength);
 
 	txtarea.value = s1 + open + s2 + close + s3;
-	txtarea.selectionStart = selEnd + open.length + close.length;
+	txtarea.selectionStart = selStart + open.length;
-	txtarea.selectionEnd = txtarea.selectionStart;
+	txtarea.selectionEnd = selEnd + open.length;
 	txtarea.focus();
 	txtarea.scrollTop = scrollTop;
 
@@ -327,8 +332,8 @@ function colorPalette(dir, width, height)
 			for (b = 0; b < 5; b++)
 			{
 				color = String(numberList[r]) + String(numberList[g]) + String(numberList[b]);
-				document.write('<td bgcolor="#' + color + '">');
+				document.write('<td bgcolor="#' + color + '" style="width: ' + width + 'px; height: ' + height + 'px;">');
-				document.write('<a href="#" onclick="bbfontstyle(\'[color=#' + color + ']\', \'[/color]\'); return false;" onmouseover="helpline(\'s\');"  onmouseout="helpline(\'tip\');"><img src="images/spacer.gif" width="' + width + '" height="' + height + '" alt="#' + color + '" title="#' + color + '" /></a>');
+				document.write('<a href="#" onclick="bbfontstyle(\'[color=#' + color + ']\', \'[/color]\'); return false;"><img src="images/spacer.gif" width="' + width + '" height="' + height + '" alt="#' + color + '" title="#' + color + '" /></a>');
 				document.writeln('</td>');
 			}
 

phpBB/adm/style/install_update.html

@@ -200,7 +200,7 @@
 				<legend><img src="{T_IMAGE_PATH}file_up_to_date.gif" alt="{L_STATUS_UP_TO_DATE}" /></legend>
 			<!-- BEGIN up_to_date -->
 				<dl>
-					<dd class="full" style="text-align: left;"><strong>{up_to_date.FILENAME}</strong></dd>
+					<dd class="full" style="text-align: {S_CONTENT_FLOW_BEGIN};"><strong>{up_to_date.FILENAME}</strong></dd>
 				</dl>
 			<!-- END up_to_date -->
 			</fieldset>
@@ -218,11 +218,11 @@
 					<dt style="width: 60%;"><strong><!-- IF new.DIR_PART -->{new.DIR_PART}<br /><!-- ENDIF -->{new.FILE_PART}</strong>
 					<!-- IF new.S_CUSTOM --><br /><span><em>{L_FILE_USED}: </em>{new.CUSTOM_ORIGINAL}</span><!-- ENDIF -->
 				</dt>
-				<dd style="margin-left: 60%;">
+				<dd style="margin-{S_CONTENT_FLOW_BEGIN}: 60%;">
 					<!-- IF not new.S_BINARY -->[<a href="{new.U_SHOW_DIFF}" onclick="diff_popup(this.href); return false;">{new.L_SHOW_DIFF}</a>]<!-- ELSE -->{L_BINARY_FILE}<!-- ENDIF -->
 				</dd>
 				<!-- IF new.S_CUSTOM -->
-					<dd style="margin-left: 60%;"><label><input type="checkbox" name="no_update[]" value="{new.FILENAME}" class="radio" /> {L_DO_NOT_UPDATE}</label></dd>
+					<dd style="margin-{S_CONTENT_FLOW_BEGIN}: 60%;"><label><input type="checkbox" name="no_update[]" value="{new.FILENAME}" class="radio" /> {L_DO_NOT_UPDATE}</label></dd>
 				<!-- ENDIF -->
 				</dl>
 			<!-- END new -->
@@ -242,9 +242,9 @@
 					<dt style="width: 60%;"><strong><!-- IF not_modified.DIR_PART -->{not_modified.DIR_PART}<br /><!-- ENDIF -->{not_modified.FILE_PART}</strong>
 						<!-- IF not_modified.S_CUSTOM --><br /><span><em>{L_FILE_USED}: </em>{not_modified.CUSTOM_ORIGINAL}</span><!-- ENDIF -->
 					</dt>
-					<dd style="margin-left: 60%;"><!-- IF not not_modified.S_BINARY -->[<a href="{not_modified.U_SHOW_DIFF}" onclick="diff_popup(this.href); return false;">{not_modified.L_SHOW_DIFF}</a>]<!-- ELSE -->{L_BINARY_FILE}<!-- ENDIF --></dd>
+					<dd style="margin-{S_CONTENT_FLOW_BEGIN}: 60%;"><!-- IF not not_modified.S_BINARY -->[<a href="{not_modified.U_SHOW_DIFF}" onclick="diff_popup(this.href); return false;">{not_modified.L_SHOW_DIFF}</a>]<!-- ELSE -->{L_BINARY_FILE}<!-- ENDIF --></dd>
 					<!-- IF not_modified.S_CUSTOM -->
-						<dd style="margin-left: 60%;"><label><input type="checkbox" name="no_update[]" value="{not_modified.FILENAME}" class="radio" /> {L_DO_NOT_UPDATE}</label></dd>
+						<dd style="margin-{S_CONTENT_FLOW_BEGIN}: 60%;"><label><input type="checkbox" name="no_update[]" value="{not_modified.FILENAME}" class="radio" /> {L_DO_NOT_UPDATE}</label></dd>
 					<!-- ENDIF -->
 				</dl>
 			<!-- END not_modified -->
@@ -263,22 +263,22 @@
 					<dt style="width: 60%;"><strong><!-- IF modified.DIR_PART -->{modified.DIR_PART}<br /><!-- ENDIF -->{modified.FILE_PART}</strong>
 					<!-- IF modified.S_CUSTOM --><br /><span><em>{L_FILE_USED}: </em>{modified.CUSTOM_ORIGINAL}</span><!-- ENDIF -->
 				</dt>
-				<dd style="margin-left: 60%;">&nbsp;</dd>
+				<dd style="margin-{S_CONTENT_FLOW_BEGIN}: 60%;">&nbsp;</dd>
 				<!-- IF modified.S_CUSTOM -->
-					<dd style="margin-left: 60%;"><label><input type="checkbox" name="no_update[]" value="{modified.FILENAME}" class="radio" /> {L_DO_NOT_UPDATE}</label></dd>
+					<dd style="margin-{S_CONTENT_FLOW_BEGIN}: 60%;"><label><input type="checkbox" name="no_update[]" value="{modified.FILENAME}" class="radio" /> {L_DO_NOT_UPDATE}</label></dd>
 				<!-- ENDIF -->
 				</dl>
 				<dl>
 					<dt style="width: 60%"><label><input type="radio" class="radio" name="modified[{modified.FILENAME}]" value="0" checked="checked" /> {L_MERGE_MODIFICATIONS_OPTION}</label></dt>
-					<dd style="margin-left: 60%;"><!-- IF not modified.S_BINARY -->[<a href="{modified.U_SHOW_DIFF}" onclick="diff_popup(this.href); return false;">{modified.L_SHOW_DIFF}</a>]<!-- ELSE -->{L_BINARY_FILE}<!-- ENDIF --></dd>
+					<dd style="margin-{S_CONTENT_FLOW_BEGIN}: 60%;"><!-- IF not modified.S_BINARY -->[<a href="{modified.U_SHOW_DIFF}" onclick="diff_popup(this.href); return false;">{modified.L_SHOW_DIFF}</a>]<!-- ELSE -->{L_BINARY_FILE}<!-- ENDIF --></dd>
 				</dl>
 				<dl>
 					<dt style="width: 60%"><label><input type="radio" class="radio" name="modified[{modified.FILENAME}]" value="1" /> {L_MERGE_NO_MERGE_NEW_OPTION}</label></dt>
-					<dd style="margin-left: 60%;"><!-- IF not modified.S_BINARY -->[<a href="{modified.U_VIEW_NO_MERGE_NEW}" onclick="diff_popup(this.href); return false;">{L_SHOW_DIFF_FINAL}</a>]<!-- ELSE -->&nbsp;<!-- ENDIF --></dd>
+					<dd style="margin-{S_CONTENT_FLOW_BEGIN}: 60%;"><!-- IF not modified.S_BINARY -->[<a href="{modified.U_VIEW_NO_MERGE_NEW}" onclick="diff_popup(this.href); return false;">{L_SHOW_DIFF_FINAL}</a>]<!-- ELSE -->&nbsp;<!-- ENDIF --></dd>
 				</dl>
 				<dl>
 					<dt style="width: 60%"><label><input type="radio" class="radio" name="modified[{modified.FILENAME}]" value="2" /> {L_MERGE_NO_MERGE_MOD_OPTION}</label></dt>
-					<dd style="margin-left: 60%;"><!-- IF not modified.S_BINARY -->[<a href="{modified.U_VIEW_NO_MERGE_MOD}" onclick="diff_popup(this.href); return false;">{L_SHOW_DIFF_FINAL}</a>]<!-- ELSE -->&nbsp;<!-- ENDIF --></dd>
+					<dd style="margin-{S_CONTENT_FLOW_BEGIN}: 60%;"><!-- IF not modified.S_BINARY -->[<a href="{modified.U_VIEW_NO_MERGE_MOD}" onclick="diff_popup(this.href); return false;">{L_SHOW_DIFF_FINAL}</a>]<!-- ELSE -->&nbsp;<!-- ENDIF --></dd>
 				</dl>
 			</fieldset>
 			<!-- END modified -->
@@ -296,11 +296,11 @@
 					<dt style="width: 60%;"><strong><!-- IF new_conflict.DIR_PART -->{new_conflict.DIR_PART}<br /><!-- ENDIF -->{new_conflict.FILE_PART}</strong>
 					<!-- IF new_conflict.S_CUSTOM --><br /><span><em>{L_FILE_USED}: </em>{new_conflict.CUSTOM_ORIGINAL}</span><!-- ENDIF -->
 				</dt>
-				<dd style="margin-left: 60%;">
+				<dd style="margin-{S_CONTENT_FLOW_BEGIN}: 60%;">
 					<!-- IF not new_conflict.S_BINARY -->[<a href="{new_conflict.U_SHOW_DIFF}" onclick="diff_popup(this.href); return false;">{new_conflict.L_SHOW_DIFF}</a>]<!-- ELSE -->{L_BINARY_FILE}<!-- ENDIF -->
 				</dd>
 				<!-- IF new_conflict.S_CUSTOM -->
-					<dd style="margin-left: 60%;"><label><input type="checkbox" name="no_update[]" value="{new_conflict.FILENAME}" class="radio" /> {L_DO_NOT_UPDATE}</label></dd>
+					<dd style="margin-{S_CONTENT_FLOW_BEGIN}: 60%;"><label><input type="checkbox" name="no_update[]" value="{new_conflict.FILENAME}" class="radio" /> {L_DO_NOT_UPDATE}</label></dd>
 				<!-- ENDIF -->
 				</dl>
 			<!-- END new_conflict -->
@@ -320,35 +320,35 @@
 						<!-- IF conflict.S_CUSTOM --><br /><span><em>{L_FILE_USED}: </em>{conflict.CUSTOM_ORIGINAL}</span><!-- ENDIF -->
 						<!-- IF conflict.NUM_CONFLICTS --><br /><span>{L_NUM_CONFLICTS}: {conflict.NUM_CONFLICTS}</span><!-- ENDIF -->
 					</dt>
-					<dd style="margin-left: 60%;">
+					<dd style="margin-{S_CONTENT_FLOW_BEGIN}: 60%;">
 						<!-- IF not conflict.S_BINARY -->[<a href="{conflict.U_SHOW_DIFF}">{L_DOWNLOAD_CONFLICTS}</a>]<br />{L_DOWNLOAD_CONFLICTS_EXPLAIN}
 						<!-- ELSE -->{L_BINARY_FILE}<!-- ENDIF -->
 					</dd>
 					<!-- IF conflict.S_CUSTOM -->
-						<dd style="margin-left: 60%;"><label><input type="checkbox" name="no_update[]" value="{conflict.FILENAME}" class="radio" /> {L_DO_NOT_UPDATE}</label></dd>
+						<dd style="margin-{S_CONTENT_FLOW_BEGIN}: 60%;"><label><input type="checkbox" name="no_update[]" value="{conflict.FILENAME}" class="radio" /> {L_DO_NOT_UPDATE}</label></dd>
 					<!-- ENDIF -->
 				</dl>
 				<!-- IF conflict.S_BINARY -->
 					<dl>
 						<dt style="width: 60%"><label><input type="radio" class="radio" name="conflict[{conflict.FILENAME}]" value="1" checked="checked" /> {L_MERGE_NO_MERGE_NEW_OPTION}</label></dt>
-						<dd style="margin-left: 60%;">&nbsp;</dd>
+						<dd style="margin-{S_CONTENT_FLOW_BEGIN}: 60%;">&nbsp;</dd>
 					</dl>
 				<!-- ELSE -->
 					<dl>
 						<dt style="width: 60%"><label><input type="radio" class="radio" name="conflict[{conflict.FILENAME}]" value="3" checked="checked" /> {L_MERGE_NEW_FILE_OPTION}</label></dt>
-						<dd style="margin-left: 60%;">[<a href="{conflict.U_VIEW_NEW_FILE}" onclick="diff_popup(this.href); return false;">{L_SHOW_DIFF_MODIFIED}</a>]</dd>
+						<dd style="margin-{S_CONTENT_FLOW_BEGIN}: 60%;">[<a href="{conflict.U_VIEW_NEW_FILE}" onclick="diff_popup(this.href); return false;">{L_SHOW_DIFF_MODIFIED}</a>]</dd>
 					</dl>
 					<dl>
 						<dt style="width: 60%"><label><input type="radio" class="radio" name="conflict[{conflict.FILENAME}]" value="4" /> {L_MERGE_MOD_FILE_OPTION}</label></dt>
-						<dd style="margin-left: 60%;">[<a href="{conflict.U_VIEW_MOD_FILE}" onclick="diff_popup(this.href); return false;">{L_SHOW_DIFF_MODIFIED}</a>]</dd>
+						<dd style="margin-{S_CONTENT_FLOW_BEGIN}: 60%;">[<a href="{conflict.U_VIEW_MOD_FILE}" onclick="diff_popup(this.href); return false;">{L_SHOW_DIFF_MODIFIED}</a>]</dd>
 					</dl>
 					<dl>
 						<dt style="width: 60%"><label><input type="radio" class="radio" name="conflict[{conflict.FILENAME}]" value="1" /> {L_MERGE_NO_MERGE_NEW_OPTION}</label></dt>
-						<dd style="margin-left: 60%;">[<a href="{conflict.U_VIEW_NO_MERGE_NEW}" onclick="diff_popup(this.href); return false;">{L_SHOW_DIFF_FINAL}</a>]</dd>
+						<dd style="margin-{S_CONTENT_FLOW_BEGIN}: 60%;">[<a href="{conflict.U_VIEW_NO_MERGE_NEW}" onclick="diff_popup(this.href); return false;">{L_SHOW_DIFF_FINAL}</a>]</dd>
 					</dl>
 					<dl>
 						<dt style="width: 60%"><label><input type="radio" class="radio" name="conflict[{conflict.FILENAME}]" value="2" /> {L_MERGE_NO_MERGE_MOD_OPTION}</label></dt>
-						<dd style="margin-left: 60%;">[<a href="{conflict.U_VIEW_NO_MERGE_MOD}" onclick="diff_popup(this.href); return false;">{L_SHOW_DIFF_FINAL}</a>]</dd>
+						<dd style="margin-{S_CONTENT_FLOW_BEGIN}: 60%;">[<a href="{conflict.U_VIEW_NO_MERGE_MOD}" onclick="diff_popup(this.href); return false;">{L_SHOW_DIFF_FINAL}</a>]</dd>
 					</dl>
 				<!-- ENDIF -->
 			</fieldset>

phpBB/adm/style/permission_mask.html

@@ -40,7 +40,7 @@
 		<dl class="permissions-simple">
 			<dt style="width: 20%"><label for="role{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}">{L_ROLE}:</label></dt>
 			<!-- IF p_mask.f_mask.S_ROLE_OPTIONS -->
-				<dd style="margin-left: 20%"><select id="role{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}" name="role[{p_mask.f_mask.UG_ID}][{p_mask.f_mask.FORUM_ID}]" onchange="set_role_settings(this.options[selectedIndex].value, 'advanced{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}'); init_colours('{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}')">{p_mask.f_mask.S_ROLE_OPTIONS}</select></dd>
+				<dd style="margin-{S_CONTENT_FLOW_BEGIN}: 20%"><select id="role{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}" name="role[{p_mask.f_mask.UG_ID}][{p_mask.f_mask.FORUM_ID}]" onchange="set_role_settings(this.options[selectedIndex].value, 'advanced{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}'); init_colours('{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}')">{p_mask.f_mask.S_ROLE_OPTIONS}</select></dd>
 			<!-- ELSE -->
 				<dd>{L_NO_ROLE_AVAILABLE}</dd>
 			<!-- ENDIF -->
@@ -118,7 +118,7 @@
 			</div>
 			
 			<!-- IF not p_mask.S_VIEW -->
-			<fieldset class="quick" style="margin-right: 11px;">
+			<fieldset class="quick" style="margin-{S_CONTENT_FLOW_END}: 11px;">
 				<p class="small">{L_APPLY_PERMISSIONS_EXPLAIN}</p>
 				<input class="button1" type="submit" name="psubmit[{p_mask.f_mask.UG_ID}][{p_mask.f_mask.FORUM_ID}]" value="{L_APPLY_PERMISSIONS}" />
 				<!-- IF .p_mask.f_mask gt 1 or .p_mask gt 1 -->

phpBB/common.php

@@ -123,13 +123,11 @@ if (defined('IN_CRON'))
 	$phpbb_root_path = dirname(__FILE__) . DIRECTORY_SEPARATOR;
 }
 
-if (!file_exists($phpbb_root_path . 'config.' . $phpEx))
+if (file_exists($phpbb_root_path . 'config.' . $phpEx))
 {
-	die("<p>The config.$phpEx file could not be found.</p><p><a href=\"{$phpbb_root_path}install/index.$phpEx\">Click here to install phpBB</a></p>");
+	require($phpbb_root_path . 'config.' . $phpEx);
 }
 
-require($phpbb_root_path . 'config.' . $phpEx);
-
 if (!defined('PHPBB_INSTALLED'))
 {
 	// Redirect the user to the installer

phpBB/develop/check_flash_bbcodes.php

@@ -0,0 +1,163 @@
+<?php
+/**
+*
+* @package phpBB3
+* @version $Id$
+* @copyright (c) 2009, 2010 phpBB Group
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License
+*
+*/
+
+/**
+* This script will check your database for potentially dangerous flash BBCode tags
+*/
+
+//
+// Security message:
+//
+// This script is potentially dangerous.
+// Remove or comment the next line (die(".... ) to enable this script.
+// Do NOT FORGET to either remove this script or disable it after you have used it.
+//
+die("Please read the first lines of this script for instructions on how to enable it\n");
+
+/**
+*/
+define('IN_PHPBB', true);
+$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './';
+$phpEx = substr(strrchr(__FILE__, '.'), 1);
+include($phpbb_root_path . 'common.' . $phpEx);
+
+if (php_sapi_name() != 'cli')
+{
+	header('Content-Type: text/plain');
+}
+
+check_table_flash_bbcodes(POSTS_TABLE, 'post_id', 'post_text', 'bbcode_uid', 'bbcode_bitfield');
+check_table_flash_bbcodes(PRIVMSGS_TABLE, 'msg_id', 'message_text', 'bbcode_uid', 'bbcode_bitfield');
+check_table_flash_bbcodes(USERS_TABLE, 'user_id', 'user_sig', 'user_sig_bbcode_uid', 'user_sig_bbcode_bitfield');
+check_table_flash_bbcodes(FORUMS_TABLE, 'forum_id', 'forum_desc', 'forum_desc_uid', 'forum_desc_bitfield');
+check_table_flash_bbcodes(FORUMS_TABLE, 'forum_id', 'forum_rules', 'forum_rules_uid', 'forum_rules_bitfield');
+check_table_flash_bbcodes(GROUPS_TABLE, 'group_id', 'group_desc', 'group_desc_uid', 'group_desc_bitfield');
+
+echo "If potentially dangerous flash bbcodes were found, please reparse the posts using the Support Toolkit (http://www.phpbb.com/support/stk/) and/or file a ticket in the Incident Tracker (http://www.phpbb.com/incidents/).\n";
+
+function check_table_flash_bbcodes($table_name, $id_field, $content_field, $uid_field, $bitfield_field)
+{
+	echo "Checking $content_field on $table_name\n";
+
+	$ids = get_table_flash_bbcode_pkids($table_name, $id_field, $content_field, $uid_field, $bitfield_field);
+
+	$size = sizeof($ids);
+	if ($size)
+	{
+		echo "Found $size potentially dangerous flash bbcodes.\n";
+		echo "$id_field: " . implode(', ', $ids) . "\n";
+	}
+	else
+	{
+		echo "No potentially dangerous flash bbcodes found.\n";
+	}
+
+	echo "\n";
+}
+
+function get_table_flash_bbcode_pkids($table_name, $id_field, $content_field, $uid_field, $bitfield_field)
+{
+	global $db;
+
+	$ids = array();
+
+	$sql = "SELECT $id_field, $content_field, $uid_field, $bitfield_field
+		FROM $table_name
+		WHERE $content_field LIKE '%[/flash:%'
+			AND $bitfield_field <> ''";
+
+	$result = $db->sql_query($sql);
+	while ($row = $db->sql_fetchrow($result))
+	{
+		$uid = $row[$uid_field];
+
+		// thanks support toolkit
+		$content = html_entity_decode_utf8($row[$content_field]);
+		set_var($content, $content, 'string', true);
+		$content = utf8_normalize_nfc($content);
+
+		$bitfield_data = $row[$bitfield_field];
+
+		if (!is_valid_flash_bbcode($content, $uid) && has_flash_enabled($bitfield_data))
+		{
+			$ids[] = (int) $row[$id_field];
+		}
+	}
+	$db->sql_freeresult($result);
+
+	return $ids;
+}
+
+function get_flash_regex($uid)
+{
+	return "#\[flash=([0-9]+),([0-9]+):$uid\](.*?)\[/flash:$uid\]#";
+}
+
+// extract all valid flash bbcodes
+// check if the bbcode content is a valid URL for each match
+function is_valid_flash_bbcode($cleaned_content, $uid)
+{
+	$regex = get_flash_regex($uid);
+
+	$url_regex = get_preg_expression('url');
+	$www_url_regex = get_preg_expression('www_url');
+
+	if (preg_match_all($regex, $cleaned_content, $matches))
+	{
+		foreach ($matches[3] as $flash_url)
+		{
+			if (!preg_match("#^($url_regex|$www_url_regex)$#i", $flash_url))
+			{
+				return false;
+			}
+		}
+	}
+
+	return true;
+}
+
+// check if a bitfield includes flash
+// 11 = flash bit
+function has_flash_enabled($bitfield_data)
+{
+	$bitfield = new bitfield($bitfield_data);
+	return $bitfield->get(11);
+}
+
+// taken from support toolkit
+function html_entity_decode_utf8($string)
+{
+	static $trans_tbl;
+
+	// replace numeric entities
+	$string = preg_replace('~&#x([0-9a-f]+);~ei', 'code2utf8(hexdec("\\1"))', $string);
+	$string = preg_replace('~&#([0-9]+);~e', 'code2utf8(\\1)', $string);
+
+	// replace literal entities
+	if (!isset($trans_tbl))
+	{
+		$trans_tbl = array();
+
+		foreach (get_html_translation_table(HTML_ENTITIES) as $val=>$key)
+			$trans_tbl[$key] = utf8_encode($val);
+	}
+	return strtr($string, $trans_tbl);
+}
+
+// taken from support toolkit
+// Returns the utf string corresponding to the unicode value (from php.net, courtesy - romans@void.lv)
+function code2utf8($num)
+{
+	if ($num < 128) return chr($num);
+	if ($num < 2048) return chr(($num >> 6) + 192) . chr(($num & 63) + 128);
+	if ($num < 65536) return chr(($num >> 12) + 224) . chr((($num >> 6) & 63) + 128) . chr(($num & 63) + 128);
+	if ($num < 2097152) return chr(($num >> 18) + 240) . chr((($num >> 12) & 63) + 128) . chr((($num >> 6) & 63) + 128) . chr(($num & 63) + 128);
+	return '';
+}

phpBB/develop/create_schema_files.php

@@ -266,7 +266,8 @@ foreach ($supported_dbms as $dbms)
 
 		case 'mssql':
 			$line = "/*\n\n \$I" . "d: $\n\n*/\n\n";
-			$line .= "BEGIN TRANSACTION\nGO\n\n";
+			// no need to do this, no transaction support for schema changes
+			//$line .= "BEGIN TRANSACTION\nGO\n\n";
 		break;
 
 		case 'oracle':
@@ -749,7 +750,8 @@ foreach ($supported_dbms as $dbms)
 	switch ($dbms)
 	{
 		case 'mssql':
-			$line = "\nCOMMIT\nGO\n\n";
+			// No need to do this, no transaction support for schema changes
+			//$line = "\nCOMMIT\nGO\n\n";
 		break;
 
 		case 'sqlite':

phpBB/develop/regex.php

@@ -18,14 +18,15 @@ $ls32 = "(?:$h16:$h16|$ipv4)";
 
 $ipv6_construct = array(
 	array(false,	'',		'{6}',	$ls32),
-	array(false,	'::',	'{5}',	$ls32),
+	array(false,	'::',	'{0,5}', "(?:$h16(?::$h16)?|$ipv4)"),
 	array('',		':',	'{4}',	$ls32),
 	array('{1,2}',	':',	'{3}',	$ls32),
 	array('{1,3}',	':',	'{2}',	$ls32),
 	array('{1,4}',	':',	'',		$ls32),
 	array('{1,5}',	':',	false,	$ls32),
 	array('{1,6}',	':',	false,	$h16),
-	array('{1,7}',	':',	false,	'')
+	array('{1,7}',	':',	false,	''),
+	array(false, '::', false, '')
 );
 
 $ipv6 = '(?:';

phpBB/develop/set_permissions.sh

@@ -0,0 +1,9 @@
+#!/bin/sh
+# set permissions required for installation
+
+dir=$(dirname $0)
+
+for file in cache files store config.php images/avatars/upload
+do
+	chmod a+w $dir/../$file
+done

phpBB/docs/AUTHORS

@@ -26,17 +26,17 @@ phpBB Developers:      A_Jelly_Doughnut (Josh Woody)
                        Acyd Burn (Meik Sievertsen) [Lead 09/2005 - 01/2010]
                        APTX (Marek A. R.)
                        bantu (Andreas Fischer)
-                       DavidMJ (David M.)
                        dhn (Dominik Dröscher)
+                       igorw (Igor Wiedler)
                        kellanved (Henry Sudhof)
+                       nickvergessen (Joas Schilling)
+                       rxu (Ruslan Uzdenov)
                        Terrafrost (Jim Wigginton)
                        ToonArmy (Chris Smith)
 
 Contributions by:      Brainy (Cullen Walsh)
                        leviatan21 (Gabriel Vazquez)
-                       nickvergessen (Joas Schilling)
                        Raimon (Raimon Meuldijk)
-                       rxu (Ruslan Uzdenov)
                        Xore (Robert Hetzler)
 
 
@@ -49,6 +49,7 @@ phpBB Lead Developer:  psoTFX (Paul S. Owen) [2001 - 09/2005]
 
 phpBB Developers:      Ashe (Ludovic Arnaud)       [10/2002 - 11/2003, 06/2006 - 10/2006]
                        BartVB (Bart van Bragt)     [11/2000 - 03/2006]
+                       DavidMJ (David M.)          [12/2005 - 08/2009]
                        GrahamJE (Graham Eames)     [09/2005 - 11/2006]
                        Vic D'Elfant (Vic D'Elfant) [04/2007 - 04/2009]
 

phpBB/docs/CHANGELOG.html

@@ -53,6 +53,7 @@
 <ol>
 	<li><a href="#changelog">Changelog</a>
 	<ol style="list-style-type: lower-roman;">
+		<li><a href="#v307-PL1">Changes since 3.0.7-PL1</a></li>
 		<li><a href="#v307">Changes since 3.0.7</a></li>
 		<li><a href="#v306">Changes since 3.0.6</a></li>
 		<li><a href="#v305">Changes since 3.0.5</a></li>
@@ -88,13 +89,471 @@
 
 		<div class="content">
 
-	<a name="v307"></a><h3>1.i. Changes since 3.0.7</h3>
+	<a name="v307-PL1"></a><h3>1.i. Changes since 3.0.7-PL1</h3>
+<h4>        Security
+</h4>
+<ul>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9903'>PHPBB3-9903</a>] -         Execute javascript in [flash=] BBCode
+</li>
+</ul>
+
+<h4>        Bug
+</h4>
+<ul>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-4923'>PHPBB3-4923</a>] -         compress_tar incorrectly determines type
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-5164'>PHPBB3-5164</a>] -         Honor minimum and maximum password length in generated passwords as much as possible.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-6726'>PHPBB3-6726</a>] -         Connecting to PostgreSQL using &#39;localhost&#39; doesn&#39;t try to use a TCP connection
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-6747'>PHPBB3-6747</a>] -         word censoring * does not handle space for two or more words
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-7260'>PHPBB3-7260</a>] -         Do not delete polls if one exists and editing user lacks permissions
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-7296'>PHPBB3-7296</a>] -         Style export to tar(.*) does not work
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-7369'>PHPBB3-7369</a>] -         Custom Profile dates display incorrectly
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-7417'>PHPBB3-7417</a>] -         Search keywords field does not initially get focus
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-7538'>PHPBB3-7538</a>] -         Query exceeds maximum value for user_login_attempts
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-7716'>PHPBB3-7716</a>] -         Data too long for column &#39;message_subject&#39;
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-7720'>PHPBB3-7720</a>] -         Fix alternative image-description for unread posts.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-7782'>PHPBB3-7782</a>] -         Send HTTP 404 if topic, forum or user do not exist
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-7972'>PHPBB3-7972</a>] -         Copied topics are not indexed
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-8169'>PHPBB3-8169</a>] -         Parse CSS Regex accepts invalid code
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-8792'>PHPBB3-8792</a>] -         Misleading error message in auth_ldap.php, function init_ldap()
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-8894'>PHPBB3-8894</a>] -         JavaScript error and visible quote button on topic review if BBCodes disallowed
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-8924'>PHPBB3-8924</a>] -         spelling in admin_welcome_inactive.txt
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-8929'>PHPBB3-8929</a>] -         MS SQL error on view all smilies after 3.0.6 upgrade
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-8935'>PHPBB3-8935</a>] -         able to set minimal avatar size larger than maximum
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-8944'>PHPBB3-8944</a>] -         Error on database update (must specify size of index on MySQL4)
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9012'>PHPBB3-9012</a>] -         Retain original topic title in shadow topic when moving a topic and editing the title.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9034'>PHPBB3-9034</a>] -         Redirect() fails with directory traversal
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9047'>PHPBB3-9047</a>] -         Active topics and reported posts
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9049'>PHPBB3-9049</a>] -         Password reminder system generates confusable passwords
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9053'>PHPBB3-9053</a>] -         Correctly sort database backup file list by date on database restore page
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9061'>PHPBB3-9061</a>] -         Race condition in queue locking
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9068'>PHPBB3-9068</a>] -         Grammatical Error under Load Settings
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9075'>PHPBB3-9075</a>] -         Missing / bad default values of CPFs result in SQL errors on registration of new users
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9091'>PHPBB3-9091</a>] -         Wrong IP checking for IPv4 addresses mapped into IPv6
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9094'>PHPBB3-9094</a>] -         Hide &quot;Copy permissions&quot; message, when permissions were copied.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9095'>PHPBB3-9095</a>] -         Misleading setting text for CAPTCHA
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9099'>PHPBB3-9099</a>] -         Missing comma in PASSWORD_EXPLAIN acp language strings
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9101'>PHPBB3-9101</a>] -         Bad text placement for reCAPTCHA description
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9104'>PHPBB3-9104</a>] -         Safari does not display box headers correctly in the ACP.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9107'>PHPBB3-9107</a>] -         Can&#39;t Set Parent Forum
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9108'>PHPBB3-9108</a>] -         RSS feeds does not work on Postgres
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9112'>PHPBB3-9112</a>] -         Most active forum post count does not respect m_approve permission
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9114'>PHPBB3-9114</a>] -         Recent bug fix for smilies causing problems on older MySQL versions
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9117'>PHPBB3-9117</a>] -         Wrong redirection after login
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9119'>PHPBB3-9119</a>] -         Language selection is disregarded in automatic update
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9120'>PHPBB3-9120</a>] -         Typo fix in a comment in functions.php
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9121'>PHPBB3-9121</a>] -         Forum feed shows posts that are currently on the moderation queue
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9125'>PHPBB3-9125</a>] -         ACP User Overview: Unmatched &lt;/form&gt; tag when viewing own user
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9126'>PHPBB3-9126</a>] -         Invalid redirection after login to forum not in web root
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9132'>PHPBB3-9132</a>] -         Oracle CLOB support is broken, preventing storage of long strings
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9135'>PHPBB3-9135</a>] -         Fix report-icon for moderators in PM folders.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9140'>PHPBB3-9140</a>] -         Check current board version in incremental update packages
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9145'>PHPBB3-9145</a>] -         Fix open_basedir issues when accessing styles- and language-management
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9146'>PHPBB3-9146</a>] -         Quick-Reply tabindex=&quot;6&quot; set twice
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9147'>PHPBB3-9147</a>] -         &quot;Change topic type&quot;-option &quot;Normal&quot; always selected.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9154'>PHPBB3-9154</a>] -         Correctly check for double inclusion in captcha garbage collection
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9158'>PHPBB3-9158</a>] -         viewforum/viewtopic pages unnecessarily duplicated with start=0
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9162'>PHPBB3-9162</a>] -         BBCode in poll options is broken, when posting without question.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9167'>PHPBB3-9167</a>] -         Remove shadow topics from remaining forums when deleting a forum including posts
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9170'>PHPBB3-9170</a>] -         Unable to get image size in img bbcode when URL has multiple parameters.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9173'>PHPBB3-9173</a>] -         sql_config_count() artificially limits number scope to 4byte-integer on PostgreSQL and Firebird
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9176'>PHPBB3-9176</a>] -         When setting the board&#39;s date format the board&#39;s timezone settings aren&#39;t taken into account
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9451'>PHPBB3-9451</a>] -         Unnecessary overhead in avatar_process_user function
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9478'>PHPBB3-9478</a>] -         Validate maximum number of allowed recipients per PM value
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9495'>PHPBB3-9495</a>] -         Loginbox &lt;input /&gt; redirect breaks xHTML
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9499'>PHPBB3-9499</a>] -         Javascript function dE does not correctly detect element visibility
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9504'>PHPBB3-9504</a>] -         Allow gallery avatars with whitespaces in the filename
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9509'>PHPBB3-9509</a>] -         phpBB Coding Guidelines state subversion as the version control system for phpBB
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9510'>PHPBB3-9510</a>] -         Unable to copy permissions from and to forums you cannot see
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9512'>PHPBB3-9512</a>] -         Fix dead link in MCP on reports for global announcements in prosilver.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9514'>PHPBB3-9514</a>] -         Correctly delete big datasets when deleting a forum including  topics/posts on non-MySQL databases
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9518'>PHPBB3-9518</a>] -         Postgres DBAL does not correctly create a new database connection when passing $new_link as true
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9519'>PHPBB3-9519</a>] -         Replace remaining is_writable() calls with phpbb_is_writable().
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9521'>PHPBB3-9521</a>] -         MSSQL error reporting returns String instead of an error
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9524'>PHPBB3-9524</a>] -         IPv6 regular expression does not match addresses starting in ::
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9526'>PHPBB3-9526</a>] -         User Preference to hide online status does not work for bots
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9528'>PHPBB3-9528</a>] -         Quoting in a PM does not fall back to bbcode-less quotes using &quot;&gt; &quot; when bbcodes are disabled
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9529'>PHPBB3-9529</a>] -         Topic review does not display all selected posts
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9530'>PHPBB3-9530</a>] -         subsilver2 missing fallback option on quoting when bbcodes are disabled
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9531'>PHPBB3-9531</a>] -         BBCode-less fall back option for quotes is missing &quot;Author wrote:&quot; line when quoting from topic-review.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9535'>PHPBB3-9535</a>] -         Incorrect margins in RTL languages: signatures, permission ACP &amp; updater
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9545'>PHPBB3-9545</a>] -         &#39;Your first forum&#39; should have &#39;Display active topics:&#39; set to &#39;Yes&#39;
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9546'>PHPBB3-9546</a>] -         Moving all posts from one topic to another does not delete bookmarks
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9547'>PHPBB3-9547</a>] -         Changing forum type applies FORUM_FLAG_ACTIVE_TOPICS to new forum type.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9548'>PHPBB3-9548</a>] -         Delete user quicktool drop down should have an empty or invalid selection as the default
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9559'>PHPBB3-9559</a>] -         Messenger Queue Batch Size configuration option is overridden
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9567'>PHPBB3-9567</a>] -         Newly registered users group ACP wording
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9582'>PHPBB3-9582</a>] -         Missing MSSQL native driver case statements
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9587'>PHPBB3-9587</a>] -         Prosilver overrides reCaptcha class.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9592'>PHPBB3-9592</a>] -         Test suite does not run on SQLite
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9593'>PHPBB3-9593</a>] -         Missing documentation for running unit tests
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9599'>PHPBB3-9599</a>] -         Windows workaround for checkdnsrr() returns wrong results
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9605'>PHPBB3-9605</a>] -         Wrong class added to topiclist, when there&#39;s no announcement topic.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9615'>PHPBB3-9615</a>] -         When attaching a file whose name contains quotes, filename before last quote is cut off in display
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9623'>PHPBB3-9623</a>] -         Strings not properly normalized - acp_prune.php
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9626'>PHPBB3-9626</a>] -         Regular expressions from get_preg_expression() are untested.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9628'>PHPBB3-9628</a>] -         Add module function does not correctly insert a module after the specified one
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9633'>PHPBB3-9633</a>] -         Newly registered users group color is not used in Our Newest Member
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9635'>PHPBB3-9635</a>] -         Useless parameter $data[&#39;post_time&#39;] in function submit_post.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9637'>PHPBB3-9637</a>] -         SET NAMES &#39;BINARY&#39; error in convertor
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9643'>PHPBB3-9643</a>] -         DB connection error when $dbhost is an IPv6 address
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9644'>PHPBB3-9644</a>] -         submit_post shows support for options that cause a trigger_error in the call to user_notification
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9646'>PHPBB3-9646</a>] -         Cant hide/outcomment @import in stylesheet.css
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9650'>PHPBB3-9650</a>] -         It should not be possible to ban Anonymous
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9653'>PHPBB3-9653</a>] -         xhtml errors in subsilver2 when using the bbcodes code and quote in signatures
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9655'>PHPBB3-9655</a>] -         Selecting an unavailable captcha plugin looks like a successful action
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9656'>PHPBB3-9656</a>] -         PHP Information in ACP always lists error_reporting as 0
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9658'>PHPBB3-9658</a>] -         Optimize topic splitting
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9662'>PHPBB3-9662</a>] -         Search interval applied inconsistently
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9664'>PHPBB3-9664</a>] -         Another duplicate accesskey: t = top and list item
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9665'>PHPBB3-9665</a>] -         Signature &quot;0&quot; cannot be previewed
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9677'>PHPBB3-9677</a>] -         Subsilver2 is missing the bbcode-helpline for inline-attachments.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9678'>PHPBB3-9678</a>] -         Flash attachments are not displayed in subsilver2.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9679'>PHPBB3-9679</a>] -         &quot;Notify User&quot; checkbox appears in MCP Queue even if no notification methods are enabled
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9686'>PHPBB3-9686</a>] -         Unable to create data backup using the mssqlnative DBAL
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9694'>PHPBB3-9694</a>] -         Calling download/file.php with empty avatar parameter can throw an E_NOTICE message
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9695'>PHPBB3-9695</a>] -         Bad Display of User Input - mcp_ban
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9696'>PHPBB3-9696</a>] -         Installation of phpBB with SQLite fails
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9697'>PHPBB3-9697</a>] -         Backlink broken when the select parent forum does not exist.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9698'>PHPBB3-9698</a>] -         Returning result of new by reference is deprecated in php 5.3
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9702'>PHPBB3-9702</a>] -         &quot;Ban until (date)&quot; appears to be based on UTC time instead of local time
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9703'>PHPBB3-9703</a>] -         Removing a user does not remove their private message folders or rules
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9704'>PHPBB3-9704</a>] -         Coding guidelines typo
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9712'>PHPBB3-9712</a>] -         Future dates display as &quot;less than one minute ago&quot;
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9714'>PHPBB3-9714</a>] -         &quot;Undefined variable: email&quot; in email regular expression unit tests
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9715'>PHPBB3-9715</a>] -         Fix email address regular expression or adjust email regular expression unit tests
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9722'>PHPBB3-9722</a>] -         &quot;New Topic&quot; button title attribute mismatch in prosilver&#39;s viewforum
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9727'>PHPBB3-9727</a>] -         Feed replaces ./ with board URL
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9743'>PHPBB3-9743</a>] -         Fix background-position of top2-class in prosilver for RTL-languages.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9744'>PHPBB3-9744</a>] -         Mistyped word &#39;then&#39; in FAQ. It should be &#39;than&#39;.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9748'>PHPBB3-9748</a>] -         &lt;br /&gt; not being replaced in prepare_message
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9749'>PHPBB3-9749</a>] -         fulltext_mysql.php overreacts on + and - characters in search words
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9752'>PHPBB3-9752</a>] -         Misleading text when using Q&amp;A CAPTCHA
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9754'>PHPBB3-9754</a>] -         Template variable S_USER_POSTED always set to false in search.php
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9757'>PHPBB3-9757</a>] -         Empty template variable HISTORY_TITLE in ucp_pm_history
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9760'>PHPBB3-9760</a>] -         Fulltext native search, wildcard * does not get escaped leading to long execution time
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9761'>PHPBB3-9761</a>] -         Quote nesting depth explanation is misleading
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9771'>PHPBB3-9771</a>] -         build_url() doesn&#39;t ignore empty parameters
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9772'>PHPBB3-9772</a>] -         Under some circumstances, email addresses are shown to undesired users
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9780'>PHPBB3-9780</a>] -         gen_rand_string() not respecting $num_chars parameter anymore.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9782'>PHPBB3-9782</a>] -         Board disable radio in Board-Settings set on when server load high
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9793'>PHPBB3-9793</a>] -         Undefined function send_status_line() in download/file.php when in avatar mode.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9807'>PHPBB3-9807</a>] -         Avatar tab displays when avatars are disabled
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9810'>PHPBB3-9810</a>] -         Clicking on &quot;Select All&quot; of code tag on print page results in a javascript error when using prosilver
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9820'>PHPBB3-9820</a>] -         Fix undefined indexes when trying to post a new topic
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9822'>PHPBB3-9822</a>] -         Can not delete style-components from the file-system as per explanation.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9829'>PHPBB3-9829</a>] -         Recaptcha plugin result interpretation fault
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9835'>PHPBB3-9835</a>] -         Login Confirm Explain Not Working
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9840'>PHPBB3-9840</a>] -         Display view unread posts link for guests
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9841'>PHPBB3-9841</a>] -         Change &quot;Save&quot; button to &quot;Save draft&quot;
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9847'>PHPBB3-9847</a>] -         Language typo and written form (British/American)
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9854'>PHPBB3-9854</a>] -         Auth API documentation is incomplete
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9855'>PHPBB3-9855</a>] -         Tests don&#39;t run on PHPUnit 3.5
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9879'>PHPBB3-9879</a>] -         captcha_qa.php spelling, punctuation and grammar errors
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9883'>PHPBB3-9883</a>] -         CAPTCHA uses american english
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9884'>PHPBB3-9884</a>] -         Massive email delays
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9885'>PHPBB3-9885</a>] -         Default file extension groups not properly updated by database updater.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9886'>PHPBB3-9886</a>] -         Database updater does not run on PostgreSQL because of an error in _add_module()
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9888'>PHPBB3-9888</a>] -         Update fails when Bing [Bot] was already added to the users table
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9891'>PHPBB3-9891</a>] -         Updater drops language-selection after database-update
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9509'>PHPBB3-9509</a>] -         phpBB Coding Guidelines state subversion as the version control system for phpBB
+</li>
+</ul>
+
+<h4>        Improvement
+</h4>
+<ul>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-7332'>PHPBB3-7332</a>] -         MCP post details usability
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-7717'>PHPBB3-7717</a>] -         Use user&#39;s language for standard-extensions-group name
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-8709'>PHPBB3-8709</a>] -         Multibyte keys in request_var not possible
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-8936'>PHPBB3-8936</a>] -         subsilver2 missing reply-to-all feature
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9088'>PHPBB3-9088</a>] -         Add missing semicolons in js files
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9179'>PHPBB3-9179</a>] -         improve quasi-documentation of notify_status values
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9503'>PHPBB3-9503</a>] -         Posts with empty titles in moderation queue are not easily approved
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9534'>PHPBB3-9534</a>] -         user_ipwhois() does not support IPv6 addresses
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9536'>PHPBB3-9536</a>] -         Small improvement for query against sessions table in acp_users.php
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9553'>PHPBB3-9553</a>] -         Make git hooks run with /bin/sh instead of bash
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9570'>PHPBB3-9570</a>] -         Change &quot;system timezone&quot; to &quot;guest timezone&quot; in acp, add explanation
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9578'>PHPBB3-9578</a>] -         ACP Posting tab is missing &quot;Post settings&quot; module.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9589'>PHPBB3-9589</a>] -         Sample nginx configuration file
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9595'>PHPBB3-9595</a>] -         Search settings in ACP: Add information on minimum word size indexed when using Fulltext MySQL backend
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9598'>PHPBB3-9598</a>] -         Call checkdnsrr() on Windows with PHP 5.3
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9609'>PHPBB3-9609</a>] -         Use send_status_line instead of calling header
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9611'>PHPBB3-9611</a>] -         Increase entropy in activation keys
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9612'>PHPBB3-9612</a>] -         Split gen_rand_string() into gen_rand_string() and gen_rand_string_friendly()
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9629'>PHPBB3-9629</a>] -         sid parameter forced for style.php makes caching difficult
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9659'>PHPBB3-9659</a>] -         Default phpBB signature user_options need to be set for convertors
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9690'>PHPBB3-9690</a>] -         MSN Bot will become Bing Bot
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9777'>PHPBB3-9777</a>] -         Print useful error message in pre-commit hook when php is not installed.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9785'>PHPBB3-9785</a>] -         Not able to recover a password when board disabled
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9825'>PHPBB3-9825</a>] -         Run tests on sqlite if available and no test db configured
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9827'>PHPBB3-9827</a>] -         IE9 Beta fixes IE8 textarea bug
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9830'>PHPBB3-9830</a>] -         Awkward message when config.php is missing
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9850'>PHPBB3-9850</a>] -         Allow version checker to display information on multiple releases
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9853'>PHPBB3-9853</a>] -         Change default reCAPTCHA theme in Prosilver &amp; Subsilver2 to better coordinate with style color scheme
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9880'>PHPBB3-9880</a>] -         Rename all mentions of CAPTCHA or visual confirmation to anti-bot
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9899'>PHPBB3-9899</a>] -         Change the style in the ACP for the recaptcha to match that displayed on prosilver
+</li>
+</ul>
+
+<h4>        New Feature
+</h4>
+<ul>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9039'>PHPBB3-9039</a>] -         Native SQL Server Support mssqlnative.php
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9511'>PHPBB3-9511</a>] -         View note for moderators on unapproved posts/topics with unapproved posts in ATOM Feed.
+</li>
+</ul>
+
+<h4>        Task
+</h4>
+<ul>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9520'>PHPBB3-9520</a>] -         Add web.config files for IIS
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9625'>PHPBB3-9625</a>] -         Update database UNIT-test
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9701'>PHPBB3-9701</a>] -         Enable notices in unit tests
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9768'>PHPBB3-9768</a>] -         Create git commit-msg hook that verifies the commit message conforms to our standards
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9769'>PHPBB3-9769</a>] -         Add install and uninstall scripts for the git hooks
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9770'>PHPBB3-9770</a>] -         Git commit message should be prefilled with branch and ticket information
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9800'>PHPBB3-9800</a>] -         Update tracker URL in docs/README.html
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9804'>PHPBB3-9804</a>] -         Update docs/AUTHORS (DavidMJ &amp; igorw)
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9808'>PHPBB3-9808</a>] -         Git commit message hook depends on GNU wc
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9816'>PHPBB3-9816</a>] -         Remove config.php from git repository
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9848'>PHPBB3-9848</a>] -         Add phpBB data files to .gitignore.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9849'>PHPBB3-9849</a>] -         Create build script using phing
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9857'>PHPBB3-9857</a>] -         Remove visible $Id$ from docs files.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9868'>PHPBB3-9868</a>] -         Make the test suite run and pass using the mssqlnative driver
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9904'>PHPBB3-9904</a>] -         Update WebPI Parameters.xml
+</li>
+</ul>
+
+<h4>        Sub-task
+</h4>
+<ul>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9517'>PHPBB3-9517</a>] -         Remote avatar upload does not check the filesize before and during transfer.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9562'>PHPBB3-9562</a>] -         Advanced Search is inaccessible using the mssqlnative DBAL
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9564'>PHPBB3-9564</a>] -         Reported messages are not assigned the default report reason when a reason is removed from the ACP using the mssqlnative DBAL
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9565'>PHPBB3-9565</a>] -         It is impossible to create a custom profile field using the mssqlnative DBAL
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9566'>PHPBB3-9566</a>] -         Two debug notices are displayed when setting a custom profile field though the UCP using the mssqlnative DBAL
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9583'>PHPBB3-9583</a>] -         MSSQL native backups cannot be restored
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9606'>PHPBB3-9606</a>] -         Drop redundant SQL query for unreads fetching
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9613'>PHPBB3-9613</a>] -         Implement a load switch for unreads search feature.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9817'>PHPBB3-9817</a>] -         Make build script create blank config.php
+</li>
+</ul>
+
+
+	<a name="v307"></a><h3>1.ii. Changes since 3.0.7</h3>
 
 	<ul>
 		<li>[Sec] Do not expose forum content of forums with ACL entries but no actual permission in ATOM Feeds. (Bug #58595)</li>
 	</ul>
 
-	<a name="v306"></a><h3>1.ii. Changes since 3.0.6</h3>
+	<a name="v306"></a><h3>1.iii. Changes since 3.0.6</h3>
 
 	<ul>
 		<li>[Fix] Allow ban reason and length to be selected and copied in ACP and subsilver2 MCP. (Bug #51095)</li>
@@ -198,7 +657,7 @@
 
 	</ul>
 
-	<a name="v305"></a><h3>1.ii. Changes since 3.0.5</h3>
+	<a name="v305"></a><h3>1.iv. Changes since 3.0.5</h3>
 
 	<ul>
 		<li>[Fix] Allow whitespaces in avatar gallery names. (Bug #44955)</li>
@@ -420,7 +879,7 @@
 		<li>[Feature] Send anonymous statistical information to phpBB on installation and update (optional).</li>
 	</ul>
 
-	<a name="v304"></a><h3>1.iii. Changes since 3.0.4</h3>
+	<a name="v304"></a><h3>1.v. Changes since 3.0.4</h3>
 
 	<ul>
 		<li>[Fix] Delete user entry from ban list table upon user deletion (Bug #40015 - Patch by TerraFrost)</li>
@@ -509,7 +968,7 @@
 		<li>[Sec] Only use forum id supplied for posting if global announcement detected. (Reported by nickvergessen)</li>
 	</ul>
 
-	<a name="v303"></a><h3>1.iv. Changes since 3.0.3</h3>
+	<a name="v303"></a><h3>1.vi. Changes since 3.0.3</h3>
 
 	<ul>
 		<li>[Fix] Allow mixed-case template directories to be inherited (Bug #36725)</li>
@@ -541,7 +1000,7 @@
 		<li>[Sec] Ask for forum password if post within passworded forum quoted in private message. (Reported by nickvergessen)</li>
 	</ul>
 
-	<a name="v302"></a><h3>1.v. Changes since 3.0.2</h3>
+	<a name="v302"></a><h3>1.vii. Changes since 3.0.2</h3>
 
 	<ul>
 		<li>[Fix] Correctly set topic starter if first post in topic removed (Bug #30575 - Patch by blueray2048)</li>
@@ -640,7 +1099,7 @@
 		<li>[Sec Precaution] Stricter validation of the HTTP_HOST header (Thanks to Techie-Micheal et al for pointing out possible issues in derived code)</li>
 	</ul>
 
-	<a name="v301"></a><h3>1.vi. Changes since 3.0.1</h3>
+	<a name="v301"></a><h3>1.viii. Changes since 3.0.1</h3>
 
 	<ul>
 		<li>[Fix] Ability to set permissions on non-mysql dbms (Bug #24955)</li>
@@ -688,7 +1147,7 @@
 		<li>[Sec] Only allow urls gone through redirect() being used within login_box(). (thanks nookieman)</li>
 	</ul>
 
-	<a name="v300"></a><h3>1.vii Changes since 3.0.0</h3>
+	<a name="v300"></a><h3>1.ix Changes since 3.0.0</h3>
 
 	<ul>
 		<li>[Change] Validate birthdays (Bug #15004)</li>
@@ -759,7 +1218,7 @@
 		<li>[Fix] Find and display colliding usernames correctly when converting from one database to another (Bug #23925)</li>
 	</ul>
 
-	<a name="v30rc8"></a><h3>1.viii. Changes since 3.0.RC8</h3>
+	<a name="v30rc8"></a><h3>1.x. Changes since 3.0.RC8</h3>
 
 	<ul>
 		<li>[Fix] Cleaned usernames contain only single spaces, so &quot;a_name&quot; and &quot;a__name&quot; are treated as the same name (Bug #15634)</li>
@@ -768,7 +1227,7 @@
 		<li>[Fix] Call garbage_collection() within database updater to correctly close connections (affects Oracle for example)</li>
 	</ul>
 
-	<a name="v30rc7"></a><h3>1.ix. Changes since 3.0.RC7</h3>
+	<a name="v30rc7"></a><h3>1.xi. Changes since 3.0.RC7</h3>
 
 	<ul>
 		<li>[Fix] Fixed MSSQL related bug in the update system</li>
@@ -803,7 +1262,7 @@
 		<li>[Fix] No duplication of active topics (Bug #15474)</li>
 	</ul>
 
-	<a name="v30rc6"></a><h3>1.x. Changes since 3.0.RC6</h3>
+	<a name="v30rc6"></a><h3>1.xii. Changes since 3.0.RC6</h3>
 
 	<ul>
 		<li>[Fix] Submitting language changes using acp_language (Bug #14736)</li>
@@ -813,7 +1272,7 @@
 		<li>[Fix] Able to request new password (Bug #14743)</li>
 	</ul>
 
-	<a name="v30rc5"></a><h3>1.xi. Changes since 3.0.RC5</h3>
+	<a name="v30rc5"></a><h3>1.xiii. Changes since 3.0.RC5</h3>
 
 	<ul>
 		<li>[Feature] Removing constant PHPBB_EMBEDDED in favor of using an exit_handler(); the constant was meant to achive this more or less.</li>
@@ -876,7 +1335,7 @@
 		<li>[Sec] New password hashing mechanism for storing passwords (#i42)</li>
 	</ul>
 
-	<a name="v30rc4"></a><h3>1.xii. Changes since 3.0.RC4</h3>
+	<a name="v30rc4"></a><h3>1.xiv. Changes since 3.0.RC4</h3>
 
 	<ul>
 		<li>[Fix] MySQL, PostgreSQL and SQLite related database fixes (Bug #13862)</li>
@@ -927,7 +1386,7 @@
 		<li>[Fix] odbc_autocommit causing existing result sets to be dropped (Bug #14182)</li>
 	</ul>
 
-	<a name="v30rc3"></a><h3>1.xiii. Changes since 3.0.RC3</h3>
+	<a name="v30rc3"></a><h3>1.xv. Changes since 3.0.RC3</h3>
 
 	<ul>
 		<li>[Fix] Fixing some subsilver2 and prosilver style issues</li>
@@ -1036,7 +1495,7 @@
 
 	</ul>
 
-	<a name="v30rc2"></a><h3>1.xiv. Changes since 3.0.RC2</h3>
+	<a name="v30rc2"></a><h3>1.xvi. Changes since 3.0.RC2</h3>
 
 	<ul>
 		<li>[Fix] Re-allow searching within the memberlist</li>
@@ -1082,7 +1541,7 @@
 
 	</ul>
 
-	<a name="v30rc1"></a><h3>1.xv. Changes since 3.0.RC1</h3>
+	<a name="v30rc1"></a><h3>1.xvii. Changes since 3.0.RC1</h3>
 
 	<ul>
 		<li>[Fix] (X)HTML issues within the templates (Bug #11255, #11255)</li>

phpBB/docs/INSTALL.html

@@ -273,7 +273,7 @@
 
 	<p>This package is meant for those wanting to only replace changed files from a previous version to the latest version. This package normally contains the changed files from up to five previous versions.</p>
 
-	<p>This package contains a number of archives, each contains the files changed from a given release to the latest version. You should select the appropriate archive for your current version, e.g. if you currently have <samp>3.0.6</samp> you should select the phpBB-3.0.6_to_3.0.7-PL1.zip/tar.gz file.</p>
+	<p>This package contains a number of archives, each contains the files changed from a given release to the latest version. You should select the appropriate archive for your current version, e.g. if you currently have <samp>3.0.7-PL1</samp> you should select the phpBB-3.0.7-PL1_to_3.0.8.zip/tar.gz file.</p>
 
 	<p>The directory structure has been preserved enabling you (if you wish) to simply upload the contents of the archive to the appropriate location on your server, i.e. simply overwrite the existing files with the new versions. Do not forget that if you have installed any MODs these files will overwrite the originals possibly destroying them in the process. You will need to re-add MODs to any affected file before uploading.</p>
 
@@ -285,7 +285,7 @@
 
 	<p>The patch file is one solution for those with many Modifications (MODs) or other changes who do not want to re-add them back to all the changed files if they use the method explained above. To use this you will need command line access to a standard UNIX type <strong>patch</strong> application. If you do not have access to such an application but still want to use this update approach, we strongly recommend the <a href="#update_auto">Automatic update package</a> explained below. It is also the recommended update method.</p>
 
-	<p>A number of patch files are provided to allow you to update from previous stable releases. Select the correct patch, e.g. if your current version is 3.0.5 you need the phpBB-3.0.6_to_3.0.7-PL1.patch file. Place the correct patch in the parent directory containing the phpBB3 core files (i.e. index.php, viewforum.php, etc.). With this done you should run the following command: <strong>patch -cl -d [PHPBB DIRECTORY] -p1 &lt; [PATCH NAME]</strong> (where PHPBB DIRECTORY is the directory name your phpBB Installation resides in, for example phpBB3, and where PATCH NAME is the relevant filename of the selected patch file). This should complete quickly, hopefully without any HUNK FAILED comments.</p>
+	<p>A number of patch files are provided to allow you to update from previous stable releases. Select the correct patch, e.g. if your current version is 3.0.5 you need the phpBB-3.0.7-PL1_to_3.0.8.patch file. Place the correct patch in the parent directory containing the phpBB3 core files (i.e. index.php, viewforum.php, etc.). With this done you should run the following command: <strong>patch -cl -d [PHPBB DIRECTORY] -p1 &lt; [PATCH NAME]</strong> (where PHPBB DIRECTORY is the directory name your phpBB Installation resides in, for example phpBB3, and where PATCH NAME is the relevant filename of the selected patch file). This should complete quickly, hopefully without any HUNK FAILED comments.</p>
 
 	<p>If you do get failures you should look at using the <a href="#update_files">Changed files only</a> package to replace the files which failed to patch, please note that you will need to manually re-add any Modifications (MODs) to these particular files. Alternatively if you know how you can examine the .rej files to determine what failed where and make manual adjustments to the relevant source.</p>
 

phpBB/docs/README.html

@@ -242,7 +242,7 @@
 
 	<p>The phpBB Group uses a bug tracking system to store, list and manage all reported bugs, it can be found at the location listed below. Please <strong>DO NOT</strong> post bug reports to our forums, they will be locked. In addition please <strong>DO NOT</strong> use the bug tracker for support requests. Posting such a request will only see you directed to the support forums (while taking time away from working on real bugs).</p>
 
-	<p><a href="http://www.phpbb.com/bugs/">http://www.phpbb.com/bugs/</a></p>
+	<p><a href="http://tracker.phpbb.com/">http://tracker.phpbb.com/</a></p>
 
 	<p>While we very much appreciate receiving bug reports (the more reports the more stable phpBB will be) we ask you carry out a few steps before adding new entries:</p>
 

phpBB/docs/auth_api.html

@@ -61,6 +61,9 @@
 		<li><a href="#acl_getf">acl_getf</a></li>
 		<li><a href="#acl_getf_global">acl_getf_global</a></li>
 		<li><a href="#acl_cache">acl_cache</a></li>
+		<li><a href="#acl_clear_prefetch">acl_clear_prefetch</a></li>
+		<li><a href="#acl_get_list">acl_get_list</a></li>
+		<li><a href="#misc">Miscellaneous</a></li>
 	</ol>
 	</li>
 	<li><a href="#admin_related">Admin related functions</a></li>
@@ -176,7 +179,7 @@ array(<em>forum_id1</em> =&gt; array(<em>option</em> =&gt; <em>integer</em>), <e
 	<p>This method is used to find out whether a user has a permission in at least one forum or globally. This method is similar to checking whether <code>acl_getf(option, true)</code> returned one or more forums but it's faster. It should be called in the following way:</p>
 
 	<div class="codebox"><pre>
-$result = acl_getf_global(<code>option</code>)
+$result = $auth-&gt;acl_getf_global(<code>option</code>)
 	</pre></div>
 
 	<p>As with the previous methods option is a string specifying the permission which has to be checked.</p>
@@ -187,6 +190,49 @@ $result = acl_getf_global(<code>option</code>)
 
 	<p>This should be considered a private method and not be called externally. It handles the generation of the user_permissions data from the basic user and group authorisation data. When necessary this method is called automatically by <code>acl</code>.</p>
 
+	<a name="acl_clear_prefetch"></a><h3>2.vii. acl_clear_prefetch</h3>
+
+	<p>This method clears the user_permissions column in the users table for the given user.  If the user ID passed is zero, the permissions cache is cleared for all users.  This method should be called whenever permissions are set.</p>
+
+	<div class="codebox"><pre>
+// clear stored permissions for user 2
+$user_id = 2;
+$auth->acl_clear_prefetch($user_id);
+</pre></div>
+
+	<p>This method returns void.</p>
+
+	<a name="acl_get_list"></a><h3>2.viii. acl_get_list</h3>
+
+	<p>This method returns an an array describing which users have permissions in given fora.  The resultant array contains an entry for permission that every user has in every forum when no arguments are passed.</p>
+
+	<div class="codebox"><pre>
+$user_id = array(2, 53);
+$permissions = array('f_list', 'f_read');
+$forum_id = array(1, 2, 3);
+$result = $auth-&gt;acl_get_list($user_id, $permissions, $forum_id);
+</pre></div>
+
+	<p>The parameters may be of the following legal types:</p>
+		<ul>
+			<li><strong>$user_id</strong>: <code>false</code>, int, array(int, int, int, ...)</li>
+			<li><strong>$permissions</strong>: <code>false</code>, string, array(string, string, ...)</li>
+			<li><strong>$forum_id</strong>: <code>false</code>, int, array(int, int, int, ...)</li>
+		</ul>
+
+	<a name="misc"></a><h3>2.ix. Miscellaneous</h3>
+
+	<p>There are other methods defined in the auth class which serve mostly as private methods, but are available for use if needed.  Each of them is used to pull data directly from the database tables.  They are:</p>
+		<ul>
+			<li><pre>function acl_group_raw_data($group_id = false, $opts = false, $forum_id = false)</pre></li>
+			<li><pre>function acl_user_raw_data($user_id = false, $opts = false, $forum_id = false)</pre></li>
+			<li><pre>function acl_raw_data_single_user($user_id)</pre></li>
+			<li><pre>function acl_raw_data($user_id = false, $opts = false, $forum_id = false)</pre></li>
+			<li><pre>function acl_role_data($user_type, $role_type, $ug_id = false, $forum_id = false)</pre></li>
+		</ul>
+
+	<p>Of these, <code>acl_raw_data</code> is the most general, but the others will be faster if you need a smaller amount of data.</p>
+
 		</div>
 
 		<div class="back2top"><a href="#wrap" class="top">Back to Top</a></div>
@@ -241,7 +287,7 @@ $auth_admin = new auth_admin();
 <!-- END DOCUMENT -->
 
 	<div id="page-footer">
-		<div class="version"> $Id$ </div>
+		<div class="version">&nbsp;</div>
 	</div>
 </div></div>
 

phpBB/docs/coding-guidelines.html

@@ -90,10 +90,9 @@
 	<li><a href="#vcs">VCS Guidelines</a>
 	<ol style="list-style-type: lower-roman;">
 		<li><a href="#repostruct">Repository structure</a></li>
-		<li><a href="#commitmessage">Commit messages</a></li>
+		<li><a href="#commitmessage">Commit Messages and Repository Rules</a></li>
 	</ol>
 	</li>
-	<li><a href="#changes">Guidelines Changelog</a></li>
 	<li><a href="#disclaimer">Copyright and disclaimer</a></li>
 </ol>
 
@@ -288,7 +287,7 @@ PHPBB_QA                   (Set board to QA-Mode, which means the updater also c
 
 		<div class="content">
 
-	<p>Please note that these Guidelines applies to all php, html, javascript and css files.</p>
+	<p>Please note that these guidelines apply to all php, html, javascript and css files.</p>
 
 	<a name="namingvars"></a><h3>2.i. Variable/Function Naming</h3>
 
@@ -2326,126 +2325,33 @@ if (utf8_case_fold_nfc($string1) == utf8_case_fold_nfc($string2))
 
 		<div class="content">
 
-	<p>The version control system for phpBB3 is subversion. The repository is available at <a href="http://code.phpbb.com/svn/phpbb" title="repository">http://code.phpbb.com/svn/phpbb</a>.</p>
+	<p>The version control system for phpBB3 is git. The repository is available at <a href="http://github.com/phpbb/phpbb3" title="repository">http://github.com/phpbb/phpbb3</a>.</p>
 
 	<a name="repostruct"></a><h3>7.i. Repository Structure</h3>
 
 	<ul>
-		<li><strong>trunk</strong><br />The latest unstable development version with new features etc. Contains the actual board in <code>/trunk/phpBB</code></li>
+		<li><strong>develop</strong><br />The latest unstable development version with new features etc.</li>
-		<li><strong>branches</strong><br />Development branches of stable phpBB releases. Copied from <code>/trunk</code> at the time of release.
+		<li><strong>develop-*</strong><br />Development branches of stable phpBB releases. Branched off of <code>develop</code> at the time of feature freeze.
 			<ul>
-				<li><strong>phpBB3.0</strong><code>/branches/phpBB-3_0_0/phpBB</code><br />Development branch of the stable 3.0 line. Bug fixes are applied here.</li>
+				<li><strong>phpBB3.0</strong><code>develop-olympus</code><br />Development branch of the stable 3.0 line. Bug fixes are applied here.</li>
-				<li><strong>phpBB2</strong><code>/branches/phpBB-2_0_0/phpBB</code><br />Old phpBB2 development branch.</li>
+				<li><strong>phpBB3.1</strong><code>develop-ascraeus</code><br />Development branch of the stable 3.1 line. Bug fixes are applied here.</li>
 			</ul>
 		</li>
-		<li><strong>tags</strong><br />Released versions. Copies of trunk or the respective branch, made at the time of release.
+		<li><strong>master</strong><br />A branch containing all stable phpBB3 release points</li>
+		<li><strong>tags</strong><br />Released versions. Stable ones get merged into the master branch.
 			<ul>
-				<li><code>/tags/release_3_0_BX</code><br />Beta release X of the 3.0 line.</li>
+				<li><code>release-3.Y-BX</code><br />Beta release X of the 3.Y line.</li>
-				<li><code>/tags/release_3_0_RCX</code><br />Release candidate X of the 3.0 line.</li>
+				<li><code>release-3.Y-RCX</code><br />Release candidate X of the 3.Y line.</li>
-				<li><code>/tags/release_3_0_X-RCY</code><br />Release candidate Y of the stable 3.0.X release.</li>
+				<li><code>release-3.Y.Z-RCX</code><br />Release candidate X of the stable 3.Y.Z release.</li>
-				<li><code>/tags/release_3_0_X</code><br />Stable <strong>3.0.X</strong> release.</li>
+				<li><code>release-3.0.X</code><br />Stable <strong>3.0.X</strong> release.</li>
-				<li><code>/tags/release_2_0_X</code><br />Old stable 2.0.X release.</li>
+				<li><code>release-2.0.X</code><br />Old stable 2.0.X release.</li>
 			</ul>
 		</li>
 	</ul>
 
-	<a name="commitmessage"></a><h3>7.ii. Commit Messages</h3>
+	<a name="commitmessage"></a><h3>7.ii. Commit Messages and Repository Rules</h3>
-
-	<p>The commit message should contain a brief explanation of all changes made within the commit. Often identical to the changelog entry. A bug ticket can be referenced by specifying the ticket ID with a hash, e.g. #12345. A reference to another revision should simply be prefixed with r, e.g. r12345.</p>
-
-	<p>Junior Developers need to have their patches approved by a development team member first. The commit message must end in a line with the following format:</p>
-
-	<div class="codebox"><pre>
-Authorised by: developer1[, developer2[, ...]]
-	</pre></div>
-
-		</div>
-
-		<div class="back2top"><a href="#wrap" class="top">Back to Top</a></div>
-
-		<span class="corners-bottom"><span></span></span></div>
-	</div>
-
-	<hr />
-
-<a name="changes"></a><h2>8. Guidelines Changelog</h2>
-	<div class="paragraph">
-		<div class="inner"><span class="corners-top"><span></span></span>
-
-		<div class="content">
-<h3>Revision 10007</h3>
-
-<ul>
-	<li>Added <a href="#constants">Special Constants</a> section.</li>
-</ul>
-
-<h3>Revision 9817</h3>
-
-<ul>
-	<li>Added VCS section.</li>
-</ul>
-
-<h3>Revision 8732</h3>
-
-<ul>
-	<li>Added cfg files.</li>
-	<li>Added template <a href="#inheritance">inheritance</a>.</li>
-</ul>
-
-<h3>Revision 8596+</h3>
-
-<ul>
-	<li>Removed sql_build_array('MULTI_INSERT'... statements.</li>
-	<li>Added sql_multi_insert() explanation.</li>
-</ul>
-
-<h3>Revision 1.31</h3>
-
-<ul>
-	<li>Added add_form_key and check_form_key. </li>
-</ul>
-
-<h3>Revision 1.24</h3>
-
-<ul>
-	<li>Added <a href="#translation">5. Character Sets and Encodings</a> section to explain the recommended treatment of strings in phpBB.</li>
-</ul>
-
-<h3>Revision 1.16</h3>
-
-<ul>
-	<li>Added <a href="#translation">6. Translation (<abbr title="Internationalisation">i18n</abbr>/<abbr title="Localisation">L10n</abbr>) Guidelines</a> section to explain expected format and authoring considerations for language packs that are to be created for phpBB.</li>
-</ul>
-
-<h3>Revision 1.11-1.15</h3>
-
-<ul>
-	<li>Various document formatting, spelling, punctuation, grammar bugs.</li>
-</ul>
-
-<h3>Revision 1.9-1.10</h3>
-
-<ul>
-	<li>Added sql_query_limit to <a href="#sql">2.iii. SQL/SQL Layout</a>.</li>
-</ul>
-
-<h3>Revision 1.8</h3>
-
-<ul>
-	<li>Some adjustements to wordings</li>
-	<li>Updated paragraph <a href="#locations">1.iii. File Locations</a> to reflect recent changes</li>
-	<li>Extended paragraph <a href="#codelayout">2.ii. Code Layout</a>.</li>
-	<li>Added sql_in_set and sql_build_query explanation to <a href="#sql">2.iii. SQL/SQL Layout</a>.</li>
-	<li>Updated paragraph <a href="#styling">3. Styling</a>.</li>
-	<li>Updated paragraph <a href="#templating">4. Templating</a> to explain loop checking, loop breaking and other changes we recently made.</li>
-</ul>
-
-<h3>Revision 1.5</h3>
-
-<ul>
-	<li>Changed General function usage paragraph in <a href="#general">2.v. General Guidelines</a></li>
-</ul>
 
+	<p>Information on repository rules, such as commit messages can be found at <a href="http://wiki.phpbb.com/display/DEV/Git" title="phpBB Git Information">http://wiki.phpbb.com/display/DEV/Git</a>.</p>
 
 		</div>
 
@@ -2475,7 +2381,7 @@ Authorised by: developer1[, developer2[, ...]]
 <!-- END DOCUMENT -->
 
 	<div id="page-footer">
-		<div class="version"> $Id$ </div>
+		<div class="version">&nbsp;</div>
 	</div>
 </div></div>
 

phpBB/docs/hook_system.html

@@ -875,7 +875,7 @@ function phpbb_hook_register(&$hook)
 	</div>
 
 	<div id="page-footer">
-		<div class="version">$Id$</div>
+		<div class="version">&nbsp;</div>
 	</div>
 </div></div>
 

phpBB/docs/nginx.conf.sample

@@ -0,0 +1,70 @@
+# Sample nginx configuration file for phpBB.
+# Global settings have been removed, copy them
+# from your system's nginx.conf.
+# Tested with nginx 0.8.35.
+
+http {
+    # Compression - requires gzip and gzip static modules.
+    gzip on;
+    gzip_static on;
+    gzip_vary on;
+    gzip_http_version 1.1;
+    gzip_min_length 700;
+    gzip_comp_level 6;
+    gzip_disable "MSIE [1-6]\.";
+
+    # Catch-all server for requests to invalid hosts.
+    # Also catches vulnerability scanners probing IP addresses.
+    # Should be first.
+    server {
+        listen 80;
+        server_name bogus;
+        return 444;
+        root /var/empty;
+    }
+
+    # If you have domains with and without www prefix,
+    # redirect one to the other.
+    server {
+        listen 80;
+        server_name myforums.com;
+        rewrite ^(.*)$ http://www.myforums.com$1 permanent;
+    }
+
+    # The actual board domain.
+    server {
+        listen 80;
+        server_name www.myforums.com;
+
+        root /path/to/phpbb;
+
+        location / {
+            # phpbb uses index.htm
+            index index.php index.html index.htm;
+        }
+
+        # Deny access to internal phpbb files.
+        location ~ /(config\.php|common\.php|includes|cache|files|store|images/avatars/upload) {
+            deny all;
+        }
+
+        # Pass the php scripts to fastcgi server specified in upstream declaration.
+        location ~ \.php$ {
+            fastcgi_pass php;
+            # Necessary for php.
+            fastcgi_param SCRIPT_FILENAME  $document_root$fastcgi_script_name;
+            # Unmodified fastcgi_params from nginx distribution.
+            include fastcgi_params;
+        }
+
+        # Deny access to version control system directories.
+        location ~ /\.svn|/\.git {
+            deny all;
+        }
+    }
+
+    # If running php as fastcgi, specify php upstream.
+    upstream php {
+        server unix:/tmp/php.sock;
+    }
+}

phpBB/download/file.php

@@ -31,6 +31,12 @@ else if (isset($_SERVER['HTTP_USER_AGENT']) && strpos($_SERVER['HTTP_USER_AGENT'
 
 if (isset($_GET['avatar']))
 {
+	if (!defined('E_DEPRECATED'))
+	{
+		define('E_DEPRECATED', 8192);
+	}
+	error_reporting(E_ALL ^ E_NOTICE ^ E_DEPRECATED);
+
 	require($phpbb_root_path . 'config.' . $phpEx);
 
 	if (!defined('PHPBB_INSTALLED') || empty($dbms) || empty($acm_type))
@@ -42,6 +48,7 @@ if (isset($_GET['avatar']))
 	require($phpbb_root_path . 'includes/cache.' . $phpEx);
 	require($phpbb_root_path . 'includes/db/' . $dbms . '.' . $phpEx);
 	require($phpbb_root_path . 'includes/constants.' . $phpEx);
+	require($phpbb_root_path . 'includes/functions.' . $phpEx);
 
 	$db = new $sql_db();
 	$cache = new cache();
@@ -61,7 +68,7 @@ if (isset($_GET['avatar']))
 	$avatar_group = false;
 	$exit = false;
 
-	if ($filename[0] === 'g')
+	if (isset($filename[0]) && $filename[0] === 'g')
 	{
 		$avatar_group = true;
 		$filename = substr($filename, 1);
@@ -70,7 +77,7 @@ if (isset($_GET['avatar']))
 	// '==' is not a bug - . as the first char is as bad as no dot at all
 	if (strpos($filename, '.') == false)
 	{
-		header('HTTP/1.0 403 Forbidden');
+		send_status_line(403, 'Forbidden');
 		$exit = true;
 	}
 
@@ -84,7 +91,7 @@ if (isset($_GET['avatar']))
 	if (!$exit && !in_array($ext, array('png', 'gif', 'jpg', 'jpeg')))
 	{
 		// no way such an avatar could exist. They are not following the rules, stop the show.
-		header("HTTP/1.0 403 Forbidden");
+		send_status_line(403, 'Forbidden');
 		$exit = true;
 	}
 
@@ -94,7 +101,7 @@ if (isset($_GET['avatar']))
 		if (!$filename)
 		{
 			// no way such an avatar could exist. They are not following the rules, stop the show.
-			header("HTTP/1.0 403 Forbidden");
+			send_status_line(403, 'Forbidden');
 		}
 		else
 		{
@@ -192,7 +199,7 @@ else
 		$row['forum_id'] = false;
 		if (!$auth->acl_get('u_pm_download'))
 		{
-			header('HTTP/1.0 403 Forbidden');
+			send_status_line(403, 'Forbidden');
 			trigger_error('SORRY_AUTH_VIEW_ATTACH');
 		}
 
@@ -215,7 +222,7 @@ else
 
 		if (!$allowed)
 		{
-			header('HTTP/1.0 403 Forbidden');
+			send_status_line(403, 'Forbidden');
 			trigger_error('ERROR_NO_ATTACHMENT');
 		}
 	}
@@ -230,7 +237,7 @@ else
 
 if (!download_allowed())
 {
-	header('HTTP/1.0 403 Forbidden');
+	send_status_line(403, 'Forbidden');
 	trigger_error($user->lang['LINKAGE_FORBIDDEN']);
 }
 
@@ -376,7 +383,7 @@ function send_avatar_to_browser($file, $browser)
 	}
 	else
 	{
-		header('HTTP/1.0 404 Not Found');
+		send_status_line(404, 'Not Found');
 	}
 }
 
@@ -670,15 +677,7 @@ function set_modified_headers($stamp, $browser)
 	{
 		if ($last_load !== false && $last_load >= $stamp)
 		{
-			if (substr(strtolower(@php_sapi_name()),0,3) === 'cgi')
+			send_status_line(304, 'Not Modified');
-			{
-				// in theory, we shouldn't need that due to php doing it. Reality offers a differing opinion, though
-				header('Status: 304 Not Modified', true, 304);
-			}
-			else
-			{
-				header('HTTP/1.0 304 Not Modified', true, 304);
-			}
 			// seems that we need those too ... browsers
 			header('Pragma: public');
 			header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', time() + 31536000));

phpBB/feed.php

@@ -276,8 +276,8 @@ function feed_generate_content($content, $uid, $bitfield, $options)
 	// Add newlines
 	$content = str_replace('<br />', '<br />' . "\n", $content);
 
-	// Relative Path to Absolute path, Windows style
+	// Convert smiley Relative paths to Absolute path, Windows style
-	$content = str_replace('./', $board_url . '/', $content);
+	$content = str_replace($phpbb_root_path . $config['smilies_path'], $board_url . '/' . $config['smilies_path'], $content);
 
 	// Remove "Select all" link and mouse events
 	$content = str_replace('<a href="#" onclick="selectCode(this); return false;">' . $user->lang['SELECT_ALL_CODE'] . '</a>', '', $content);
@@ -535,12 +535,30 @@ class phpbb_feed_base
 
 		if (!isset($forum_ids))
 		{
-			$forum_ids = array_keys($auth->acl_getf('m_approve'));
+			$forum_ids = array_keys($auth->acl_getf('m_approve', true));
 		}
 
 		return $forum_ids;
 	}
 
+	function is_moderator_approve_forum($forum_id)
+	{
+		static $forum_ids;
+
+		if (!isset($forum_ids))
+		{
+			$forum_ids = array_flip($this->get_moderator_approve_forums());
+		}
+
+		if (!$forum_id)
+		{
+			// Global announcement, your a moderator in any forum than it's okay.
+			return (!empty($forum_ids)) ? true : false;
+		}
+
+		return (isset($forum_ids[$forum_id])) ? true : false;
+	}
+
 	function get_excluded_forums()
 	{
 		global $db, $cache;
@@ -677,7 +695,8 @@ class phpbb_feed_post_base extends phpbb_feed_base
 		if ($config['feed_item_statistics'])
 		{
 			$item_row['statistics'] = $user->lang['POSTED'] . ' ' . $user->lang['POST_BY_AUTHOR'] . ' ' . $this->user_viewprofile($row)
-				. ' ' . $this->separator_stats . ' ' . $user->format_date($row['post_time']);
+				. ' ' . $this->separator_stats . ' ' . $user->format_date($row['post_time'])
+				. (($this->is_moderator_approve_forum($row['forum_id']) && !$row['post_approved']) ? ' ' . $this->separator_stats . ' ' . $user->lang['POST_UNAPPROVED'] : '');
 		}
 	}
 }
@@ -719,8 +738,9 @@ class phpbb_feed_topic_base extends phpbb_feed_base
 		{
 			$item_row['statistics'] = $user->lang['POSTED'] . ' ' . $user->lang['POST_BY_AUTHOR'] . ' ' . $this->user_viewprofile($row)
 				. ' ' . $this->separator_stats . ' ' . $user->format_date($row[$this->get('date')])
-				. ' ' . $this->separator_stats . ' ' . $user->lang['REPLIES'] . ' ' . $row['topic_replies']
+				. ' ' . $this->separator_stats . ' ' . $user->lang['REPLIES'] . ' ' . (($this->is_moderator_approve_forum($row['forum_id'])) ? $row['topic_replies_real'] : $row['topic_replies'])
-				. ' ' . $this->separator_stats . ' ' . $user->lang['VIEWS'] . ' ' . $row['topic_views'];
+				. ' ' . $this->separator_stats . ' ' . $user->lang['VIEWS'] . ' ' . $row['topic_views']
+				. (($this->is_moderator_approve_forum($row['forum_id']) && ($row['topic_replies_real'] != $row['topic_replies'])) ? ' ' . $this->separator_stats . ' ' . $user->lang['POSTS_UNAPPROVED'] : '');
 		}
 	}
 }
@@ -780,11 +800,11 @@ class phpbb_feed_overall extends phpbb_feed_post_base
 		// Get the actual data
 		$this->sql = array(
 			'SELECT'	=>	'f.forum_id, f.forum_name, ' .
-							'p.post_id, p.topic_id, p.post_time, p.post_subject, p.post_text, p.bbcode_bitfield, p.bbcode_uid, p.enable_bbcode, p.enable_smilies, p.enable_magic_url, ' .
+							'p.post_id, p.topic_id, p.post_time, p.post_approved, p.post_subject, p.post_text, p.bbcode_bitfield, p.bbcode_uid, p.enable_bbcode, p.enable_smilies, p.enable_magic_url, ' .
 							'u.username, u.user_id',
 			'FROM'		=> array(
-				POSTS_TABLE		=> 'p',
 				USERS_TABLE		=> 'u',
+				POSTS_TABLE		=> 'p',
 			),
 			'LEFT_JOIN'	=> array(
 				array(
@@ -912,7 +932,7 @@ class phpbb_feed_forum extends phpbb_feed_post_base
 		}
 
 		$this->sql = array(
-			'SELECT'	=>	'p.post_id, p.topic_id, p.post_time, p.post_subject, p.post_text, p.bbcode_bitfield, p.bbcode_uid, p.enable_bbcode, p.enable_smilies, p.enable_magic_url, ' .
+			'SELECT'	=>	'p.post_id, p.topic_id, p.post_time, p.post_approved, p.post_subject, p.post_text, p.bbcode_bitfield, p.bbcode_uid, p.enable_bbcode, p.enable_smilies, p.enable_magic_url, ' .
 							'u.username, u.user_id',
 			'FROM'		=> array(
 				POSTS_TABLE		=> 'p',
@@ -994,7 +1014,7 @@ class phpbb_feed_topic extends phpbb_feed_post_base
 			if (!$this->topic_data['topic_approved'])
 			{
 				// Also require m_approve
-				$in_fid_ary = array_intersect($in_fid_ary, array_keys($auth->acl_getf('m_approve')));
+				$in_fid_ary = array_intersect($in_fid_ary, $this->get_moderator_approve_forums());
 
 				if (empty($in_fid_ary))
 				{
@@ -1077,7 +1097,7 @@ class phpbb_feed_topic extends phpbb_feed_post_base
 		global $auth, $db;
 
 		$this->sql = array(
-			'SELECT'	=>	'p.post_id, p.post_time, p.post_subject, p.post_text, p.bbcode_bitfield, p.bbcode_uid, p.enable_bbcode, p.enable_smilies, p.enable_magic_url, ' .
+			'SELECT'	=>	'p.post_id, p.post_time, p.post_approved, p.post_subject, p.post_text, p.bbcode_bitfield, p.bbcode_uid, p.enable_bbcode, p.enable_smilies, p.enable_magic_url, ' .
 							'u.username, u.user_id',
 			'FROM'		=> array(
 				POSTS_TABLE		=> 'p',
@@ -1241,7 +1261,7 @@ class phpbb_feed_news extends phpbb_feed_topic_base
 
 		$this->sql = array(
 			'SELECT'	=> 'f.forum_id, f.forum_name,
-							t.topic_id, t.topic_title, t.topic_poster, t.topic_first_poster_name, t.topic_replies, t.topic_views, t.topic_time,
+							t.topic_id, t.topic_title, t.topic_poster, t.topic_first_poster_name, t.topic_replies, t.topic_replies_real, t.topic_views, t.topic_time,
 							p.post_id, p.post_time, p.post_text, p.bbcode_bitfield, p.bbcode_uid, p.enable_bbcode, p.enable_smilies, p.enable_magic_url',
 			'FROM'		=> array(
 				TOPICS_TABLE	=> 't',
@@ -1314,7 +1334,7 @@ class phpbb_feed_topics extends phpbb_feed_topic_base
 
 		$this->sql = array(
 			'SELECT'	=> 'f.forum_id, f.forum_name,
-							t.topic_id, t.topic_title, t.topic_poster, t.topic_first_poster_name, t.topic_replies, t.topic_views, t.topic_time,
+							t.topic_id, t.topic_title, t.topic_poster, t.topic_first_poster_name, t.topic_replies, t.topic_replies_real, t.topic_views, t.topic_time,
 							p.post_id, p.post_time, p.post_text, p.bbcode_bitfield, p.bbcode_uid, p.enable_bbcode, p.enable_smilies, p.enable_magic_url',
 			'FROM'		=> array(
 				TOPICS_TABLE	=> 't',
@@ -1412,7 +1432,7 @@ class phpbb_feed_topics_active extends phpbb_feed_topic_base
 
 		$this->sql = array(
 			'SELECT'	=> 'f.forum_id, f.forum_name,
-							t.topic_id, t.topic_title, t.topic_replies, t.topic_views,
+							t.topic_id, t.topic_title, t.topic_replies, t.topic_replies_real, t.topic_views,
 							t.topic_last_poster_id, t.topic_last_poster_name, t.topic_last_post_time,
 							p.post_id, p.post_time, p.post_text, p.bbcode_bitfield, p.bbcode_uid, p.enable_bbcode, p.enable_smilies, p.enable_magic_url',
 			'FROM'		=> array(

phpBB/includes/.htaccess

@@ -0,0 +1,4 @@
+<Files *>
+	Order Allow,Deny
+	Deny from All
+</Files>

phpBB/includes/acm/acm_file.php

@@ -78,8 +78,14 @@ class acm
 
 		if (!$this->_write('data_global'))
 		{
+			if (!function_exists('phpbb_is_writable'))
+			{
+				global $phpbb_root_path;
+				include($phpbb_root_path . 'includes/functions.' . $phpEx);
+			}
+
 			// Now, this occurred how often? ... phew, just tell the user then...
-			if (!@is_writable($this->cache_dir))
+			if (!phpbb_is_writable($this->cache_dir))
 			{
 				// We need to use die() here, because else we may encounter an infinite loop (the message handler calls $cache->unload())
 				die($this->cache_dir . ' is NOT writable.');
@@ -707,7 +713,13 @@ class acm
 	*/
 	function remove_file($filename, $check = false)
 	{
-		if ($check && !@is_writable($this->cache_dir))
+		if (!function_exists('phpbb_is_writable'))
+		{
+			global $phpbb_root_path, $phpEx;
+			include($phpbb_root_path . 'includes/functions.' . $phpEx);
+		}
+
+		if ($check && !phpbb_is_writable($this->cache_dir))
 		{
 			// E_USER_ERROR - not using language entry - intended.
 			trigger_error('Unable to remove files within ' . $this->cache_dir . '. Please check directory permissions.', E_USER_ERROR);

phpBB/includes/acm/acm_memcache.php

@@ -37,6 +37,12 @@ if (!defined('PHPBB_ACM_MEMCACHE_HOST'))
 	define('PHPBB_ACM_MEMCACHE_HOST', 'localhost');
 }
 
+if (!defined('PHPBB_ACM_MEMCACHE'))
+{
+	//can define multiple servers with host1/port1,host2/port2 format
+	define('PHPBB_ACM_MEMCACHE', PHPBB_ACM_MEMCACHE_HOST . '/' . PHPBB_ACM_MEMCACHE_PORT);
+}
+
 /**
 * ACM for Memcached
 * @package acm
@@ -54,7 +60,11 @@ class acm extends acm_memory
 		parent::acm_memory();
 
 		$this->memcache = new Memcache;
-		$this->memcache->connect(PHPBB_ACM_MEMCACHE_HOST, PHPBB_ACM_MEMCACHE_PORT);
+		foreach(explode(',', PHPBB_ACM_MEMCACHE) as $u)
+		{
+			$parts = explode('/', $u);
+			$this->memcache->addServer(trim($parts[0]), trim($parts[1]));
+		}
 		$this->flags = (PHPBB_ACM_MEMCACHE_COMPRESS) ? MEMCACHE_COMPRESSED : 0;
 	}
 

phpBB/includes/acm/acm_memory.php

@@ -407,7 +407,13 @@ class acm_memory
 	*/
 	function remove_file($filename, $check = false)
 	{
-		if ($check && !@is_writable($this->cache_dir))
+		if (!function_exists('phpbb_is_writable'))
+		{
+			global $phpbb_root_path, $phpEx;
+			include($phpbb_root_path . 'includes/functions.' . $phpEx);
+		}
+
+		if ($check && !phpbb_is_writable($this->cache_dir))
 		{
 			// E_USER_ERROR - not using language entry - intended.
 			trigger_error('Unable to remove files within ' . $this->cache_dir . '. Please check directory permissions.', E_USER_ERROR);

phpBB/includes/acp/acp_attachments.php

@@ -90,6 +90,7 @@ class acp_attachments
 				$s_assigned_groups = array();
 				while ($row = $db->sql_fetchrow($result))
 				{
+					$row['group_name'] = (isset($user->lang['EXT_GROUP_' . $row['group_name']])) ? $user->lang['EXT_GROUP_' . $row['group_name']] : $row['group_name'];
 					$s_assigned_groups[$row['cat_id']][] = $row['group_name'];
 				}
 				$db->sql_freeresult($result);
@@ -494,6 +495,10 @@ class acp_attachments
 						$sql = 'SELECT group_id
 							FROM ' . EXTENSION_GROUPS_TABLE . "
 							WHERE LOWER(group_name) = '" . $db->sql_escape(utf8_strtolower($new_group_name)) . "'";
+						if ($group_id)
+						{
+							$sql .= ' AND group_id <> ' . $group_id;
+						}
 						$result = $db->sql_query($sql);
 
 						if ($db->sql_fetchrow($result))
@@ -551,6 +556,7 @@ class acp_attachments
 							$group_id = $db->sql_nextid();
 						}
 
+						$group_name = (isset($user->lang['EXT_GROUP_' . $group_name])) ? $user->lang['EXT_GROUP_' . $group_name] : $group_name;
 						add_log('admin', 'LOG_ATTACH_EXTGROUP_' . strtoupper($action), $group_name);
 					}
 
@@ -858,7 +864,7 @@ class acp_attachments
 						'U_EDIT'		=> $this->u_action . "&amp;action=edit&amp;g={$row['group_id']}",
 						'U_DELETE'		=> $this->u_action . "&amp;action=delete&amp;g={$row['group_id']}",
 
-						'GROUP_NAME'	=> $row['group_name'],
+						'GROUP_NAME'	=> (isset($user->lang['EXT_GROUP_' . $row['group_name']])) ? $user->lang['EXT_GROUP_' . $row['group_name']] : $row['group_name'],
 						'CATEGORY'		=> $cat_lang[$row['cat_id']],
 						)
 					);
@@ -1118,6 +1124,7 @@ class acp_attachments
 		$group_name = array();
 		while ($row = $db->sql_fetchrow($result))
 		{
+			$row['group_name'] = (isset($user->lang['EXT_GROUP_' . $row['group_name']])) ? $user->lang['EXT_GROUP_' . $row['group_name']] : $row['group_name'];
 			$group_name[] = $row;
 		}
 		$db->sql_freeresult($result);
@@ -1215,7 +1222,7 @@ class acp_attachments
 			return;
 		}
 
-		if (!is_writable($phpbb_root_path . $upload_dir))
+		if (!phpbb_is_writable($phpbb_root_path . $upload_dir))
 		{
 			$error[] = sprintf($user->lang['NO_WRITE_UPLOAD'], $upload_dir);
 			return;

phpBB/includes/acp/acp_ban.php

@@ -224,7 +224,7 @@ class acp_ban
 				$template->assign_block_vars('ban_reason', array(
 					'BAN_ID'	=> $ban_id,
 					'REASON'	=> $reason,
-					'A_REASON'	=> addslashes(htmlspecialchars_decode($reason)),
+					'A_REASON'	=> addslashes($reason),
 				));
 			}
 		}
@@ -236,7 +236,7 @@ class acp_ban
 				$template->assign_block_vars('ban_give_reason', array(
 					'BAN_ID'	=> $ban_id,
 					'REASON'	=> $reason,
-					'A_REASON'	=> addslashes(htmlspecialchars_decode($reason)),
+					'A_REASON'	=> addslashes($reason),
 				));
 			}
 		}

phpBB/includes/acp/acp_board.php

@@ -58,7 +58,7 @@ class acp_board
 						'board_disable_msg'		=> false,
 						'default_lang'			=> array('lang' => 'DEFAULT_LANGUAGE',		'validate' => 'lang',	'type' => 'select', 'function' => 'language_select', 'params' => array('{CONFIG_VALUE}'), 'explain' => false),
 						'default_dateformat'	=> array('lang' => 'DEFAULT_DATE_FORMAT',	'validate' => 'string',	'type' => 'custom', 'method' => 'dateformat_select', 'explain' => true),
-						'board_timezone'		=> array('lang' => 'SYSTEM_TIMEZONE',		'validate' => 'string',	'type' => 'select', 'function' => 'tz_select', 'params' => array('{CONFIG_VALUE}', 1), 'explain' => false),
+						'board_timezone'		=> array('lang' => 'SYSTEM_TIMEZONE',		'validate' => 'string',	'type' => 'select', 'function' => 'tz_select', 'params' => array('{CONFIG_VALUE}', 1), 'explain' => true),
 						'board_dst'				=> array('lang' => 'SYSTEM_DST',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
 						'default_style'			=> array('lang' => 'DEFAULT_STYLE',			'validate' => 'int',	'type' => 'select', 'function' => 'style_select', 'params' => array('{CONFIG_VALUE}', false), 'explain' => false),
 						'override_user_style'	=> array('lang' => 'OVERRIDE_STYLE',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
@@ -319,6 +319,7 @@ class acp_board
 						'load_online_guests'	=> array('lang' => 'YES_ONLINE_GUESTS',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'load_onlinetrack'		=> array('lang' => 'YES_ONLINE_TRACK',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'load_birthdays'		=> array('lang' => 'YES_BIRTHDAYS',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
+						'load_unreads_search'	=> array('lang' => 'YES_UNREAD_SEARCH',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
 						'load_moderators'		=> array('lang' => 'YES_MODERATORS',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
 						'load_jumpbox'			=> array('lang' => 'YES_JUMPBOX',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
 						'load_user_activity'	=> array('lang' => 'LOAD_USER_ACTIVITY',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
@@ -888,8 +889,8 @@ class acp_board
 		$old_tz = $user->timezone;
 		$old_dst = $user->dst;
 
-		$user->timezone = $config['board_timezone'];
+		$user->timezone = $config['board_timezone'] * 3600;
-		$user->dst = $config['board_dst'];
+		$user->dst = $config['board_dst'] * 3600;
 
 		$dateformat_options = '';
 

phpBB/includes/acp/acp_captcha.php

@@ -89,14 +89,14 @@ class acp_captcha
 					}
 					else
 					{
-						trigger_error($user->lang['CAPTCHA_UNAVAILABLE'] . adm_back_link($this->u_action));
+						trigger_error($user->lang['CAPTCHA_UNAVAILABLE'] . adm_back_link($this->u_action), E_USER_WARNING);
 					}
 				}
 				trigger_error($user->lang['CONFIG_UPDATED'] . adm_back_link($this->u_action));
 			}
 			else if ($submit)
 			{
-				trigger_error($user->lang['FORM_INVALID'] . adm_back_link());
+				trigger_error($user->lang['FORM_INVALID'] . adm_back_link(), E_USER_WARNING);
 			}
 			else
 			{

phpBB/includes/acp/acp_database.php

@@ -109,6 +109,7 @@ class acp_database
 
 							case 'mssql':
 							case 'mssql_odbc':
+							case 'mssqlnative':
 								$extractor = new mssql_extractor($download, $store, $format, $filename, $time);
 							break;
 
@@ -138,6 +139,7 @@ class acp_database
 
 									case 'mssql':
 									case 'mssql_odbc':
+									case 'mssqlnative':
 										$extractor->flush('TRUNCATE TABLE ' . $table_name . "GO\n");
 									break;
 
@@ -392,6 +394,7 @@ class acp_database
 
 								case 'mssql':
 								case 'mssql_odbc':
+								case 'mssqlnative':
 									while (($sql = $fgetd($fp, "GO\n", $read, $seek, $eof)) !== false)
 									{
 										$db->sql_query($sql);
@@ -435,7 +438,7 @@ class acp_database
 								{
 									if (in_array($matches[2], $methods))
 									{
-										$backup_files[gmdate("d-m-Y H:i:s", $matches[1])] = $file;
+										$backup_files[(int) $matches[1]] = $file;
 									}
 								}
 							}
@@ -450,7 +453,7 @@ class acp_database
 							{
 								$template->assign_block_vars('files', array(
 									'FILE'		=> $file,
-									'NAME'		=> $name,
+									'NAME'		=> $user->format_date($name, 'd-m-Y H:i:s', true),
 									'SUPPORTED'	=> true,
 								));
 							}
@@ -1509,6 +1512,10 @@ class mssql_extractor extends base_extractor
 		{
 			$this->write_data_mssql($table_name);
 		}
+		else if($db->sql_layer === 'mssqlnative')
+		{
+			$this->write_data_mssqlnative($table_name);
+		}
 		else
 		{
 			$this->write_data_odbc($table_name);
@@ -1609,6 +1616,110 @@ class mssql_extractor extends base_extractor
 		$this->flush($sql_data);
 	}
 	
+	function write_data_mssqlnative($table_name)
+	{
+		global $db;
+		$ary_type = $ary_name = array();
+		$ident_set = false;
+		$sql_data = '';
+
+		// Grab all of the data from current table.
+		$sql = "SELECT * FROM $table_name";
+		$db->mssqlnative_set_query_options(array('Scrollable' => SQLSRV_CURSOR_STATIC));
+		$result = $db->sql_query($sql);
+
+		$retrieved_data = $db->mssqlnative_num_rows($result);
+
+		if (!$retrieved_data)
+		{
+			$db->sql_freeresult($result);
+			return;
+		}
+
+		$sql = "SELECT * FROM $table_name";
+		$result_fields = $db->sql_query_limit($sql, 1);
+
+		$row = new result_mssqlnative($result_fields);
+		$i_num_fields = $row->num_fields();
+		
+		for ($i = 0; $i < $i_num_fields; $i++)
+		{
+			$ary_type[$i] = $row->field_type($i);
+			$ary_name[$i] = $row->field_name($i);
+		}
+		$db->sql_freeresult($result_fields);
+
+		$sql = "SELECT 1 as has_identity
+			FROM INFORMATION_SCHEMA.COLUMNS
+			WHERE COLUMNPROPERTY(object_id('$table_name'), COLUMN_NAME, 'IsIdentity') = 1";
+		$result2 = $db->sql_query($sql);
+		$row2 = $db->sql_fetchrow($result2);
+		
+		if (!empty($row2['has_identity']))
+		{
+			$sql_data .= "\nSET IDENTITY_INSERT $table_name ON\nGO\n";
+			$ident_set = true;
+		}
+		$db->sql_freeresult($result2);
+
+		while ($row = $db->sql_fetchrow($result))
+		{
+			$schema_vals = $schema_fields = array();
+
+			// Build the SQL statement to recreate the data.
+			for ($i = 0; $i < $i_num_fields; $i++)
+			{
+				$str_val = $row[$ary_name[$i]];
+
+				// defaults to type number - better quote just to be safe, so check for is_int too
+				if (is_int($ary_type[$i]) || preg_match('#char|text|bool|varbinary#i', $ary_type[$i]))
+				{
+					$str_quote = '';
+					$str_empty = "''";
+					$str_val = sanitize_data_mssql(str_replace("'", "''", $str_val));
+				}
+				else if (preg_match('#date|timestamp#i', $ary_type[$i]))
+				{
+					if (empty($str_val))
+					{
+						$str_quote = '';
+					}
+					else
+					{
+						$str_quote = "'";
+					}
+				}
+				else
+				{
+					$str_quote = '';
+					$str_empty = 'NULL';
+				}
+
+				if (empty($str_val) && $str_val !== '0' && !(is_int($str_val) || is_float($str_val)))
+				{
+					$str_val = $str_empty;
+				}
+
+				$schema_vals[$i] = $str_quote . $str_val . $str_quote;
+				$schema_fields[$i] = $ary_name[$i];
+			}
+
+			// Take the ordered fields and their associated data and build it
+			// into a valid sql statement to recreate that field in the data.
+			$sql_data .= "INSERT INTO $table_name (" . implode(', ', $schema_fields) . ') VALUES (' . implode(', ', $schema_vals) . ");\nGO\n";
+
+			$this->flush($sql_data);
+			$sql_data = '';
+		}
+		$db->sql_freeresult($result);
+
+		if ($ident_set)
+		{
+			$sql_data .= "\nSET IDENTITY_INSERT $table_name OFF\nGO\n";
+		}
+		$this->flush($sql_data);
+	}	
+	
 	function write_data_odbc($table_name)
 	{
 		global $db;

phpBB/includes/acp/acp_forums.php

@@ -169,7 +169,7 @@ class acp_forums
 						$forum_data['forum_status'] = ITEM_UNLOCKED;
 					}
 
-					$forum_data['show_active'] = ($forum_data['forum_type'] == FORUM_POST) ? request_var('display_recent', true) : request_var('display_active', true);
+					$forum_data['show_active'] = ($forum_data['forum_type'] == FORUM_POST) ? request_var('display_recent', true) : request_var('display_active', false);
 
 					// Get data for forum rules if specified...
 					if ($forum_data['forum_rules'])
@@ -190,12 +190,14 @@ class acp_forums
 						$forum_perm_from = request_var('forum_perm_from', 0);
 						$cache->destroy('sql', FORUMS_TABLE);
 
+						$copied_permissions = false;
 						// Copy permissions?
 						if ($forum_perm_from && $forum_perm_from != $forum_data['forum_id'] &&
 							($action != 'edit' || empty($forum_id) || ($auth->acl_get('a_fauth') && $auth->acl_get('a_authusers') && $auth->acl_get('a_authgroups') && $auth->acl_get('a_mauth'))))
 						{
 							copy_forum_permissions($forum_perm_from, $forum_data['forum_id'], ($action == 'edit') ? true : false);
 							cache_moderators();
+							$copied_permissions = true;
 						}
 /* Commented out because of questionable UI workflow - re-visit for 3.0.7
 						else if (!$this->parent_id && $action != 'edit' && $auth->acl_get('a_fauth') && $auth->acl_get('a_authusers') && $auth->acl_get('a_authgroups') && $auth->acl_get('a_mauth'))
@@ -211,13 +213,13 @@ class acp_forums
 						$message = ($action == 'add') ? $user->lang['FORUM_CREATED'] : $user->lang['FORUM_UPDATED'];
 
 						// Redirect to permissions
-						if ($auth->acl_get('a_fauth'))
+						if ($auth->acl_get('a_fauth') && !$copied_permissions)
 						{
 							$message .= '<br /><br />' . sprintf($user->lang['REDIRECT_ACL'], '<a href="' . append_sid("{$phpbb_admin_path}index.$phpEx", 'i=permissions' . $acl_url) . '">', '</a>');
 						}
 
 						// redirect directly to permission settings screen if authed
-						if ($action == 'add' && !$forum_perm_from && $auth->acl_get('a_fauth'))
+						if ($action == 'add' && !$copied_permissions && $auth->acl_get('a_fauth'))
 						{
 							meta_refresh(4, append_sid("{$phpbb_admin_path}index.$phpEx", 'i=permissions' . $acl_url));
 						}
@@ -639,7 +641,8 @@ class acp_forums
 					'S_PRUNE_OLD_POLLS'			=> ($forum_data['forum_flags'] & FORUM_FLAG_PRUNE_POLL) ? true : false,
 					'S_PRUNE_ANNOUNCE'			=> ($forum_data['forum_flags'] & FORUM_FLAG_PRUNE_ANNOUNCE) ? true : false,
 					'S_PRUNE_STICKY'			=> ($forum_data['forum_flags'] & FORUM_FLAG_PRUNE_STICKY) ? true : false,
-					'S_DISPLAY_ACTIVE_TOPICS'	=> ($forum_data['forum_flags'] & FORUM_FLAG_ACTIVE_TOPICS) ? true : false,
+					'S_DISPLAY_ACTIVE_TOPICS'	=> ($forum_data['forum_type'] == FORUM_POST) ? ($forum_data['forum_flags'] & FORUM_FLAG_ACTIVE_TOPICS) : true,
+					'S_ENABLE_ACTIVE_TOPICS'	=> ($forum_data['forum_type'] == FORUM_CAT) ? ($forum_data['forum_flags'] & FORUM_FLAG_ACTIVE_TOPICS) : false,
 					'S_ENABLE_POST_REVIEW'		=> ($forum_data['forum_flags'] & FORUM_FLAG_POST_REVIEW) ? true : false,
 					'S_ENABLE_QUICK_REPLY'		=> ($forum_data['forum_flags'] & FORUM_FLAG_QUICK_REPLY) ? true : false,
 					'S_CAN_COPY_PERMISSIONS'	=> ($action != 'edit' || empty($forum_id) || ($auth->acl_get('a_fauth') && $auth->acl_get('a_authusers') && $auth->acl_get('a_authgroups') && $auth->acl_get('a_mauth'))) ? true : false,
@@ -980,7 +983,7 @@ class acp_forums
 
 				if (!$row)
 				{
-					trigger_error($user->lang['PARENT_NOT_EXIST'] . adm_back_link($this->u_action . '&amp;' . $this->parent_id), E_USER_WARNING);
+					trigger_error($user->lang['PARENT_NOT_EXIST'] . adm_back_link($this->u_action . '&amp;parent_id=' . $this->parent_id), E_USER_WARNING);
 				}
 
 				if ($row['forum_type'] == FORUM_LINK)
@@ -1639,6 +1642,9 @@ class acp_forums
 
 		delete_attachments('topic', $topic_ids, false);
 
+		// Delete shadow topics pointing to topics in this forum
+		delete_topic_shadows($forum_id);
+
 		// Before we remove anything we make sure we are able to adjust the post counts later. ;)
 		$sql = 'SELECT poster_id
 			FROM ' . POSTS_TABLE . '
@@ -1705,6 +1711,9 @@ class acp_forums
 					)
 				);
 
+				// Amount of rows we select and delete in one iteration.
+				$batch_size = 500;
+
 				foreach ($tables_ary as $field => $tables)
 				{
 					$start = 0;
@@ -1714,7 +1723,7 @@ class acp_forums
 						$sql = "SELECT $field
 							FROM " . POSTS_TABLE . '
 							WHERE forum_id = ' . $forum_id;
-						$result = $db->sql_query_limit($sql, 500, $start);
+						$result = $db->sql_query_limit($sql, $batch_size, $start);
 
 						$ids = array();
 						while ($row = $db->sql_fetchrow($result))
@@ -1733,7 +1742,7 @@ class acp_forums
 							}
 						}
 					}
-					while ($row);
+					while (sizeof($ids) == $batch_size);
 				}
 				unset($ids);
 

phpBB/includes/acp/acp_groups.php

@@ -49,7 +49,7 @@ class acp_groups
 
 
 		// Clear some vars
-		$can_upload = (file_exists($phpbb_root_path . $config['avatar_path']) && @is_writable($phpbb_root_path . $config['avatar_path']) && $file_uploads) ? true : false;
+		$can_upload = (file_exists($phpbb_root_path . $config['avatar_path']) && phpbb_is_writable($phpbb_root_path . $config['avatar_path']) && $file_uploads) ? true : false;
 		$group_row = array();
 
 		// Grab basic data for group, if group_id is set and exists
@@ -394,6 +394,15 @@ class acp_groups
 						}
 					}
 
+					// Validate the length of "Maximum number of allowed recipients per private message" setting.
+					// We use 16777215 as a maximum because it matches MySQL unsigned mediumint maximum value
+					// which is the lowest amongst DBMSes supported by phpBB3
+					if ($max_recipients_error = validate_data($submit_ary, array('max_recipients' => array('num', false, 0, 16777215))))
+					{
+						// Replace "error" string with its real, localised form
+						$error = array_merge($error, array_map(array(&$user, 'lang'), $max_recipients_error));
+					}
+
 					if (!sizeof($error))
 					{
 						// Only set the rank, colour, etc. if it's changed or if we're adding a new

phpBB/includes/acp/acp_language.php

@@ -1120,12 +1120,12 @@ class acp_language
 		{
 			while (($file = readdir($dp)) !== false)
 			{
-				if (!is_dir($phpbb_root_path . 'language/' . $file))
+				if ($file[0] == '.' || !is_dir($phpbb_root_path . 'language/' . $file))
 				{
 					continue;
 				}
 
-				if ($file[0] != '.' && file_exists("{$phpbb_root_path}language/$file/iso.txt"))
+				if (file_exists("{$phpbb_root_path}language/$file/iso.txt"))
 				{
 					if (!in_array($file, $installed))
 					{

phpBB/includes/acp/acp_php_info.php

@@ -37,7 +37,7 @@ class acp_php_info
 		$this->page_title = 'ACP_PHP_INFO';
 
 		ob_start();
-		@phpinfo(INFO_GENERAL | INFO_CONFIGURATION | INFO_MODULES | INFO_VARIABLES);
+		phpinfo(INFO_GENERAL | INFO_CONFIGURATION | INFO_MODULES | INFO_VARIABLES);
 		$phpinfo = ob_get_clean();
 
 		$phpinfo = trim($phpinfo);

phpBB/includes/acp/acp_profile.php

@@ -1480,6 +1480,7 @@ class acp_profile
 
 			case 'mssql':
 			case 'mssql_odbc':
+			case 'mssqlnative':
 
 				// We are defining the biggest common value, because of the possibility to edit the min/max values of each field.
 				$sql = 'ALTER TABLE [' . PROFILE_FIELDS_DATA_TABLE . "] ADD [$field_ident] ";

phpBB/includes/acp/acp_prune.php

@@ -315,8 +315,8 @@ class acp_prune
 					'mode'			=> $mode,
 					'prune'			=> 1,
 
-					'users'			=> request_var('users', '', true),
+					'users'			=> utf8_normalize_nfc(request_var('users', '', true)),
-					'username'		=> request_var('username', '', true),
+					'username'		=> utf8_normalize_nfc(request_var('username', '', true)),
 					'email'			=> request_var('email', ''),
 					'joined_select'	=> request_var('joined_select', ''),
 					'joined'		=> request_var('joined', ''),
@@ -369,7 +369,7 @@ class acp_prune
 	{
 		global $user, $db;
 
-		$users = request_var('users', '', true);
+		$users = utf8_normalize_nfc(request_var('users', '', true));
 		
 		if ($users)
 		{
@@ -378,7 +378,7 @@ class acp_prune
 		}
 		else
 		{
-			$username = request_var('username', '', true);
+			$username = utf8_normalize_nfc(request_var('username', '', true));
 			$email = request_var('email', '');
 
 			$joined_select = request_var('joined_select', 'lt');

phpBB/includes/acp/acp_reasons.php

@@ -233,6 +233,7 @@ class acp_reasons
 						// Standard? What's that?
 						case 'mssql':
 						case 'mssql_odbc':
+						case 'mssqlnative':
 							// Change the reports using this reason to 'other'
 							$sql = "DECLARE @ptrval binary(16)
 

phpBB/includes/acp/acp_styles.php

@@ -643,13 +643,13 @@ parse_css_file = {PARSE_CSS_FILE}
 		{
 			while (($file = readdir($dp)) !== false)
 			{
-				if (!is_dir($phpbb_root_path . 'styles/' . $file))
+				if ($file[0] == '.' || !is_dir($phpbb_root_path . 'styles/' . $file))
 				{
 					continue;
 				}
 
 				$subpath = ($mode != 'style') ? "$mode/" : '';
-				if ($file[0] != '.' && file_exists("{$phpbb_root_path}styles/$file/$subpath$mode.cfg"))
+				if (file_exists("{$phpbb_root_path}styles/$file/$subpath$mode.cfg"))
 				{
 					if ($cfg = file("{$phpbb_root_path}styles/$file/$subpath$mode.cfg"))
 					{
@@ -748,7 +748,7 @@ parse_css_file = {PARSE_CSS_FILE}
 			$additional = '';
 
 			// If the template is stored on the filesystem try to write the file else store it in the database
-			if (!$safe_mode && !$template_info['template_storedb'] && file_exists($file) && @is_writable($file))
+			if (!$safe_mode && !$template_info['template_storedb'] && file_exists($file) && phpbb_is_writable($file))
 			{
 				if (!($fp = @fopen($file, 'wb')))
 				{
@@ -1155,7 +1155,7 @@ parse_css_file = {PARSE_CSS_FILE}
 			$message = $user->lang['THEME_UPDATED'];
 
 			// If the theme is stored on the filesystem try to write the file else store it in the database
-			if (!$safe_mode && !$theme_info['theme_storedb'] && file_exists($file) && @is_writable($file))
+			if (!$safe_mode && !$theme_info['theme_storedb'] && file_exists($file) && phpbb_is_writable($file))
 			{
 				if (!($fp = @fopen($file, 'wb')))
 				{
@@ -2040,23 +2040,18 @@ parse_css_file = {PARSE_CSS_FILE}
 			{
 				case 'tar':
 					$ext = '.tar';
-					$mimetype = 'x-tar';
-					$compress = 'compress_tar';
 				break;
 
 				case 'zip':
 					$ext = '.zip';
-					$mimetype = 'zip';
 				break;
 
 				case 'tar.gz':
 					$ext = '.tar.gz';
-					$mimetype = 'x-gzip';
 				break;
 
 				case 'tar.bz2':
 					$ext = '.tar.bz2';
-					$mimetype = 'x-bzip2';
 				break;
 
 				default:
@@ -2246,7 +2241,7 @@ parse_css_file = {PARSE_CSS_FILE}
 			{
 				// a rather elaborate check we have to do here once to avoid trouble later
 				$check = "{$phpbb_root_path}styles/" . $style_row["{$mode}_path"] . (($mode === 'theme') ? '/theme/stylesheet.css' : '/template');
-				if (($style_row["{$mode}_storedb"] != $store_db) && !$store_db && ($safe_mode || !@is_writable($check)))
+				if (($style_row["{$mode}_storedb"] != $store_db) && !$store_db && ($safe_mode || !phpbb_is_writable($check)))
 				{
 					$error[] = $user->lang['EDIT_' . strtoupper($mode) . '_STORED_DB'];
 					$store_db = 1;
@@ -2326,7 +2321,7 @@ parse_css_file = {PARSE_CSS_FILE}
 						{
 							$theme_data = $this->db_theme_data($style_row);
 						}
-						else if (!$store_db && !$safe_mode && @is_writable("{$phpbb_root_path}styles/{$style_row['theme_path']}/theme/stylesheet.css"))
+						else if (!$store_db && !$safe_mode && phpbb_is_writable("{$phpbb_root_path}styles/{$style_row['theme_path']}/theme/stylesheet.css"))
 						{
 							$store_db = 1;
 							$theme_data = $style_row['theme_data'];
@@ -2357,7 +2352,7 @@ parse_css_file = {PARSE_CSS_FILE}
 						}
 						else
 						{
-							if (!$store_db && !$safe_mode && @is_writable("{$phpbb_root_path}styles/{$style_row['template_path']}/template"))
+							if (!$store_db && !$safe_mode && phpbb_is_writable("{$phpbb_root_path}styles/{$style_row['template_path']}/template"))
 							{
 								$err = $this->store_in_fs('template', $style_row['template_id']);
 								if ($err)
@@ -2531,13 +2526,21 @@ parse_css_file = {PARSE_CSS_FILE}
 
 		// Match CSS imports
 		$matches = array();
-		preg_match_all('/@import url\(["\'](.*)["\']\);/i', $stylesheet, $matches);
+		preg_match_all('/@import url\((["\'])(.*)\1\);/i', $stylesheet, $matches);
+
+		// remove commented stylesheets (very simple parser, allows only whitespace
+		// around an @import statement)
+		preg_match_all('#/\*\s*@import url\((["\'])(.*)\1\);\s\*/#i', $stylesheet, $commented);
+		$matches[2] = array_diff($matches[2], $commented[2]);
 
 		if (sizeof($matches))
 		{
 			foreach ($matches[0] as $idx => $match)
 			{
-				$stylesheet = str_replace($match, acp_styles::load_css_file($theme_row['theme_path'], $matches[1][$idx]), $stylesheet);
+				if (isset($matches[2][$idx]))
+				{
+					$stylesheet = str_replace($match, acp_styles::load_css_file($theme_row['theme_path'], $matches[2][$idx]), $stylesheet);
+				}
 			}
 		}
 
@@ -3728,7 +3731,7 @@ parse_css_file = {PARSE_CSS_FILE}
 
 		$store_db = 0;
 		$error = array();
-		if (!$safe_mode && @is_writable("{$phpbb_root_path}styles/{$path}/template"))
+		if (!$safe_mode && phpbb_is_writable("{$phpbb_root_path}styles/{$path}/template"))
 		{
 			$sql = 'SELECT *
 					FROM ' . STYLES_TEMPLATE_DATA_TABLE . "

phpBB/includes/acp/acp_update.php

@@ -51,6 +51,14 @@ class acp_update
 		$announcement_url = (strpos($announcement_url, '&') === false) ? str_replace('&', '&', $announcement_url) : $announcement_url;
 		$update_link = append_sid($phpbb_root_path . 'install/index.' . $phpEx, 'mode=update');
 
+		// next feature release
+		$next_feature_version = $next_feature_announcement_url = false;
+		if (isset($info[2]) && trim($info[2]) !== '')
+		{
+			$next_feature_version = trim($info[2]);
+			$next_feature_announcement_url = trim($info[3]);
+		}
+
 		// Determine automatic update...
 		$sql = 'SELECT config_value
 			FROM ' . CONFIG_TABLE . "
@@ -74,8 +82,10 @@ class acp_update
 			'LATEST_VERSION'	=> $latest_version,
 			'CURRENT_VERSION'	=> $config['version'],
 			'AUTO_VERSION'		=> $version_update_from,
+			'NEXT_FEATURE_VERSION'	=> $next_feature_version,
 
 			'UPDATE_INSTRUCTIONS'	=> sprintf($user->lang['UPDATE_INSTRUCTIONS'], $announcement_url, $update_link),
+			'UPGRADE_INSTRUCTIONS'	=> $next_feature_version ? $user->lang('UPGRADE_INSTRUCTIONS', $next_feature_version, $next_feature_announcement_url) : false,
 		));
 	}
 }

phpBB/includes/acp/acp_users.php

@@ -105,7 +105,7 @@ class acp_users
 				LEFT JOIN ' . SESSIONS_TABLE . ' s ON (s.session_user_id = u.user_id)
 			WHERE u.user_id = ' . $user_id . '
 			ORDER BY s.session_time DESC';
-		$result = $db->sql_query($sql);
+		$result = $db->sql_query_limit($sql, 1);
 		$user_row = $db->sql_fetchrow($result);
 		$db->sql_freeresult($result);
 
@@ -191,6 +191,8 @@ class acp_users
 							trigger_error($user->lang['CANNOT_REMOVE_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
 						}
 
+						if ($delete_type)
+						{
 							if (confirm_box(true))
 							{
 								user_delete($delete_type, $user_id, $user_row['username']);
@@ -211,6 +213,11 @@ class acp_users
 								);
 							}
 						}
+						else
+						{
+							trigger_error($user->lang['NO_MODE'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
+						}
+					}
 
 					// Handle quicktool actions
 					switch ($action)
@@ -224,6 +231,11 @@ class acp_users
 								trigger_error($user->lang['CANNOT_BAN_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
 							}
 
+							if ($user_id == ANONYMOUS)
+							{
+								trigger_error($user->lang['CANNOT_BAN_ANONYMOUS'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
+							}
+
 							if ($user_row['user_type'] == USER_FOUNDER)
 							{
 								trigger_error($user->lang['CANNOT_BAN_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
@@ -307,10 +319,7 @@ class acp_users
 
 								$server_url = generate_board_url();
 
-								$user_actkey = gen_rand_string(10);
+								$user_actkey = gen_rand_string(mt_rand(6, 10));
-								$key_len = 54 - (strlen($server_url));
-								$key_len = ($key_len > 6) ? $key_len : 6;
-								$user_actkey = substr($user_actkey, 0, $key_len);
 								$email_template = ($user_row['user_type'] == USER_NORMAL) ? 'user_reactivate_account' : 'user_resend_inactive';
 
 								if ($user_row['user_type'] == USER_NORMAL)
@@ -1550,6 +1559,31 @@ class acp_users
 							WHERE user_id = $user_id";
 						$db->sql_query($sql);
 
+						// Check if user has an active session
+						if ($user_row['session_id'])
+						{
+							// We'll update the session if user_allow_viewonline has changed and the user is a bot
+							// Or if it's a regular user and the admin set it to hide the session
+							if ($user_row['user_allow_viewonline'] != $sql_ary['user_allow_viewonline'] && $user_row['user_type'] == USER_IGNORE
+								|| $user_row['user_allow_viewonline'] && !$sql_ary['user_allow_viewonline'])
+							{
+								// We also need to check if the user has the permission to cloak.
+								$user_auth = new auth();
+								$user_auth->acl($user_row);
+
+								$session_sql_ary = array(
+									'session_viewonline'	=> ($user_auth->acl_get('u_hideonline')) ? $sql_ary['user_allow_viewonline'] : true,
+								);
+
+								$sql = 'UPDATE ' . SESSIONS_TABLE . '
+									SET ' . $db->sql_build_array('UPDATE', $session_sql_ary) . "
+									WHERE session_user_id = $user_id";
+								$db->sql_query($sql);
+
+								unset($user_auth);
+							}
+						}
+
 						trigger_error($user->lang['USER_PREFS_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id));
 					}
 
@@ -1664,7 +1698,7 @@ class acp_users
 				include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
 				include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
 
-				$can_upload = (file_exists($phpbb_root_path . $config['avatar_path']) && @is_writable($phpbb_root_path . $config['avatar_path']) && $file_uploads) ? true : false;
+				$can_upload = (file_exists($phpbb_root_path . $config['avatar_path']) && phpbb_is_writable($phpbb_root_path . $config['avatar_path']) && $file_uploads) ? true : false;
 
 				if ($submit)
 				{
@@ -1674,7 +1708,7 @@ class acp_users
 							trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
 					}
 
-					if (avatar_process_user($error, $user_row))
+					if (avatar_process_user($error, $user_row, $can_upload))
 					{
 						trigger_error($user->lang['USER_AVATAR_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_row['user_id']));
 					}
@@ -2084,7 +2118,7 @@ class acp_users
 									LEFT JOIN ' . SESSIONS_TABLE . ' s ON (s.session_user_id = u.user_id)
 								WHERE u.user_id = ' . $user_id . '
 								ORDER BY s.session_time DESC';
-							$result = $db->sql_query($sql);
+							$result = $db->sql_query_limit($sql, 1);
 							$user_row = $db->sql_fetchrow($result);
 							$db->sql_freeresult($result);
 						}

phpBB/includes/acp/info/acp_board.php

@@ -24,7 +24,7 @@ class acp_board_info
 				'features'		=> array('title' => 'ACP_BOARD_FEATURES', 'auth' => 'acl_a_board', 'cat' => array('ACP_BOARD_CONFIGURATION')),
 				'avatar'		=> array('title' => 'ACP_AVATAR_SETTINGS', 'auth' => 'acl_a_board', 'cat' => array('ACP_BOARD_CONFIGURATION')),
 				'message'		=> array('title' => 'ACP_MESSAGE_SETTINGS', 'auth' => 'acl_a_board', 'cat' => array('ACP_BOARD_CONFIGURATION', 'ACP_MESSAGES')),
-				'post'			=> array('title' => 'ACP_POST_SETTINGS', 'auth' => 'acl_a_board', 'cat' => array('ACP_BOARD_CONFIGURATION')),
+				'post'			=> array('title' => 'ACP_POST_SETTINGS', 'auth' => 'acl_a_board', 'cat' => array('ACP_BOARD_CONFIGURATION', 'ACP_MESSAGES')),
 				'signature'		=> array('title' => 'ACP_SIGNATURE_SETTINGS', 'auth' => 'acl_a_board', 'cat' => array('ACP_BOARD_CONFIGURATION')),
 				'feed'			=> array('title' => 'ACP_FEED_SETTINGS', 'auth' => 'acl_a_board', 'cat' => array('ACP_BOARD_CONFIGURATION')),
 				'registration'	=> array('title' => 'ACP_REGISTER_SETTINGS', 'auth' => 'acl_a_board', 'cat' => array('ACP_BOARD_CONFIGURATION')),

phpBB/includes/auth/auth_db.php

@@ -134,7 +134,8 @@ function login_db(&$username, &$password)
 				// increase login attempt count to make sure this cannot be exploited
 				$sql = 'UPDATE ' . USERS_TABLE . '
 					SET user_login_attempts = user_login_attempts + 1
-					WHERE user_id = ' . $row['user_id'];
+					WHERE user_id = ' . (int) $row['user_id'] . '
+						AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX;
 				$db->sql_query($sql);
 
 				return array(
@@ -194,7 +195,8 @@ function login_db(&$username, &$password)
 	// Password incorrect - increase login attempts
 	$sql = 'UPDATE ' . USERS_TABLE . '
 		SET user_login_attempts = user_login_attempts + 1
-		WHERE user_id = ' . $row['user_id'];
+		WHERE user_id = ' . (int) $row['user_id'] . '
+			AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX;
 	$db->sql_query($sql);
 
 	// Give status about wrong password...

phpBB/includes/auth/auth_ldap.php

@@ -74,7 +74,7 @@ function init_ldap()
 
 	if ($search === false)
 	{
-		return $user->lang['LDAP_NO_SERVER_CONNECTION'];
+		return $user->lang['LDAP_SEARCH_FAILED'];
 	}
 
 	$result = @ldap_get_entries($ldap, $search);

phpBB/includes/cache.php

@@ -82,11 +82,20 @@ class cache extends acm
 			$result = $db->sql_query($sql);
 
 			$censors = array();
+			$unicode = ((version_compare(PHP_VERSION, '5.1.0', '>=') || (version_compare(PHP_VERSION, '5.0.0-dev', '<=') && version_compare(PHP_VERSION, '4.4.0', '>='))) && @preg_match('/\p{L}/u', 'a') !== false) ? true : false;
+
 			while ($row = $db->sql_fetchrow($result))
 			{
-				if ((version_compare(PHP_VERSION, '5.1.0', '>=') || (version_compare(PHP_VERSION, '5.0.0-dev', '<=') && version_compare(PHP_VERSION, '4.4.0', '>='))) && @preg_match('/\p{L}/u', 'a') !== false)
+				if ($unicode)
 				{
-					$censors['match'][] = '#(?<![\p{Nd}\p{L}_])(' . str_replace('\*', '[\p{Nd}\p{L}_]*?', preg_quote($row['word'], '#')) . ')(?![\p{Nd}\p{L}_])#iu';
+					// Unescape the asterisk to simplify further conversions
+					$row['word'] = str_replace('\*', '*', preg_quote($row['word'], '#'));
+					
+					// Replace the asterisk inside the pattern, at the start and at the end of it with regexes
+					$row['word'] = preg_replace(array('#(?<=[\p{Nd}\p{L}_])\*(?=[\p{Nd}\p{L}_])#iu', '#^\*#', '#\*$#'), array('([\x20]*?|[\p{Nd}\p{L}_-]*?)', '[\p{Nd}\p{L}_-]*?', '[\p{Nd}\p{L}_-]*?'), $row['word']);
+
+					// Generate the final substitution
+					$censors['match'][] = '#(?<![\p{Nd}\p{L}_-])(' . $row['word'] . ')(?![\p{Nd}\p{L}_-])#iu';
 				}
 				else
 				{
@@ -297,6 +306,7 @@ class cache extends acm
 			{
 				case 'mssql':
 				case 'mssql_odbc':
+				case 'mssqlnative':
 					$sql = 'SELECT user_id, bot_agent, bot_ip
 						FROM ' . BOTS_TABLE . '
 						WHERE bot_active = 1

phpBB/includes/captcha/plugins/captcha_abstract.php

@@ -59,7 +59,7 @@ class phpbb_default_captcha
 	{
 		global $user;
 
-		$this->code = gen_rand_string(mt_rand(CAPTCHA_MIN_CHARS, CAPTCHA_MAX_CHARS));
+		$this->code = gen_rand_string_friendly(mt_rand(CAPTCHA_MIN_CHARS, CAPTCHA_MAX_CHARS));
 		$this->seed = hexdec(substr(unique_id(), 4, 10));
 
 		// compute $seed % 0x7fffffff
@@ -235,7 +235,7 @@ class phpbb_default_captcha
 	{
 		global $db, $user;
 
-		$this->code = gen_rand_string(mt_rand(CAPTCHA_MIN_CHARS, CAPTCHA_MAX_CHARS));
+		$this->code = gen_rand_string_friendly(mt_rand(CAPTCHA_MIN_CHARS, CAPTCHA_MAX_CHARS));
 		$this->confirm_id = md5(unique_id($user->ip));
 		$this->seed = hexdec(substr(unique_id(), 4, 10));
 		$this->solved = 0;
@@ -259,7 +259,7 @@ class phpbb_default_captcha
 	{
 		global $db, $user;
 
-		$this->code = gen_rand_string(mt_rand(CAPTCHA_MIN_CHARS, CAPTCHA_MAX_CHARS));
+		$this->code = gen_rand_string_friendly(mt_rand(CAPTCHA_MIN_CHARS, CAPTCHA_MAX_CHARS));
 		$this->seed = hexdec(substr(unique_id(), 4, 10));
 		$this->solved = 0;
 		// compute $seed % 0x7fffffff
@@ -281,7 +281,7 @@ class phpbb_default_captcha
 	{
 		global $db, $user;
 
-		$this->code = gen_rand_string(mt_rand(CAPTCHA_MIN_CHARS, CAPTCHA_MAX_CHARS));
+		$this->code = gen_rand_string_friendly(mt_rand(CAPTCHA_MIN_CHARS, CAPTCHA_MAX_CHARS));
 		$this->seed = hexdec(substr(unique_id(), 4, 10));
 		$this->solved = 0;
 		// compute $seed % 0x7fffffff

phpBB/includes/captcha/plugins/phpbb_recaptcha_plugin.php

@@ -313,13 +313,10 @@ class phpbb_recaptcha extends phpbb_default_captcha
 			return false;
 		}
 		else
-		{
-			if ($answers[1] === 'incorrect-captcha-sol')
 		{
 			return $user->lang['RECAPTCHA_INCORRECT'];
 		}
 	}
-	}
 
 	/**
 	* Encodes the given data into a query string format

phpBB/includes/constants.php

@@ -25,7 +25,7 @@ if (!defined('IN_PHPBB'))
 */
 
 // phpBB Version
-define('PHPBB_VERSION', '3.0.7-PL1');
+define('PHPBB_VERSION', '3.0.8');
 
 // QA-related
 // define('PHPBB_QA', 1);
@@ -69,6 +69,10 @@ define('LOGIN_ERROR_ATTEMPTS', 13);
 define('LOGIN_ERROR_EXTERNAL_AUTH', 14);
 define('LOGIN_ERROR_PASSWORD_CONVERT', 15);
 
+// Maximum login attempts
+// The value is arbitrary, but it has to fit into the user_login_attempts field.
+define('LOGIN_ATTEMPTS_MAX', 100);
+
 // Group settings
 define('GROUP_OPEN', 0);
 define('GROUP_CLOSED', 1);
@@ -117,6 +121,10 @@ define('NOTIFY_EMAIL', 0);
 define('NOTIFY_IM', 1);
 define('NOTIFY_BOTH', 2);
 
+// Notify status
+define('NOTIFY_YES', 0);
+define('NOTIFY_NO', 1);
+
 // Email Priority Settings
 define('MAIL_LOW_PRIORITY', 4);
 define('MAIL_NORMAL_PRIORITY', 3);

phpBB/includes/db/db_tools.php

@@ -160,6 +160,36 @@ class phpbb_db_tools
 			'VARBINARY'	=> '[varchar] (255)',
 		),
 
+		'mssqlnative'	=> array(
+			'INT:'		=> '[int]',
+			'BINT'		=> '[float]',
+			'UINT'		=> '[int]',
+			'UINT:'		=> '[int]',
+			'TINT:'		=> '[int]',
+			'USINT'		=> '[int]',
+			'BOOL'		=> '[int]',
+			'VCHAR'		=> '[varchar] (255)',
+			'VCHAR:'	=> '[varchar] (%d)',
+			'CHAR:'		=> '[char] (%d)',
+			'XSTEXT'	=> '[varchar] (1000)',
+			'STEXT'		=> '[varchar] (3000)',
+			'TEXT'		=> '[varchar] (8000)',
+			'MTEXT'		=> '[text]',
+			'XSTEXT_UNI'=> '[varchar] (100)',
+			'STEXT_UNI'	=> '[varchar] (255)',
+			'TEXT_UNI'	=> '[varchar] (4000)',
+			'MTEXT_UNI'	=> '[text]',
+			'TIMESTAMP'	=> '[int]',
+			'DECIMAL'	=> '[float]',
+			'DECIMAL:'	=> '[float]',
+			'PDECIMAL'	=> '[float]',
+			'PDECIMAL:'	=> '[float]',
+			'VCHAR_UNI'	=> '[varchar] (255)',
+			'VCHAR_UNI:'=> '[varchar] (%d)',
+			'VCHAR_CI'	=> '[varchar] (255)',
+			'VARBINARY'	=> '[varchar] (255)',
+		),
+
 		'oracle'	=> array(
 			'INT:'		=> 'number(%d)',
 			'BINT'		=> 'number(20)',
@@ -261,7 +291,7 @@ class phpbb_db_tools
 	* A list of supported DBMS. We change this class to support more DBMS, the DBMS itself only need to follow some rules.
 	* @var array
 	*/
-	var $supported_dbms = array('firebird', 'mssql', 'mysql_40', 'mysql_41', 'oracle', 'postgres', 'sqlite');
+	var $supported_dbms = array('firebird', 'mssql', 'mssqlnative', 'mysql_40', 'mysql_41', 'oracle', 'postgres', 'sqlite');
 
 	/**
 	* This is set to true if user only wants to return the 'to-be-executed' SQL statement(s) (as an array).
@@ -307,6 +337,10 @@ class phpbb_db_tools
 				$this->sql_layer = 'mssql';
 			break;
 
+			case 'mssqlnative':
+				$this->sql_layer = 'mssqlnative';
+			break;
+
 			default:
 				$this->sql_layer = $this->db->sql_layer;
 			break;
@@ -368,6 +402,7 @@ class phpbb_db_tools
 		switch ($this->sql_layer)
 		{
 			case 'mssql':
+			case 'mssqlnative':
 				$table_sql = 'CREATE TABLE [' . $table_name . '] (' . "\n";
 			break;
 
@@ -386,6 +421,7 @@ class phpbb_db_tools
 			switch ($this->sql_layer)
 			{
 				case 'mssql':
+				case 'mssqlnative':
 					$columns[] = "\t [{$column_name}] " . $prepared_column['column_type_sql_default'];
 				break;
 
@@ -425,6 +461,7 @@ class phpbb_db_tools
 			break;
 
 			case 'mssql':
+			case 'mssqlnative':
 				$table_sql .= "\n) ON [PRIMARY]" . (($create_textimage) ? ' TEXTIMAGE_ON [PRIMARY]' : '');
 				$statements[] = $table_sql;
 			break;
@@ -453,6 +490,7 @@ class phpbb_db_tools
 
 					case 'firebird':
 					case 'mssql':
+					case 'mssqlnative':
 						// We need the data here
 						$old_return_statements = $this->return_statements;
 						$this->return_statements = true;
@@ -573,7 +611,7 @@ class phpbb_db_tools
 	*	drop_columns: Removing/Dropping columns
 	*	add_primary_keys: adding primary keys
 	*	add_unique_index: adding an unique index
-	*	add_index: adding an index
+	*	add_index: adding an index (can be column:index_size if you need to provide size)
 	*
 	* The values are in this format:
 	*		{TABLE NAME}		=> array(
@@ -970,6 +1008,7 @@ class phpbb_db_tools
 			// same deal with PostgreSQL, we must perform more complex operations than
 			// we technically could
 			case 'mssql':
+			case 'mssqlnative':
 				$sql = "SELECT c.name
 					FROM syscolumns c
 					LEFT JOIN sysobjects o ON c.id = o.id
@@ -1187,6 +1226,7 @@ class phpbb_db_tools
 			break;
 
 			case 'mssql':
+			case 'mssqlnative':
 				$sql .= " {$column_type} ";
 				$sql_default = " {$column_type} ";
 
@@ -1335,6 +1375,7 @@ class phpbb_db_tools
 			break;
 
 			case 'mssql':
+			case 'mssqlnative':
 				$statements[] = 'ALTER TABLE [' . $table_name . '] ADD [' . $column_name . '] ' . $column_data['column_type_sql_default'];
 			break;
 
@@ -1455,6 +1496,7 @@ class phpbb_db_tools
 			break;
 
 			case 'mssql':
+			case 'mssqlnative':
 				$statements[] = 'ALTER TABLE [' . $table_name . '] DROP COLUMN [' . $column_name . ']';
 			break;
 
@@ -1549,6 +1591,7 @@ class phpbb_db_tools
 		switch ($this->sql_layer)
 		{
 			case 'mssql':
+			case 'mssqlnative':
 				$statements[] = 'DROP INDEX ' . $table_name . '.' . $index_name;
 			break;
 
@@ -1652,6 +1695,7 @@ class phpbb_db_tools
 			break;
 
 			case 'mssql':
+			case 'mssqlnative':
 				$sql = "ALTER TABLE [{$table_name}] WITH NOCHECK ADD ";
 				$sql .= "CONSTRAINT [PK_{$table_name}] PRIMARY KEY  CLUSTERED (";
 				$sql .= '[' . implode("],\n\t\t[", $column) . ']';
@@ -1745,6 +1789,7 @@ class phpbb_db_tools
 			break;
 
 			case 'mssql':
+			case 'mssqlnative':
 				$statements[] = 'CREATE UNIQUE INDEX ' . $index_name . ' ON ' . $table_name . '(' . implode(', ', $column) . ') ON [PRIMARY]';
 			break;
 		}
@@ -1759,6 +1804,12 @@ class phpbb_db_tools
 	{
 		$statements = array();
 
+		// remove index length unless MySQL4
+		if ('mysql_40' != $this->sql_layer)
+		{
+			$column = preg_replace('#:.*$#', '', $column);
+		}
+
 		switch ($this->sql_layer)
 		{
 			case 'firebird':
@@ -1769,11 +1820,22 @@ class phpbb_db_tools
 			break;
 
 			case 'mysql_40':
+				// add index size to definition as required by MySQL4
+				foreach ($column as $i => $col)
+				{
+					if (false !== strpos($col, ':'))
+					{
+						list($col, $index_size) = explode(':', $col);
+						$column[$i] = "$col($index_size)";
+					}
+				}
+			// no break
 			case 'mysql_41':
 				$statements[] = 'CREATE INDEX ' . $index_name . ' ON ' . $table_name . '(' . implode(', ', $column) . ')';
 			break;
 
 			case 'mssql':
+			case 'mssqlnative':
 				$statements[] = 'CREATE INDEX ' . $index_name . ' ON ' . $table_name . '(' . implode(', ', $column) . ') ON [PRIMARY]';
 			break;
 		}
@@ -1791,7 +1853,7 @@ class phpbb_db_tools
 	{
 		$index_array = array();
 
-		if ($this->sql_layer == 'mssql')
+		if ($this->sql_layer == 'mssql' || $this->sql_layer == 'mssqlnative')
 		{
 			$sql = "EXEC sp_statistics '$table_name'";
 			$result = $this->db->sql_query($sql);
@@ -1900,6 +1962,7 @@ class phpbb_db_tools
 			break;
 
 			case 'mssql':
+			case 'mssqlnative':
 				$statements[] = 'ALTER TABLE [' . $table_name . '] ALTER COLUMN [' . $column_name . '] ' . $column_data['column_type_sql'];
 
 				if (!empty($column_data['default']))

phpBB/includes/db/firebird.php

@@ -63,10 +63,19 @@ class dbal_firebird extends dbal
 	/**
 	* Version information about used database
 	* @param bool $raw if true, only return the fetched sql_server_version
+	* @param bool $use_cache forced to false for Interbase
 	* @return string sql server version
 	*/
-	function sql_server_info($raw = false)
+	function sql_server_info($raw = false, $use_cache = true)
 	{
+		/**
+		* force $use_cache false.  I didn't research why the caching code there is no caching code
+		* but I assume its because the IB extension provides a direct method to access it
+		* without a query.
+		*/
+
+		$use_cache = false;
+
 		if ($this->service_handle !== false && function_exists('ibase_server_info'))
 		{
 			return @ibase_server_info($this->service_handle, IBASE_SVC_SERVER_VERSION);

phpBB/includes/db/mssql.php

@@ -65,13 +65,14 @@ class dbal_mssql extends dbal
 	/**
 	* Version information about used database
 	* @param bool $raw if true, only return the fetched sql_server_version
+	* @param bool $use_cache If true, it is safe to retrieve the value from the cache
 	* @return string sql server version
 	*/
-	function sql_server_info($raw = false)
+	function sql_server_info($raw = false, $use_cache = true)
 	{
 		global $cache;
 
-		if (empty($cache) || ($this->sql_server_version = $cache->get('mssql_version')) === false)
+		if (!$use_cache || empty($cache) || ($this->sql_server_version = $cache->get('mssql_version')) === false)
 		{
 			$result_id = @mssql_query("SELECT SERVERPROPERTY('productversion'), SERVERPROPERTY('productlevel'), SERVERPROPERTY('edition')", $this->db_connect_id);
 
@@ -84,7 +85,7 @@ class dbal_mssql extends dbal
 
 			$this->sql_server_version = ($row) ? trim(implode(' ', $row)) : 0;
 
-			if (!empty($cache))
+			if (!empty($cache) && $use_cache)
 			{
 				$cache->put('mssql_version', $this->sql_server_version);
 			}

phpBB/includes/db/mssql_odbc.php

@@ -76,13 +76,14 @@ class dbal_mssql_odbc extends dbal
 	/**
 	* Version information about used database
 	* @param bool $raw if true, only return the fetched sql_server_version
+	* @param bool $use_cache If true, it is safe to retrieve the value from the cache
 	* @return string sql server version
 	*/
-	function sql_server_info($raw = false)
+	function sql_server_info($raw = false, $use_cache = true)
 	{
 		global $cache;
 
-		if (empty($cache) || ($this->sql_server_version = $cache->get('mssqlodbc_version')) === false)
+		if (!$use_cache || empty($cache) || ($this->sql_server_version = $cache->get('mssqlodbc_version')) === false)
 		{
 			$result_id = @odbc_exec($this->db_connect_id, "SELECT SERVERPROPERTY('productversion'), SERVERPROPERTY('productlevel'), SERVERPROPERTY('edition')");
 
@@ -95,7 +96,7 @@ class dbal_mssql_odbc extends dbal
 
 			$this->sql_server_version = ($row) ? trim(implode(' ', $row)) : 0;
 
-			if (!empty($cache))
+			if (!empty($cache) && $use_cache)
 			{
 				$cache->put('mssqlodbc_version', $this->sql_server_version);
 			}

phpBB/includes/db/mssqlnative.php

@@ -0,0 +1,641 @@
+<?php
+/**
+*
+* @package dbal
+* @version $Id$
+* @copyright (c) 2010 phpBB Group
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License
+*
+* This is the MS SQL Server Native database abstraction layer.
+* PHP mssql native driver required.
+* @author Chris Pucci
+*
+*/
+
+/**
+* @ignore
+*/
+if (!defined('IN_PHPBB'))
+{
+	exit;
+}
+
+include_once($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
+
+/**
+ * Prior to version 1.1 the SQL Server Native PHP driver didn't support sqlsrv_num_rows, or cursor based seeking so we recall all rows into an array
+ * and maintain our own cursor index into that array.
+ */
+class result_mssqlnative
+{
+	public function result_mssqlnative($queryresult = false)
+	{
+		$this->m_cursor = 0;
+		$this->m_rows = array();
+		$this->m_num_fields = sqlsrv_num_fields($queryresult);
+		$this->m_field_meta = sqlsrv_field_metadata($queryresult);
+
+		while ($row = sqlsrv_fetch_array($queryresult, SQLSRV_FETCH_ASSOC))
+		{
+			if ($row !== null)
+			{
+				foreach($row as $k => $v)
+				{
+					if (is_object($v) && method_exists($v, 'format'))
+					{
+						$row[$k] = $v->format("Y-m-d\TH:i:s\Z");
+					}
+				}
+				$this->m_rows[] = $row;//read results into memory, cursors are not supported
+			}
+		}
+
+		$this->m_row_count = count($this->m_rows);
+	}
+
+	private function array_to_obj($array, &$obj)
+	{
+		foreach ($array as $key => $value)
+		{
+			if (is_array($value))
+			{
+				$obj->$key = new stdClass();
+				array_to_obj($value, $obj->$key);
+			}
+			else
+			{
+				$obj->$key = $value;
+			}
+		}
+		return $obj;
+	}
+
+	public function fetch($mode = SQLSRV_FETCH_BOTH, $object_class = 'stdClass')
+	{
+		if ($this->m_cursor >= $this->m_row_count || $this->m_row_count == 0)
+		{
+			return false;
+		}
+
+		$ret = false;
+		$arr_num = array();
+
+		if ($mode == SQLSRV_FETCH_NUMERIC || $mode == SQLSRV_FETCH_BOTH)
+		{
+			foreach($this->m_rows[$this->m_cursor] as $key => $value)
+			{
+				$arr_num[] = $value;
+			}
+		}
+
+		switch ($mode)
+		{
+			case SQLSRV_FETCH_ASSOC:
+				$ret = $this->m_rows[$this->m_cursor];
+			break;
+			case SQLSRV_FETCH_NUMERIC:
+				$ret = $arr_num;
+			break;
+			case 'OBJECT':
+				$ret = $this->array_to_obj($this->m_rows[$this->m_cursor], $o = new $object_class);
+			break;
+			case SQLSRV_FETCH_BOTH:
+			default:
+				$ret = $this->m_rows[$this->m_cursor] + $arr_num;
+			break;
+		}
+		$this->m_cursor++;
+		return $ret;
+	}
+
+	public function get($pos, $fld)
+	{
+		return $this->m_rows[$pos][$fld];
+	}
+
+	public function num_rows()
+	{
+		return $this->m_row_count;
+	}
+
+	public function seek($iRow)
+	{
+		$this->m_cursor = min($iRow, $this->m_row_count);
+	}
+
+	public function num_fields()
+	{
+		return $this->m_num_fields;
+	}
+
+	public function field_name($nr)
+	{
+		$arr_keys = array_keys($this->m_rows[0]);
+		return $arr_keys[$nr];
+	}
+
+	public function field_type($nr)
+	{
+		$i = 0;
+		$int_type = -1;
+		$str_type = '';
+
+		foreach ($this->m_field_meta as $meta)
+		{
+			if ($nr == $i)
+			{
+				$int_type = $meta['Type'];
+				break;
+			}
+			$i++;
+		}
+
+		//http://msdn.microsoft.com/en-us/library/cc296183.aspx contains type table
+		switch ($int_type)
+		{
+			case SQLSRV_SQLTYPE_BIGINT: 		$str_type = 'bigint'; break;
+			case SQLSRV_SQLTYPE_BINARY: 		$str_type = 'binary'; break;
+			case SQLSRV_SQLTYPE_BIT: 			$str_type = 'bit'; break;
+			case SQLSRV_SQLTYPE_CHAR: 			$str_type = 'char'; break;
+			case SQLSRV_SQLTYPE_DATETIME: 		$str_type = 'datetime'; break;
+			case SQLSRV_SQLTYPE_DECIMAL/*($precision, $scale)*/: $str_type = 'decimal'; break;
+			case SQLSRV_SQLTYPE_FLOAT: 			$str_type = 'float'; break;
+			case SQLSRV_SQLTYPE_IMAGE: 			$str_type = 'image'; break;
+			case SQLSRV_SQLTYPE_INT: 			$str_type = 'int'; break;
+			case SQLSRV_SQLTYPE_MONEY: 			$str_type = 'money'; break;
+			case SQLSRV_SQLTYPE_NCHAR/*($charCount)*/: $str_type = 'nchar'; break;
+			case SQLSRV_SQLTYPE_NUMERIC/*($precision, $scale)*/: $str_type = 'numeric'; break;
+			case SQLSRV_SQLTYPE_NVARCHAR/*($charCount)*/: $str_type = 'nvarchar'; break;
+			case SQLSRV_SQLTYPE_NTEXT: 			$str_type = 'ntext'; break;
+			case SQLSRV_SQLTYPE_REAL: 			$str_type = 'real'; break;
+			case SQLSRV_SQLTYPE_SMALLDATETIME: 	$str_type = 'smalldatetime'; break;
+			case SQLSRV_SQLTYPE_SMALLINT: 		$str_type = 'smallint'; break;
+			case SQLSRV_SQLTYPE_SMALLMONEY: 	$str_type = 'smallmoney'; break;
+			case SQLSRV_SQLTYPE_TEXT: 			$str_type = 'text'; break;
+			case SQLSRV_SQLTYPE_TIMESTAMP: 		$str_type = 'timestamp'; break;
+			case SQLSRV_SQLTYPE_TINYINT: 		$str_type = 'tinyint'; break;
+			case SQLSRV_SQLTYPE_UNIQUEIDENTIFIER: $str_type = 'uniqueidentifier'; break;
+			case SQLSRV_SQLTYPE_UDT: 			$str_type = 'UDT'; break;
+			case SQLSRV_SQLTYPE_VARBINARY/*($byteCount)*/: $str_type = 'varbinary'; break;
+			case SQLSRV_SQLTYPE_VARCHAR/*($charCount)*/: $str_type = 'varchar'; break;
+			case SQLSRV_SQLTYPE_XML: 			$str_type = 'xml'; break;
+			default: $str_type = $int_type;
+		}
+		return $str_type;
+	}
+
+	public function free()
+	{
+		unset($this->m_rows);
+		return;
+	}
+}
+
+/**
+* @package dbal
+*/
+class dbal_mssqlnative extends dbal
+{
+	var $m_insert_id = NULL;
+	var $last_query_text = '';
+	var $query_options = array();
+
+	/**
+	* Connect to server
+	*/
+	function sql_connect($sqlserver, $sqluser, $sqlpassword, $database, $port = false, $persistency = false, $new_link = false)
+	{
+		# Test for driver support, to avoid suppressed fatal error
+		if (!function_exists('sqlsrv_connect'))
+		{
+			trigger_error('Native MS SQL Server driver for PHP is missing or needs to be updated. Version 1.1 or later is required to install phpBB3. You can download the driver from: http://www.microsoft.com/sqlserver/2005/en/us/PHP-Driver.aspx\n', E_USER_ERROR);
+		}
+
+		//set up connection variables
+		$this->persistency = $persistency;
+		$this->user = $sqluser;
+		$this->dbname = $database;
+		$port_delimiter = (defined('PHP_OS') && substr(PHP_OS, 0, 3) === 'WIN') ? ',' : ':';
+		$this->server = $sqlserver . (($port) ? $port_delimiter . $port : '');
+
+		//connect to database
+		error_reporting(E_ALL);
+		$this->db_connect_id = sqlsrv_connect($this->server, array(
+			'Database' => $this->dbname,
+			'UID' => $this->user,
+			'PWD' => $sqlpassword
+		));
+
+		return ($this->db_connect_id) ? $this->db_connect_id : $this->sql_error('');
+	}
+
+	/**
+	* Version information about used database
+	* @param bool $raw if true, only return the fetched sql_server_version
+	* @param bool $use_cache If true, it is safe to retrieve the value from the cache
+	* @return string sql server version
+	*/
+	function sql_server_info($raw = false, $use_cache = true)
+	{
+		global $cache;
+
+		if (!$use_cache || empty($cache) || ($this->sql_server_version = $cache->get('mssql_version')) === false)
+		{
+			$arr_server_info = sqlsrv_server_info($this->db_connect_id);
+			$this->sql_server_version = $arr_server_info['SQLServerVersion'];
+
+			if (!empty($cache) && $use_cache)
+			{
+				$cache->put('mssql_version', $this->sql_server_version);
+			}
+		}
+
+		if ($raw)
+		{
+			return $this->sql_server_version;
+		}
+
+		return ($this->sql_server_version) ? 'MSSQL<br />' . $this->sql_server_version : 'MSSQL';
+	}
+
+	/**
+	* SQL Transaction
+	* @access private
+	*/
+	function _sql_transaction($status = 'begin')
+	{
+		switch ($status)
+		{
+			case 'begin':
+				return sqlsrv_begin_transaction($this->db_connect_id);
+			break;
+
+			case 'commit':
+				return sqlsrv_commit($this->db_connect_id);
+			break;
+
+			case 'rollback':
+				return sqlsrv_rollback($this->db_connect_id);
+			break;
+		}
+		return true;
+	}
+
+	/**
+	* Base query method
+	*
+	* @param	string	$query		Contains the SQL query which shall be executed
+	* @param	int		$cache_ttl	Either 0 to avoid caching or the time in seconds which the result shall be kept in cache
+	* @return	mixed				When casted to bool the returned value returns true on success and false on failure
+	*
+	* @access	public
+	*/
+	function sql_query($query = '', $cache_ttl = 0)
+	{
+		if ($query != '')
+		{
+			global $cache;
+
+			// EXPLAIN only in extra debug mode
+			if (defined('DEBUG_EXTRA'))
+			{
+				$this->sql_report('start', $query);
+			}
+
+			$this->last_query_text = $query;
+			$this->query_result = ($cache_ttl && method_exists($cache, 'sql_load')) ? $cache->sql_load($query) : false;
+			$this->sql_add_num_queries($this->query_result);
+
+			if ($this->query_result === false)
+			{
+				if (($this->query_result = @sqlsrv_query($this->db_connect_id, $query, array(), $this->query_options)) === false)
+				{
+					$this->sql_error($query);
+				}
+				// reset options for next query
+				$this->query_options = array();
+
+				if (defined('DEBUG_EXTRA'))
+				{
+					$this->sql_report('stop', $query);
+				}
+
+				if ($cache_ttl && method_exists($cache, 'sql_save'))
+				{
+					$this->open_queries[(int) $this->query_result] = $this->query_result;
+					$cache->sql_save($query, $this->query_result, $cache_ttl);
+				}
+				else if (strpos($query, 'SELECT') === 0 && $this->query_result)
+				{
+					$this->open_queries[(int) $this->query_result] = $this->query_result;
+				}
+			}
+			else if (defined('DEBUG_EXTRA'))
+			{
+				$this->sql_report('fromcache', $query);
+			}
+		}
+		else
+		{
+			return false;
+		}
+		return $this->query_result;
+	}
+
+	/**
+	* Build LIMIT query
+	*/
+	function _sql_query_limit($query, $total, $offset = 0, $cache_ttl = 0)
+	{
+		$this->query_result = false;
+
+		// total == 0 means all results - not zero results
+		if ($offset == 0 && $total !== 0)
+		{
+			if (strpos($query, "SELECT") === false)
+			{
+				$query = "TOP {$total} " . $query;
+			}
+			else
+			{
+				$query = preg_replace('/SELECT(\s*DISTINCT)?/Dsi', 'SELECT$1 TOP '.$total, $query);
+			}
+		}
+		else if ($offset > 0)
+		{
+			$query = preg_replace('/SELECT(\s*DISTINCT)?/Dsi', 'SELECT$1 TOP(10000000) ', $query);
+			$query = 'SELECT *
+					FROM (SELECT sub2.*, ROW_NUMBER() OVER(ORDER BY sub2.line2) AS line3
+					FROM (SELECT 1 AS line2, sub1.* FROM (' . $query . ') AS sub1) as sub2) AS sub3';
+
+			if ($total > 0)
+			{
+				$query .= ' WHERE line3 BETWEEN ' . ($offset+1) . ' AND ' . ($offset + $total);
+			}
+			else
+			{
+				$query .= ' WHERE line3 > ' . $offset;
+			}
+		}
+
+		$result = $this->sql_query($query, $cache_ttl);
+
+		return $result;
+	}
+
+	/**
+	* Return number of affected rows
+	*/
+	function sql_affectedrows()
+	{
+		return ($this->db_connect_id) ? @sqlsrv_rows_affected($this->db_connect_id) : false;
+	}
+
+	/**
+	* Fetch current row
+	*/
+	function sql_fetchrow($query_id = false)
+	{
+		global $cache;
+
+		if ($query_id === false)
+		{
+			$query_id = $this->query_result;
+		}
+
+		if (isset($cache->sql_rowset[$query_id]))
+		{
+			return $cache->sql_fetchrow($query_id);
+		}
+
+		if ($query_id === false)
+		{
+			return false;
+		}
+
+		$row = @sqlsrv_fetch_array($query_id, SQLSRV_FETCH_ASSOC);
+
+		if ($row)
+		{
+			foreach ($row as $key => $value)
+			{
+				$row[$key] = ($value === ' ' || $value === NULL) ? '' : $value;
+			}
+
+			// remove helper values from LIMIT queries
+			if (isset($row['line2']))
+			{
+				unset($row['line2'], $row['line3']);
+			}
+		}
+		return $row;
+	}
+
+	/**
+	* Seek to given row number
+	* rownum is zero-based
+	*/
+	function sql_rowseek($rownum, &$query_id)
+	{
+		global $cache;
+
+		if (isset($cache->sql_rowset[$query_id]))
+		{
+			return $cache->sql_rowseek($rownum, $query_id);
+		}
+
+		$seek = new result_mssqlnative($query_id);
+		$row = $seek->seek($rownum);
+		return ($row = $seek->fetch()) ? $row : false;
+	}
+
+	/**
+	* Get last inserted id after insert statement
+	*/
+	function sql_nextid()
+	{
+		$result_id = @sqlsrv_query($this->db_connect_id, 'SELECT @@IDENTITY');
+
+		if ($result_id !== false)
+		{
+			$row = @sqlsrv_fetch_array($result_id);
+			$id = $row[0];
+			@sqlsrv_free_stmt($result_id);
+			return $id;
+		}
+		else
+		{
+			return false;
+		}
+	}
+
+	/**
+	* Free sql result
+	*/
+	function sql_freeresult($query_id = false)
+	{
+		global $cache;
+
+		if ($query_id === false)
+		{
+			$query_id = $this->query_result;
+		}
+
+		if (isset($cache->sql_rowset[$query_id]))
+		{
+			return $cache->sql_freeresult($query_id);
+		}
+
+		if (isset($this->open_queries[$query_id]))
+		{
+			unset($this->open_queries[$query_id]);
+			return @sqlsrv_free_stmt($query_id);
+		}
+		return false;
+	}
+
+	/**
+	* Escape string used in sql query
+	*/
+	function sql_escape($msg)
+	{
+		return str_replace(array("'", "\0"), array("''", ''), $msg);
+	}
+
+	/**
+	* Build LIKE expression
+	* @access private
+	*/
+	function _sql_like_expression($expression)
+	{
+		return $expression . " ESCAPE '\\'";
+	}
+
+	/**
+	* return sql error array
+	* @access private
+	*/
+	function _sql_error()
+	{
+		$errors = @sqlsrv_errors(SQLSRV_ERR_ERRORS);
+		$error_message = '';
+		$code = 0;
+
+		if ($errors != null)
+		{
+			foreach ($errors as $error)
+			{
+				$error_message .= "SQLSTATE: ".$error[ 'SQLSTATE']."\n";
+				$error_message .= "code: ".$error[ 'code']."\n";
+				$code = $error['code'];
+				$error_message .= "message: ".$error[ 'message']."\n";
+			}
+			$this->last_error_result = $error_message;
+			$error = $this->last_error_result;
+		}
+		else
+		{
+			$error = (isset($this->last_error_result) && $this->last_error_result) ? $this->last_error_result : array();
+		}
+
+		return array(
+			'message'	=> $error,
+			'code'		=> $code,
+		);
+	}
+
+	/**
+	* Build db-specific query data
+	* @access private
+	*/
+	function _sql_custom_build($stage, $data)
+	{
+		return $data;
+	}
+
+	/**
+	* Close sql connection
+	* @access private
+	*/
+	function _sql_close()
+	{
+		return @sqlsrv_close($this->db_connect_id);
+	}
+
+	/**
+	* Build db-specific report
+	* @access private
+	*/
+	function _sql_report($mode, $query = '')
+	{
+		switch ($mode)
+		{
+			case 'start':
+				$html_table = false;
+				@sqlsrv_query($this->db_connect_id, 'SET SHOWPLAN_TEXT ON;');
+				if ($result = @sqlsrv_query($this->db_connect_id, $query))
+				{
+					@sqlsrv_next_result($result);
+					while ($row = @sqlsrv_fetch_array($result))
+					{
+						$html_table = $this->sql_report('add_select_row', $query, $html_table, $row);
+					}
+				}
+				@sqlsrv_query($this->db_connect_id, 'SET SHOWPLAN_TEXT OFF;');
+				@sqlsrv_free_stmt($result);
+
+				if ($html_table)
+				{
+					$this->html_hold .= '</table>';
+				}
+			break;
+
+			case 'fromcache':
+				$endtime = explode(' ', microtime());
+				$endtime = $endtime[0] + $endtime[1];
+
+				$result = @sqlsrv_query($this->db_connect_id, $query);
+				while ($void = @sqlsrv_fetch_array($result))
+				{
+					// Take the time spent on parsing rows into account
+				}
+				@sqlsrv_free_stmt($result);
+
+				$splittime = explode(' ', microtime());
+				$splittime = $splittime[0] + $splittime[1];
+
+				$this->sql_report('record_fromcache', $query, $endtime, $splittime);
+
+			break;
+		}
+	}
+
+	/**
+	* Utility method used to retrieve number of rows
+	* Emulates mysql_num_rows
+	* Used in acp_database.php -> write_data_mssqlnative()
+	* Requires a static or keyset cursor to be definde via
+	* mssqlnative_set_query_options()
+	*/
+	function mssqlnative_num_rows($res)
+	{
+		if ($res !== false)
+		{
+			return sqlsrv_num_rows($res);
+		}
+		else
+		{
+			return false;
+		}
+	}
+	
+	/**
+	* Allows setting mssqlnative specific query options passed to sqlsrv_query as 4th parameter.
+	*/
+	function mssqlnative_set_query_options($options)
+	{
+		$this->query_options = $options;
+	}
+}
+
+?>

phpBB/includes/db/mysql.php

@@ -96,13 +96,14 @@ class dbal_mysql extends dbal
 	/**
 	* Version information about used database
 	* @param bool $raw if true, only return the fetched sql_server_version
+	* @param bool $use_cache If true, it is safe to retrieve the value from the cache
 	* @return string sql server version
 	*/
-	function sql_server_info($raw = false)
+	function sql_server_info($raw = false, $use_cache = true)
 	{
 		global $cache;
 
-		if (empty($cache) || ($this->sql_server_version = $cache->get('mysql_version')) === false)
+		if (!$use_cache || empty($cache) || ($this->sql_server_version = $cache->get('mysql_version')) === false)
 		{
 			$result = @mysql_query('SELECT VERSION() AS version', $this->db_connect_id);
 			$row = @mysql_fetch_assoc($result);
@@ -110,7 +111,7 @@ class dbal_mysql extends dbal
 
 			$this->sql_server_version = $row['version'];
 
-			if (!empty($cache))
+			if (!empty($cache) && $use_cache)
 			{
 				$cache->put('mysql_version', $this->sql_server_version);
 			}

phpBB/includes/db/mysqli.php

@@ -80,14 +80,14 @@ class dbal_mysqli extends dbal
 
 	/**
 	* Version information about used database
-	* @param bool $raw if true, only return the fetched sql_server_version
+	* @param bool $use_cache If true, it is safe to retrieve the value from the cache
 	* @return string sql server version
 	*/
-	function sql_server_info($raw = false)
+	function sql_server_info($raw = false, $use_cache = true)
 	{
 		global $cache;
 
-		if (empty($cache) || ($this->sql_server_version = $cache->get('mysqli_version')) === false)
+		if (!$use_cache || empty($cache) || ($this->sql_server_version = $cache->get('mysqli_version')) === false)
 		{
 			$result = @mysqli_query($this->db_connect_id, 'SELECT VERSION() AS version');
 			$row = @mysqli_fetch_assoc($result);
@@ -95,7 +95,7 @@ class dbal_mysqli extends dbal
 
 			$this->sql_server_version = $row['version'];
 
-			if (!empty($cache))
+			if (!empty($cache) && $use_cache)
 			{
 				$cache->put('mysqli_version', $this->sql_server_version);
 			}

phpBB/includes/db/oracle.php

@@ -56,10 +56,18 @@ class dbal_oracle extends dbal
 	/**
 	* Version information about used database
 	* @param bool $raw if true, only return the fetched sql_server_version
+	* @param bool $use_cache forced to false for Oracle
 	* @return string sql server version
 	*/
-	function sql_server_info($raw = false)
+	function sql_server_info($raw = false, $use_cache = true)
 	{
+		/**
+		* force $use_cache false.  I didn't research why the caching code below is commented out
+		* but I assume its because the Oracle extension provides a direct method to access it
+		* without a query.
+		*/
+
+		$use_cache = false;
 /*
 		global $cache;
 
@@ -261,6 +269,10 @@ class dbal_oracle extends dbal
 						{
 							$cols = explode(', ', $regs[2]);
 
+/*						The code inside this comment block breaks clob handling, but does allow the
+						database restore script to work.  If you want to allow no posts longer than 4KB
+						and/or need the db restore script, uncomment this.
+
 							preg_match_all('/\'(?:[^\']++|\'\')*+\'|[\d-.]+/', $regs[3], $vals, PREG_PATTERN_ORDER);
 
 							if (sizeof($cols) !== sizeof($vals))
@@ -310,6 +322,7 @@ class dbal_oracle extends dbal
 
 								$vals = array(0 => $vals);
 							}
+*/
 
 							$inserts = $vals[0];
 							unset($vals);

phpBB/includes/db/postgres.php

@@ -46,7 +46,10 @@ class dbal_postgres extends dbal
 
 		if ($sqlserver)
 		{
-			if (strpos($sqlserver, ':') !== false)
+			// $sqlserver can carry a port separated by : for compatibility reasons
+			// If $sqlserver has more than one : it's probably an IPv6 address.
+			// In this case we only allow passing a port via the $port variable.
+			if (substr_count($sqlserver, ':') === 1)
 			{
 				list($sqlserver, $port) = explode(':', $sqlserver);
 			}
@@ -76,7 +79,14 @@ class dbal_postgres extends dbal
 
 		$this->persistency = $persistency;
 
-		$this->db_connect_id = ($this->persistency) ? @pg_pconnect($connect_string, $new_link) : @pg_connect($connect_string, $new_link);
+		if ($this->persistency)
+		{
+			$this->db_connect_id = (!$new_link) ? @pg_pconnect($connect_string) : @pg_pconnect($connect_string, PGSQL_CONNECT_FORCE_NEW);
+		}
+		else
+		{
+			$this->db_connect_id = (!$new_link) ? @pg_connect($connect_string) : @pg_connect($connect_string, PGSQL_CONNECT_FORCE_NEW);
+		}
 
 		if ($this->db_connect_id)
 		{
@@ -98,13 +108,14 @@ class dbal_postgres extends dbal
 	/**
 	* Version information about used database
 	* @param bool $raw if true, only return the fetched sql_server_version
+	* @param bool $use_cache If true, it is safe to retrieve the value from the cache
 	* @return string sql server version
 	*/
-	function sql_server_info($raw = false)
+	function sql_server_info($raw = false, $use_cache = true)
 	{
 		global $cache;
 
-		if (empty($cache) || ($this->sql_server_version = $cache->get('pgsql_version')) === false)
+		if (!$use_cache || empty($cache) || ($this->sql_server_version = $cache->get('pgsql_version')) === false)
 		{
 			$query_id = @pg_query($this->db_connect_id, 'SELECT VERSION() AS version');
 			$row = @pg_fetch_assoc($query_id, null);
@@ -112,7 +123,7 @@ class dbal_postgres extends dbal
 
 			$this->sql_server_version = (!empty($row['version'])) ? trim(substr($row['version'], 10)) : 0;
 
-			if (!empty($cache))
+			if (!empty($cache) && $use_cache)
 			{
 				$cache->put('pgsql_version', $this->sql_server_version);
 			}

phpBB/includes/db/sqlite.php

@@ -50,20 +50,25 @@ class dbal_sqlite extends dbal
 	/**
 	* Version information about used database
 	* @param bool $raw if true, only return the fetched sql_server_version
+	* @param bool $use_cache if true, it is safe to retrieve the stored value from the cache
 	* @return string sql server version
 	*/
-	function sql_server_info($raw = false)
+	function sql_server_info($raw = false, $use_cache = true)
 	{
 		global $cache;
 
-		if (empty($cache) || ($this->sql_server_version = $cache->get('sqlite_version')) === false)
+		if (!$use_cache || empty($cache) || ($this->sql_server_version = $cache->get('sqlite_version')) === false)
 		{
 			$result = @sqlite_query('SELECT sqlite_version() AS version', $this->db_connect_id);
 			$row = @sqlite_fetch_array($result, SQLITE_ASSOC);
 
 			$this->sql_server_version = (!empty($row['version'])) ? $row['version'] : 0;
+
+			if (!empty($cache) && $use_cache)
+			{
 				$cache->put('sqlite_version', $this->sql_server_version);
 			}
+		}
 
 		return ($raw) ? $this->sql_server_version : 'SQLite ' . $this->sql_server_version;
 	}

phpBB/includes/functions.php

@@ -114,7 +114,7 @@ function request_var($var_name, $default, $multibyte = false, $cookie = false)
 					{
 						$_v = null;
 					}
-					set_var($_k, $_k, $sub_key_type);
+					set_var($_k, $_k, $sub_key_type, $multibyte);
 					set_var($var[$k][$_k], $_v, $sub_type, $multibyte);
 				}
 			}
@@ -175,11 +175,8 @@ function set_config_count($config_name, $increment, $is_dynamic = false)
 	switch ($db->sql_layer)
 	{
 		case 'firebird':
-			$sql_update = 'CAST(CAST(config_value as integer) + ' . (int) $increment . ' as VARCHAR(255))';
-		break;
-
 		case 'postgres':
-			$sql_update = 'int4(config_value) + ' . (int) $increment;
+			$sql_update = 'CAST(CAST(config_value as DECIMAL(255, 0)) + ' . (int) $increment . ' as VARCHAR(255))';
 		break;
 
 		// MySQL, SQlite, mssql, mssql_odbc, oracle
@@ -198,11 +195,28 @@ function set_config_count($config_name, $increment, $is_dynamic = false)
 
 /**
 * Generates an alphanumeric random string of given length
+*
+* @return string
 */
 function gen_rand_string($num_chars = 8)
+{
+	// [a, z] + [0, 9] = 36
+	return substr(strtoupper(base_convert(unique_id(), 16, 36)), 0, $num_chars);
+}
+
+/**
+* Generates a user-friendly alphanumeric random string of given length
+* We remove 0 and O so users cannot confuse those in passwords etc.
+*
+* @return string
+*/
+function gen_rand_string_friendly($num_chars = 8)
 {
 	$rand_str = unique_id();
-	$rand_str = str_replace('0', 'Z', strtoupper(base_convert($rand_str, 16, 35)));
+
+	// Remove Z and Y from the base_convert(), replace 0 with Z and O with Y
+	// [a, z] + [0, 9] - {z, y} = [a, z] + [0, 9] - {0, o} = 34
+	$rand_str = str_replace(array('0', 'O'), array('Z', 'Y'), strtoupper(base_convert($rand_str, 16, 34)));
 
 	return substr($rand_str, 0, $num_chars);
 }
@@ -704,7 +718,7 @@ function phpbb_chmod($filename, $perms = CHMOD_READ)
 
 			clearstatcache();
 
-			if (is_readable($filename) && is_writable($filename))
+			if (is_readable($filename) && phpbb_is_writable($filename))
 			{
 				break;
 			}
@@ -714,7 +728,7 @@ function phpbb_chmod($filename, $perms = CHMOD_READ)
 
 			clearstatcache();
 
-			if ((!($perms & CHMOD_READ) || is_readable($filename)) && (!($perms & CHMOD_WRITE) || is_writable($filename)))
+			if ((!($perms & CHMOD_READ) || is_readable($filename)) && (!($perms & CHMOD_WRITE) || phpbb_is_writable($filename)))
 			{
 				break;
 			}
@@ -724,7 +738,7 @@ function phpbb_chmod($filename, $perms = CHMOD_READ)
 
 			clearstatcache();
 
-			if ((!($perms & CHMOD_READ) || is_readable($filename)) && (!($perms & CHMOD_WRITE) || is_writable($filename)))
+			if ((!($perms & CHMOD_READ) || is_readable($filename)) && (!($perms & CHMOD_WRITE) || phpbb_is_writable($filename)))
 			{
 				break;
 			}
@@ -1038,7 +1052,7 @@ function phpbb_own_realpath($path)
 	// @todo If the file exists fine and open_basedir only has one path we should be able to prepend it
 	// because we must be inside that basedir, the question is where...
 	// @internal The slash in is_dir() gets around an open_basedir restriction
-	if (!@file_exists($resolved) || (!is_dir($resolved . '/') && !is_file($resolved)))
+	if (!@file_exists($resolved) || (!@is_dir($resolved . '/') && !is_file($resolved)))
 	{
 		return false;
 	}
@@ -1663,10 +1677,11 @@ function get_complete_topic_tracking($forum_id, $topic_ids, $global_announce_lis
 * @param string $sql_extra		Extra WHERE SQL statement
 * @param string $sql_sort		ORDER BY SQL sorting statement
 * @param string $sql_limit		Limits the size of unread topics list, 0 for unlimited query
+* @param string $sql_limit_offset  Sets the offset of the first row to search, 0 to search from the start
 *
 * @return array[int][int]		Topic ids as keys, mark_time of topic as value
 */
-function get_unread_topics($user_id = false, $sql_extra = '', $sql_sort = '', $sql_limit = 1001)
+function get_unread_topics($user_id = false, $sql_extra = '', $sql_sort = '', $sql_limit = 1001, $sql_limit_offset = 0)
 {
 	global $config, $db, $user;
 
@@ -1712,7 +1727,7 @@ function get_unread_topics($user_id = false, $sql_extra = '', $sql_sort = '', $s
 		);
 
 		$sql = $db->sql_build_query('SELECT', $sql_array);
-		$result = $db->sql_query_limit($sql, $sql_limit);
+		$result = $db->sql_query_limit($sql, $sql_limit, $sql_limit_offset);
 
 		while ($row = $db->sql_fetchrow($result))
 		{
@@ -1745,7 +1760,7 @@ function get_unread_topics($user_id = false, $sql_extra = '', $sql_sort = '', $s
 			WHERE t.topic_last_post_time > ' . $user_lastmark . "
 			$sql_extra
 			$sql_sort";
-		$result = $db->sql_query_limit($sql, $sql_limit);
+		$result = $db->sql_query_limit($sql, $sql_limit, $sql_limit_offset);
 
 		while ($row = $db->sql_fetchrow($result))
 		{
@@ -2139,8 +2154,8 @@ function append_sid($url, $params = false, $is_amp = true, $session_id = false)
 {
 	global $_SID, $_EXTRA_URL, $phpbb_hook;
 
-	// Developers using the hook function need to globalise the $_SID and $_EXTRA_URL on their own and also handle it appropiatly.
+	// Developers using the hook function need to globalise the $_SID and $_EXTRA_URL on their own and also handle it appropriately.
-	// They could mimick most of what is within this function
+	// They could mimic most of what is within this function
 	if (!empty($phpbb_hook) && $phpbb_hook->call_hook(__FUNCTION__, $url, $params, $is_amp, $session_id))
 	{
 		if ($phpbb_hook->hook_return(__FUNCTION__))
@@ -2297,6 +2312,8 @@ function redirect($url, $return = false, $disable_cd_check = false)
 {
 	global $db, $cache, $config, $user, $phpbb_root_path;
 
+	$failover_flag = false;
+
 	if (empty($user->lang))
 	{
 		$user->add_lang('common');
@@ -2336,6 +2353,22 @@ function redirect($url, $return = false, $disable_cd_check = false)
 		// Relative uri
 		$pathinfo = pathinfo($url);
 
+		if (!$disable_cd_check && !file_exists($pathinfo['dirname']))
+		{
+			$url = str_replace('../', '', $url);
+			$pathinfo = pathinfo($url);
+
+			if (!file_exists($pathinfo['dirname']))
+			{
+				// fallback to "last known user page"
+				// at least this way we know the user does not leave the phpBB root
+				$url = generate_board_url() . '/' . $user->page['page'];
+				$failover_flag = true;
+			}
+		}
+
+		if (!$failover_flag)
+		{
 			// Is the uri pointing to the current directory?
 			if ($pathinfo['dirname'] == '.')
 			{
@@ -2392,6 +2425,7 @@ function redirect($url, $return = false, $disable_cd_check = false)
 				$url = generate_board_url() . '/' . $url;
 			}
 		}
+	}
 
 	// Make sure no linebreaks are there... to prevent http response splitting for PHP < 4.4.2
 	if (strpos(urldecode($url), "\n") !== false || strpos(urldecode($url), "\r") !== false || strpos($url, ';') !== false)
@@ -2502,6 +2536,11 @@ function build_url($strip_vars = false)
 			$key = $arguments[0];
 			unset($arguments[0]);
 
+			if ($key === '')
+			{
+				continue;
+			}
+
 			$query[$key] = implode('=', $arguments);
 		}
 
@@ -2562,6 +2601,47 @@ function meta_refresh($time, $url, $disable_cd_check = false)
 	return $url;
 }
 
+/**
+* Outputs correct status line header.
+*
+* Depending on php sapi one of the two following forms is used:
+*
+* Status: 404 Not Found
+*
+* HTTP/1.x 404 Not Found
+*
+* HTTP version is taken from HTTP_VERSION environment variable,
+* and defaults to 1.0.
+*
+* Sample usage:
+*
+* send_status_line(404, 'Not Found');
+*
+* @param int $code HTTP status code
+* @param string $message Message for the status code
+* @return void
+*/
+function send_status_line($code, $message)
+{
+	if (substr(strtolower(@php_sapi_name()), 0, 3) === 'cgi')
+	{
+		// in theory, we shouldn't need that due to php doing it. Reality offers a differing opinion, though
+		header("Status: $code $message", true, $code);
+	}
+	else
+	{
+		if (isset($_SERVER['HTTP_VERSION']))
+		{
+			$version = $_SERVER['HTTP_VERSION'];
+		}
+		else
+		{
+			$version = 'HTTP/1.0';
+		}
+		header("$version $code $message", true, $code);
+	}
+}
+
 //Form validation
 
 
@@ -3297,7 +3377,9 @@ function get_preg_expression($mode)
 	switch ($mode)
 	{
 		case 'email':
-			return '(?:[a-z0-9\'\.\-_\+\|]++|&amp;)+@[a-z0-9\-]+\.(?:[a-z0-9\-]+\.)*[a-z]+';
+			// Regex written by James Watts and Francisco Jose Martin Moreno
+			// http://fightingforalostcause.net/misc/2006/compare-email-regex.php
+			return '([\w\!\#$\%\&\'\*\+\-\/\=\?\^\`{\|\}\~]+\.)*(?:[\w\!\#$\%\'\*\+\-\/\=\?\^\`{\|\}\~]|&amp;)+@((((([a-z0-9]{1}[a-z0-9\-]{0,62}[a-z0-9]{1})|[a-z])\.)+[a-z]{2,6})|(\d{1,3}\.){3}\d{1,3}(\:\d{1,5})?)';
 		break;
 
 		case 'bbcode_htm':
@@ -3319,7 +3401,7 @@ function get_preg_expression($mode)
 		break;
 
 		case 'ipv6':
-			return '#^(?:(?:(?:[\dA-F]{1,4}:){6}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:::(?:[\dA-F]{1,4}:){5}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:):(?:[\dA-F]{1,4}:){4}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,2}:(?:[\dA-F]{1,4}:){3}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,3}:(?:[\dA-F]{1,4}:){2}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,4}:(?:[\dA-F]{1,4}:)(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,5}:(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,6}:[\dA-F]{1,4})|(?:(?:[\dA-F]{1,4}:){1,7}:))$#i';
+			return '#^(?:(?:(?:[\dA-F]{1,4}:){6}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:::(?:[\dA-F]{1,4}:){0,5}(?:[\dA-F]{1,4}(?::[\dA-F]{1,4})?|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:):(?:[\dA-F]{1,4}:){4}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,2}:(?:[\dA-F]{1,4}:){3}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,3}:(?:[\dA-F]{1,4}:){2}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,4}:(?:[\dA-F]{1,4}:)(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,5}:(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,6}:[\dA-F]{1,4})|(?:(?:[\dA-F]{1,4}:){1,7}:)|(?:::))$#i';
 		break;
 
 		case 'url':
@@ -3380,25 +3462,110 @@ function short_ipv6($ip, $length)
 /**
 * Wrapper for php's checkdnsrr function.
 *
-* The windows failover is from the php manual
+* @param string $host	Fully-Qualified Domain Name
-* Please make sure to check the return value for === true and === false, since NULL could
+* @param string $type	Resource record type to lookup
-* be returned too.
+*						Supported types are: MX (default), A, AAAA, NS, TXT, CNAME
+*						Other types may work or may not work
 *
-* @return true if entry found, false if not, NULL if this function is not supported by this environment
+* @return mixed		true if entry found,
+*					false if entry not found,
+*					null if this function is not supported by this environment
+*
+* Since null can also be returned, you probably want to compare the result
+* with === true or === false,
+*
+* @author bantu
 */
-function phpbb_checkdnsrr($host, $type = '')
+function phpbb_checkdnsrr($host, $type = 'MX')
 {
-	$type = (!$type) ? 'MX' : $type;
+	// The dot indicates to search the DNS root (helps those having DNS prefixes on the same domain)
+	if (substr($host, -1) == '.')
+	{
+		$host_fqdn = $host;
+		$host = substr($host, 0, -1);
+	}
+	else
+	{
+		$host_fqdn = $host . '.';
+	}
+	// $host		has format	some.host.example.com
+	// $host_fqdn	has format	some.host.example.com.
 
-	if (DIRECTORY_SEPARATOR == '\\')
+	// If we're looking for an A record we can use gethostbyname()
+	if ($type == 'A' && function_exists('gethostbyname'))
 	{
-		if (!function_exists('exec'))
+		return (@gethostbyname($host_fqdn) == $host_fqdn) ? false : true;
-		{
-			return NULL;
 	}
 
-		// @exec('nslookup -retry=1 -timout=1 -type=' . escapeshellarg($type) . ' ' . escapeshellarg($host), $output);
+	// checkdnsrr() is available on Windows since PHP 5.3,
-		@exec('nslookup -type=' . escapeshellarg($type) . ' ' . escapeshellarg($host) . '.', $output);
+	// but until 5.3.3 it only works for MX records
+	// See: http://bugs.php.net/bug.php?id=51844
+
+	// Call checkdnsrr() if 
+	// we're looking for an MX record or
+	// we're not on Windows or
+	// we're running a PHP version where #51844 has been fixed
+
+	// checkdnsrr() supports AAAA since 5.0.0
+	// checkdnsrr() supports TXT since 5.2.4
+	if (
+		($type == 'MX' || DIRECTORY_SEPARATOR != '\\' || version_compare(PHP_VERSION, '5.3.3', '>=')) &&
+		($type != 'AAAA' || version_compare(PHP_VERSION, '5.0.0', '>=')) &&
+		($type != 'TXT' || version_compare(PHP_VERSION, '5.2.4', '>=')) &&
+		function_exists('checkdnsrr')
+	)
+	{
+		return checkdnsrr($host_fqdn, $type);
+	}
+
+	// dns_get_record() is available since PHP 5; since PHP 5.3 also on Windows,
+	// but on Windows it does not work reliable for AAAA records before PHP 5.3.1
+
+	// Call dns_get_record() if 
+	// we're not looking for an AAAA record or
+	// we're not on Windows or
+	// we're running a PHP version where AAAA lookups work reliable
+	if (
+		($type != 'AAAA' || DIRECTORY_SEPARATOR != '\\' || version_compare(PHP_VERSION, '5.3.1', '>=')) &&
+		function_exists('dns_get_record')
+	)
+	{
+		// dns_get_record() expects an integer as second parameter
+		// We have to convert the string $type to the corresponding integer constant.
+		$type_constant = 'DNS_' . $type;
+		$type_param = (defined($type_constant)) ? constant($type_constant) : DNS_ANY;
+
+		// dns_get_record() might throw E_WARNING and return false for records that do not exist
+		$resultset = @dns_get_record($host_fqdn, $type_param);
+
+		if (empty($resultset) || !is_array($resultset))
+		{
+			return false;
+		}
+		else if ($type_param == DNS_ANY)
+		{
+			// $resultset is a non-empty array
+			return true;
+		}
+
+		foreach ($resultset as $result)
+		{
+			if (
+				isset($result['host']) && $result['host'] == $host && 
+				isset($result['type']) && $result['type'] == $type
+			)
+			{
+				return true;
+			}
+		}
+
+		return false;
+	}
+
+	// If we're on Windows we can still try to call nslookup via exec() as a last resort
+	if (DIRECTORY_SEPARATOR == '\\' && function_exists('exec'))
+	{
+		@exec('nslookup -type=' . escapeshellarg($type) . ' ' . escapeshellarg($host_fqdn), $output);
 
 		// If output is empty, the nslookup failed
 		if (empty($output))
@@ -3408,25 +3575,71 @@ function phpbb_checkdnsrr($host, $type = '')
 
 		foreach ($output as $line)
 		{
-			if (!trim($line))
+			$line = trim($line);
+
+			if (empty($line))
 			{
 				continue;
 			}
 
-			// Valid records begin with host name:
+			// Squash tabs and multiple whitespaces to a single whitespace.
-			if (strpos($line, $host) === 0)
+			$line = preg_replace('/\s+/', ' ', $line);
+
+			switch ($type)
+			{
+				case 'MX':
+					if (stripos($line, "$host MX") === 0)
 					{
 						return true;
 					}
+				break;
+
+				case 'NS':
+					if (stripos($line, "$host nameserver") === 0)
+					{
+						return true;
+					}
+				break;
+
+				case 'TXT':
+					if (stripos($line, "$host text") === 0)
+					{
+						return true;
+					}
+				break;
+
+				case 'CNAME':
+					if (stripos($line, "$host canonical name") === 0)
+					{
+						return true;
+					}
+
+				default:
+				case 'A':
+				case 'AAAA':
+					if (!empty($host_matches))
+					{
+						// Second line
+						if (stripos($line, "Address: ") === 0)
+						{
+							return true;
+						}
+						else
+						{
+							$host_matches = false;
+						}
+					}
+					else if (stripos($line, "Name: $host") === 0)
+					{
+						// First line
+						$host_matches = true;
+					}
+				break;
+			}
 		}
 
 		return false;
 	}
-	else if (function_exists('checkdnsrr'))
-	{
-		// The dot indicates to search the DNS root (helps those having DNS prefixes on the same domain)
-		return (checkdnsrr($host . '.', $type)) ? true : false;
-	}
 
 	return NULL;
 }
@@ -3540,7 +3753,7 @@ function msg_handler($errno, $msg_text, $errfile, $errline)
 			}
 
 			// Do not send 200 OK, but service unavailable on errors
-			header('HTTP/1.1 503 Service Unavailable');
+			send_status_line(503, 'Service Unavailable');
 
 			garbage_collection();
 
@@ -3609,6 +3822,11 @@ function msg_handler($errno, $msg_text, $errfile, $errline)
 				$user->setup();
 			}
 
+			if ($msg_text == 'ERROR_NO_ATTACHMENT' || $msg_text == 'NO_FORUM' || $msg_text == 'NO_TOPIC' || $msg_text == 'NO_USER')
+			{
+				send_status_line(404, 'Not Found');
+			}
+
 			$msg_text = (!empty($user->lang[$msg_text])) ? $user->lang[$msg_text] : $msg_text;
 			$msg_title = (!isset($msg_title)) ? $user->lang['INFORMATION'] : ((!empty($user->lang[$msg_title])) ? $user->lang[$msg_title] : $msg_title);
 
@@ -4005,7 +4223,8 @@ function phpbb_http_login($param)
 		}
 		else if ($auth_result['status'] == LOGIN_ERROR_ATTEMPTS)
 		{
-			header('HTTP/1.0 401 Unauthorized');
+			send_status_line(401, 'Unauthorized');
+
 			trigger_error('NOT_AUTHORISED');
 		}
 	}
@@ -4017,7 +4236,7 @@ function phpbb_http_login($param)
 	$param['auth_message'] = preg_replace('/[\x80-\xFF]/', '?', $param['auth_message']);
 
 	header('WWW-Authenticate: Basic realm="' . $param['auth_message'] . '"');
-	header('HTTP/1.0 401 Unauthorized');
+	send_status_line(401, 'Unauthorized');
 
 	trigger_error('NOT_AUTHORISED');
 }
@@ -4238,7 +4457,7 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0
 		'S_TOPIC_ID'			=> $topic_id,
 
 		'S_LOGIN_ACTION'		=> ((!defined('ADMIN_START')) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=login') : append_sid("index.$phpEx", false, true, $user->session_id)),
-		'S_LOGIN_REDIRECT'		=> build_hidden_fields(array('redirect' => str_replace('&amp;', '&', build_url()))),
+		'S_LOGIN_REDIRECT'		=> build_hidden_fields(array('redirect' => build_url())),
 
 		'S_ENABLE_FEEDS'			=> ($config['feed_enable']) ? true : false,
 		'S_ENABLE_FEEDS_OVERALL'	=> ($config['feed_overall']) ? true : false,
@@ -4247,6 +4466,8 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0
 		'S_ENABLE_FEEDS_TOPICS_ACTIVE'	=> ($config['feed_topics_active']) ? true : false,
 		'S_ENABLE_FEEDS_NEWS'		=> ($s_feed_news) ? true : false,
 
+		'S_LOAD_UNREADS'			=> ($config['load_unreads_search'] && ($config['load_anon_lastread'] || $user->data['is_registered'])) ? true : false,
+
 		'T_THEME_PATH'			=> "{$web_path}styles/" . $user->theme['theme_path'] . '/theme',
 		'T_TEMPLATE_PATH'		=> "{$web_path}styles/" . $user->theme['template_path'] . '/template',
 		'T_SUPER_TEMPLATE_PATH'	=> (isset($user->theme['template_inherit_path']) && $user->theme['template_inherit_path']) ? "{$web_path}styles/" . $user->theme['template_inherit_path'] . '/template' : "{$web_path}styles/" . $user->theme['template_path'] . '/template',
@@ -4259,7 +4480,7 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0
 		'T_ICONS_PATH'			=> "{$web_path}{$config['icons_path']}/",
 		'T_RANKS_PATH'			=> "{$web_path}{$config['ranks_path']}/",
 		'T_UPLOAD_PATH'			=> "{$web_path}{$config['upload_path']}/",
-		'T_STYLESHEET_LINK'		=> (!$user->theme['theme_storedb']) ? "{$web_path}styles/" . $user->theme['theme_path'] . '/theme/stylesheet.css' : append_sid("{$phpbb_root_path}style.$phpEx", 'id=' . $user->theme['style_id'] . '&amp;lang=' . $user->data['user_lang'], true, $user->session_id),
+		'T_STYLESHEET_LINK'		=> (!$user->theme['theme_storedb']) ? "{$web_path}styles/" . $user->theme['theme_path'] . '/theme/stylesheet.css' : append_sid("{$phpbb_root_path}style.$phpEx", 'id=' . $user->theme['style_id'] . '&amp;lang=' . $user->data['user_lang']),
 		'T_STYLESHEET_NAME'		=> $user->theme['theme_name'],
 
 		'T_THEME_NAME'			=> $user->theme['theme_path'],

phpBB/includes/functions_admin.php

@@ -96,16 +96,12 @@ function make_forum_select($select_id = false, $ignore_id = false, $ignore_acl =
 		$right = $row['right_id'];
 		$disabled = false;
 
-		if (!$ignore_acl && $auth->acl_get('f_list', $row['forum_id']))
+		if (!$ignore_acl && $auth->acl_gets(array('f_list', 'a_forum', 'a_forumadd', 'a_forumdel'), $row['forum_id']))
 		{
 			if ($only_acl_post && !$auth->acl_get('f_post', $row['forum_id']) || (!$auth->acl_get('m_approve', $row['forum_id']) && !$auth->acl_get('f_noapprove', $row['forum_id'])))
 			{
 				$disabled = true;
 			}
-			else if (!$only_acl_post && !$auth->acl_gets(array('f_list', 'a_forum', 'a_forumadd', 'a_forumdel'), $row['forum_id']))
-			{
-				$disabled = true;
-			}
 		}
 		else if (!$ignore_acl)
 		{
@@ -577,8 +573,8 @@ function move_posts($post_ids, $topic_id, $auto_sync = true)
 
 	while ($row = $db->sql_fetchrow($result))
 	{
-		$forum_ids[] = $row['forum_id'];
+		$forum_ids[] = (int) $row['forum_id'];
-		$topic_ids[] = $row['topic_id'];
+		$topic_ids[] = (int) $row['topic_id'];
 	}
 	$db->sql_freeresult($result);
 
@@ -595,7 +591,7 @@ function move_posts($post_ids, $topic_id, $auto_sync = true)
 	}
 
 	$sql = 'UPDATE ' . POSTS_TABLE . '
-		SET forum_id = ' . $forum_row['forum_id'] . ", topic_id = $topic_id
+		SET forum_id = ' . (int) $forum_row['forum_id'] . ", topic_id = $topic_id
 		WHERE " . $db->sql_in_set('post_id', $post_ids);
 	$db->sql_query($sql);
 
@@ -606,7 +602,7 @@ function move_posts($post_ids, $topic_id, $auto_sync = true)
 
 	if ($auto_sync)
 	{
-		$forum_ids[] = $forum_row['forum_id'];
+		$forum_ids[] = (int) $forum_row['forum_id'];
 
 		sync('topic_reported', 'topic_id', $topic_ids);
 		sync('topic_attachment', 'topic_id', $topic_ids);
@@ -675,7 +671,7 @@ function delete_topics($where_type, $where_ids, $auto_sync = true, $post_count_s
 
 	$db->sql_transaction('begin');
 
-	$table_ary = array(TOPICS_TRACK_TABLE, TOPICS_POSTED_TABLE, POLL_VOTES_TABLE, POLL_OPTIONS_TABLE, TOPICS_WATCH_TABLE, TOPICS_TABLE);
+	$table_ary = array(BOOKMARKS_TABLE, TOPICS_TRACK_TABLE, TOPICS_POSTED_TABLE, POLL_VOTES_TABLE, POLL_OPTIONS_TABLE, TOPICS_WATCH_TABLE, TOPICS_TABLE);
 
 	foreach ($table_ary as $table)
 	{
@@ -1129,53 +1125,65 @@ function delete_attachments($mode, $ids, $resync = true)
 }
 
 /**
-* Remove topic shadows
+* Deletes shadow topics pointing to a specified forum.
+*
+* @param int		$forum_id		The forum id
+* @param string		$sql_more		Additional WHERE statement, e.g. t.topic_time < (time() - 1234)
+* @param bool		$auto_sync		Will call sync() if this is true
+*
+* @return array		Array with affected forums
+*
+* @author bantu
 */
-function delete_topic_shadows($max_age, $forum_id = '', $auto_sync = true)
+function delete_topic_shadows($forum_id, $sql_more = '', $auto_sync = true)
 {
-	$where = (is_array($forum_id)) ? 'AND ' . $db->sql_in_set('t.forum_id', array_map('intval', $forum_id)) : (($forum_id) ? 'AND t.forum_id = ' . (int) $forum_id : '');
+	global $db;
 
-	switch ($db->sql_layer)
+	if (!$forum_id)
 	{
-		case 'mysql4':
+		// Nothing to do.
-		case 'mysqli':
+		return;
-			$sql = 'DELETE t.*
+	}
-				FROM ' . TOPICS_TABLE . ' t, ' . TOPICS_TABLE . ' t2
-				WHERE t.topic_moved_id = t2.topic_id
-					AND t.topic_time < ' . (time() - $max_age)
-				. $where;
-			$db->sql_query($sql);
-		break;
 
-		default:
+	// Set of affected forums we have to resync
-			$sql = 'SELECT t.topic_id
+	$sync_forum_ids = array();
-				FROM ' . TOPICS_TABLE . ' t, ' . TOPICS_TABLE . ' t2
+
-				WHERE t.topic_moved_id = t2.topic_id
+	// Amount of topics we select and delete at once.
-					AND t.topic_time < ' . (time() - $max_age)
+	$batch_size = 500;
-				. $where;
+
-			$result = $db->sql_query($sql);
+	do
+	{
+		$sql = 'SELECT t2.forum_id, t2.topic_id
+			FROM ' . TOPICS_TABLE . ' t2, ' . TOPICS_TABLE . ' t
+			WHERE t2.topic_moved_id = t.topic_id
+				AND t.forum_id = ' . (int) $forum_id . '
+				' . (($sql_more) ? 'AND ' . $sql_more : '');
+		$result = $db->sql_query_limit($sql, $batch_size);
 
 		$topic_ids = array();
 		while ($row = $db->sql_fetchrow($result))
 		{
-				$topic_ids[] = $row['topic_id'];
+			$topic_ids[] = (int) $row['topic_id'];
+
+			$sync_forum_ids[(int) $row['forum_id']] = (int) $row['forum_id'];
 		}
 		$db->sql_freeresult($result);
 
-			if (sizeof($topic_ids))
+		if (!empty($topic_ids))
 		{
 			$sql = 'DELETE FROM ' . TOPICS_TABLE . '
 				WHERE ' . $db->sql_in_set('topic_id', $topic_ids);
 			$db->sql_query($sql);
 		}
-		break;
 	}
+	while (sizeof($topic_ids) == $batch_size);
 
 	if ($auto_sync)
 	{
-		$where_type = ($forum_id) ? 'forum_id' : '';
+		sync('forum', 'forum_id', $sync_forum_ids, true, true);
-		sync('forum', $where_type, $forum_id, true, true);
 	}
+
+	return $sync_forum_ids;
 }
 
 /**
@@ -3042,6 +3050,7 @@ function get_database_size()
 
 		case 'mssql':
 		case 'mssql_odbc':
+		case 'mssqlnative':
 			$sql = 'SELECT ((SUM(size) * 8.0) * 1024.0) as dbsize
 				FROM sysfiles';
 			$result = $db->sql_query($sql, 7200);
@@ -3290,7 +3299,7 @@ function obtain_latest_version_info($force_update = false, $warn_fail = false, $
 		$errstr = '';
 		$errno = 0;
 
-		$info = get_remote_file('www.phpbb.com', '/updatecheck',
+		$info = get_remote_file('version.phpbb.com', '/phpbb',
 				((defined('PHPBB_QA')) ? '30x_qa.txt' : '30x.txt'), $errstr, $errno);
 
 		if ($info === false)

phpBB/includes/functions_compress.php

@@ -53,13 +53,18 @@ class compress
 			$filelist = filelist("$phpbb_root_path$src", '', '*');
 			krsort($filelist);
 
+			/**
+			* Commented out, as adding the folders produces corrupted archives
 			if ($src_path)
 			{
 				$this->data($src_path, '', true, stat("$phpbb_root_path$src"));
 			}
+			*/
 
 			foreach ($filelist as $path => $file_ary)
 			{
+				/**
+				* Commented out, as adding the folders produces corrupted archives
 				if ($path)
 				{
 					// Same as for src_path
@@ -68,6 +73,7 @@ class compress
 
 					$this->data("$src_path$path", '', true, stat("$phpbb_root_path$src$path"));
 				}
+				*/
 
 				foreach ($file_ary as $file)
 				{
@@ -502,8 +508,8 @@ class compress_tar extends compress
 	function compress_tar($mode, $file, $type = '')
 	{
 		$type = (!$type) ? $file : $type;
-		$this->isgz = (strpos($type, '.tar.gz') !== false || strpos($type, '.tgz') !== false) ? true : false;
+		$this->isgz = preg_match('#(\.tar\.gz|\.tgz)$#', $type);
-		$this->isbz = (strpos($type, '.tar.bz2') !== false) ? true : false;
+		$this->isbz = preg_match('#\.tar\.bz2$#', $type);
 
 		$this->mode = &$mode;
 		$this->file = &$file;

phpBB/includes/functions_convert.php

@@ -1025,6 +1025,9 @@ function set_user_options()
 		'bbcode'		=> array('bit' => 8, 'default' => 1),
 		'smilies'		=> array('bit' => 9, 'default' => 1),
 		'popuppm'		=> array('bit' => 10, 'default' => 0),
+		'sig_bbcode'	=> array('bit' => 15, 'default' => 1),
+		'sig_smilies'	=> array('bit' => 16, 'default' => 1),
+		'sig_links'		=> array('bit' => 17, 'default' => 1),
 	);
 
 	$option_field = 0;
@@ -1645,6 +1648,7 @@ function mass_auth($ug_type, $forum_id, $ug_id, $acl_list, $setting = ACL_NO)
 
 					case 'mssql':
 					case 'sqlite':
+					case 'mssqlnative':
 						$sql = implode(' UNION ALL ', preg_replace('#^(.*?)$#', 'SELECT \1', $sql_subary));
 					break;
 
@@ -2302,7 +2306,7 @@ function copy_file($src, $trg, $overwrite = false, $die_on_failure = true, $sour
 		}
 	}
 
-	if (!is_writable($path))
+	if (!phpbb_is_writable($path))
 	{
 		@chmod($path, 0777);
 	}
@@ -2337,7 +2341,7 @@ function copy_dir($src, $trg, $copy_subdirs = true, $overwrite = false, $die_on_
 		@chmod($trg_path, 0777);
 	}
 
-	if (!@is_writable($trg_path))
+	if (!phpbb_is_writable($trg_path))
 	{
 		$bad_dirs[] = path($config['script_path']) . $trg;
 	}
@@ -2404,7 +2408,7 @@ function copy_dir($src, $trg, $copy_subdirs = true, $overwrite = false, $die_on_
 				@chmod($trg_path . $dir, 0777);
 			}
 
-			if (!@is_writable($trg_path . $dir))
+			if (!phpbb_is_writable($trg_path . $dir))
 			{
 				$bad_dirs[] = $trg . $dir;
 				$bad_dirs[] = $trg_path . $dir;

phpBB/includes/functions_display.php

@@ -396,7 +396,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 		}
 		else
 		{
-			$folder_alt = ($forum_unread) ? 'NEW_POSTS' : 'NO_NEW_POSTS';
+			$folder_alt = ($forum_unread) ? 'UNREAD_POSTS' : 'NO_UNREAD_POSTS';
 		}
 
 		// Create last post link information, if appropriate
@@ -425,7 +425,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 		$s_subforums_list = array();
 		foreach ($subforums_list as $subforum)
 		{
-			$s_subforums_list[] = '<a href="' . $subforum['link'] . '" class="subforum ' . (($subforum['unread']) ? 'unread' : 'read') . '" title="' . (($subforum['unread']) ? $user->lang['NEW_POSTS'] : $user->lang['NO_NEW_POSTS']) . '">' . $subforum['name'] . '</a>';
+			$s_subforums_list[] = '<a href="' . $subforum['link'] . '" class="subforum ' . (($subforum['unread']) ? 'unread' : 'read') . '" title="' . (($subforum['unread']) ? $user->lang['UNREAD_POSTS'] : $user->lang['NO_UNREAD_POSTS']) . '">' . $subforum['name'] . '</a>';
 		}
 		$s_subforums_list = (string) implode(', ', $s_subforums_list);
 		$catless = ($row['parent_id'] == $root_data['forum_id']) ? true : false;
@@ -660,7 +660,7 @@ function topic_generate_pagination($replies, $url)
 		$times = 1;
 		for ($j = 0; $j < $replies + 1; $j += $per_page)
 		{
-			$pagination .= '<a href="' . $url . '&amp;start=' . $j . '">' . $times . '</a>';
+			$pagination .= '<a href="' . $url . ($j == 0 ? '' : '&amp;start=' . $j) . '">' . $times . '</a>';
 			if ($times == 1 && $total_pages > 5)
 			{
 				$pagination .= ' ... ';
@@ -854,7 +854,7 @@ function topic_status(&$topic_row, $replies, $unread_topic, &$folder_img, &$fold
 
 
 		$folder_img = ($unread_topic) ? $folder_new : $folder;
-		$folder_alt = ($unread_topic) ? 'NEW_POSTS' : (($topic_row['topic_status'] == ITEM_LOCKED) ? 'TOPIC_LOCKED' : 'NO_NEW_POSTS');
+		$folder_alt = ($unread_topic) ? 'UNREAD_POSTS' : (($topic_row['topic_status'] == ITEM_LOCKED) ? 'TOPIC_LOCKED' : 'NO_UNREAD_POSTS');
 
 		// Posted image?
 		if (!empty($topic_row['topic_posted']) && $topic_row['topic_posted'])
@@ -969,11 +969,16 @@ function display_user_activity(&$userdata)
 	$forum_ary = array_unique($forum_ary);
 	$forum_sql = (sizeof($forum_ary)) ? 'AND ' . $db->sql_in_set('forum_id', $forum_ary, true) : '';
 
+	$fid_m_approve = $auth->acl_getf('m_approve', true);
+	$sql_m_approve = (!empty($fid_m_approve)) ? 'OR ' . $db->sql_in_set('forum_id', array_keys($fid_m_approve)) : '';
+
 	// Obtain active forum
 	$sql = 'SELECT forum_id, COUNT(post_id) AS num_posts
 		FROM ' . POSTS_TABLE . '
 		WHERE poster_id = ' . $userdata['user_id'] . "
 			AND post_postcount = 1
+			AND (post_approved = 1
+				$sql_m_approve)
 			$forum_sql
 		GROUP BY forum_id
 		ORDER BY num_posts DESC";
@@ -996,6 +1001,8 @@ function display_user_activity(&$userdata)
 		FROM ' . POSTS_TABLE . '
 		WHERE poster_id = ' . $userdata['user_id'] . "
 			AND post_postcount = 1
+			AND (post_approved = 1
+				$sql_m_approve)
 			$forum_sql
 		GROUP BY topic_id
 		ORDER BY num_posts DESC";
@@ -1112,10 +1119,10 @@ function watch_topic_forum($mode, &$s_watching, $user_id, $forum_id, $topic_id,
 			{
 				$is_watching = true;
 
-				if ($notify_status)
+				if ($notify_status != NOTIFY_YES)
 				{
 					$sql = 'UPDATE ' . $table_sql . "
-						SET notify_status = 0
+						SET notify_status = " . NOTIFY_YES . "
 						WHERE $where_sql = $match_id
 							AND user_id = $user_id";
 					$db->sql_query($sql);
@@ -1134,7 +1141,7 @@ function watch_topic_forum($mode, &$s_watching, $user_id, $forum_id, $topic_id,
 					$is_watching = true;
 
 					$sql = 'INSERT INTO ' . $table_sql . " (user_id, $where_sql, notify_status)
-						VALUES ($user_id, $match_id, 0)";
+						VALUES ($user_id, $match_id, " . NOTIFY_YES . ')';
 					$db->sql_query($sql);
 					$message = $user->lang['ARE_WATCHING_' . strtoupper($mode)] . '<br /><br />' . sprintf($user->lang['RETURN_' . strtoupper($mode)], '<a href="' . $redirect_url . '">', '</a>');
 				}

phpBB/includes/functions_install.php

@@ -95,6 +95,16 @@ function get_available_dbms($dbms = false, $return_unavailable = false, $only_20
 			'AVAILABLE'		=> true,
 			'2.0.x'			=> true,
 		),
+		'mssqlnative'		=> array(
+			'LABEL'			=> 'MS SQL Server 2005+ [ Native ]',
+			'SCHEMA'		=> 'mssql',
+			'MODULE'		=> 'sqlsrv',
+			'DELIM'			=> 'GO',
+			'COMMENTS'		=> 'remove_comments',
+			'DRIVER'		=> 'mssqlnative',
+			'AVAILABLE'		=> true,
+			'2.0.x'			=> false,
+		),			
 		'oracle'	=>	array(
 			'LABEL'			=> 'Oracle',
 			'SCHEMA'		=> 'oracle',
@@ -220,6 +230,7 @@ function get_tables($db)
 
 		case 'mssql':
 		case 'mssql_odbc':
+		case 'mssqlnative':
 			$sql = "SELECT name
 				FROM sysobjects
 				WHERE type='U'";
@@ -313,6 +324,7 @@ function connect_check_db($error_connect, &$error, $dbms_details, $table_prefix,
 
 		case 'mssql':
 		case 'mssql_odbc':
+		case 'mssqlnative':
 			$prefix_length = 90;
 		break;
 

phpBB/includes/functions_messenger.php

@@ -631,6 +631,64 @@ class queue
 		$this->data[$object]['data'][] = $scope;
 	}
 
+	/**
+	* Obtains exclusive lock on queue cache file.
+	* Returns resource representing the lock
+	*/
+	function lock()
+	{
+		// For systems that can't have two processes opening
+		// one file for writing simultaneously
+		if (file_exists($this->cache_file . '.lock'))
+		{
+			$mode = 'rb';
+		}
+		else
+		{
+			$mode = 'wb';
+		}
+
+		$lock_fp = @fopen($this->cache_file . '.lock', $mode);
+
+		if ($mode == 'wb')
+		{
+			if (!$lock_fp)
+			{
+				// Two processes may attempt to create lock file at the same time.
+				// Have the losing process try opening the lock file again for reading
+				// on the assumption that the winning process created it
+				$mode = 'rb';
+				$lock_fp = @fopen($this->cache_file . '.lock', $mode);
+			}
+			else
+			{
+				// Only need to set mode when the lock file is written
+				@chmod($this->cache_file . '.lock', 0666);
+			}
+		}
+
+		if ($lock_fp)
+		{
+			@flock($lock_fp, LOCK_EX);
+		}
+
+		return $lock_fp;
+	}
+
+	/**
+	* Releases lock on queue cache file, using resource obtained from lock()
+	*/
+	function unlock($lock_fp)
+	{
+		// lock() will return null if opening lock file, and thus locking, failed.
+		// Accept null values here so that client code does not need to check them
+		if ($lock_fp)
+		{
+			@flock($lock_fp, LOCK_UN);
+			fclose($lock_fp);
+		}
+	}
+
 	/**
 	* Process queue
 	* Using lock file
@@ -639,24 +697,16 @@ class queue
 	{
 		global $db, $config, $phpEx, $phpbb_root_path, $user;
 
+		$lock_fp = $this->lock();
+
 		set_config('last_queue_run', time(), true);
 
-		// Delete stale lock file
+		if (!file_exists($this->cache_file) || filemtime($this->cache_file) > time() - $config['queue_interval'])
-		if (file_exists($this->cache_file . '.lock') && !file_exists($this->cache_file))
 		{
-			@unlink($this->cache_file . '.lock');
+			$this->unlock($lock_fp);
 			return;
 		}
 
-		if (!file_exists($this->cache_file) || (file_exists($this->cache_file . '.lock') && filemtime($this->cache_file) > time() - $config['queue_interval']))
-		{
-			return;
-		}
-
-		$fp = @fopen($this->cache_file . '.lock', 'wb');
-		fclose($fp);
-		@chmod($this->cache_file . '.lock', 0777);
-
 		include($this->cache_file);
 
 		foreach ($this->queue_data as $object => $data_ary)
@@ -671,11 +721,18 @@ class queue
 			$package_size = $data_ary['package_size'];
 			$num_items = (!$package_size || sizeof($data_ary['data']) < $package_size) ? sizeof($data_ary['data']) : $package_size;
 
+			/*
+			* This code is commented out because it causes problems on some web hosts.
+			* The core problem is rather restrictive email sending limits.
+			* This code is nly useful if you have no such restrictions from the
+			* web host and the package size setting is wrong.
+
 			// If the amount of emails to be sent is way more than package_size than we need to increase it to prevent backlogs...
 			if (sizeof($data_ary['data']) > $package_size * 2.5)
 			{
 				$num_items = sizeof($data_ary['data']);
 			}
+			*/
 
 			switch ($object)
 			{
@@ -713,6 +770,7 @@ class queue
 				break;
 
 				default:
+					$this->unlock($lock_fp);
 					return;
 			}
 
@@ -738,8 +796,6 @@ class queue
 
 						if (!$result)
 						{
-							@unlink($this->cache_file . '.lock');
-
 							messenger::error('EMAIL', $err_msg);
 							continue 2;
 						}
@@ -783,16 +839,14 @@ class queue
 		{
 			if ($fp = @fopen($this->cache_file, 'wb'))
 			{
-				@flock($fp, LOCK_EX);
 				fwrite($fp, "<?php\nif (!defined('IN_PHPBB')) exit;\n\$this->queue_data = unserialize(" . var_export(serialize($this->queue_data), true) . ");\n\n?>");
-				@flock($fp, LOCK_UN);
 				fclose($fp);
 
 				phpbb_chmod($this->cache_file, CHMOD_READ | CHMOD_WRITE);
 			}
 		}
 
-		@unlink($this->cache_file . '.lock');
+		$this->unlock($lock_fp);
 	}
 
 	/**
@@ -805,6 +859,8 @@ class queue
 			return;
 		}
 
+		$lock_fp = $this->lock();
+
 		if (file_exists($this->cache_file))
 		{
 			include($this->cache_file);
@@ -824,13 +880,13 @@ class queue
 
 		if ($fp = @fopen($this->cache_file, 'w'))
 		{
-			@flock($fp, LOCK_EX);
 			fwrite($fp, "<?php\nif (!defined('IN_PHPBB')) exit;\n\$this->queue_data = unserialize(" . var_export(serialize($this->data), true) . ");\n\n?>");
-			@flock($fp, LOCK_UN);
 			fclose($fp);
 
 			phpbb_chmod($this->cache_file, CHMOD_READ | CHMOD_WRITE);
 		}
+
+		$this->unlock($lock_fp);
 	}
 }
 

phpBB/includes/functions_posting.php

@@ -85,10 +85,10 @@ function generate_smilies($mode, $forum_id)
 
 	if ($mode == 'window')
 	{
-		$sql = 'SELECT smiley_url, MIN(emotion) as emotion, MIN(code) AS code, smiley_width, smiley_height
+		$sql = 'SELECT smiley_url, MIN(emotion) as emotion, MIN(code) AS code, smiley_width, smiley_height, MIN(smiley_order) AS min_smiley_order
 			FROM ' . SMILIES_TABLE . '
 			GROUP BY smiley_url, smiley_width, smiley_height
-			ORDER BY MIN(smiley_order)';
+			ORDER BY min_smiley_order';
 		$result = $db->sql_query_limit($sql, $config['smilies_per_page'], $start, 3600);
 	}
 	else
@@ -348,7 +348,7 @@ function posting_gen_topic_types($forum_id, $cur_topic_type = POST_NORMAL)
 	{
 		$topic_type_array = array_merge(array(0 => array(
 			'VALUE'			=> POST_NORMAL,
-			'S_CHECKED'		=> ($topic_type == POST_NORMAL) ? ' checked="checked"' : '',
+			'S_CHECKED'		=> ($cur_topic_type == POST_NORMAL) ? ' checked="checked"' : '',
 			'L_TOPIC_TYPE'	=> $user->lang['POST_NORMAL'])),
 
 			$topic_type_array
@@ -1146,7 +1146,7 @@ function topic_review($topic_id, $forum_id, $mode = 'topic_review', $cur_post_id
 			}
 		}
 
-		unset($rowset[$i]);
+		unset($rowset[$post_list[$i]]);
 	}
 
 	if ($mode == 'topic_review')
@@ -1201,8 +1201,8 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id
 		FROM ' . (($topic_notification) ? TOPICS_WATCH_TABLE : FORUMS_WATCH_TABLE) . ' w, ' . USERS_TABLE . ' u
 		WHERE w.' . (($topic_notification) ? 'topic_id' : 'forum_id') . ' = ' . (($topic_notification) ? $topic_id : $forum_id) . "
 			AND w.user_id NOT IN ($sql_ignore_users)
-			AND w.notify_status = 0
+			AND w.notify_status = " . NOTIFY_YES . '
-			AND u.user_type IN (" . USER_NORMAL . ', ' . USER_FOUNDER . ')
+			AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')
 			AND u.user_id = w.user_id';
 	$result = $db->sql_query($sql);
 
@@ -1234,8 +1234,8 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id
 			FROM ' . FORUMS_WATCH_TABLE . ' fw, ' . USERS_TABLE . " u
 			WHERE fw.forum_id = $forum_id
 				AND fw.user_id NOT IN ($sql_ignore_users)
-				AND fw.notify_status = 0
+				AND fw.notify_status = " . NOTIFY_YES . '
-				AND u.user_type IN (" . USER_NORMAL . ', ' . USER_FOUNDER . ')
+				AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')
 				AND u.user_id = fw.user_id';
 		$result = $db->sql_query($sql);
 
@@ -1344,8 +1344,8 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id
 
 	if (!empty($update_notification['topic']))
 	{
-		$sql = 'UPDATE ' . TOPICS_WATCH_TABLE . "
+		$sql = 'UPDATE ' . TOPICS_WATCH_TABLE . '
-			SET notify_status = 1
+			SET notify_status = ' . NOTIFY_NO . "
 			WHERE topic_id = $topic_id
 				AND " . $db->sql_in_set('user_id', $update_notification['topic']);
 		$db->sql_query($sql);
@@ -1353,8 +1353,8 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id
 
 	if (!empty($update_notification['forum']))
 	{
-		$sql = 'UPDATE ' . FORUMS_WATCH_TABLE . "
+		$sql = 'UPDATE ' . FORUMS_WATCH_TABLE . '
-			SET notify_status = 1
+			SET notify_status = ' . NOTIFY_NO . "
 			WHERE forum_id = $forum_id
 				AND " . $db->sql_in_set('user_id', $update_notification['forum']);
 		$db->sql_query($sql);
@@ -2537,7 +2537,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 	if ($mode == 'post' || $mode == 'reply' || $mode == 'quote')
 	{
 		// Mark this topic as posted to
-		markread('post', $data['forum_id'], $data['topic_id'], $data['post_time']);
+		markread('post', $data['forum_id'], $data['topic_id']);
 	}
 
 	// Mark this topic as read
@@ -2583,7 +2583,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 	}
 
 	// Send Notifications
-	if ($mode != 'edit' && $mode != 'delete' && $post_approval)
+	if (($mode == 'reply' || $mode == 'quote' || $mode == 'post') && $post_approval)
 	{
 		user_notification($mode, $subject, $data['topic_title'], $data['forum_name'], $data['forum_id'], $data['topic_id'], $data['post_id']);
 	}

phpBB/includes/functions_privmsgs.php

@@ -1380,6 +1380,9 @@ function submit_pm($mode, $subject, &$data, $put_in_outbox = true)
 		}
 	}
 
+	// First of all make sure the subject are having the correct length.
+	$subject = truncate_string($subject);
+
 	$db->sql_transaction('begin');
 
 	$sql = '';
@@ -1751,6 +1754,8 @@ function message_history($msg_id, $user_id, $message_row, $folder, $in_post_mode
 		return false;
 	}
 
+	$title = $row['message_subject'];
+
 	$rowset = array();
 	$bbcode_bitfield = '';
 	$folder_url = append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm') . '&folder=';
@@ -1774,8 +1779,6 @@ function message_history($msg_id, $user_id, $message_row, $folder, $in_post_mode
 	while ($row = $db->sql_fetchrow($result));
 	$db->sql_freeresult($result);
 
-	$title = $row['message_subject'];
-
 	if (sizeof($rowset) == 1 && !$in_post_mode)
 	{
 		return false;

phpBB/includes/functions_profile_fields.php

@@ -366,6 +366,7 @@ class custom_profile
 			case 'sqlite':
 			case 'mssql':
 			case 'mssql_odbc':
+			case 'mssqlnative':
 				$right_delim = ']';
 				$left_delim = '[';
 			break;
@@ -542,8 +543,9 @@ class custom_profile
 				else if ($day && $month && $year)
 				{
 					global $user;
-					// d/m/y 00:00 GMT isn't necessarily on the same d/m/y in the user's timezone, so add the timezone seconds
+					// Date should display as the same date for every user regardless of timezone, so remove offset
-					return $user->format_date(gmmktime(0, 0, 0, $month, $day, $year) + $user->timezone + $user->dst, $user->lang['DATE_FORMAT'], true);
+					// to compensate for the offset added by user::format_date()
+					return $user->format_date(gmmktime(0, 0, 0, $month, $day, $year) - ($user->timezone + $user->dst), $user->lang['DATE_FORMAT'], true);
 				}
 
 				return $value;
@@ -876,6 +878,11 @@ class custom_profile
 				$now = getdate();
 				$row['field_default_value'] = sprintf('%2d-%2d-%4d', $now['mday'], $now['mon'], $now['year']);
 			}
+			else if ($row['field_default_value'] === '' && $row['field_type'] == FIELD_INT)
+			{
+				// We cannot insert an empty string into an integer column.
+				$row['field_default_value'] = NULL;
+			}
 
 			$cp_data['pf_' . $row['field_ident']] = (in_array($row['field_type'], array(FIELD_TEXT, FIELD_STRING))) ? $row['lang_default_value'] : $row['field_default_value'];
 		}

phpBB/includes/functions_upload.php

@@ -58,8 +58,9 @@ class filespec
 
 		$this->filename = $upload_ary['tmp_name'];
 		$this->filesize = $upload_ary['size'];
-		$name = trim(utf8_htmlspecialchars(utf8_basename($upload_ary['name'])));
+		$name = (STRIP) ? stripslashes($upload_ary['name']) : $upload_ary['name'];
-		$this->realname = $this->uploadname = (STRIP) ? stripslashes($name) : $name;
+		$name = trim(utf8_htmlspecialchars(utf8_basename($name)));
+		$this->realname = $this->uploadname = $name;
 		$this->mimetype = $upload_ary['type'];
 
 		// Opera adds the name to the mime type
@@ -775,7 +776,18 @@ class fileupload
 		{
 			if ($get_info)
 			{
-				$data .= @fread($fsock, 1024);
+				$block = @fread($fsock, 1024);
+				$filesize += strlen($block);
+
+				if ($this->max_filesize && $filesize > $this->max_filesize)
+				{
+					$max_filesize = get_formatted_filesize($this->max_filesize, false);
+
+					$file = new fileerror(sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit']));
+					return $file;
+				}
+
+				$data .= $block;
 			}
 			else
 			{
@@ -791,6 +803,18 @@ class fileupload
 					{
 						$upload_ary['type'] = rtrim(str_replace('content-type: ', '', strtolower($line)));
 					}
+					else if ($this->max_filesize && stripos($line, 'content-length: ') !== false)
+					{
+						$length = (int) str_replace('content-length: ', '', strtolower($line));
+
+						if ($length && $length > $this->max_filesize)
+						{
+							$max_filesize = get_formatted_filesize($this->max_filesize, false);
+
+							$file = new fileerror(sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit']));
+							return $file;
+						}
+					}
 					else if (stripos($line, '404 not found') !== false)
 					{
 						$file = new fileerror($user->lang[$this->error_prefix . 'URL_NOT_FOUND']);

phpBB/includes/functions_user.php

@@ -297,6 +297,7 @@ function user_add($user_row, $cp_data = false)
 			if ($config['new_member_group_default'])
 			{
 				group_user_add($add_group_id, $user_id, false, false, true);
+				$user_row['group_id'] = $add_group_id;
 			}
 			else
 			{
@@ -527,7 +528,7 @@ function user_delete($mode, $user_id, $post_username = false)
 
 	$db->sql_transaction('begin');
 
-	$table_ary = array(USERS_TABLE, USER_GROUP_TABLE, TOPICS_WATCH_TABLE, FORUMS_WATCH_TABLE, ACL_USERS_TABLE, TOPICS_TRACK_TABLE, TOPICS_POSTED_TABLE, FORUMS_TRACK_TABLE, PROFILE_FIELDS_DATA_TABLE, MODERATOR_CACHE_TABLE, DRAFTS_TABLE, BOOKMARKS_TABLE, SESSIONS_KEYS_TABLE);
+	$table_ary = array(USERS_TABLE, USER_GROUP_TABLE, TOPICS_WATCH_TABLE, FORUMS_WATCH_TABLE, ACL_USERS_TABLE, TOPICS_TRACK_TABLE, TOPICS_POSTED_TABLE, FORUMS_TRACK_TABLE, PROFILE_FIELDS_DATA_TABLE, MODERATOR_CACHE_TABLE, DRAFTS_TABLE, BOOKMARKS_TABLE, SESSIONS_KEYS_TABLE, PRIVMSGS_FOLDER_TABLE, PRIVMSGS_RULES_TABLE);
 
 	foreach ($table_ary as $table)
 	{
@@ -765,7 +766,8 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
 			if (sizeof($ban_other) == 3 && ((int)$ban_other[0] < 9999) &&
 				(strlen($ban_other[0]) == 4) && (strlen($ban_other[1]) == 2) && (strlen($ban_other[2]) == 2))
 			{
-				$ban_end = max($current_time, gmmktime(0, 0, 0, (int)$ban_other[1], (int)$ban_other[2], (int)$ban_other[0]));
+				$time_offset = (isset($user->timezone) && isset($user->dst)) ? (int) $user->timezone + (int) $user->dst : 0;
+				$ban_end = max($current_time, gmmktime(0, 0, 0, (int)$ban_other[1], (int)$ban_other[2], (int)$ban_other[0]) - $time_offset);
 			}
 			else
 			{
@@ -836,14 +838,15 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
 				FROM ' . USERS_TABLE . '
 				WHERE ' . $db->sql_in_set('username_clean', $sql_usernames);
 
-			// Do not allow banning yourself
+			// Do not allow banning yourself, the guest account, or founders.
+			$non_bannable = array($user->data['user_id'], ANONYMOUS);
 			if (sizeof($founder))
 			{
-				$sql .= ' AND ' . $db->sql_in_set('user_id', array_merge(array_keys($founder), array($user->data['user_id'])), true);
+				$sql .= ' AND ' . $db->sql_in_set('user_id', array_merge(array_keys($founder), $non_bannable), true);
 			}
 			else
 			{
-				$sql .= ' AND user_id <> ' . $user->data['user_id'];
+				$sql .= ' AND ' . $db->sql_in_set('user_id', $non_bannable, true);
 			}
 
 			$result = $db->sql_query($sql);
@@ -1227,22 +1230,39 @@ function user_unban($mode, $ban)
 }
 
 /**
-* Whois facility
+* Internet Protocol Address Whois
+* RFC3912: WHOIS Protocol Specification
 *
-* @link http://tools.ietf.org/html/rfc3912 RFC3912: WHOIS Protocol Specification
+* @param string $ip		Ip address, either IPv4 or IPv6.
+*
+* @return string		Empty string if not a valid ip address.
+*						Otherwise make_clickable()'ed whois result.
 */
 function user_ipwhois($ip)
 {
-	$ipwhois = '';
+	if (empty($ip))
-
-	// Check IP
-	// Only supporting IPv4 at the moment...
-	if (empty($ip) || !preg_match(get_preg_expression('ipv4'), $ip))
 	{
 		return '';
 	}
 
-	if (($fsk = @fsockopen('whois.arin.net', 43)))
+	if (preg_match(get_preg_expression('ipv4'), $ip))
+	{
+		// IPv4 address
+		$whois_host = 'whois.arin.net.';
+	}
+	else if (preg_match(get_preg_expression('ipv6'), $ip))
+	{
+		// IPv6 address
+		$whois_host = 'whois.sixxs.net.';
+	}
+	else
+	{
+		return '';
+	}
+
+	$ipwhois = '';
+
+	if (($fsk = @fsockopen($whois_host, 43)))
 	{
 		// CRLF as per RFC3912
 		fputs($fsk, "$ip\r\n");
@@ -1255,7 +1275,7 @@ function user_ipwhois($ip)
 
 	$match = array();
 
-	// Test for referrals from ARIN to other whois databases, roll on rwhois
+	// Test for referrals from $whois_host to other whois databases, roll on rwhois
 	if (preg_match('#ReferralServer: whois://(.+)#im', $ipwhois, $match))
 	{
 		if (strpos($match[1], ':') !== false)
@@ -1283,7 +1303,7 @@ function user_ipwhois($ip)
 			@fclose($fsk);
 		}
 
-		// Use the result from ARIN if we don't get any result here
+		// Use the result from $whois_host if we don't get any result here
 		$ipwhois = (empty($buffer)) ? $ipwhois : $buffer;
 	}
 
@@ -2283,7 +2303,7 @@ function avatar_get_dimensions($avatar, $avatar_type, &$error, $current_x = 0, $
 /**
 * Uploading/Changing user avatar
 */
-function avatar_process_user(&$error, $custom_userdata = false)
+function avatar_process_user(&$error, $custom_userdata = false, $can_upload = null)
 {
 	global $config, $phpbb_root_path, $auth, $user, $db;
 
@@ -2322,7 +2342,10 @@ function avatar_process_user(&$error, $custom_userdata = false)
 	$avatar_select = basename(request_var('avatar_select', ''));
 
 	// Can we upload?
-	$can_upload = ($config['allow_avatar_upload'] && file_exists($phpbb_root_path . $config['avatar_path']) && @is_writable($phpbb_root_path . $config['avatar_path']) && $change_avatar && (@ini_get('file_uploads') || strtolower(@ini_get('file_uploads')) == 'on')) ? true : false;
+	if (is_null($can_upload))
+	{
+		$can_upload = ($config['allow_avatar_upload'] && file_exists($phpbb_root_path . $config['avatar_path']) && phpbb_is_writable($phpbb_root_path . $config['avatar_path']) && $change_avatar && (@ini_get('file_uploads') || strtolower(@ini_get('file_uploads')) == 'on')) ? true : false;
+	}
 
 	if ((!empty($_FILES['uploadfile']['name']) || $data['uploadurl']) && $can_upload)
 	{
@@ -2347,7 +2370,7 @@ function avatar_process_user(&$error, $custom_userdata = false)
 		}
 		else
 		{
-			list($sql_ary['user_avatar_width'], $sql_ary['user_avatar_height']) = getimagesize($phpbb_root_path . $config['avatar_gallery_path'] . '/' . $category . '/' . $sql_ary['user_avatar']);
+			list($sql_ary['user_avatar_width'], $sql_ary['user_avatar_height']) = getimagesize($phpbb_root_path . $config['avatar_gallery_path'] . '/' . $category . '/' . urldecode($sql_ary['user_avatar']));
 			$sql_ary['user_avatar'] = $category . '/' . $sql_ary['user_avatar'];
 		}
 	}

phpBB/includes/mcp/mcp_main.php

@@ -1048,6 +1048,35 @@ function mcp_fork_topic($topic_ids)
 		$total_posts = 0;
 		$new_topic_id_list = array();
 
+		if ($topic_data['enable_indexing'])
+		{
+			// Select the search method and do some additional checks to ensure it can actually be utilised
+			$search_type = basename($config['search_type']);
+
+			if (!file_exists($phpbb_root_path . 'includes/search/' . $search_type . '.' . $phpEx))
+			{
+				trigger_error('NO_SUCH_SEARCH_MODULE');
+			}
+
+			if (!class_exists($search_type))
+			{
+				include("{$phpbb_root_path}includes/search/$search_type.$phpEx");
+			}
+
+			$error = false;
+			$search = new $search_type($error);
+			$search_mode = 'post';
+
+			if ($error)
+			{
+				trigger_error($error);
+			}
+		}
+		else
+		{
+			$search_type = false;
+		}
+
 		foreach ($topic_data as $topic_id => $topic_row)
 		{
 			$sql_ary = array(
@@ -1158,6 +1187,12 @@ function mcp_fork_topic($topic_ids)
 				// Copy whether the topic is dotted
 				markread('post', $to_forum_id, $new_topic_id, 0, $row['poster_id']);
 
+				if ($search_type)
+				{
+					$search->index($search_mode, $sql_ary['post_id'], $sql_ary['post_text'], $sql_ary['post_subject'], $sql_ary['poster_id'], ($topic_row['topic_type'] == POST_GLOBAL) ? 0 : $to_forum_id);
+					$search_mode = 'reply'; // After one we index replies
+				}
+
 				// Copy Attachments
 				if ($row['post_attachment'])
 				{

phpBB/includes/mcp/mcp_post.php

@@ -176,7 +176,7 @@ function mcp_post_details($id, $mode, $action)
 	}
 
 	$template->assign_vars(array(
-		'U_MCP_ACTION'			=> "$url&i=main&quickmod=1", // Use this for mode paramaters
+		'U_MCP_ACTION'			=> "$url&i=main&quickmod=1&mode=post_details", // Use this for mode paramaters
 		'U_POST_ACTION'			=> "$url&i=$id&mode=post_details", // Use this for action parameters
 		'U_APPROVE_ACTION'		=> append_sid("{$phpbb_root_path}mcp.$phpEx", "i=queue&p=$post_id&f={$post_info['forum_id']}"),
 
@@ -200,7 +200,7 @@ function mcp_post_details($id, $mode, $action)
 		'U_VIEW_POST'			=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $post_info['forum_id'] . '&p=' . $post_info['post_id'] . '#p' . $post_info['post_id']),
 		'U_VIEW_TOPIC'			=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $post_info['forum_id'] . '&t=' . $post_info['topic_id']),
 
-		'MINI_POST_IMG'			=> ($post_unread) ? $user->img('icon_post_target_unread', 'NEW_POST') : $user->img('icon_post_target', 'POST'),
+		'MINI_POST_IMG'			=> ($post_unread) ? $user->img('icon_post_target_unread', 'UNREAD_POST') : $user->img('icon_post_target', 'POST'),
 
 		'RETURN_TOPIC'			=> sprintf($user->lang['RETURN_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f={$post_info['forum_id']}&amp;p=$post_id") . "#p$post_id\">", '</a>'),
 		'RETURN_FORUM'			=> sprintf($user->lang['RETURN_FORUM'], '<a href="' . append_sid("{$phpbb_root_path}viewforum.$phpEx", "f={$post_info['forum_id']}&amp;start={$start}") . '">', '</a>'),

phpBB/includes/mcp/mcp_queue.php

@@ -196,7 +196,7 @@ class mcp_queue
 					'U_VIEW_POST'			=> $post_url,
 					'U_VIEW_TOPIC'			=> $topic_url,
 
-					'MINI_POST_IMG'			=> ($post_unread) ? $user->img('icon_post_target_unread', 'NEW_POST') : $user->img('icon_post_target', 'POST'),
+					'MINI_POST_IMG'			=> ($post_unread) ? $user->img('icon_post_target_unread', 'UNREAD_POST') : $user->img('icon_post_target', 'POST'),
 
 					'RETURN_QUEUE'			=> sprintf($user->lang['RETURN_QUEUE'], '<a href="' . append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue' . (($topic_id) ? '&amp;mode=unapproved_topics' : '&amp;mode=unapproved_posts')) . "&amp;start=$start\">", '</a>'),
 					'RETURN_POST'			=> sprintf($user->lang['RETURN_POST'], '<a href="' . $post_url . '">', '</a>'),
@@ -428,7 +428,7 @@ class mcp_queue
 
 						'POST_ID'		=> $row['post_id'],
 						'FORUM_NAME'	=> (!$global_topic) ? $forum_names[$row['forum_id']] : $user->lang['GLOBAL_ANNOUNCEMENT'],
-						'POST_SUBJECT'	=> $row['post_subject'],
+						'POST_SUBJECT'	=> ($row['post_subject'] != '') ? $row['post_subject'] : $user->lang['NO_SUBJECT'],
 						'TOPIC_TITLE'	=> $row['topic_title'],
 						'POST_TIME'		=> $user->format_date($row['post_time']))
 					);
@@ -691,6 +691,8 @@ function approve_post($post_id_list, $id, $mode)
 	{
 		$show_notify = false;
 
+		if ($config['email_enable'] || $config['jab_enable'])
+		{
 			foreach ($post_info as $post_data)
 			{
 				if ($post_data['poster_id'] == ANONYMOUS)
@@ -703,6 +705,7 @@ function approve_post($post_id_list, $id, $mode)
 					break;
 				}
 			}
+		}
 
 		$template->assign_vars(array(
 			'S_NOTIFY_POSTER'	=> $show_notify,

phpBB/includes/mcp/mcp_reports.php

@@ -205,7 +205,7 @@ class mcp_reports
 					'U_VIEW_TOPIC'				=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $post_info['forum_id'] . '&t=' . $post_info['topic_id']),
 
 					'EDIT_IMG'				=> $user->img('icon_post_edit', $user->lang['EDIT_POST']),
-					'MINI_POST_IMG'			=> ($post_unread) ? $user->img('icon_post_target_unread', 'NEW_POST') : $user->img('icon_post_target', 'POST'),
+					'MINI_POST_IMG'			=> ($post_unread) ? $user->img('icon_post_target_unread', 'UNREAD_POST') : $user->img('icon_post_target', 'POST'),
 					'UNAPPROVED_IMG'		=> $user->img('icon_topic_unapproved', $user->lang['POST_UNAPPROVED']),
 
 					'RETURN_REPORTS'			=> sprintf($user->lang['RETURN_REPORTS'], '<a href="' . append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=reports' . (($post_info['post_reported']) ? '&amp;mode=reports' : '&amp;mode=reports_closed') . '&amp;start=' . $start . '&amp;f=' . $post_info['forum_id']) . '">', '</a>'),

phpBB/includes/mcp/mcp_topic.php

@@ -237,7 +237,7 @@ function mcp_topic_view($id, $mode, $action)
 			'POST_ID'		=> $row['post_id'],
 			'RETURN_TOPIC'	=> sprintf($user->lang['RETURN_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", 't=' . $topic_id) . '">', '</a>'),
 
-			'MINI_POST_IMG'			=> ($post_unread) ? $user->img('icon_post_target_unread', 'NEW_POST') : $user->img('icon_post_target', 'POST'),
+			'MINI_POST_IMG'			=> ($post_unread) ? $user->img('icon_post_target_unread', 'UNREAD_POST') : $user->img('icon_post_target', 'POST'),
 
 			'S_POST_REPORTED'	=> ($row['post_reported']) ? true : false,
 			'S_POST_UNAPPROVED'	=> ($row['post_approved']) ? false : true,

phpBB/includes/message_parser.php

@@ -300,7 +300,7 @@ class bbcode_firstpass extends bbcode
 
 		if ($config['max_' . $this->mode . '_img_height'] || $config['max_' . $this->mode . '_img_width'])
 		{
-			$stats = @getimagesize($in);
+			$stats = @getimagesize(htmlspecialchars_decode($in));
 
 			if ($stats === false)
 			{
@@ -352,6 +352,15 @@ class bbcode_firstpass extends bbcode
 			return '[flash=' . $width . ',' . $height . ']' . $in . '[/flash]';
 		}
 
+		$in = str_replace(' ', '%20', $in);
+
+		// Make sure $in is a URL.
+		if (!preg_match('#^' . get_preg_expression('url') . '$#i', $in) &&
+			!preg_match('#^' . get_preg_expression('www_url') . '$#i', $in))
+		{
+			return '[flash=' . $width . ',' . $height . ']' . $in . '[/flash]';
+		}
+
 		// Apply the same size checks on flash files as on images
 		if ($config['max_' . $this->mode . '_img_height'] || $config['max_' . $this->mode . '_img_width'])
 		{
@@ -1284,6 +1293,7 @@ class parse_message extends bbcode_firstpass
 			{
 				case 'mssql':
 				case 'mssql_odbc':
+				case 'mssqlnative':
 					$sql = 'SELECT *
 						FROM ' . SMILIES_TABLE . '
 						ORDER BY LEN(code) DESC';

phpBB/includes/search/fulltext_mysql.php

@@ -122,7 +122,7 @@ class fulltext_mysql extends search_backend
 
 		if ($terms == 'all')
 		{
-			$match		= array('#\sand\s#iu', '#\sor\s#iu', '#\snot\s#iu', '#\+#', '#-#', '#\|#');
+			$match		= array('#\sand\s#iu', '#\sor\s#iu', '#\snot\s#iu', '#(^|\s)\+#', '#(^|\s)-#', '#(^|\s)\|#');
 			$replace	= array(' +', ' |', ' -', ' +', ' -', ' |');
 
 			$keywords = preg_replace($match, $replace, $keywords);
@@ -919,6 +919,14 @@ class fulltext_mysql extends search_backend
 			<dt><label>' . $user->lang['FULLTEXT_MYSQL_MBSTRING'] . '</label><br /><span>' . $user->lang['FULLTEXT_MYSQL_MBSTRING_EXPLAIN'] . '</span></dt>
 			<dd>' . (($this->mbstring_regex) ? $user->lang['YES'] : $user->lang['NO']). '</dd>
 		</dl>
+		<dl>
+			<dt><label>' . $user->lang['MIN_SEARCH_CHARS'] . ':</label><br /><span>' . $user->lang['FULLTEXT_MYSQL_MIN_SEARCH_CHARS_EXPLAIN'] . '</span></dt>
+			<dd>' . $config['fulltext_mysql_min_word_len'] . '</dd>
+		</dl>
+		<dl>
+			<dt><label>' . $user->lang['MAX_SEARCH_CHARS'] . ':</label><br /><span>' . $user->lang['FULLTEXT_MYSQL_MAX_SEARCH_CHARS_EXPLAIN'] . '</span></dt>
+			<dd>' . $config['fulltext_mysql_max_word_len'] . '</dd>
+		</dl>
 		';
 
 		// These are fields required in the config table

phpBB/includes/search/fulltext_native.php

@@ -83,7 +83,9 @@ class fulltext_native extends search_backend
 	{
 		global $db, $user, $config;
 
-		$keywords = trim($this->cleanup($keywords, '+-|()*'));
+		$tokens = '+-|()*';
+
+		$keywords = trim($this->cleanup($keywords, $tokens));
 
 		// allow word|word|word without brackets
 		if ((strpos($keywords, ' ') === false) && (strpos($keywords, '|') !== false) && (strpos($keywords, '(') === false))
@@ -114,6 +116,15 @@ class fulltext_native extends search_backend
 					case ' ':
 						$keywords[$i] = '|';
 					break;
+					case '*':
+						if ($i === 0 || ($keywords[$i - 1] !== '*' && strcspn($keywords[$i - 1], $tokens) === 0))
+						{
+							if ($i === $n - 1 || ($keywords[$i + 1] !== '*' && strcspn($keywords[$i + 1], $tokens) === 0))
+							{
+								$keywords = substr($keywords, 0, $i) . substr($keywords, $i + 1);
+							}
+						}
+					break;
 				}
 			}
 			else

phpBB/includes/session.php

@@ -83,7 +83,7 @@ class session
 		$query_string = trim(implode('&', $use_args));
 
 		// basenamed page name (for example: index.php)
-		$page_name = basename($script_name);
+		$page_name = (substr($script_name, -1, 1) == '/') ? '' : basename($script_name);
 		$page_name = urlencode(htmlspecialchars($page_name));
 
 		// current directory within the phpBB root (for example: adm)
@@ -285,6 +285,17 @@ class session
 				break;
 			}
 
+			// Quick check for IPv4-mapped address in IPv6
+			if (stripos($ip, '::ffff:') === 0)
+			{
+				$ipv4 = substr($ip, 7);
+
+				if (preg_match(get_preg_expression('ipv4'), $ipv4))
+				{
+					$ip = $ipv4;
+				}
+			}
+
 			// Use the last in chain
 			$this->ip = $ip;
 		}
@@ -608,6 +619,12 @@ class session
 		}
 		else
 		{
+			// Bot user, if they have a SID in the Request URI we need to get rid of it
+			// otherwise they'll index this page with the SID, duplicate content oh my!
+			if (isset($_GET['sid']))
+			{
+				redirect(build_url(array('sid')));
+			}
 			$this->data['session_last_visit'] = $this->time_now;
 		}
 
@@ -742,7 +759,7 @@ class session
 
 				if ((int) $row['sessions'] > (int) $config['active_sessions'])
 				{
-					header('HTTP/1.1 503 Service Unavailable');
+					send_status_line(503, 'Service Unavailable');
 					trigger_error('BOARD_UNAVAILABLE');
 				}
 			}
@@ -977,7 +994,7 @@ class session
 			}
 
 			// only called from CRON; should be a safe workaround until the infrastructure gets going
-			if (!class_exists('captcha_factory'))
+			if (!class_exists('phpbb_captcha_factory'))
 			{
 				include($phpbb_root_path . "includes/captcha/captcha_factory." . $phpEx);
 			}
@@ -1815,7 +1832,7 @@ class user extends session
 		{
 			if ($this->data['is_bot'])
 			{
-				header('HTTP/1.1 503 Service Unavailable');
+				send_status_line(503, 'Service Unavailable');
 			}
 
 			$message = (!empty($config['board_disable_msg'])) ? $config['board_disable_msg'] : 'BOARD_DISABLE';
@@ -1825,7 +1842,7 @@ class user extends session
 		// Is load exceeded?
 		if ($config['limit_load'] && $this->load !== false)
 		{
-			if ($this->load > floatval($config['limit_load']) && !defined('IN_LOGIN'))
+			if ($this->load > floatval($config['limit_load']) && !defined('IN_LOGIN') && !defined('IN_ADMIN'))
 			{
 				// Set board disabled to true to let the admins/mods get the proper notification
 				$config['board_disable'] = '1';
@@ -1834,7 +1851,7 @@ class user extends session
 				{
 					if ($this->data['is_bot'])
 					{
-						header('HTTP/1.1 503 Service Unavailable');
+						send_status_line(503, 'Service Unavailable');
 					}
 					trigger_error('BOARD_UNAVAILABLE');
 				}
@@ -2128,9 +2145,9 @@ class user extends session
 		// Zone offset
 		$zone_offset = $this->timezone + $this->dst;
 
-		// Show date <= 1 hour ago as 'xx min ago'
+		// Show date <= 1 hour ago as 'xx min ago' but not greater than 60 seconds in the future
 		// A small tolerence is given for times in the future but in the same minute are displayed as '< than a minute ago'
-		if ($delta <= 3600 && ($delta >= -5 || (($now / 60) % 60) == (($gmepoch / 60) % 60)) && $date_cache[$format]['is_short'] !== false && !$forcedate && isset($this->lang['datetime']['AGO']))
+		if ($delta <= 3600 && $delta > -60 && ($delta >= -5 || (($now / 60) % 60) == (($gmepoch / 60) % 60)) && $date_cache[$format]['is_short'] !== false && !$forcedate && isset($this->lang['datetime']['AGO']))
 		{
 			return $this->lang(array('datetime', 'AGO'), max(0, (int) floor($delta / 60)));
 		}

phpBB/includes/ucp/info/ucp_profile.php

@@ -22,7 +22,7 @@ class ucp_profile_info
 			'modes'		=> array(
 				'profile_info'	=> array('title' => 'UCP_PROFILE_PROFILE_INFO', 'auth' => '', 'cat' => array('UCP_PROFILE')),
 				'signature'		=> array('title' => 'UCP_PROFILE_SIGNATURE', 'auth' => '', 'cat' => array('UCP_PROFILE')),
-				'avatar'		=> array('title' => 'UCP_PROFILE_AVATAR', 'auth' => '', 'cat' => array('UCP_PROFILE')),
+				'avatar'		=> array('title' => 'UCP_PROFILE_AVATAR', 'auth' => 'cfg_allow_avatar && (cfg_allow_avatar_local || cfg_allow_avatar_remote || cfg_allow_avatar_upload || cfg_allow_avatar_remote_upload)', 'cat' => array('UCP_PROFILE')),
 				'reg_details'	=> array('title' => 'UCP_PROFILE_REG_DETAILS', 'auth' => '', 'cat' => array('UCP_PROFILE')),
 			),
 		);

phpBB/includes/ucp/ucp_groups.php

@@ -490,7 +490,7 @@ class ucp_groups
 						$avatar_select = basename(request_var('avatar_select', ''));
 						$category = basename(request_var('category', ''));
 
-						$can_upload = (file_exists($phpbb_root_path . $config['avatar_path']) && @is_writable($phpbb_root_path . $config['avatar_path']) && $file_uploads) ? true : false;
+						$can_upload = (file_exists($phpbb_root_path . $config['avatar_path']) && phpbb_is_writable($phpbb_root_path . $config['avatar_path']) && $file_uploads) ? true : false;
 
 						// Did we submit?
 						if ($update)