Merge commit 'release-3.0.2-RC2'

phpBB/develop/create_schema_files.php

@@ -674,7 +674,7 @@ foreach ($supported_dbms as $dbms)
 						}
 
 						$line .= ($key_data[0] == 'INDEX') ? 'CREATE INDEX' : '';
-						
+
 						$line .= " {$table_name}_{$key_name} ON {$table_name} (" . implode(', ', $key_data[1]) . ")\n";
 						$line .= "/\n";
 					break;
@@ -1005,7 +1005,7 @@ function get_schema_struct()
 			'topic_id'			=> array('UINT', 0),
 			'forum_id'			=> array('UINT', 0),
 			'save_time'			=> array('TIMESTAMP', 0),
-			'draft_subject'		=> array('XSTEXT_UNI', ''),
+			'draft_subject'		=> array('STEXT_UNI', ''),
 			'draft_message'		=> array('MTEXT_UNI', ''),
 		),
 		'PRIMARY_KEY'	=> 'draft_id',
@@ -1067,7 +1067,7 @@ function get_schema_struct()
 			'forum_topics_real'		=> array('UINT', 0),
 			'forum_last_post_id'	=> array('UINT', 0),
 			'forum_last_poster_id'	=> array('UINT', 0),
-			'forum_last_post_subject' => array('XSTEXT_UNI', ''),
+			'forum_last_post_subject' => array('STEXT_UNI', ''),
 			'forum_last_post_time'	=> array('TIMESTAMP', 0),
 			'forum_last_poster_name'=> array('VCHAR_UNI', ''),
 			'forum_last_poster_colour'=> array('VCHAR:6', ''),
@@ -1281,7 +1281,7 @@ function get_schema_struct()
 			'enable_magic_url'		=> array('BOOL', 1),
 			'enable_sig'			=> array('BOOL', 1),
 			'post_username'			=> array('VCHAR_UNI:255', ''),
-			'post_subject'			=> array('XSTEXT_UNI', '', 'true_sort'),
+			'post_subject'			=> array('STEXT_UNI', '', 'true_sort'),
 			'post_text'				=> array('MTEXT_UNI', ''),
 			'post_checksum'			=> array('VCHAR:32', ''),
 			'post_attachment'		=> array('BOOL', 0),
@@ -1317,7 +1317,7 @@ function get_schema_struct()
 			'enable_smilies'		=> array('BOOL', 1),
 			'enable_magic_url'		=> array('BOOL', 1),
 			'enable_sig'			=> array('BOOL', 1),
-			'message_subject'		=> array('XSTEXT_UNI', ''),
+			'message_subject'		=> array('STEXT_UNI', ''),
 			'message_text'			=> array('MTEXT_UNI', ''),
 			'message_edit_reason'	=> array('STEXT_UNI', ''),
 			'message_edit_user'		=> array('UINT', 0),
@@ -1536,7 +1536,7 @@ function get_schema_struct()
 		'KEYS'			=> array(
 			'session_time'		=> array('INDEX', 'session_time'),
 			'session_user_id'	=> array('INDEX', 'session_user_id'),
-			'session_forum_id'	=> array('INDEX', 'session_forum_id'),
+			'session_fid'		=> array('INDEX', 'session_forum_id'),
 		),
 	);
 
@@ -1682,7 +1682,7 @@ function get_schema_struct()
 			'topic_attachment'			=> array('BOOL', 0),
 			'topic_approved'			=> array('BOOL', 1),
 			'topic_reported'			=> array('BOOL', 0),
-			'topic_title'				=> array('XSTEXT_UNI', '', 'true_sort'),
+			'topic_title'				=> array('STEXT_UNI', '', 'true_sort'),
 			'topic_poster'				=> array('UINT', 0),
 			'topic_time'				=> array('TIMESTAMP', 0),
 			'topic_time_limit'			=> array('TIMESTAMP', 0),
@@ -1698,7 +1698,7 @@ function get_schema_struct()
 			'topic_last_poster_id'		=> array('UINT', 0),
 			'topic_last_poster_name'	=> array('VCHAR_UNI', ''),
 			'topic_last_poster_colour'	=> array('VCHAR:6', ''),
-			'topic_last_post_subject'	=> array('XSTEXT_UNI', ''),
+			'topic_last_post_subject'	=> array('STEXT_UNI', ''),
 			'topic_last_post_time'		=> array('TIMESTAMP', 0),
 			'topic_last_view_time'		=> array('TIMESTAMP', 0),
 			'topic_moved_id'			=> array('UINT', 0),

phpBB/docs/AUTHORS

@@ -22,13 +22,15 @@ involved in phpBB.
 
 phpBB Lead Developer  : Acyd Burn (Meik Sievertsen)
 
-phpBB Developers      : DavidMJ (David M.)
+phpBB Developers      : APTX (Marek A. R.)
+                        DavidMJ (David M.)
                         dhn (Dominik Dröscher)
                         kellanved (Henry Sudhof)
                         naderman (Nils Adermann)
-                        subBlue (Tom Beddard)
+                        ToonArmy (Chris Smith)
                         Vic D'Elfant (Vic D'Elfant)
 
+
 -- Previous Contributors --
 
 phpBB Project Manager : theFinn (James Atkinson) [Founder - 04/2007]

phpBB/docs/CHANGELOG.html

@@ -72,7 +72,7 @@
 
 		<span class="corners-bottom"><span></span></span></div>
 	</div>
-	
+
 	<hr />
 
 	<a name="changelog"></a><h2>1. Changelog</h2>
@@ -90,37 +90,43 @@
 		<li>[Fix] Made the compress_tar class tolerate archives that do not properly have their archived contents listed (Bug #14429 / thanks to JRSweets for his patch)</li>
 		<li>[Fix] Moved topics should not count towards the number of topics in a forum (Bug #14648 / thanks to Schumi for his patch)</li>
 		<li>[Fix] Properly check for invalid characters in MySQL DB prefixes during install (Bug #18775)</li>
-		<li>[Change] Generalize load check (Bug #21255 / thanks to Xipher)</li>
-		<li>[Change] Make utf8_htmlspecialchars not pass its argument by reference (Bug #21885)</li>
 		<li>[Fix] Bring the PostgreSQL backup system back to working order (Bug #22385)</li>
-		<li>[Change] Sort the tables at the database table backup screen</li>
 		<li>[Fix] Update correct theme for cached styles in style.php (Bug #25805)</li>
 		<li>[Fix] Also add PHPBB_INSTALLED check to download/file.php for inline avatar delivery</li>
 		<li>[Fix] Unable to login to some jabber server, reverted previous change (Bug #25095)</li>
 		<li>[Fix] Do not return BMP as valid image type for GD image manipulation (Bug #25925)</li>
-		<li>[Change] For determining the maximum number of private messages in one box, use the biggest value from all groups the user is a member of (Bug #24665)</li>
 		<li>[Fix] Correctly determine safe mode for temp file creation in functions_upload.php (Bug #23525)</li>
 		<li>[Fix] Correctly sort by rank in memberlist (Bug #24435)</li>
 		<li>[Fix] Purge cache after database restore (Bug #24245)</li>
 		<li>[Fix] Correctly display subforum read/unread icons from RTL in FF3, Konqueror and Safari3+. (thanks arod-1 for the fix, related to Bug #14830)</li>
-		<li>[Feature] Added optional referer validation of POST requests as additional CSRF protection.</li>
 		<li>[Fix] Added missing form token in acp (thanks NBBN).</li>
-		<li>[Feature] Added optional stricter upload validation to avoid mime sniffing in addition to the safeguards provided by file.php. (thanks to Nicolas Grekas for compiling the list).</li>
 		<li>[Fix] Do not remove whitespace in front of url containing the boards url and no relative path appended (Bug #27355)</li>
-		<li>[Change] Show email ban reason on registration. Additionally allow custom errors properly returned if using validate_data(). (Bug #26885)</li>
-		<li>[Feature] Streamlined banning via the MCP by adding a ban link to the user profile. Also pre-fills ban fields as far as possible.</li>
-		<li>[Feature] Added ACP logout to reset an admin session.</li>
 		<li>[Fix] reset forum notifications in viewtopic (Bug #28025)</li>
 		<li>[Fix] corrected link for searching post author's other posts (Bug #26455)</li>
 		<li>[Fix] HTTP Authentication supports UTF-8 usernames now (Bug #21135)</li>
 		<li>[Fix] Topic searches by author no longer return invalid results (Bug #11777)</li>
-		<li>[Change] Don't allow redirects to different domains. (thanks nookieman)</li>
 		<li>[Fix] Delete drafts and bookmarks when deleting an user. (#27585, thanks Schumi for the fix)</li>
 		<li>[Fix] Set last_post_subject for new topics. (#23945)</li>
 		<li>[Fix] Allow moving posts to invisible forums. (#27325)</li>
 		<li>[Fix] Don't allow promoting unapproved group members (#16124)</li>
 		<li>[Fix] Correctly fetch server name if using non-standard port (#27395)</li>
 		<li>[Fix] Regular expression for email matching in posts will no longer die on long words.</li>
+		<li>[Fix] Do not display ban message if direct call to cron. (thanks Dog Cow for reporting)</li>
+		<li>[Fix] Correctly display double-colon on special conditions within highlighted php source (Bug #26795)</li>
+		<li>[Fix] Increase storage capacity of titles/subjects due to specialchared content (Bug #25235)</li>
+		<li>[Fix] Catch invalid username wildcard ban (we do not support these) (Bug #29305)</li>
+		<li>[Fix] Fix (email)-domain checks for those having DNS prefixes set (Bug #29635)</li>
+		<li>[Change] Adjust truncate_string() to be able to adjust the maximum storage length.</li>
+		<li>[Change] Generalize load check (Bug #21255 / thanks to Xipher)</li>
+		<li>[Change] Make utf8_htmlspecialchars not pass its argument by reference (Bug #21885)</li>
+		<li>[Change] Sort the tables at the database table backup screen</li>
+		<li>[Change] For determining the maximum number of private messages in one box, use the biggest value from all groups the user is a member of (Bug #24665)</li>
+		<li>[Change] Show email ban reason on registration. Additionally allow custom errors properly returned if using validate_data(). (Bug #26885)</li>
+		<li>[Change] Don't allow redirects to different domains. (thanks nookieman)</li>
+		<li>[Feature] Added optional referer validation of POST requests as additional CSRF protection.</li>
+		<li>[Feature] Added optional stricter upload validation to avoid mime sniffing in addition to the safeguards provided by file.php. (thanks to Nicolas Grekas for compiling the list).</li>
+		<li>[Feature] Streamlined banning via the MCP by adding a ban link to the user profile. Also pre-fills ban fields as far as possible.</li>
+		<li>[Feature] Added ACP logout to reset an admin session.</li>
 		<li>[Sec] Only allow urls gone through redirect() being used within login_box(). (thanks nookieman)</li>
 	</ul>
 

phpBB/includes/functions.php

@@ -822,7 +822,7 @@ function tz_select($default = '', $truncate = false)
 	{
 		if ($truncate)
 		{
-			$zone_trunc = truncate_string($zone, 50, false, '...');
+			$zone_trunc = truncate_string($zone, 50, 255, false, '...');
 		}
 		else
 		{
@@ -1802,8 +1802,12 @@ function generate_board_url($without_script_path = false)
 /**
 * Redirects the user to another page then exits the script nicely
 * This function is intended for urls within the board. It's not meant to redirect to cross-domains.
+*
+* @param string $url The url to redirect to
+* @param bool $return If true, do not redirect but return the sanitized URL. Default is no return.
+* @param bool $disable_cd_check If true, redirect() will redirect to an external domain. If false, the redirect point to the boards url if it does not match the current domain. Default is false.
 */
-function redirect($url, $return = false)
+function redirect($url, $return = false, $disable_cd_check = false)
 {
 	global $db, $cache, $config, $user, $phpbb_root_path;
 
@@ -1830,8 +1834,8 @@ function redirect($url, $return = false)
 	}
 	else if (!empty($url_parts['scheme']) && !empty($url_parts['host']))
 	{
-		// Attention: only able to redirect within the same domain (yourdomain.com -> www.yourdomain.com will not work)
+		// Attention: only able to redirect within the same domain if $disable_cd_check is false (yourdomain.com -> www.yourdomain.com will not work)
-		if ($url_parts['host'] !== $user->host)
+		if (!$disable_cd_check && $url_parts['host'] !== $user->host)
 		{
 			$url = generate_board_url();
 		}
@@ -2880,7 +2884,7 @@ function phpbb_checkdnsrr($host, $type = '')
 		}
 
 		// @exec('nslookup -retry=1 -timout=1 -type=' . escapeshellarg($type) . ' ' . escapeshellarg($host), $output);
-		@exec('nslookup -type=' . escapeshellarg($type) . ' ' . escapeshellarg($host), $output);
+		@exec('nslookup -type=' . escapeshellarg($type) . ' ' . escapeshellarg($host) . '.', $output);
 
 		// If output is empty, the nslookup failed
 		if (empty($output))
@@ -2906,7 +2910,8 @@ function phpbb_checkdnsrr($host, $type = '')
 	}
 	else if (function_exists('checkdnsrr'))
 	{
-		return (checkdnsrr($host, $type)) ? true : false;
+		// The dot indicates to search the DNS root (helps those having DNS prefixes on the same domain)
+		return (checkdnsrr($host . '.', $type)) ? true : false;
 	}
 
 	return NULL;

phpBB/includes/functions_content.php

@@ -1066,8 +1066,16 @@ function extension_allowed($forum_id, $extension, &$extensions)
 /**
 * Truncates string while retaining special characters if going over the max length
 * The default max length is 60 at the moment
+* The maximum storage length is there to fit the string within the given length. The string may be further truncated due to html entities.
+* For example: string given is 'a "quote"' (length: 9), would be a stored as 'a "quote"' (length: 19)
+*
+* @param string $string The text to truncate to the given length. String is specialchared.
+* @param int $max_length Maximum length of string (multibyte character count as 1 char / Html entity count as 1 char)
+* @param int $max_store_length Maximum character length of string (multibyte character count as 1 char / Html entity count as entity chars).
+* @param bool $allow_reply Allow Re: in front of string
+* @param string $append String to be appended
 */
-function truncate_string($string, $max_length = 60, $allow_reply = true, $append = '')
+function truncate_string($string, $max_length = 60, $max_store_length = 255, $allow_reply = true, $append = '')
 {
 	$chars = array();
 
@@ -1090,6 +1098,21 @@ function truncate_string($string, $max_length = 60, $allow_reply = true, $append
 		$stripped = true;
 	}
 
+	// Due to specialchars, we may not be able to store the string...
+	if (utf8_strlen($string) > $max_store_length)
+	{
+		// let's split again, we do not want half-baked strings where entities are split
+		$_chars = utf8_str_split(htmlspecialchars_decode($string));
+		$chars = array_map('utf8_htmlspecialchars', $_chars);
+
+		do
+		{
+			array_pop($chars);
+			$string = implode('', $chars);
+		}
+		while (utf8_strlen($string) > $max_store_length || !sizeof($chars));
+	}
+
 	if ($strip_reply)
 	{
 		$string = 'Re: ' . $string;

phpBB/includes/functions_convert.php

@@ -148,7 +148,7 @@ function auto_id($pad = 0)
 	{
 		return $convert_row['max_id'] + $pad;
 	}
-	
+
 	return $auto_id + $pad;
 }
 
@@ -280,7 +280,7 @@ function get_config_value($config_name)
 	{
 		$convert_config = get_config();
 	}
-	
+
 	if (!isset($convert_config[$config_name]))
 	{
 		return false;
@@ -669,12 +669,12 @@ function import_avatar($source, $use_target = false, $user_id = false)
 	{
 		$convert->p_master->error(sprintf($user->lang['CONV_ERROR_NO_AVATAR_PATH'], 'import_avatar()'), __LINE__, __FILE__);
 	}
-	
+
 	if ($use_target === false && $user_id !== false)
 	{
 		$use_target = $config['avatar_salt'] . '_' . $user_id . '.' . substr(strrchr($source, '.'), 1);
 	}
-	
+
 	$result = _import_check('avatar_path', $source, $use_target);
 
 	return ((!empty($user_id)) ? $user_id : $use_target) . '.' . substr(strrchr($source, '.'), 1);
@@ -946,7 +946,7 @@ function get_remote_avatar_dim($src, $axis)
 		unset($remote_avatar_cache);
 		return $retval;
 	}
-	
+
 	$url_info = @parse_url($src);
 	if (empty($url_info['host']))
 	{
@@ -962,19 +962,19 @@ function get_remote_avatar_dim($src, $axis)
 			case 'ftp':
 				$port = 21;
 				break;
-				
+
 			case 'https':
 				$port = 443;
 				break;
-			
+
 			default:
 				$port = 80;
 		}
 	}
-	
+
 	$timeout = @ini_get('default_socket_timeout');
 	@ini_set('default_socket_timeout', 2);
-	
+
 	// We're just trying to reach the server to avoid timeouts
 	$fp = @fsockopen($host, $port, $errno, $errstr, 1);
 	if ($fp)
@@ -982,11 +982,11 @@ function get_remote_avatar_dim($src, $axis)
 		$remote_avatar_cache[$src] = @getimagesize($src);
 		fclose($fp);
 	}
-	
+
 	$default_x 	= (defined('DEFAULT_AVATAR_X_CUSTOM')) ? DEFAULT_AVATAR_X_CUSTOM : DEFAULT_AVATAR_X;
 	$default_y 	= (defined('DEFAULT_AVATAR_Y_CUSTOM')) ? DEFAULT_AVATAR_Y_CUSTOM : DEFAULT_AVATAR_Y;
 	$default 	= array($default_x, $default_y);
-	
+
 	if (empty($remote_avatar_cache[$src]) || empty($remote_avatar_cache[$src][0]) || empty($remote_avatar_cache[$src][1]))
 	{
 		$remote_avatar_cache[$src] = $default;
@@ -1002,7 +1002,7 @@ function get_remote_avatar_dim($src, $axis)
 			$remote_avatar_cache[$src][1] = (int)($remote_avatar_cache[$src][1] * $ratio);
 		}
 	}
-	
+
 	@ini_set('default_socket_timeout', $timeout);
 	return $remote_avatar_cache[$src][$axis];
 }
@@ -1112,7 +1112,7 @@ function words_unique(&$words)
 function add_user_group($group_id, $user_id, $group_leader=false)
 {
 	global $convert, $phpbb_root_path, $config, $user, $db;
-	
+
 	$sql = 'INSERT INTO ' . USER_GROUP_TABLE . ' ' . $db->sql_build_array('INSERT', array(
 		'group_id'		=> $group_id,
 		'user_id'		=> $user_id,
@@ -1282,7 +1282,7 @@ function restore_config($schema)
 			// Most are...
 			if (is_string($config_value))
 			{
-				$config_value = truncate_string(utf8_htmlspecialchars($config_value), 255, false);
+				$config_value = truncate_string(utf8_htmlspecialchars($config_value), 255, 255, false);
 			}
 
 			set_config($config_name, $config_value);
@@ -2443,7 +2443,7 @@ function get_smiley_display()
 function fill_dateformat($user_dateformat)
 {
 	global $config;
-	
+
 	return ((empty($user_dateformat)) ? $config['default_dateformat'] : $user_dateformat);
 }
 

phpBB/includes/functions_posting.php

@@ -362,7 +362,7 @@ function upload_attachment($form_name, $forum_id, $local = false, $local_storage
 	{
 		$upload->set_disallowed_content(explode('|', $config['mime_triggers']));
 	}
-	
+
 	if (!$local)
 	{
 		$filedata['post_attach'] = ($upload->is_valid($form_name)) ? true : false;
@@ -1345,7 +1345,7 @@ function delete_post($forum_id, $topic_id, $post_id, &$data)
 	else if ($data['topic_first_post_id'] == $post_id)
 	{
 		$post_mode = 'delete_first_post';
-	} 
+	}
 	else if ($data['topic_last_post_id'] == $post_id)
 	{
 		$post_mode = 'delete_last_post';
@@ -1651,7 +1651,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 			// Display edit info if edit reason given or user is editing his post, which is not the last within the topic.
 			if ($data['post_edit_reason'] || (!$auth->acl_get('m_edit', $data['forum_id']) && ($post_mode == 'edit' || $post_mode == 'edit_first_post')))
 			{
-				$data['post_edit_reason']		= truncate_string($data['post_edit_reason'], 255, false);
+				$data['post_edit_reason']		= truncate_string($data['post_edit_reason'], 255, 255, false);
 
 				$sql_data[POSTS_TABLE]['sql']	= array(
 					'post_edit_time'	=> $current_time,

phpBB/includes/functions_user.php

@@ -734,70 +734,65 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
 		case 'user':
 			$type = 'ban_userid';
 
-			if (in_array('*', $ban_list))
+			// At the moment we do not support wildcard username banning
+
+			// Select the relevant user_ids.
+			$sql_usernames = array();
+
+			foreach ($ban_list as $username)
 			{
-				// Ban all users (it's a good thing that you can exclude people)
+				$username = trim($username);
-				$banlist_ary[] = '*';
+				if ($username != '')
+				{
+					$clean_name = utf8_clean_string($username);
+					if ($clean_name == $user->data['username_clean'])
+					{
+						trigger_error('CANNOT_BAN_YOURSELF', E_USER_WARNING);
+					}
+					if (in_array($clean_name, $founder_names))
+					{
+						trigger_error('CANNOT_BAN_FOUNDER', E_USER_WARNING);
+					}
+					$sql_usernames[] = $clean_name;
+				}
+			}
+
+			// Make sure we have been given someone to ban
+			if (!sizeof($sql_usernames))
+			{
+				trigger_error('NO_USER_SPECIFIED');
+			}
+
+			$sql = 'SELECT user_id
+				FROM ' . USERS_TABLE . '
+				WHERE ' . $db->sql_in_set('username_clean', $sql_usernames);
+
+			// Do not allow banning yourself
+			if (sizeof($founder))
+			{
+				$sql .= ' AND ' . $db->sql_in_set('user_id', array_merge(array_keys($founder), array($user->data['user_id'])), true);
 			}
 			else
 			{
-				// Select the relevant user_ids.
+				$sql .= ' AND user_id <> ' . $user->data['user_id'];
-				$sql_usernames = array();
-
-				foreach ($ban_list as $username)
-				{
-					$username = trim($username);
-					if ($username != '')
-					{
-						$clean_name = utf8_clean_string($username);
-						if ($clean_name == $user->data['username_clean'])
-						{
-							trigger_error('CANNOT_BAN_YOURSELF', E_USER_WARNING);
-						}
-						if (in_array($clean_name, $founder_names))
-						{
-							trigger_error('CANNOT_BAN_FOUNDER', E_USER_WARNING);
-						}
-						$sql_usernames[] = $clean_name;
-					}
-				}
-
-				// Make sure we have been given someone to ban
-				if (!sizeof($sql_usernames))
-				{
-					trigger_error('NO_USER_SPECIFIED');
-				}
-
-				$sql = 'SELECT user_id
-					FROM ' . USERS_TABLE . '
-					WHERE ' . $db->sql_in_set('username_clean', $sql_usernames);
-
-				// Do not allow banning yourself
-				if (sizeof($founder))
-				{
-					$sql .= ' AND ' . $db->sql_in_set('user_id', array_merge(array_keys($founder), array($user->data['user_id'])), true);
-				}
-				else
-				{
-					$sql .= ' AND user_id <> ' . $user->data['user_id'];
-				}
-
-				$result = $db->sql_query($sql);
-
-				if ($row = $db->sql_fetchrow($result))
-				{
-					do
-					{
-						$banlist_ary[] = (int) $row['user_id'];
-					}
-					while ($row = $db->sql_fetchrow($result));
-				}
-				else
-				{
-					trigger_error('NO_USERS');
-				}
-				$db->sql_freeresult($result);
 			}
+
+			$result = $db->sql_query($sql);
+
+			if ($row = $db->sql_fetchrow($result))
+			{
+				do
+				{
+					$banlist_ary[] = (int) $row['user_id'];
+				}
+				while ($row = $db->sql_fetchrow($result));
+			}
+			else
+			{
+				$db->sql_freeresult($result);
+				trigger_error('NO_USERS');
+			}
+			$db->sql_freeresult($result);
 		break;
 
 		case 'ip':
@@ -997,7 +992,7 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
 			switch ($mode)
 			{
 				case 'user':
-					$sql_where = (in_array('*', $banlist_ary)) ? '' : 'WHERE ' . $db->sql_in_set('session_user_id', $banlist_ary);
+					$sql_where = 'WHERE ' . $db->sql_in_set('session_user_id', $banlist_ary);
 				break;
 
 				case 'ip':
@@ -2923,7 +2918,7 @@ function group_user_attributes($action, $group_id, $user_id_ary = false, $userna
 	{
 		case 'demote':
 		case 'promote':
-		
+
 			$sql = 'SELECT user_id FROM ' . USER_GROUP_TABLE . "
 				WHERE group_id = $group_id
 					AND user_pending = 1
@@ -2935,7 +2930,7 @@ function group_user_attributes($action, $group_id, $user_id_ary = false, $userna
 			{
 				return 'NO_VALID_USERS';
 			}
-			
+
 			$sql = 'UPDATE ' . USER_GROUP_TABLE . '
 				SET group_leader = ' . (($action == 'promote') ? 1 : 0) . "
 				WHERE group_id = $group_id

phpBB/includes/message_parser.php

@@ -400,7 +400,10 @@ class bbcode_firstpass extends bbcode
 			case 'php':
 
 				$remove_tags = false;
-				$code = str_replace(array('&lt;', '&gt;'), array('<', '>'), $code);
+
+				$str_from = array('&lt;', '&gt;', '&#91;', '&#93;', '&#46;', '&#58;', '&#058;');
+				$str_to = array('<', '>', '[', ']', '.', ':', ':');
+				$code = str_replace($str_from, $str_to, $code);
 
 				if (!preg_match('/\<\?.*?\?\>/is', $code))
 				{

phpBB/includes/session.php

@@ -1124,6 +1124,14 @@ class session
 			// To circumvent session_begin returning a valid value and the check_ban() not called on second page view, we kill the session again
 			$this->session_kill(false);
 
+			// A very special case... we are within the cron script which is not supposed to print out the ban message... show blank page
+			if (defined('IN_CRON'))
+			{
+				garbage_collection();
+				exit_handler();
+				exit;
+			}
+
 			trigger_error($message);
 		}
 
@@ -1595,6 +1603,7 @@ class user extends session
 				$localised_images = true;
 			}
 
+			$row['image_filename'] = rawurlencode($row['image_filename']);
 			$this->img_array[$row['image_name']] = $row;
 		}
 		$db->sql_freeresult($result);

phpBB/install/database_update.php

@@ -8,7 +8,7 @@
 *
 */
 
-$updates_to_version = '3.0.2-RC1';
+$updates_to_version = '3.0.2-RC2';
 
 // Return if we "just include it" to find out for which version the database update is responsible for
 if (defined('IN_PHPBB') && defined('IN_INSTALL'))
@@ -500,8 +500,37 @@ $database_update_info = array(
 	'3.0.1-RC1'		=> array(),
 	// No changes from 3.0.1 to 3.0.2-RC1
 	'3.0.1'			=> array(),
-// uncomment once RC1 out - no changes from 3.0.2-RC1 to 3.0.2
+	// Changes from 3.0.2-RC1 to 3.0.2-RC2
-//	'3.0.2-RC1'		=> array(),
+	'3.0.2-RC1'		=> array(
+		'change_columns'	=> array(
+			DRAFTS_TABLE			=> array(
+				'draft_subject'		=> array('STEXT_UNI', ''),
+			),
+			FORUMS_TABLE	=> array(
+				'forum_last_post_subject' => array('STEXT_UNI', ''),
+			),
+			POSTS_TABLE		=> array(
+				'post_subject'			=> array('STEXT_UNI', '', 'true_sort'),
+			),
+			PRIVMSGS_TABLE	=> array(
+				'message_subject'		=> array('STEXT_UNI', ''),
+			),
+			TOPICS_TABLE	=> array(
+				'topic_title'				=> array('STEXT_UNI', '', 'true_sort'),
+				'topic_last_post_subject'	=> array('STEXT_UNI', ''),
+			),
+		),
+		'drop_keys'		=> array(
+			SESSIONS_TABLE			=> array('session_forum_id'),
+		),
+		'add_index'		=> array(
+			SESSIONS_TABLE			=> array(
+				'session_fid'		=> array('session_forum_id'),
+			),
+		),
+	),
+	// uncomment once RC2 out - no changes from 3.0.2-RC2 to 3.0.2
+//	'3.0.2-RC2'		=> array(),
 );
 
 // Determine mapping database type
@@ -1770,7 +1799,12 @@ function change_database_data(&$no_updates, $version)
 			$no_updates = false;
 		break;
 
+		// No changes from 3.0.1-RC1 to 3.0.1
 		case '3.0.1-RC1':
+		break;
+
+		// changes from 3.0.1 to 3.0.2-RC1
+		case '3.0.1':
 
 			set_config('referer_validation', '1');
 			set_config('check_attachment_content', '1');
@@ -1779,6 +1813,13 @@ function change_database_data(&$no_updates, $version)
 			$no_updates = false;
 		break;
 
+		// No changes from 3.0.2-RC1 to 3.0.2-RC2
+		case '3.0.2-RC1':
+		break;
+
+		// uncomment once RC2 out - no changes from 3.0.2-RC2 to 3.0.2
+//		case '3.0.2-RC2':
+//		break;
 	}
 }
 

phpBB/install/schemas/firebird_schema.sql

@@ -261,7 +261,7 @@ CREATE TABLE phpbb_drafts (
 	topic_id INTEGER DEFAULT 0 NOT NULL,
 	forum_id INTEGER DEFAULT 0 NOT NULL,
 	save_time INTEGER DEFAULT 0 NOT NULL,
-	draft_subject VARCHAR(100) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE,
+	draft_subject VARCHAR(255) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE,
 	draft_message BLOB SUB_TYPE TEXT CHARACTER SET UTF8 DEFAULT '' NOT NULL
 );;
 
@@ -357,7 +357,7 @@ CREATE TABLE phpbb_forums (
 	forum_topics_real INTEGER DEFAULT 0 NOT NULL,
 	forum_last_post_id INTEGER DEFAULT 0 NOT NULL,
 	forum_last_poster_id INTEGER DEFAULT 0 NOT NULL,
-	forum_last_post_subject VARCHAR(100) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE,
+	forum_last_post_subject VARCHAR(255) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE,
 	forum_last_post_time INTEGER DEFAULT 0 NOT NULL,
 	forum_last_poster_name VARCHAR(255) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE,
 	forum_last_poster_colour VARCHAR(6) CHARACTER SET NONE DEFAULT '' NOT NULL,
@@ -625,7 +625,7 @@ CREATE TABLE phpbb_posts (
 	enable_magic_url INTEGER DEFAULT 1 NOT NULL,
 	enable_sig INTEGER DEFAULT 1 NOT NULL,
 	post_username VARCHAR(255) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE,
-	post_subject VARCHAR(100) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE,
+	post_subject VARCHAR(255) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE,
 	post_text BLOB SUB_TYPE TEXT CHARACTER SET UTF8 DEFAULT '' NOT NULL,
 	post_checksum VARCHAR(32) CHARACTER SET NONE DEFAULT '' NOT NULL,
 	post_attachment INTEGER DEFAULT 0 NOT NULL,
@@ -671,7 +671,7 @@ CREATE TABLE phpbb_privmsgs (
 	enable_smilies INTEGER DEFAULT 1 NOT NULL,
 	enable_magic_url INTEGER DEFAULT 1 NOT NULL,
 	enable_sig INTEGER DEFAULT 1 NOT NULL,
-	message_subject VARCHAR(100) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE,
+	message_subject VARCHAR(255) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE,
 	message_text BLOB SUB_TYPE TEXT CHARACTER SET UTF8 DEFAULT '' NOT NULL,
 	message_edit_reason VARCHAR(255) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE,
 	message_edit_user INTEGER DEFAULT 0 NOT NULL,
@@ -977,7 +977,7 @@ ALTER TABLE phpbb_sessions ADD PRIMARY KEY (session_id);;
 
 CREATE INDEX phpbb_sessions_session_time ON phpbb_sessions(session_time);;
 CREATE INDEX phpbb_sessions_session_user_id ON phpbb_sessions(session_user_id);;
-CREATE INDEX phpbb_sessions_session_forum_id ON phpbb_sessions(session_forum_id);;
+CREATE INDEX phpbb_sessions_session_fid ON phpbb_sessions(session_forum_id);;
 
 # Table: 'phpbb_sessions_keys'
 CREATE TABLE phpbb_sessions_keys (
@@ -1189,7 +1189,7 @@ CREATE TABLE phpbb_topics (
 	topic_attachment INTEGER DEFAULT 0 NOT NULL,
 	topic_approved INTEGER DEFAULT 1 NOT NULL,
 	topic_reported INTEGER DEFAULT 0 NOT NULL,
-	topic_title VARCHAR(100) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE,
+	topic_title VARCHAR(255) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE,
 	topic_poster INTEGER DEFAULT 0 NOT NULL,
 	topic_time INTEGER DEFAULT 0 NOT NULL,
 	topic_time_limit INTEGER DEFAULT 0 NOT NULL,
@@ -1205,7 +1205,7 @@ CREATE TABLE phpbb_topics (
 	topic_last_poster_id INTEGER DEFAULT 0 NOT NULL,
 	topic_last_poster_name VARCHAR(255) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE,
 	topic_last_poster_colour VARCHAR(6) CHARACTER SET NONE DEFAULT '' NOT NULL,
-	topic_last_post_subject VARCHAR(100) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE,
+	topic_last_post_subject VARCHAR(255) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE,
 	topic_last_post_time INTEGER DEFAULT 0 NOT NULL,
 	topic_last_view_time INTEGER DEFAULT 0 NOT NULL,
 	topic_moved_id INTEGER DEFAULT 0 NOT NULL,

phpBB/install/schemas/mssql_schema.sql

@@ -344,7 +344,7 @@ CREATE TABLE [phpbb_drafts] (
 	[topic_id] [int] DEFAULT (0) NOT NULL ,
 	[forum_id] [int] DEFAULT (0) NOT NULL ,
 	[save_time] [int] DEFAULT (0) NOT NULL ,
-	[draft_subject] [varchar] (100) DEFAULT ('') NOT NULL ,
+	[draft_subject] [varchar] (255) DEFAULT ('') NOT NULL ,
 	[draft_message] [text] DEFAULT ('') NOT NULL 
 ) ON [PRIMARY] TEXTIMAGE_ON [PRIMARY]
 GO
@@ -433,7 +433,7 @@ CREATE TABLE [phpbb_forums] (
 	[forum_topics_real] [int] DEFAULT (0) NOT NULL ,
 	[forum_last_post_id] [int] DEFAULT (0) NOT NULL ,
 	[forum_last_poster_id] [int] DEFAULT (0) NOT NULL ,
-	[forum_last_post_subject] [varchar] (100) DEFAULT ('') NOT NULL ,
+	[forum_last_post_subject] [varchar] (255) DEFAULT ('') NOT NULL ,
 	[forum_last_post_time] [int] DEFAULT (0) NOT NULL ,
 	[forum_last_poster_name] [varchar] (255) DEFAULT ('') NOT NULL ,
 	[forum_last_poster_colour] [varchar] (6) DEFAULT ('') NOT NULL ,
@@ -760,7 +760,7 @@ CREATE TABLE [phpbb_posts] (
 	[enable_magic_url] [int] DEFAULT (1) NOT NULL ,
 	[enable_sig] [int] DEFAULT (1) NOT NULL ,
 	[post_username] [varchar] (255) DEFAULT ('') NOT NULL ,
-	[post_subject] [varchar] (100) DEFAULT ('') NOT NULL ,
+	[post_subject] [varchar] (255) DEFAULT ('') NOT NULL ,
 	[post_text] [text] DEFAULT ('') NOT NULL ,
 	[post_checksum] [varchar] (32) DEFAULT ('') NOT NULL ,
 	[post_attachment] [int] DEFAULT (0) NOT NULL ,
@@ -815,7 +815,7 @@ CREATE TABLE [phpbb_privmsgs] (
 	[enable_smilies] [int] DEFAULT (1) NOT NULL ,
 	[enable_magic_url] [int] DEFAULT (1) NOT NULL ,
 	[enable_sig] [int] DEFAULT (1) NOT NULL ,
-	[message_subject] [varchar] (100) DEFAULT ('') NOT NULL ,
+	[message_subject] [varchar] (255) DEFAULT ('') NOT NULL ,
 	[message_text] [text] DEFAULT ('') NOT NULL ,
 	[message_edit_reason] [varchar] (255) DEFAULT ('') NOT NULL ,
 	[message_edit_user] [int] DEFAULT (0) NOT NULL ,
@@ -1180,7 +1180,7 @@ GO
 CREATE  INDEX [session_user_id] ON [phpbb_sessions]([session_user_id]) ON [PRIMARY]
 GO
 
-CREATE  INDEX [session_forum_id] ON [phpbb_sessions]([session_forum_id]) ON [PRIMARY]
+CREATE  INDEX [session_fid] ON [phpbb_sessions]([session_forum_id]) ON [PRIMARY]
 GO
 
 
@@ -1411,7 +1411,7 @@ CREATE TABLE [phpbb_topics] (
 	[topic_attachment] [int] DEFAULT (0) NOT NULL ,
 	[topic_approved] [int] DEFAULT (1) NOT NULL ,
 	[topic_reported] [int] DEFAULT (0) NOT NULL ,
-	[topic_title] [varchar] (100) DEFAULT ('') NOT NULL ,
+	[topic_title] [varchar] (255) DEFAULT ('') NOT NULL ,
 	[topic_poster] [int] DEFAULT (0) NOT NULL ,
 	[topic_time] [int] DEFAULT (0) NOT NULL ,
 	[topic_time_limit] [int] DEFAULT (0) NOT NULL ,
@@ -1427,7 +1427,7 @@ CREATE TABLE [phpbb_topics] (
 	[topic_last_poster_id] [int] DEFAULT (0) NOT NULL ,
 	[topic_last_poster_name] [varchar] (255) DEFAULT ('') NOT NULL ,
 	[topic_last_poster_colour] [varchar] (6) DEFAULT ('') NOT NULL ,
-	[topic_last_post_subject] [varchar] (100) DEFAULT ('') NOT NULL ,
+	[topic_last_post_subject] [varchar] (255) DEFAULT ('') NOT NULL ,
 	[topic_last_post_time] [int] DEFAULT (0) NOT NULL ,
 	[topic_last_view_time] [int] DEFAULT (0) NOT NULL ,
 	[topic_moved_id] [int] DEFAULT (0) NOT NULL ,

phpBB/install/schemas/mysql_40_schema.sql

@@ -674,7 +674,7 @@ CREATE TABLE phpbb_sessions (
 	PRIMARY KEY (session_id),
 	KEY session_time (session_time),
 	KEY session_user_id (session_user_id),
-	KEY session_forum_id (session_forum_id)
+	KEY session_fid (session_forum_id)
 );
 
 

phpBB/install/schemas/mysql_41_schema.sql

@@ -183,7 +183,7 @@ CREATE TABLE phpbb_drafts (
 	topic_id mediumint(8) UNSIGNED DEFAULT '0' NOT NULL,
 	forum_id mediumint(8) UNSIGNED DEFAULT '0' NOT NULL,
 	save_time int(11) UNSIGNED DEFAULT '0' NOT NULL,
-	draft_subject varchar(100) DEFAULT '' NOT NULL,
+	draft_subject varchar(255) DEFAULT '' NOT NULL,
 	draft_message mediumtext NOT NULL,
 	PRIMARY KEY (draft_id),
 	KEY save_time (save_time)
@@ -243,7 +243,7 @@ CREATE TABLE phpbb_forums (
 	forum_topics_real mediumint(8) UNSIGNED DEFAULT '0' NOT NULL,
 	forum_last_post_id mediumint(8) UNSIGNED DEFAULT '0' NOT NULL,
 	forum_last_poster_id mediumint(8) UNSIGNED DEFAULT '0' NOT NULL,
-	forum_last_post_subject varchar(100) DEFAULT '' NOT NULL,
+	forum_last_post_subject varchar(255) DEFAULT '' NOT NULL,
 	forum_last_post_time int(11) UNSIGNED DEFAULT '0' NOT NULL,
 	forum_last_poster_name varchar(255) DEFAULT '' NOT NULL,
 	forum_last_poster_colour varchar(6) DEFAULT '' NOT NULL,
@@ -437,7 +437,7 @@ CREATE TABLE phpbb_posts (
 	enable_magic_url tinyint(1) UNSIGNED DEFAULT '1' NOT NULL,
 	enable_sig tinyint(1) UNSIGNED DEFAULT '1' NOT NULL,
 	post_username varchar(255) DEFAULT '' NOT NULL,
-	post_subject varchar(100) DEFAULT '' NOT NULL COLLATE utf8_unicode_ci,
+	post_subject varchar(255) DEFAULT '' NOT NULL COLLATE utf8_unicode_ci,
 	post_text mediumtext NOT NULL,
 	post_checksum varchar(32) DEFAULT '' NOT NULL,
 	post_attachment tinyint(1) UNSIGNED DEFAULT '0' NOT NULL,
@@ -471,7 +471,7 @@ CREATE TABLE phpbb_privmsgs (
 	enable_smilies tinyint(1) UNSIGNED DEFAULT '1' NOT NULL,
 	enable_magic_url tinyint(1) UNSIGNED DEFAULT '1' NOT NULL,
 	enable_sig tinyint(1) UNSIGNED DEFAULT '1' NOT NULL,
-	message_subject varchar(100) DEFAULT '' NOT NULL,
+	message_subject varchar(255) DEFAULT '' NOT NULL,
 	message_text mediumtext NOT NULL,
 	message_edit_reason varchar(255) DEFAULT '' NOT NULL,
 	message_edit_user mediumint(8) UNSIGNED DEFAULT '0' NOT NULL,
@@ -674,7 +674,7 @@ CREATE TABLE phpbb_sessions (
 	PRIMARY KEY (session_id),
 	KEY session_time (session_time),
 	KEY session_user_id (session_user_id),
-	KEY session_forum_id (session_forum_id)
+	KEY session_fid (session_forum_id)
 ) CHARACTER SET `utf8` COLLATE `utf8_bin`;
 
 
@@ -803,7 +803,7 @@ CREATE TABLE phpbb_topics (
 	topic_attachment tinyint(1) UNSIGNED DEFAULT '0' NOT NULL,
 	topic_approved tinyint(1) UNSIGNED DEFAULT '1' NOT NULL,
 	topic_reported tinyint(1) UNSIGNED DEFAULT '0' NOT NULL,
-	topic_title varchar(100) DEFAULT '' NOT NULL COLLATE utf8_unicode_ci,
+	topic_title varchar(255) DEFAULT '' NOT NULL COLLATE utf8_unicode_ci,
 	topic_poster mediumint(8) UNSIGNED DEFAULT '0' NOT NULL,
 	topic_time int(11) UNSIGNED DEFAULT '0' NOT NULL,
 	topic_time_limit int(11) UNSIGNED DEFAULT '0' NOT NULL,
@@ -819,7 +819,7 @@ CREATE TABLE phpbb_topics (
 	topic_last_poster_id mediumint(8) UNSIGNED DEFAULT '0' NOT NULL,
 	topic_last_poster_name varchar(255) DEFAULT '' NOT NULL,
 	topic_last_poster_colour varchar(6) DEFAULT '' NOT NULL,
-	topic_last_post_subject varchar(100) DEFAULT '' NOT NULL,
+	topic_last_post_subject varchar(255) DEFAULT '' NOT NULL,
 	topic_last_post_time int(11) UNSIGNED DEFAULT '0' NOT NULL,
 	topic_last_view_time int(11) UNSIGNED DEFAULT '0' NOT NULL,
 	topic_moved_id mediumint(8) UNSIGNED DEFAULT '0' NOT NULL,

phpBB/install/schemas/oracle_schema.sql

@@ -382,7 +382,7 @@ CREATE TABLE phpbb_drafts (
 	topic_id number(8) DEFAULT '0' NOT NULL,
 	forum_id number(8) DEFAULT '0' NOT NULL,
 	save_time number(11) DEFAULT '0' NOT NULL,
-	draft_subject varchar2(300) DEFAULT '' ,
+	draft_subject varchar2(765) DEFAULT '' ,
 	draft_message clob DEFAULT '' ,
 	CONSTRAINT pk_phpbb_drafts PRIMARY KEY (draft_id)
 )
@@ -500,7 +500,7 @@ CREATE TABLE phpbb_forums (
 	forum_topics_real number(8) DEFAULT '0' NOT NULL,
 	forum_last_post_id number(8) DEFAULT '0' NOT NULL,
 	forum_last_poster_id number(8) DEFAULT '0' NOT NULL,
-	forum_last_post_subject varchar2(300) DEFAULT '' ,
+	forum_last_post_subject varchar2(765) DEFAULT '' ,
 	forum_last_post_time number(11) DEFAULT '0' NOT NULL,
 	forum_last_poster_name varchar2(765) DEFAULT '' ,
 	forum_last_poster_colour varchar2(6) DEFAULT '' ,
@@ -849,7 +849,7 @@ CREATE TABLE phpbb_posts (
 	enable_magic_url number(1) DEFAULT '1' NOT NULL,
 	enable_sig number(1) DEFAULT '1' NOT NULL,
 	post_username varchar2(765) DEFAULT '' ,
-	post_subject varchar2(300) DEFAULT '' ,
+	post_subject varchar2(765) DEFAULT '' ,
 	post_text clob DEFAULT '' ,
 	post_checksum varchar2(32) DEFAULT '' ,
 	post_attachment number(1) DEFAULT '0' NOT NULL,
@@ -908,7 +908,7 @@ CREATE TABLE phpbb_privmsgs (
 	enable_smilies number(1) DEFAULT '1' NOT NULL,
 	enable_magic_url number(1) DEFAULT '1' NOT NULL,
 	enable_sig number(1) DEFAULT '1' NOT NULL,
-	message_subject varchar2(300) DEFAULT '' ,
+	message_subject varchar2(765) DEFAULT '' ,
 	message_text clob DEFAULT '' ,
 	message_edit_reason varchar2(765) DEFAULT '' ,
 	message_edit_user number(8) DEFAULT '0' NOT NULL,
@@ -1300,7 +1300,7 @@ CREATE INDEX phpbb_sessions_session_time ON phpbb_sessions (session_time)
 /
 CREATE INDEX phpbb_sessions_session_user_id ON phpbb_sessions (session_user_id)
 /
-CREATE INDEX phpbb_sessions_session_forum_id ON phpbb_sessions (session_forum_id)
+CREATE INDEX phpbb_sessions_session_fid ON phpbb_sessions (session_forum_id)
 /
 
 /*
@@ -1577,7 +1577,7 @@ CREATE TABLE phpbb_topics (
 	topic_attachment number(1) DEFAULT '0' NOT NULL,
 	topic_approved number(1) DEFAULT '1' NOT NULL,
 	topic_reported number(1) DEFAULT '0' NOT NULL,
-	topic_title varchar2(300) DEFAULT '' ,
+	topic_title varchar2(765) DEFAULT '' ,
 	topic_poster number(8) DEFAULT '0' NOT NULL,
 	topic_time number(11) DEFAULT '0' NOT NULL,
 	topic_time_limit number(11) DEFAULT '0' NOT NULL,
@@ -1593,7 +1593,7 @@ CREATE TABLE phpbb_topics (
 	topic_last_poster_id number(8) DEFAULT '0' NOT NULL,
 	topic_last_poster_name varchar2(765) DEFAULT '' ,
 	topic_last_poster_colour varchar2(6) DEFAULT '' ,
-	topic_last_post_subject varchar2(300) DEFAULT '' ,
+	topic_last_post_subject varchar2(765) DEFAULT '' ,
 	topic_last_post_time number(11) DEFAULT '0' NOT NULL,
 	topic_last_view_time number(11) DEFAULT '0' NOT NULL,
 	topic_moved_id number(8) DEFAULT '0' NOT NULL,

phpBB/install/schemas/postgres_schema.sql

@@ -304,7 +304,7 @@ CREATE TABLE phpbb_drafts (
 	topic_id INT4 DEFAULT '0' NOT NULL CHECK (topic_id >= 0),
 	forum_id INT4 DEFAULT '0' NOT NULL CHECK (forum_id >= 0),
 	save_time INT4 DEFAULT '0' NOT NULL CHECK (save_time >= 0),
-	draft_subject varchar(100) DEFAULT '' NOT NULL,
+	draft_subject varchar(255) DEFAULT '' NOT NULL,
 	draft_message TEXT DEFAULT '' NOT NULL,
 	PRIMARY KEY (draft_id)
 );
@@ -376,7 +376,7 @@ CREATE TABLE phpbb_forums (
 	forum_topics_real INT4 DEFAULT '0' NOT NULL CHECK (forum_topics_real >= 0),
 	forum_last_post_id INT4 DEFAULT '0' NOT NULL CHECK (forum_last_post_id >= 0),
 	forum_last_poster_id INT4 DEFAULT '0' NOT NULL CHECK (forum_last_poster_id >= 0),
-	forum_last_post_subject varchar(100) DEFAULT '' NOT NULL,
+	forum_last_post_subject varchar(255) DEFAULT '' NOT NULL,
 	forum_last_post_time INT4 DEFAULT '0' NOT NULL CHECK (forum_last_post_time >= 0),
 	forum_last_poster_name varchar(255) DEFAULT '' NOT NULL,
 	forum_last_poster_colour varchar(6) DEFAULT '' NOT NULL,
@@ -606,7 +606,7 @@ CREATE TABLE phpbb_posts (
 	enable_magic_url INT2 DEFAULT '1' NOT NULL CHECK (enable_magic_url >= 0),
 	enable_sig INT2 DEFAULT '1' NOT NULL CHECK (enable_sig >= 0),
 	post_username varchar(255) DEFAULT '' NOT NULL,
-	post_subject varchar(100) DEFAULT '' NOT NULL,
+	post_subject varchar(255) DEFAULT '' NOT NULL,
 	post_text TEXT DEFAULT '' NOT NULL,
 	post_checksum varchar(32) DEFAULT '' NOT NULL,
 	post_attachment INT2 DEFAULT '0' NOT NULL CHECK (post_attachment >= 0),
@@ -644,7 +644,7 @@ CREATE TABLE phpbb_privmsgs (
 	enable_smilies INT2 DEFAULT '1' NOT NULL CHECK (enable_smilies >= 0),
 	enable_magic_url INT2 DEFAULT '1' NOT NULL CHECK (enable_magic_url >= 0),
 	enable_sig INT2 DEFAULT '1' NOT NULL CHECK (enable_sig >= 0),
-	message_subject varchar(100) DEFAULT '' NOT NULL,
+	message_subject varchar(255) DEFAULT '' NOT NULL,
 	message_text TEXT DEFAULT '' NOT NULL,
 	message_edit_reason varchar(255) DEFAULT '' NOT NULL,
 	message_edit_user INT4 DEFAULT '0' NOT NULL CHECK (message_edit_user >= 0),
@@ -891,7 +891,7 @@ CREATE TABLE phpbb_sessions (
 
 CREATE INDEX phpbb_sessions_session_time ON phpbb_sessions (session_time);
 CREATE INDEX phpbb_sessions_session_user_id ON phpbb_sessions (session_user_id);
-CREATE INDEX phpbb_sessions_session_forum_id ON phpbb_sessions (session_forum_id);
+CREATE INDEX phpbb_sessions_session_fid ON phpbb_sessions (session_forum_id);
 
 /*
 	Table: 'phpbb_sessions_keys'
@@ -1054,7 +1054,7 @@ CREATE TABLE phpbb_topics (
 	topic_attachment INT2 DEFAULT '0' NOT NULL CHECK (topic_attachment >= 0),
 	topic_approved INT2 DEFAULT '1' NOT NULL CHECK (topic_approved >= 0),
 	topic_reported INT2 DEFAULT '0' NOT NULL CHECK (topic_reported >= 0),
-	topic_title varchar(100) DEFAULT '' NOT NULL,
+	topic_title varchar(255) DEFAULT '' NOT NULL,
 	topic_poster INT4 DEFAULT '0' NOT NULL CHECK (topic_poster >= 0),
 	topic_time INT4 DEFAULT '0' NOT NULL CHECK (topic_time >= 0),
 	topic_time_limit INT4 DEFAULT '0' NOT NULL CHECK (topic_time_limit >= 0),
@@ -1070,7 +1070,7 @@ CREATE TABLE phpbb_topics (
 	topic_last_poster_id INT4 DEFAULT '0' NOT NULL CHECK (topic_last_poster_id >= 0),
 	topic_last_poster_name varchar(255) DEFAULT '' NOT NULL,
 	topic_last_poster_colour varchar(6) DEFAULT '' NOT NULL,
-	topic_last_post_subject varchar(100) DEFAULT '' NOT NULL,
+	topic_last_post_subject varchar(255) DEFAULT '' NOT NULL,
 	topic_last_post_time INT4 DEFAULT '0' NOT NULL CHECK (topic_last_post_time >= 0),
 	topic_last_view_time INT4 DEFAULT '0' NOT NULL CHECK (topic_last_view_time >= 0),
 	topic_moved_id INT4 DEFAULT '0' NOT NULL CHECK (topic_moved_id >= 0),

phpBB/install/schemas/schema_data.sql

@@ -214,7 +214,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('topics_per_page',
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('tpl_allow_php', '0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_icons_path', 'images/upload_icons');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_path', 'files');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.0.2-RC1');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.0.2-RC2');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_expire_days', '90');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_gc', '14400');
 

phpBB/install/schemas/sqlite_schema.sql

@@ -654,7 +654,7 @@ CREATE TABLE phpbb_sessions (
 
 CREATE INDEX phpbb_sessions_session_time ON phpbb_sessions (session_time);
 CREATE INDEX phpbb_sessions_session_user_id ON phpbb_sessions (session_user_id);
-CREATE INDEX phpbb_sessions_session_forum_id ON phpbb_sessions (session_forum_id);
+CREATE INDEX phpbb_sessions_session_fid ON phpbb_sessions (session_forum_id);
 
 # Table: 'phpbb_sessions_keys'
 CREATE TABLE phpbb_sessions_keys (

phpBB/search.php

@@ -88,7 +88,7 @@ if ($keywords || $author || $author_id || $search_id || $submit)
 	if ($search_id == 'egosearch')
 	{
 		$author_id = $user->data['user_id'];
-		
+
 		if ($user->data['user_id'] == ANONYMOUS)
 		{
 			login_box('', $user->lang['LOGIN_EXPLAIN_EGOSEARCH']);
@@ -466,6 +466,9 @@ if ($keywords || $author || $author_id || $search_id || $submit)
 
 	// define some vars for urls
 	$hilit = implode('|', explode(' ', preg_replace('#\s+#u', ' ', str_replace(array('+', '-', '|', '(', ')', '"'), ' ', $keywords))));
+	// Do not allow *only* wildcard being used for hilight
+	$hilit = (strspn($hilit, '*') === strlen($hilit)) ? '' : $hilit;
+
 	$u_hilit = urlencode(htmlspecialchars_decode(str_replace('|', ' ', $hilit)));
 	$u_show_results = ($show_results != 'posts') ? '&sr=' . $show_results : '';
 	$u_search_forum = implode('&fid%5B%5D=', $search_forum);
@@ -600,18 +603,18 @@ if ($keywords || $author || $author_id || $search_id || $submit)
 					FROM ' . TOPICS_TABLE . '
 					WHERE ' . $db->sql_in_set('topic_id', array_keys($shadow_topic_list));
 				$result = $db->sql_query($sql);
-			
+
 				while ($row = $db->sql_fetchrow($result))
 				{
 					$orig_topic_id = $shadow_topic_list[$row['topic_id']];
-			
+
 					// We want to retain some values
 					$row = array_merge($row, array(
 						'topic_moved_id'	=> $rowset[$orig_topic_id]['topic_moved_id'],
 						'topic_status'		=> $rowset[$orig_topic_id]['topic_status'],
 						'forum_name'		=> $rowset[$orig_topic_id]['forum_name'])
 					);
-			
+
 					$rowset[$orig_topic_id] = $row;
 				}
 				$db->sql_freeresult($result);
@@ -627,7 +630,7 @@ if ($keywords || $author || $author_id || $search_id || $submit)
 				else if ($config['load_anon_lastread'] || $user->data['is_registered'])
 				{
 					$topic_tracking_info[$forum_id] = get_complete_topic_tracking($forum_id, $forum['topic_list'], ($forum_id) ? false : $forum['topic_list']);
-		
+
 					if (!$user->data['is_registered'])
 					{
 						$user->data['user_lastmark'] = (isset($tracking_topics['l'])) ? (int) (base_convert($tracking_topics['l'], 36, 10) + $config['board_startdate']) : 0;
@@ -708,7 +711,7 @@ if ($keywords || $author || $author_id || $search_id || $submit)
 						AND in_message = 0
 					ORDER BY filetime DESC, post_msg_id ASC';
 				$result = $db->sql_query($sql);
-		
+
 				while ($row = $db->sql_fetchrow($result))
 				{
 					$attachments[$row['post_msg_id']][] = $row;
@@ -742,12 +745,12 @@ if ($keywords || $author || $author_id || $search_id || $submit)
 				{
 					// Get a list of forums the user cannot read
 					$forum_ary = array_unique(array_keys($auth->acl_getf('!f_read', true)));
-	
+
 					// Determine first forum the user is able to read (must not be a category)
 					$sql = 'SELECT forum_id
 						FROM ' . FORUMS_TABLE . '
 						WHERE forum_type = ' . FORUM_POST;
-		
+
 					if (sizeof($forum_ary))
 					{
 						$sql .= ' AND ' . $db->sql_in_set('forum_id', $forum_ary, true);
@@ -856,7 +859,7 @@ if ($keywords || $author || $author_id || $search_id || $submit)
 					if (!empty($attachments[$row['post_id']]))
 					{
 						parse_attachments($forum_id, $row['post_text'], $attachments[$row['post_id']], $update_count);
-				
+
 						// we only display inline attachments
 						unset($attachments[$row['post_id']]);
 					}
@@ -874,7 +877,7 @@ if ($keywords || $author || $author_id || $search_id || $submit)
 					'POST_AUTHOR_COLOUR'	=> get_username_string('colour', $row['poster_id'], $row['username'], $row['user_colour'], $row['post_username']),
 					'POST_AUTHOR'			=> get_username_string('username', $row['poster_id'], $row['username'], $row['user_colour'], $row['post_username']),
 					'U_POST_AUTHOR'			=> get_username_string('profile', $row['poster_id'], $row['username'], $row['user_colour'], $row['post_username']),
-				
+
 					'POST_SUBJECT'		=> $row['post_subject'],
 					'POST_DATE'			=> (!empty($row['post_time'])) ? $user->format_date($row['post_time']) : '',
 					'MESSAGE'			=> $row['post_text']
@@ -1056,7 +1059,7 @@ if ($auth->acl_get('a_search'))
 				WHERE dbms_lob.getlength(search_keywords) > 0
 				ORDER BY search_time DESC';
 		break;
-	
+
 		case 'mssql':
 		case 'mssql_odbc':
 			$sql = 'SELECT search_time, search_keywords
@@ -1064,7 +1067,7 @@ if ($auth->acl_get('a_search'))
 				WHERE DATALENGTH(search_keywords) > 0
 				ORDER BY search_time DESC';
 		break;
-	
+
 		default:
 			$sql = 'SELECT search_time, search_keywords
 				FROM ' . SEARCH_RESULTS_TABLE . '

phpBB/styles/prosilver/template/message_body.html

@@ -4,7 +4,7 @@
 	<div class="inner"><span class="corners-top"><span></span></span>
 	<h2>{MESSAGE_TITLE}</h2>
 	<p>{MESSAGE_TEXT}</p>
-	<!-- IF SCRIPT_NAME == "search" and not S_BOARD_DISABLED and not S_NO_SEARCH --><p><a href="{U_SEARCH}" class="{S_CONTENT_FLOW_BEGIN}">{L_RETURN_TO_SEARCH_ADV}</a></p><!-- ENDIF -->
+	<!-- IF SCRIPT_NAME == "search" and not S_BOARD_DISABLED and not S_NO_SEARCH and L_RETURN_TO_SEARCH_ADV --><p><a href="{U_SEARCH}" class="{S_CONTENT_FLOW_BEGIN}">{L_RETURN_TO_SEARCH_ADV}</a></p><!-- ENDIF -->
 	<span class="corners-bottom"><span></span></span></div>
 </div>
 

phpBB/styles/prosilver/template/viewforum_body.html

@@ -45,10 +45,10 @@
 
 	<!-- IF S_DISPLAY_SEARCHBOX -->
 		<div class="search-box">
-			<form method="post" id="forum-search" action="{S_SEARCHBOX_ACTION}">	
+			<form method="post" id="forum-search" action="{S_SEARCHBOX_ACTION}">
 			<fieldset>
 				<input class="inputbox search tiny" type="text" name="keywords" id="search_keywords" size="20" value="{L_SEARCH_FORUM}" onclick="if (this.value == '{LA_SEARCH_FORUM}') this.value = '';" onblur="if (this.value == '') this.value = '{LA_SEARCH_FORUM}';" />
-				<input class="button2" type="submit" value="{L_SEARCH}" />	
+				<input class="button2" type="submit" value="{L_SEARCH}" />
 				<input type="hidden" value="{FORUM_ID}" name="fid[]" />
 			</fieldset>
 			</form>
@@ -84,7 +84,7 @@
 
 			<div class="content">
 				<h3><a href="{U_LOGIN_LOGOUT}">{L_LOGIN_LOGOUT}</a><!-- IF S_REGISTER_ENABLED -->&nbsp; &bull; &nbsp;<a href="{U_REGISTER}">{L_REGISTER}</a><!-- ENDIF --></h3>
-		
+
 				<fieldset class="fields1">
 				<dl>
 					<dt><label for="username">{L_USERNAME}:</label></dt>
@@ -106,12 +106,14 @@
 			<span class="corners-bottom"><span></span></span></div>
 		</div>
 
+		</form>
+
 	<!-- ENDIF -->
 
 <!-- ENDIF -->
 
 <!-- BEGIN topicrow -->
-	
+
 	<!-- IF not topicrow.S_TOPIC_TYPE_SWITCH and not topicrow.S_FIRST_ROW -->
 		</ul>
 		<span class="corners-bottom"><span></span></span></div>
@@ -133,14 +135,14 @@
 		</ul>
 		<ul class="topiclist topics">
 	<!-- ENDIF -->
-	
+
 		<li class="row<!-- IF topicrow.S_ROW_COUNT is even --> bg1<!-- ELSE --> bg2<!-- ENDIF --><!-- IF topicrow.S_POST_ANNOUNCE --> announce<!-- ENDIF --><!-- IF topicrow.S_POST_STICKY --> sticky<!-- ENDIF --><!-- IF topicrow.S_TOPIC_REPORTED --> reported<!-- ENDIF -->">
 			<dl class="icon" style="background-image: url({topicrow.TOPIC_FOLDER_IMG_SRC}); background-repeat: no-repeat;">
 				<dt<!-- IF topicrow.TOPIC_ICON_IMG and S_TOPIC_ICONS --> style="background-image: url({T_ICONS_PATH}{topicrow.TOPIC_ICON_IMG}); background-repeat: no-repeat;"<!-- ENDIF --> title="{topicrow.TOPIC_FOLDER_IMG_ALT}"><!-- IF topicrow.S_UNREAD_TOPIC --><a href="{topicrow.U_NEWEST_POST}">{NEWEST_POST_IMG}</a> <!-- ENDIF --><a href="{topicrow.U_VIEW_TOPIC}" class="topictitle">{topicrow.TOPIC_TITLE}</a>
 					<!-- IF topicrow.S_TOPIC_UNAPPROVED or topicrow.S_POSTS_UNAPPROVED --><a href="{topicrow.U_MCP_QUEUE}">{topicrow.UNAPPROVED_IMG}</a> <!-- ENDIF -->
 					<!-- IF topicrow.S_TOPIC_REPORTED --><a href="{topicrow.U_MCP_REPORT}">{REPORTED_IMG}</a><!-- ENDIF --><br />
 					<!-- IF topicrow.PAGINATION --><strong class="pagination"><span>{topicrow.PAGINATION}</span></strong><!-- ENDIF -->
-					<!-- IF topicrow.ATTACH_ICON_IMG -->{topicrow.ATTACH_ICON_IMG} <!-- ENDIF -->{L_POST_BY_AUTHOR} {topicrow.TOPIC_AUTHOR_FULL} {L_POSTED_ON_DATE} {topicrow.FIRST_POST_TIME} 
+					<!-- IF topicrow.ATTACH_ICON_IMG -->{topicrow.ATTACH_ICON_IMG} <!-- ENDIF -->{L_POST_BY_AUTHOR} {topicrow.TOPIC_AUTHOR_FULL} {L_POSTED_ON_DATE} {topicrow.FIRST_POST_TIME}
 				</dt>
 				<dd class="posts">{topicrow.REPLIES} <dfn>{L_REPLIES}</dfn></dd>
 				<dd class="views">{topicrow.VIEWS} <dfn>{L_VIEWS}</dfn></dd>
@@ -171,8 +173,8 @@
 		<fieldset class="display-options">
 			<!-- IF PREVIOUS_PAGE --><a href="{PREVIOUS_PAGE}" class="left-box {S_CONTENT_FLOW_BEGIN}">{L_PREVIOUS}</a><!-- ENDIF -->
 			<!-- IF NEXT_PAGE --><a href="{NEXT_PAGE}" class="right-box {S_CONTENT_FLOW_END}">{L_NEXT}</a><!-- ENDIF -->
-			<label>{L_DISPLAY_TOPICS}: {S_SELECT_SORT_DAYS}</label> 
+			<label>{L_DISPLAY_TOPICS}: {S_SELECT_SORT_DAYS}</label>
-			<label>{L_SORT_BY} {S_SELECT_SORT_KEY}</label> 
+			<label>{L_SORT_BY} {S_SELECT_SORT_KEY}</label>
 			<label>{S_SELECT_SORT_DIR} <input type="submit" name="sort" value="{L_GO}" class="button2" /></label>
 		</fieldset>
 	</form>
@@ -186,7 +188,7 @@
 			<div class="<!-- IF S_IS_LOCKED -->locked-icon<!-- ELSE -->post-icon<!-- ENDIF -->" title="<!-- IF S_IS_LOCKED -->{L_FORUM_LOCKED}<!-- ELSE -->{L_POST_TOPIC}<!-- ENDIF -->"><a href="{U_POST_NEW_TOPIC}"><span></span><!-- IF S_IS_LOCKED -->{L_FORUM_LOCKED}<!-- ELSE -->{L_POST_TOPIC}<!-- ENDIF --></a></div>
 		</div>
 		<!-- ENDIF -->
-	
+
 		<!-- IF PAGINATION or TOTAL_POSTS or TOTAL_TOPICS -->
 		<div class="pagination">
 			<!-- IF TOTAL_TOPICS and not S_IS_BOT and U_MARK_TOPICS --><a href="{U_MARK_TOPICS}">{L_MARK_TOPICS_READ}</a> &bull;  <!-- ENDIF -->

phpBB/styles/subsilver2/template/search_results.html

@@ -35,7 +35,7 @@
 			</td>
 			<td class="row1">
 				<!-- IF searchresults.S_UNREAD_TOPIC --><a href="{searchresults.U_NEWEST_POST}">{NEWEST_POST_IMG}</a><!-- ENDIF -->
-				{topicrow.ATTACH_ICON_IMG} <a href="{searchresults.U_VIEW_TOPIC}" class="topictitle">{searchresults.TOPIC_TITLE}</a>
+				{searchresults.ATTACH_ICON_IMG} <a href="{searchresults.U_VIEW_TOPIC}" class="topictitle">{searchresults.TOPIC_TITLE}</a>
 				<!-- IF searchresults.S_TOPIC_UNAPPROVED or searchresults.S_POSTS_UNAPPROVED -->
 					<a href="{searchresults.U_MCP_QUEUE}">{searchresults.UNAPPROVED_IMG}</a>&nbsp;
 				<!-- ENDIF -->
@@ -94,7 +94,7 @@
 						<td class="gensmall">
 							<div style="float: {S_CONTENT_FLOW_BEGIN};">
 							<!-- IF searchresults.POST_SUBJECT neq "" -->
-								&nbsp;<b>{L_POST_SUBJECT}:</b> <a href="{searchresults.U_VIEW_POST}">{searchresults.POST_SUBJECT}</a> 
+								&nbsp;<b>{L_POST_SUBJECT}:</b> <a href="{searchresults.U_VIEW_POST}">{searchresults.POST_SUBJECT}</a>
 							<!-- ELSE -->
 								[ <a href="{searchresults.U_VIEW_POST}">{L_JUMP_TO_POST}</a> ]
 							<!-- ENDIF -->

phpBB/viewforum.php

@@ -107,7 +107,9 @@ if ($forum_data['forum_type'] == FORUM_LINK && $forum_data['forum_link'])
 		$db->sql_query($sql);
 	}
 
-	redirect($forum_data['forum_link']);
+	// We redirect to the url. The third parameter indicates that external redirects are allowed.
+	redirect($forum_data['forum_link'], false, true);
+	exit;
 }
 
 // Build navigation links