From b66e0fcd34d3209ca86059d1737125699a726a7d Mon Sep 17 00:00:00 2001
From: Nils Adermann <naderman@naderman.de>
Date: Sun, 25 Feb 2007 22:09:53 +0000
Subject: [PATCH] - fix htmlspecialchars handling in search (search backends
 get specialchared input, and should return specialchared output), current
 backends strip entities anyway [includes Bug #8156] - allow cancelling search
 index creation/removal - custom CSS class name input too short [Bug #8328] -
 give an error message if a password wasn't convertable (special characters in
 non-standard encoding) - moved still_on_time to functions.php, used by
 acp_search and converter, might be useful for MODs (or complex cron scripts)
 - do not allow empty passwords on login - add sids to local URLs in posts
 (this was a really terrible bug to fix ;-)) [Bug #7892] - ignore invalid
 HTTP_X_FORWARDED_FOR headers (just use REMOTE_ADDR if invalid) [Bug #8314] -
 changed forum listing code on search page and acp_attachments [Bug #6658] -
 search indexing uses still_on_time(), smaller batch size (1000) and
 meta_refresh() instead of redirect(), this should solve a few problems [Bugs
 #8034, #8270] - made password requirement language strings clearer - ALPHA is
 not meant to be alphanumric [Bug #7764] - display bug in firefox on linux
 making the pagination wrap on search results page (caused by &nbsp;)

git-svn-id: file:///svn/phpbb/trunk@7076 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/adm/style/acp_search.html               |  14 +-
 phpBB/adm/style/acp_styles.html               |   2 +-
 phpBB/includes/acp/acp_attachments.php        |   8 +
 phpBB/includes/acp/acp_search.php             | 260 ++++++++++--------
 phpBB/includes/auth/auth_db.php               |  45 ++-
 phpBB/includes/constants.php                  |   1 +
 phpBB/includes/functions.php                  |  61 +++-
 phpBB/includes/functions_convert.php          |  32 ---
 phpBB/includes/message_parser.php             |   8 +-
 phpBB/includes/session.php                    |  11 +-
 phpBB/language/en/acp/board.php               |   4 +-
 phpBB/language/en/acp/search.php              |   8 +-
 phpBB/language/en/common.php                  |   1 +
 phpBB/language/en/ucp.php                     |   5 +-
 phpBB/search.php                              |  14 +-
 .../styles/subSilver/template/pagination.html |   2 +-
 16 files changed, 281 insertions(+), 195 deletions(-)

diff --git a/phpBB/adm/style/acp_search.html b/phpBB/adm/style/acp_search.html
index b63226f4e1..a68a509bdc 100644
--- a/phpBB/adm/style/acp_search.html
+++ b/phpBB/adm/style/acp_search.html
@@ -80,14 +80,20 @@
 
 	<h1>{L_ACP_SEARCH_INDEX}</h1>
 
-	<p>{L_ACP_SEARCH_INDEX_EXPLAIN}</p>
-
 	<!-- IF S_CONTINUE_INDEXING -->
-		<a href="{U_CONTINUE_INDEXING}" onclick="popup_progress_bar('{S_CONTINUE_INDEXING}');">{L_CONTINUE}</a>
-
 		<p>{L_CONTINUE_EXPLAIN}</p>
+
+		<form id="acp_search_continue" method="post" action="{U_CONTINUE_INDEXING}">
+			<fieldset class="submit-buttons">
+				<legend>{L_SUBMIT}</legend>
+				<input class="button1" type="submit" id="continue" name="continue" value="{L_CONTINUE}" onclick="popup_progress_bar('{S_CONTINUE_INDEXING}');" />&nbsp;
+				<input class="button2" type="submit" id="cancel" name="cancel" value="{L_CANCEL}" />
+			</fieldset>
+		</form>
 	<!-- ELSE -->
 
+		<p>{L_ACP_SEARCH_INDEX_EXPLAIN}</p>
+
 		<!-- BEGIN backend -->
 
 			<!-- IF backend.S_STATS -->
diff --git a/phpBB/adm/style/acp_styles.html b/phpBB/adm/style/acp_styles.html
index efdaf1980a..54c9595065 100644
--- a/phpBB/adm/style/acp_styles.html
+++ b/phpBB/adm/style/acp_styles.html
@@ -367,7 +367,7 @@
 			<legend>{L_CUSTOM_CLASS}</legend>
 		<dl>
 			<dt><label for="custom_class">{L_CSS_CLASS_NAME}:</label></dt>
-			<dd><input id="custom_class" name="custom_class" type="text" value="" maxlength="40" size="40" /></dd>
+			<dd><input id="custom_class" name="custom_class" type="text" value="" maxlength="200" size="40" /></dd>
 		</dl>
 
 		<p class="quick">
diff --git a/phpBB/includes/acp/acp_attachments.php b/phpBB/includes/acp/acp_attachments.php
index 23b67aadc7..81ecc4c963 100644
--- a/phpBB/includes/acp/acp_attachments.php
+++ b/phpBB/includes/acp/acp_attachments.php
@@ -766,6 +766,8 @@ class acp_attachments
 
 							if ($row['left_id'] > $cat_right)
 							{
+								// make sure we don't forget anything
+								$s_forum_id_options .= $holding;
 								$holding = '';
 							}
 
@@ -781,6 +783,12 @@ class acp_attachments
 								$holding = '';
 							}
 						}
+
+						if ($holding)
+						{
+							$s_forum_id_options .= $holding;
+						}
+
 						$db->sql_freeresult($result);
 						unset($padding_store);
 
diff --git a/phpBB/includes/acp/acp_search.php b/phpBB/includes/acp/acp_search.php
index 1dfda1b684..ab81721311 100644
--- a/phpBB/includes/acp/acp_search.php
+++ b/phpBB/includes/acp/acp_search.php
@@ -8,6 +8,16 @@
 *
 */
 
+/**
+* @ignore
+*/
+if (!defined('IN_PHPBB'))
+{
+	exit;
+}
+// make sure, a start time is saved
+still_on_time();
+
 /**
 * @package acp
 */
@@ -17,7 +27,7 @@ class acp_search
 	var $state;
 	var $search;
 	var $max_post_id;
-	var $batch_size = 5000;
+	var $batch_size = 1000;
 
 	function main($id, $mode)
 	{
@@ -143,7 +153,7 @@ class acp_search
 						if (!method_exists($search, 'init') || !($error = $search->init()))
 						{
 							set_config('search_type', $cfg_array['search_type']);
-		
+
 							if (!$updated)
 							{
 								add_log('admin', 'LOG_CONFIG_SEARCH');
@@ -210,6 +220,13 @@ class acp_search
 		}
 		$this->state = explode(',', $config['search_indexing_state']);
 
+		if (isset($_POST['cancel']))
+		{
+			$action = '';
+			$this->state = array();
+			$this->save_state();
+		}
+
 		if ($action)
 		{
 			switch ($action)
@@ -218,15 +235,15 @@ class acp_search
 					$type = request_var('type', '');
 					$this->display_progress_bar($type);
 				break;
-	
+
 				case 'delete':
 					$this->state[1] = 'delete';
 				break;
-	
+
 				case 'create':
 					$this->state[1] = 'create';
 				break;
-	
+
 				default:
 					trigger_error('NO_ACTION', E_USER_ERROR);
 				break;
@@ -243,10 +260,8 @@ class acp_search
 			{
 				trigger_error($error . adm_back_link($this->u_action), E_USER_WARNING);
 			}
-	
-			$action = &$this->state[1];
 
-			@set_time_limit(0);
+			$action = &$this->state[1];
 
 			$this->max_post_id = $this->get_max_post_id();
 
@@ -254,116 +269,126 @@ class acp_search
 			$this->state[2] = &$post_counter;
 			$this->save_state();
 
-			if ($action == 'delete')
+			switch ($action)
 			{
-				if (method_exists($this->search, 'delete_index'))
-				{
-					// pass a reference to myself so the $search object can make use of save_state() and attributes
-					if ($error = $this->search->delete_index($this, append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&mode=$mode&action=delete", false)))
+				case 'delete':
+					if (method_exists($this->search, 'delete_index'))
 					{
-						$this->state = array('');
-						$this->save_state();
-						trigger_error($error . adm_back_link($this->u_action) . $this->close_popup_js(), E_USER_WARNING);
-					}
-				}
-				else
-				{
-					$sql = 'SELECT post_id, poster_id, forum_id
-						FROM ' . POSTS_TABLE . '
-						WHERE post_id >= ' . (int) ($post_counter + 1) . '
-							AND post_id < ' . (int) ($post_counter + $this->batch_size);
-					$result = $db->sql_query($sql);
-	
-					$ids = $posters = array();
-					while ($row = $db->sql_fetchrow($result))
-					{
-						$ids[] = $row['post_id'];
-						$posters[] = $row['poster_id'];
-						$forum_ids[] = $row['forum_id'];
-					}
-					$db->sql_freeresult($result);
-
-					if (sizeof($ids))
-					{
-						$this->search->index_remove($ids, $posters, $forum_ids);
-					}
-	
-					$post_counter += $this->batch_size;
-	
-					// save the current state
-					$this->save_state();
-	
-					if ($post_counter <= $this->max_post_id)
-					{
-						redirect($this->u_action . '&amp;action=delete');
-					}
-				}
-	
-				$this->search->tidy();
-
-				$this->state = array('');
-				$this->save_state();
-
-				trigger_error($user->lang['SEARCH_INDEX_REMOVED'] . adm_back_link($this->u_action) . $this->close_popup_js());
-			}
-			else
-			{
-				if (method_exists($this->search, 'create_index'))
-				{
-					// pass a reference to myself so the $search object can make use of save_state() and attributes
-					if ($error = $this->search->create_index($this, append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&mode=$mode&action=create", false)))
-					{
-						$this->state = array('');
-						$this->save_state();
-						trigger_error($error . adm_back_link($this->u_action) . $this->close_popup_js(), E_USER_WARNING);
-					}
-				}
-				else
-				{
-					$sql = 'SELECT forum_id, enable_indexing
-						FROM ' . FORUMS_TABLE;
-					$result = $db->sql_query($sql, 3600);
-
-					while ($row = $db->sql_fetchrow($result))
-					{
-						$forums[$row['forum_id']] = (bool) $row['enable_indexing'];
-					}
-					$db->sql_freeresult($result);
-
-					$sql = 'SELECT post_id, post_subject, post_text, poster_id, forum_id
-						FROM ' . POSTS_TABLE . '
-						WHERE post_id >= ' . (int) ($post_counter + 1) . '
-							AND post_id < ' . (int) ($post_counter + $this->batch_size);
-					$result = $db->sql_query($sql);
-
-					while ($row = $db->sql_fetchrow($result))
-					{
-						// Indexing enabled for this forum or global announcement?
-						// Global announcements get indexed by default.
-						if (!$row['forum_id'] || (isset($forums[$row['forum_id']]) && $forums[$row['forum_id']]))
+						// pass a reference to myself so the $search object can make use of save_state() and attributes
+						if ($error = $this->search->delete_index($this, append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&mode=$mode&action=delete", false)))
 						{
-							$this->search->index('post', $row['post_id'], $row['post_text'], $row['post_subject'], $row['poster_id'], $row['forum_id']);
+							$this->state = array('');
+							$this->save_state();
+							trigger_error($error . adm_back_link($this->u_action) . $this->close_popup_js(), E_USER_WARNING);
 						}
 					}
-					$db->sql_freeresult($result);
-
-					$post_counter += $this->batch_size;
-	
-					// save the current state
-					$this->save_state();
-	
-					if ($post_counter <= $this->max_post_id)
+					else
 					{
-						redirect($this->u_action . '&amp;action=create');
-					}
-				}
-	
-				$this->search->tidy();
-	
-				$this->state = array('');
-				$this->save_state();
+						while (still_on_time() && $post_counter <= $this->max_post_id)
+						{
+							$sql = 'SELECT post_id, poster_id, forum_id
+								FROM ' . POSTS_TABLE . '
+								WHERE post_id >= ' . (int) ($post_counter + 1) . '
+									AND post_id < ' . (int) ($post_counter + $this->batch_size);
+							$result = $db->sql_query($sql);
 
-				trigger_error($user->lang['SEARCH_INDEX_CREATED'] . adm_back_link($this->u_action) . $this->close_popup_js());
+							$ids = $posters = $forum_ids = array();
+							while ($row = $db->sql_fetchrow($result))
+							{
+								$ids[] = $row['post_id'];
+								$posters[] = $row['poster_id'];
+								$forum_ids[] = $row['forum_id'];
+							}
+							$db->sql_freeresult($result);
+
+							if (sizeof($ids))
+							{
+								$this->search->index_remove($ids, $posters, $forum_ids);
+							}
+
+							$post_counter += $this->batch_size;
+
+							// save the current state
+							$this->save_state();
+						}
+
+						if ($post_counter <= $this->max_post_id)
+						{
+							meta_refresh(1, $this->u_action . '&amp;action=delete&amp;skip_rows=' . $post_counter);
+							trigger_error(sprintf($user->lang['SEARCH_INDEX_DELETE_REDIRECT'], $post_counter));
+						}
+					}
+
+					$this->search->tidy();
+
+					$this->state = array('');
+					$this->save_state();
+
+					trigger_error($user->lang['SEARCH_INDEX_REMOVED'] . adm_back_link($this->u_action) . $this->close_popup_js());
+				break;
+
+				case 'create':
+					if (method_exists($this->search, 'create_index'))
+					{
+						// pass a reference to acp_search so the $search object can make use of save_state() and attributes
+						if ($error = $this->search->create_index($this, append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&mode=$mode&action=create", false)))
+						{
+							$this->state = array('');
+							$this->save_state();
+							trigger_error($error . adm_back_link($this->u_action) . $this->close_popup_js(), E_USER_WARNING);
+						}
+					}
+					else
+					{
+						$sql = 'SELECT forum_id, enable_indexing
+							FROM ' . FORUMS_TABLE;
+						$result = $db->sql_query($sql, 3600);
+
+						while ($row = $db->sql_fetchrow($result))
+						{
+							$forums[$row['forum_id']] = (bool) $row['enable_indexing'];
+						}
+						$db->sql_freeresult($result);
+
+						while (still_on_time() && $post_counter <= $this->max_post_id)
+						{
+							$sql = 'SELECT post_id, post_subject, post_text, poster_id, forum_id
+								FROM ' . POSTS_TABLE . '
+								WHERE post_id >= ' . (int) ($post_counter + 1) . '
+									AND post_id < ' . (int) ($post_counter + $this->batch_size);
+							$result = $db->sql_query($sql);
+
+							while ($row = $db->sql_fetchrow($result))
+							{
+								// Indexing enabled for this forum or global announcement?
+								// Global announcements get indexed by default.
+								if (!$row['forum_id'] || (isset($forums[$row['forum_id']]) && $forums[$row['forum_id']]))
+								{
+									$this->search->index('post', $row['post_id'], $row['post_text'], $row['post_subject'], $row['poster_id'], $row['forum_id']);
+								}
+							}
+							$db->sql_freeresult($result);
+
+							$post_counter += $this->batch_size;
+
+							// save the current state
+							$this->save_state();
+						}
+
+						if ($post_counter <= $this->max_post_id)
+						{
+							meta_refresh(1, $this->u_action . '&amp;action=create&amp;skip_rows=' . $post_counter);
+							trigger_error(sprintf($user->lang['SEARCH_INDEX_CREATE_REDIRECT'], $post_counter));
+						}
+					}
+
+					$this->search->tidy();
+
+					$this->state = array('');
+					$this->save_state();
+
+					trigger_error($user->lang['SEARCH_INDEX_CREATED'] . adm_back_link($this->u_action) . $this->close_popup_js());
+				break;
 			}
 		}
 
@@ -469,14 +494,11 @@ class acp_search
 
 	function close_popup_js()
 	{
-		/**
-		* @todo remove Javascript
-		*/
-		return '<script type="text/javascript">
-	<!--
-		close_waitscreen = 1;
-	//-->
-	</script>';
+		return "<script type=\"text/javascript\">\n" .
+			"<!--\n" .
+			"	close_waitscreen = 1;\n" .
+			"//-->\n" .
+			"</script>\n";
 	}
 
 	function get_search_types()
diff --git a/phpBB/includes/auth/auth_db.php b/phpBB/includes/auth/auth_db.php
index baf193ecdb..afea47d1c1 100644
--- a/phpBB/includes/auth/auth_db.php
+++ b/phpBB/includes/auth/auth_db.php
@@ -103,19 +103,44 @@ function login_db(&$username, &$password)
 		$password_old_format = (!STRIP) ? addslashes($password_old_format) : $password_old_format;
 		$password_new_format = '';
 
-		set_var($password_new_format, $password_old_format, 'string');
+		set_var($password_new_format, stripslashes($password_old_format), 'string');
 
-		if ($password == $password_new_format && md5($password_old_format) == $row['user_password'])
+		if ($password == $password_new_format)
 		{
-			// Update the password in the users table to the new format and remove user_pass_convert flag
-			$sql = 'UPDATE ' . USERS_TABLE . '
-				SET user_password = \'' . $db->sql_escape(md5($password_new_format)) . '\',
-					user_pass_convert = 0
-				WHERE user_id = ' . $row['user_id'];
-			$db->sql_query($sql);
+			if (!function_exists('utf8_to_cp1252'))
+			{
+				global $phpbb_root_path, $phpEx;
+				include($phpbb_root_path . 'includes/utf/data/recode_basic.' . $phpEx);
+			}
 
-			$row['user_pass_convert'] = 0;
-			$row['user_password'] = md5($password_new_format);
+			// cp1252 is phpBB2's default encoding, characters outside ASCII range might work when converted into that encoding
+			if (md5($password_old_format) == $row['user_password'] || utf8_to_cp1252(md5($password_old_format)) == $row['user_password'])
+			{
+				// Update the password in the users table to the new format and remove user_pass_convert flag
+				$sql = 'UPDATE ' . USERS_TABLE . '
+					SET user_password = \'' . $db->sql_escape(md5($password_new_format)) . '\',
+						user_pass_convert = 0
+					WHERE user_id = ' . $row['user_id'];
+				$db->sql_query($sql);
+
+				$row['user_pass_convert'] = 0;
+				$row['user_password'] = md5($password_new_format);
+			}
+			else if (preg_match('/[\x80-\xFF]/', $password_old_format))
+			{
+				// Although we weren't able to convert this password we have to
+				// increase login attempt count to make sure this cannot be exploited
+				$sql = 'UPDATE ' . USERS_TABLE . '
+					SET user_login_attempts = user_login_attempts + 1
+					WHERE user_id = ' . $row['user_id'];
+				$db->sql_query($sql);
+
+				return array(
+					'status'		=> LOGIN_ERROR_PASSWORD_CONVERT,
+					'error_msg'		=> 'LOGIN_ERROR_PASSWORD_CONVERT',
+					'user_row'		=> $row,
+				);
+			}
 		}
 	}
 
diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php
index 99812363b7..cb6b816224 100644
--- a/phpBB/includes/constants.php
+++ b/phpBB/includes/constants.php
@@ -48,6 +48,7 @@ define('LOGIN_ERROR_PASSWORD', 11);
 define('LOGIN_ERROR_ACTIVE', 12);
 define('LOGIN_ERROR_ATTEMPTS', 13);
 define('LOGIN_ERROR_EXTERNAL_AUTH', 14);
+define('LOGIN_ERROR_PASSWORD_CONVERT', 15);
 
 // Group settings
 define('GROUP_OPEN', 0);
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index e360ffb3a0..b9e9716743 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -174,6 +174,41 @@ function unique_id($extra = 'c')
 	return substr($val, 4, 16);
 }
 
+/**
+* Determine whether we are approaching the maximum execution time. Should be called once
+* at the beginning of the script in which it's used.
+* @return	bool	Either true if the maximum execution time is nearly reached, or false
+*					if some time is still left.
+*/
+function still_on_time()
+{
+	static $max_execution_time, $start_time;
+
+	$time = explode(' ', microtime());
+	$current_time = $time[0] + $time[1];
+
+	if (empty($max_execution_time))
+	{
+		$max_execution_time = (function_exists('ini_get')) ? (int) ini_get('max_execution_time') : (int) get_cfg_var('max_execution_time');
+
+		// If zero, then set to something higher to not let the user catch the ten seconds barrier.
+		if ($max_execution_time === 0)
+		{
+			$max_execution_time = 65;
+		}
+
+		$max_execution_time = min(max(10, ($max_execution_time - 15)), 50);
+
+		// For debugging purposes
+		// $max_execution_time = 10;
+
+		global $starttime;
+		$start_time = (empty($starttime)) ? $current_time : $starttime;
+	}
+
+	return (ceil($current_time - $start_time) < $max_execution_time) ? true : false;
+}
+
 /**
 * Generate sort selection fields
 */
@@ -1868,6 +1903,12 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
 			trigger_error('NO_AUTH_ADMIN_USER_DIFFER');
 		}
 
+		// do not allow empty password
+		if (!$password)
+		{
+			trigger_error('NO_PASSWORD_SUPPLIED');
+		}
+
 		// If authentication is successful we redirect user to previous page
 		$result = $auth->login($username, $password, $autologin, $viewonline, $admin);
 
@@ -1955,6 +1996,16 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
 
 			break;
 
+			case LOGIN_ERROR_PASSWORD_CONVERT:
+				$err = sprintf(
+					$user->lang[$result['error_msg']],
+					($config['email_enable']) ? '<a href="' . append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=sendpassword') . '">' : '',
+					($config['email_enable']) ? '</a>' : '',
+					($config['board_contact']) ? '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">' : '',
+					($config['board_contact']) ? '</a>' : ''
+				);
+			break;
+
 			// Username, password, etc...
 			default:
 				$err = $user->lang[$result['error_msg']];
@@ -1964,6 +2015,7 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
 				{
 					$err = (!$config['board_contact']) ? sprintf($user->lang[$result['error_msg']], '', '') : sprintf($user->lang[$result['error_msg']], '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">', '</a>');
 				}
+				
 			break;
 		}
 	}
@@ -2254,7 +2306,7 @@ function decode_message(&$message, $bbcode_uid = '')
 	$message = str_replace($match, $replace, $message);
 
 	$match = get_preg_expression('bbcode_htm');
-	$replace = array('\1', '\2', '\1', '', '');
+	$replace = array('\1', '\1', '\2', '\1', '', '');
 
 	$message = preg_replace($match, $replace, $message);
 }
@@ -2272,7 +2324,7 @@ function strip_bbcode(&$text, $uid = '')
 	$text = preg_replace("#\[\/?[a-z0-9\*\+\-]+(?:=.*?)?(?::[a-z])?(\:?$uid)\]#", ' ', $text);
 
 	$match = get_preg_expression('bbcode_htm');
-	$replace = array('\1', '\2', '\1', '', '');
+	$replace = array('\1', '\1', '\2', '\1', '', '');
 	
 	$text = preg_replace($match, $replace, $text);
 }
@@ -2399,7 +2451,7 @@ function make_clickable($text, $server_url = false)
 
 		// relative urls for this board
 		$magic_url_match[] = '#(^|[\n\t (])(' . preg_quote($server_url, '#') . ')/(' . get_preg_expression('relative_url_inline') . ')#ie';
-		$magic_url_replace[] = "'\$1<!-- l --><a href=\"\$2/' . preg_replace('/(&amp;|\?)sid=[0-9a-f]{32}/', '\\\\1', '\$3') . '\">' . ((strlen('\$3')) ? preg_replace('/(&amp;|\?)sid=[0-9a-f]{32}/', '\\\\1', '\$3') : '\$2/') . '</a><!-- l -->'";
+		$magic_url_replace[] = "'\$1<!-- l --><a href=\"' . append_sid('\$2/' . preg_replace('/(&amp;|\?)sid=[0-9a-f]{32}$/', '', preg_replace('/(&amp;|\?)sid=[0-9a-f]{32}&amp;/', '\\\\1', '\$3'))) . '\">' . ((strlen('\$3')) ? preg_replace('/(&amp;|\?)sid=[0-9a-f]{32}$/', '', preg_replace('/(&amp;|\?)sid=[0-9a-f]{32}&amp;/', '\\\\1', '\$3')) : '\$2/') . '</a><!-- l -->'";
 
 		// matches a xxxx://aaaaa.bbb.cccc. ...
 		$magic_url_match[] = '#(^|[\n\t (])(' . get_preg_expression('url_inline') . ')#ie';
@@ -3027,7 +3079,8 @@ function get_preg_expression($mode)
 		case 'bbcode_htm':
 			return array(
 				'#<!\-\- e \-\-><a href="mailto:(.*?)">.*?</a><!\-\- e \-\->#',
-				'#<!\-\- ([lmw]) \-\-><a href="(.*?)">.*?</a><!\-\- \1 \-\->#',
+				'#<!\-\- l \-\-><a href="(.*?)(?:(&amp;|\?)sid=[0-9a-f]{32})?">.*?</a><!\-\- l \-\->#',
+				'#<!\-\- ([mw]) \-\-><a href="(.*?)">.*?</a><!\-\- \1 \-\->#',
 				'#<!\-\- s(.*?) \-\-><img src="\{SMILIES_PATH\}\/.*? \/><!\-\- s\1 \-\->#',
 				'#<!\-\- .*? \-\->#s',
 				'#<.*?>#s',
diff --git a/phpBB/includes/functions_convert.php b/phpBB/includes/functions_convert.php
index 87fe1c2649..f8702fcc29 100644
--- a/phpBB/includes/functions_convert.php
+++ b/phpBB/includes/functions_convert.php
@@ -17,38 +17,6 @@ define('DEFAULT_AVATAR_Y', 80);
 
 // Global functions - all functions can be used by convertors
 
-/**
-* Determine whether we are approaching the maximum execution time
-*/
-function still_on_time()
-{
-	static $max_execution_time, $start_time;
-
-	$time = explode(' ', microtime());
-	$current_time = $time[0] + $time[1];
-
-	if (empty($max_execution_time))
-	{
-		$max_execution_time = (function_exists('ini_get')) ? (int) ini_get('max_execution_time') : (int) get_cfg_var('max_execution_time');
-
-		// If zero, then set to something higher to not let the user catch the ten seconds barrier.
-		if ($max_execution_time === 0)
-		{
-			$max_execution_time = 65;
-		}
-
-		$max_execution_time = min(max(10, ($max_execution_time - 15)), 50);
-
-		// For debugging purposes
-		// $max_execution_time = 10;
-
-		global $starttime;
-		$start_time = (empty($starttime)) ? $current_time : $starttime;
-	}
-
-	return (ceil($current_time - $start_time) < $max_execution_time) ? true : false;
-}
-
 // SIMPLE FUNCTIONS
 
 /**
diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php
index d358ec8f48..e2f3a2b271 100644
--- a/phpBB/includes/message_parser.php
+++ b/phpBB/includes/message_parser.php
@@ -366,9 +366,9 @@ class bbcode_firstpass extends bbcode
 		// Additionally, magic url parsing should go after parsing bbcodes, but for safety those are stripped out too...
 		$htm_match = get_preg_expression('bbcode_htm');
 //		$htm_match[3] = '/&#([0-9]+);/';
-		unset($htm_match[3], $htm_match[4]);
+		unset($htm_match[4], $htm_match[5]);
 
-		$htm_replace = array('\1', '\2', '\1'); //, '&amp;#\1;');
+		$htm_replace = array('\1', '\1', '\2', '\1'); //, '&amp;#\1;');
 
 		$out = '';
 
@@ -848,7 +848,9 @@ class bbcode_firstpass extends bbcode
 			// Is this a link to somewhere inside this board? If so then remove the session id from the url
 			if (strpos($url, generate_board_url()) !== false && strpos($url, 'sid=') !== false)
 			{
-				$url = preg_replace('/(&amp;|\?)sid=[0-9a-f]{32}/', '\1', $url);
+				$url = preg_replace('/(&amp;|\?)sid=[0-9a-f]{32}&amp;/', '\1', $url);
+				$url = preg_replace('/(&amp;|\?)sid=[0-9a-f]{32}$/', '', $url);
+				$url = append_sid($url);
 			}
 
 			return ($var1) ? '[url=' . $this->bbcode_specialchars($url) . ':' . $this->bbcode_uid . ']' . $var2 . '[/url:' . $this->bbcode_uid . ']' : '[url:' . $this->bbcode_uid . ']' . $this->bbcode_specialchars($url) . '[/url:' . $this->bbcode_uid . ']'; 
diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php
index 0a9084eb6d..351d284c62 100644
--- a/phpBB/includes/session.php
+++ b/phpBB/includes/session.php
@@ -168,14 +168,9 @@ class session
 				// check IPv4 first, the IPv6 is hopefully only going to be used very seldomly
 				if (!empty($ip) && !preg_match($ipv4, $ip) && !preg_match($ipv6, $ip))
 				{
-					if (!defined('DEBUG_EXTRA'))
-					{
-						trigger_error('Hacking attempt!');
-					}
-					else
-					{
-						trigger_error('Invalid HTTP_X_FORWARDED_FOR header detected: ' . htmlspecialchars($this->forwarded_for));
-					}
+					// contains invalid data, don't use the forwarded for header
+					$this->forwarded_for = '';
+					break;
 				}
 			}
 		}
diff --git a/phpBB/language/en/acp/board.php b/phpBB/language/en/acp/board.php
index dfb44b9e3c..f0c06ce09f 100644
--- a/phpBB/language/en/acp/board.php
+++ b/phpBB/language/en/acp/board.php
@@ -203,8 +203,8 @@ $lang = array_merge($lang, array(
 	'PASSWORD_LENGTH_EXPLAIN'	=> 'Minimum and maximum number of characters in passwords.',
 	'REG_LIMIT'					=> 'Registration attempts',
 	'REG_LIMIT_EXPLAIN'			=> 'Number of attempts users can make at the confirmation code before being locked out that session.',
-	'USERNAME_ALPHA_ONLY'		=> 'Alphanumeric only',
-	'USERNAME_ALPHA_SPACERS'	=> 'Alphanumeric and spacers',
+	'USERNAME_ALPHA_ONLY'		=> 'Letters only',
+	'USERNAME_ALPHA_SPACERS'	=> 'Letters and spacers',
 	'USERNAME_ASCII'			=> 'ASCII (no international unicode)',
 	'USERNAME_LETTER_NUM'		=> 'Any letter and number',
 	'USERNAME_LETTER_NUM_SPACERS'	=> 'Any letter, number, and spacer',
diff --git a/phpBB/language/en/acp/search.php b/phpBB/language/en/acp/search.php
index 59a4dbb43a..85ad45d858 100644
--- a/phpBB/language/en/acp/search.php
+++ b/phpBB/language/en/acp/search.php
@@ -37,10 +37,10 @@ $lang = array_merge($lang, array(
 	'COMMON_WORD_THRESHOLD'					=> 'Common word threshold',
 	'COMMON_WORD_THRESHOLD_EXPLAIN'			=> 'Words which are contained in a greater percentage of all posts will be regarded as common. Common words are ignored in search queries. Set to zero to disable. Only takes effect if there are more than 100 posts.',
 	'CONFIRM_SEARCH_BACKEND'				=> 'Are you sure you wish to switch to a different search backend? After changing the search backend you will have to create an index for the new search backend. If you don’t plan on switching back to the old search backend you can also delete the old backend’s index in order to free system resources.',
-	'CONTINUE_DELETING_INDEX'				=> 'Continue previous index deleting process',
-	'CONTINUE_DELETING_INDEX_EXPLAIN'		=> 'An index deleting process has been started. In order to access the search index page again you need to complete it first.',
+	'CONTINUE_DELETING_INDEX'				=> 'Continue previous index removal process',
+	'CONTINUE_DELETING_INDEX_EXPLAIN'		=> 'An index removal process has been started. In order to access the search index page you will have to complete it or cancel it.',
 	'CONTINUE_INDEXING'						=> 'Continue previous indexing process',
-	'CONTINUE_INDEXING_EXPLAIN'				=> 'An indexing process has been started. In order to access the search index page again you need to complete it first.',
+	'CONTINUE_INDEXING_EXPLAIN'				=> 'An indexing process has been started. In order to access the search index page you will have to complete it or cancel it.',
 	'CREATE_INDEX'							=> 'Create index',
 
 	'DELETE_INDEX'							=> 'Delete index',
@@ -76,6 +76,8 @@ $lang = array_merge($lang, array(
 
 	'SEARCH_GUEST_INTERVAL'					=> 'Guest search flood interval',
 	'SEARCH_GUEST_INTERVAL_EXPLAIN'			=> 'Number of seconds guests must wait between searches. If one guest searches all others have to wait until the time interval passed.',
+	'SEARCH_INDEX_CREATE_REDIRECT'			=> 'All posts up to post id %d have been indexed.<br />Indexing in progress ...',
+	'SEARCH_INDEX_DELETE_REDIRECT'			=> 'All posts up to post id %d have been removed from the search index.<br /> Deleting in progress ...',
 	'SEARCH_INDEX_CREATED'					=> 'Successfully indexed all posts in the board database.',
 	'SEARCH_INDEX_REMOVED'					=> 'Successfully deleted the search index for this backend.',
 	'SEARCH_INTERVAL'						=> 'User search flood interval',
diff --git a/phpBB/language/en/common.php b/phpBB/language/en/common.php
index 7eed479231..12bd726bd6 100644
--- a/phpBB/language/en/common.php
+++ b/phpBB/language/en/common.php
@@ -276,6 +276,7 @@ $lang = array_merge($lang, array(
 	'LOGIN_ERROR_ATTEMPTS'				=> 'You exceeded the maximum allowed number of login attempts. In addition to your username and password you now also have to enter the confirm code from the image you see below.',
 	'LOGIN_ERROR_EXTERNAL_AUTH_APACHE'	=> 'You have not been authenticated by Apache.',
 	'LOGIN_ERROR_PASSWORD'				=> 'You have specified an incorrect password. Please check your password and try again. If you continue to have problems please contact the %sBoard Administrator%s.',
+	'LOGIN_ERROR_PASSWORD_CONVERT'		=> 'It was not possible to convert your password when updating this bulletin board’s software. Please %srequest a new password%s. If you continue to have problems please contact the %sBoard Administrator%s.',
 	'LOGIN_ERROR_USERNAME'				=> 'You have specified an incorrect username. Please check your username and try again. If you continue to have problems please contact the %sBoard Administrator%s.',
 	'LOGIN_FORUM'						=> 'To view or post in this forum you must enter its password.',
 	'LOGIN_INFO'						=> 'In order to login you must be registered. Registering takes only a few seconds but gives you increased capabilities. The board administrator may also grant additional permissions to registered users. Before you login please ensure you are familiar with our terms of use and related policies. Please ensure you read any forum rules as you navigate around the board.',
diff --git a/phpBB/language/en/ucp.php b/phpBB/language/en/ucp.php
index d4b79162cb..459565c7a5 100644
--- a/phpBB/language/en/ucp.php
+++ b/phpBB/language/en/ucp.php
@@ -293,6 +293,7 @@ $lang = array_merge($lang, array(
 	'NO_NEW_FOLDER_NAME'		=> 'You have to specify a new folder name',
 	'NO_NEWER_PM'				=> 'No newer messages',
 	'NO_OLDER_PM'				=> 'No older messages',
+	'NO_PASSWORD_SUPPLIED'		=> 'You cannot login without a password.',
 	'NO_RECIPIENT'				=> 'No recipient defined',
 	'NO_RULES_DEFINED'			=> 'No rules defined',
 	'NO_SAVED_DRAFTS'			=> 'No drafts saved',
@@ -300,10 +301,10 @@ $lang = array_merge($lang, array(
 	'NO_WATCHED_FORUMS'			=> 'You are not watching any forums.',
 	'NO_WATCHED_TOPICS'			=> 'You are not watching any topics.',
 
-	'PASS_TYPE_ALPHA_EXPLAIN'	=> 'Password must be between %1$d and %2$d chars long and must contain alphanumerics',
+	'PASS_TYPE_ALPHA_EXPLAIN'	=> 'Password must be between %1$d and %2$d chars long, must be mixed case and must contain numbers',
 	'PASS_TYPE_ANY_EXPLAIN'		=> 'Must be between %1$d and %2$d characters.',
 	'PASS_TYPE_CASE_EXPLAIN'	=> 'Password must be between %1$d and %2$d chars long and must be mixed case',
-	'PASS_TYPE_SYMBOL_EXPLAIN'	=> 'Password must be between %1$d and %2$d chars long and must contain symbols',
+	'PASS_TYPE_SYMBOL_EXPLAIN'	=> 'Password must be between %1$d and %2$d chars long, must be mixed case, must contain numbers and must contain symbols',
 	'PASSWORD'					=> 'Password',
 	'PASSWORD_ACTIVATED'		=> 'Your new password has been activated',
 	'PASSWORD_UPDATED'			=> 'Your password has been sent successfully to your original email address.',
diff --git a/phpBB/search.php b/phpBB/search.php
index 3e4159025a..191238c8b0 100644
--- a/phpBB/search.php
+++ b/phpBB/search.php
@@ -234,7 +234,7 @@ if ($keywords || $author || $author_id || $search_id || $submit)
 		$correct_query = $search->split_keywords($keywords, $search_terms);
 		if (!$correct_query || (empty($search->search_query) && !sizeof($author_id_ary) && !$search_id))
 		{
-			$ignored = (sizeof($search->common_words)) ? sprintf($user->lang['IGNORED_TERMS_EXPLAIN'], htmlspecialchars(implode(' ', $search->common_words), ENT_COMPAT, 'UTF-8')) . '<br />' : '';
+			$ignored = (sizeof($search->common_words)) ? sprintf($user->lang['IGNORED_TERMS_EXPLAIN'], implode(' ', $search->common_words)) . '<br />' : '';
 			trigger_error($ignored . sprintf($user->lang['NO_KEYWORDS'], $search->word_length['min'], $search->word_length['max']));
 		}
 	}
@@ -453,8 +453,8 @@ if ($keywords || $author || $author_id || $search_id || $submit)
 	}
 
 	// define some vars for urls
-	$hilit = htmlspecialchars(implode('|', explode(' ', preg_replace('#\s+#u', ' ', str_replace(array('+', '-', '|', '(', ')'), ' ', $keywords)))));
-	$u_hilit = urlencode($keywords);
+	$hilit = implode('|', explode(' ', preg_replace('#\s+#u', ' ', str_replace(array('+', '-', '|', '(', ')'), ' ', $keywords))));
+	$u_hilit = urlencode(htmlspecialchars_decode($keywords));
 	$u_show_results = ($show_results != 'posts') ? '&amp;sr=' . $show_results : '';
 	$u_search_forum = implode('&amp;fid%5B%5D=', $search_forum);
 
@@ -472,8 +472,8 @@ if ($keywords || $author || $author_id || $search_id || $submit)
 	$template->assign_vars(array(
 		'SEARCH_TITLE'		=> $l_search_title,
 		'SEARCH_MATCHES'	=> $l_search_matches,
-		'SEARCH_WORDS'		=> preg_replace('#&amp;(\#[0-9]+;)#', '&$1', htmlspecialchars($search->search_query)),
-		'IGNORED_WORDS'		=> (sizeof($search->common_words)) ? htmlspecialchars(implode(' ', $search->common_words)) : '',
+		'SEARCH_WORDS'		=> $search->search_query,
+		'IGNORED_WORDS'		=> (sizeof($search->common_words)) ? implode(' ', $search->common_words) : '',
 		'PAGINATION'		=> generate_pagination($u_search, $total_match_count, $per_page, $start),
 		'PAGE_NUMBER'		=> on_page($total_match_count, $per_page, $start),
 		'TOTAL_MATCHES'		=> $total_match_count,
@@ -960,6 +960,8 @@ while ($row = $db->sql_fetchrow($result))
 
 	if ($row['left_id'] > $cat_right)
 	{
+		// make sure we don't forget anything
+		$s_forums .= $holding;
 		$holding = '';
 	}
 
@@ -1040,7 +1042,7 @@ $result = $db->sql_query_limit($sql, 5);
 
 while ($row = $db->sql_fetchrow($result))
 {
-	$keywords = htmlspecialchars($row['search_keywords'], ENT_COMPAT, 'UTF-8');
+	$keywords = $row['search_keywords'];
 
 	$template->assign_block_vars('recentsearch', array(
 		'KEYWORDS'	=> $keywords,
diff --git a/phpBB/styles/subSilver/template/pagination.html b/phpBB/styles/subSilver/template/pagination.html
index fa636e5bad..bf9c854d9a 100644
--- a/phpBB/styles/subSilver/template/pagination.html
+++ b/phpBB/styles/subSilver/template/pagination.html
@@ -1 +1 @@
-<!-- IF PAGINATION --><b><a href="#" onclick="jumpto(); return false;" title="{L_JUMP_TO_PAGE}">{L_GOTO_PAGE}</a> <!-- IF PREVIOUS_PAGE --><a href="{PREVIOUS_PAGE}">{L_PREVIOUS}</a>&nbsp;&nbsp;<!-- ENDIF -->{PAGINATION}<!-- IF NEXT_PAGE -->&nbsp;&nbsp;<a href="{NEXT_PAGE}">{L_NEXT}</a><!-- ENDIF --></b><!-- ENDIF -->
\ No newline at end of file
+<!-- IF PAGINATION --><b><a href="#" onclick="jumpto(); return false;" title="{L_JUMP_TO_PAGE}">{L_GOTO_PAGE}</a> <!-- IF PREVIOUS_PAGE --><a href="{PREVIOUS_PAGE}">{L_PREVIOUS}</a>&nbsp;&nbsp;<!-- ENDIF -->{PAGINATION}<!-- IF NEXT_PAGE --> &nbsp;<a href="{NEXT_PAGE}">{L_NEXT}</a><!-- ENDIF --></b><!-- ENDIF -->
\ No newline at end of file