ok, this one is rather large... the most important change:

re-introduce append_sid: old style continues to work, not a performance hog as it was in 2.0.x -> structure is different

apart from this, code cleanage, bug fixing, etc.


git-svn-id: file:///svn/phpbb/trunk@6015 89ea8834-ac86-4346-8a33-228a782c2dd0

phpBB/adm/index.php

@@ -58,6 +58,7 @@ $mode			= request_var('mode', '');
 // Set custom template for admin area
 $template->set_custom_template($phpbb_admin_path . 'style', 'admin');
 $template->assign_var('T_TEMPLATE_PATH', $phpbb_admin_path . 'style');
+
 // the acp template is never stored in the database
 $user->theme['template_storedb'] = false;
 
@@ -75,7 +76,7 @@ $module->set_active($module_id, $mode);
 
 // Assign data to the template engine for the list of modules
 // We do this before loading the active module for correct menu display in trigger_error
-$module->assign_tpl_vars("{$phpbb_admin_path}index.$phpEx$SID");
+$module->assign_tpl_vars(append_sid("{$phpbb_admin_path}index.$phpEx"));
 
 // Load and execute the relevant module
 $module->load_active();
@@ -89,13 +90,13 @@ $template->set_filenames(array(
 
 adm_page_footer();
 
-// ---------
+/**
-// FUNCTIONS
+* Header for acp pages
-//
+*/
 function adm_page_header($page_title)
 {
 	global $config, $db, $user, $template;
-	global $phpbb_root_path, $phpbb_admin_path, $phpEx, $SID;
+	global $phpbb_root_path, $phpbb_admin_path, $phpEx, $SID, $_SID;
 
 	if (defined('HEADER_INC'))
 	{
@@ -116,17 +117,20 @@ function adm_page_header($page_title)
 	$template->assign_vars(array(
 		'PAGE_TITLE'			=> $page_title,
 		'USERNAME'				=> $user->data['username'],
+
+		'SID'					=> $SID,
+		'_SID'					=> $_SID,
+		'SESSION_ID'			=> $user->session_id,
 		'ROOT_PATH'				=> $phpbb_admin_path,
 
-		'U_LOGOUT'				=> "{$phpbb_root_path}ucp.$phpEx$SID&mode=logout",
+		'U_LOGOUT'				=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=logout'),
-		'U_ADM_INDEX'			=> "{$phpbb_admin_path}index.$phpEx$SID",
+		'U_ADM_INDEX'			=> append_sid("{$phpbb_admin_path}index.$phpEx"),
-		'U_INDEX'				=> "{$phpbb_root_path}index.$phpEx$SID",
+		'U_INDEX'				=> append_sid("{$phpbb_root_path}index.$phpEx"),
 
 		'S_CONTENT_DIRECTION'	=> $user->lang['DIRECTION'],
 		'S_CONTENT_ENCODING'	=> $user->lang['ENCODING'],
 		'S_CONTENT_DIR_LEFT'	=> $user->lang['LEFT'],
-		'S_CONTENT_DIR_RIGHT' 	=> $user->lang['RIGHT'],
+		'S_CONTENT_DIR_RIGHT'	=> $user->lang['RIGHT'])
-		)
 	);
 
 	if (!empty($config['send_encoding']))
@@ -140,10 +144,13 @@ function adm_page_header($page_title)
 	return;
 }
 
+/**
+* Page footer for acp pages
+*/
 function adm_page_footer($copyright_html = true)
 {
 	global $db, $config, $template, $user, $auth, $cache;
-	global $SID, $starttime, $phpbb_root_path, $phpbb_admin_path, $phpEx;
+	global $starttime, $phpbb_root_path, $phpbb_admin_path, $phpEx;
 
 	// Output page creation time
 	if (defined('DEBUG'))
@@ -179,8 +186,7 @@ function adm_page_footer($copyright_html = true)
 	$template->assign_vars(array(
 		'DEBUG_OUTPUT'		=> (defined('DEBUG')) ? $debug_output : '',
 		'S_COPYRIGHT_HTML'	=> $copyright_html,
-		'VERSION'			=> $config['version']
+		'VERSION'			=> $config['version'])
-		)
 	);
 
 	$template->display('body');
@@ -197,12 +203,18 @@ function adm_page_footer($copyright_html = true)
 	exit;
 }
 
+/**
+* Generate back link for acp pages
+*/
 function adm_back_link($u_action)
 {
 	global $user;
 	return '<br /><br /><a href="' . $u_action . '">&laquo; ' . $user->lang['BACK_TO_PREV'] . '</a>';
 }
 
+/**
+* Build select field options in acp pages
+*/
 function build_select($option_ary, $option_default = false)
 {
 	global $user;
@@ -217,6 +229,9 @@ function build_select($option_ary, $option_default = false)
 	return $html;
 }
 
+/**
+* Build radio fields in acp pages
+*/
 function h_radio($name, &$input_ary, $input_default = false, $id = false, $key = false)
 {
 	global $user;
@@ -234,6 +249,9 @@ function h_radio($name, &$input_ary, $input_default = false, $id = false, $key =
 	return $html;
 }
 
+/**
+* Build configuration template for acp configuration pages
+*/
 function build_cfg_template($tpl_type, $key, &$new, $config_key, $vars)
 {
 	global $user, $module;

phpBB/adm/style/acp_ban.html

@@ -109,6 +109,7 @@
 
 	<p>{L_NO_BAN_CELL}</p>
 </fieldset>
+
 <!-- ENDIF -->
 
 </form>

phpBB/adm/style/acp_bbcodes.html

@@ -44,6 +44,7 @@
 	</fieldset>
 	
 	<br />
+
 	<table cellspacing="1">
 	<thead>
 	<tr>

phpBB/adm/style/acp_board.html

@@ -24,6 +24,7 @@
 
 	<!-- ENDIF -->
 <!-- END options -->
+
 <!-- IF S_AUTH -->
 	<!-- BEGIN auth_tpl -->
 		{auth_tpl.TPL}

phpBB/adm/style/acp_database.html

@@ -1,12 +1,14 @@
 <!-- INCLUDE overall_header.html -->
 
 <a name="maincontent"></a>
+
 <!-- IF MODE eq 'restore' -->
 	<h1>{L_ACP_RESTORE}</h1>
 
 	<p>{L_ACP_RESTORE_EXPLAIN}</p>
 
 	<form id="acp_backup" method="post" action="{U_ACTION}">
+	
 	<fieldset>
 		<legend>{L_RESTORE_OPTIONS}</legend>
 	<dl>
@@ -14,6 +16,7 @@
 		<dd><select id="file" name="file" size="10"><!-- BEGIN files --><option value="{files.FILE}"<!-- IF files.S_LAST_ROW --> selected="selected"<!-- ENDIF -->>{files.NAME}</option><!-- END files --></select></dd>
 	</dl>
 	</fieldset>
+
 	<!-- IF EXISTS -->
 		<fieldset class="submit-buttons">
 			<input class="button1" type="submit" id="submit" name="submit" value="{L_START_RESTORE}" />&nbsp;
@@ -21,7 +24,9 @@
 			<input class="button2" type="submit" id="download" name="download" value="{L_DOWNLOAD_BACKUP}" />
 		</fieldset>
 	<!-- ENDIF -->
+
 	</form>
+
 <!-- ELSE -->
 	<h1>{L_ACP_BACKUP}</h1>
 
@@ -44,6 +49,7 @@
 	</script>
 
 	<form id="acp_backup" method="post" action="{U_ACTION}">
+
 	<fieldset>
 		<legend>{L_BACKUP_OPTIONS}</legend>
 	<dl>
@@ -69,10 +75,14 @@
 		</select><br /><br /><div align="right"><a href="#" onclick="selector(true)">{L_SELECT_ALL}</a><br /><a href="#" onclick="selector(false)">{L_DESELECT_ALL}</a></div></dd>
 	</dl>
 	</fieldset>
+
 	<fieldset class="submit-buttons">
 		<input class="button1" type="submit" id="submit" name="submit" value="{L_SUBMIT}" />&nbsp;
 		<input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" />
 	</fieldset>
+
 	</form>
+
 <!-- ENDIF -->
+
 <!-- INCLUDE overall_footer.html -->

phpBB/adm/style/acp_disallow.html

@@ -35,12 +35,10 @@
 
 	<fieldset class="quick">
 		<input class="button1" type="submit" name="allow" value="{L_SUBMIT}" />
-</fieldset>
-
 <!-- ELSE -->
 	<p>{L_NO_DISALLOWED}</p>
-</fieldset>
 <!-- ENDIF -->
+</fieldset>
 
 </form>
 

phpBB/adm/style/acp_forums.html

@@ -303,7 +303,7 @@
 	
 	<p><strong>{NAVIGATION}<!-- IF S_NO_FORUMS --> [<a href="{U_EDIT}">{L_EDIT}</a> | <a href="{U_DELETE}">{L_DELETE}</a><!-- IF not S_LINK --> | <a href="{U_SYNC}">{L_RESYNC}</a><!-- ENDIF --->]<!-- ENDIF --></strong></p>
 
-<!-- IF forums -->
+	<!-- IF .forums -->
 		<table cellspacing="1">
 			<col class="row1" /><col class="row1" /><col class="row2" />
 		<tbody>

phpBB/adm/style/acp_language.html

@@ -150,7 +150,9 @@
 	</table>
 
 	</form>
+
 <!-- ELSEIF S_UPLOAD -->
+
 	<a href="{U_BACK}" style="float: right">&laquo; {L_BACK}</a>
 
 	<h1>{L_UPLOAD_SETTINGS}</h1>
@@ -188,6 +190,7 @@
 	</fieldset>
 
 	</form>
+
 <!-- ELSE -->
 
 	<h1>{L_ACP_LANGUAGE_PACKS}</h1>

phpBB/adm/style/acp_logs.html

@@ -52,10 +52,13 @@
 	<!-- END log -->
 	</tbody>
 	</table>
+
 <!-- ELSE -->
+
 	<div class="errorbox">
 		<p>{L_NO_ENTRIES}</p>
 	</div>
+
 <!-- ENDIF -->
 
 <!-- IF S_SHOW_FORUMS -->

phpBB/adm/style/acp_permission_roles.html

@@ -8,8 +8,10 @@
 	<!--
 		var active_option = 'options0';
 
-		// Show/hide option panels
+		/**
-		// value = suffix for ID to show
+		* Show/hide option panels
+		* value = suffix for ID to show
+		*/
 		function swap_options(id)
 		{
 			if (id == active_option)
@@ -24,8 +26,10 @@
 			active_option = id;
 		}
 
-		// Mark all radio buttons in one panel
+		/**
-		// id = table ID container, s = status ['y'/'u'/'n']
+		* Mark all radio buttons in one panel
+		* id = table ID container, s = status ['y'/'u'/'n']
+		*/
 		function mark_options(id, s)
 		{
 			var t = document.getElementById(id);

phpBB/adm/style/acp_php_info.html

@@ -9,4 +9,5 @@
 <div style="overflow: auto; width: 99%;">
 	{PHPINFO}
 </div>
+
 <!-- INCLUDE overall_footer.html -->

phpBB/adm/style/acp_ranks.html

@@ -8,7 +8,6 @@
 
 	<script type="text/javascript">
 	<!--
-
 		function update_image(newimage)
 		{
 			document.getElementById('image').src = (newimage) ? "{RANKS_PATH}/" + newimage : "./images/spacer.gif";

phpBB/adm/style/acp_reasons.html

@@ -45,7 +45,7 @@
 
 	<p>{L_ACP_REASONS_EXPLAIN}</p>
 
-<!-- IF reasons -->
+	<!-- IF .reasons -->
 		<table cellspacing="1">
 			<col class="row1" /><col class="row1" /><col class="row2" />
 		<thead>
@@ -74,6 +74,7 @@
 		<!-- END reasons -->
 		</tbody>
 		</table>
+
 	<!-- ENDIF -->
 
 	<form id="reasons" method="post" action="{U_ACTION}">

phpBB/adm/style/acp_search.html

@@ -8,9 +8,9 @@
 	<p>{L_ACP_SEARCH_SETTINGS_EXPLAIN}</p>
 
 	<form id="acp_search" method="post" action="{U_ACTION}">
+
 	<fieldset>
 		<legend>{L_GENERAL_SEARCH_SETTINGS}</legend>
-
 	<dl>
 		<dt><label for="load_search">{L_YES_SEARCH}:</label><br /><span>{L_YES_SEARCH_EXPLAIN}</span></dt>
 		<dd><input type="radio" id="load_search" name="config[load_search]" value="1"<!-- IF S_YES_SEARCH --> checked="checked"<!-- ENDIF --> class="radio" />&nbsp;{L_YES}&nbsp;&nbsp;<input type="radio" name="config[load_search]" value="0"<!-- IF not S_YES_SEARCH --> checked="checked"<!-- ENDIF --> class="radio" />&nbsp;{L_NO}</dd>
@@ -39,7 +39,6 @@
 
 	<fieldset>
 		<legend>{L_SEARCH_TYPE}</legend>
-
 	<dl>
 		<dt><label for="search_type">{L_SEARCH_TYPE}:</label><br /><span>{L_SEARCH_TYPE_EXPLAIN}</span></dt>
 		<dd><select id="search_type" name="config[search_type]">{S_SEARCH_TYPES}</select></dd>
@@ -47,11 +46,12 @@
 	</fieldset>
 
 	<!-- BEGIN backend -->
+
 		<fieldset>
 			<legend>{backend.NAME}</legend>
-
 		{backend.SETTINGS}
 		</fieldset>
+
 	<!-- END backend -->
 
 	<fieldset class="submit-buttons">
@@ -62,8 +62,13 @@
 	</form>
 
 <!-- ELSEIF S_INDEX -->
-<script language="javascript" type="text/javascript">
+
+	<script type="text/javascript">
 	<!--
+
+		/**
+		* Popup search progress bar
+		*/
 		function popup_progress_bar(progress_type)
 		{
 			close_waitscreen = 0;
@@ -81,8 +86,11 @@
 
 		<p>{L_CONTINUE_EXPLAIN}</p>
 	<!-- ELSE -->
+
 		<!-- BEGIN backend -->
+
 			<!-- IF backend.S_STATS -->
+			
 				<table cellspacing="1">
 					<caption>&raquo; {L_INDEX_STATS}: {backend.L_NAME} <!-- IF backend.S_ACTIVE -->({L_ACTIVE}) <!-- ENDIF --></caption>
 					<col class="col1" /><col class="col2" /><col class="col1" /><col class="col2" />
@@ -105,9 +113,12 @@
 				<!-- END data -->
 				</tbody>
 				</table>
+			
 			<!-- ENDIF -->
+			
 			<form id="acp_search_index_{backend.NAME}" method="post" action="{U_ACTION}">
 				{backend.S_HIDDEN_FIELDS}
+		
 			<fieldset class="quick">
 			<!-- IF backend.S_INDEXED -->
 				<input class="button2" type="submit" name="action[delete]" value="{L_DELETE_INDEX}" onclick="javascript:popup_progress_bar('delete')" />
@@ -115,9 +126,12 @@
 				<input class="button2" type="submit" name="action[create]" value="{L_CREATE_INDEX}" onclick="javascript:popup_progress_bar('create')" />
 			<!-- ENDIF -->
 			</fieldset>
+			
 			</form>
 		<!-- END backend -->
+
 	<!-- ENDIF -->
+
 <!-- ENDIF -->
 
 <!-- INCLUDE overall_footer.html -->

phpBB/adm/style/acp_styles.html

@@ -39,14 +39,15 @@
 	<p>{L_EXPLAIN}</p>
 	<script language="javascript" type="text/javascript" defer="defer">
 	<!--
-
 		function update_image(newimage)
 		{
 			document.newimg.src = (newimage) ? "../styles/{NAME}/imageset/" + newimage : "images/no_image.png";
 		}
 	//-->
 	</script>
-	<form method="post" action="{U_ACTION}"><table width="95%" cellspacing="1" cellpadding="1" border="0" align="center">
+	<form method="post" action="{U_ACTION}">
+	
+	<table width="95%" cellspacing="1" cellpadding="1" border="0" align="center">
 	<tr>
 		<td align="right">{L_SELECT_IMAGE}: <select name="imgname" onchange="this.form.submit(); ">
 		<!-- BEGIN category -->
@@ -54,10 +55,12 @@
 				<!-- BEGIN images --><option value="{category.images.VALUE}"<!-- IF category.images.SELECTED--> selected="selected"<!-- ENDIF -->>{category.images.TEXT}</option>
 				<!-- END images -->
 			<!-- END category -->
-			</select>&nbsp; <input class="btnlite" type="submit" value="{L_SELECT}" tabindex="100" /></td>
+			</select>&nbsp; <input class="btnlite" type="submit" value="{L_SELECT}" tabindex="100" />
+		</td>
 	</tr>
 	<tr>
-			<td><table class="bg" width="100%" cellspacing="1" cellpadding="4" border="0" align="center">
+		<td>
+			<table class="bg" width="100%" cellspacing="1" cellpadding="4" border="0" align="center">
 			<tr>
 				<th colspan="2">{L_EDIT_IMAGESET}</th>
 			</tr>
@@ -72,7 +75,8 @@
 			</tr>
 			<!-- ENDIF -->
 			<tr>
-					<td class="row1" colspan="2" align="center"><table width="100%" cellspacing="2" cellpadding="2" border="0">
+				<td class="row1" colspan="2" align="center">
+					<table width="100%" cellspacing="2" cellpadding="2" border="0">
 					<tr>
 						<td width="50%" align="center"><img src="<!-- IF IMAGE_REQUEST neq '' -->{IMAGE_REQUEST}<!-- ELSE -->images/no_image.png<!-- ENDIF -->"/></td>
 						<td width="50%" align="center"><img src="images/no_image.png" name="newimg" /></td>
@@ -81,7 +85,8 @@
 						<td class="gensmall" align="center">{L_CURRENT_IMAGE}</td>
 						<td class="gensmall" align="center">{L_SELECTED_IMAGE}</td>
 					</tr>
-					</table></td>
+					</table>
+				</td>
 			</tr>
 			<tr>
 				<th width="40%">{L_IMAGE_PARAMETER}</th>
@@ -96,7 +101,8 @@
 						<option value="{imagesetlist.images.VALUE}"<!-- IF imagesetlist.images.SELECTED--> selected="selected"<!-- ENDIF -->>{imagesetlist.images.TEXT}</option>
 						<!-- END images -->
 					<!-- END imagesetlist -->
-					</select></td>
+					</select>
+				</td>
 			</tr>
 			<tr>
 				<td class="row1" width="40%"><b>{L_INCLUDE_DIMENSIONS}: </b><br /><span class="gensmall">{L_DIMENSIONS_EXPLAIN}</span></td>
@@ -105,13 +111,17 @@
 			<tr>
 				<td class="cat" colspan="2" align="center"><input class="btnmain" type="submit" name="update" value="{L_SUBMIT}" />&nbsp;&nbsp;<input class="btnmain" type="reset" value="{L_RESET}" /></td>
 			</tr>
-			</table></td>
+			</table>
+		</td>
 	</tr>
-	</table></form>
+	</table>
+	
+	</form>
+
 <!-- ELSEIF S_EDIT_TEMPLATE or S_EDIT_THEME -->
+
 	<script language="javascript" type="text/javascript" defer="defer">
 	<!--
-
 		function append_text_rows(form_name, value)
 		{
 			url = document.getElementById(form_name).action;
@@ -136,6 +146,7 @@
 		}
 	//-->
 	</script>
+
 	<!-- IF S_EDIT_TEMPLATE -->
 
 		<a href="{U_BACK}" style="float: right">&laquo; {L_BACK}</a>
@@ -216,7 +227,6 @@
 				<input class="button1" id="save" type="submit" name="save" value="{L_SUBMIT}" />
 			</fieldset>
 
-
 			</form>
 		<!-- ENDIF -->
 
@@ -258,6 +268,7 @@
 		<!-- ENDIF -->
 
 		<form id="acp_styles" method="post" action="{U_ACTION}">
+
 		<fieldset>
 			<legend>{L_SELECT_CLASS}</legend>
 		<dl>
@@ -271,6 +282,7 @@
 			</dl>
 		<!-- ENDIF -->
 		</fieldset>
+	
 		</form>
 
 		<!-- IF S_CLASS -->
@@ -375,8 +387,11 @@
 		</fieldset>
 
 		</form>
+	
 	<!-- ENDIF -->
+
 <!-- ELSEIF S_CACHE -->
+
 	<script language="Javascript" type="text/javascript">
 	<!--
 
@@ -421,6 +436,7 @@
 			<td colspan="5">{L_TEMPLATE_CACHE_EMPTY}</td>
 		</tr>
 	<!-- END file -->
+	</tbody>
 	</table>
 
 	<fieldset class="quick">
@@ -428,7 +444,9 @@
 
 		<input class="button1" type="submit" id="submit" name="submit" value="{L_DELETE_MARKED}" />
 	</fieldset>
+
 	</form>
+
 <!-- ELSEIF S_EXPORT -->
 
 	<a href="{U_BACK}" style="float: right">&laquo; {L_BACK}</a>

phpBB/adm/style/admin.css

@@ -1,8 +1,6 @@
 /*  phpBB 3.0 Admin Style Sheet
     ------------------------------------------------------------------------
 	Original author:	subBlue ( http://www.subBlue.com/ )
-	Official update:	$Id$
-	
 	Copyright 2006 phpBB Group ( http://www.phpbb.com/ )
     ------------------------------------------------------------------------
 */
@@ -15,11 +13,13 @@
 	margin: 0;
 	padding: 0;
 }
+
 html {
 	font-size: 100%;
 	height: 100%;
 	margin-bottom: 1px;
 }
+
 body {
 	/* Text-Sizing with ems: http://www.clagnut.com/blog/348/ */
 	font-family: Verdana, Helvetica, Arial, sans-serif;
@@ -28,14 +28,17 @@ body {
 	font-size: 62.5%;			/* This sets the default font size to be equivalent to 10px */
 	margin: 0;
 }
+
 img {
 	border: 0;
 }
+
 h1 {
 	font: bold 1.8em 'Trebuchet MS', Verdana, sans-serif;
 	text-decoration: none; 
 	color: #333333;
 }
+
 h2, caption {
 	font: bold 1.2em Arial, Helvetica, sans-serif;
 	text-decoration: none; 
@@ -43,11 +46,13 @@ h2, caption {
 	text-align: left;
 	margin-top: 25px;
 }
+
 p {
 	margin-bottom: 0.7em;
 	line-height: 1.4em;
 	font-size: 1.1em;
 }
+
 hr {
 	border: 0 none;
 	border-top: 1px solid #999999;
@@ -55,6 +60,7 @@ hr {
 	padding-bottom: 5px;
 	height: 1px;
 }
+
 .small { 
 	font-size: 1em; 
 }
@@ -65,6 +71,7 @@ a:link, a:active, a:visited {
 	color: #006699; 
 	text-decoration: none; 
 }
+
 a:hover { 
 	color: #DD6900; 
 	text-decoration: underline; 
@@ -77,41 +84,50 @@ a:hover {
 	padding: 0 20px 15px 20px;
 	min-width: 615px;
 }
+
 #page-header {
 	text-align: right;
 	background: url("../images/phpbb_logo.gif") 0 0 no-repeat;
 	height: 84px;
 }
+
 #page-header h1 {
 	font-family: Verdana, Arial, Helvetica, sans-serif;
 	font-size: 1.5em;
 	font-weight: normal;
 	padding-top: 15px;
 }
+
 #page-header p {
 	font-size: 1.1em;
 }
+
 #page-body {
 	clear: both;
 }
+
 #page-footer {
 	clear: both;
 	font-size: 1em;
 	text-align: center;
 }
+
 #content {
 	padding: 30px 10px 10px 10px;
 }
+
 #content h1 {
 	line-height: 1.2em; 
 	margin-bottom: 0px;
 }
+
 #main {
 	float:left;
 	width: 76%;
 	margin-left: 3%;
 	min-height: 350px;
 }
+
 * html #main { 
 	height: 350px; 
 }
@@ -125,11 +141,13 @@ a:hover {
 	margin: 0 0 -6px 7px;
 	min-width: 570px;
 }
+
 #tabs ul {
 	margin:0;
 	padding: 0;
 	list-style: none;
 }
+
 #tabs li {
 	display: inline;
 	margin: 0;
@@ -137,6 +155,7 @@ a:hover {
 	font-size: 1em;
 	font-weight: bold;
 }
+
 #tabs a {
 	float:left;
 	background:url("../images/bg_tabs1.gif") no-repeat 0% -35px;
@@ -145,6 +164,7 @@ a:hover {
 	text-decoration: none;
 	position: relative;
 }
+
 #tabs a span {
 	float: left;
 	display: block;
@@ -154,6 +174,7 @@ a:hover {
 	white-space: nowrap;
 	text-transform: uppercase;
 }
+
 /* Commented Backslash Hack hides rule from IE5-Mac \*/
 #tabs a span { float:none; }
 /* End hack */
@@ -161,21 +182,26 @@ a:hover {
 #tabs a:hover span {
 	color: #DD6900;
 }
+
 #tabs #activetab a {
 	background-position: 0 0px;
 	border-bottom: 1px solid #FFFFFF;
 }
+
 #tabs #activetab a span {
 	background-position: 100% 0px;
 	padding-bottom: 7px;
 	color: #333333;
 }
+
 #tabs a:hover {
 	background-position: 0 -70px;
 }
+
 #tabs a:hover span {
 	background-position:100% -70px;
 }
+
 #tabs #activetab a:hover span {
 	color: #333333;
 }
@@ -188,6 +214,7 @@ a:hover {
 	background-color: #FFFFFF;
 	border: solid 1px  #A9B8C2;
 }
+
 span.corners-top, span.corners-bottom, 
 span.corners-top span, span.corners-bottom span {
 	display: none;
@@ -202,9 +229,11 @@ span.corners-top span, span.corners-bottom span {
 	font-size: 100%;
 	padding: 0;
 }
+
 #menu p {
 	font-size: 1em;
 }
+
 #menu ul {
 	list-style: none;
 }
@@ -227,16 +256,19 @@ span.corners-top span, span.corners-bottom span {
 	background-color: #ECECEC;
 	border-top: 1px solid #FFFFFF;
 }
+
 #menu li a:hover span, #menu li#activemenu span {
 	text-decoration: none;
 	background-color: #FFA34F;
 	color: #FFFFFF;
 }
+
 #menu li span.completed {
 	text-decoration: none;
 	background-color: #B9DBB3;
 	color: #006699;
 }
+
 #menu li.header {
 	display: block;
 	padding: 5px;
@@ -248,12 +280,14 @@ span.corners-top span, span.corners-bottom span {
 	margin-top: 5px;
 	text-transform: uppercase;
 }
+
 #menu li#activemenu a span {
 	text-decoration: none;
 	font-weight: bold;
 	color: #000;
 	background-color: #DADFE4;
 }
+
 #menu li#activemenu a:hover span {
 	text-decoration: none;
 	color: #000;
@@ -267,17 +301,20 @@ table {
 	width: 100%;
 	/*background-color: #ACBBC6;*/
 }
+
 th, td { 
 	font-family: Verdana, Arial, Helvetica, sans-serif;
 	font-size: 1.1em;
 	text-align: left;
 }
+
 th {
 	padding: 6px 4px;
 	color: #FFA34F;
 	font-weight: bold;
 	background: #006699 url("../images/cellpic3.gif") 0 0 repeat-x;
 }
+
 td {
 	padding: 4px;
 	line-height: 1.2em;
@@ -302,6 +339,7 @@ table.type2 {
 	padding: 0;
 	width: 0;
 }
+
 table.type2 th {
 	background: none;
 	border-top: none;
@@ -309,6 +347,7 @@ table.type2 th {
 	color: #FFA34F;
 	padding: 2px 0;
 }
+
 table.type2 td {
 	padding: 0;
 }
@@ -326,12 +365,15 @@ fieldset {
 	background-color: #ECECEC;
 	position: relative;
 }
+
 * html fieldset { 
 	padding: 0 10px 5px 10px; 
 }
+
 fieldset p {
 	font-size: 1.1em;
 }
+
 legend {
 	padding: 1px 0; 
 	font-family: arial,Verdana,Sans-serif;
@@ -344,6 +386,7 @@ legend {
 	top: 0em;
 	vertical-align:middle;
 }
+
 * html legend { 
 	margin-bottom: -10px; 
 	margin-left: -7px;
@@ -364,6 +407,7 @@ input {
 	cursor: text;
 	vertical-align: middle;
 }
+
 select {
 	font-family: Verdana, Helvetica, Arial, sans-serif;
 	font-size: 100%;
@@ -376,16 +420,20 @@ select {
 	padding: 1px;
 	background-color: #FAFAFA;
 }
+
 optgroup {
 	font-weight: bold;
 }
+
 option {
 	padding-right: 1em;
 }
+
 .sep {
 	color: black;
 	background-color: #FFA34F;
 }
+
 textarea {
 	font-family: Verdana, Helvetica, Arial, sans-serif;
 	font-size: 100%;
@@ -398,15 +446,18 @@ textarea {
 	border-bottom: 1px solid #D5D5C8;
 	cursor: text;
 }
+
 label {
 	cursor:pointer;
 	font-size: 1.1em;
 	padding-right: 5px;
 }
+
 label input {
 	font-size: 100%;
 	vertical-align: middle;
 }
+
 label img {
 	vertical-align: middle;
 }
@@ -419,6 +470,7 @@ fieldset.quick {
 	text-align: right;
 	font-size: 1.1em;
 }
+
 fieldset.nobg {
 	margin: 15px 0 0 0;
 	padding: 0;
@@ -426,6 +478,7 @@ fieldset.nobg {
 	background-color: transparent;
 	font-size: 1.1em;
 }
+
 fieldset.display-options {
 	margin: 15px 0 2px 0;
 	padding: 0 0 4px 0;
@@ -434,10 +487,12 @@ fieldset.display-options {
 	text-align: center;
 	font-size: 1.1em;
 }
+
 fieldset.display-options select, fieldset.display-options input, fieldset.display-options label {
 	font-size: 100%;
 	vertical-align: middle;
 }
+
 select option.disabled {
 	background-color: #bbb;
 	color: #fff;
@@ -456,6 +511,7 @@ select#full_folder_action {
 dl {
 	font-family: Verdana, Helvetica, Arial, sans-serif;
 }
+
 dt {
 	float: left;
 	width: auto;
@@ -472,45 +528,54 @@ dt label {
 	text-align: left;
 	font-weight: bold;
 }
+
 dd label {
 	white-space: nowrap;
 	margin-right: 10px;
 }
 
 html>body dd label input { vertical-align: text-bottom; }	/* Tweak for Moz to align checkboxes/radio buttons nicely */
+
 dd input, 
 dd select {
 	max-width: 100%;
 }
+
 dd textarea {
 	width: 100%;
 }
+
 input.radio {
 	width: auto !important;
 	background-color: transparent;
 	border: none;
 	cursor: default;
 }
+
 dd select {
 	width: auto;
 	font-size: 100%;
 }
+
 fieldset dl {
 	margin-bottom: 10px;
 	font-size: 1.1em;
 }
+
 fieldset dt {
 	width: 45%;
 	text-align: left;
 	border-right: 1px solid #CCC;
 	padding-top: 3px;
 }
+
 fieldset dd {
 	margin-left: 45%;
 	padding-left: 5px;
 	border-left: 1px solid #CCC;
 	vertical-align: top;
 }
+
 dd.full {
 	margin-left: 0;
 	border: 0;
@@ -524,6 +589,7 @@ dd.full {
 fieldset dl:hover dt label {
 	color: #000000;
 }
+
 input:focus, textarea:focus {
 	color: #000000;
 }
@@ -538,6 +604,7 @@ fieldset.submit-buttons {
 	padding: 4px;
 	margin-top: -1px;
 }
+
 fieldset.submit-buttons input {
 	padding: 3px 2px;
 }
@@ -557,11 +624,13 @@ fieldset.submit-buttons input {
 	cursor: text;
 	width: 75%;
 }
+
 select.inputbox {
 	cursor: pointer;
 	padding: 0;
 	width: auto;
 }
+
 .inputbox:hover {
 	border-left: 1px solid #AFAEAA;
 	border-top: 1px solid #AFAEAA;
@@ -569,6 +638,7 @@ select.inputbox {
 	border-bottom: 1px solid #AFAEAA;
 	background-color: #E9E9E2;
 }
+
 .inputbox:focus {
 	border: 1px solid #BC2A4D;
 	background-color: #E9E9E2;
@@ -579,6 +649,7 @@ input.full,
 textarea.full {
 	width: 99%;
 }
+
 * html input.full, * html textarea.full { width: 95%; }
 input.medium { width: 50%; }
 input.narrow { width: 25%; }
@@ -597,10 +668,12 @@ input.autowidth { width: auto !important; }
 	font-size: 1em;
 	padding-bottom: 2px;
 }
+
 .pagination strong,
 .pagination b {
 	font-weight: normal;
 }
+
 .pagination span strong {
 	padding: 0 2px;
 	margin: 0 2px;
@@ -609,6 +682,7 @@ input.autowidth { width: auto !important; }
 	background: #069;
 	border: 1px solid #069;
 }
+
 .pagination span a, .pagination span a:link, .pagination span a:visited, .pagination span a:active {
 	font-weight: normal;
 	text-decoration: none;
@@ -618,12 +692,14 @@ input.autowidth { width: auto !important; }
 	background: #ECEDEE;
 	border: 1px solid #B4BAC0;
 }
+
 .pagination span a:hover {
 	border-color: #069;
 	background: #069;
 	color: #FFF;
 	text-decoration: none;
 }
+
 .pagination img {
 	vertical-align: middle;
 }
@@ -640,10 +716,12 @@ a.button2, input.button2  {
 	background-color: #EFEFEF;
 	cursor: pointer;
 }
+
 a.button1, input.button1 {
 	font-weight: bold;
 	border: 1px solid #666666; 
 }
+
 a.button2, input.button2 {
 	border: 1px solid #666666;
 }
@@ -824,30 +902,37 @@ table.pmask td.name {
 .success {
 	color: #282 !important;
 }
+
 .error {
 	color: #BC2A4D !important;
 }
+
 .successbox, .errorbox {
 	padding: 10px;
 	margin: 20px 0;
 	color: #1F5B13;
 	text-align: center;
 }
+
 .successbox {
 	background-color: #B9DBB3;
 }
+
 .errorbox {
 	background-color: #ECECEC;
 }
+
 .successbox h3, .errorbox h3 {
 	font-weight: bold;
 	font-size: 1.4em;
 	margin-bottom: 0.5em;
 }
+
 .successbox p, .errorbox p {
 	font-size: 1.1em;
 	margin-bottom: 0;
 }
+
 .successbox a, .errorbox a {
 	font-weight: bold;
 	text-decoration: none;
@@ -859,12 +944,15 @@ table.pmask td.name {
 	font-weight: bold;
 	line-height: 6em;
 }
+
 #errorpage #content {
 	padding-top: 10px;
 }
+
 #errorpage #content h1 {
 	color: #DF075C;
 }
+
 #errorpage #content h2 {
 	margin-top: 20px;
 	margin-bottom: 5px;
@@ -897,6 +985,7 @@ table.pmask td.name {
 #format-buttons {
 	margin: 15px 0 2px 0;
 }
+
 #format-buttons input, #format-buttons select {
 	vertical-align: middle;
 }
@@ -910,6 +999,7 @@ table.pmask td.name {
 	clear: both; 
 	visibility: hidden;
 }
+
 /* Hide from Mac IE, Windows IE uses this as it doesn't support the :after method above \*/
 .clearfix, #tabs, .row, #content, fieldset dl, #page-body {
 	height: 1%;
@@ -927,27 +1017,34 @@ table.pmask td.name {
 	text-align: right;
 	padding: 0px;
 }
+
 .source {
 	font-family: 'Courier New', monospace;
 	font-size: 125%;
 	line-height: 120%;
 	padding: 0px;
 }
+
 .syntaxbg {
 	color: #FFFFFF;
 }
+
 .syntaxcomment {
 	color: #FF8000;
 }
+
 .syntaxdefault {
 	color: #0000BB;
 }
+
 .syntaxhtml {
 	color: #000000;
 }
+
 .syntaxkeyword {
 	color: #007700;
 }
+
 .syntaxstring {
 	color: #DD0000;
 }

phpBB/adm/style/editor.js

@@ -1,5 +1,7 @@
-// bbCode control by subBlue design [ www.subBlue.com ]
+/**
-// Includes unixsafe colour palette selector by SHS`
+* bbCode control by subBlue design [ www.subBlue.com ]
+* Includes unixsafe colour palette selector by SHS`
+*/
 
 // Startup variables
 var imageTag = false;
@@ -10,130 +12,101 @@ var theSelection = false;
 var clientPC = navigator.userAgent.toLowerCase(); // Get client info
 var clientVer = parseInt(navigator.appVersion); // Get browser version
 
-var is_ie = ((clientPC.indexOf("msie") != -1) && (clientPC.indexOf("opera") == -1));
+var is_ie = ((clientPC.indexOf('msie') != -1) && (clientPC.indexOf('opera') == -1));
-var is_nav = ((clientPC.indexOf('mozilla')!=-1) && (clientPC.indexOf('spoofer')==-1)
+var is_nav = ((clientPC.indexOf('mozilla') != -1) && (clientPC.indexOf('spoofer') == -1) && (clientPC.indexOf('compatible') == -1) && (clientPC.indexOf('opera') == -1) && (clientPC.indexOf('webtv') == -1) && (clientPC.indexOf('hotjava') == -1));
-                && (clientPC.indexOf('compatible') == -1) && (clientPC.indexOf('opera')==-1)
-                && (clientPC.indexOf('webtv')==-1) && (clientPC.indexOf('hotjava')==-1));
 
-var is_win = ((clientPC.indexOf("win")!=-1) || (clientPC.indexOf("16bit") != -1));
+var is_win = ((clientPC.indexOf('win') != -1) || (clientPC.indexOf('16bit') != -1));
-var is_mac = (clientPC.indexOf("mac")!=-1);
+var is_mac = (clientPC.indexOf('mac') != -1);
 
-// Shows the help messages in the helpline window
+/**
-function helpline(help) {
+* Shows the help messages in the helpline window
-	document.forms[form_name].helpbox.value = eval(help + "_help");
+*/
+function helpline(help)
+{
+	document.forms[form_name].helpbox.value = eval(help + '_help');
 }
 
-// Replacement for arrayname.length property
+/**
-function getarraysize(thearray) {
+* Replacement for arrayname.length property
-	for (i = 0; i < thearray.length; i++) {
+*/
-		if ((thearray[i] == "undefined") || (thearray[i] == "") || (thearray[i] == null))
+function getarraysize(thearray)
+{
+	for (i = 0; i < thearray.length; i++)
+	{
+		if (thearray[i] == 'undefined' || thearray[i] == '' || thearray[i] == null)
+		{
 			return i;
 		}
+	}
+
 	return thearray.length;
 }
 
-// Replacement for arrayname.push(value) not implemented in IE until version 5.5
+/**
-// Appends element to the array
+* Replacement for arrayname.push(value) not implemented in IE until version 5.5
-function arraypush(thearray,value) {
+* Appends element to the array
+*/
+function arraypush(thearray,value)
+{
 	thearray[getarraysize(thearray)] = value;
 }
 
-// Replacement for arrayname.pop() not implemented in IE until version 5.5
+/**
-// Removes and returns the last element of an array
+* Replacement for arrayname.pop() not implemented in IE until version 5.5
-function arraypop(thearray) {
+* Removes and returns the last element of an array
+*/
+function arraypop(thearray)
+{
 	thearraysize = getarraysize(thearray);
 	retval = thearray[thearraysize - 1];
 	delete thearray[thearraysize - 1];
+
 	return retval;
 }
 
-function smiley(text) {
+/**
-	text = ' ' + text + ' ';
+* Insert emoticon
-	if (document.forms[form_name].elements[text_name].createTextRange && document.forms[form_name].elements[text_name].caretPos) {
+*/
-		var caretPos = document.forms[form_name].elements[text_name].caretPos;
+function smiley(text) 
-
-		caretPos.text = caretPos.text.charAt(caretPos.text.length - 1) == ' ' ? caretPos.text + text + ' ' : caretPos.text + text;
-		document.forms[form_name].elements[text_name].focus();
-	} else {
-		var selStart = document.forms[form_name].elements[text_name].selectionStart;
-		var selEnd = document.forms[form_name].elements[text_name].selectionEnd;
-
-		mozWrap(document.forms[form_name].elements[text_name], text, '')
-		document.forms[form_name].elements[text_name].focus();
-		document.forms[form_name].elements[text_name].selectionStart = selStart + text.length;
-		document.forms[form_name].elements[text_name].selectionEnd = selEnd + text.length;
-	}
-}
-
-function bbfontstyle(bbopen, bbclose) {
-	if ((clientVer >= 4) && is_ie && is_win) {
-		theSelection = document.selection.createRange().text;
-		if (!theSelection) {
-			insert_text(bbopen + bbclose);
-			document.forms[form_name].elements[text_name].focus();
-			return;
-		}
-		document.selection.createRange().text = bbopen + theSelection + bbclose;
-		document.forms[form_name].elements[text_name].focus();
-		return;
-	} else {
-		insert_text(bbopen + bbclose);
-		document.forms[form_name].elements[text_name].focus();
-		return;
-	}
-	storeCaret(document.forms[form_name].elements[text_name]);
-}
-
-function insert_text(text) {
-	if (document.forms[form_name].elements[text_name].createTextRange && document.forms[form_name].elements[text_name].caretPos) {
-		var caretPos = document.forms[form_name].elements[text_name].caretPos;
-		caretPos.text = caretPos.text.charAt(caretPos.text.length - 1) == ' ' ? caretPos.text + text + ' ' : caretPos.text + text;
-	} else {
-		var selStart = document.forms[form_name].elements[text_name].selectionStart;
-		var selEnd = document.forms[form_name].elements[text_name].selectionEnd;
-
-		mozWrap(document.forms[form_name].elements[text_name], text, '')
-		document.forms[form_name].elements[text_name].selectionStart = selStart + text.length;
-		document.forms[form_name].elements[text_name].selectionEnd = selEnd + text.length;
-	}
-}
-
-function attach_inline() {
-	insert_text('[attachment=' + document.forms[form_name].elements['attachments'].value + ']' + document.forms[form_name].elements['attachments'].options[document.forms[form_name].elements['attachments'].selectedIndex].text + '[/attachment]');
-}
-
-function bbstyle(bbnumber) {
-
-	donotinsert = false;
-	theSelection = false;
-	bblast = 0;
-	document.forms[form_name].elements[text_name].focus();
-
-	if (bbnumber == -1) { // Close all open tags & default button names
-		while (bbcode[0]) {
-			butnumber = arraypop(bbcode) - 1;
-			document.forms[form_name].elements[text_name].value += bbtags[butnumber + 1];
-			buttext = eval('document.forms[form_name].addbbcode' + butnumber + '.value');
-			if (buttext != "[*]")
 {
-				eval('document.forms[form_name].addbbcode' + butnumber + '.value ="' + buttext.substr(0,(buttext.length - 1)) + '"');
+	text = ' ' + text + ' ';
-			}
+
-		}
+	if (document.forms[form_name].elements[text_name].createTextRange && document.forms[form_name].elements[text_name].caretPos)
-		document.forms[form_name].addbbcode10.value = "List";
+	{
-		bbtags[10] = "[list]";
+		var caretPos = document.forms[form_name].elements[text_name].caretPos;
-		document.forms[form_name].addbbcode12.value = "List=";
+
-		bbtags[12] = "[list=]";
+		caretPos.text = caretPos.text.charAt(caretPos.text.length - 1) == ' ' ? caretPos.text + text + ' ' : caretPos.text + text;
-		imageTag = false; // All tags are closed including image tags :D
 		document.forms[form_name].elements[text_name].focus();
-		return;
 	}
+	else
+	{
+		var selStart = document.forms[form_name].elements[text_name].selectionStart;
+		var selEnd = document.forms[form_name].elements[text_name].selectionEnd;
+
+		mozWrap(document.forms[form_name].elements[text_name], text, '')
+		document.forms[form_name].elements[text_name].focus();
+		document.forms[form_name].elements[text_name].selectionStart = selStart + text.length;
+		document.forms[form_name].elements[text_name].selectionEnd = selEnd + text.length;
+	}
+}
+
+/**
+* Apply bbcodes
+*/
+function bbfontstyle(bbopen, bbclose)
+{
+	theSelection = false;
+	document.forms[form_name].elements[text_name].focus();
 
 	if ((clientVer >= 4) && is_ie && is_win)
 	{
-		theSelection = document.selection.createRange().text; // Get text selection
+		// Get text selection
-		if (theSelection) {
+		theSelection = document.selection.createRange().text;
+
+		if (theSelection)
+		{
 			// Add tags around selection
-			document.selection.createRange().text = bbtags[bbnumber] + theSelection + bbtags[bbnumber+1];
+			document.selection.createRange().text = bbopen + theSelection + bbclose;
 			document.forms[form_name].elements[text_name].focus();
 			theSelection = '';
 			return;
@@ -141,64 +114,245 @@ function bbstyle(bbnumber) {
 	}
 	else if (document.forms[form_name].elements[text_name].selectionEnd && (document.forms[form_name].elements[text_name].selectionEnd - document.forms[form_name].elements[text_name].selectionStart > 0))
 	{
-		mozWrap(document.forms[form_name].elements[text_name], bbtags[bbnumber], bbtags[bbnumber+1]);
+		mozWrap(document.forms[form_name].elements[text_name], bbopen, bbclose);
+		document.forms[form_name].elements[text_name].focus();
+		theSelection = '';
+		return;
+	}
+
+	// Close image tag before adding
+	if (imageTag)
+	{
+		insert_text(bbtags[15]);
+
+		// Remove the close image tag from the list
+		lastValue = arraypop(bbcode) - 1;
+
+		// Return button back to normal state
+		document.forms[form_name].addbbcode14.value = 'Img';
+		imageTag = false;
+	}
+
+	// Open tag
+	insert_text(bbopen + bbclose);
+
+	document.forms[form_name].elements[text_name].focus();
+
+	storeCaret(document.forms[form_name].elements[text_name]);
+	return;
+}
+
+/**
+* Insert text at position
+*/
+function insert_text(text)
+{
+	if (document.forms[form_name].elements[text_name].createTextRange && document.forms[form_name].elements[text_name].caretPos)
+	{
+		var caretPos = document.forms[form_name].elements[text_name].caretPos;
+		caretPos.text = caretPos.text.charAt(caretPos.text.length - 1) == ' ' ? caretPos.text + text + ' ' : caretPos.text + text;
+	}
+	else if (document.forms[form_name].elements[text_name].selectionStart)
+	{
+		var selStart = document.forms[form_name].elements[text_name].selectionStart;
+		var selEnd = document.forms[form_name].elements[text_name].selectionEnd;
+
+		mozWrap(document.forms[form_name].elements[text_name], text, '')
+		document.forms[form_name].elements[text_name].selectionStart = selStart + text.length;
+		document.forms[form_name].elements[text_name].selectionEnd = selEnd + text.length;
+	}
+	else
+	{
+		document.forms[form_name].elements[text_name].value = document.forms[form_name].elements[text_name].value + text;
+	}
+}
+
+/**
+* Add inline attachment at position
+*/
+function attach_inline()
+{
+	insert_text('[attachment=' + document.forms[form_name].elements['attachments'].value + ']' + document.forms[form_name].elements['attachments'].options[document.forms[form_name].elements['attachments'].selectedIndex].text + '[/attachment]');
+	document.forms[form_name].elements[text_name].focus();
+}
+
+/**
+* Add quote text to message
+*/
+function addquote(post_id, username)
+{
+	var message_name = 'message_' + post_id;
+	var theSelection = '';
+	var divarea = false;
+
+	if (document.all)
+	{
+		eval('divarea = document.all.' + message_name + ';');
+	}
+	else
+	{
+		eval("divarea = document.getElementById('" + message_name + "');");
+	}
+
+	// Get text selection - not only the post content :(
+	if (window.getSelection)
+	{
+		theSelection = window.getSelection().toString();
+	}
+	else if (document.getSelection)
+	{
+		theSelection = document.getSelection();
+	}
+	else if (document.selection)
+	{
+		theSelection = document.selection.createRange().text;
+	}
+
+	if (theSelection == '')
+	{
+		if (document.all)
+		{
+			theSelection = divarea.innerText;
+		}
+		else if (divarea.textContent)
+		{
+			theSelection = divarea.textContent;
+		}
+		else if (divarea.firstChild.nodeValue)
+		{
+			theSelection = divarea.firstChild.nodeValue;
+		}
+	}
+
+	if (theSelection)
+	{
+		insert_text('[quote="' + username + '"]' + theSelection + '[/quote]');
+	}
+
+	return;
+}
+
+/**
+* bbstyle
+*/
+function bbstyle(bbnumber)
+{
+	donotinsert = false;
+	theSelection = false;
+	bblast = 0;
+	document.forms[form_name].elements[text_name].focus();
+
+	// Close all open tags & default button names
+	if (bbnumber == -1)
+	{
+		while (bbcode[0])
+		{
+			butnumber = arraypop(bbcode) - 1;
+			document.forms[form_name].elements[text_name].value += bbtags[butnumber + 1];
+			buttext = eval('document.forms[form_name].addbbcode' + butnumber + '.value');
+		
+			if (buttext != '[*]')
+			{
+				eval('document.forms[form_name].addbbcode' + butnumber + '.value ="' + buttext.substr(0,(buttext.length - 1)) + '"');
+			}
+		}
+
+		document.forms[form_name].addbbcode10.value = 'List';
+		bbtags[10] = '[list]';
+
+		document.forms[form_name].addbbcode12.value = 'List=';
+		bbtags[12] = '[list=]';
+		
+		// All tags are closed including image tags :D
+		imageTag = false;
+		document.forms[form_name].elements[text_name].focus();
+
+		return;
+	}
+
+	// [*] doesn't have an end tag
+	noEndTag = (bbtags[bbnumber] == '[*]')
+
+	if ((clientVer >= 4) && is_ie && is_win)
+	{
+		// Get text selection
+		theSelection = document.selection.createRange().text;
+
+		if (theSelection) 
+		{
+			// Add tags around selection
+			document.selection.createRange().text = bbtags[bbnumber] + theSelection + ((!noEndTag) ? bbtags[bbnumber+1] : '');
+			document.forms[form_name].elements[text_name].focus();
+			theSelection = '';
+			return;
+		}
+	}
+	else if (document.forms[form_name].elements[text_name].selectionEnd && (document.forms[form_name].elements[text_name].selectionEnd - document.forms[form_name].elements[text_name].selectionStart > 0))
+	{
+		mozWrap(document.forms[form_name].elements[text_name], bbtags[bbnumber], ((!noEndTag) ? bbtags[bbnumber+1] : ''));
 		document.forms[form_name].elements[text_name].focus();
 		theSelection = '';
 		return;
 	}
 
 	// Find last occurance of an open tag the same as the one just clicked
-	for (i = 0; i < bbcode.length; i++) {
+	for (i = 0; i < bbcode.length; i++)
-		if (bbcode[i] == bbnumber+1) {
+	{
+		if (bbcode[i] == bbnumber+1)
+		{
 			bblast = i;
 			donotinsert = true;
 		}
 	}
 
-	if ((bbnumber == 10) && (bbtags[10] != "[*]"))
+	if (bbnumber == 10 && bbtags[10] != '[*]')
 	{
 		if (donotinsert)
 		{
-			document.forms[form_name].addbbcode12.value = "List=";
+			document.forms[form_name].addbbcode12.value = 'List=';
 			tmp_help = o_help;
 			o_help = e_help;
 			e_help = tmp_help;
-			bbtags[12] = "[list=]";
+			bbtags[12] = '[list=]';
 		}
 		else
 		{
-			document.forms[form_name].addbbcode12.value = "[*]";
+			document.forms[form_name].addbbcode12.value = '[*]';
 			tmp_help = o_help;
 			o_help = e_help;
 			e_help = tmp_help;
-			bbtags[12] = "[*]";
+			bbtags[12] = '[*]';
 		}
 	}
 
-	if ((bbnumber == 12) && (bbtags[12] != "[*]"))
+	if (bbnumber == 12 && bbtags[12] != '[*]')
 	{
 		if (donotinsert)
 		{
-			document.forms[form_name].addbbcode10.value = "List";
+			document.forms[form_name].addbbcode10.value = 'List';
 			tmp_help = l_help;
 			l_help = e_help;
 			e_help = tmp_help;
-			bbtags[10] = "[list]";
+			bbtags[10] = '[list]';
 		}
 		else
 		{
-			document.forms[form_name].addbbcode10.value = "[*]";
+			document.forms[form_name].addbbcode10.value = '[*]';
 			tmp_help = l_help;
 			l_help = e_help;
 			e_help = tmp_help;
-			bbtags[10] = "[*]";
+			bbtags[10] = '[*]';
 		}
 	}
 
-	if (donotinsert) {		// Close all open tags up to the one just clicked & default button names
+	// Close all open tags up to the one just clicked & default button names
-		while (bbcode[bblast]) {
+	if (donotinsert)
+	{
+		while (bbcode[bblast])
+		{
 			butnumber = arraypop(bbcode) - 1;
-				if (bbtags[butnumber] != "[*]")
+
+			if (bbtags[butnumber] != '[*]')
 			{
 				insert_text(bbtags[butnumber + 1]);
 			}
@@ -206,8 +360,10 @@ function bbstyle(bbnumber) {
 			{
 				insert_text(bbtags[butnumber]);
 			}
+
 			buttext = eval('document.forms[form_name].addbbcode' + butnumber + '.value');
-				if (bbtags[butnumber] != "[*]")
+
+			if (bbtags[butnumber] != '[*]')
 			{
 				eval('document.forms[form_name].addbbcode' + butnumber + '.value ="' + buttext.substr(0,(buttext.length - 1)) + '"');
 			}
@@ -215,25 +371,39 @@ function bbstyle(bbnumber) {
 		}
 		document.forms[form_name].elements[text_name].focus();
 		return;
-	} else { // Open tags
+	}
+	else
+	{
+		// Open tags
 
-		if (imageTag && (bbnumber != 14)) {		// Close image tag before adding another
+		// Close image tag before adding another
+		if (imageTag && (bbnumber != 14))
+		{
 			insert_text(bbtags[15]);
 
-			lastValue = arraypop(bbcode) - 1;	// Remove the close image tag from the list
+			// Remove the close image tag from the list
-			document.forms[form_name].addbbcode14.value = "Img";	// Return button back to normal state
+			lastValue = arraypop(bbcode) - 1;
+
+			// Return button back to normal state
+			document.forms[form_name].addbbcode14.value = 'Img';
 			imageTag = false;
 		}
 
 		// Open tag
 		insert_text(bbtags[bbnumber]);
 
-		if ((bbnumber == 14) && (imageTag == false)) imageTag = 1; // Check to stop additional tags after an unclosed image tag
+		// Check to stop additional tags after an unclosed image tag
-		if (bbtags[bbnumber] != "[*]")
+		if (bbnumber == 14 && imageTag == false)
+		{
+			imageTag = 1; 
+		}
+
+		if (bbtags[bbnumber] != '[*]')
 		{
 			arraypush(bbcode, bbnumber + 1);
 			eval('document.forms[form_name].addbbcode'+bbnumber+'.value += "*"');
 		}
+
 		document.forms[form_name].elements[text_name].focus();
 		return;
 	}
@@ -241,62 +411,90 @@ function bbstyle(bbnumber) {
 	storeCaret(document.forms[form_name].elements[text_name]);
 }
 
-// From http://www.massless.org/mozedit/
+/**
+* From http://www.massless.org/mozedit/
+*/
 function mozWrap(txtarea, open, close)
 {
 	var selLength = txtarea.textLength;
 	var selStart = txtarea.selectionStart;
 	var selEnd = txtarea.selectionEnd;
+	var scrollTop = txtarea.scrollTop;
+
 	if (selEnd == 1 || selEnd == 2) 
+	{
 		selEnd = selLength;
+	}
 
 	var s1 = (txtarea.value).substring(0,selStart);
 	var s2 = (txtarea.value).substring(selStart, selEnd)
 	var s3 = (txtarea.value).substring(selEnd, selLength);
+
 	txtarea.value = s1 + open + s2 + close + s3;
+	txtarea.selectionStart = selEnd + open.length + close.length;
+	txtarea.selectionEnd = txtarea.selectionStart;
+	txtarea.focus();
+	txtarea.scrollTop = scrollTop;
+
 	return;
 }
 
-// Insert at Claret position. Code from
+/**
-// http://www.faqts.com/knowledge_base/view.phtml/aid/1052/fid/130
+* Insert at Claret position. Code from
-function storeCaret(textEl) {
+* http://www.faqts.com/knowledge_base/view.phtml/aid/1052/fid/130
-	if (textEl.createTextRange) { textEl.caretPos = document.selection.createRange().duplicate(); }
+*/
+function storeCaret(textEl)
+{
+	if (textEl.createTextRange)
+	{
+		textEl.caretPos = document.selection.createRange().duplicate();
+	}
 }
 
+/**
+* Color pallette
+*/
 function colorPalette(dir, width, height)
 {
 	var r = 0, g = 0, b = 0;
 	var numberList = new Array(6);
-	numberList[0] = "00";
+
-	numberList[1] = "40";
+	numberList[0] = '00';
-	numberList[2] = "80";
+	numberList[1] = '40';
-	numberList[3] = "BF";
+	numberList[2] = '80';
-	numberList[4] = "FF";
+	numberList[3] = 'BF';
-	document.writeln('<table class="type2">');
+	numberList[4] = 'FF';
+
+	document.writeln('<table cellspacing="1" cellpadding="0" border="0">');
+
 	for (r = 0; r < 5; r++)
 	{
 		if (dir == 'h')
 		{
 			document.writeln('<tr>');
 		}
+
 		for (g = 0; g < 5; g++)
 		{
 			if (dir == 'v')
 			{
 				document.writeln('<tr>');
 			}
+			
 			for (b = 0; b < 5; b++)
 			{
 				color = String(numberList[r]) + String(numberList[g]) + String(numberList[b]);
 				document.write('<td bgcolor="#' + color + '">');
-				document.write('<a href="javascript:bbfontstyle(\'[color=#' + color + ']\', \'[/color]\');" onmouseover="helpline(\'s\');"><img src="images/spacer.gif" width="' + width + '" height="' + height + '" alt="#' + color + '" title="#' + color + '" /></a>');
+				document.write('<a href="javascript:bbfontstyle(\'[color=#' + color + ']\', \'[/color]\');" onmouseover="helpline(\'s\');"><img src="images/spacer.gif" width="' + width + '" height="' + height + '" border="0" alt="#' + color + '" title="#' + color + '" /></a>');
 				document.writeln('</td>');
 			}
+
 			if (dir == 'v')
 			{
 				document.writeln('</tr>');
 			}
 		}
+
 		if (dir == 'h')
 		{
 			document.writeln('</tr>');

phpBB/adm/style/install_convert.html

@@ -95,6 +95,6 @@
 	</fieldset>
 <!-- ENDIF -->
 
-
 </form>
+
 <!-- INCLUDE install_footer.html -->

phpBB/adm/style/install_install.html

@@ -58,6 +58,7 @@
 		<legend>{L_DL_CONFIG}</legend>
 		<p>{L_DL_CONFIG_EXPLAIN}</p>
 	</fieldset>
+
 	<fieldset class="submit-buttons">
 		{S_HIDDEN}
 		<input class="button1" type="submit" id="dlconfig" name="dlconfig" value="{L_DL_DOWNLOAD}" />&nbsp;<input class="button1" type="submit" id="dldone" name="dldone" value="{L_DL_DONE}" />
@@ -72,4 +73,5 @@
 <!-- ENDIF -->
 
 </form>
+
 <!-- INCLUDE install_footer.html -->

phpBB/adm/style/install_main.html

@@ -2,4 +2,5 @@
 
 	<h2>{TITLE}</h2>
 	{BODY}
+
 <!-- INCLUDE install_footer.html -->

phpBB/adm/style/overall_footer.html

@@ -13,7 +13,7 @@
 		"phpBB" linked to www.phpbb.com. If you refuse to include even this then support on our
 		forums may be affected.
 	
-		The phpBB Group : 2004
+		The phpBB Group : 2006
 	// -->
 	
 	<div id="page-footer">

phpBB/adm/style/overall_header.html

@@ -17,7 +17,9 @@ var on_page = '{ON_PAGE}';
 var per_page = '{PER_PAGE}';
 var base_url = '{BASE_URL}';
 
-// Jump to page
+/**
+* Jump to page
+*/
 function jumpto()
 {
 	var page = prompt(jump_page, on_page);
@@ -28,8 +30,10 @@ function jumpto()
 	}
 }
 
-// Set display of page element
+/**
-// s[-1,0,1] = hide,toggle display,show
+* Set display of page element
+* s[-1,0,1] = hide,toggle display,show
+*/
 function dE(n, s, type)
 {
 	if (!type)
@@ -45,8 +49,10 @@ function dE(n, s, type)
 	e.style.display = (s == 1) ? type : 'none';
 }
 
-// Mark/unmark checkboxes
+/**
-// id = ID of parent container, name = name prefix, state = state [true/false]
+* Mark/unmark checkboxes
+* id = ID of parent container, name = name prefix, state = state [true/false]
+*/
 function marklist(id, name, state)
 {
 	var parent = document.getElementById(id);
@@ -71,6 +77,9 @@ function marklist(id, name, state)
 	}
 }
 
+/**
+* Open trace popup
+*/
 function trace(link)
 {
 	window.open(link, '_trace', 'height=515, resizable=yes, scrollbars=yes, width=680');
@@ -78,6 +87,9 @@ function trace(link)
 }
 
 <!-- IF S_INCLUDE_SWATCH -->
+	/**
+	* Color swatch
+	*/
 	function swatch()
 	{
 		window.open('{UA_SWATCH}', '_swatch', 'height=150, resizable=yes, scrollbars=no, width=636');

phpBB/adm/style/permission_mask.html

@@ -11,8 +11,10 @@
 		{S_ROLE_JS_ARRAY}
 	<!-- ENDIF -->
 
-	// Show/hide option panels
+	/**
-	// value = suffix for ID to show
+	* Show/hide option panels
+	* value = suffix for ID to show
+	*/
 	function swap_options(pmask, fmask, cat)
 	{
 		id = pmask + fmask + cat;
@@ -38,8 +40,10 @@
 		active_cat = cat;
 	}
 
-	// Mark all radio buttons in one panel
+	/**
-	// id = table ID container, s = status ['y'/'u'/'n']
+	* Mark all radio buttons in one panel
+	* id = table ID container, s = status ['y'/'u'/'n']
+	*/
 	function mark_options(id, s)
 	{
 		var t = document.getElementById(id);
@@ -60,8 +64,10 @@
 		}
 	}
 
-	// Mark one radio button in one panel
+	/**
-	// id = table ID container, field_name = the auth option, s = status ['y'/'u'/'n']
+	* Mark one radio button in one panel
+	* id = table ID container, field_name = the auth option, s = status ['y'/'u'/'n']
+	*/
 	function mark_one_option(id, field_name, s)
 	{
 		var t = document.getElementById(id);
@@ -82,7 +88,9 @@
 		}
 	}
 
-	// Reset role dropdown field to Select role... if an option gets changed
+	/**
+	* Reset role dropdown field to Select role... if an option gets changed
+	*/
 	function reset_role(id)
 	{
 		var t = document.getElementById(id);
@@ -95,7 +103,9 @@
 		t.options[0].selected = true;
 	}
 
-	// Load role and set options accordingly
+	/**
+	* Load role and set options accordingly
+	*/
 	function set_role_settings(role_id, target_id)
 	{
 		settings = role_options[role_id];

phpBB/adm/style/search_index_progress_bar.html

@@ -1,7 +1,10 @@
 <!-- INCLUDE simple_header.html -->
 
-<script language="javascript" type="text/javascript">
+<script type="text/javascript">
 <!--
+	/**
+	* Close previously opened popup
+	*/
 	function close_popup()
 	{
 		if (opener != null)
@@ -22,14 +25,13 @@
 //-->
 </script>
 
-
 <div class="successbox">
 	<h3>{L_PROGRESS}</h3>
 	<img src="images/progress_bar.gif" alt="{L_PROGRESS}" />
 	<p>{L_PROGRESS_EXPLAIN}</p>
 </div>
 
-<script language="javascript" type="text/javascript">
+<script type="text/javascript">
 <!--
 	close_popup();
 //-->

phpBB/adm/style/simple_footer.html

@@ -10,13 +10,13 @@
 	"phpBB" linked to www.phpbb.com. If you refuse to include even this then support on our
 	forums may be affected.
 
-	The phpBB Group : 2004
+	The phpBB Group : 2006
 // -->
 
 <div id="page-footer">
 
 	<!-- IF S_COPYRIGHT_HTML -->
-		<br />Powered by phpBB {VERSION} &copy; 2005 <a href="http://www.phpbb.com/">phpBB Group</a>
+		<br />Powered by phpBB {VERSION} &copy; 2006 <a href="http://www.phpbb.com/">phpBB Group</a>
 	<!-- ENDIF -->
 
 	<!-- IF DEBUG_OUTPUT -->

phpBB/adm/style/simple_header.html

@@ -17,7 +17,9 @@ var on_page = '{ON_PAGE}';
 var per_page = '{PER_PAGE}';
 var base_url = '{BASE_URL}';
 
-// Jump to page
+/**
+* Jump to page
+*/
 function jumpto()
 {
 	var page = prompt(jump_page, on_page);
@@ -28,8 +30,10 @@ function jumpto()
 	}
 }
 
-// Set display of page element
+/**
-// s[-1,0,1] = hide,toggle display,show
+* Set display of page element
+* s[-1,0,1] = hide,toggle display,show
+*/
 function dE(n, s, type)
 {
 	if (!type)
@@ -45,8 +49,10 @@ function dE(n, s, type)
 	e.style.display = (s == 1) ? type : 'none';
 }
 
-// Mark/unmark checkboxes
+/**
-// id = ID of parent container, name = name prefix, state = state [true/false]
+* Mark/unmark checkboxes
+* id = ID of parent container, name = name prefix, state = state [true/false]
+*/
 function marklist(id, name, state)
 {
 	var parent = document.getElementById(id);
@@ -67,6 +73,9 @@ function marklist(id, name, state)
 }
 
 <!-- IF S_INCLUDE_SWATCH -->
+	/**
+	* Color swatch
+	*/
 	function swatch()
 	{
 		window.open('{UA_SWATCH}', '_swatch', 'height=115, resizable=yes, scrollbars=no, width=636');

phpBB/adm/style/tooltip.js

@@ -60,6 +60,9 @@ function enable_tooltips_link(id, headline, sub_id)
 	tooltip_mode = 'link';
 }
 
+/**
+* Enable tooltip replacements for selects
+*/
 function enable_tooltips_select(id, headline, sub_id)
 {
 	var links, i, hold;
@@ -105,6 +108,9 @@ function enable_tooltips_select(id, headline, sub_id)
 	tooltip_mode = 'select';
 }
 
+/**
+* Prepare elements to replace
+*/
 function prepare(element)
 {
 	var tooltip, text, desc, title;
@@ -132,14 +138,25 @@ function prepare(element)
 	element.tooltip = tooltip;
 	element.onmouseover = show_tooltip;
 	element.onmouseout = hide_tooltip;
+
+	if (tooltip_mode == 'link')
+	{
+		element.onmousemove = locate;
+	}
 }
 
+/**
+* Show tooltip
+*/
 function show_tooltip(e)
 {
 	document.getElementById('_tooltip_container').appendChild(this.tooltip);
 	locate(this);
 }
 
+/**
+* Hide tooltip
+*/
 function hide_tooltip(e)
 {
 	var d = document.getElementById('_tooltip_container');
@@ -149,6 +166,9 @@ function hide_tooltip(e)
 	}
 }
 
+/**
+* Set opacity on tooltip element
+*/
 function set_opacity(element)
 {
 	element.style.filter = 'alpha(opacity:95)';
@@ -157,6 +177,9 @@ function set_opacity(element)
 	element.style.opacity = '0.95';
 }
 
+/**
+* Create new element
+*/
 function create_element(tag, c)
 {
 	var x = document.createElement(tag);
@@ -165,13 +188,42 @@ function create_element(tag, c)
 	return x;
 }
 
+/**
+* Correct positioning of tooltip container
+*/
 function locate(e)
 {
 	var posx = 0;
 	var posy = 0;
 
+	e = e.parentNode;
+
+	if (e.offsetParent)
+	{
+		for (var posx = 0, posy = 0; e.offsetParent; e = e.offsetParent)
+		{
+			posx += e.offsetLeft;
+			posy += e.offsetTop;
+		}
+	}
+	else
+	{
+		posx = e.offsetLeft;
+		posy = e.offsetTop;
+	}
+
 	if (tooltip_mode == 'link')
 	{
+		document.getElementById('_tooltip_container').style.top=(posy+20) + 'px';
+		document.getElementById('_tooltip_container').style.left=(posx-20) + 'px';
+	}
+	else
+	{
+		document.getElementById('_tooltip_container').style.top=(posy+30) + 'px';
+		document.getElementById('_tooltip_container').style.left=(posx-205) + 'px';
+	}
+
+/*
 	if (e == null)
 	{
 		e = window.event;
@@ -195,29 +247,5 @@ function locate(e)
 			posy = e.clientY+document.body.scrollTop;
 		}
 	}
-
+*/
-		document.getElementById('_tooltip_container').style.top=(posy+10) + 'px';
-		document.getElementById('_tooltip_container').style.left=(posx-20) + 'px';
-	}
-	else
-	{
-		e = e.parentNode;
-
-		if (e.offsetParent)
-		{
-			for (var posx = 0, posy = 0; e.offsetParent; e = e.offsetParent)
-			{
-				posx += e.offsetLeft;
-				posy += e.offsetTop;
-			}
-		}
-		else
-		{
-			posx = e.offsetLeft;
-			posy = e.offsetTop;
-		}
-
-		document.getElementById('_tooltip_container').style.top=(posy+30) + 'px';
-		document.getElementById('_tooltip_container').style.left=(posx-205) + 'px';
-	}
 }

phpBB/adm/style/viewsource.html

@@ -1,6 +1,6 @@
 <!-- INCLUDE simple_header.html -->
 
-<div class="panel" style="padding:10px">
+<div class="panel" style="padding: 10px;">
 
 	<h1>{FILENAME}</h1>
 
@@ -14,6 +14,7 @@
 	<!-- END source -->
 	</tbody>
 	</table>
+
 </div>
 
 <!-- INCLUDE simple_footer.html -->

phpBB/adm/swatch.php

@@ -3,7 +3,7 @@
 <head>
 <meta http-equiv="Content-Style-Type" content="text/css" />
 <meta http-equiv="imagetoolbar" content="no" />
-<title>phpBB3 Color Swatch</title>
+<title>Color Swatch</title>
 
 <style type="text/css">
 <!--

phpBB/common.php

@@ -54,8 +54,7 @@ function deregister_globals()
 		$_SESSION = array();
 	}
 
-	// Merge all into one extremely huge array; unset
+	// Merge all into one extremely huge array; unset this later
-	// this later
 	$input = array_merge(
 		array_keys($_GET),
 		array_keys($_POST),
@@ -111,7 +110,7 @@ require($phpbb_root_path . 'config.'.$phpEx);
 
 if (!defined('PHPBB_INSTALLED'))
 {
-	header('Location: install/index.'.$phpEx);
+	redirect($phpbb_root_path . 'install/index.' . $phpEx);
 	exit;
 }
 

phpBB/develop/add_permissions.php

@@ -78,7 +78,7 @@ $f_permissions = array(
 	'f_print'	=> array(1, 0),
 	'f_ignoreflood'	=> array(1, 0),
 	'f_postcount'	=> array(1, 0),
-	'f_moderate'=> array(1, 0),
+	'f_noapprove'=> array(1, 0),
 	'f_report'	=> array(1, 0),
 	'f_subscribe'	=> array(1, 0),
 );

phpBB/download.php

@@ -65,7 +65,7 @@ if (!$attachment['in_message'])
 	$row = $db->sql_fetchrow($result);
 	$db->sql_freeresult($result);
 
-	if ($auth->acl_gets('f_download', 'u_download', $row['forum_id']))
+	if ($auth->acl_get('u_download') && $auth->acl_get('f_download', $row['forum_id']))
 	{
 		if ($row['forum_password'])
 		{
@@ -138,7 +138,7 @@ if ($download_mode == PHYSICAL_LINK)
 		trigger_error($user->lang['PHYSICAL_DOWNLOAD_NOT_POSSIBLE']);
 	}
 
-	redirect($config['upload_path'] . '/' . $attachment['physical_filename']);
+	redirect($phpbb_root_path . $config['upload_path'] . '/' . $attachment['physical_filename']);
 	exit;
 }
 else
@@ -234,10 +234,10 @@ function send_file_to_browser($attachment, $upload_dir, $category)
 		// PHP track_errors setting On?
 		if (!empty($php_errormsg))
 		{
-			trigger_error('Unable to deliver file.<br />Error was: ' . $php_errormsg, E_USER_WARNING);
+			trigger_error('Unable to deliver file.<br />Error was: ' . $php_errormsg, E_USER_ERROR);
 		}
 
-		trigger_error('Unable to deliver file.', E_USER_WARNING);
+		trigger_error('Unable to deliver file.', E_USER_ERROR);
 	}
 
 	flush();
@@ -342,7 +342,6 @@ function download_allowed()
 				}
 			}
 		}
-
 		$db->sql_freeresult($result);
 	}
 	

phpBB/faq.php

@@ -38,76 +38,36 @@ switch ($mode)
 }
 
 // Pull the array data from the lang pack
-$j = 0;
+$help_blocks = array();
-$counter = 0;
-$counter_2 = 0;
-$help_block = array();
-$help_block_titles = array();
-
 foreach ($user->help as $help_ary)
 {
-	if ($help_ary[0] != '--')
+	if ($help_ary[0] == '--')
 	{
-		$help_block[$j][$counter]['id'] = $counter_2;
+		$template->assign_block_vars('faq_block', array(
-		$help_block[$j][$counter]['question'] = $help_ary[0];
+			'BLOCK_TITLE'		=> $help_ary[1])
-		$help_block[$j][$counter]['answer'] = $help_ary[1];
+		);
 
-		$counter++;
+		continue;
-		$counter_2++;
+	}
-	}
+
-	else
+	$template->assign_block_vars('faq_block.faq_row', array(
-	{
+		'FAQ_QUESTION'		=> $help_ary[0],
-		$j = ($counter != 0) ? $j + 1 : 0;
+		'FAQ_ANSWER'		=> $help_ary[1])
-
+	);
-		$help_block_titles[$j] = $help_ary[1];
-
-		$counter = 0;
-	}
 }
 
-//
 // Lets build a page ...
 $template->assign_vars(array(
 	'L_FAQ_TITLE'	=> $l_title,
 	'L_BACK_TO_TOP'	=> $user->lang['BACK_TO_TOP'])
 );
 
-for ($i = 0, $size = sizeof($help_block); $i < $size; $i++)
-{
-	if (sizeof($help_block[$i]))
-	{
-		$template->assign_block_vars('faq_block', array(
-			'BLOCK_TITLE' => $help_block_titles[$i])
-		);
-
-		$template->assign_block_vars('faq_block_link', array(
-			'BLOCK_TITLE' => $help_block_titles[$i])
-		);
-
-		for ($j = 0, $_size = sizeof($help_block[$i]); $j < $_size; $j++)
-		{
-			$template->assign_block_vars('faq_block.faq_row', array(
-				'FAQ_QUESTION' => $help_block[$i][$j]['question'],
-				'FAQ_ANSWER' => $help_block[$i][$j]['answer'],
-
-				'U_FAQ_ID' => 'f'.$help_block[$i][$j]['id'])
-			);
-
-			$template->assign_block_vars('faq_block_link.faq_row_link', array(
-				'FAQ_LINK' => $help_block[$i][$j]['question'],
-
-				'U_FAQ_LINK' => '#f' . $help_block[$i][$j]['id'])
-			);
-		}
-	}
-}
-
 page_header($l_title);
 
 $template->set_filenames(array(
 	'body' => 'faq_body.html')
 );
-make_jumpbox('viewforum.'.$phpEx);
+make_jumpbox(append_sid("{$phpbb_root_path}viewforum.$phpEx"));
 
 page_footer();
 

phpBB/includes/acp/acp_attachments.php

@@ -19,7 +19,7 @@ class acp_attachments
 	function main($id, $mode)
 	{
 		global $db, $user, $auth, $template, $cache;
-		global $config, $SID, $phpbb_admin_path, $phpbb_root_path, $phpEx;
+		global $config, $phpbb_admin_path, $phpbb_root_path, $phpEx;
 
 		$user->add_lang(array('posting', 'viewtopic', 'acp/attachments'));
 
@@ -684,7 +684,7 @@ class acp_attachments
 							'S_NO_IMAGE'				=> $no_image_select,
 							'S_FORUM_IDS'				=> (sizeof($forum_ids)) ? true : false,
 
-							'U_EXTENSIONS'		=> $phpbb_admin_path . "index.$phpEx$SID&i=$id&mode=extensions",
+							'U_EXTENSIONS'		=> append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&mode=extensions"),
 
 							'L_LEGEND'			=> $user->lang[strtoupper($action) . '_EXTENSION_GROUP'],
 							)
@@ -1108,7 +1108,7 @@ class acp_attachments
 			// Submit Attachment
 			$attach_sql = $message_parser->attachment_data;
 
-			$db->sql_transaction();
+			$db->sql_transaction('begin');
 
 			$sql = 'INSERT INTO ' . ATTACHMENTS_TABLE . ' ' . $db->sql_build_array('INSERT', $attach_sql);
 			$db->sql_query($sql);

phpBB/includes/acp/acp_ban.php

@@ -18,7 +18,7 @@ class acp_ban
 	function main($id, $mode)
 	{
 		global $config, $db, $user, $auth, $template, $cache;
-		global $SID, $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix;
+		global $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix;
 
 		include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
 
@@ -91,7 +91,7 @@ class acp_ban
 			'S_USERNAME_BAN'	=> ($mode == 'user') ? true : false,
 			
 			'U_ACTION'			=> $this->u_action,
-			'U_FIND_USER'		=> $phpbb_root_path . "memberlist.$phpEx$SID&mode=searchuser&form=acp_ban&field=ban",
+			'U_FIND_USER'		=> append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=acp_ban&field=ban'),
 			)
 		);
 	}

phpBB/includes/acp/acp_bbcodes.php

@@ -18,7 +18,7 @@ class acp_bbcodes
 	function main($id, $mode)
 	{
 		global $db, $user, $auth, $template, $cache;
-		global $config, $SID, $phpbb_root_path, $phpbb_admin_path, $phpEx;
+		global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx;
 
 		$user->add_lang('acp/posting');
 

phpBB/includes/acp/acp_board.php

@@ -20,7 +20,7 @@ class acp_board
 	function main($id, $mode)
 	{
 		global $db, $user, $auth, $template;
-		global $config, $SID, $phpbb_root_path, $phpbb_admin_path, $phpEx;
+		global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx;
 
 		$user->add_lang('acp/board');
 
@@ -61,6 +61,7 @@ class acp_board
 						'allow_forum_notify'	=> array('lang' => 'ALLOW_FORUM_NOTIFY',	'type' => 'radio:yes_no', 'explain' => false),
 						'allow_namechange'		=> array('lang' => 'ALLOW_NAME_CHANGE',		'type' => 'radio:yes_no', 'explain' => false),
 						'allow_attachments'		=> array('lang' => 'ALLOW_ATTACHMENTS',		'type' => 'radio:yes_no', 'explain' => false),
+						'allow_pm_attach'		=> array('lang' => 'ALLOW_PM_ATTACHMENTS',	'type' => 'radio:yes_no', 'explain' => false),
 						'allow_bbcode'			=> array('lang' => 'ALLOW_BBCODE',			'type' => 'radio:yes_no', 'explain' => false),
 						'allow_smilies'			=> array('lang' => 'ALLOW_SMILIES',			'type' => 'radio:yes_no', 'explain' => false),
 						'allow_sig'				=> array('lang' => 'ALLOW_SIG',				'type' => 'radio:yes_no', 'explain' => false),
@@ -112,9 +113,7 @@ class acp_board
 						'allow_pm_attach'		=> array('lang' => 'ALLOW_PM_ATTACHMENTS',	'type' => 'radio:yes_no', 'explain' => false),
 						'auth_download_pm'		=> array('lang' => 'ALLOW_DOWNLOAD_PM',		'type' => 'radio:yes_no', 'explain' => false),
 						'allow_sig_pm'			=> array('lang' => 'ALLOW_SIG_PM',			'type' => 'radio:yes_no', 'explain' => false),
-//						'auth_quote_pm'			=> array('lang' => 'ALLOW_QUOTE_PM',		'type' => 'radio:yes_no', 'explain' => false),
 						'print_pm'				=> array('lang' => 'ALLOW_PRINT_PM',		'type' => 'radio:yes_no', 'explain' => false),
-//						'email_pm'				=> array('lang' => 'ALLOW_EMAIL_PM',		'type' => 'radio:yes_no', 'explain' => false),
 						'forward_pm'			=> array('lang' => 'ALLOW_FORWARD_PM',		'type' => 'radio:yes_no', 'explain' => false),
 						'auth_img_pm'			=> array('lang' => 'ALLOW_IMG_PM',			'type' => 'radio:yes_no', 'explain' => false),
 						'auth_flash_pm'			=> array('lang' => 'ALLOW_FLASH_PM',		'type' => 'radio:yes_no', 'explain' => false),
@@ -263,6 +262,7 @@ class acp_board
 						'load_db_track'			=> array('lang' => 'YES_POST_MARKING',	'type' => 'radio:yes_no', 'explain' => true),
 						'load_db_lastread'		=> array('lang' => 'YES_READ_MARKING',	'type' => 'radio:yes_no', 'explain' => true),
 						'load_online'			=> array('lang' => 'YES_ONLINE',		'type' => 'radio:yes_no', 'explain' => true),
+						'load_online_guests'	=> array('lang' => 'YES_ONLINE_GUESTS',	'type' => 'radio:yes_no', 'explain' => true),
 						'load_onlinetrack'		=> array('lang' => 'YES_ONLINE_TRACK',	'type' => 'radio:yes_no', 'explain' => true),
 						'load_birthdays'		=> array('lang' => 'YES_BIRTHDAYS',		'type' => 'radio:yes_no', 'explain' => false),
 						'load_moderators'		=> array('lang' => 'YES_MODERATORS',	'type' => 'radio:yes_no', 'explain' => false),
@@ -323,6 +323,7 @@ class acp_board
 						'pass_complex'			=> array('lang' => 'PASSWORD_TYPE',		'type' => 'select', 'method' => 'select_password_chars', 'explain' => true),
 						'chg_passforce'			=> array('lang' => 'FORCE_PASS_CHANGE',	'type' => 'text:3:3', 'explain' => true),
 						'max_login_attempts'	=> array('lang' => 'MAX_LOGIN_ATTEMPTS','type' => 'text:3:3', 'explain' => true),
+						'tpl_allow_php'			=> array('lang' => 'TPL_ALLOW_PHP',		'type' => 'radio:yes_no', 'explain' => true),
 					)
 				);
 			break;
@@ -339,6 +340,7 @@ class acp_board
 						'board_contact'			=> array('lang' => 'CONTACT_EMAIL',			'type' => 'text:25:100', 'explain' => true),
 						'board_email'			=> array('lang' => 'ADMIN_EMAIL',			'type' => 'text:25:100', 'explain' => true),
 						'board_email_sig'		=> array('lang' => 'EMAIL_SIG',				'type' => 'textarea:5:30', 'explain' => true),
+						'board_hide_emails'		=> array('lang' => 'BOARD_HIDE_EMAILS',		'type' => 'radio:yes_no', 'explain' => true),
 
 						'legend2'				=> 'SMTP_SETTINGS',
 						'smtp_delivery'			=> array('lang' => 'USE_SMTP',				'type' => 'radio:yes_no', 'explain' => true),

phpBB/includes/acp/acp_bots.php

@@ -18,7 +18,7 @@ class acp_bots
 	function main($id, $mode)
 	{
 		global $config, $db, $user, $auth, $template, $cache;
-		global $SID, $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix;
+		global $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix;
 
 		$action = request_var('action', '');
 		$submit = (isset($_POST['submit'])) ? true : false;
@@ -86,7 +86,7 @@ class acp_bots
 					}
 					$db->sql_freeresult($result);
 
-					$db->sql_transaction();
+					$db->sql_transaction('begin');
 
 					$sql = 'DELETE FROM ' . BOTS_TABLE . " 
 						WHERE bot_id $sql_id";
@@ -142,7 +142,7 @@ class acp_bots
 
 					if (!sizeof($error))
 					{
-						$db->sql_transaction();
+						$db->sql_transaction('begin');
 
 						// New bot? Create a new user and group entry
 						if ($action == 'add')

phpBB/includes/acp/acp_database.php

@@ -18,7 +18,7 @@ class acp_database
 	function main($id, $mode)
 	{
 		global $db, $user, $auth, $template, $table_prefix;
-		global $config, $SID, $phpbb_root_path, $phpbb_admin_path, $phpEx;
+		global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx;
 		
 		$user->add_lang('acp/database');
 

phpBB/includes/acp/acp_disallow.php

@@ -18,7 +18,7 @@ class acp_disallow
 	function main($id, $mode)
 	{
 		global $db, $user, $auth, $template, $cache;
-		global $config, $SID, $phpbb_root_path, $phpbb_admin_path, $phpEx;
+		global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx;
 
 		include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
 

phpBB/includes/acp/acp_email.php

@@ -18,7 +18,7 @@ class acp_email
 	function main($id, $mode)
 	{
 		global $config, $db, $user, $auth, $template, $cache;
-		global $SID, $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix;
+		global $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix;
 
 		$user->add_lang('acp/email');
 		$this->tpl_name = 'acp_email';
@@ -188,7 +188,7 @@ class acp_email
 				}
 				else
 				{
-					$message = sprintf($user->lang['EMAIL_SEND_ERROR'], '<a href="' . $phpbb_admin_path . "index.$phpEx$SID&amp;i=logs&amp;mode=critical" . '">', '</a>');
+					$message = sprintf($user->lang['EMAIL_SEND_ERROR'], '<a href="' . append_sid("{$phpbb_admin_path}index.$phpEx", 'i=logs&amp;mode=critical') . '">', '</a>');
 				}
 				trigger_error($message . adm_back_link($this->u_action));
 			}
@@ -215,7 +215,7 @@ class acp_email
 			'U_ACTION'				=> $this->u_action,
 			'S_GROUP_OPTIONS'		=> $select_list,
 			'USERNAMES'				=> $usernames,
-			'U_FIND_USERNAME'		=> $phpbb_root_path . "memberlist.$phpEx$SID&amp;mode=searchuser&amp;form=acp_email&amp;field=usernames",
+			'U_FIND_USERNAME'		=> append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&amp;form=acp_email&amp;field=usernames'),
 			'SUBJECT'				=> $subject,
 			'MESSAGE'				=> $message,
 			'S_PRIORITY_OPTIONS'	=> $s_priority_options)

phpBB/includes/acp/acp_forums.php

@@ -19,7 +19,7 @@ class acp_forums
 	function main($id, $mode)
 	{
 		global $db, $user, $auth, $template, $cache;
-		global $config, $phpbb_admin_path, $phpbb_root_path, $phpEx, $SID;
+		global $config, $phpbb_admin_path, $phpbb_root_path, $phpEx;
 
 		$user->add_lang('acp/forums');
 		$this->tpl_name = 'acp_forums';
@@ -148,7 +148,6 @@ class acp_forums
 							// Prior to MySQL 4.0.14, the target table of the INSERT statement cannot appear in the FROM clause of the SELECT part of the query. This limitation is lifted in 4.0.14.
 							// Due to this we stay on the safe side if we do the insertion "the manual way"
 
-
 							// Copy permisisons from/to the acl users table (only forum_id gets changed)
 							$sql = 'SELECT user_id, auth_option_id, auth_role_id, auth_setting
 								FROM ' . ACL_USERS_TABLE . '
@@ -225,12 +224,12 @@ class acp_forums
 
 						// Redirect to permissions
 						$message = ($action == 'add') ? $user->lang['FORUM_CREATED'] : $user->lang['FORUM_UPDATED'];
-						$message .= '<br /><br />' . sprintf($user->lang['REDIRECT_ACL'], '<a href="' . $phpbb_admin_path . "index.$phpEx$SID&amp;i=permissions" . $acl_url . '">', '</a>');
+						$message .= '<br /><br />' . sprintf($user->lang['REDIRECT_ACL'], '<a href="' . append_sid("{$phpbb_admin_path}index.$phpEx", 'i=permissions' . $acl_url) . '">', '</a>');
 
 						// redirect directly to permission settings screen
 						if ($action == 'add' && !$forum_perm_from)
 						{
-							meta_refresh(4, $phpbb_admin_path . "index.$phpEx$SID&amp;i=permissions" . $acl_url);
+							meta_refresh(4, append_sid("{$phpbb_admin_path}index.$phpEx", 'i=permissions' . $acl_url));
 						}
 
 						trigger_error($message . adm_back_link($this->u_action . '&amp;parent_id=' . $this->parent_id));
@@ -706,12 +705,13 @@ class acp_forums
 
 						default:
 							$folder_image = ($row['left_id'] + 1 != $row['right_id']) ? '<img src="images/icon_subfolder.gif" width="46" height="25" alt="' . $user->lang['SUBFORUM'] . '" />' : '<img src="images/icon_folder.gif" width="46" height="25" alt="' . $user->lang['FOLDER'] . '" />';
+						break;
 					}
 				}
 
 				$url = $this->u_action . "&amp;parent_id=$this->parent_id&amp;f={$row['forum_id']}";
 
-				$forum_title = ($forum_type != FORUM_LINK) ? "<a href=\"admin_forums.$phpEx$SID&amp;parent_id=" . $row['forum_id'] . '">' : '';
+				$forum_title = ($forum_type != FORUM_LINK) ? '<a href="' . $this->u_action . '&amp;parent_id=' . $row['forum_id'] . '">' : '';
 				$forum_title .= $row['forum_name'];
 				$forum_title .= ($forum_type != FORUM_LINK) ? '</a>' : '';
 
@@ -730,8 +730,7 @@ class acp_forums
 					'U_MOVE_DOWN'		=> $url . '&amp;action=move_down',
 					'U_EDIT'			=> $url . '&amp;action=edit',
 					'U_DELETE'			=> $url . '&amp;action=delete',
-					'U_SYNC'			=> $url . '&amp;action=sync',
+					'U_SYNC'			=> $url . '&amp;action=sync')
-					)
 				);
 			}
 			while ($row = $db->sql_fetchrow($result));
@@ -759,7 +758,6 @@ class acp_forums
 			'U_SEL_ACTION'	=> $this->u_action,
 			'U_ACTION'		=> $this->u_action . '&amp;parent_id=' . $this->parent_id)
 		);
-
 	}
 
 	/**
@@ -778,7 +776,7 @@ class acp_forums
 
 		if (!$row)
 		{
-			trigger_error("Forum #$forum_id does not exist");
+			trigger_error("Forum #$forum_id does not exist", E_USER_ERROR);
 		}
 
 		return $row;
@@ -853,12 +851,13 @@ class acp_forums
 					FROM ' . FORUMS_TABLE . '
 					WHERE forum_id = ' . $forum_data['parent_id'];
 				$result = $db->sql_query($sql);
+				$row = $db->sql_fetchrow($result);
+				$db->sql_freeresult($result);
 
-				if (!$row = $db->sql_fetchrow($result))
+				if (!$row)
 				{
 					trigger_error($user->lang['PARENT_NOT_EXIST'] . adm_back_link($this->u_action . '&amp;' . $this->parent_id));
 				}
-				$db->sql_freeresult($result);
 
 				$sql = 'UPDATE ' . FORUMS_TABLE . '
 					SET left_id = left_id + 2, right_id = right_id + 2
@@ -878,7 +877,6 @@ class acp_forums
 				$sql = 'SELECT MAX(right_id) AS right_id
 					FROM ' . FORUMS_TABLE;
 				$result = $db->sql_query($sql);
-
 				$row = $db->sql_fetchrow($result);
 				$db->sql_freeresult($result);
 
@@ -1036,7 +1034,6 @@ class acp_forums
 				FROM ' . FORUMS_TABLE . '
 				WHERE forum_id NOT IN (' . implode(', ', $moved_ids) . ')';
 			$result = $db->sql_query($sql);
-
 			$row = $db->sql_fetchrow($result);
 			$db->sql_freeresult($result);
 
@@ -1078,8 +1075,7 @@ class acp_forums
 
 		if ($sync)
 		{
-			// Delete ghost topics that link back to the same forum
+			// Delete ghost topics that link back to the same forum then resync counters
-			// then resync counters
 			sync('topic_moved');
 			sync('forum', 'forum_id', $to_id);
 		}
@@ -1118,16 +1114,17 @@ class acp_forums
 					FROM ' . FORUMS_TABLE . '
 					WHERE forum_id = ' . $posts_to_id;
 				$result = $db->sql_query($sql);
+				$row = $db->sql_fetchrow($result);
+				$db->sql_freeresult($result);
 
-				if (!$row = $db->sql_fetchrow($result))
+				if (!$row)
 				{
 					$errors[] = $user->lang['NO_FORUM'];
 				}
 				else
 				{
 					$posts_to_name = $row['forum_name'];
-
+					$errors = array_merge($errors, $this->move_forum_content($forum_id, $posts_to_id));
-					$errors = array_merge($errors, $this->move_forum_content($forum_id, $subforums_to_id));
 				}
 			}
 		}
@@ -1175,8 +1172,10 @@ class acp_forums
 					FROM ' . FORUMS_TABLE . '
 					WHERE forum_id = ' . $subforums_to_id;
 				$result = $db->sql_query($sql);
+				$row = $db->sql_fetchrow($result);
+				$db->sql_freeresult($result);
 
-				if (!$row = $db->sql_fetchrow($result))
+				if (!$row)
 				{
 					$errors[] = $user->lang['NO_FORUM'];
 				}
@@ -1238,12 +1237,16 @@ class acp_forums
 
 		// Delete forum ids from extension groups table
 		$sql = 'SELECT group_id, allowed_forums 
-			FROM ' . EXTENSION_GROUPS_TABLE . "
+			FROM ' . EXTENSION_GROUPS_TABLE;
-			WHERE allowed_forums <> ''";
 		$result = $db->sql_query($sql);
 
 		while ($row = $db->sql_fetchrow($result))
 		{
+			if (!$row['allowed_forums'])
+			{
+				continue;
+			}
+
 			$allowed_forums = unserialize(trim($row['allowed_forums']));
 			$allowed_forums = array_diff($allowed_forums, $forum_ids);
 
@@ -1252,6 +1255,8 @@ class acp_forums
 				WHERE group_id = {$row['group_id']}";
 			$db->sql_query($sql);
 		}
+		$db->sql_freeresult($result);
+
 		$cache->destroy('_extensions');
 
 		$log_action = implode('_', array($log_action_posts, $log_action_forums));

phpBB/includes/acp/acp_groups.php

@@ -18,7 +18,7 @@ class acp_groups
 	function main($id, $mode)
 	{
 		global $config, $db, $user, $auth, $template, $cache;
-		global $SID, $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix, $file_uploads;
+		global $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix, $file_uploads;
 
 		$user->add_lang('acp/groups');
 		$this->tpl_name = 'acp_groups';
@@ -473,7 +473,7 @@ class acp_groups
 				switch ($back_link)
 				{
 					case 'acp_users_groups':
-						$u_back = $phpbb_admin_path . "index.$phpEx$SID&i=users&mode=groups&u=" . request_var('u', 0);
+						$u_back = append_sid("{$phpbb_admin_path}index.$phpEx", 'i=users&mode=groups&u=' . request_var('u', 0));
 					break;
 
 					default:
@@ -523,8 +523,8 @@ class acp_groups
 					'GROUP_HIDDEN'		=> $type_hidden,
 
 					'U_BACK'			=> $u_back,
-					'U_SWATCH'			=> "{$phpbb_admin_path}swatch.$phpEx$SID&form=settings&name=group_colour",
+					'U_SWATCH'			=> append_sid("{$phpbb_admin_path}swatch.$phpEx", 'form=settings&name=group_colour'),
-					'UA_SWATCH'			=> "{$phpbb_admin_path}swatch.$phpEx$SID&form=settings&name=group_colour",
+					'UA_SWATCH'			=> append_sid("{$phpbb_admin_path}swatch.$phpEx", 'form=settings&name=group_colour', false),
 					'U_ACTION'			=> "{$this->u_action}&action=$action&g=$group_id",
 					'L_AVATAR_EXPLAIN'	=> sprintf($user->lang['AVATAR_EXPLAIN'], $config['avatar_max_width'], $config['avatar_max_height'], round($config['avatar_filesize'] / 1024)),
 					)
@@ -607,13 +607,13 @@ class acp_groups
 
 					'U_ACTION'			=> $this->u_action . "&g=$group_id",
 					'U_BACK'			=> $this->u_action,
-					'U_FIND_USERNAME'	=> $phpbb_root_path . "memberlist.$phpEx$SID&mode=searchuser&form=list&field=usernames")
+					'U_FIND_USERNAME'	=> append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=list&field=usernames'))
 				);
 
 				foreach ($group_data['leader'] as $row)
 				{
 					$template->assign_block_vars('leader', array(
-						'U_USER_EDIT'		=> $phpbb_admin_path . "index.$phpEx$SID&i=users&action=edit&u={$row['user_id']}",
+						'U_USER_EDIT'		=> append_sid("{$phpbb_admin_path}index.$phpEx", "i=users&action=edit&u={$row['user_id']}"),
 
 						'USERNAME'			=> $row['username'],
 						'S_GROUP_DEFAULT'	=> ($row['group_id'] == $group_id) ? true : false,
@@ -637,7 +637,7 @@ class acp_groups
 					}
 
 					$template->assign_block_vars('member', array(
-						'U_USER_EDIT'		=> $phpbb_admin_path . "index.$phpEx$SID&i=users&action=edit&u={$row['user_id']}",
+						'U_USER_EDIT'		=> append_sid("{$phpbb_admin_path}index.$phpEx", "i=users&action=edit&u={$row['user_id']}"),
 
 						'USERNAME'			=> $row['username'],
 						'S_GROUP_DEFAULT'	=> ($row['group_id'] == $group_id) ? true : false,

phpBB/includes/acp/acp_icons.php

@@ -19,7 +19,7 @@ class acp_icons
 	function main($id, $mode)
 	{
 		global $db, $user, $auth, $template, $cache;
-		global $config, $SID, $phpbb_root_path, $phpbb_admin_path, $phpEx;
+		global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx;
 
 		$user->add_lang('acp/posting');
 
@@ -374,6 +374,7 @@ class acp_icons
 								trigger_error($user->lang['WRONG_PAK_TYPE'] . adm_back_link($this->u_action));
 							}
 
+							// Stripslash here because it got addslashed before... (on export)
 							$img = stripslashes($data[1][0]);
 							$width = stripslashes($data[1][1]);
 							$height = stripslashes($data[1][2]);

phpBB/includes/acp/acp_jabber.php

@@ -19,7 +19,7 @@ class acp_jabber
 	function main($id, $mode)
 	{
 		global $db, $user, $auth, $template;
-		global $config, $SID, $phpbb_root_path, $phpbb_admin_path, $phpEx;
+		global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx;
 
 		$user->add_lang('acp/board');
 

phpBB/includes/acp/acp_language.php

@@ -24,7 +24,7 @@ class acp_language
 	function main($id, $mode)
 	{
 		global $config, $db, $user, $auth, $template, $cache;
-		global $SID, $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix;
+		global $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix;
 		global $safe_mode, $file_uploads;
 
 		include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx);
@@ -702,9 +702,9 @@ class acp_language
 
 				$lang_pack = array(
 					'iso'		=> $lang_iso,
-					'name'		=> trim(htmlspecialchars(stripslashes($file[0]))),
+					'name'		=> trim(htmlspecialchars($file[0])),
-					'local_name'=> trim(htmlspecialchars(stripslashes($file[1]))),
+					'local_name'=> trim(htmlspecialchars($file[1])),
-					'author'	=> trim(htmlspecialchars(stripslashes($file[2])))
+					'author'	=> trim(htmlspecialchars($file[2]))
 				);
 				unset($file);
 

phpBB/includes/acp/acp_logs.php

@@ -18,7 +18,7 @@ class acp_logs
 	function main($id, $mode)
 	{
 		global $db, $user, $auth, $template, $cache;
-		global $config, $SID, $phpbb_root_path, $phpbb_admin_path, $phpEx;
+		global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx;
 
 		$user->add_lang('mcp');
 

phpBB/includes/acp/acp_main.php

@@ -18,7 +18,7 @@ class acp_main
 	function main($id, $mode)
 	{
 		global $config, $db, $user, $auth, $template;
-		global $SID, $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix;
+		global $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix;
 
 		$action = request_var('action', '');
 		$mark	= (isset($_REQUEST['mark'])) ? implode(', ', request_var('mark', array(0))) : '';
@@ -49,7 +49,7 @@ class acp_main
 
 					if ($action == 'activate')
 					{
-						include($phpbb_root_path . 'includes/functions_user.php');
+						include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx);
 						$mark_ary = explode(', ', $mark);
 
 						foreach ($mark_ary as $user_id)
@@ -424,7 +424,7 @@ class acp_main
 			'UPLOAD_DIR_SIZE'	=> $upload_dir_size,
 			'GZIP_COMPRESSION'	=> ($config['gzip_compress']) ? $user->lang['ON'] : $user->lang['OFF'],
 
-			'U_ACTION'			=> "{$phpbb_admin_path}index.$phpEx$SID",
+			'U_ACTION'			=> append_sid("{$phpbb_admin_path}index.$phpEx"),
 
 			'S_ACTION_OPTIONS'	=> ($auth->acl_get('a_board')) ? $s_action_options : '',
 			)
@@ -462,7 +462,7 @@ class acp_main
 					'DATE'			=> $user->format_date($row['user_regdate']),
 					'USER_ID'		=> $row['user_id'],
 					'USERNAME'		=> $row['username'],
-					'U_USER_ADMIN'	=> "{$phpbb_admin_path}index.$phpEx$SID&i=users&mode=overview&u={$row['user_id']}")
+					'U_USER_ADMIN'	=> append_sid("{$phpbb_admin_path}index.$phpEx", "i=users&mode=overview&u={$row['user_id']}"))
 				);
 			}
 

phpBB/includes/acp/acp_modules.php

@@ -29,7 +29,7 @@ class acp_modules
 	function main($id, $mode)
 	{
 		global $db, $user, $auth, $template;
-		global $config, $phpbb_admin_path, $phpbb_root_path, $phpEx, $SID;
+		global $config, $phpbb_admin_path, $phpbb_root_path, $phpEx;
 
 		// Set a global define for modules we might include (the author is able to prevent executing of code with this)
 		define('MODULE_INCLUDE', true);

phpBB/includes/acp/acp_permission_roles.php

@@ -18,7 +18,7 @@ class acp_permission_roles
 	function main($id, $mode)
 	{
 		global $db, $user, $auth, $template, $cache;
-		global $config, $SID, $phpbb_root_path, $phpbb_admin_path, $phpEx;
+		global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx;
 
 		include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx);
 		include_once($phpbb_root_path . 'includes/acp/auth.' . $phpEx);

phpBB/includes/acp/acp_permissions.php

@@ -19,7 +19,7 @@ class acp_permissions
 	function main($id, $mode)
 	{
 		global $db, $user, $auth, $template, $cache;
-		global $config, $SID, $phpbb_root_path, $phpbb_admin_path, $phpEx;
+		global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx;
 
 		include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx);
 		include_once($phpbb_root_path . 'includes/acp/auth.' . $phpEx);
@@ -304,7 +304,7 @@ class acp_permissions
 
 					$template->assign_vars(array(
 						'S_SELECT_USER'			=> true,
-						'U_FIND_USERNAME'		=> $phpbb_root_path . "memberlist.$phpEx$SID&mode=searchuser&form=select_victim&field=username")
+						'U_FIND_USERNAME'		=> append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=select_victim&field=username'))
 					);
 
 				break;
@@ -435,7 +435,7 @@ class acp_permissions
 						'S_DEFINED_USER_OPTIONS'	=> $s_defined_user_options,
 						'S_DEFINED_GROUP_OPTIONS'	=> $s_defined_group_options,
 						'S_ADD_GROUP_OPTIONS'		=> group_select_options(false, $defined_group_ids),
-						'U_FIND_USERNAME'			=> $phpbb_root_path . "memberlist.$phpEx$SID&mode=searchuser&form=add_user&field=username")
+						'U_FIND_USERNAME'			=> append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=add_user&field=username'))
 					);
 
 				break;

phpBB/includes/acp/acp_php_info.php

@@ -18,7 +18,7 @@ class acp_php_info
 	function main($id, $mode)
 	{
 		global $db, $user, $auth, $template;
-		global $config, $SID, $phpbb_root_path, $phpbb_admin_path, $phpEx;
+		global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx;
 
 		if ($mode != 'info')
 		{

phpBB/includes/acp/acp_profile.php

@@ -18,7 +18,7 @@ class acp_profile
 	function main($id, $mode)
 	{
 		global $config, $db, $user, $auth, $template, $cache;
-		global $SID, $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix;
+		global $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix;
 
 		include($phpbb_root_path . 'includes/functions_posting.' . $phpEx);
 		include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
@@ -1386,7 +1386,7 @@ class acp_profile
 			}
 		}
 
-		$db->sql_transaction();
+		$db->sql_transaction('begin');
 
 		if ($action == 'create')
 		{

phpBB/includes/acp/acp_prune.php

@@ -17,7 +17,7 @@ class acp_prune
 
 	function main($id, $mode)
 	{
-		global $user, $phpEx, $SID, $phpbb_admin_path, $phpbb_root_path;
+		global $user, $phpEx, $phpbb_admin_path, $phpbb_root_path;
 
 		$user->add_lang('acp/prune');
 		include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx);
@@ -44,7 +44,7 @@ class acp_prune
 	function prune_forums($id, $mode)
 	{
 		global $db, $user, $auth, $template, $cache;
-		global $config, $SID, $phpbb_root_path, $phpbb_admin_path, $phpEx;
+		global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx;
 
 		$forum_id = request_var('f', array(0));
 		$submit = (isset($_POST['submit'])) ? true : false;
@@ -186,7 +186,7 @@ class acp_prune
 	function prune_users($id, $mode)
 	{
 		global $db, $user, $auth, $template, $cache;
-		global $config, $SID, $phpbb_root_path, $phpbb_admin_path, $phpEx;
+		global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx;
 
 		$user->add_lang('memberlist');
 
@@ -359,7 +359,7 @@ class acp_prune
 			'S_JOINED_OPTIONS'	=> $s_find_join_time,
 			'S_ACTIVE_OPTIONS'	=> $s_find_active_time,
 			'S_COUNT_OPTIONS'	=> $s_find_count,
-			'U_FIND_USER'		=> $phpbb_root_path . "memberlist.$phpEx$SID&mode=searchuser&form=acp_prune&field=users")
+			'U_FIND_USER'		=> append_sid($phpbb_root_path . "memberlist.$phpEx", 'mode=searchuser&form=acp_prune&field=users'))
 		);
 
 	}

phpBB/includes/acp/acp_ranks.php

@@ -18,7 +18,7 @@ class acp_ranks
 	function main($id, $mode)
 	{
 		global $db, $user, $auth, $template, $cache;
-		global $config, $SID, $phpbb_root_path, $phpbb_admin_path, $phpEx;
+		global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx;
 
 		$user->add_lang('acp/posting');
 

phpBB/includes/acp/acp_reasons.php

@@ -18,7 +18,7 @@ class acp_reasons
 	function main($id, $mode)
 	{
 		global $db, $user, $auth, $template, $cache;
-		global $config, $SID, $phpbb_root_path, $phpbb_admin_path, $phpEx;
+		global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx;
 
 		$user->add_lang(array('mcp', 'acp/posting'));
 

phpBB/includes/acp/acp_search.php

@@ -40,7 +40,7 @@ class acp_search
 	function settings($id, $mode)
 	{
 		global $db, $user, $auth, $template, $cache;
-		global $config, $SID, $phpbb_root_path, $phpbb_admin_path, $phpEx;
+		global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx;
 
 		$submit = (isset($_POST['submit'])) ? true : false;
 
@@ -148,7 +148,7 @@ class acp_search
 							{
 								add_log('admin', 'LOG_CONFIG_SEARCH');
 							}
-							$extra_message = '<br />' . $user->lang['SWITCHED_SEARCH_BACKEND'] . "<br /><a href=\"{$phpbb_admin_path}index.$phpEx$SID&amp;i=search&amp;mode=index\">&raquo; " . $user->lang['GO_TO_SEARCH_INDEX'] . '</a>';
+							$extra_message = '<br />' . $user->lang['SWITCHED_SEARCH_BACKEND'] . '<br /><a href="' . append_sid("{$phpbb_admin_path}index.$phpEx", 'i=search&amp;mode=index') . '">&raquo; ' . $user->lang['GO_TO_SEARCH_INDEX'] . '</a>';
 						}
 						else
 						{
@@ -197,7 +197,7 @@ class acp_search
 	function index($id, $mode)
 	{
 		global $db, $user, $auth, $template, $cache;
-		global $config, $SID, $phpbb_root_path, $phpbb_admin_path, $phpEx;
+		global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx;
 
 		if (isset($_REQUEST['action']) && is_array($_REQUEST['action']))
 		{
@@ -258,7 +258,7 @@ class acp_search
 				if (method_exists($this->search, 'delete_index'))
 				{
 					// pass a reference to myself so the $search object can make use of save_state() and attributes
-					if ($error = $this->search->delete_index($this, $phpbb_admin_path . "index.$phpEx$SID&i=$id&mode=$mode&action=delete"))
+					if ($error = $this->search->delete_index($this, append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&mode=$mode&action=delete", false)))
 					{
 						$this->state = array('');
 						$this->save_state();
@@ -293,7 +293,7 @@ class acp_search
 	
 					if ($post_counter <= $this->max_post_id)
 					{
-						redirect($phpbb_admin_path . "index.$phpEx$SID&i=$id&mode=$mode&action=delete", 3);
+						redirect($this->u_action . '&amp;action=delete', 3);
 					}
 				}
 	
@@ -309,7 +309,7 @@ class acp_search
 				if (method_exists($this->search, 'create_index'))
 				{
 					// pass a reference to myself so the $search object can make use of save_state() and attributes
-					if ($error = $this->search->create_index($this, $phpbb_admin_path . "index.$phpEx$SID&i=$id&mode=$mode&action=create"))
+					if ($error = $this->search->create_index($this, append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&mode=$mode&action=create", false)))
 					{
 						$this->state = array('');
 						$this->save_state();
@@ -337,7 +337,7 @@ class acp_search
 	
 					if ($post_counter <= $this->max_post_id)
 					{
-						redirect($phpbb_admin_path . "index.$phpEx$SID&i=$id&mode=$mode&action=create", 3);
+						redirect($this->u_action . '&amp;action=create', 3);
 					}
 				}
 	
@@ -415,15 +415,15 @@ class acp_search
 		$template->assign_vars(array(
 			'S_INDEX'				=> true,
 			'U_ACTION'				=> $this->u_action,
-			'U_PROGRESS_BAR'		=> $phpbb_admin_path . "index.$phpEx$SID&amp;i=$id&amp;mode=$mode&amp;action=progress_bar",
+			'U_PROGRESS_BAR'		=> append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&amp;mode=$mode&amp;action=progress_bar"),
-			'UA_PROGRESS_BAR'		=> $phpbb_admin_path . "index.$phpEx$SID&i=$id&mode=$mode&action=progress_bar")
+			'UA_PROGRESS_BAR'		=> append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&mode=$mode&action=progress_bar", false))
 		);
 
 		if (isset($this->state[1]))
 		{
 			$template->assign_vars(array(
 				'S_CONTINUE_INDEXING'	=> $this->state[1],
-				'U_CONTINUE_INDEXING'	=> $phpbb_admin_path . "index.$phpEx$SID&amp;i=$id&amp;mode=$mode&amp;action=" . $this->state[1],
+				'U_CONTINUE_INDEXING'	=> $this->u_action . '&amp;action=' . $this->state[1],
 				'L_CONTINUE'			=> ($this->state[1] == 'create') ? $user->lang['CONTINUE_INDEXING'] : $user->lang['CONTINUE_INDEX_DELETING'],
 				'L_CONTINUE_EXPLAIN'	=> ($this->state[1] == 'create') ? $user->lang['CONTINUE_INDEXING_EXPLAIN'] : $user->lang['CONTINUE_INDEX_DELETING_EXPLAIN'])
 			);

phpBB/includes/acp/acp_styles.php

@@ -24,7 +24,7 @@ class acp_styles
 	function main($id, $mode)
 	{
 		global $db, $user, $auth, $template, $cache;
-		global $config, $SID, $phpbb_root_path, $phpbb_admin_path, $phpEx;
+		global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx;
 
 		// Hardcoded template bitfield to add for new templates
 		define('TEMPLATE_BITFIELD', 6921);
@@ -332,7 +332,7 @@ pagination_sep = \'{PAGINATION_SEP}\'
 	*/
 	function frontend($mode, $options)
 	{
-		global $user, $template, $db, $config, $phpbb_root_path, $phpEx, $SID;
+		global $user, $template, $db, $config, $phpbb_root_path, $phpEx;
 
 		$sql_from = '';
 		$style_count = array();
@@ -414,7 +414,7 @@ pagination_sep = \'{PAGINATION_SEP}\'
 				'U_STYLE_ACT_DEACT'		=> $this->u_action . '&action=' . $stylevis . '&id=' . $row[$mode . '_id'],
 				'L_STYLE_ACT_DEACT'		=> $user->lang['STYLE_' . strtoupper($stylevis)],
 				'S_OPTIONS'				=> implode(' | ', $s_options),
-				'U_PREVIEW'				=> ($mode == 'style') ? "{$phpbb_root_path}index.$phpEx$SID&$mode=" . $row[$mode . '_id'] : '',
+				'U_PREVIEW'				=> ($mode == 'style') ? append_sid("{$phpbb_root_path}index.$phpEx", "$mode=" . $row[$mode . '_id']) : '',
 
 				'NAME'					=> $row[$mode . '_name'],
 				'STYLE_COUNT'			=> ($mode == 'style' && isset($style_count[$row['style_id']])) ? $style_count[$row['style_id']] : 0,
@@ -477,7 +477,7 @@ pagination_sep = \'{PAGINATION_SEP}\'
 	*/
 	function edit_template($template_id)
 	{
-		global $phpbb_root_path, $phpEx, $SID, $config, $db, $cache, $user, $template, $safe_mode;
+		global $phpbb_root_path, $phpEx, $config, $db, $cache, $user, $template, $safe_mode;
 
 		$this->page_title = 'EDIT_TEMPLATE';
 
@@ -687,7 +687,7 @@ pagination_sep = \'{PAGINATION_SEP}\'
 	*/
 	function template_cache($template_id)
 	{
-		global $phpbb_root_path, $phpEx, $SID, $config, $db, $cache, $user, $template;
+		global $phpbb_root_path, $phpEx, $config, $db, $cache, $user, $template;
 
 		$source		= str_replace('/', '.', request_var('source', ''));
 		$file_ary	= array_diff(request_var('delete', array('')), array(''));
@@ -811,7 +811,7 @@ pagination_sep = \'{PAGINATION_SEP}\'
 	*/
 	function edit_theme($theme_id)
 	{
-		global $phpbb_root_path, $phpbb_admin_path, $phpEx, $SID, $config, $db, $cache, $user, $template, $safe_mode;
+		global $phpbb_root_path, $phpbb_admin_path, $phpEx, $config, $db, $cache, $user, $template, $safe_mode;
 
 		$this->page_title = 'EDIT_THEME';
 
@@ -1214,8 +1214,8 @@ pagination_sep = \'{PAGINATION_SEP}\'
 		$template->assign_vars(array(
 			'S_HIDDEN_FIELDS'	=> build_hidden_fields($s_hidden_fields),
 
-			'U_SWATCH'			=> "{$phpbb_admin_path}swatch.$phpEx$SID&form=acp_theme&name=",
+			'U_SWATCH'			=> append_sid("{$phpbb_admin_path}swatch.$phpEx", 'form=acp_theme') . '&name=',
-			'UA_SWATCH'			=> "{$phpbb_admin_path}swatch.$phpEx$SID&form=acp_theme&name=",
+			'UA_SWATCH'			=> append_sid("{$phpbb_admin_path}swatch.$phpEx", 'form=acp_theme', false) . '&name=',
 
 			'CSS_DATA'			=> htmlspecialchars($css_data))
 		);
@@ -2350,7 +2350,7 @@ pagination_sep = \'{PAGINATION_SEP}\'
 	*/
 	function install($mode)
 	{
-		global $phpbb_root_path, $phpEx, $SID, $config, $db, $cache, $user, $template;
+		global $phpbb_root_path, $phpEx, $config, $db, $cache, $user, $template;
 
 		$l_type = strtoupper($mode);
 
@@ -2498,7 +2498,7 @@ pagination_sep = \'{PAGINATION_SEP}\'
 	*/
 	function add($mode)
 	{
-		global $phpbb_root_path, $phpEx, $SID, $config, $db, $cache, $user, $template;
+		global $phpbb_root_path, $phpEx, $config, $db, $cache, $user, $template;
 
 		$l_type = strtoupper($mode);
 		$element_ary = array('template' => STYLES_TPL_TABLE, 'theme' => STYLES_CSS_TABLE, 'imageset' => STYLES_IMAGE_TABLE);

phpBB/includes/acp/acp_users.php

@@ -18,7 +18,7 @@ class acp_users
 	function main($id, $mode)
 	{
 		global $config, $db, $user, $auth, $template, $cache;
-		global $SID, $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix, $file_uploads;
+		global $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix, $file_uploads;
 
 		$user->add_lang(array('posting', 'ucp', 'acp/users'));
 		$this->tpl_name = 'acp_users';
@@ -68,7 +68,7 @@ class acp_users
 				'ANONYMOUS_USER_ID'	=> ANONYMOUS,
 
 				'S_SELECT_USER'		=> true,
-				'U_FIND_USERNAME'	=> $phpbb_root_path . "memberlist.$phpEx$SID&mode=searchuser&form=select_user&field=username",
+				'U_FIND_USERNAME'	=> append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=select_user&field=username'),
 				)
 			);
 
@@ -125,7 +125,7 @@ class acp_users
 
 		$template->assign_vars(array(
 			'U_BACK'			=> $this->u_action,
-			'U_MODE_SELECT'		=> "{$phpbb_admin_path}index.$phpEx$SID&i=$id&u=$user_id",
+			'U_MODE_SELECT'		=> append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&u=$user_id"),
 			'U_ACTION'			=> $this->u_action . '&u=' . $user_id,
 			'S_FORM_OPTIONS'	=> $s_form_options)
 		);
@@ -729,7 +729,7 @@ class acp_users
 					'U_SHOW_IP'		=> $this->u_action . "&u=$user_id&ip=" . (($ip == 'ip') ? 'hostname' : 'ip'),
 					'U_WHOIS'		=> $this->u_action . "&action=whois&user_ip={$user_row['user_ip']}",
 
-					'U_SWITCH_PERMISSIONS'	=> ($auth->acl_get('a_switchperm') && $user->data['user_id'] != $user_row['user_id']) ? "{$phpbb_root_path}ucp.$phpEx$SID&mode=switch_perm&u={$user_row['user_id']}" : '',
+					'U_SWITCH_PERMISSIONS'	=> ($auth->acl_get('a_switchperm') && $user->data['user_id'] != $user_row['user_id']) ? append_sid("{$phpbb_root_path}ucp.$phpEx", "mode=switch_perm&u={$user_row['user_id']}") : '',
 
 					'USER'				=> $user_row['username'],
 					'USER_REGISTERED'	=> $user->format_date($user_row['user_regdate']),
@@ -1494,7 +1494,7 @@ class acp_users
 					'S_SMILIES_CHECKED' 	=> (!$enable_smilies) ? 'checked="checked"' : '',
 					'S_MAGIC_URL_CHECKED' 	=> (!$enable_urls) ? 'checked="checked"' : '',
 
-					'BBCODE_STATUS'			=> ($config['allow_sig_bbcode']) ? sprintf($user->lang['BBCODE_IS_ON'], '<a href="' . $phpbb_root_path . "faq.$phpEx$SID&amp;mode=bbcode" . '" onclick="target=\'_phpbbcode\';">', '</a>') : sprintf($user->lang['BBCODE_IS_OFF'], '<a href="' . "{$phpbb_root_path}faq.$phpEx$SID&amp;mode=bbcode" . '" onclick="target=\'_phpbbcode\';">', '</a>'),
+					'BBCODE_STATUS'			=> ($config['allow_sig_bbcode']) ? sprintf($user->lang['BBCODE_IS_ON'], '<a href="' . append_sid("{$phpbb_root_path}faq.$phpEx", 'mode=bbcode') . '" onclick="target=\'_phpbbcode\';">', '</a>') : sprintf($user->lang['BBCODE_IS_OFF'], '<a href="' . append_sid("{$phpbb_root_path}faq.$phpEx", 'mode=bbcode') . '" onclick="target=\'_phpbbcode\';">', '</a>'),
 					'SMILIES_STATUS'		=> ($config['allow_sig_smilies']) ? $user->lang['SMILIES_ARE_ON'] : $user->lang['SMILIES_ARE_OFF'],
 					'IMG_STATUS'			=> ($config['allow_sig_img']) ? $user->lang['IMAGES_ARE_ON'] : $user->lang['IMAGES_ARE_OFF'],
 					'FLASH_STATUS'			=> ($config['allow_sig_flash']) ? $user->lang['FLASH_IS_ON'] : $user->lang['FLASH_IS_OFF'],
@@ -1596,11 +1596,11 @@ class acp_users
 				{
 					if ($row['in_message'])
 					{
-						$view_topic = "{$phpbb_root_path}ucp.$phpEx$SID&amp;i=pm&amp;p={$row['post_msg_id']}";
+						$view_topic = append_sid("{$phpbb_root_path}ucp.$phpEx", "i=pm&amp;p={$row['post_msg_id']}");
 					}
 					else
 					{
-						$view_topic = "{$phpbb_root_path}viewtopic.$phpEx$SID&amp;t={$row['topic_id']}&amp;p={$row['post_msg_id']}#{$row['post_msg_id']}";
+						$view_topic = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "t={$row['topic_id']}&amp;p={$row['post_msg_id']}#{$row['post_msg_id']}");
 					}
 
 					$template->assign_block_vars('attach', array(
@@ -1618,7 +1618,7 @@ class acp_users
 				
 						'S_IN_MESSAGE'		=> $row['in_message'],
 
-						'U_DOWNLOAD'		=> $phpbb_root_path . 'download.' . $phpEx . $SID . '&amp;id=' . $row['attach_id'],
+						'U_DOWNLOAD'		=> append_sid("{$phpbb_root_path}download.$phpEx", 'id=' . $row['attach_id']),
 						'U_VIEW_TOPIC'		=> $view_topic)
 					);
 				}
@@ -1757,7 +1757,7 @@ class acp_users
 					foreach ($data_ary as $data)
 					{
 						$template->assign_block_vars('group', array(
-							'U_EDIT_GROUP'		=> "{$phpbb_admin_path}index.$phpEx$SID&amp;i=groups&amp;mode=manage&amp;action=edit&amp;u=$user_id&amp;g=" . $data['group_id'] . '&amp;back_link=acp_users_groups',
+							'U_EDIT_GROUP'		=> append_sid("{$phpbb_admin_path}index.$phpEx", "i=groups&amp;mode=manage&amp;action=edit&amp;u=$user_id&amp;g={$data['group_id']}&amp;back_link=acp_users_groups"),
 							'U_DEFAULT'			=> $this->u_action . "&amp;action=default&amp;u=$user_id&amp;g=" . $data['group_id'],
 							'U_DEMOTE_PROMOTE'	=> $this->u_action . '&amp;action=' . (($data['group_leader']) ? 'demote' : 'promote') . "&amp;u=$user_id&amp;g=" . $data['group_id'],
 							'U_DELETE'			=> $this->u_action . "&amp;action=delete&amp;u=$user_id&amp;g=" . $data['group_id'],
@@ -1819,8 +1819,8 @@ class acp_users
 
 				$template->assign_vars(array(
 					'S_PERMISSIONS'				=> true,
-					'U_USER_PERMISSIONS'		=> $phpbb_admin_path . 'index.' . $phpEx . $SID . '&amp;i=permissions&amp;mode=setting_user_global&amp;user_id[]=' . $user_id,
+					'U_USER_PERMISSIONS'		=> append_sid("{$phpbb_admin_path}index.$phpEx" ,'i=permissions&amp;mode=setting_user_global&amp;user_id[]=' . $user_id),
-					'U_USER_FORUM_PERMISSIONS'	=> $phpbb_admin_path . 'index.' . $phpEx . $SID . '&amp;i=permissions&amp;mode=setting_user_local&amp;user_id[]=' . $user_id)
+					'U_USER_FORUM_PERMISSIONS'	=> append_sid("{$phpbb_admin_path}index.$phpEx", 'i=permissions&amp;mode=setting_user_local&amp;user_id[]=' . $user_id))
 				);
 			
 			break;

phpBB/includes/acp/acp_words.php

@@ -19,7 +19,7 @@ class acp_words
 	function main($id, $mode)
 	{
 		global $db, $user, $auth, $template, $cache;
-		global $config, $SID, $phpbb_root_path, $phpbb_admin_path, $phpEx;
+		global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx;
 
 		$user->add_lang('acp/posting');
 

phpBB/includes/acp/auth.php

@@ -271,7 +271,7 @@ class auth_admin extends auth
 	*/
 	function display_mask($mode, $permission_type, &$hold_ary, $user_mode = 'user', $local = false, $group_display = true)
 	{
-		global $template, $user, $db, $phpbb_root_path, $phpEx, $SID;
+		global $template, $user, $db, $phpbb_root_path, $phpEx;
 
 		// Define names for template loops, might be able to be set
 		$tpl_pmask = 'p_mask';
@@ -570,7 +570,7 @@ class auth_admin extends auth
 	*/
 	function display_role_mask(&$hold_ary)
 	{
-		global $db, $template, $user, $phpbb_root_path, $phpbb_admin_path, $phpEx, $SID;
+		global $db, $template, $user, $phpbb_root_path, $phpbb_admin_path, $phpEx;
 
 		if (!sizeof($hold_ary))
 		{
@@ -610,7 +610,7 @@ class auth_admin extends auth
 					$template->assign_block_vars('role_mask.users', array(
 						'USER_ID'		=> $row['user_id'],
 						'USERNAME'		=> $row['username'],
-						'U_PROFILE'		=> "{$phpbb_root_path}memberlist.$phpEx$SID&mode=viewprofile&u={$row['user_id']}")
+						'U_PROFILE'		=> append_sid("{$phpbb_root_path}memberlist.$phpEx", "mode=viewprofile&u={$row['user_id']}"))
 					);
 				}
 				$db->sql_freeresult($result);
@@ -629,7 +629,7 @@ class auth_admin extends auth
 					$template->assign_block_vars('role_mask.groups', array(
 						'GROUP_ID'		=> $row['group_id'],
 						'GROUP_NAME'	=> ($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name'],
-						'U_PROFILE'		=> $phpbb_root_path . "memberlist.$phpEx$SID&mode=group&g={$row['group_id']}")
+						'U_PROFILE'		=> append_sid("{$phpbb_root_path}memberlist.$phpEx", "mode=group&g={$row['group_id']}"))
 					);
 				}
 				$db->sql_freeresult($result);
@@ -1083,7 +1083,7 @@ class auth_admin extends auth
 	*/
 	function assign_cat_array(&$category_array, $tpl_cat, $tpl_mask, $ug_id, $forum_id, $show_trace = false)
 	{
-		global $template, $user, $phpbb_admin_path, $phpEx, $SID;
+		global $template, $user, $phpbb_admin_path, $phpEx;
 
 		foreach ($category_array as $cat => $cat_array)
 		{
@@ -1107,7 +1107,7 @@ class auth_admin extends auth
 					'FIELD_NAME'	=> $permission,
 					'S_FIELD_NAME'	=> 'setting[' . $ug_id . '][' . $forum_id . '][' . $permission . ']',
 
-					'U_TRACE'		=> ($show_trace) ? "{$phpbb_admin_path}index.$phpEx$SID&i=permissions&mode=trace&u=$ug_id&f=$forum_id&auth=$permission" : '',
+					'U_TRACE'		=> ($show_trace) ? append_sid("{$phpbb_admin_path}index.$phpEx", "i=permissions&mode=trace&u=$ug_id&f=$forum_id&auth=$permission") : '',
 
 					'PERMISSION'	=> $user->lang['acl_' . $permission]['lang'])
 				);

phpBB/includes/auth.php

@@ -701,13 +701,12 @@ class auth
 
 	/**
 	* Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him.
-	* @todo replace this with a new system
 	*/
 	function login($username, $password, $autologin = false, $viewonline = 1, $admin = 0)
 	{
 		global $config, $db, $user, $phpbb_root_path, $phpEx;
 
-		$method = trim($config['auth_method']);
+		$method = trim(basename($config['auth_method']));
 
 		if (file_exists($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx))
 		{

phpBB/includes/db/dbal.php

@@ -120,6 +120,48 @@ class dbal
 		return false;
 	}
 
+	/**
+	* SQL Transaction
+	* @private
+	*/
+	function sql_transaction($status = 'begin')
+	{
+		switch ($status)
+		{
+			case 'begin':
+				// Commit previously opened transaction before opening another transaction
+				if ($this->transaction)
+				{
+					$this->_sql_transaction('commit');
+				}
+
+				$result = $this->_sql_transaction('begin');
+				$this->transaction = true;
+			break;
+
+			case 'commit':
+				$result = $this->_sql_transaction('commit');
+				$this->transaction = false;
+
+				if (!$result)
+				{
+					$this->_sql_transaction('rollback');
+				}
+			break;
+
+			case 'rollback':
+				$result = $this->_sql_transaction('rollback');
+				$this->transaction = false;
+			break;
+
+			default:
+				$result = $this->_sql_transaction($status);
+			break;
+		}
+
+		return $result;
+	}
+
 	/**
 	* Build sql statement from array for insert/update/select statements
 	*
@@ -328,7 +370,7 @@ class dbal
 	*/
 	function sql_report($mode, $query = '')
 	{
-		global $cache, $starttime, $phpbb_root_path, $user, $SID;
+		global $cache, $starttime, $phpbb_root_path, $user;
 
 		if (empty($_GET['explain']))
 		{

phpBB/includes/db/firebird.php

@@ -49,37 +49,27 @@ class dbal_firebird extends dbal
 	}
 
 	/**
-	* sql transaction
+	* SQL Transaction
+	* @private
 	*/
-	function sql_transaction($status = 'begin')
+	function _sql_transaction($status = 'begin')
 	{
 		switch ($status)
 		{
 			case 'begin':
-				$result = true;
+				return true;
-				$this->transaction = true;
 			break;
 
 			case 'commit':
-				$result = @ibase_commit();
+				return @ibase_commit();
-				$this->transaction = false;
-
-				if (!$result)
-				{
-					@ibase_rollback();
-				}
 			break;
 
 			case 'rollback':
-				$result = @ibase_rollback();
+				return @ibase_rollback();
-				$this->transaction = false;
 			break;
-
-			default:
-				$result = true;
 		}
 
-		return $result;
+		return true;
 	}
 
 	/**

phpBB/includes/db/mssql.php

@@ -56,37 +56,27 @@ class dbal_mssql extends dbal
 	}
 
 	/**
-	* sql transaction
+	* SQL Transaction
+	* @private
 	*/
-	function sql_transaction($status = 'begin')
+	function _sql_transaction($status = 'begin')
 	{
 		switch ($status)
 		{
 			case 'begin':
-				$result = @mssql_query('BEGIN TRANSACTION', $this->db_connect_id);
+				return @mssql_query('BEGIN TRANSACTION', $this->db_connect_id);
-				$this->transaction = true;
 			break;
 
 			case 'commit':
-				$result = @mssql_query('commit', $this->db_connect_id);
+				return @mssql_query('commit', $this->db_connect_id);
-				$this->transaction = false;
-
-				if (!$result)
-				{
-					@mssql_query('ROLLBACK', $this->db_connect_id);
-				}
 			break;
 
 			case 'rollback':
-				$result = @mssql_query('ROLLBACK', $this->db_connect_id);
+				return @mssql_query('ROLLBACK', $this->db_connect_id);
-				$this->transaction = false;
 			break;
-
-			default:
-				$result = true;
 		}
 
-		return $result;
+		return true;
 	}
 
 	/**

phpBB/includes/db/mssql_odbc.php

@@ -50,40 +50,31 @@ class dbal_mssql_odbc extends dbal
 	}
 
 	/**
-	* sql transaction
+	* SQL Transaction
+	* @private
 	*/
-	function sql_transaction($status = 'begin')
+	function _sql_transaction($status = 'begin')
 	{
 		switch ($status)
 		{
 			case 'begin':
-				$result = @odbc_autocommit($this->db_connect_id, false);
+				return @odbc_autocommit($this->db_connect_id, false);
-				$this->transaction = true;
 			break;
 
 			case 'commit':
 				$result = @odbc_commit($this->db_connect_id);
 				@odbc_autocommit($this->db_connect_id, true);
-				$this->transaction = false;
+				return $result;
-
-				if (!$result)
-				{
-					@odbc_rollback($this->db_connect_id);
-					@odbc_autocommit($this->db_connect_id, true);
-				}
 			break;
 
 			case 'rollback':
 				$result = @odbc_rollback($this->db_connect_id);
 				@odbc_autocommit($this->db_connect_id, true);
-				$this->transaction = false;
+				return $result;
 			break;
-
-			default:
-				$result = true;
 		}
 
-		return $result;
+		return true;
 	}
 
 	/**

phpBB/includes/db/mysql.php

@@ -56,37 +56,27 @@ class dbal_mysql extends dbal
 	}
 
 	/**
-	* sql transaction
+	* SQL Transaction
+	* @private
 	*/
-	function sql_transaction($status = 'begin')
+	function _sql_transaction($status = 'begin')
 	{
 		switch ($status)
 		{
 			case 'begin':
-				$result = @mysql_query('BEGIN', $this->db_connect_id);
+				return @mysql_query('BEGIN', $this->db_connect_id);
-				$this->transaction = true;
 			break;
 
 			case 'commit':
-				$result = @mysql_query('COMMIT', $this->db_connect_id);
+				return @mysql_query('COMMIT', $this->db_connect_id);
-				$this->transaction = false;
-				
-				if (!$result)
-				{
-					@mysql_query('ROLLBACK', $this->db_connect_id);
-				}
 			break;
 
 			case 'rollback':
-				$result = @mysql_query('ROLLBACK', $this->db_connect_id);
+				return @mysql_query('ROLLBACK', $this->db_connect_id);
-				$this->transaction = false;
 			break;
-
-			default:
-				$result = true;
 		}
 
-		return $result;
+		return true;
 	}
 
 	/**

phpBB/includes/db/mysql4.php

@@ -58,37 +58,27 @@ class dbal_mysql4 extends dbal
 	}
 
 	/**
-	* sql transaction
+	* SQL Transaction
+	* @private
 	*/
-	function sql_transaction($status = 'begin')
+	function _sql_transaction($status = 'begin')
 	{
 		switch ($status)
 		{
 			case 'begin':
-				$result = @mysql_query('BEGIN', $this->db_connect_id);
+				return @mysql_query('BEGIN', $this->db_connect_id);
-				$this->transaction = true;
 			break;
 
 			case 'commit':
-				$result = @mysql_query('COMMIT', $this->db_connect_id);
+				return @mysql_query('COMMIT', $this->db_connect_id);
-				$this->transaction = false;
-
-				if (!$result)
-				{
-					@mysql_query('ROLLBACK', $this->db_connect_id);
-				}
 			break;
 
 			case 'rollback':
-				$result = @mysql_query('ROLLBACK', $this->db_connect_id);
+				return @mysql_query('ROLLBACK', $this->db_connect_id);
-				$this->transaction = false;
 			break;
-
-			default:
-				$result = true;
 		}
 
-		return $result;
+		return true;
 	}
 
 	/**

phpBB/includes/db/mysqli.php

@@ -58,40 +58,31 @@ class dbal_mysqli extends dbal
 	}
 
 	/**
-	* sql transaction
+	* SQL Transaction
+	* @private
 	*/
-	function sql_transaction($status = 'begin')
+	function _sql_transaction($status = 'begin')
 	{
 		switch ($status)
 		{
 			case 'begin':
-				$result = @mysqli_autocommit($this->db_connect_id, false);
+				return @mysqli_autocommit($this->db_connect_id, false);
-				$this->transaction = true;
 			break;
 
 			case 'commit':
 				$result = @mysqli_commit($this->db_connect_id);
 				@mysqli_autocommit($this->db_connect_id, true);
-				$this->transaction = false;
+				return $result;
-
-				if (!$result)
-				{
-					@mysqli_rollback($this->db_connect_id);
-					@mysqli_autocommit($this->db_connect_id, true);
-				}
 			break;
 
 			case 'rollback':
 				$result = @mysqli_rollback($this->db_connect_id);
 				@mysqli_autocommit($this->db_connect_id, true);
-				$this->transaction = false;
+				return $result;
 			break;
-
-			default:
-				$result = true;
 		}
 
-		return $result;
+		return true;
 	}
 
 	/**

phpBB/includes/db/oracle.php

@@ -48,37 +48,27 @@ class dbal_oracle extends dbal
 	}
 
 	/**
-	* sql transaction
+	* SQL Transaction
+	* @private
 	*/
-	function sql_transaction($status = 'begin')
+	function _sql_transaction($status = 'begin')
 	{
 		switch ($status)
 		{
 			case 'begin':
-				$result = true;
+				return true;
-				$this->transaction = true;
 			break;
 
 			case 'commit':
-				$result = @ocicommit($this->db_connect_id);
+				return @ocicommit($this->db_connect_id);
-				$this->transaction = false;
-
-				if (!$result)
-				{
-					@ocirollback($this->db_connect_id);
-				}
 			break;
 
 			case 'rollback':
-				$result = @ocirollback($this->db_connect_id);
+				return @ocirollback($this->db_connect_id);
-				$this->transaction = false;
 			break;
-
-			default:
-				$result = true;
 		}
 
-		return $result;
+		return true;
 	}
 
 	/**
@@ -355,7 +345,7 @@ class dbal_oracle extends dbal
 	*/
 	function sql_escape($msg)
 	{
-		return str_replace("'", "''", str_replace('\\', '\\\\', $msg));
+		return str_replace("'", "''", $msg);
 	}
 
 	function _sql_custom_build($stage, $data)

phpBB/includes/db/postgres.php

@@ -85,37 +85,27 @@ class dbal_postgres extends dbal
 	}
 
 	/**
-	* sql transaction
+	* SQL Transaction
+	* @private
 	*/
-	function sql_transaction($status = 'begin')
+	function _sql_transaction($status = 'begin')
 	{
 		switch ($status)
 		{
 			case 'begin':
-				$result = @pg_query($this->db_connect_id, 'BEGIN');
+				return @pg_query($this->db_connect_id, 'BEGIN');
-				$this->transaction = true;
 			break;
 
 			case 'commit':
-				$result = @pg_query($this->db_connect_id, 'COMMIT');
+				return @pg_query($this->db_connect_id, 'COMMIT');
-				$this->transaction = false;
-
-				if (!$result)
-				{
-					@pg_query($this->db_connect_id, 'ROLLBACK');
-				}
 			break;
 
 			case 'rollback':
-				$result = @pg_query($this->db_connect_id, 'ROLLBACK');
+				return @pg_query($this->db_connect_id, 'ROLLBACK');
-				$this->transaction = false;
 			break;
-
-			default:
-				$result = true;
 		}
 
-		return $result;
+		return true;
 	}
 
 	/**

phpBB/includes/db/sqlite.php

@@ -52,37 +52,27 @@ class dbal_sqlite extends dbal
 	}
 
 	/**
-	* sql transaction
+	* SQL Transaction
+	* @private
 	*/
-	function sql_transaction($status = 'begin')
+	function _sql_transaction($status = 'begin')
 	{
 		switch ($status)
 		{
 			case 'begin':
-				$result = @sqlite_query('BEGIN', $this->db_connect_id);
+				return @sqlite_query('BEGIN', $this->db_connect_id);
-				$this->transaction = true;
 			break;
 
 			case 'commit':
-				$result = @sqlite_query('COMMIT', $this->db_connect_id);
+				return @sqlite_query('COMMIT', $this->db_connect_id);
-				$this->transaction = false;
-				
-				if (!$result)
-				{
-					@sqlite_query('ROLLBACK', $this->db_connect_id);
-				}
 			break;
 
 			case 'rollback':
-				$result = @sqlite_query('ROLLBACK', $this->db_connect_id);
+				return @sqlite_query('ROLLBACK', $this->db_connect_id);
-				$this->transaction = false;
 			break;
-
-			default:
-				$result = true;
 		}
 
-		return $result;
+		return true;
 	}
 
 	/**

phpBB/includes/functions.php

@@ -195,7 +195,7 @@ function gen_sort_selects(&$limit_days, &$sort_by_text, &$sort_days, &$sort_key,
 */
 function make_jumpbox($action, $forum_id = false, $select_all = false, $acl_list = false)
 {
-	global $config, $auth, $template, $user, $db, $phpEx, $SID;
+	global $config, $auth, $template, $user, $db, $phpEx;
 
 	if (!$config['load_jumpbox'])
 	{
@@ -364,7 +364,7 @@ function language_select($default = '')
 	$sql = 'SELECT lang_iso, lang_local_name
 		FROM ' . LANG_TABLE . '
 		ORDER BY lang_english_name';
-	$result = $db->sql_query($sql);
+	$result = $db->sql_query($sql, 600);
 
 	$lang_options = '';
 	while ($row = $db->sql_fetchrow($result))
@@ -447,15 +447,16 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $
 			}
 			else
 			{
-				$tracking = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? unserialize(stripslashes($_COOKIE[$config['cookie_name'] . '_track'])) : array();
+				$tracking_topics = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : '';
+				$tracking_topics = ($tracking_topics) ? unserialize($tracking_topics) : array();
 
-				unset($tracking['tf']);
+				unset($tracking_topics['tf']);
-				unset($tracking['t']);
+				unset($tracking_topics['t']);
-				unset($tracking['f']);
+				unset($tracking_topics['f']);
-				$tracking['l'] = base_convert(time() - $config['board_startdate'], 10, 36);
+				$tracking_topics['l'] = base_convert(time() - $config['board_startdate'], 10, 36);
 	
-				$user->set_cookie('track', serialize($tracking), time() + 31536000);
+				$user->set_cookie('track', serialize($tracking_topics), time() + 31536000);
-				unset($tracking);
+				unset($tracking_topics);
 
 				if ($user->data['is_registered'])
 				{
@@ -479,9 +480,10 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $
 
 		if ($config['load_db_lastread'] && $user->data['is_registered'])
 		{
-			$db->sql_query('DELETE FROM ' . TOPICS_TRACK_TABLE . " 
+			$sql = 'DELETE FROM ' . TOPICS_TRACK_TABLE . " 
 				WHERE user_id = {$user->data['user_id']}
-					AND forum_id IN (" . implode(', ', $forum_id) . ")");
+					AND forum_id IN (" . implode(', ', $forum_id) . ")";
+			$db->sql_query($sql);
 
 			$sql = 'SELECT forum_id
 				FROM ' . FORUMS_TRACK_TABLE . "
@@ -539,7 +541,8 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $
 		}
 		else
 		{
-			$tracking = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? unserialize(stripslashes($_COOKIE[$config['cookie_name'] . '_track'])) : array();
+			$tracking = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : '';
+			$tracking = ($tracking) ? unserialize($tracking) : array();
 
 			foreach ($forum_id as $f_id)
 			{
@@ -603,7 +606,8 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $
 		}
 		else
 		{
-			$tracking = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? unserialize(stripslashes($_COOKIE[$config['cookie_name'] . '_track'])) : array();
+			$tracking = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : '';
+			$tracking = ($tracking) ? unserialize($tracking) : array();
 
 			$topic_id36 = base_convert($topic_id, 10, 36);
 
@@ -653,7 +657,6 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $
 				{
 					$tracking['l'] = max($time_keys);
 				}
-
 			}
 
 			$user->set_cookie('track', serialize($tracking), time() + 31536000);
@@ -838,7 +841,8 @@ function get_complete_topic_tracking($forum_id, $topic_ids, $global_announce_lis
 
 		if (!isset($tracking_topics) || !sizeof($tracking_topics))
 		{
-			$tracking_topics = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? unserialize(stripslashes($_COOKIE[$config['cookie_name'] . '_track'])) : array();
+			$tracking_topics = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : '';
+			$tracking_topics = ($tracking_topics) ? unserialize($tracking_topics) : array();
 		}
 
 		if (!$user->data['is_registered'])
@@ -908,7 +912,6 @@ function generate_pagination($base_url, $num_items, $per_page, $start_item, $add
 	global $template, $user;
 
 	$seperator = $user->theme['pagination_sep'];
-
 	$total_pages = ceil($num_items/$per_page);
 
 	if ($total_pages == 1 || !$num_items)
@@ -917,7 +920,6 @@ function generate_pagination($base_url, $num_items, $per_page, $start_item, $add
 	}
 
 	$on_page = floor($start_item / $per_page) + 1;
-
 	$page_string = ($on_page == 1) ? '<strong>1</strong>' : '<a href="' . $base_url . '">1</a>';
 
 	if ($total_pages > 5)
@@ -996,6 +998,68 @@ function on_page($num_items, $per_page, $start)
 
 // Server functions (building urls, redirecting...)
 
+/**
+* Append session id to url
+*
+* @param string $url The url the session id needs to be appended to (can have params)
+* @param mixed $params String or array of additional url parameters
+* @param bool $is_amp Is url using &amp; (true) or & (false)
+* @param string $session_id Possibility to use a custom session id instead of the global one
+*
+* Examples:
+* <code>
+* append_sid("{$phpbb_root_path}viewtopic.$phpEx?t=1&amp;f=2");
+* append_sid("{$phpbb_root_path}viewtopic.$phpEx", 't=1&amp;f=2');
+* append_sid("{$phpbb_root_path}viewtopic.$phpEx", 't=1&f=2', false);
+* append_sid("{$phpbb_root_path}viewtopic.$phpEx", array('t' => 1, 'f' => 2));
+* </code>
+*/
+function append_sid($url, $params = false, $is_amp = true, $session_id = false)
+{
+	global $_SID, $_EXTRA_URL;
+
+	// Assign sid if session id is not specified
+	if ($session_id === false)
+	{
+		$session_id = $_SID;
+	}
+
+	$amp_delim = ($is_amp) ? '&amp;' : '&';
+	$url_delim = (strpos($url, '?') === false) ? '?' : $amp_delim;
+
+	// Appending custom url parameter?
+	$append_url = (!empty($_EXTRA_URL)) ? implode($amp_delim, $_EXTRA_URL) : '';
+
+	// Use the short variant if possible ;)
+	if ($params === false)
+	{
+		// Append session id
+		return (!$session_id) ? $url . (($append_url) ? $url_delim . $append_url : '') : $url . (($append_url) ? $url_delim . $append_url . $amp_delim : $url_delim) . 'sid=' . $session_id;
+	}
+
+	// Build string if parameters are specified as array
+	if (is_array($params))
+	{
+		$output = array();
+
+		foreach ($params as $key => $item)
+		{
+			if ($item === NULL)
+			{
+				continue;
+			}
+
+			$output[] = $key . '=' . $item;
+		}
+
+		$params = implode($amp_delim, $output);
+	}
+
+	// Append session id and parameters (even if they are empty)
+	// If parameters are empty, the developer can still append his/her parameters without caring about the delimiter
+	return $url . (($append_url) ? $url_delim . $append_url . $amp_delim : $url_delim) . $params . ((!$session_id) ? '' : $amp_delim . 'sid=' . $session_id);
+}
+
 /**
 * Generate board url (example: http://www.foo.bar/phpBB)
 * @param bool $without_script_path if set to true the script path gets not appended (example: http://www.foo.bar)
@@ -1029,7 +1093,8 @@ function generate_board_url($without_script_path = false)
 		return $url;
 	}
 
-	return $url . $user->page['root_script_path'];
+	// Strip / from the end
+	return $url . substr($user->page['root_script_path'], 0, -1);
 }
 
 /**
@@ -1094,20 +1159,23 @@ function redirect($url)
 		}
 		else
 		{
-			$url = str_replace($pathinfo['dirname'] . '/', '', $url);
+			// Get the realpath of dirname
+			$root_dirs = explode('/', str_replace('\\', '/', realpath('./')));
+			$page_dirs = explode('/', str_replace('\\', '/', realpath($pathinfo['dirname'])));
+			$intersection = array_intersect_assoc($root_dirs, $page_dirs);
 
-			// Make sure we point to the correct directory, we transform the relative uri to an absolute uri...
+			$root_dirs = array_diff_assoc($root_dirs, $intersection);
-			$substract_path = str_replace(realpath($pathinfo['dirname']), '', realpath('./'));
+			$page_dirs = array_diff_assoc($page_dirs, $intersection);
-			$dir = str_replace($substract_path, '', $user->page['script_path']);
 
-			if (!$dir)
+			$dir = str_repeat('../', sizeof($root_dirs)) . implode('/', $page_dirs);
+
+			if ($dir && substr($dir, -1, 1) == '/')
 			{
-				$url = '/' . $url;
+				$dir = substr($dir, 0, -1);
-			}
-			else
-			{
-				$url = (strpos($dir, '/') !== 0) ? '/' . $dir . '/' . $url : $dir . '/' . $url;
 			}
+
+			$url = $dir . '/' . str_replace($pathinfo['dirname'] . '/', '', $url);
+			$url = generate_board_url() . '/' . $url;
 		}
 	}
 
@@ -1126,24 +1194,36 @@ function redirect($url)
 }
 
 /**
-* Re-Apply $SID after page reloads
+* Re-Apply session id after page reloads
 */
 function reapply_sid($url)
 {
-	global $SID, $phpEx;
+	global $phpEx, $phpbb_root_path;
 
 	if ($url === "index.$phpEx")
 	{
-		return "index.$phpEx$SID";
+		return append_sid("index.$phpEx");
+	}
+	else if ($url === "{$phpbb_root_path}index.$phpEx")
+	{
+		return append_sid("{$phpbb_root_path}index.$phpEx");
 	}
 
 	// Remove previously added sid
-	if (strpos($url, '?sid='))
+	if (strpos($url, '?sid=') !== false)
 	{
-		$url = preg_replace('/\?sid=[a-z0-9]+(&amp;|&)?/', $SID . '\1', $url);
+		$url = preg_replace('/(\?)sid=[a-z0-9]+(&amp;|&)?/', '\1', $url);
+	}
+	else if (strpos($url, '&sid=') !== false)
+	{
+		$url = preg_replace('/&sid=[a-z0-9]+(&)?/', '\1', $url);
+	}
+	else if (strpos($url, '&amp;sid=') !== false)
+	{
+		$url = preg_replace('/&amp;sid=[a-z0-9]+(&amp;)?/', '\1', $url);
 	}
 
-	return (strpos($url, '?') === false) ? $url . $SID : $url . str_replace('?', '&amp;', $SID);
+	return append_sid($url);
 }
 
 /**
@@ -1151,10 +1231,11 @@ function reapply_sid($url)
 */
 function build_url($strip_vars = false)
 {
-	global $user, $phpbb_root_path, $SID;
+	global $user, $phpbb_root_path;
 
 	// Append SID
-	$redirect = (($user->page['page_dir']) ? $user->page['page_dir'] . '/' : '') . $user->page['page_name'] . $SID . (($user->page['query_string']) ? "&{$user->page['query_string']}" : '');
+	$redirect = (($user->page['page_dir']) ? $user->page['page_dir'] . '/' : '') . $user->page['page_name'] . (($user->page['query_string']) ? "?{$user->page['query_string']}" : '');
+	$redirect = append_sid($redirect, false, false);
 
 	// Strip vars...
 	if ($strip_vars !== false && strpos($redirect, '?') !== false)
@@ -1218,7 +1299,7 @@ function meta_refresh($time, $url)
 function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_body.html', $u_action = '')
 {
 	global $user, $template, $db;
-	global $SID, $phpEx, $phpbb_root_path;
+	global $phpEx, $phpbb_root_path;
 
 	if (isset($_POST['cancel']))
 	{
@@ -1287,9 +1368,9 @@ function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_bo
 		return false;
 	}
 
-	// re-add $SID / transform & to &amp; for user->page (user->page is always using &)
+	// re-add sid / transform & to &amp; for user->page (user->page is always using &)
 	$use_page = ($u_action) ? $phpbb_root_path . $u_action : $phpbb_root_path . str_replace('&', '&amp;', $user->page['page']);
-	$u_action = (strpos($use_page, 'sid=') === false) ? ((strpos($use_page, '?') !== false) ? str_replace('?', $SID . '&amp;', $use_page) : $use_page . '?' . str_replace('?', '', $SID)) : $use_page;
+	$u_action = reapply_sid($use_page);
 	$u_action .= ((strpos($u_action, '?') === false) ? '?' : '&amp;') . 'confirm_key=' . $confirm_key;
 
 	$template->assign_vars(array(
@@ -1320,7 +1401,7 @@ function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_bo
 */
 function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = false, $s_display = true)
 {
-	global $SID, $db, $user, $template, $auth, $phpEx, $phpbb_root_path, $config;
+	global $db, $user, $template, $auth, $phpEx, $phpbb_root_path, $config;
 
 	$err = '';
 
@@ -1358,8 +1439,7 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
 		$result = $auth->login($username, $password, $autologin, $viewonline, $admin);
 
 		// If admin authentication and login, we will log if it was a success or not...
-		// We also break the operation on the first non-success login - it could be argued that the user already
+		// We also break the operation on the first non-success login - it could be argued that the user already knows 
-		// knows 
 		if ($admin)
 		{
 			if ($result['status'] == LOGIN_SUCCESS)
@@ -1375,9 +1455,9 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
 		// The result parameter is always an array, holding the relevant informations...
 		if ($result['status'] == LOGIN_SUCCESS)
 		{
-			$redirect = request_var('redirect', "index.$phpEx");
+			$redirect = request_var('redirect', "{$phpbb_root_path}index.$phpEx");
 			$message = ($l_success) ? $l_success : $user->lang['LOGIN_REDIRECT'];
-			$l_redirect = ($admin) ? $user->lang['PROCEED_TO_ACP'] : (($redirect === "index.$phpEx") ? $user->lang['RETURN_INDEX'] : $user->lang['RETURN_PAGE']);
+			$l_redirect = ($admin) ? $user->lang['PROCEED_TO_ACP'] : (($redirect === "{$phpbb_root_path}index.$phpEx") ? $user->lang['RETURN_INDEX'] : $user->lang['RETURN_PAGE']);
 
 			// append/replace SID (may change during the session for AOL users)
 			$redirect = reapply_sid($redirect);
@@ -1424,7 +1504,7 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
 				$template->assign_vars(array(
 					'S_CONFIRM_CODE'			=> true,
 					'CONFIRM_ID'				=> $confirm_id,
-					'CONFIRM_IMAGE'				=> '<img src="' . $phpbb_root_path . 'ucp.' . $phpEx . $SID . '&amp;mode=confirm&amp;id=' . $confirm_id . '&amp;type=' . CONFIRM_LOGIN . '" alt="" title="" />',
+					'CONFIRM_IMAGE'				=> '<img src="' . append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=confirm&amp;id=' . $confirm_id . '&amp;type=' . CONFIRM_LOGIN) . '" alt="" title="" />',
 					'L_LOGIN_CONFIRM_EXPLAIN'	=> sprintf($user->lang['LOGIN_CONFIRM_EXPLAIN'], '<a href="mailto:' . htmlentities($config['board_contact']) . '">', '</a>'),
 				));
 
@@ -1457,13 +1537,13 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
 		'LOGIN_ERROR'		=> $err,
 		'LOGIN_EXPLAIN'		=> $l_explain,
 
-		'U_SEND_PASSWORD' 		=> ($config['email_enable']) ? "{$phpbb_root_path}ucp.$phpEx$SID&amp;mode=sendpassword" : '',
+		'U_SEND_PASSWORD' 		=> ($config['email_enable']) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=sendpassword') : '',
-		'U_RESEND_ACTIVATION'	=> ($config['require_activation'] != USER_ACTIVATION_NONE && $config['email_enable']) ? "{$phpbb_root_path}ucp.$phpEx$SID&amp;mode=resend_act" : '',
+		'U_RESEND_ACTIVATION'	=> ($config['require_activation'] != USER_ACTIVATION_NONE && $config['email_enable']) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=resend_act') : '',
-		'U_TERMS_USE'			=> "{$phpbb_root_path}ucp.$phpEx$SID&amp;mode=terms",
+		'U_TERMS_USE'			=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=terms'),
-		'U_PRIVACY'				=> "{$phpbb_root_path}ucp.$phpEx$SID&amp;mode=privacy",
+		'U_PRIVACY'				=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=privacy'),
 
 		'S_DISPLAY_FULL_LOGIN'	=> ($s_display) ? true : false,
-		'S_LOGIN_ACTION'		=> (!$admin) ? "{$phpbb_root_path}ucp.$phpEx$SID&amp;mode=login" : "index.$phpEx$SID",
+		'S_LOGIN_ACTION'		=> (!$admin) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=login') : append_sid("index.$phpEx"), // Needs to stay index.$phpEx because we are within the admin directory
 		'S_HIDDEN_FIELDS' 		=> $s_hidden_fields,
 
 		'S_ADMIN_AUTH'			=> $admin,
@@ -1475,7 +1555,7 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
 	$template->set_filenames(array(
 		'body' => 'login_body.html')
 	);
-	make_jumpbox("{$phpbb_root_path}viewforum.$phpEx");
+	make_jumpbox(append_sid("{$phpbb_root_path}viewforum.$phpEx"));
 
 	page_footer();
 }
@@ -2228,7 +2308,7 @@ function msg_handler($errno, $msg_text, $errfile, $errline)
 */
 function page_header($page_title = '')
 {
-	global $db, $config, $template, $SID, $user, $auth, $phpEx, $phpbb_root_path;
+	global $db, $config, $template, $SID, $_SID, $user, $auth, $phpEx, $phpbb_root_path;
 
 	if (defined('HEADER_INC'))
 	{
@@ -2249,12 +2329,12 @@ function page_header($page_title = '')
 	// Generate logged in/logged out status
 	if ($user->data['user_id'] != ANONYMOUS)
 	{
-		$u_login_logout = "{$phpbb_root_path}ucp.$phpEx$SID&amp;mode=logout";
+		$u_login_logout = append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=logout');
 		$l_login_logout = sprintf($user->lang['LOGOUT_USER'], $user->data['username']);
 	}
 	else
 	{
-		$u_login_logout = "{$phpbb_root_path}ucp.$phpEx$SID&amp;mode=login";
+		$u_login_logout = append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=login');
 		$l_login_logout = $user->lang['LOGIN'];
 	}
 
@@ -2279,7 +2359,8 @@ function page_header($page_title = '')
 		// Get number of online guests
 		if (!$config['load_online_guests'])
 		{
-			$sql = 'SELECT COUNT(DISTINCT s.session_ip) as num_guests FROM ' . SESSIONS_TABLE . ' s
+			$sql = 'SELECT COUNT(DISTINCT s.session_ip) as num_guests
+				FROM ' . SESSIONS_TABLE . ' s
 				WHERE s.session_user_id = ' . ANONYMOUS . '
 					AND s.session_time >= ' . (time() - ($config['load_online_time'] * 60)) . 
 				$reading_sql;
@@ -2323,7 +2404,7 @@ function page_header($page_title = '')
 
 					if (($row['user_allow_viewonline'] && $row['session_viewonline']) || $auth->acl_get('u_viewonline'))
 					{
-						$user_online_link = ($row['user_type'] <> USER_IGNORE) ? "<a href=\"{$phpbb_root_path}memberlist.$phpEx$SID&amp;mode=viewprofile&amp;u=" . $row['user_id'] . '">' . $user_online_link . '</a>' : $user_online_link;
+						$user_online_link = ($row['user_type'] <> USER_IGNORE) ? '<a href="' . append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&amp;u=' . $row['user_id']) . '">' . $user_online_link . '</a>' : $user_online_link;
 						$online_userlist .= ($online_userlist != '') ? ', ' . $user_online_link : $user_online_link;
 					}
 				}
@@ -2451,8 +2532,7 @@ function page_header($page_title = '')
 	// Which timezone?
 	$tz = ($user->data['user_id'] != ANONYMOUS) ? strval(doubleval($user->data['user_timezone'])) : strval(doubleval($config['board_timezone']));
 	
-	// The following assigns all _common_ variables that may be used at any point
+	// The following assigns all _common_ variables that may be used at any point in a template.
-	// in a template.
 	$template->assign_vars(array(
 		'SITENAME'						=> $config['sitename'],
 		'SITE_DESCRIPTION'				=> $config['site_desc'],
@@ -2465,34 +2545,38 @@ function page_header($page_title = '')
 		'RECORD_USERS'					=> $l_online_record,
 		'PRIVATE_MESSAGE_INFO'			=> $l_privmsgs_text,
 		'PRIVATE_MESSAGE_INFO_UNREAD'	=> $l_privmsgs_text_unread,
+
 		'SID'				=> $SID,
+		'_SID'				=> $_SID,
+		'SESSION_ID'		=> $user->session_id,
+		'ROOT_PATH'			=> $phpbb_root_path,
 
 		'L_LOGIN_LOGOUT'	=> $l_login_logout,
 		'L_INDEX'			=> $user->lang['FORUM_INDEX'],
 		'L_ONLINE_EXPLAIN'	=> $l_online_time,
 
-		'U_PRIVATEMSGS'			=> "{$phpbb_root_path}ucp.$phpEx$SID&amp;i=pm&amp;folder=inbox",
+		'U_PRIVATEMSGS'			=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&amp;folder=inbox'),
-		'U_RETURN_INBOX'		=> "{$phpbb_root_path}ucp.$phpEx$SID&amp;i=pm&amp;folder=inbox",
+		'U_RETURN_INBOX'		=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&amp;folder=inbox'),
-		'UA_RETURN_INBOX'		=> "{$phpbb_root_path}ucp.$phpEx$SID&i=pm&folder=inbox",
+		'UA_RETURN_INBOX'		=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&folder=inbox', false),
-		'U_POPUP_PM'			=> "{$phpbb_root_path}ucp.$phpEx$SID&amp;i=pm&amp;mode=popup",
+		'U_POPUP_PM'			=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&amp;mode=popup'),
-		'UA_POPUP_PM'			=> "{$phpbb_root_path}ucp.$phpEx$SID&i=pm&mode=popup",
+		'UA_POPUP_PM'			=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&mode=popup', false),
-		'U_MEMBERLIST' 			=> "{$phpbb_root_path}memberlist.$phpEx$SID",
+		'U_MEMBERLIST'			=> append_sid("{$phpbb_root_path}memberlist.$phpEx"),
-		'U_MEMBERSLIST'			=> "{$phpbb_root_path}memberlist.$phpEx$SID",
+		'U_MEMBERSLIST'			=> append_sid("{$phpbb_root_path}memberlist.$phpEx"),
-		'U_VIEWONLINE' 			=> "{$phpbb_root_path}viewonline.$phpEx$SID",
+		'U_VIEWONLINE'			=> append_sid("{$phpbb_root_path}viewonline.$phpEx"),
 		'U_LOGIN_LOGOUT'		=> $u_login_logout,
-		'U_INDEX' 				=> "{$phpbb_root_path}index.$phpEx$SID",
+		'U_INDEX'				=> append_sid("{$phpbb_root_path}index.$phpEx"),
-		'U_SEARCH' 				=> "{$phpbb_root_path}search.$phpEx$SID",
+		'U_SEARCH'				=> append_sid("{$phpbb_root_path}search.$phpEx"),
-		'U_REGISTER' 			=> "{$phpbb_root_path}ucp.$phpEx$SID&amp;mode=register",
+		'U_REGISTER'			=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register'),
-		'U_PROFILE' 			=> "{$phpbb_root_path}ucp.$phpEx$SID",
+		'U_PROFILE'				=> append_sid("{$phpbb_root_path}ucp.$phpEx"),
-		'U_MODCP' 				=> "{$phpbb_root_path}mcp.$phpEx$SID",
+		'U_MODCP'				=> append_sid("{$phpbb_root_path}mcp.$phpEx", false, true, $user->session_id),
-		'U_FAQ' 				=> "{$phpbb_root_path}faq.$phpEx$SID",
+		'U_FAQ'					=> append_sid("{$phpbb_root_path}faq.$phpEx"),
-		'U_SEARCH_SELF'			=> "{$phpbb_root_path}search.$phpEx$SID&amp;search_id=egosearch",
+		'U_SEARCH_SELF'			=> append_sid("{$phpbb_root_path}search.$phpEx", 'search_id=egosearch'),
-		'U_SEARCH_NEW' 			=> "{$phpbb_root_path}search.$phpEx$SID&amp;search_id=newposts",
+		'U_SEARCH_NEW'			=> append_sid("{$phpbb_root_path}search.$phpEx", 'search_id=newposts'),
-		'U_SEARCH_UNANSWERED'	=> "{$phpbb_root_path}search.$phpEx$SID&amp;search_id=unanswered",
+		'U_SEARCH_UNANSWERED'	=> append_sid("{$phpbb_root_path}search.$phpEx", 'search_id=unanswered'),
-		'U_SEARCH_ACTIVE_TOPICS'=> "{$phpbb_root_path}search.$phpEx$SID&amp;search_id=active_topics",
+		'U_SEARCH_ACTIVE_TOPICS'=> append_sid("{$phpbb_root_path}search.$phpEx", 'search_id=active_topics'),
-		'U_DELETE_COOKIES'		=> "{$phpbb_root_path}ucp.$phpEx$SID&amp;mode=delete_cookies",
+		'U_DELETE_COOKIES'		=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=delete_cookies'),
-		'U_TEAM'				=> "{$phpbb_root_path}memberlist.$phpEx$SID&amp;mode=leaders",
+		'U_TEAM'				=> append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=leaders'),
-		'U_RESTORE_PERMISSIONS'	=> ($user->data['user_perm_from'] && $auth->acl_get('a_switchperm')) ? "{$phpbb_root_path}ucp.$phpEx$SID&amp;mode=restore_perm" : '',
+		'U_RESTORE_PERMISSIONS'	=> ($user->data['user_perm_from'] && $auth->acl_get('a_switchperm')) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=restore_perm') : '',
 
 		'S_USER_LOGGED_IN'		=> ($user->data['user_id'] != ANONYMOUS) ? true : false,
 		'S_REGISTERED_USER'		=> $user->data['is_registered'],
@@ -2543,7 +2627,7 @@ function page_header($page_title = '')
 */
 function page_footer()
 {
-	global $db, $config, $template, $SID, $user, $auth, $cache, $messenger, $starttime, $phpbb_root_path, $phpEx;
+	global $db, $config, $template, $user, $auth, $cache, $messenger, $starttime, $phpbb_root_path, $phpEx;
 
 	// Output page creation time
 	if (defined('DEBUG'))

phpBB/includes/functions_admin.php

@@ -89,7 +89,6 @@ function recalc_btree($sql_id, $sql_table, $module_class = '')
 				FROM $sql_table
 				$sql_where";
 			$result = $db->sql_query($sql);
-
 			$row = $db->sql_fetchrow($result);
 			$db->sql_freeresult($result);
 
@@ -185,7 +184,7 @@ function make_forum_select($select_id = false, $ignore_id = false, $ignore_acl =
 }
 
 /**
-* Generate size select form
+* Generate size select options
 */
 function size_select_options($size_compare)
 {
@@ -245,6 +244,7 @@ function get_forum_list($acl_list = 'f_list', $id_only = true, $postable_only =
 	{
 		// This query is identical to the jumpbox one
 		$expire_time = ($no_cache) ? 0 : 120;
+
 		$sql = 'SELECT forum_id, parent_id, forum_name, forum_type, left_id, right_id
 			FROM ' . FORUMS_TABLE . '
 			ORDER BY left_id ASC';
@@ -293,6 +293,7 @@ function get_forum_branch($forum_id, $type = 'all', $order = 'descending', $incl
 
 		default:
 			$condition = 'f2.left_id BETWEEN f1.left_id AND f1.right_id OR f1.left_id BETWEEN f2.left_id AND f2.right_id';
+		break;
 	}
 
 	$rows = array();
@@ -327,12 +328,12 @@ function filelist($rootdir, $dir = '', $type = 'gif|jpg|jpeg|png')
 
 	// Remove initial / if present
 	$rootdir = (substr($rootdir, 0, 1) == '/') ? substr($rootdir, 1) : $rootdir;
-	// Add closing / if present
+	// Add closing / if not present
 	$rootdir = ($rootdir && substr($rootdir, -1) != '/') ? $rootdir . '/' : $rootdir;
 
 	// Remove initial / if present
 	$dir = (substr($dir, 0, 1) == '/') ? substr($dir, 1) : $dir;
-	// Add closing / if present
+	// Add closing / if not present
 	$dir = ($dir && substr($dir, -1) != '/') ? $dir . '/' : $dir;
 
 	if (!is_dir($rootdir . $dir))
@@ -398,9 +399,6 @@ function move_topics($topic_ids, $forum_id, $auto_sync = true)
 		$db->sql_freeresult($result);
 	}
 
-	/**
-	* @todo watch for undesired results on marked topics for moving topics, maybe handle it seperatly to cover cookie tracking
-	*/
 	$table_ary = array(TOPICS_TABLE, POSTS_TABLE, LOG_TABLE, DRAFTS_TABLE, TOPICS_TRACK_TABLE);
 	foreach ($table_ary as $table)
 	{
@@ -486,6 +484,7 @@ function move_posts($post_ids, $topic_id, $auto_sync = true)
 function delete_topics($where_type, $where_ids, $auto_sync = true)
 {
 	global $db;
+
 	$forum_ids = $topic_ids = array();
 
 	if (is_array($where_ids))
@@ -521,8 +520,6 @@ function delete_topics($where_type, $where_ids, $auto_sync = true)
 		return $return;
 	}
 
-	// TODO: probably some other stuff too
-
 	$sql_where = ' IN (' . implode(', ', $topic_ids) . ')';
 
 	$db->sql_transaction('begin');
@@ -563,15 +560,17 @@ function delete_posts($where_type, $where_ids, $auto_sync = true, $posted_sync =
 	{
 		$where_ids = array_unique($where_ids);
 	}
+
 	if (empty($where_ids))
 	{
 		return false;
 	}
+
 	$post_ids = $topic_ids = $forum_ids = array();
 
 	$sql = 'SELECT post_id, poster_id, topic_id, forum_id
 		FROM ' . POSTS_TABLE . "
-		WHERE $where_type " . ((!is_array($where_ids)) ? "= $where_ids" : 'IN (' . implode(', ', $where_ids) . ')');
+		WHERE $where_type " . ((!is_array($where_ids)) ? '= ' . (int) $where_ids : 'IN (' . implode(', ', array_map('intval', $where_ids)) . ')');
 	$result = $db->sql_query($sql);
 
 	while ($row = $db->sql_fetchrow($result))
@@ -581,6 +580,7 @@ function delete_posts($where_type, $where_ids, $auto_sync = true, $posted_sync =
 		$topic_ids[] = $row['topic_id'];
 		$forum_ids[] = $row['forum_id'];
 	}
+	$db->sql_freeresult($result);
 
 	if (!sizeof($post_ids))
 	{
@@ -602,7 +602,7 @@ function delete_posts($where_type, $where_ids, $auto_sync = true, $posted_sync =
 	unset($table_ary);
 
 	// Remove the message from the search index
-	$search_type = $config['search_type'];
+	$search_type = basename($config['search_type']);
 
 	if (!file_exists($phpbb_root_path . 'includes/search/' . $search_type . '.' . $phpEx))
 	{
@@ -643,9 +643,10 @@ function delete_posts($where_type, $where_ids, $auto_sync = true, $posted_sync =
 
 /**
 * Delete Attachments
-* mode => (post, topic, attach, user)
+*
-* ids => (post_ids, topic_ids, attach_ids, user_ids)
+* @param string $mode can be: post|topic|attach|user
-* resync => set this to false if you are deleting posts or topics...
+* @param mixed $ids can be: post_ids, topic_ids, attach_ids, user_ids
+* @param bool $resync set this to false if you are deleting posts or topics
 */
 function delete_attachments($mode, $ids, $resync = true)
 {
@@ -654,6 +655,11 @@ function delete_attachments($mode, $ids, $resync = true)
 	if (is_array($ids))
 	{
 		$ids = array_unique($ids);
+		$ids = array_map('intval', $ids);
+	}
+	else
+	{
+		$ids = array((int) $ids);
 	}
 
 	if (!sizeof($ids))
@@ -699,7 +705,9 @@ function delete_attachments($mode, $ids, $resync = true)
 	}
 
 	// Delete attachments
-	$db->sql_query('DELETE FROM ' . ATTACHMENTS_TABLE . ' WHERE ' . $sql_id . ' IN (' . implode(', ', $ids) . ')');
+	$sql = 'DELETE FROM ' . ATTACHMENTS_TABLE . '
+		WHERE ' . $sql_id . ' IN (' . implode(', ', $ids) . ')';
+	$db->sql_query($sql);
 	$num_deleted = $db->sql_affectedrows();
 
 	if (!$num_deleted)
@@ -744,9 +752,10 @@ function delete_attachments($mode, $ids, $resync = true)
 	{
 		if ($mode == 'post' || $mode == 'topic')
 		{
-			$db->sql_query('UPDATE ' . POSTS_TABLE . ' 
+			$sql = 'UPDATE ' . POSTS_TABLE . ' 
 				SET post_attachment = 0
-				WHERE post_id IN (' . implode(', ', $post_ids) . ')');
+				WHERE post_id IN (' . implode(', ', $post_ids) . ')';
+			$db->sql_query($sql);
 		}
 
 		if ($mode == 'user' || $mode == 'attach')
@@ -766,11 +775,13 @@ function delete_attachments($mode, $ids, $resync = true)
 			$db->sql_freeresult($result);
 
 			$unset_ids = array_diff($post_ids, $remaining);
+
 			if (sizeof($unset_ids))
 			{
-				$db->sql_query('UPDATE ' . POSTS_TABLE . ' 
+				$sql = 'UPDATE ' . POSTS_TABLE . ' 
 					SET post_attachment = 0
-					WHERE post_id IN (' . implode(', ', $unset_ids) . ')');
+					WHERE post_id IN (' . implode(', ', $unset_ids) . ')';
+				$db->sql_query($sql);
 			}
 
 			$remaining = array();
@@ -788,11 +799,13 @@ function delete_attachments($mode, $ids, $resync = true)
 			$db->sql_freeresult($result);
 
 			$unset_ids = array_diff($post_ids, $remaining);
+
 			if (sizeof($unset_ids))
 			{
-				$db->sql_query('UPDATE ' . PRIVMSGS_TABLE . ' 
+				$sql = 'UPDATE ' . PRIVMSGS_TABLE . ' 
 					SET message_attachment = 0
-					WHERE msg_id IN (' . implode(', ', $unset_ids) . ')');
+					WHERE msg_id IN (' . implode(', ', $unset_ids) . ')';
+				$db->sql_query($sql);
 			}
 		}
 	}
@@ -802,9 +815,10 @@ function delete_attachments($mode, $ids, $resync = true)
 		// Update topic indicator
 		if ($mode == 'topic')
 		{
-			$db->sql_query('UPDATE ' . TOPICS_TABLE . '
+			$sql = 'UPDATE ' . TOPICS_TABLE . '
 				SET topic_attachment = 0
-				WHERE topic_id IN (' . implode(', ', $topic_ids) . ')');
+				WHERE topic_id IN (' . implode(', ', $topic_ids) . ')';
+			$db->sql_query($sql);
 		}
 
 		if ($mode == 'post' || $mode == 'user' || $mode == 'attach')
@@ -823,11 +837,13 @@ function delete_attachments($mode, $ids, $resync = true)
 			$db->sql_freeresult($result);
 
 			$unset_ids = array_diff($topic_ids, $remaining);
+
 			if (sizeof($unset_ids))
 			{
-				$db->sql_query('UPDATE ' . TOPICS_TABLE . ' 
+				$sql = 'UPDATE ' . TOPICS_TABLE . ' 
 					SET topic_attachment = 0
-					WHERE topic_id IN (' . implode(', ', $unset_ids) . ')');
+					WHERE topic_id IN (' . implode(', ', $unset_ids) . ')';
+				$db->sql_query($sql);
 			}
 		}
 	}
@@ -840,7 +856,7 @@ function delete_attachments($mode, $ids, $resync = true)
 */
 function delete_topic_shadows($max_age, $forum_id = '', $auto_sync = true)
 {
-	$where = (is_array($forum_id)) ? 'AND t.forum_id IN (' . implode(', ', $forum_id) . ')' : (($forum_id) ? "AND t.forum_id = $forum_id" : '');
+	$where = (is_array($forum_id)) ? 'AND t.forum_id IN (' . implode(', ', array_map('intval', $forum_id)) . ')' : (($forum_id) ? 'AND t.forum_id = ' . (int) $forum_id : '');
 
 	switch (SQL_LAYER)
 	{
@@ -867,6 +883,7 @@ function delete_topic_shadows($max_age, $forum_id = '', $auto_sync = true)
 			{
 				$topic_ids[] = $row['topic_id'];
 			}
+			$db->sql_freeresult($result);
 
 			if (sizeof($topic_ids))
 			{
@@ -874,6 +891,7 @@ function delete_topic_shadows($max_age, $forum_id = '', $auto_sync = true)
 					WHERE topic_id IN (' . implode(',', $topic_ids) . ')';
 				$db->sql_query($sql);
 			}
+		break;
 	}
 
 	if ($auto_sync)
@@ -965,19 +983,23 @@ function phpbb_unlink($filename, $mode = 'file')
 /**
 * All-encompasing sync function
 *
-* Usage:
+* Exaples:
-* sync('topic', 'topic_id', 123);			<= resync topic #123
+* <code>
-* sync('topic', 'forum_id', array(2, 3));	<= resync topics from forum #2 and #3
+* sync('topic', 'topic_id', 123);			// resync topic #123
-* sync('topic');							<= resync all topics
+* sync('topic', 'forum_id', array(2, 3));	// resync topics from forum #2 and #3
-* sync('topic', 'range', 'topic_id BETWEEN 1 AND 60');	<= resync a range of topics/forums (only available for 'topic' and 'forum' modes)
+* sync('topic');							// resync all topics
+* sync('topic', 'range', 'topic_id BETWEEN 1 AND 60');	// resync a range of topics/forums (only available for 'topic' and 'forum' modes)
+* </code>
 *
 * Modes:
+* - forum				Resync complete forum
+* - topic				Resync topics
 * - topic_moved			Removes topic shadows that would be in the same forum as the topic they link to
 * - topic_approved		Resyncs the topic_approved flag according to the status of the first post
 * - post_reported		Resyncs the post_reported flag, relying on actual reports
 * - topic_reported		Resyncs the topic_reported flag, relying on post_reported flags
-* - post_attachement	Same as post_reported, thanks to a quick Search/Replace
+* - post_attachement	Same as post_reported, but with attachment flags
-* - topic_attachement	Same as topic_reported, thanks to a quick Search/Replace
+* - topic_attachement	Same as topic_reported, but with attachment flags
 */
 function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false, $sync_extra = false)
 {
@@ -986,10 +1008,11 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 	if (is_array($where_ids))
 	{
 		$where_ids = array_unique($where_ids);
+		$where_ids = array_map('intval', $where_ids);
 	}
 	else if ($where_type != 'range')
 	{
-		$where_ids = ($where_ids) ? array($where_ids) : array();
+		$where_ids = ($where_ids) ? array((int) $where_ids) : array();
 	}
 
 	if ($mode == 'forum' || $mode == 'topic')
@@ -1055,21 +1078,23 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 							AND t1.forum_id = t2.forum_id";
 					$result = $db->sql_query($sql);
 
-					if ($row = $db->sql_fetchrow($result))
-					{
 					$topic_id_ary = array();
-						do
+					while ($row = $db->sql_fetchrow($result))
 					{
 						$topic_id_ary[] = $row['topic_id'];
 					}
-						while ($row = $db->sql_fetchrow($result));
+					$db->sql_freeresult($result);
+
+					if (!sizeof($topic_id_ary))
+					{
+						return;
+					}
 
 					$sql = 'DELETE FROM ' . TOPICS_TABLE . '
 						WHERE topic_id IN (' . implode(', ', $topic_id_ary) . ')';
 					$db->sql_query($sql);
-						unset($topic_id_ary);
+
-					}
+				break;
-					$db->sql_freeresult($result);
 			}
 		break;
 
@@ -1107,6 +1132,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 						SET topic_approved = 1 - topic_approved
 						WHERE topic_id IN (' . implode(', ', $topic_ids) . ')';
 					$db->sql_query($sql);
+				break;
 			}
 		break;
 
@@ -1118,6 +1144,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 				$where_sql
 				GROUP BY p.post_id, p.post_reported";
 			$result = $db->sql_query($sql);
+
 			while ($row = $db->sql_fetchrow($result))
 			{
 				$post_ids[$row['post_id']] = $row['post_id'];
@@ -1126,6 +1153,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 					$post_reported[$row['post_id']] = 1;
 				}
 			}
+			$db->sql_freeresult($result);
 
 			$sql = 'SELECT DISTINCT(post_id)
 				FROM ' . REPORTS_TABLE . '
@@ -1144,6 +1172,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 					unset($post_reported[$row['post_id']]);
 				}
 			}
+			$db->sql_freeresult($result);
 
 			// $post_reported should be empty by now, if it's not it contains
 			// posts that are falsely flagged as reported
@@ -1173,15 +1202,18 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 				FROM ' . POSTS_TABLE . " t
 				$where_sql_and t.post_reported = 1";
 			$result = $db->sql_query($sql);
+
 			while ($row = $db->sql_fetchrow($result))
 			{
 				$topic_reported[$row['topic_id']] = 1;
 			}
+			$db->sql_freeresult($result);
 
 			$sql = 'SELECT t.topic_id, t.topic_reported
 				FROM ' . TOPICS_TABLE . " t
 				$where_sql";
 			$result = $db->sql_query($sql);
+
 			while ($row = $db->sql_fetchrow($result))
 			{
 				if ($row['topic_reported'] ^ isset($topic_reported[$row['topic_id']]))
@@ -1189,6 +1221,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 					$topic_ids[] = $row['topic_id'];
 				}
 			}
+			$db->sql_freeresult($result);
 
 			if (sizeof($topic_ids))
 			{
@@ -1207,6 +1240,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 				$where_sql
 				GROUP BY p.post_id, p.post_attachment";
 			$result = $db->sql_query($sql);
+
 			while ($row = $db->sql_fetchrow($result))
 			{
 				$post_ids[$row['post_id']] = $row['post_id'];
@@ -1215,14 +1249,15 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 					$post_attachment[$row['post_id']] = 1;
 				}
 			}
+			$db->sql_freeresult($result);
 
 			$sql = 'SELECT DISTINCT(post_msg_id)
 				FROM ' . ATTACHMENTS_TABLE . '
 				WHERE post_msg_id IN (' . implode(', ', $post_ids) . ')
 					AND in_message = 0';
+			$result = $db->sql_query($sql);
 
 			$post_ids = array();
-			$result = $db->sql_query($sql);
 			while ($row = $db->sql_fetchrow($result))
 			{
 				if (!isset($post_attachment[$row['post_id']]))
@@ -1234,6 +1269,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 					unset($post_attachment[$row['post_id']]);
 				}
 			}
+			$db->sql_freeresult($result);
 
 			// $post_attachment should be empty by now, if it's not it contains
 			// posts that are falsely flagged as having attachments
@@ -1263,15 +1299,18 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 				FROM ' . POSTS_TABLE . " t
 				$where_sql_and t.post_attachment = 1";
 			$result = $db->sql_query($sql);
+
 			while ($row = $db->sql_fetchrow($result))
 			{
 				$topic_attachment[$row['topic_id']] = 1;
 			}
+			$db->sql_freeresult($result);
 
 			$sql = 'SELECT t.topic_id, t.topic_attachment
 				FROM ' . TOPICS_TABLE . " t
 				$where_sql";
 			$result = $db->sql_query($sql);
+
 			while ($row = $db->sql_fetchrow($result))
 			{
 				if ($row['topic_attachment'] ^ isset($topic_attachment[$row['topic_id']]))
@@ -1279,6 +1318,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 					$topic_ids[] = $row['topic_id'];
 				}
 			}
+			$db->sql_freeresult($result);
 
 			if (sizeof($topic_ids))
 			{
@@ -1290,6 +1330,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 		break;
 
 		case 'forum':
+
 			// 1: Get the list of all forums
 			$sql = 'SELECT f.*
 				FROM ' . FORUMS_TABLE . " f
@@ -1316,6 +1357,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 				$forum_data[$forum_id]['last_poster_id'] = 0;
 				$forum_data[$forum_id]['last_poster_name'] = '';
 			}
+			$db->sql_freeresult($result);
 
 			// 2: Get topic counts for each forum
 			$sql = 'SELECT forum_id, topic_approved, COUNT(topic_id) AS forum_topics
@@ -1323,6 +1365,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 				WHERE forum_id IN (' . implode(', ', $forum_ids) . ')
 				GROUP BY forum_id, topic_approved';
 			$result = $db->sql_query($sql);
+
 			while ($row = $db->sql_fetchrow($result))
 			{
 				$forum_id = (int) $row['forum_id'];
@@ -1333,6 +1376,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 					$forum_data[$forum_id]['topics'] = $row['forum_topics'];
 				}
 			}
+			$db->sql_freeresult($result);
 
 			// 3: Get post count and last_post_id for each forum
 			$sql = 'SELECT forum_id, COUNT(post_id) AS forum_posts, MAX(post_id) AS last_post_id
@@ -1341,15 +1385,17 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 					AND post_approved = 1
 				GROUP BY forum_id';
 			$result = $db->sql_query($sql);
+
 			while ($row = $db->sql_fetchrow($result))
 			{
 				$forum_id = (int) $row['forum_id'];
 
-				$forum_data[$forum_id]['posts'] = intval($row['forum_posts']);
+				$forum_data[$forum_id]['posts'] = (int) $row['forum_posts'];
-				$forum_data[$forum_id]['last_post_id'] = intval($row['last_post_id']);
+				$forum_data[$forum_id]['last_post_id'] = (int) $row['last_post_id'];
 
 				$post_ids[] = $row['last_post_id'];
 			}
+			$db->sql_freeresult($result);
 
 			// 4: Retrieve last_post infos
 			if (sizeof($post_ids))
@@ -1359,9 +1405,10 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 					WHERE p.post_id IN (' . implode(', ', $post_ids) . ')
 						AND p.poster_id = u.user_id';
 				$result = $db->sql_query($sql);
+
 				while ($row = $db->sql_fetchrow($result))
 				{
-					$post_info[intval($row['post_id'])] = $row;
+					$post_info[$row['post_id']] = $row;
 				}
 				$db->sql_freeresult($result);
 
@@ -1393,7 +1440,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 
 			foreach ($forum_data as $forum_id => $row)
 			{
-				$sql = array();
+				$sql_ary = array();
 
 				foreach ($fieldnames as $fieldname)
 				{
@@ -1401,19 +1448,19 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 					{
 						if (preg_match('#name$#', $fieldname))
 						{
-							$sql['forum_' . $fieldname] = (string) $row[$fieldname];
+							$sql_ary['forum_' . $fieldname] = (string) $row[$fieldname];
 						}
 						else
 						{
-							$sql['forum_' . $fieldname] = (int) $row[$fieldname];
+							$sql_ary['forum_' . $fieldname] = (int) $row[$fieldname];
 						}
 					}
 				}
 
-				if (sizeof($sql))
+				if (sizeof($sql_ary))
 				{
 					$sql = 'UPDATE ' . FORUMS_TABLE . '
-						SET ' . $db->sql_build_array('UPDATE', $sql) . '
+						SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
 						WHERE forum_id = ' . $forum_id;
 					$db->sql_query($sql);
 				}
@@ -1519,6 +1566,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 				delete_topics($where_type, $where_ids, true);
 				return;
 			}
+
 			if (sizeof($delete_topics))
 			{
 				$delete_topic_ids = array();
@@ -1553,6 +1601,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 					$topic_data[$topic_id]['poster'] = $row['poster_id'];
 					$topic_data[$topic_id]['first_poster_name'] = ($row['poster_id'] == ANONYMOUS) ? $row['post_username'] : $row['username'];
 				}
+
 				if ($row['post_id'] == $topic_data[$topic_id]['last_post_id'])
 				{
 					$topic_data[$topic_id]['last_poster_id'] = $row['poster_id'];
@@ -1612,20 +1661,20 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 
 			foreach ($topic_data as $topic_id => $row)
 			{
-				$sql = array();
+				$sql_ary = array();
 
 				foreach ($fieldnames as $fieldname)
 				{
 					if ($row['topic_' . $fieldname] != $row[$fieldname])
 					{
-						$sql['topic_' . $fieldname] = $row[$fieldname];
+						$sql_ary['topic_' . $fieldname] = $row[$fieldname];
 					}
 				}
 
-				if (sizeof($sql))
+				if (sizeof($sql_ary))
 				{
 					$sql = 'UPDATE ' . TOPICS_TABLE . '
-						SET ' . $db->sql_build_array('UPDATE', $sql) . '
+						SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
 						WHERE topic_id = ' . $topic_id;
 					$db->sql_query($sql);
 
@@ -1643,6 +1692,8 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 			}
 		break;
 	}
+
+	return;
 }
 
 /**
@@ -1652,7 +1703,7 @@ function prune($forum_id, $prune_mode, $prune_date, $prune_flags = 0, $auto_sync
 {
 	global $db;
 
-	$sql_forum = (is_array($forum_id)) ? ' IN (' . implode(',', $forum_id) . ')' : " = $forum_id";
+	$sql_forum = (is_array($forum_id)) ? ' IN (' . implode(', ', array_map('intval', $forum_id)) . ')' : ' = ' . (int) $forum_id;
 
 	$sql_and = '';
 	if (!($prune_flags & 4))
@@ -1722,8 +1773,10 @@ function auto_prune($forum_id, $prune_mode, $prune_flags, $prune_days, $prune_fr
 		FROM ' . FORUMS_TABLE . "
 		WHERE forum_id = $forum_id";
 	$result = $db->sql_query($sql, 3600);
+	$row = $db->sql_fetchrow($result);
+	$db->sql_freeresult($result);
 
-	if ($row = $db->sql_fetchrow($result))
+	if ($row)
 	{
 		$prune_date = time() - ($prune_days * 86400);
 		$next_prune = time() + ($prune_freq * 86400);
@@ -1737,7 +1790,6 @@ function auto_prune($forum_id, $prune_mode, $prune_flags, $prune_days, $prune_fr
 
 		add_log('admin', 'LOG_AUTO_PRUNE', $row['forum_name']);
 	}
-	$db->sql_freeresult($result);
 
 	return;
 }
@@ -1806,6 +1858,7 @@ function split_sql_file($sql, $delimiter)
 	{
 		unset($data[key($data)]);
 	}
+
 	return $data;
 }
 
@@ -1980,11 +2033,11 @@ function cache_moderators()
 */
 function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id = 0, $topic_id = 0, $user_id = 0, $limit_days = 0, $sort_by = 'l.log_time DESC')
 {
-	global $db, $user, $auth, $phpEx, $SID, $phpbb_root_path, $phpbb_admin_path;
+	global $db, $user, $auth, $phpEx, $phpbb_root_path, $phpbb_admin_path;
 
 	$topic_id_list = $reportee_id_list = $is_auth = $is_mod = array();
 
-	$profile_url = (defined('IN_ADMIN')) ? "{$phpbb_admin_path}index.$phpEx$SID&amp;i=users&amp;mode=overview" : "{$phpbb_root_path}memberlist.$phpEx$SID&amp;mode=viewprofile";
+	$profile_url = (defined('IN_ADMIN')) ? append_sid("{$phpbb_admin_path}index.$phpEx", 'i=users&amp;mode=overview') : append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile');
 
 	switch ($mode)
 	{
@@ -2054,10 +2107,8 @@ function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id
 
 		$log[$i] = array(
 			'id'				=> $row['log_id'],
-			
 			'reportee_id'		=> $row['reportee_id'],
 			'reportee_username'	=> '',
-
 			'user_id'			=> $row['user_id'],
 			'username'			=> '<a href="' . $profile_url . '&amp;u=' . $row['user_id'] . '">' . $row['username'] . '</a>',
 			'ip'				=> $row['log_ip'],
@@ -2065,13 +2116,13 @@ function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id
 			'forum_id'			=> $row['forum_id'],
 			'topic_id'			=> $row['topic_id'],
 
-			'viewforum'			=> ($row['forum_id'] && $auth->acl_get('f_read', $row['forum_id'])) ? "{$phpbb_root_path}viewforum.$phpEx$SID&amp;f=" . $row['forum_id'] : '',
+			'viewforum'			=> ($row['forum_id'] && $auth->acl_get('f_read', $row['forum_id'])) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $row['forum_id']) : '',
 			'action'			=> (isset($user->lang[$row['log_operation']])) ? $user->lang[$row['log_operation']] : '{' . ucfirst(str_replace('_', ' ', $row['log_operation'])) . '}',
 		);
 
 		if (!empty($row['log_data']))
 		{
-			$log_data_ary = unserialize(stripslashes($row['log_data']));
+			$log_data_ary = unserialize($row['log_data']);
 
 			if (isset($user->lang[$row['log_operation']]))
 			{
@@ -2097,19 +2148,39 @@ function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id
 		$topic_id_list = array_unique($topic_id_list);
 
 		// This query is not really needed if move_topics() updates the forum_id field, 
-		// altough it's also used to determine if the topic still exists in the database
+		// although it's also used to determine if the topic still exists in the database
 		$sql = 'SELECT topic_id, forum_id
 			FROM ' . TOPICS_TABLE . '
 			WHERE topic_id IN (' . implode(', ', array_map('intval', $topic_id_list)) . ')';
 		$result = $db->sql_query($sql);
 
+		$default_forum_id = 0;
+
 		while ($row = $db->sql_fetchrow($result))
+		{
+			if (!$row['forum_id'])
+			{
+				if ($auth->acl_getf_global('f_read'))
+				{
+					if (!$default_forum_id)
+					{
+						$sql = 'SELECT forum_id
+							FROM ' . FORUMS_TABLE . '
+							WHERE forum_type = ' . FORUM_POST;
+						$f_result = $db->sql_query_limit($sql, 1);
+						$default_forum_id = (int) $db->sql_fetchfield('forum_id', false, $f_result);
+						$db->sql_freeresult($f_result);
+					}
+
+					$is_auth[$row['topic_id']] = $default_forum_id;
+				}
+			}
+			else
 			{
 				if ($auth->acl_get('f_read', $row['forum_id']))
 				{
-				// DEBUG!! - global topic
+					$is_auth[$row['topic_id']] = $row['forum_id'];
-				$config['default_forum_id'] = 2;
+				}
-				$is_auth[$row['topic_id']] = ($row['forum_id']) ? $row['forum_id'] : $config['default_forum_id'];
 			}
 
 			if ($auth->acl_gets('a_', 'm_', $row['forum_id']))
@@ -2117,11 +2188,12 @@ function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id
 				$is_mod[$row['topic_id']] = $row['forum_id'];
 			}
 		}
+		$db->sql_freeresult($result);
 
 		foreach ($log as $key => $row)
 		{
-			$log[$key]['viewtopic'] = (isset($is_auth[$row['topic_id']])) ? "{$phpbb_root_path}viewtopic.$phpEx$SID&amp;f=" . $is_auth[$row['topic_id']] . '&amp;t=' . $row['topic_id'] : '';
+			$log[$key]['viewtopic'] = (isset($is_auth[$row['topic_id']])) ? append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $is_auth[$row['topic_id']] . '&amp;t=' . $row['topic_id']) : '';
-			$log[$key]['viewlogs'] = (isset($is_mod[$row['topic_id']])) ? "{$phpbb_root_path}mcp.$phpEx$SID&amp;i=logs&amp;mode=topic_logs&amp;t=" . $row['topic_id'] : '';
+			$log[$key]['viewlogs'] = (isset($is_mod[$row['topic_id']])) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=logs&amp;mode=topic_logs&amp;t=' . $row['topic_id'], true, $user->session_id) : '';
 		}
 	}
 
@@ -2149,12 +2221,9 @@ function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id
 			AND l.log_time >= $limit_days
 			$sql_forum";
 	$result = $db->sql_query($sql);
-
+	$log_count = (int) $db->sql_fetchfield('total_entries');
-	$row = $db->sql_fetchrow($result);
 	$db->sql_freeresult($result);
 
-	$log_count =  $row['total_entries'];
-
 	return;
 }
 
@@ -2171,7 +2240,6 @@ function view_warned_users(&$users, &$user_count, $limit = 0, $offset = 0, $limi
 		' . (($limit_days) ? "AND user_last_warning >= $limit_days" : '') . "
 		ORDER BY $sort_by";
 	$result = $db->sql_query_limit($sql, $limit, $offset);
-
 	$users = $db->sql_fetchrowset($result);
 	$db->sql_freeresult($result);
 
@@ -2179,14 +2247,10 @@ function view_warned_users(&$users, &$user_count, $limit = 0, $offset = 0, $limi
 		FROM ' . USERS_TABLE . '
 		WHERE user_warnings > 0
 		' . (($limit_days) ? "AND user_last_warning >= $limit_days" : '');
-
 	$result = $db->sql_query($sql);
-
+	$user_count = (int) $db->sql_fetchfield('user_count');
-	$row = $db->sql_fetchrow($result);
 	$db->sql_freeresult($result);
 
-	$user_count = $row['user_count'];
-
 	return;
 }
 
@@ -2198,13 +2262,15 @@ function get_database_size()
 {
 	global $db, $user, $table_prefix;
 	
-	// This code is heavily influenced by a similar routine
+	// This code is heavily influenced by a similar routine in phpMyAdmin 2.2.0
-	// in phpMyAdmin 2.2.0
 	if (preg_match('#^mysql#', SQL_LAYER))
 	{
-		$result = $db->sql_query('SELECT VERSION() AS mysql_version');
+		$sql = 'SELECT VERSION() AS mysql_version';
+		$result = $db->sql_query($sql);
+		$row = $db->sql_fetchrow($result);
+		$db->sql_freeresult($result);
 
-		if ($row = $db->sql_fetchrow($result))
+		if ($row)
 		{
 			$version = $row['mysql_version'];
 
@@ -2251,7 +2317,6 @@ function get_database_size()
 		$sql = 'SELECT ((SUM(size) * 8.0) * 1024.0) as dbsize
 			FROM sysfiles';
 		$result = $db->sql_query($sql);
-
 		$dbsize = ($row = $db->sql_fetchrow($result)) ? intval($row['dbsize']) : $user->lang['NOT_AVAILABLE'];
 		$db->sql_freeresult($result);
 	}

phpBB/includes/functions_compress.php

@@ -16,6 +16,9 @@ class compress
 {
 	var $fp = 0;
 
+	/**
+	* Add file to archive
+	*/
 	function add_file($src, $src_rm_prefix = '', $src_add_prefix = '', $skip_files = '')
 	{
 		global $phpbb_root_path;
@@ -68,17 +71,23 @@ class compress
 					$this->data("$src_path$path$file", file_get_contents("$phpbb_root_path$src$path$file"), false, stat("$phpbb_root_path$src$path$file"));
 				}
 			}
-
 		}
+
 		return true;
 	}
 
+	/**
+	* Add custom file (the filepath will not be adjusted)
+	*/
 	function add_custom_file($src, $filename)
 	{
 		$this->data($filename, file_get_contents($src), false, stat($src));
 		return true;
 	}
 
+	/**
+	* Add file data
+	*/
 	function add_data($src, $name)
 	{
 		$stat = array();
@@ -90,6 +99,9 @@ class compress
 		return true;
 	}
 
+	/**
+	* Return available methods
+	*/
 	function methods()
 	{
 		$methods = array('.tar');
@@ -111,7 +123,7 @@ class compress
 /**
 * @package phpBB3
 *
-* Zip creation class from phpMyAdmin 2.3.0 © Tobias Ratschiller, Olivier Müller, Loïc Chapeaux, 
+* Zip creation class from phpMyAdmin 2.3.0 (c) Tobias Ratschiller, Olivier Müller, Loïc Chapeaux, 
 * Marc Delisle, http://www.phpmyadmin.net/
 *
 * Zip extraction function by Alexandre Tedeschi, alexandrebr at gmail dot com
@@ -130,11 +142,17 @@ class compress_zip extends compress
 	var $old_offset = 0;
 	var $datasec_len = 0;
 
+	/**
+	* Constructor
+	*/
 	function compress_zip($mode, $file)
 	{
 		return $this->fp = @fopen($file, $mode . 'b');
 	}
 
+	/**
+	* Convert unix to dos time
+	*/
 	function unix_to_dos_time($time)
 	{
 		$timearray = (!$time) ? getdate() : getdate($time);
@@ -149,6 +167,9 @@ class compress_zip extends compress
 		return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) | ($timearray['hours'] << 11) | ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1);
 	}
 
+	/**
+	* Extract archive
+	*/
 	function extract($dst)
 	{		
 		// Loop the file, looking for files and folders
@@ -276,10 +297,14 @@ class compress_zip extends compress
 					trigger_error("Unexpected header, ending loop");
 				break 2;
 			}
+
 			$dd_try = false;
 		}
 	}
 
+	/**
+	* Close archive
+	*/
 	function close()
 	{
 		// Write out central file directory and footer ... if it exists
@@ -290,7 +315,9 @@ class compress_zip extends compress
 		fclose($this->fp);
 	}
 
-	// Create the structures ... note we assume version made by is MSDOS
+	/**
+	* Create the structures ... note we assume version made by is MSDOS
+	*/
 	function data($name, $data, $is_dir = false, $stat)
 	{
 		$name = str_replace('\\', '/', $name);
@@ -327,6 +354,7 @@ class compress_zip extends compress
 
 		// Are we a file or a directory? Set archive for file
 		$attrib = ($is_dir) ? 16 : 32;
+
 		// File Record Header
 		$fr = "\x50\x4b\x03\x04";		// Local file header 4bytes
 		$fr .= pack('v', $var_ext);		// ver needed to extract 2bytes
@@ -374,6 +402,9 @@ class compress_zip extends compress
 		$this->old_offset = $this->datasec_len;
 	}
 
+	/**
+	* file
+	*/
 	function file()
 	{
 		$ctrldir = implode('', $this->ctrl_dir);
@@ -386,6 +417,9 @@ class compress_zip extends compress
 			"\x00\x00";								// .zip file comment length
 	}
 
+	/**
+	* Download archive
+	*/
 	function download($filename)
 	{
 		global $phpbb_root_path;
@@ -409,7 +443,7 @@ class compress_zip extends compress
 * @package phpBB3
 *
 * Tar/tar.gz compression routine
-* Header/checksum creation derived from tarfile.pl, © Tom Horsley, 1994
+* Header/checksum creation derived from tarfile.pl, (c) Tom Horsley, 1994
 */
 class compress_tar extends compress 
 {
@@ -420,6 +454,9 @@ class compress_tar extends compress
 	var $type = '';
 	var $wrote = false;
 
+	/**
+	* Constructor
+	*/
 	function compress_tar($mode, $file, $type = '')
 	{
 		$type = (!$type) ? $file : $type;
@@ -432,6 +469,9 @@ class compress_tar extends compress
 		$this->open();
 	}
 
+	/**
+	* Extract archive
+	*/
 	function extract($dst)
 	{
 		$fzread = ($this->isbz && function_exists('bzread')) ? 'bzread' : (($this->isgz && extension_loaded('zlib')) ? 'gzread' : 'fread');
@@ -491,6 +531,9 @@ class compress_tar extends compress
 		}
 	}
 
+	/**
+	* Close archive
+	*/
 	function close()
 	{
 		$fzclose = ($this->isbz && function_exists('bzclose')) ? 'bzclose' : (($this->isgz && extension_loaded('zlib')) ? 'gzclose' : 'fclose');
@@ -498,12 +541,17 @@ class compress_tar extends compress
 		if ($this->wrote) 
 		{
 			$fzwrite = ($this->isbz && function_exists('bzwrite')) ? 'bzwrite' : (($this->isgz && extension_loaded('zlib')) ? 'gzwrite' : 'fwrite');
-			$fzwrite($this->fp, pack("a512", "")); // Symbolizes that there are no more files
+
+			// Symbolizes that there are no more files
+			$fzwrite($this->fp, pack("a512", ""));
 		}
 
 		$fzclose($this->fp);
 	}
 
+	/**
+	* Create the structures
+	*/
 	function data($name, $data, $is_dir = false, $stat)
 	{
 		$this->wrote = true;
@@ -547,6 +595,9 @@ class compress_tar extends compress
 		unset($data);
 	}
 
+	/**
+	* Open archive
+	*/
 	function open()
 	{
 		$fzopen = ($this->isbz && function_exists('bzopen')) ? 'bzopen' : (($this->isgz && extension_loaded('zlib')) ? 'gzopen' : 'fopen');
@@ -558,6 +609,9 @@ class compress_tar extends compress
 		}
 	}
 
+	/**
+	* Download archive
+	*/
 	function download($filename)
 	{
 		global $phpbb_root_path;

phpBB/includes/functions_display.php

@@ -14,7 +14,7 @@
 function display_forums($root_data = '', $display_moderators = true, $return_moderators = false)
 {
 	global $db, $auth, $user, $template;
-	global $phpbb_root_path, $phpEx, $SID, $config;
+	global $phpbb_root_path, $phpEx, $config;
 
 	$forum_rows = $subforums = $forum_ids = $forum_ids_moderator = $forum_moderators = $active_forum_ary = array();
 	$parent_id = $visible_forums = 0;
@@ -56,11 +56,12 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 		$sql_from = FORUMS_TABLE . ' f ';
 		$lastread_select = $sql_lastread = '';
 
-		$tracking_topics = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? unserialize(stripslashes($_COOKIE[$config['cookie_name'] . '_track'])) : array();
+		$tracking_topics = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : '';
+		$tracking_topics = ($tracking_topics) ? unserialize($tracking_topics) : array();
 
 		if (!$user->data['is_registered'])
 		{
-			$user->data['user_lastmark'] = (isset($tracking_topics['l'])) ? base_convert($tracking_topics['l'], 36, 10) + $config['board_startdate'] : 0;
+			$user->data['user_lastmark'] = (isset($tracking_topics['l'])) ? (int) (base_convert($tracking_topics['l'], 36, 10) + $config['board_startdate']) : 0;
 		}
 	}
 
@@ -119,9 +120,9 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 		{
 			if (!$user->data['is_registered'])
 			{
-				$user->data['user_lastmark'] = (isset($tracking_topics['l'])) ? base_convert($tracking_topics['l'], 36, 10) + $config['board_startdate'] : 0;
+				$user->data['user_lastmark'] = (isset($tracking_topics['l'])) ? (int) (base_convert($tracking_topics['l'], 36, 10) + $config['board_startdate']) : 0;
 			}
-			$forum_tracking_info[$forum_id] = (isset($tracking_topics['f'][$forum_id])) ? base_convert($tracking_topics['f'][$forum_id], 36, 10) + $config['board_startdate'] : $user->data['user_lastmark'];
+			$forum_tracking_info[$forum_id] = (isset($tracking_topics['f'][$forum_id])) ? (int) (base_convert($tracking_topics['f'][$forum_id], 36, 10) + $config['board_startdate']) : $user->data['user_lastmark'];
 		}
 
 		// Display active topics from this forum?
@@ -186,7 +187,6 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 		}
 
 		$forum_ids_moderator[$parent_id] = $forum_rows[$parent_id]['forum_id_last_post'];
-
 	}
 	$db->sql_freeresult($result);
 
@@ -209,9 +209,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 		}
 
 		meta_refresh(3, $redirect);
-		
+		trigger_error($user->lang['FORUMS_MARKED'] . '<br /><br />' . $message);
-		$message = $user->lang['FORUMS_MARKED'] . '<br /><br />' . $message;
-		trigger_error($message);
 	}
 
 	// Grab moderators ... if necessary
@@ -236,7 +234,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 				'FORUM_DESC'			=> generate_text_for_display($row['forum_desc'], $row['forum_desc_uid'], $row['forum_desc_bitfield']),
 				'FORUM_FOLDER_IMG'		=> ($row['forum_image']) ? '<img src="' . $phpbb_root_path . $row['forum_image'] . '" alt="' . $user->lang['FORUM_CAT'] . '" />' : '',
 				'FORUM_FOLDER_IMG_SRC'	=> ($row['forum_image']) ? $phpbb_root_path . $row['forum_image'] : '',
-				'U_VIEWFORUM'			=>	"{$phpbb_root_path}viewforum.$phpEx$SID&amp;f=" . $row['forum_id'])
+				'U_VIEWFORUM'			=> append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $row['forum_id']))
 			);
 
 			continue;
@@ -263,7 +261,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 				if ($subforum_row['display'] && $subforum_row['name'])
 				{
 					$subforums_list .= ($subforums_list == '') ? '' : ', ';
-					$subforums_list .= '<a href="' . $phpbb_root_path . "viewforum.$phpEx$SID&amp;f=$subforum_id\">{$subforum_row['name']}</a>";
+					$subforums_list .= '<a href="' . append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $subforum_id) . '">' . $subforum_row['name'] . '</a>';
 				}
 				else
 				{
@@ -305,9 +303,9 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 			$last_post_time = $user->format_date($row['forum_last_post_time']);
 
 			$last_poster = ($row['forum_last_poster_name'] != '') ? $row['forum_last_poster_name'] : $user->lang['GUEST'];
-			$last_poster_url = ($row['forum_last_poster_id'] == ANONYMOUS) ? '' : "{$phpbb_root_path}memberlist.$phpEx$SID&amp;mode=viewprofile&amp;u={$row['forum_last_poster_id']}";
+			$last_poster_url = ($row['forum_last_poster_id'] == ANONYMOUS) ? '' : append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&amp;u=' . $row['forum_last_poster_id']);
 
-			$last_post_url = "{$phpbb_root_path}viewtopic.$phpEx$SID&amp;f=" . $row['forum_id_last_post'] . '&amp;p=' . $row['forum_last_post_id'] . '#p' . $row['forum_last_post_id'];
+			$last_post_url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $row['forum_id_last_post'] . '&amp;p=' . $row['forum_last_post_id']) . '#p' . $row['forum_last_post_id'];
 		}
 		else
 		{
@@ -328,6 +326,8 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 		$template->assign_block_vars('forumrow', array(
 			'S_IS_CAT'			=> false,
 			'S_IS_LINK'			=> ($row['forum_type'] == FORUM_LINK) ? true : false,
+			'S_UNREAD_FORUM'	=> $forum_unread,
+			'S_LOCKED_FORUM'	=> ($row['forum_status'] == ITEM_LOCKED) ? true : false,
 
 			'FORUM_ID'				=> $row['forum_id'],
 			'FORUM_NAME'			=> $row['forum_name'],
@@ -345,19 +345,17 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 			'L_FORUM_FOLDER_ALT'	=> $folder_alt,
 			'L_MODERATOR_STR'		=> $l_moderator,
 
-			'U_VIEWFORUM'		=> ($row['forum_type'] != FORUM_LINK || $row['forum_flags'] & 1) ? "{$phpbb_root_path}viewforum.$phpEx$SID&amp;f={$row['forum_id']}" : $row['forum_link'],
+			'U_VIEWFORUM'		=> ($row['forum_type'] != FORUM_LINK || $row['forum_flags'] & 1) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $row['forum_id']) : $row['forum_link'],
 			'U_LAST_POSTER'		=> $last_poster_url,
-			'U_LAST_POST'		=> $last_post_url,
+			'U_LAST_POST'		=> $last_post_url)
-			)
 		);
 	}
 
 	$template->assign_vars(array(
-		'U_MARK_FORUMS'		=> "{$phpbb_root_path}viewforum.$phpEx$SID&amp;f=" . $root_data['forum_id'] . '&amp;mark=forums',
+		'U_MARK_FORUMS'		=> append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $root_data['forum_id'] . '&amp;mark=forums'),
 		'S_HAS_SUBFORUM'	=> ($visible_forums) ? true : false,
 		'L_SUBFORUM'		=> ($visible_forums == 1) ? $user->lang['SUBFORUM'] : $user->lang['SUBFORUMS'],
-		'LAST_POST_IMG'		=> $user->img('icon_post_latest', 'VIEW_LATEST_POST'),
+		'LAST_POST_IMG'		=> $user->img('icon_post_latest', 'VIEW_LATEST_POST'))
-		)
 	);
 
 	if ($return_moderators)
@@ -399,7 +397,7 @@ function generate_forum_rules(&$forum_data)
 function generate_forum_nav(&$forum_data)
 {
 	global $db, $user, $template, $auth;
-	global $phpEx, $SID, $phpbb_root_path;
+	global $phpEx, $phpbb_root_path;
 
 	if (!$auth->acl_get('f_list', $forum_data['forum_id']))
 	{
@@ -426,7 +424,7 @@ function generate_forum_nav(&$forum_data)
 			'S_IS_POST'		=> ($parent_type == FORUM_POST) ? true : false,
 			'FORUM_NAME'	=> $parent_name,
 			'FORUM_ID'		=> $parent_forum_id,
-			'U_VIEW_FORUM'	=> "{$phpbb_root_path}viewforum.$phpEx$SID&amp;f=$parent_forum_id")
+			'U_VIEW_FORUM'	=> append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $parent_forum_id))
 		);
 	}
 
@@ -436,7 +434,7 @@ function generate_forum_nav(&$forum_data)
 		'S_IS_POST'		=> ($forum_data['forum_type'] == FORUM_POST) ? true : false,
 		'FORUM_NAME'	=> $forum_data['forum_name'],
 		'FORUM_ID'		=> $forum_data['forum_id'],
-		'U_VIEW_FORUM'	=> "{$phpbb_root_path}viewforum.$phpEx$SID&amp;f=" . $forum_data['forum_id'])
+		'U_VIEW_FORUM'	=> append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_data['forum_id']))
 	);
 
 	$template->assign_vars(array(
@@ -495,9 +493,9 @@ function get_forum_parents(&$forum_data)
 */
 function topic_topic_author(&$topic_row)
 {
-	global $phpEx, $SID, $phpbb_root_path, $user;
+	global $phpEx, $phpbb_root_path, $user;
 
-	$topic_author = ($topic_row['topic_poster'] != ANONYMOUS) ? "<a href=\"{$phpbb_root_path}memberlist.$phpEx$SID&amp;mode=viewprofile&amp;u=" . $topic_row['topic_poster'] . '">' : '';
+	$topic_author = ($topic_row['topic_poster'] != ANONYMOUS) ? '<a href="' . append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&amp;u=' . $topic_row['topic_poster']) . '">' : '';
 	$topic_author .= ($topic_row['topic_poster'] != ANONYMOUS) ? $topic_row['topic_first_poster_name'] : (($topic_row['topic_first_poster_name'] != '') ? $topic_row['topic_first_poster_name'] : $user->lang['GUEST']);
 	$topic_author .= ($topic_row['topic_poster'] != ANONYMOUS) ? '</a>' : '';
 
@@ -519,7 +517,7 @@ function topic_generate_pagination($replies, $url)
 		$times = 1;
 		for ($j = 0; $j < $replies + 1; $j += $config['posts_per_page'])
 		{
-			$pagination .= "<a href=\"$url&amp;start=$j\">$times</a>";
+			$pagination .= '<a href="' . $url . '&amp;start=' . $j . '">' . $times . '</a>';
 			if ($times == 1 && $total_pages > 4)
 			{
 				$pagination .= ' ... ';
@@ -546,7 +544,7 @@ function topic_generate_pagination($replies, $url)
 */
 function get_moderators(&$forum_moderators, $forum_id = false)
 {
-	global $config, $template, $db, $phpbb_root_path, $phpEx, $SID;
+	global $config, $template, $db, $phpbb_root_path, $phpEx;
 
 	// Have we disabled the display of moderators? If so, then return
 	// from whence we came ...
@@ -577,7 +575,7 @@ function get_moderators(&$forum_moderators, $forum_id = false)
 
 	while ($row = $db->sql_fetchrow($result))
 	{
-		$forum_moderators[$row['forum_id']][] = (!empty($row['user_id'])) ? '<a href="' . $phpbb_root_path . "memberlist.$phpEx$SID&amp;mode=viewprofile&amp;u=" . $row['user_id'] . '">' . $row['username'] . '</a>' : '<a href="' . $phpbb_root_path . "memberlist.$phpEx$SID&amp;mode=group&amp;g=" . $row['group_id'] . '">' . $row['group_name'] . '</a>';
+		$forum_moderators[$row['forum_id']][] = (!empty($row['user_id'])) ? '<a href="' . append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&amp;u=' . $row['user_id']) . '">' . $row['username'] . '</a>' : '<a href="' . append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=group&amp;g=' . $row['group_id']) . '">' . $row['group_name'] . '</a>';
 	}
 	$db->sql_freeresult($result);
 
@@ -589,7 +587,7 @@ function get_moderators(&$forum_moderators, $forum_id = false)
 */
 function gen_forum_auth_level($mode, $forum_id, $forum_status)
 {
-	global $SID, $template, $auth, $user, $config;
+	global $template, $auth, $user, $config;
 
 	$locked = ($forum_status == ITEM_LOCKED && !$auth->acl_get('m_edit', $forum_id)) ? true : false;
 
@@ -688,7 +686,7 @@ function topic_status(&$topic_row, $replies, $unread_topic, &$folder_img, &$fold
 function display_attachments($forum_id, $blockname, &$attachment_data, &$update_count, $force_physical = false, $return = false)
 {
 	global $template, $cache, $user;
-	global $extensions, $config, $phpbb_root_path, $phpEx, $SID;
+	global $extensions, $config, $phpbb_root_path, $phpEx;
 
 	$return_tpl = array();
 
@@ -715,6 +713,9 @@ function display_attachments($forum_id, $blockname, &$attachment_data, &$update_
 		$thumbnail_filename = $phpbb_root_path . $config['upload_path'] . '/thumb_' . basename($attachment['physical_filename']);
 
 		$upload_icon = '';
+
+		if (isset($extensions[$attachment['extension']]))
+		{
 			if ($user->img('icon_attach', '') && !$extensions[$attachment['extension']]['upload_icon'])
 			{
 				$upload_icon = $user->img('icon_attach', '');
@@ -723,6 +724,7 @@ function display_attachments($forum_id, $blockname, &$attachment_data, &$update_
 			{
 				$upload_icon = '<img src="' . $phpbb_root_path . $config['upload_icons_path'] . '/' . trim($extensions[$attachment['extension']]['upload_icon']) . '" alt="" />';
 			}
+		}
 
 		$filesize = $attachment['filesize'];
 		$size_lang = ($filesize >= 1048576) ? $user->lang['MB'] : ( ($filesize >= 1024) ? $user->lang['KB'] : $user->lang['BYTES'] );
@@ -796,7 +798,7 @@ function display_attachments($forum_id, $blockname, &$attachment_data, &$update_
 				// Images, but display Thumbnail
 				case ATTACHMENT_CATEGORY_THUMB:
 					$l_downloaded_viewed = $user->lang['VIEWED'];
-					$download_link = (!$force_physical && $attachment['attach_id']) ? $phpbb_root_path . "download.$phpEx$SID&amp;id=" . $attachment['attach_id'] : $filename;
+					$download_link = (!$force_physical && $attachment['attach_id']) ? append_sid("{$phpbb_root_path}download.$phpEx", 'id=' . $attachment['attach_id']) : $filename;
 
 					$block_array += array(
 						'S_THUMBNAIL'		=> true,
@@ -851,7 +853,7 @@ function display_attachments($forum_id, $blockname, &$attachment_data, &$update_
 */
 				default:
 					$l_downloaded_viewed = $user->lang['DOWNLOADED'];
-					$download_link = (!$force_physical && $attachment['attach_id']) ? $phpbb_root_path . "download.$phpEx$SID&amp;id=" . $attachment['attach_id'] : $filename;
+					$download_link = (!$force_physical && $attachment['attach_id']) ? append_sid("{$phpbb_root_path}download.$phpEx", 'id=' . $attachment['attach_id']) : $filename;
 
 					$block_array += array(
 						'S_FILE'		=> true,
@@ -924,7 +926,7 @@ function display_reasons($reason_id = 0)
 function display_user_activity(&$userdata)
 {
 	global $auth, $template, $db, $user;
-	global $phpbb_root_path, $SID, $phpEx;
+	global $phpbb_root_path, $phpEx;
 
 	// Init new auth class if user is different
 	if ($user->data['user_id'] != $userdata['user_id'])
@@ -1072,8 +1074,8 @@ function display_user_activity(&$userdata)
 		'ACTIVE_TOPIC'			=> censor_text($active_t_name),
 		'ACTIVE_TOPIC_POSTS'	=> ($active_t_count == 1) ? sprintf($user->lang['USER_POST'], 1) : sprintf($user->lang['USER_POSTS'], $active_t_count),
 		'ACTIVE_TOPIC_PCT'		=> sprintf($user->lang['POST_PCT'], $active_t_pct),
-		'U_ACTIVE_FORUM'		=> "{$phpbb_root_path}viewforum.$phpEx$SID&amp;f=$active_f_id",
+		'U_ACTIVE_FORUM'		=> append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $active_f_id),
-		'U_ACTIVE_TOPIC'		=> "{$phpbb_root_path}viewtopic.$phpEx$SID&amp;t=$active_t_id")
+		'U_ACTIVE_TOPIC'		=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", 't=' . $active_t_id))
 	);
 }
 
@@ -1082,7 +1084,7 @@ function display_user_activity(&$userdata)
 */
 function watch_topic_forum($mode, &$s_watching, &$s_watching_img, $user_id, $forum_id, $topic_id, $notify_status = 'unset', $start = 0)
 {
-	global $template, $db, $user, $phpEx, $SID, $start, $phpbb_root_path;
+	global $template, $db, $user, $phpEx, $start, $phpbb_root_path;
 
 	$table_sql = ($mode == 'forum') ? FORUMS_WATCH_TABLE : TOPICS_WATCH_TABLE;
 	$where_sql = ($mode == 'forum') ? 'forum_id' : 'topic_id';
@@ -1121,9 +1123,11 @@ function watch_topic_forum($mode, &$s_watching, &$s_watching_img, $user_id, $for
 					$db->sql_query($sql);
 				}
 
-				meta_refresh(3, "view$mode.$phpEx$SID&amp;$u_url=$match_id&amp;start=$start");
+				$redirect_url = append_sid("{$phpbb_root_path}view$mode.$phpEx", "$u_url=$match_id&amp;start=$start");
 
-				$message = $user->lang['NOT_WATCHING_' . strtoupper($mode)] . '<br /><br />' . sprintf($user->lang['RETURN_' . strtoupper($mode)], '<a href="' . "view$mode.$phpEx$SID&amp;" . $u_url . "=$match_id&amp;start=$start" . '">', '</a>');
+				meta_refresh(3, $redirect_url);
+
+				$message = $user->lang['NOT_WATCHING_' . strtoupper($mode)] . '<br /><br />' . sprintf($user->lang['RETURN_' . strtoupper($mode)], '<a href="' . $redirect_url . '">', '</a>');
 				trigger_error($message);
 			}
 			else
@@ -1153,9 +1157,10 @@ function watch_topic_forum($mode, &$s_watching, &$s_watching_img, $user_id, $for
 					$db->sql_query($sql);
 				}
 
-				meta_refresh(3, "view$mode.$phpEx$SID&amp;$u_url=$match_id&amp;start=$start");
+				$redirect_url = append_sid("{$phpbb_root_path}view$mode.$phpEx", "$u_url=$match_id&amp;start=$start");
+				meta_refresh(3, $redirect_url);
 
-				$message = $user->lang['ARE_WATCHING_' . strtoupper($mode)] . '<br /><br />' . sprintf($user->lang['RETURN_' . strtoupper($mode)], '<a href="' . "view$mode.$phpEx$SID&amp;" . $u_url . "=$match_id&amp;start=$start" . '">', '</a>');
+				$message = $user->lang['ARE_WATCHING_' . strtoupper($mode)] . '<br /><br />' . sprintf($user->lang['RETURN_' . strtoupper($mode)], '<a href="' . $redirect_url . '">', '</a>');
 				trigger_error($message);
 			}
 			else
@@ -1179,7 +1184,7 @@ function watch_topic_forum($mode, &$s_watching, &$s_watching_img, $user_id, $for
 
 	if ($can_watch)
 	{
-		$s_watching['link'] = "{$phpbb_root_path}view$mode.$phpEx$SID&amp;$u_url=$match_id&amp;" . (($is_watching) ? 'unwatch' : 'watch') . "=$mode&amp;start=$start";
+		$s_watching['link'] = append_sid("{$phpbb_root_path}view$mode.$phpEx", "$u_url=$match_id&amp;" . (($is_watching) ? 'unwatch' : 'watch') . "=$mode&amp;start=$start");
 		$s_watching['title'] = $user->lang[(($is_watching) ? 'STOP' : 'START') . '_WATCHING_' . strtoupper($mode)];
 	}
 

phpBB/includes/functions_jabber.php

@@ -59,6 +59,9 @@ class jabber
 
 	var $connector;
 
+	/**
+	* Constructor
+	*/
 	function jabber()
 	{
 		$this->port					= '5222';
@@ -93,6 +96,9 @@ class jabber
 		);
 	}
 
+	/**
+	* Connect
+	*/
 	function connect()
 	{
 		$this->connector = new cjp_standard_connector;
@@ -120,6 +126,9 @@ class jabber
 		}
 	}
 
+	/**
+	* Disconnect
+	*/
 	function disconnect()
 	{
 		if (is_int($this->delay_disconnect))
@@ -131,6 +140,9 @@ class jabber
 		$this->connector->close_socket();
 	}
 
+	/**
+	* Cruise Control
+	*/
 	function cruise_control($seconds = -1)
 	{
 		$count = 0;
@@ -147,7 +159,6 @@ class jabber
 				{
 					$this->call_handler($packet);
 				}
-
 			}
 			while (sizeof($this->packet_queue) > 1);
 
@@ -173,6 +184,9 @@ class jabber
 		return true;
 	}
 
+	/**
+	* Send authentication request
+	*/
 	function send_auth()
 	{
 		$this->auth_id	= 'auth_' . md5(time() . $_SERVER['REMOTE_ADDR']);
@@ -208,13 +222,17 @@ class jabber
 		}
 	}
 
+	/**
+	* Register account
+	*/
 	function account_registration($reg_email = NULL, $reg_name = NULL)
 	{
 		$packet = $this->send_iq($this->server, 'get', 'reg_01', 'jabber:iq:register');
 
 		if ($packet)
 		{
-			$key = $this->get_info_from_iq_key($packet); // just in case a key was passed back from the server
+			// just in case a key was passed back from the server
+			$key = $this->get_info_from_iq_key($packet);
 			unset($packet);
 
 			$payload = "<username>{$this->username}</username>
@@ -252,13 +270,17 @@ class jabber
 		}
 	}
 
+	/**
+	* Change password
+	*/
 	function change_password($new_password)
 	{
 		$packet = $this->send_iq($this->server, 'get', 'A0', 'jabber:iq:register');
 
 		if ($packet)
 		{
-			$key = $this->get_info_from_iq_key($packet); // just in case a key was passed back from the server
+			// just in case a key was passed back from the server
+			$key = $this->get_info_from_iq_key($packet);
 			unset($packet);
 
 			$payload = "<username>{$this->username}</username>
@@ -292,6 +314,9 @@ class jabber
 		}
 	}
 
+	/**
+	* Send packet
+	*/
 	function send_packet($xml)
 	{
 		$xml = trim($xml);
@@ -299,8 +324,10 @@ class jabber
 		return ($this->connector->write_to_socket($xml)) ? true : false;
 	}
 
-	// get the transport registration fields
+	/**
-	// method written by Steve Blinch, http://www.blitzaffe.com 
+	* get the transport registration fields
+	* method written by Steve Blinch, http://www.blitzaffe.com 
+	*/
 	function transport_registration_details($transport)
 	{
 		$this->txnid++;
@@ -326,8 +353,10 @@ class jabber
 		}
 	}
 
-	// register with the transport
+	/**
-	// method written by Steve Blinch, http://www.blitzaffe.com 
+	* register with the transport
+	* method written by Steve Blinch, http://www.blitzaffe.com 
+	*/
 	function transport_registration($transport, $details)
 	{
 		$this->txnid++;
@@ -335,7 +364,8 @@ class jabber
 
 		if ($packet)
 		{
-			$key = $this->get_info_from_iq_key($packet); // just in case a key was passed back from the server
+			// just in case a key was passed back from the server
+			$key = $this->get_info_from_iq_key($packet);
 			unset($packet);
 
 			$payload = ($key) ? "<key>$key</key>\n" : '';
@@ -374,6 +404,9 @@ class jabber
 		}
 	}
 
+	/**
+	* Listen to socket
+	*/
 	function listen()
 	{
 		$incoming = '';
@@ -398,12 +431,18 @@ class jabber
 		return true;
 	}
 
+	/**
+	* Strip jid
+	*/
 	function strip_jid($jid = NULL)
 	{
 		preg_match('#(.*)\/(.*)#Ui', $jid, $temp);
 		return ($temp[1] != '') ? $temp[1] : $jid;
 	}
 
+	/**
+	* Send a message
+	*/
 	function send_message($to, $type = 'normal', $id = NULL, $content = NULL, $payload = NULL)
 	{
 		if ($to && is_array($content))
@@ -431,14 +470,7 @@ class jabber
 			$xml .= $payload;
 			$xml .= "</message>\n";
 
-			if ($this->send_packet($xml))
+			return ($this->send_packet($xml)) ? true : false;
-			{
-				return true;
-			}
-			else
-			{
-				return false;
-			}
 		}
 		else
 		{
@@ -446,6 +478,9 @@ class jabber
 		}
 	}
 
+	/**
+	* Send presence
+	*/
 	function send_presence($type = NULL, $to = NULL, $status = NULL, $show = NULL, $priority = NULL)
 	{
 		$xml = '<presence';
@@ -462,6 +497,9 @@ class jabber
 		return ($this->send_packet($xml)) ? true : false;
 	}
 
+	/**
+	* Send error
+	*/
 	function send_error($to, $id = NULL, $error_number, $error_message = NULL)
 	{
 		$xml = "<iq type='error' to='$to'";
@@ -475,11 +513,17 @@ class jabber
 		$this->send_packet($xml);
 	}
 
+	/**
+	* Get first from queue
+	*/
 	function get_first_from_queue()
 	{
 		return array_shift($this->packet_queue);
 	}
 
+	/**
+	* Get from queue by id
+	*/
 	function get_from_queue_by_id($packet_type, $id)
 	{
 		$found_message = false;
@@ -498,6 +542,9 @@ class jabber
 		return (is_array($found_message)) ? $found_message : false;
 	}
 
+	/**
+	* Call handler
+	*/
 	function call_handler($packet = NULL)
 	{
 		$packet_type = $this->_get_packet_type($packet);
@@ -538,6 +585,9 @@ class jabber
 		}
 	}
 
+	/**
+	* Send iq
+	*/
 	function send_iq($to = NULL, $type = 'get', $id = NULL, $xmlns = NULL, $payload = NULL, $from = NULL)
 	{
 		if (!preg_match('#^(get|set|result|error)$#', $type))
@@ -569,11 +619,14 @@ class jabber
 		}
 	}
 
-
 	// ======================================================================
 	// private methods
 	// ======================================================================
 
+	/**
+	* Send auth
+	* @private
+	*/
 	function _sendauth_ok($zerok_token, $zerok_sequence)
 	{
 		// initial hash of password
@@ -598,6 +651,10 @@ class jabber
 		return ($this->get_info_from_iq_type($packet) == 'result' && $this->get_info_from_iq_id($packet) == $this->auth_id) ? true : false;
 	}
 
+	/**
+	* Send auth digest
+	* @private
+	*/
 	function _sendauth_digest()
 	{
 		$payload = "<username>{$this->username}</username>
@@ -610,6 +667,10 @@ class jabber
 		return ($this->get_info_from_iq_type($packet) == 'result' && $this->get_info_from_iq_id($packet) == $this->auth_id) ? true : false;
 	}
 
+	/**
+	* Send auth plain
+	* @private
+	*/
 	function _sendauth_plaintext()
 	{
 		$payload = "<username>{$this->username}</username>
@@ -622,6 +683,10 @@ class jabber
 		return ($this->get_info_from_iq_type($packet) == 'result' && $this->get_info_from_iq_id($packet) == $this->auth_id) ? true : false;
 	}
 
+	/**
+	* Listen on socket
+	* @private
+	*/
 	function _listen_incoming()
 	{
 		$incoming = '';
@@ -635,6 +700,10 @@ class jabber
 		return $this->xmlize($incoming);
 	}
 
+	/**
+	* Check if connected
+	* @private
+	*/
 	function _check_connected()
 	{
 		$incoming_array = $this->_listen_incoming();
@@ -660,6 +729,10 @@ class jabber
 		}
 	}
 
+	/**
+	* Split incoming packet
+	* @private
+	*/
 	function _split_incoming($incoming)
 	{
 		$temp = preg_split('#<(message|iq|presence|stream)#', $incoming, -1, PREG_SPLIT_DELIM_CAPTURE);
@@ -673,6 +746,10 @@ class jabber
 		return $array;
 	}
 
+	/**
+	* Get packet type
+	* @private
+	*/
 	function _get_packet_type($packet = NULL)
 	{
 		if (is_array($packet))
@@ -684,8 +761,10 @@ class jabber
 		return ($packet_type) ? $packet_type : false;
 	}
 
-	// _array_htmlspecialchars()
+	/**
-	// applies htmlspecialchars() to all values in an array
+	* _array_htmlspecialchars()
+	* applies htmlspecialchars() to all values in an array
+	*/
 	function _array_htmlspecialchars(&$array)
 	{
 		if (is_array($array))
@@ -703,36 +782,57 @@ class jabber
 	// <message/> parsers
 	// ======================================================================
 
+	/**
+	* Get info from message (from)
+	*/
 	function get_info_from_message_from($packet = NULL)
 	{
 		return (is_array($packet)) ? $packet['message']['@']['from'] : false;
 	}
 
+	/**
+	* Get info from message (type)
+	*/
 	function get_info_from_message_type($packet = NULL)
 	{
 		return (is_array($packet)) ? $packet['message']['@']['type'] : false;
 	}
 
+	/**
+	* Get info from message (id)
+	*/
 	function get_info_from_message_id($packet = NULL)
 	{
 		return (is_array($packet)) ? $packet['message']['@']['id'] : false;
 	}
 
+	/**
+	* Get info from message (thread)
+	*/
 	function get_info_from_message_thread($packet = NULL)
 	{
 		return (is_array($packet)) ? $packet['message']['#']['thread'][0]['#'] : false;
 	}
 
+	/**
+	* Get info from message (subject)
+	*/
 	function get_info_from_message_subject($packet = NULL)
 	{
 		return (is_array($packet)) ? $packet['message']['#']['subject'][0]['#'] : false;
 	}
 
+	/**
+	* Get info from message (body)
+	*/
 	function get_info_from_message_body($packet = NULL)
 	{
 		return (is_array($packet)) ? $packet['message']['#']['body'][0]['#'] : false;
 	}
 
+	/**
+	* Get info from message (error)
+	*/
 	function get_info_from_message_error($packet = NULL)
 	{
 		$error = preg_replace('#^\/$#', '', ($packet['message']['#']['error'][0]['@']['code'] . '/' . $packet['message']['#']['error'][0]['#']));
@@ -743,26 +843,41 @@ class jabber
 	// <iq/> parsers
 	// ======================================================================
 
+	/**
+	* Get info from iq (from)
+	*/
 	function get_info_from_iq_from($packet = NULL)
 	{
 		return (is_array($packet)) ? $packet['iq']['@']['from'] : false;
 	}
 
+	/**
+	* Get info from iq (type)
+	*/
 	function get_info_from_iq_type($packet = NULL)
 	{
 		return (is_array($packet)) ? $packet['iq']['@']['type'] : false;
 	}
 
+	/**
+	* Get info from iq (id)
+	*/
 	function get_info_from_iq_id($packet = NULL)
 	{
 		return (is_array($packet)) ? $packet['iq']['@']['id'] : false;
 	}
 
+	/**
+	* Get info from iq (key)
+	*/
 	function get_info_from_iq_key($packet = NULL)
 	{
 		return (is_array($packet) && isset($packet['iq']['#']['query'][0]['#']['key'][0]['#'])) ? $packet['iq']['#']['query'][0]['#']['key'][0]['#'] : false;
 	}
 
+	/**
+	* Get info from iq (error)
+	*/
 	function get_info_from_iq_error($packet = NULL)
 	{
 		$error = preg_replace('#^\/$#', '', ($packet['iq']['#']['error'][0]['@']['code'] . '/' . $packet['iq']['#']['error'][0]['#']));
@@ -773,11 +888,17 @@ class jabber
 	// <message/> handlers
 	// ======================================================================
 
+	/**
+	* return message (from)
+	*/
 	function handler_message_normal($packet)
 	{
 		$from = $packet['message']['@']['from'];
 	}
 
+	/**
+	* return error (from)
+	*/
 	function handler_message_error($packet)
 	{
 		$from = $packet['message']['@']['from'];
@@ -787,7 +908,9 @@ class jabber
 	// <iq/> handlers
 	// ======================================================================
 
-	// simple client authentication
+	/**
+	* simple client authentication
+	*/
 	function handler_iq_jabber_iq_auth($packet)
 	{
 		$from	= $this->get_info_from_iq_from($packet);
@@ -796,7 +919,9 @@ class jabber
 		$this->send_error($from, $id, 501);
 	}
 
-	// method for interactive registration
+	/**
+	* method for interactive registration
+	*/
 	function handler_iq_jabber_iq_register($packet)
 	{
 		$from	= $this->get_info_from_iq_from($packet);
@@ -805,7 +930,9 @@ class jabber
 		$this->send_error($from, $id, 501);
 	}
 
-	// keepalive method, added by Nathan Fritz
+	/**
+	* keepalive method, added by Nathan Fritz
+	*/
 	function handler_iq_($packet)
 	{
 		if ($this->keep_alive_id == $this->get_info_from_iq_id($packet))
@@ -818,7 +945,9 @@ class jabber
 	// Generic handlers
 	// ======================================================================
 
-	// Generic handler for unsupported requests
+	/**
+	* Generic handler for unsupported requests
+	*/
 	function handler_not_implemented($packet)
 	{
 		$packet_type	= $this->_get_packet_type($packet);
@@ -831,8 +960,10 @@ class jabber
 	// Third party code
 	// m@d pr0ps to the coders ;)
 
-	// xmlize()
+	/**
-	// (c) Hans Anderson / http://www.hansanderson.com/php/xml/
+	* xmlize()
+	* (c) Hans Anderson / http://www.hansanderson.com/php/xml/
+	*/
 	function xmlize($data)
 	{
 		$vals = $index = $array = array();
@@ -851,8 +982,10 @@ class jabber
 		return $array;
 	}
 
-	// _xml_depth()
+	/**
-	// (c) Hans Anderson / http://www.hansanderson.com/php/xml/
+	* _xml_depth()
+	* (c) Hans Anderson / http://www.hansanderson.com/php/xml/
+	*/
 	function _xml_depth($vals, &$i)
 	{
 		$children = array();
@@ -903,8 +1036,10 @@ class jabber
 		return $children;
 	}
 
-	// traverse_xmlize()
+	/**
-	// (c) acebone@f2s.com, a HUGE help!
+	* traverse_xmlize()
+	* (c) acebone@f2s.com, a HUGE help!
+	*/
 	function traverse_xmlize($array, $arr_name = 'array', $level = 0)
 	{
 		if ($level == 0)
@@ -935,7 +1070,6 @@ class jabber
 * @package phpBB3
 * make_xml
 * Currently not in use
-*/
 class make_xml extends jabber
 {
 	var $nodes;
@@ -1036,6 +1170,7 @@ class make_xml extends jabber
 		return (is_array($newarray)) ? $newarray : false;
 	}
 }
+*/
 
 /**
 * @package phpBB3
@@ -1045,6 +1180,9 @@ class cjp_standard_connector
 {
 	var $active_socket;
 
+	/**
+	* Open socket
+	*/
 	function open_socket($server, $port)
 	{
 		if ($this->active_socket = @fsockopen($server, $port, $err, $err2, 5))
@@ -1060,19 +1198,30 @@ class cjp_standard_connector
 		}
 	}
 
+	/**
+	* Close socket
+	*/
 	function close_socket()
 	{
 		return @fclose($this->active_socket);
 	}
 
+	/**
+	* Write to socket
+	*/
 	function write_to_socket($data)
 	{
 		return @fwrite($this->active_socket, $data);
 	}
 
+	/**
+	* Read from socket
+	*/
 	function read_from_socket($chunksize)
 	{
-		$buffer = stripslashes(@fread($this->active_socket, $chunksize));
+		$buffer = @fread($this->active_socket, $chunksize);
+
+		//$buffer = (STRIP) ? stripslashes($buffer) : $buffer;
 		//@set_magic_quotes_runtime(get_magic_quotes_gpc());
 
 		return $buffer;

phpBB/includes/functions_messenger.php

@@ -21,6 +21,9 @@ class messenger
 	var $use_queue = true;
 	var $tpl_msg = array();
 
+	/**
+	* Constructor
+	*/
 	function messenger($use_queue = true)
 	{
 		global $config;
@@ -36,7 +39,9 @@ class messenger
 		$this->subject = '';
 	}
 
-	// Resets all the data (address, template file, etc etc) to default
+	/**
+	* Resets all the data (address, template file, etc etc) to default
+	*/
 	function reset()
 	{
 		$this->addresses = array();
@@ -44,7 +49,9 @@ class messenger
 		$this->mail_priority = MAIL_NORMAL_PRIORITY;
 	}
 
-	// Sets an email address to send to
+	/**
+	* Sets an email address to send to
+	*/
 	function to($address, $realname = '')
 	{
 		$pos = isset($this->addresses['to']) ? sizeof($this->addresses['to']) : 0;
@@ -52,6 +59,9 @@ class messenger
 		$this->addresses['to'][$pos]['name'] = trim($realname);
 	}
 
+	/**
+	* Sets an cc address to send to
+	*/
 	function cc($address, $realname = '')
 	{
 		$pos = isset($this->addresses['cc']) ? sizeof($this->addresses['cc']) : 0;
@@ -59,6 +69,9 @@ class messenger
 		$this->addresses['cc'][$pos]['name'] = trim($realname);
 	}
 
+	/**
+	* Sets an bcc address to send to
+	*/
 	function bcc($address, $realname = '')
 	{
 		$pos = isset($this->addresses['bcc']) ? sizeof($this->addresses['bcc']) : 0;
@@ -66,6 +79,9 @@ class messenger
 		$this->addresses['bcc'][$pos]['name'] = trim($realname);
 	}
 
+	/**
+	* Sets a im contact to send to
+	*/
 	function im($address, $realname = '')
 	{
 		$pos = isset($this->addresses['im']) ? sizeof($this->addresses['im']) : 0;
@@ -73,33 +89,49 @@ class messenger
 		$this->addresses['im'][$pos]['name'] = trim($realname);
 	}
 
+	/**
+	* Set the reply to address
+	*/
 	function replyto($address)
 	{
 		$this->replyto = trim($address);
 	}
 
+	/**
+	* Set the from address
+	*/
 	function from($address)
 	{
 		$this->from = trim($address);
 	}
 
-	// set up subject for mail
+	/**
+	* set up subject for mail
+	*/
 	function subject($subject = '')
 	{
 		$this->subject = trim($subject);
 	}
 
-	// set up extra mail headers
+	/**
+	* set up extra mail headers
+	*/
 	function headers($headers)
 	{
 		$this->extra_headers .= trim($headers) . "\n";
 	}
 
+	/**
+	* Set the email priority
+	*/
 	function set_mail_priority($priority = MAIL_NORMAL_PRIORITY)
 	{
 		$this->mail_priority = $priority;
 	}
 
+	/**
+	* Set email template to use
+	*/
 	function template($template_file, $template_lang = '')
 	{
 		global $config, $phpbb_root_path;
@@ -111,7 +143,7 @@ class messenger
 
 		if (!trim($template_lang))
 		{
-			$template_lang = $config['default_lang'];
+			$template_lang = basename($config['default_lang']);
 		}
 
 		if (empty($this->tpl_msg[$template_lang . $template_file]))
@@ -142,13 +174,17 @@ class messenger
 		return true;
 	}
 
-	// assign variables
+	/**
+	* assign variables to email template
+	*/
 	function assign_vars($vars)
 	{
 		$this->vars = (empty($this->vars)) ? $vars : $this->vars + $vars;
 	}
 
-	// Send the mail out to the recipients set previously in var $this->address
+	/**
+	* Send the mail out to the recipients set previously in var $this->addresses
+	*/
 	function send($method = NOTIFY_EMAIL, $break = false)
 	{
 		global $config, $user;
@@ -225,6 +261,9 @@ class messenger
 		return $result;
 	}
 
+	/**
+	* Add error message to log
+	*/
 	function error($type, $msg)
 	{
 		global $user, $phpEx, $phpbb_root_path;
@@ -235,9 +274,9 @@ class messenger
 		add_log('critical', 'LOG_ERROR_' . $type, $msg);
 	}
 
-	//
+	/**
-	// Messenger methods
+	* Save to queue
-	//
+	*/
 	function save_queue()
 	{
 		global $config;
@@ -248,6 +287,9 @@ class messenger
 		}
 	}
 
+	/**
+	* Send out emails
+	*/
 	function msg_email()
 	{
 		global $config, $user;
@@ -343,6 +385,9 @@ class messenger
 		return true;
 	}
 
+	/**
+	* Send jabber message out
+	*/
 	function msg_jabber()
 	{
 		global $config, $db, $user, $phpbb_root_path, $phpEx;
@@ -406,8 +451,8 @@ class messenger
 		{
 			$this->queue->put('jabber', array(
 				'addresses'		=> $addresses,
-				'subject'		=> htmlentities($this->subject),
+				'subject'		=> $this->subject,
-				'msg'			=> htmlentities($this->msg))
+				'msg'			=> $this->msg)
 			);
 		}
 		unset($addresses);
@@ -417,8 +462,7 @@ class messenger
 
 /**
 * @package phpBB3
-* Queue
+* handling email and jabber queue
-* At the moment it is only handling the email queue
 */
 class queue
 {
@@ -427,6 +471,9 @@ class queue
 	var $package_size = 0;
 	var $cache_file = '';
 
+	/**
+	* constructor
+	*/
 	function queue()
 	{
 		global $phpEx, $phpbb_root_path;
@@ -435,6 +482,9 @@ class queue
 		$this->cache_file = "{$phpbb_root_path}cache/queue.$phpEx";
 	}
 
+	/**
+	* Init a queue object
+	*/
 	function init($object, $package_size)
 	{
 		$this->data[$object] = array();
@@ -442,12 +492,18 @@ class queue
 		$this->data[$object]['data'] = array();
 	}
 
+	/**
+	* Put object in queue
+	*/
 	function put($object, $scope)
 	{
 		$this->data[$object]['data'][] = $scope;
 	}
 
-	// Using lock file...
+	/**
+	* Process queue
+	* Using lock file
+	*/
 	function process()
 	{
 		global $db, $config, $phpEx, $phpbb_root_path;
@@ -599,6 +655,9 @@ class queue
 		@unlink($this->cache_file . '.lock');
 	}
 
+	/**
+	* Save queue
+	*/
 	function save()
 	{
 		if (!sizeof($this->data))
@@ -634,6 +693,10 @@ class queue
 		}
 	}
 
+	/**
+	* Format array
+	* @private
+	*/
 	function format_array($array)
 	{
 		$lines = array();
@@ -703,13 +766,13 @@ function smtpmail($addresses, $subject, $message, &$err_msg, $encoding, $headers
 
 	if (trim($subject) == '')
 	{
-		$err_msg = 'No email Subject specified';
+		$err_msg = (isset($user->lang['NO_EMAIL_SUBJECT'])) ? $user->lang['NO_EMAIL_SUBJECT'] : 'No email subject specified';
 		return false;
 	}
 
 	if (trim($message) == '')
 	{
-		$err_msg = 'Email message was blank';
+		$err_msg = (isset($user->lang['NO_EMAIL_MESSAGE'])) ? $user->lang['NO_EMAIL_MESSAGE'] : 'Email message was blank';
 		return false;
 	}
 
@@ -741,11 +804,10 @@ function smtpmail($addresses, $subject, $message, &$err_msg, $encoding, $headers
 
 	$smtp = new smtp_class;
 
-	// Ok we have error checked as much as we can to this point let's get on
+	// Ok we have error checked as much as we can to this point let's get on it already.
-	// it already.
 	if (!$smtp->socket = fsockopen($config['smtp_host'], $config['smtp_port'], $errno, $errstr, 20))
 	{
-		$err_msg = "Could not connect to smtp host : $errno : $errstr";
+		$err_msg = (isset($user->lang['NO_CONNECT_TO_SMTP_HOST'])) ? sprintf($user->lang['NO_CONNECT_TO_SMTP_HOST'], $errno, $errstr) : "Could not connect to smtp host : $errno : $errstr";
 		return false;
 	}
 
@@ -807,7 +869,8 @@ function smtpmail($addresses, $subject, $message, &$err_msg, $encoding, $headers
 	if (!$rcpt)
 	{
 		$user->session_begin();
-		$err_msg .= '<br /><br />' . sprintf($user->lang['INVALID_EMAIL_LOG'], htmlspecialchars($mail_to_address));
+		$err_msg .= '<br /><br />';
+		$err_msg .= (isset($user->lang['INVALID_EMAIL_LOG'])) ? sprintf($user->lang['INVALID_EMAIL_LOG'], htmlspecialchars($mail_to_address)) : '<strong>' . htmlspecialchars($mail_to_address) . '</strong> possibly an invalid email address?';
 		$smtp->close_session();
 		return false;
 	}
@@ -870,7 +933,9 @@ class smtp_class
 	var $commands = array();
 	var $numeric_response_code = 0;
 
-	// Send command to smtp server
+	/**
+	* Send command to smtp server
+	*/
 	function server_send($command)
 	{
 		fputs($this->socket, $command . "\r\n");
@@ -878,9 +943,13 @@ class smtp_class
 		// We could put additional code here
 	}
 	
-	// We use the line to give the support people an indication at which command the error occurred
+	/**
+	* We use the line to give the support people an indication at which command the error occurred
+	*/
 	function server_parse($response, $line)
 	{
+		global $user;
+
 		$this->server_response = '';
 		$this->responses = array();
 		$this->numeric_response_code = 0;
@@ -889,7 +958,7 @@ class smtp_class
 		{
 			if (!($this->server_response = fgets($this->socket, 256)))
 			{
-				return 'Could not get mail server response codes';
+				return (isset($user->lang['NO_EMAIL_RESPONSE_CODE'])) ? $user->lang['NO_EMAIL_RESPONSE_CODE'] : 'Could not get mail server response codes';
 			}
 			$this->responses[] = substr(rtrim($this->server_response), 4);
 			$this->numeric_response_code = (int) substr($this->server_response, 0, 3);
@@ -898,18 +967,23 @@ class smtp_class
 		if (!(substr($this->server_response, 0, 3) == $response))
 		{
 			$this->numeric_response_code = (int) substr($this->server_response, 0, 3);
-			return "Ran into problems sending Mail at <b>Line $line</b>. Response: $this->server_response";
+			return (isset($user->lang['EMAIL_SMTP_ERROR_RESPONSE'])) ? sprintf($user->lang['EMAIL_SMTP_ERROR_RESPONSE'], $line, $this->server_response) : "Ran into problems sending Mail at <strong>Line $line</strong>. Response: $this->server_response";
 		}
 
 		return 0;
 	}
 
+	/**
+	* Close session
+	*/
 	function close_session()
 	{
 		fclose($this->socket);
 	}
 	
-	// Log into server and get possible auth codes if neccessary
+	/**
+	* Log into server and get possible auth codes if neccessary
+	*/
 	function log_into_server($hostname, $username, $password, $default_auth_method)
 	{
 		global $user;
@@ -960,7 +1034,7 @@ class smtp_class
 		
 		if (!isset($this->commands['AUTH']))
 		{
-			return 'SMTP server does not support authentication';
+			return (isset($user->lang['SMTP_NO_AUTH_SUPPORT'])) ? $user->lang['SMTP_NO_AUTH_SUPPORT'] : 'SMTP server does not support authentication';
 		}
 
 		// Get best authentication method
@@ -988,21 +1062,26 @@ class smtp_class
 
 		if (!$method)
 		{
-			return 'No supported authentication methods';
+			return (isset($user->lang['NO_SUPPORTED_AUTH_METHODS'])) ? $user->lang['NO_SUPPORTED_AUTH_METHODS'] : 'No supported authentication methods';
 		}
 
 		$method = strtolower(str_replace('-', '_', $method));
 		return $this->$method($username, $password);
 	}
 
+	/**
+	* Pop before smtp authentication
+	*/
 	function pop_before_smtp($hostname, $username, $password)
 	{
+		global $user;
+
 		$old_socket = $this->socket;
 
 		if (!$this->socket = fsockopen($hostname, 110, $errno, $errstr, 20))
 		{
 			$this->socket = $old_socket;
-			return "Could not connect to smtp host : $errno : $errstr";
+			return (isset($user->lang['NO_CONNECT_TO_SMTP_HOST'])) ? sprintf($user->lang['NO_CONNECT_TO_SMTP_HOST'], $errno, $errstr) : "Could not connect to smtp host : $errno : $errstr";
 		}
 
 		$this->server_parse('0', __LINE__);
@@ -1026,6 +1105,9 @@ class smtp_class
 		return false;
 	}
 
+	/**
+	* Plain authentication method
+	*/
 	function plain($username, $password)
 	{
 		$this->server_send('AUTH PLAIN');
@@ -1044,6 +1126,9 @@ class smtp_class
 		return false;
 	}
 
+	/**
+	* Login authentication method
+	*/
 	function login($username, $password)
 	{
 		$this->server_send('AUTH LOGIN');
@@ -1067,7 +1152,9 @@ class smtp_class
 		return false;
 	}
 
-	// The last two authentication mechanisms are a little bit tricky...
+	/**
+	* cram_md5 authentication method
+	*/
 	function cram_md5($username, $password)
 	{
 		$this->server_send('AUTH CRAM-MD5');
@@ -1091,10 +1178,13 @@ class smtp_class
 		return false;
 	}
 
-	// A real pain in the ***
+	/**
+	* digest_md5 authentication method
+	* A real pain in the ***
+	*/
 	function digest_md5($username, $password)
 	{
-		global $config;
+		global $config, $user;
 
 		$this->server_send('AUTH DIGEST-MD5');
 		if ($err_msg = $this->server_parse('334', __LINE__))
@@ -1179,7 +1269,7 @@ class smtp_class
 		}
 		else
 		{
-			return 'Invalid digest challenge';
+			return (isset($user->lang['INVALID_DIGEST_CHALLENGE'])) ? $user->lang['INVALID_DIGEST_CHALLENGE'] : 'Invalid digest challenge';
 		}
 
 		$base64_method_digest_md5 = base64_encode($input_string);

phpBB/includes/functions_module.php

@@ -14,23 +14,15 @@
 */
 class p_master
 {
-	/**#@+
-	* @access private
-	*/
 	var $p_id;
 	var $p_class;
 	var $p_name;
 	var $p_mode;
 	var $p_parent;
 
-	var $acl_forup_id = false;
+	var $acl_forum_id = false;
-	/**#@-*/
 
-	/**#@+
-	* This array holds information on the list of modules
-	*/
 	var $module_ary = array();
-	/**#@-*/
 
 	/**
 	* List modules
@@ -40,8 +32,6 @@ class p_master
 	* $this->module_y_ary is created with indentation information for
 	* displaying the module list appropriately. Only modules for which
 	* the user has access rights are included in these lists.
-	*
-	* @final
 	*/
 	function list_modules($p_class)
 	{
@@ -238,7 +228,7 @@ class p_master
 		}
 
 		$is_auth = false;
-		eval('$is_auth = (int) (' . preg_replace(array('#acl_([a-z_]+)(,\$id)?#', '#\$id#', '#aclf_([a-z_]+)#', '#cfg_([a-z_]+)#'), array('(int) $auth->acl_get("\\1"\\2)', '(int) $this->acl_forup_id', '(int) $auth->acl_getf_global("\\1")', '(int) $config["\\1"]'), $module_auth) . ');');
+		eval('$is_auth = (int) (' . preg_replace(array('#acl_([a-z_]+)(,\$id)?#', '#\$id#', '#aclf_([a-z_]+)#', '#cfg_([a-z_]+)#'), array('(int) $auth->acl_get("\\1"\\2)', '(int) $this->acl_forum_id', '(int) $auth->acl_getf_global("\\1")', '(int) $config["\\1"]'), $module_auth) . ');');
 
 		return $is_auth;
 	}
@@ -300,12 +290,10 @@ class p_master
 	* Loads currently active module
 	*
 	* This method loads a given module, passing it the relevant id and mode.
-	*
-	* @final
 	*/
 	function load_active($mode = false, $module_url = false, $execute_module = true)
 	{
-		global $phpbb_root_path, $phpbb_admin_path, $phpEx, $SID, $user;
+		global $phpbb_root_path, $phpbb_admin_path, $phpEx, $user;
 
 		$module_path = $phpbb_root_path . 'includes/' . $this->p_class;
 		$icat = request_var('icat', '');
@@ -339,7 +327,7 @@ class p_master
 			if (defined('IN_ADMIN'))
 			{
 				// Not being able to overwrite ;)
-				$this->module->u_action = "{$phpbb_admin_path}index.$phpEx$SID" . (($icat) ? '&icat=' . $icat : '') . "&i={$this->p_id}&mode={$this->p_mode}";
+				$this->module->u_action = append_sid("{$phpbb_admin_path}index.$phpEx", "i={$this->p_id}") . (($icat) ? '&icat=' . $icat : '') . "&mode={$this->p_mode}";
 			}
 			else
 			{
@@ -350,10 +338,10 @@ class p_master
 				}
 				else
 				{
-					$this->module->u_action = "{$user->page['script_path']}/{$user->page['page_name']}";
+					$this->module->u_action = $phpbb_root_path . (($user->page['page_dir']) ? $user->page['page_dir'] . '/' : '') . $user->page['page_name'];
 				}
 
-				$this->module->u_action .= $SID . (($icat) ? '&icat=' . $icat : '') . "&i={$this->p_id}&mode={$this->p_mode}";
+				$this->module->u_action = append_sid($this->module->u_action, "i={$this->p_id}") . (($icat) ? '&icat=' . $icat : '') . "&mode={$this->p_mode}";
 			}
 
 			// Assign the module path for re-usage

phpBB/includes/functions_posting.php

@@ -13,7 +13,7 @@
 */
 function generate_smilies($mode, $forum_id)
 {
-	global $SID, $auth, $db, $user, $config, $template;
+	global $auth, $db, $user, $config, $template;
 	global $phpEx, $phpbb_root_path;
 
 	if ($mode == 'window')
@@ -85,7 +85,7 @@ function generate_smilies($mode, $forum_id)
 	{
 		$template->assign_vars(array(
 			'S_SHOW_SMILEY_LINK' 	=> true,
-			'U_MORE_SMILIES' 		=> $phpbb_root_path . "posting.$phpEx$SID&mode=smilies&f=$forum_id")
+			'U_MORE_SMILIES' 		=> append_sid("{$phpbb_root_path}posting.$phpEx", 'mode=smilies&f=' . $forum_id))
 		);
 	}
 
@@ -291,13 +291,13 @@ function posting_gen_topic_types($forum_id, $cur_topic_type = POST_NORMAL)
 function upload_attachment($form_name, $forum_id, $local = false, $local_storage = '', $is_message = false)
 {
 	global $auth, $user, $config, $db, $cache;
-	global $phpbb_root_path;
+	global $phpbb_root_path, $phpEx;
 
 	$filedata = array(
 		'error'	=> array()
 	);
 
-	include_once($phpbb_root_path . 'includes/functions_upload.php');
+	include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx);
 	$upload = new fileupload();
 
 	if (!$local)
@@ -624,7 +624,7 @@ function posting_gen_inline_attachments(&$attachment_data)
 */
 function posting_gen_attachment_entry(&$attachment_data, &$filename_data)
 {
-	global $template, $config, $phpbb_root_path, $SID, $phpEx;
+	global $template, $config, $phpbb_root_path, $phpEx;
 
 	$template->assign_vars(array(
 		'S_SHOW_ATTACH_BOX'	=> true)
@@ -640,14 +640,14 @@ function posting_gen_attachment_entry(&$attachment_data, &$filename_data)
 		foreach ($attachment_data as $attach_row)
 		{
 			$hidden = '';
-			$attach_row['real_filename'] = stripslashes(basename($attach_row['real_filename']));
+			$attach_row['real_filename'] = basename($attach_row['real_filename']);
 
 			foreach ($attach_row as $key => $value)
 			{
 				$hidden .= '<input type="hidden" name="attachment_data[' . $count . '][' . $key . ']" value="' . $value . '" />';
 			}
 
-			$download_link = (!$attach_row['attach_id']) ? $phpbb_root_path . $config['upload_path'] . '/' . basename($attach_row['physical_filename']) : $phpbb_root_path . "download.$phpEx$SID&id=" . intval($attach_row['attach_id']);
+			$download_link = (!$attach_row['attach_id']) ? $phpbb_root_path . $config['upload_path'] . '/' . basename($attach_row['physical_filename']) : append_sid("{$phpbb_root_path}download.$phpEx", 'id=' . (int) $attach_row['attach_id']);
 
 			$template->assign_block_vars('attach_row', array(
 				'FILENAME'			=> basename($attach_row['real_filename']),
@@ -682,7 +682,7 @@ function posting_gen_attachment_entry(&$attachment_data, &$filename_data)
 function load_drafts($topic_id = 0, $forum_id = 0, $id = 0)
 {
 	global $user, $db, $template, $auth;
-	global $phpbb_root_path, $phpEx, $SID;
+	global $phpbb_root_path, $phpEx;
 
 	$topic_ids = $forum_ids = $draft_rows = array();
 
@@ -695,8 +695,8 @@ function load_drafts($topic_id = 0, $forum_id = 0, $id = 0)
 	else
 	{
 		$sql_and = '';
-		$sql_and .= ($forum_id) ? ' AND d.forum_id = ' . $forum_id : '';
+		$sql_and .= ($forum_id) ? ' AND d.forum_id = ' . (int) $forum_id : '';
-		$sql_and .= ($topic_id) ? ' AND d.topic_id = ' . $topic_id : '';
+		$sql_and .= ($topic_id) ? ' AND d.topic_id = ' . (int) $topic_id : '';
 	}
 
 	$sql = 'SELECT d.*, f.forum_id, f.forum_name
@@ -748,24 +748,24 @@ function load_drafts($topic_id = 0, $forum_id = 0, $id = 0)
 		if (isset($topic_rows[$draft['topic_id']]) && $auth->acl_get('f_read', $topic_rows[$draft['topic_id']]['forum_id']))
 		{
 			$link_topic = true;
-			$view_url = "{$phpbb_root_path}viewtopic.$phpEx$SID&amp;f=" . $topic_rows[$draft['topic_id']]['forum_id'] . "&amp;t=" . $draft['topic_id'];
+			$view_url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $topic_rows[$draft['topic_id']]['forum_id'] . '&amp;t=' . $draft['topic_id']);
 			$title = $topic_rows[$draft['topic_id']]['topic_title'];
 
-			$insert_url = "{$phpbb_root_path}posting.$phpEx$SID&amp;f=" . $topic_rows[$draft['topic_id']]['forum_id'] . '&amp;t=' . $draft['topic_id'] . '&amp;mode=reply&amp;d=' . $draft['draft_id'];
+			$insert_url = append_sid("{$phpbb_root_path}posting.$phpEx", 'f=' . $topic_rows[$draft['topic_id']]['forum_id'] . '&amp;t=' . $draft['topic_id'] . '&amp;mode=reply&amp;d=' . $draft['draft_id']);
 		}
 		else if ($draft['forum_id'] && $auth->acl_get('f_read', $draft['forum_id']))
 		{
 			$link_forum = true;
-			$view_url = "{$phpbb_root_path}viewforum.$phpEx$SID&amp;f=" . $draft['forum_id'];
+			$view_url = append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $draft['forum_id']);
 			$title = $draft['forum_name'];
 
-			$insert_url = "{$phpbb_root_path}posting.$phpEx$SID&amp;f=" . $draft['forum_id'] . '&amp;mode=post&amp;d=' . $draft['draft_id'];
+			$insert_url = append_sid("{$phpbb_root_path}posting.$phpEx", 'f=' . $draft['forum_id'] . '&amp;mode=post&amp;d=' . $draft['draft_id']);
 		}
 		else
 		{
 			// Either display as PM draft if forum_id and topic_id are empty or if access to the forums has been denied afterwards...
 			$link_pm = true;
-			$insert_url = "{$phpbb_root_path}ucp.$phpEx$SID&amp;i=$id&amp;mode=compose&amp;d=" . $draft['draft_id'];
+			$insert_url = append_sid("{$phpbb_root_path}ucp.$phpEx", "i=$id&amp;mode=compose&amp;d={$draft['draft_id']}");
 		}
 
 		$template->assign_block_vars('draftrow', array(
@@ -790,7 +790,7 @@ function load_drafts($topic_id = 0, $forum_id = 0, $id = 0)
 function topic_review($topic_id, $forum_id, $mode = 'topic_review', $cur_post_id = 0, $show_quote_button = true)
 {
 	global $user, $auth, $db, $template, $bbcode;
-	global $config, $phpbb_root_path, $phpEx, $SID;
+	global $config, $phpbb_root_path, $phpEx;
 
 	// Go ahead and pull all data for this topic
 	$sql = 'SELECT u.username, u.user_id, p.*
@@ -857,8 +857,8 @@ function topic_review($topic_id, $forum_id, $mode = 'topic_review', $cur_post_id
 			'MESSAGE' 		=> str_replace("\n", '<br />', $message), 
 
 			'U_POST_ID'		=> $row['post_id'],
-			'U_MINI_POST'	=> "{$phpbb_root_path}viewtopic.$phpEx$SID&amp;p=" . $row['post_id'] . '#p' . $row['post_id'],
+			'U_MINI_POST'	=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'p=' . $row['post_id']) . '#p' . $row['post_id'],
-			'U_MCP_DETAILS'	=> ($auth->acl_get('m_info', $forum_id)) ? "{$phpbb_root_path}mcp.$phpEx$SID&amp;i=main&amp;mode=post_details&amp;p=" . $row['post_id'] : '',
+			'U_MCP_DETAILS'	=> ($auth->acl_get('m_info', $forum_id)) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=main&amp;mode=post_details&amp;p=' . $row['post_id'], true, $user->session_id) : '',
 			'U_QUOTE'		=> ($show_quote_button && $auth->acl_get('f_reply', $forum_id)) ? 'javascript:addquote(' . $row['post_id'] . ", '" . addslashes($poster) . "')" : '')
 		);
 		unset($rowset[$i]);
@@ -1061,37 +1061,41 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id
 	}
 
 	// Handle the DB updates
-	$db->sql_transaction();
+	$db->sql_transaction('begin');
 
 	if (!empty($update_notification['topic']))
 	{
-		$db->sql_query('UPDATE ' . TOPICS_WATCH_TABLE . "
+		$sql = 'UPDATE ' . TOPICS_WATCH_TABLE . "
 			SET notify_status = 1
 			WHERE topic_id = $topic_id
-				AND user_id IN (" . implode(', ', $update_notification['topic']) . ")");
+				AND user_id IN (" . implode(', ', $update_notification['topic']) . ")";
+		$db->sql_query($sql);
 	}
 
 	if (!empty($update_notification['forum']))
 	{
-		$db->sql_query('UPDATE ' . FORUMS_WATCH_TABLE . "
+		$sql = 'UPDATE ' . FORUMS_WATCH_TABLE . "
 			SET notify_status = 1
 			WHERE forum_id = $forum_id
-				AND user_id IN (" . implode(', ', $update_notification['forum']) . ")");
+				AND user_id IN (" . implode(', ', $update_notification['forum']) . ")";
+		$db->sql_query($sql);
 	}
 
 	// Now delete the user_ids not authorized to receive notifications on this topic/forum
 	if (!empty($delete_ids['topic']))
 	{
-		$db->sql_query('DELETE FROM ' . TOPICS_WATCH_TABLE . "
+		$sql = 'DELETE FROM ' . TOPICS_WATCH_TABLE . "
 			WHERE topic_id = $topic_id
-				AND user_id IN (" . implode(', ', $delete_ids['topic']) . ")");
+				AND user_id IN (" . implode(', ', $delete_ids['topic']) . ")";
+		$db->sql_query($sql);
 	}
 
 	if (!empty($delete_ids['forum']))
 	{
-		$db->sql_query('DELETE FROM ' . FORUMS_WATCH_TABLE . "
+		$sql = 'DELETE FROM ' . FORUMS_WATCH_TABLE . "
 			WHERE forum_id = $forum_id
-				AND user_id IN (" . implode(', ', $delete_ids['forum']) . ")");
+				AND user_id IN (" . implode(', ', $delete_ids['forum']) . ")";
+		$db->sql_query($sql);
 	}
 
 	$db->sql_transaction('commit');
@@ -1107,7 +1111,7 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id
 function delete_post($forum_id, $topic_id, $post_id, &$data)
 {
 	global $db, $user, $auth;
-	global $config, $phpEx, $SID, $phpbb_root_path;
+	global $config, $phpEx, $phpbb_root_path;
 
 	// Specify our post mode
 	$post_mode = ($data['topic_first_post_id'] == $data['topic_last_post_id']) ? 'delete_topic' : (($data['topic_first_post_id'] == $post_id) ? 'delete_first_post' : (($data['topic_last_post_id'] == $post_id) ? 'delete_last_post' : 'delete'));
@@ -1116,7 +1120,7 @@ function delete_post($forum_id, $topic_id, $post_id, &$data)
 
 	include_once($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
 
-	$db->sql_transaction();
+	$db->sql_transaction('begin');
 
 	if (!delete_posts('post_id', array($post_id), false, false))
 	{
@@ -1234,7 +1238,7 @@ function delete_post($forum_id, $topic_id, $post_id, &$data)
 	$sql_data[USERS_TABLE] = ($auth->acl_get('f_postcount', $forum_id)) ? 'user_posts = user_posts - 1' : '';
 	set_config('num_posts', $config['num_posts'] - 1, true);
 
-	$db->sql_transaction();
+	$db->sql_transaction('begin');
 
 	$where_sql = array(
 		FORUMS_TABLE	=> "forum_id = $forum_id",
@@ -1281,7 +1285,7 @@ function delete_post($forum_id, $topic_id, $post_id, &$data)
 */
 function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $update_message = true)
 {
-	global $db, $auth, $user, $config, $phpEx, $SID, $template, $phpbb_root_path;
+	global $db, $auth, $user, $config, $phpEx, $template, $phpbb_root_path;
 
 	// We do not handle erasing posts here
 	if ($mode == 'delete')
@@ -1321,7 +1325,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 				'icon_id'			=> $data['icon_id'],
 				'poster_ip'			=> $user->ip,
 				'post_time'			=> $current_time,
-				'post_approved' 	=> ($auth->acl_get('f_moderate', $data['forum_id']) && !$auth->acl_get('m_approve', $data['forum_id'])) ? 0 : 1,
+				'post_approved'		=> (!$auth->acl_get('f_noapprove', $data['forum_id']) && !$auth->acl_get('m_approve', $data['forum_id'])) ? 0 : 1,
 				'enable_bbcode'		=> $data['enable_bbcode'],
 				'enable_smilies'	=> $data['enable_smilies'],
 				'enable_magic_url'	=> $data['enable_urls'],
@@ -1373,7 +1377,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 				'forum_id'			=> ($topic_type == POST_GLOBAL) ? 0 : $data['forum_id'],
 				'poster_id'			=> $data['poster_id'],
 				'icon_id'			=> $data['icon_id'],
-				'post_approved' 	=> ($auth->acl_get('f_moderate', $data['forum_id']) && !$auth->acl_get('m_approve', $data['forum_id'])) ? 0 : 1,
+				'post_approved'		=> (!$auth->acl_get('f_noapprove', $data['forum_id']) && !$auth->acl_get('m_approve', $data['forum_id'])) ? 0 : 1,
 				'enable_bbcode'		=> $data['enable_bbcode'],
 				'enable_smilies'	=> $data['enable_smilies'],
 				'enable_magic_url'	=> $data['enable_urls'],
@@ -1407,7 +1411,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 				'topic_time'				=> $current_time,
 				'forum_id'					=> ($topic_type == POST_GLOBAL) ? 0 : $data['forum_id'],
 				'icon_id'					=> $data['icon_id'],
-				'topic_approved'			=> ($auth->acl_get('f_moderate', $data['forum_id']) && !$auth->acl_get('m_approve', $data['forum_id'])) ? 0 : 1,
+				'topic_approved'			=> (!$auth->acl_get('f_noapprove', $data['forum_id']) && !$auth->acl_get('m_approve', $data['forum_id'])) ? 0 : 1,
 				'topic_title'				=> $subject,
 				'topic_first_poster_name'	=> (!$user->data['is_registered'] && $username) ? $username : (($user->data['user_id'] != ANONYMOUS) ? $user->data['username'] : ''),
 				'topic_type'				=> $topic_type,
@@ -1430,19 +1434,19 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 	
 			if ($topic_type != POST_GLOBAL)
 			{
-				if (!$auth->acl_get('f_moderate', $data['forum_id']) || $auth->acl_get('m_approve', $data['forum_id']))
+				if ($auth->acl_get('f_noapprove', $data['forum_id']) || $auth->acl_get('m_approve', $data['forum_id']))
 				{
 					$sql_data[FORUMS_TABLE]['stat'][] = 'forum_posts = forum_posts + 1';
 				}
-				$sql_data[FORUMS_TABLE]['stat'][] = 'forum_topics_real = forum_topics_real + 1' . ((!$auth->acl_get('f_moderate', $data['forum_id']) || $auth->acl_get('m_approve', $data['forum_id'])) ? ', forum_topics = forum_topics + 1' : '');
+				$sql_data[FORUMS_TABLE]['stat'][] = 'forum_topics_real = forum_topics_real + 1' . (($auth->acl_get('f_noapprove', $data['forum_id']) || $auth->acl_get('m_approve', $data['forum_id'])) ? ', forum_topics = forum_topics + 1' : '');
 			}
 		break;
 
 		case 'reply':
-			$sql_data[TOPICS_TABLE]['stat'][] = 'topic_replies_real = topic_replies_real + 1, topic_bumped = 0, topic_bumper = 0' . ((!$auth->acl_get('f_moderate', $data['forum_id']) || $auth->acl_get('m_approve', $data['forum_id'])) ? ', topic_replies = topic_replies + 1' : '');
+			$sql_data[TOPICS_TABLE]['stat'][] = 'topic_replies_real = topic_replies_real + 1, topic_bumped = 0, topic_bumper = 0' . (($auth->acl_get('f_noapprove', $data['forum_id']) || $auth->acl_get('m_approve', $data['forum_id'])) ? ', topic_replies = topic_replies + 1' : '');
 			$sql_data[USERS_TABLE]['stat'][] = "user_lastpost_time = $current_time" . (($auth->acl_get('f_postcount', $data['forum_id'])) ? ', user_posts = user_posts + 1' : '');
 
-			if ((!$auth->acl_get('f_moderate', $data['forum_id']) || $auth->acl_get('m_approve', $data['forum_id'])) && $topic_type != POST_GLOBAL)
+			if (($auth->acl_get('f_noapprove', $data['forum_id']) || $auth->acl_get('m_approve', $data['forum_id'])) && $topic_type != POST_GLOBAL)
 			{
 				$sql_data[FORUMS_TABLE]['stat'][] = 'forum_posts = forum_posts + 1';
 			}
@@ -1454,7 +1458,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 			$sql_data[TOPICS_TABLE]['sql'] = array(
 				'forum_id'					=> ($topic_type == POST_GLOBAL) ? 0 : $data['forum_id'],
 				'icon_id'					=> $data['icon_id'],
-				'topic_approved'			=> ($auth->acl_get('f_moderate', $data['forum_id']) && !$auth->acl_get('m_approve', $data['forum_id'])) ? 0 : 1,
+				'topic_approved'			=> (!$auth->acl_get('f_noapprove', $data['forum_id']) && !$auth->acl_get('m_approve', $data['forum_id'])) ? 0 : 1,
 				'topic_title'				=> $subject,
 				'topic_first_poster_name'	=> $username,
 				'topic_type'				=> $topic_type,
@@ -1470,7 +1474,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 		break;
 	}
 
-	$db->sql_transaction();
+	$db->sql_transaction('begin');
 
 	// Submit new topic
 	if ($post_mode == 'post')
@@ -1565,17 +1569,19 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 	// Update the topics table
 	if (isset($sql_data[TOPICS_TABLE]['sql']))
 	{
-		$db->sql_query('UPDATE ' . TOPICS_TABLE . '
+		$sql = 'UPDATE ' . TOPICS_TABLE . '
 			SET ' . $db->sql_build_array('UPDATE', $sql_data[TOPICS_TABLE]['sql']) . '
-			WHERE topic_id = ' . $data['topic_id']);
+			WHERE topic_id = ' . $data['topic_id'];
+		$db->sql_query($sql);
 	}
 
 	// Update the posts table
 	if (isset($sql_data[POSTS_TABLE]['sql']))
 	{
-		$db->sql_query('UPDATE ' . POSTS_TABLE . '
+		$sql = 'UPDATE ' . POSTS_TABLE . '
 			SET ' . $db->sql_build_array('UPDATE', $sql_data[POSTS_TABLE]['sql']) . '
-			WHERE post_id = ' . $data['post_id']);
+			WHERE post_id = ' . $data['post_id'];
+		$db->sql_query($sql);
 	}
 
 	// Update Poll Tables
@@ -1753,7 +1759,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 	}
 
 	// Update total post count, do not consider moderated posts/topics
-	if (!$auth->acl_get('f_moderate', $data['forum_id']) || $auth->acl_get('m_approve', $data['forum_id']))
+	if ($auth->acl_get('f_noapprove', $data['forum_id']) || $auth->acl_get('m_approve', $data['forum_id']))
 	{
 		if ($post_mode == 'post')
 		{
@@ -1768,7 +1774,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 	}
 
 	// Update forum stats
-	$db->sql_transaction();
+	$db->sql_transaction('begin');
 
 	$where_sql = array(POSTS_TABLE => 'post_id = ' . $data['post_id'], TOPICS_TABLE => 'topic_id = ' . $data['topic_id'], FORUMS_TABLE => 'forum_id = ' . $data['forum_id'], USERS_TABLE => 'user_id = ' . $user->data['user_id']);
 
@@ -1783,15 +1789,16 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 	// Delete topic shadows (if any exist). We do not need a shadow topic for an global announcement
 	if ($make_global)
 	{
-		$db->sql_query('DELETE FROM ' . TOPICS_TABLE . '
+		$sql = 'DELETE FROM ' . TOPICS_TABLE . '
-			WHERE topic_moved_id = ' . $data['topic_id']);
+			WHERE topic_moved_id = ' . $data['topic_id'];
+		$db->sql_query($sql);
 	}
 
 	// Index message contents
 	if ($update_message && $data['enable_indexing'])
 	{
 		// Select the search method and do some additional checks to ensure it can actually be utilised
-		$search_type = $config['search_type'];
+		$search_type = basename($config['search_type']);
 
 		if (!file_exists($phpbb_root_path . 'includes/search/' . $search_type . '.' . $phpEx))
 		{
@@ -1817,7 +1824,10 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 	$draft_id = request_var('draft_loaded', 0);
 	if ($draft_id)
 	{
-		$db->sql_query('DELETE FROM ' . DRAFTS_TABLE . " WHERE draft_id = $draft_id AND user_id = " . $user->data['user_id']);
+		$sql = 'DELETE FROM ' . DRAFTS_TABLE . "
+			WHERE draft_id = $draft_id
+				AND user_id = {$user->data['user_id']}";
+		$db->sql_query($sql);
 	}
 
 	// Topic Notification, do not change if moderator is changing other users posts...
@@ -1849,18 +1859,18 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 	markread('topic', $data['forum_id'], $data['topic_id'], time());
 
 	// Send Notifications
-	if ($mode != 'edit' && $mode != 'delete' && (!$auth->acl_get('f_moderate', $data['forum_id']) || $auth->acl_get('m_approve', $data['forum_id'])))
+	if ($mode != 'edit' && $mode != 'delete' && ($auth->acl_get('f_noapprove', $data['forum_id']) || $auth->acl_get('m_approve', $data['forum_id'])))
 	{
 		user_notification($mode, $subject, $data['topic_title'], $data['forum_name'], $data['forum_id'], $data['topic_id'], $data['post_id']);
 	}
 
 	if ($mode == 'post')
 	{
-		$url = (!$auth->acl_get('f_moderate', $data['forum_id']) || $auth->acl_get('m_approve', $data['forum_id'])) ? "{$phpbb_root_path}viewtopic.$phpEx$SID&amp;f=" . $data['forum_id'] . '&amp;t=' . $data['topic_id'] : "{$phpbb_root_path}viewforum.$phpEx$SID&amp;f=" . $data['forum_id'];
+		$url = ($auth->acl_get('f_noapprove', $data['forum_id']) || $auth->acl_get('m_approve', $data['forum_id'])) ? append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $data['forum_id'] . '&amp;t=' . $data['topic_id']) : append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $data['forum_id']);
 	}
 	else
 	{
-		$url = (!$auth->acl_get('f_moderate', $data['forum_id']) || $auth->acl_get('m_approve', $data['forum_id'])) ?  "{$phpbb_root_path}viewtopic.$phpEx$SID&amp;f={$data['forum_id']}&amp;t={$data['topic_id']}&amp;p={$data['post_id']}#p{$data['post_id']}" : "{$phpbb_root_path}viewtopic.$phpEx$SID&amp;f={$data['forum_id']}&amp;t={$data['topic_id']}";
+		$url = ($auth->acl_get('f_noapprove', $data['forum_id']) || $auth->acl_get('m_approve', $data['forum_id'])) ?  append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f={$data['forum_id']}&amp;t={$data['topic_id']}&amp;p={$data['post_id']}") . "#p{$data['post_id']}" : append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f={$data['forum_id']}&amp;t={$data['topic_id']}");
 	}
 
 	return $url;

phpBB/includes/functions_privmsgs.php

@@ -51,6 +51,10 @@ define('CHECK_MESSAGE', 3);
 define('CHECK_STATUS', 4);
 define('CHECK_TO', 5);
 
+/**
+* Global private message rules
+* These rules define what to do if a rule is hit
+*/
 $global_privmsgs_rules = array(
 	CHECK_SUBJECT	=> array(
 		RULE_IS_LIKE		=> array('check0' => 'message_subject', 'function' => 'preg_match("/" . preg_quote({STRING}, "/") . "/i", {CHECK0})'),
@@ -87,7 +91,9 @@ $global_privmsgs_rules = array(
 		RULE_TO_ME			=> array('check0' => 'to', 'check1' => 'bcc', 'function' => 'in_array("u_" . $user_id, {CHECK0}) || in_array("u_" . $user_id, {CHECK1})'))
 );
 
-// This is for defining which condition fields to show for which Rule
+/**
+* This is for defining which condition fields to show for which Rule
+*/
 $global_rule_conditions = array(
 	RULE_IS_LIKE		=> 'text',
 	RULE_IS_NOT_LIKE	=> 'text',
@@ -105,7 +111,7 @@ $global_rule_conditions = array(
 function get_folder($user_id, $folder_id = false)
 {
 	global $db, $user, $template;
-	global $phpbb_root_path, $phpEx, $SID;
+	global $phpbb_root_path, $phpEx;
 
 	$folder = array();
 
@@ -144,7 +150,11 @@ function get_folder($user_id, $folder_id = false)
 	// Adjust unread status for outbox
 	$num_unread[PRIVMSGS_OUTBOX] = $num_messages[PRIVMSGS_OUTBOX];
 
-	$folder[PRIVMSGS_INBOX] = array('folder_name' => $user->lang['PM_INBOX'], 'num_messages' => $num_messages[PRIVMSGS_INBOX], 'unread_messages' => $num_unread[PRIVMSGS_INBOX]);
+	$folder[PRIVMSGS_INBOX] = array(
+		'folder_name'		=> $user->lang['PM_INBOX'],
+		'num_messages'		=> $num_messages[PRIVMSGS_INBOX],
+		'unread_messages'	=> $num_unread[PRIVMSGS_INBOX]
+	);
 
 	// Custom Folder
 	$sql = 'SELECT folder_id, folder_name, pm_count
@@ -154,12 +164,25 @@ function get_folder($user_id, $folder_id = false)
 
 	while ($row = $db->sql_fetchrow($result))
 	{
-		$folder[$row['folder_id']] = array('folder_name' => $row['folder_name'], 'num_messages' => $row['pm_count'], 'unread_messages' => ((isset($num_unread[$row['folder_id']])) ? $num_unread[$row['folder_id']] : 0));
+		$folder[$row['folder_id']] = array(
+			'folder_name'		=> $row['folder_name'],
+			'num_messages'		=> $row['pm_count'],
+			'unread_messages'	=> ((isset($num_unread[$row['folder_id']])) ? $num_unread[$row['folder_id']] : 0)
+		);
 	}
 	$db->sql_freeresult($result);
 
-	$folder[PRIVMSGS_OUTBOX] = array('folder_name' => $user->lang['PM_OUTBOX'], 'num_messages' => $num_messages[PRIVMSGS_OUTBOX], 'unread_messages' => $num_unread[PRIVMSGS_OUTBOX]);
+	$folder[PRIVMSGS_OUTBOX] = array(
-	$folder[PRIVMSGS_SENTBOX] = array('folder_name' => $user->lang['PM_SENTBOX'], 'num_messages' => $num_messages[PRIVMSGS_SENTBOX], 'unread_messages' => $num_unread[PRIVMSGS_SENTBOX]);
+		'folder_name'		=> $user->lang['PM_OUTBOX'],
+		'num_messages'		=> $num_messages[PRIVMSGS_OUTBOX],
+		'unread_messages'	=> $num_unread[PRIVMSGS_OUTBOX]
+	);
+
+	$folder[PRIVMSGS_SENTBOX] = array(
+		'folder_name'		=> $user->lang['PM_SENTBOX'],
+		'num_messages'		=> $num_messages[PRIVMSGS_SENTBOX],
+		'unread_messages'	=> $num_unread[PRIVMSGS_SENTBOX]
+	);
 
 	// Define Folder Array for template designers (and for making custom folders usable by the template too)
 	foreach ($folder as $f_id => $folder_ary)
@@ -172,7 +195,7 @@ function get_folder($user_id, $folder_id = false)
 			'NUM_MESSAGES'		=> $folder_ary['num_messages'],
 			'UNREAD_MESSAGES'	=> $folder_ary['unread_messages'],
 
-			'U_FOLDER'			=> ($f_id > 0) ? "{$phpbb_root_path}ucp.$phpEx$SID&i=pm&folder={$f_id}" : "{$phpbb_root_path}ucp.$phpEx$SID&i=pm&folder={$folder_id_name}",
+			'U_FOLDER'			=> ($f_id > 0) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&folder=' . $f_id) : append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&folder=' . $folder_id_name),
 
 			'S_CUR_FOLDER'		=> ($f_id === $folder_id) ? true : false,
 			'S_UNREAD_MESSAGES'	=> ($folder_ary['unread_messages']) ? true : false,
@@ -184,13 +207,14 @@ function get_folder($user_id, $folder_id = false)
 }
 
 /**
-* Delete Messages From Sentbox - we are doing this here because this saves us a bunch of checks and queries
+* Delete Messages From Sentbox
+* we are doing this here because this saves us a bunch of checks and queries
 */
 function clean_sentbox($num_sentbox_messages)
 {
 	global $db, $user, $config;
 
-	// Check Message Limit - 
+	// Check Message Limit
 	if ($user->data['message_limit'] && $num_sentbox_messages > $user->data['message_limit'])
 	{
 		// Delete old messages
@@ -284,7 +308,6 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false)
 			FROM ' . PRIVMSGS_RULES_TABLE . "
 			WHERE user_id = $user_id";
 		$result = $db->sql_query($sql);
-
 		$user_rules = $db->sql_fetchrowset($result);
 		$db->sql_freeresult($result);
 
@@ -313,7 +336,7 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false)
 	}
 
 	// Get those messages not yet placed into any box
-	// NOTE: Expand Group Information to all groups the user/author is in? 
+	// @todo question: expand group information to all groups the user/author is in on private message folder?? (user_in_group)
 	$sql = 'SELECT t.*, p.*, u.username, u.group_id as author_in_group
 		FROM ' . PRIVMSGS_TO_TABLE . ' t, ' . PRIVMSGS_TABLE . ' p, ' . USERS_TABLE . " u
 		WHERE t.user_id = $user_id
@@ -394,8 +417,6 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false)
 					}
 					$move_into_folder[PRIVMSGS_INBOX][] = $msg_id;
 				break;
-
-				default:
 			}
 		}
 	}
@@ -585,7 +606,7 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false)
 function move_pm($user_id, $message_limit, $move_msg_ids, $dest_folder, $cur_folder_id)
 {
 	global $db, $user;
-	global $phpbb_root_path, $phpEx, $SID;
+	global $phpbb_root_path, $phpEx;
 
 	$num_moved = 0;
 
@@ -605,17 +626,18 @@ function move_pm($user_id, $message_limit, $move_msg_ids, $dest_folder, $cur_fol
 				WHERE folder_id = $dest_folder
 					AND user_id = $user_id";
 			$result = $db->sql_query($sql);
+			$row = $db->sql_fetchrow($result);
+			$db->sql_freeresult($result);
 
-			if (!($row = $db->sql_fetchrow($result)))
+			if (!$row)
 			{
 				trigger_error('NOT_AUTHORIZED');
 			}
-			$db->sql_freeresult($result);
 
 			if ($row['pm_count'] + sizeof($move_msg_ids) > $message_limit)
 			{
 				$message = sprintf($user->lang['NOT_ENOUGH_SPACE_FOLDER'], $row['folder_name']) . '<br /><br />';
-				$message .= sprintf($user->lang['CLICK_RETURN_FOLDER'], "<a href=\"{$phpbb_root_path}ucp.$phpEx$SID&amp;i=pm&amp;folder={$row['folder_id']}\">", '</a>', $row['folder_name']);
+				$message .= sprintf($user->lang['CLICK_RETURN_FOLDER'], '<a href="' . append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&amp;folder=' . $row['folder_id']) . '">', '</a>', $row['folder_name']);
 				trigger_error($message);
 			}
 		}
@@ -632,7 +654,7 @@ function move_pm($user_id, $message_limit, $move_msg_ids, $dest_folder, $cur_fol
 			if ($num_messages + sizeof($move_msg_ids) > $message_limit)
 			{
 				$message = sprintf($user->lang['NOT_ENOUGH_SPACE_FOLDER'], $user->lang['PM_INBOX']) . '<br /><br />';
-				$message .= sprintf($user->lang['CLICK_RETURN_FOLDER'], "<a href=\"{$phpbb_root_path}ucp.$phpEx$SID&amp;i=pm&amp;folder=inbox\">", '</a>', $user->lang['PM_INBOX']);
+				$message .= sprintf($user->lang['CLICK_RETURN_FOLDER'], '<a href="' . append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&amp;folder=inbox') . '">', '</a>', $user->lang['PM_INBOX']);
 				trigger_error($message);
 			}
 		}
@@ -701,7 +723,7 @@ function update_unread_status($unread, $msg_id, $user_id, $folder_id)
 */
 function handle_mark_actions($user_id, $mark_action)
 {
-	global $db, $user, $_POST, $phpbb_root_path, $SID, $phpEx;
+	global $db, $user, $_POST, $phpbb_root_path, $phpEx;
 
 	$msg_ids		= (isset($_POST['marked_msg_id'])) ? array_map('intval', $_POST['marked_msg_id']) : array();
 	$cur_folder_id	= request_var('cur_folder_id', PRIVMSGS_NO_BOX);
@@ -732,7 +754,7 @@ function handle_mark_actions($user_id, $mark_action)
 				delete_pm($user_id, $msg_ids, $cur_folder_id);
 				
 				$success_msg = (sizeof($msg_ids) == 1) ? 'MESSAGE_DELETED' : 'MESSAGES_DELETED';
-				$redirect = "{$phpbb_root_path}ucp.$phpEx$SID&amp;i=pm&amp;folder=$cur_folder_id";
+				$redirect = append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&amp;folder=' . $cur_folder_id);
 
 				meta_refresh(3, $redirect);
 				trigger_error($user->lang[$success_msg] . '<br /><br />' . sprintf($user->lang['RETURN_FOLDER'], '<a href="' . $redirect . '">', '</a>'));
@@ -930,11 +952,11 @@ function rebuild_header($check_ary)
 }
 
 /**
-* Print out/Assign recipient informations
+* Print out/assign recipient informations
 */
 function write_pm_addresses($check_ary, $author_id, $plaintext = false)
 {
-	global $db, $user, $template, $phpbb_root_path, $SID, $phpEx;
+	global $db, $user, $template, $phpbb_root_path, $phpEx;
 
 	$addresses = array();
 
@@ -1044,7 +1066,7 @@ function write_pm_addresses($check_ary, $author_id, $plaintext = false)
 						'IS_USER'	=> ($type == 'user'),
 						'COLOUR'	=> ($row['colour']) ? $row['colour'] : '',
 						'UG_ID'		=> $id,
-						'U_VIEW'	=> ($type == 'user') ? "{$phpbb_root_path}memberlist.$phpEx$SID&amp;mode=viewprofile&amp;u=" . $id : "{$phpbb_root_path}memberlist.$phpEx$SID&amp;mode=group&amp;g=" . $id,
+						'U_VIEW'	=> ($type == 'user') ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&amp;u=' . $id) : append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=group&amp;g=' . $id),
 						'TYPE'		=> $type)
 					);
 				}
@@ -1072,17 +1094,16 @@ function get_folder_status($folder_id, $folder)
 	{
 		return false;
 	}
-	$return = array();
 
 	$return = array(
 		'folder_name'	=> $folder['folder_name'], 
 		'cur'			=> $folder['num_messages'],
 		'remaining'		=> $user->data['message_limit'] - $folder['num_messages'],
 		'max'			=> $user->data['message_limit'],
-		'percent'		=> ($user->data['message_limit'] > 0) ? round(($folder['num_messages'] / $user->data['message_limit']) * 100) : 100
+		'percent'		=> ($user->data['message_limit'] > 0) ? round(($folder['num_messages'] / $user->data['message_limit']) * 100) : 100,
-	);
 
-	$return['message'] = sprintf($user->lang['FOLDER_STATUS_MSG'], $return['percent'], $return['cur'], $return['max']);
+		'message'		=> sprintf($user->lang['FOLDER_STATUS_MSG'], $return['percent'], $return['cur'], $return['max']),
+	);
 
 	return $return;
 }
@@ -1096,9 +1117,9 @@ function get_folder_status($folder_id, $folder)
 */
 function submit_pm($mode, $subject, &$data, $update_message, $put_in_outbox = true)
 {
-	global $db, $auth, $config, $phpEx, $SID, $template, $user;
+	global $db, $auth, $config, $phpEx, $template, $user;
 
-	// We do not handle erasing posts here
+	// We do not handle erasing pms here
 	if ($mode == 'delete')
 	{
 		return false;
@@ -1178,6 +1199,8 @@ function submit_pm($mode, $subject, &$data, $update_message, $put_in_outbox = tr
 				WHERE user_id = ' . $data['from_user_id'] . '
 					AND msg_id = ' . $data['reply_from_msg_id'];
 
+		// no break
+
 		case 'forward':
 		case 'post':
 		case 'quotepost':
@@ -1238,7 +1261,7 @@ function submit_pm($mode, $subject, &$data, $update_message, $put_in_outbox = tr
 
 	if ($mode != 'edit')
 	{
-		$db->sql_transaction();
+		$db->sql_transaction('begin');
 
 		if ($sql)
 		{
@@ -1310,7 +1333,7 @@ function submit_pm($mode, $subject, &$data, $update_message, $put_in_outbox = tr
 		$db->sql_query($sql);
 	}
 
-	$db->sql_transaction();
+	$db->sql_transaction('begin');
 
 	// Submit Attachments
 	if (!empty($data['attachment_data']) && $data['msg_id'] && in_array($mode, array('post', 'reply', 'quote', 'quotepost', 'edit', 'forward')))

phpBB/includes/functions_template.php

@@ -20,10 +20,8 @@ if (!defined('IN_PHPBB'))
 *
 * Extension of template class - Functions needed for compiling templates only.
 *
-* psoTFX - Completion of file caching, decompilation routines and implementation of
+* psoTFX, phpBB Development Team - Completion of file caching, decompilation
-* conditionals/keywords and associated changes
+* routines and implementation of conditionals/keywords and associated changes
-*
-* phpBB Development Team - further additions and fixes
 *
 * The interface was inspired by PHPLib templates,  and the template file (formats are
 * quite similar)
@@ -168,11 +166,11 @@ class template_compile
 				break;
 
 				case 'INCLUDEPHP':
-					$compile_blocks[] = ($config['tpl_php']) ? '<?php ' . $this->compile_tag_include_php(array_shift($includephp_blocks)) . ' ?>' : '';
+					$compile_blocks[] = ($config['tpl_allow_php']) ? '<?php ' . $this->compile_tag_include_php(array_shift($includephp_blocks)) . ' ?>' : '';
 				break;
 
 				case 'PHP':
-					$compile_blocks[] = ($config['tpl_php']) ? '<?php ' . array_shift($php_blocks) . ' ?>' : '';
+					$compile_blocks[] = ($config['tpl_allow_php']) ? '<?php ' . array_shift($php_blocks) . ' ?>' : '';
 				break;
 
 				default:
@@ -221,11 +219,17 @@ class template_compile
 
 		// This will handle the remaining root-level varrefs
 		// transform vars prefixed by L_ into their language variable pendant if nothing is set within the tpldata array
+		if (strpos($text_blocks, '{L_') !== false)
+		{
 			$text_blocks = preg_replace('#\{L_([a-z0-9\-_]*)\}#is', "<?php echo ((isset(\$this->_tpldata['.'][0]['L_\\1'])) ? \$this->_tpldata['.'][0]['L_\\1'] : ((isset(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '{ ' . ucfirst(strtolower(str_replace('_', ' ', '\\1'))) . ' }')); ?>", $text_blocks);
+		}
 
 		// Handle addslashed language variables prefixed with LA_
 		// If a template variable already exist, it will be used in favor of it...
+		if (strpos($text_blocks, '{LA_') !== false)
+		{
 			$text_blocks = preg_replace('#\{LA_([a-z0-9\-_]*)\}#is', "<?php echo ((isset(\$this->_tpldata['.'][0]['LA_\\1'])) ? \$this->_tpldata['.'][0]['LA_\\1'] : ((isset(\$this->_tpldata['.'][0]['L_\\1'])) ? addslashes(\$this->_tpldata['.'][0]['L_\\1']) : ((isset(\$user->lang['\\1'])) ? addslashes(\$user->lang['\\1']) : '{ ' . ucfirst(strtolower(str_replace('_', ' ', '\\1'))) . ' }'))); ?>", $text_blocks);
+		}
 
 		// Handle remaining varrefs
 		$text_blocks = preg_replace('#\{([a-z0-9\-_]*)\}#is', "<?php echo (isset(\$this->_tpldata['.'][0]['\\1'])) ? \$this->_tpldata['.'][0]['\\1'] : ''; ?>", $text_blocks);
@@ -579,9 +583,6 @@ class template_compile
 					$expr =	"!($is_arg % $expr_arg)";
 				}
 			break;
-
-			default:
-			break;
 		}
 
 		if ($negate_expr)

phpBB/includes/functions_transfer.php

@@ -47,7 +47,7 @@ class transfer
 	{
 		global $phpbb_root_path;
 
-		$destination_file = $this->root_path . '/' . str_replace($phpbb_root_path, '', $destination_file);
+		$destination_file = $this->root_path . str_replace($phpbb_root_path, '', $destination_file);
 
 		// need to create a temp file and then move that temp file.
 		// ftp functions can only move files around and can't create.
@@ -121,7 +121,7 @@ class transfer
 				$this->_chmod($dir[$i], $this->dir_perms);
 			}
 
-			$this->_chdir($this->root_path . '/' . $dirs . $dir[$i]);
+			$this->_chdir($this->root_path . $dirs . $dir[$i]);
 			$dirs .= $cur_dir;
 		}
 
@@ -141,7 +141,7 @@ class transfer
 		global $phpbb_root_path;
 
 		$from_loc = ((strpos($from_loc, $phpbb_root_path) !== 0) ? $phpbb_root_path : '') . $from_loc;
-		$to_loc = $this->root_path . '/' . str_replace($phpbb_root_path, '', $to_loc);
+		$to_loc = $this->root_path . str_replace($phpbb_root_path, '', $to_loc);
 
 		if (!file_exists($from_loc))
 		{
@@ -160,7 +160,7 @@ class transfer
 	{
 		global $phpbb_root_path;
 		
-		$file = $this->root_path . '/' . str_replace($phpbb_root_path, '', $file);
+		$file = $this->root_path . str_replace($phpbb_root_path, '', $file);
 
 		return $this->_delete($file);
 	}
@@ -173,7 +173,7 @@ class transfer
 	{
 		global $phpbb_root_path;
 		
-		$dir = $this->root_path . '/' . str_replace($phpbb_root_path, '', $dir);
+		$dir = $this->root_path . str_replace($phpbb_root_path, '', $dir);
 		
 		return $this->_rmdir($dir);
 	}
@@ -185,7 +185,7 @@ class transfer
 	{
 		global $phpbb_root_path;
 
-		$old_handle = $this->root_path . '/' . str_replace($phpbb_root_path, '', $old_handle);
+		$old_handle = $this->root_path . str_replace($phpbb_root_path, '', $old_handle);
 		
 		return $this->_rename($old_handle, $new_handle);
 	}
@@ -245,9 +245,9 @@ class ftp extends transfer
 		$this->password		= $password;
 		$this->timeout		= $timeout;
 
-		// Make sure $this->root_path is layed out the same way as the $user->page['root_script_path'] value (prefixed with / and no / at the end)
+		// Make sure $this->root_path is layed out the same way as the $user->page['root_script_path'] value (/ at the end)
 		$this->root_path	= str_replace('\\', '/', $this->root_path);
-		$this->root_path	= (($root_path{0} != '/' ) ? '/' : '') . ((substr($root_path, -1, 1) == '/') ? substr($root_path, 0, -1) : $root_path);
+		$this->root_path	= (($root_path{0} != '/' ) ? '/' : '') . ((substr($root_path, -1, 1) == '/') ? '' : '/') . $root_path;
 
 		// Init some needed values
 		transfer::transfer();
@@ -447,7 +447,7 @@ class ftp_fsock extends transfer
 
 		// Make sure $this->root_path is layed out the same way as the $user->page['root_script_path'] value (prefixed with / and no / at the end)
 		$this->root_path	= str_replace('\\', '/', $this->root_path);
-		$this->root_path	= (($root_path{0} != '/' ) ? '/' : '') . ((substr($root_path, -1, 1) == '/') ? substr($root_path, 0, -1) : $root_path);
+		$this->root_path	= (($root_path{0} != '/' ) ? '/' : '') . ((substr($root_path, -1, 1) == '/') ? '' : '/') . $root_path;
 
 		// Init some needed values
 		transfer::transfer();

phpBB/includes/functions_user.php

@@ -46,6 +46,7 @@ function user_get_id_name(&$user_id_ary, &$username_ary)
 
 	if (!($row = $db->sql_fetchrow($result)))
 	{
+		$db->sql_freeresult($result);
 		return 'NO_USERS';
 	}
 
@@ -63,6 +64,9 @@ function user_get_id_name(&$user_id_ary, &$username_ary)
 
 /**
 * Updates a username across all relevant tables/fields
+*
+* @param string $old_name the old/current username
+* @param string $new_name the new username
 */
 function user_update_name($old_name, $new_name)
 {
@@ -99,7 +103,7 @@ function user_delete($mode, $user_id, $post_username = false)
 {
 	global $config, $db, $user, $auth;
 
-	$db->sql_transaction();
+	$db->sql_transaction('begin');
 
 	switch ($mode)
 	{
@@ -538,7 +542,6 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
 	// We have some entities to ban
 	if (sizeof($banlist_ary))
 	{
-		$sql = '';
 		$sql_ary = array();
 
 		foreach ($banlist_ary as $ban_entry)
@@ -605,7 +608,6 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
 					$result = $db->sql_query($sql);
 
 					$sql_in = array();
-					$sql = '';
 
 					if ($row = $db->sql_fetchrow($result))
 					{
@@ -748,8 +750,7 @@ function user_ipwhois($ip)
 }
 
 /**
-* Data validation ... used primarily but not exclusively by
+* Data validation ... used primarily but not exclusively by ucp modules
-* ucp modules
 *
 * "Master" function for validating a range of data types
 */
@@ -837,6 +838,7 @@ function validate_match($string, $optional = false, $match)
 	{
 		return 'WRONG_DATA';
 	}
+
 	return false;
 }
 
@@ -863,23 +865,25 @@ function validate_username($username)
 		FROM ' . USERS_TABLE . "
 		WHERE LOWER(username) = '" . strtolower($db->sql_escape($username)) . "'";
 	$result = $db->sql_query($sql);
+	$row = $db->sql_fetchrow($result);
+	$db->sql_freeresult($result);
 
-	if ($row = $db->sql_fetchrow($result))
+	if ($row)
 	{
 		return 'USERNAME_TAKEN';
 	}
-	$db->sql_freeresult($result);
 
 	$sql = 'SELECT group_name
 		FROM ' . GROUPS_TABLE . "
 		WHERE LOWER(group_name) = '" . strtolower($db->sql_escape($username)) . "'";
 	$result = $db->sql_query($sql);
+	$row = $db->sql_fetchrow($result);
+	$db->sql_freeresult($result);
 
-	if ($row = $db->sql_fetchrow($result))
+	if ($row)
 	{
 		return 'USERNAME_TAKEN';
 	}
-	$db->sql_freeresult($result);
 
 	$sql = 'SELECT disallow_username
 		FROM ' . DISALLOW_TABLE;
@@ -889,6 +893,7 @@ function validate_username($username)
 	{
 		if (preg_match('#^' . str_replace('%', '.*?', preg_quote($row['disallow_username'], '$#')) . '#i', $username))
 		{
+			$db->sql_freeresult($result);
 			return 'USERNAME_DISALLOWED';
 		}
 	}
@@ -902,6 +907,7 @@ function validate_username($username)
 	{
 		if (preg_match('#(' . str_replace('\*', '.*?', preg_quote($row['word'], '#')) . ')#i', $username))
 		{
+			$db->sql_freeresult($result);
 			return 'USERNAME_DISALLOWED';
 		}
 	}
@@ -938,12 +944,13 @@ function validate_email($email)
 			FROM ' . USERS_TABLE . "
 			WHERE user_email_hash = " . crc32(strtolower($email)) . strlen($email);
 		$result = $db->sql_query($sql);
+		$row = $db->sql_fetchrow($result);
+		$db->sql_freeresult($result);
 
-		if ($row = $db->sql_fetchrow($result))
+		if ($row)
 		{
 			return 'EMAIL_TAKEN';
 		}
-		$db->sql_freeresult($result);
 	}
 
 	return false;
@@ -1024,10 +1031,10 @@ function avatar_remote($data, &$error)
 */
 function avatar_upload($data, &$error)
 {
-	global $phpbb_root_path, $config, $db, $user;
+	global $phpbb_root_path, $config, $db, $user, $phpEx;
 
 	// Init upload class
-	include_once($phpbb_root_path . 'includes/functions_upload.php');
+	include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx);
 	$upload = new fileupload('AVATAR_', array('jpg', 'jpeg', 'gif', 'png'), $config['avatar_filesize'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height']);
 
 	if (!empty($_FILES['uploadfile']['name']))
@@ -1262,6 +1269,23 @@ function group_create(&$group_id, $type, $name, $desc, $group_attributes, $allow
 
 		if (sizeof($sql_ary))
 		{
+			// Before we update the user attributes, we will make a list of those having now the group avatar assigned
+			if (in_array('user_avatar', array_keys($sql_ary)))
+			{
+				// Ok, get the original avatar data from users having an uploaded one (we need to remove these from the filesystem)
+				$sql = 'SELECT user_id, user_avatar
+					FROM ' . USERS_TABLE . '
+					WHERE group_id = ' . $group_id . '
+						AND user_avatar_type = ' . AVATAR_UPLOAD;
+				$result = $db->sql_query($sql);
+
+				while ($row = $db->sql_fetchrow($result))
+				{
+					avatar_delete($row['user_avatar']);
+				}
+				$db->sql_freeresult($result);
+			}
+
 			$sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
 				WHERE group_id = $group_id";
 			$db->sql_query($sql);
@@ -1358,9 +1382,7 @@ function group_user_add($group_id, $user_id_ary = false, $username_ary = false,
 	$result = $db->sql_query($sql);
 
 	$add_id_ary = $update_id_ary = array();
-	if ($row = $db->sql_fetchrow($result))
+	while ($row = $db->sql_fetchrow($result))
-	{
-		do
 	{
 		$add_id_ary[] = $row['user_id'];
 
@@ -1369,8 +1391,6 @@ function group_user_add($group_id, $user_id_ary = false, $username_ary = false,
 			$update_id_ary[] = $row['user_id'];
 		}
 	}
-		while ($row = $db->sql_fetchrow($result));
-	}
 	$db->sql_freeresult($result);
 
 	// Do all the users exist in this group?
@@ -1470,12 +1490,19 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false,
 		$special_group_data[$row['group_id']] = array(
 			'user_colour'			=> $row['group_colour'],
 			'user_rank'				=> $row['group_rank'],
+		);
+
+		// Only set the group avatar if one is defined...
+		if ($row['group_avatar'])
+		{
+			$special_group_data[$row['group_id']] = array_merge($special_group_data[$row['group_id']], array(
 				'user_avatar'			=> $row['group_avatar'],
 				'user_avatar_type'		=> $row['group_avatar_type'],
 				'user_avatar_width'		=> $row['group_avatar_width'],
-			'user_avatar_height'=> $row['group_avatar_height'],
+				'user_avatar_height'	=> $row['group_avatar_height'])
 			);
 		}
+	}
 	$db->sql_freeresult($result);
 
 	// Get users default groups - we only need to reset default group membership if the group from which the user gets removed is set as default
@@ -1524,6 +1551,23 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false,
 		{
 			$special_group_data[$gid]['group_id'] = $gid;
 
+			// Before we update the user attributes, we will make a list of those having now the group avatar assigned
+			if (in_array('user_avatar', array_keys($special_group_data[$gid])))
+			{
+				// Ok, get the original avatar data from users having an uploaded one (we need to remove these from the filesystem)
+				$sql = 'SELECT user_id, user_avatar
+					FROM ' . USERS_TABLE . '
+					WHERE user_id IN (' . implode(', ', $sql_where_ary[$gid]) . ')
+						AND user_avatar_type = ' . AVATAR_UPLOAD;
+				$result = $db->sql_query($sql);
+
+				while ($row = $db->sql_fetchrow($result))
+				{
+					avatar_delete($row['user_avatar']);
+				}
+				$db->sql_freeresult($result);
+			}
+
 			$sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $special_group_data[$gid]) . '
 				WHERE user_id IN (' . implode(', ', $sql_where_ary[$gid]) . ')';
 			$db->sql_query($sql);
@@ -1556,7 +1600,7 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false,
 */
 function group_user_attributes($action, $group_id, $user_id_ary = false, $username_ary = false, $group_name = false, $group_attributes = false)
 {
-	global $db, $auth;
+	global $db, $auth, $phpbb_root_path, $phpEx, $config;
 
 	// We need both username and user_id info
 	user_get_id_name($user_id_ary, $username_ary);
@@ -1566,6 +1610,11 @@ function group_user_attributes($action, $group_id, $user_id_ary = false, $userna
 		return false;
 	}
 
+	if (!$group_name)
+	{
+		$group_name = get_group_name($group_id);
+	}
+
 	switch ($action)
 	{
 		case 'demote':
@@ -1580,13 +1629,64 @@ function group_user_attributes($action, $group_id, $user_id_ary = false, $userna
 		break;
 
 		case 'approve':
+			// Make sure we only approve those which are pending ;)
+			$sql = 'SELECT u.user_id, u.user_email, u.username, u.user_notify_type, u.user_jabber, u.user_lang
+				FROM ' . USERS_TABLE . ' u, ' . USER_GROUP_TABLE . ' ug
+				WHERE ug.group_id = ' . $group_id . '
+					AND ug.user_pending = 1
+					AND ug.user_id = u.user_id
+					AND ug.user_id IN (' . implode(', ', $user_id_ary) . ')';
+			$result = $db->sql_query($sql);
+
+			$user_id_ary = $email_users = array();
+			while ($row = $db->sql_fetchrow($result))
+			{
+				$user_id_ary[] = $row['user_id'];
+				$email_users[] = $row;
+			}
+			$db->sql_freeresult($result);
+
+			if (!sizeof($user_id_ary))
+			{
+				return false;
+			}
+
 			$sql = 'UPDATE ' . USER_GROUP_TABLE . "
 				SET user_pending = 0
 				WHERE group_id = $group_id
 					AND user_id IN (" . implode(', ', $user_id_ary) . ')';
 			$db->sql_query($sql);
 
-			$log = 'LOG_GROUP_APPROVE';
+			// Send approved email to users...
+			include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
+			$messenger = new messenger();
+
+			$email_sig = str_replace('<br />', "\n", "-- \n" . $config['board_email_sig']);
+
+			foreach ($email_users as $row)
+			{
+				$messenger->template('group_approved', $row['user_lang']);
+
+				$messenger->replyto($config['board_email']);
+				$messenger->to($row['user_email'], $row['username']);
+				$messenger->im($row['user_jabber'], $row['username']);
+
+				$messenger->assign_vars(array(
+					'EMAIL_SIG'		=> $email_sig,
+					'SITENAME'		=> $config['sitename'],
+					'USERNAME'		=> html_entity_decode($row['username']),
+					'GROUP_NAME'	=> html_entity_decode($group_name),
+
+					'U_GROUP'		=> generate_board_url() . "/ucp.$phpEx?i=groups&mode=membership")
+				);
+
+				$messenger->send($row['user_notify_type']);
+				$messenger->reset();
+			}
+
+			$messenger->save_queue();
+
+			$log = 'LOG_USERS_APPROVED';
 		break;
 
 		case 'default':
@@ -1598,11 +1698,6 @@ function group_user_attributes($action, $group_id, $user_id_ary = false, $userna
 	// Clear permissions cache of relevant users
 	$auth->acl_clear_prefetch($user_id_ary);
 
-	if (!$group_name)
-	{
-		$group_name = get_group_name($group_id);
-	}
-
 	add_log('admin', $log, $group_name, implode(', ', $username_ary));
 
 	return true;
@@ -1659,6 +1754,23 @@ function group_set_user_default($group_id, $user_id_ary, $group_attributes = fal
 		}
 	}
 
+	// Before we update the user attributes, we will make a list of those having now the group avatar assigned
+	if (in_array('user_avatar', array_keys($sql_ary)))
+	{
+		// Ok, get the original avatar data from users having an uploaded one (we need to remove these from the filesystem)
+		$sql = 'SELECT user_id, user_avatar
+			FROM ' . USERS_TABLE . '
+			WHERE user_id IN (' . implode(', ', $user_id_ary) . ')
+				AND user_avatar_type = ' . AVATAR_UPLOAD;
+		$result = $db->sql_query($sql);
+
+		while ($row = $db->sql_fetchrow($result))
+		{
+			avatar_delete($row['user_avatar']);
+		}
+		$db->sql_freeresult($result);
+	}
+
 	$sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
 		WHERE user_id IN (' . implode(', ', $user_id_ary) . ')';
 	$db->sql_query($sql);

phpBB/includes/mcp/mcp_ban.php

@@ -18,7 +18,7 @@ class mcp_ban
 	function main($id, $mode)
 	{
 		global $config, $db, $user, $auth, $template, $cache;
-		global $SID, $phpbb_root_path, $phpEx;
+		global $phpbb_root_path, $phpEx;
 
 		include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
 
@@ -103,7 +103,7 @@ class mcp_ban
 			'S_USERNAME_BAN'	=> ($mode == 'user') ? true : false,
 
 			'U_ACTION'			=> $this->u_action,
-			'U_FIND_USER'		=> $phpbb_root_path . "memberlist.$phpEx$SID&mode=searchuser&form=mcp_ban&field=ban",
+			'U_FIND_USER'		=> append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=mcp_ban&field=ban'),
 			)
 		);
 	}

phpBB/includes/mcp/mcp_forum.php

@@ -14,9 +14,9 @@
 function mcp_forum_view($id, $mode, $action, $forum_info)
 {
 	global $template, $db, $user, $auth, $cache;
-	global $SID, $phpEx, $phpbb_root_path, $config;
+	global $phpEx, $phpbb_root_path, $config;
 
-	$url = "{$phpbb_root_path}mcp.$phpEx$SID" . extra_url();
+	$url = append_sid("{$phpbb_root_path}mcp.$phpEx?" . extra_url());
 
 	if ($action == 'merge_select')
 	{
@@ -73,8 +73,8 @@ function mcp_forum_view($id, $mode, $action, $forum_info)
 		'S_CAN_SYNC'			=> $auth->acl_get('m_', $forum_id),
 		'S_CAN_APPROVE'			=> $auth->acl_get('m_approve', $forum_id),
 
-		'U_VIEW_FORUM'			=> "{$phpbb_root_path}viewforum.$phpEx$SID&f=" . $forum_id,
+		'U_VIEW_FORUM'			=> append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_id),
-		'U_VIEW_FORUM_LOGS'		=> ($auth->acl_gets('a_', 'm_', $forum_id)) ? "{$phpbb_root_path}mcp.$phpEx$SID&i=logs&mode=forum_logs&f=" . $forum_id : '',
+		'U_VIEW_FORUM_LOGS'		=> ($auth->acl_gets('a_', 'm_', $forum_id)) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=logs&mode=forum_logs&f=' . $forum_id) : '',
 
 		'S_MCP_ACTION'			=> $url . "&i=$id&action=$action&mode=$mode&start=$start" . (($action == 'merge_select') ? $selected_ids : ''),
 
@@ -165,12 +165,12 @@ function mcp_forum_view($id, $mode, $action, $forum_info)
 		$u_mcp_queue = ($topic_unapproved || $posts_unapproved) ? $url . '&i=queue&mode=' . (($topic_unapproved) ? 'approve_details' : 'unapproved_posts') . '&t=' . $row['topic_id'] : '';
 
 		$template->assign_block_vars('topicrow', array(
-			'U_VIEW_TOPIC'		=> "{$phpbb_root_path}mcp.$phpEx$SID&i=$id&f=$forum_id&t={$row['topic_id']}&mode=topic_view",
+			'U_VIEW_TOPIC'		=> append_sid("{$phpbb_root_path}mcp.$phpEx", "i=$id&f=$forum_id&t={$row['topic_id']}&mode=topic_view"),
 
 			'S_SELECT_TOPIC'	=> ($action == 'merge_select' && $row['topic_id'] != $topic_id) ? true : false,
 			'U_SELECT_TOPIC'	=> $url . "&i=$id&mode=topic_view&action=merge&to_topic_id=" . $row['topic_id'] . $selected_ids,
 			'U_MCP_QUEUE'		=> $u_mcp_queue,
-			'U_MCP_REPORT'		=> "{$phpbb_root_path}mcp.$phpEx$SID&i=main&mode=topic_view&t={$row['topic_id']}&action=reports",
+			'U_MCP_REPORT'		=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=main&mode=topic_view&t=' . $row['topic_id'] . '&action=reports'),
 
 			'ATTACH_ICON_IMG'		=> ($auth->acl_gets('f_download', 'u_download', $row['forum_id']) && $row['topic_attachment']) ? $user->img('icon_attach', $user->lang['TOTAL_ATTACHMENTS']) : '',
 			'TOPIC_FOLDER_IMG'		=> $user->img($folder_img, $folder_alt),
@@ -200,7 +200,7 @@ function mcp_forum_view($id, $mode, $action, $forum_info)
 */
 function mcp_resync_topics($topic_ids)
 {
-	global $auth, $db, $template, $phpEx, $user, $SID, $phpbb_root_path;
+	global $auth, $db, $template, $phpEx, $user, $phpbb_root_path;
 
 	if (!($forum_id = check_ids($topic_ids, TOPICS_TABLE, 'topic_id', 'm_')))
 	{

phpBB/includes/mcp/mcp_front.php

@@ -13,10 +13,10 @@
 */
 function mcp_front_view($id, $mode, $action)
 {
-	global $SID, $phpEx, $phpbb_root_path, $config;
+	global $phpEx, $phpbb_root_path, $config;
 	global $template, $db, $user, $auth;
 
-	$url = "{$phpbb_root_path}mcp.$phpEx$SID" . extra_url();
+	$url = append_sid("{$phpbb_root_path}mcp.$phpEx?" . extra_url());
 
 	// Latest 5 unapproved
 	$forum_list = get_forum_list('m_approve');
@@ -76,9 +76,9 @@ function mcp_front_view($id, $mode, $action)
 					'U_POST_DETAILS'=> $url . '&i=main&mode=post_details&p=' . $row['post_id'],
 					'U_MCP_FORUM'	=> ($row['forum_id']) ? $url . '&i=main&mode=forum_view&f=' . $row['forum_id'] : '',
 					'U_MCP_TOPIC'	=> $url . '&i=main&mode=topic_view&t=' . $row['topic_id'],
-					'U_FORUM'		=> ($row['forum_id']) ? "{$phpbb_root_path}viewforum.$phpEx$SID&f=" . $row['forum_id'] : '',
+					'U_FORUM'		=> ($row['forum_id']) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $row['forum_id']) : '',
-					'U_TOPIC'		=> $phpbb_root_path . "{$phpbb_root_path}viewtopic.$phpEx$SID&f=" . (($row['forum_id']) ? $row['forum_id'] : $forum_id) . '&t=' . $row['topic_id'],
+					'U_TOPIC'		=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . (($row['forum_id']) ? $row['forum_id'] : $forum_id) . '&t=' . $row['topic_id']),
-					'U_AUTHOR'		=> ($row['poster_id'] == ANONYMOUS) ? '' : "{$phpbb_root_path}memberlist.$phpEx$SID&mode=viewprofile&u=" . $row['poster_id'],
+					'U_AUTHOR'		=> ($row['poster_id'] == ANONYMOUS) ? '' : append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $row['poster_id']),
 
 					'FORUM_NAME'	=> ($row['forum_id']) ? $forum_names[$row['forum_id']] : $user->lang['GLOBAL_ANNOUNCEMENT'],
 					'TOPIC_TITLE'	=> $row['topic_title'],
@@ -159,9 +159,9 @@ function mcp_front_view($id, $mode, $action)
 					'U_POST_DETAILS'=> $url . '&p=' . $row['post_id'] . "&i=reports&mode=report_details",
 					'U_MCP_FORUM'	=> ($row['forum_id']) ? $url . '&f=' . $row['forum_id'] . "&i=$id&mode=forum_view" : '',
 					'U_MCP_TOPIC'	=> $url . '&t=' . $row['topic_id'] . "&i=$id&mode=topic_view",
-					'U_FORUM'		=> ($row['forum_id']) ? "{$phpbb_root_path}viewforum.$phpEx$SID&f=" . $row['forum_id'] : '',
+					'U_FORUM'		=> ($row['forum_id']) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $row['forum_id']) : '',
-					'U_TOPIC'		=> "{$phpbb_root_path}viewtopic.$phpEx$SID&f=" . $row['forum_id'] . '&t=' . $row['topic_id'],
+					'U_TOPIC'		=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $row['forum_id'] . '&t=' . $row['topic_id']),
-					'U_REPORTER'	=> ($row['user_id'] == ANONYMOUS) ? '' : "{$phpbb_root_path}memberlist.$phpEx$SID&mode=viewprofile&u=" . $row['user_id'],
+					'U_REPORTER'	=> ($row['user_id'] == ANONYMOUS) ? '' : append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $row['user_id']),
 
 					'FORUM_NAME'	=> ($row['forum_id']) ? $row['forum_name'] : $user->lang['POST_GLOBAL'],
 					'TOPIC_TITLE'	=> $row['topic_title'],

phpBB/includes/mcp/mcp_logs.php

@@ -26,7 +26,7 @@ class mcp_logs
 	function main($id, $mode)
 	{
 		global $auth, $db, $user, $template;
-		global $config, $phpbb_root_path, $phpEx, $SID;
+		global $config, $phpbb_root_path, $phpEx;
 
 		$user->add_lang('acp/common');
 

phpBB/includes/mcp/mcp_main.php

@@ -15,8 +15,8 @@
 */
 class mcp_main
 {
-
 	var $p_master;
+	var $u_action;
 
 	function mcp_main(&$p_master)
 	{
@@ -26,7 +26,7 @@ class mcp_main
 	function main($id, $mode)
 	{
 		global $auth, $db, $user, $template, $action;
-		global $config, $phpbb_root_path, $phpEx, $SID;
+		global $config, $phpbb_root_path, $phpEx;
 
 		$quickmod = ($mode == 'quickmod') ? true : false;
 
@@ -175,14 +175,7 @@ class mcp_main
 
 				mcp_post_details($id, $mode, $action);
 
-				if ($action == 'whois')
+				$this->tpl_name = ($action == 'whois') ? 'mcp_whois' : 'mcp_post';
-				{
-					$this->tpl_name = 'mcp_whois';
-				}
-				else
-				{
-					$this->tpl_name = 'mcp_post';
-				}
 				$this->page_title = 'MCP_MAIN_POST_DETAILS';
 			break;
 
@@ -197,7 +190,7 @@ class mcp_main
 */
 function lock_unlock($action, $ids)
 {
-	global $auth, $user, $db, $SID, $phpEx, $phpbb_root_path;
+	global $auth, $user, $db, $phpEx, $phpbb_root_path;
 
 	if ($action == 'lock' || $action == 'unlock')
 	{
@@ -268,7 +261,7 @@ function lock_unlock($action, $ids)
 */
 function change_topic_type($action, $topic_ids)
 {
-	global $auth, $user, $db, $SID, $phpEx, $phpbb_root_path;
+	global $auth, $user, $db, $phpEx, $phpbb_root_path;
 
 	if (!($forum_id = check_ids($topic_ids, TOPICS_TABLE, 'topic_id', array('f_announce', 'f_sticky', 'm_'))))
 	{
@@ -374,7 +367,7 @@ function change_topic_type($action, $topic_ids)
 function mcp_move_topic($topic_ids)
 {
 	global $auth, $user, $db, $template;
-	global $SID, $phpEx, $phpbb_root_path;
+	global $phpEx, $phpbb_root_path;
 
 	if (!($forum_id = check_ids($topic_ids, TOPICS_TABLE, 'topic_id', 'm_move')))
 	{
@@ -508,8 +501,8 @@ function mcp_move_topic($topic_ids)
 
 		$message = $user->lang[$success_msg];
 		$message .= '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a>');
-		$message .= '<br /><br />' . sprintf($user->lang['RETURN_FORUM'], "<a href=\"{$phpbb_root_path}viewforum.$phpEx$SID&amp;f=$forum_id\">", '</a>');
+		$message .= '<br /><br />' . sprintf($user->lang['RETURN_FORUM'], '<a href="' . append_sid("{$phpbb_root_path}viewforum.$phpEx", "f=$forum_id") . '">', '</a>');
-		$message .= '<br /><br />' . sprintf($user->lang['RETURN_NEW_FORUM'], "<a href=\"{$phpbb_root_path}viewforum.$phpEx$SID&amp;f=$to_forum_id\">", '</a>');
+		$message .= '<br /><br />' . sprintf($user->lang['RETURN_NEW_FORUM'], '<a href="' . append_sid("{$phpbb_root_path}viewforum.$phpEx", "f=$to_forum_id") . '">', '</a>');
 
 		trigger_error($message);
 	}
@@ -520,7 +513,7 @@ function mcp_move_topic($topic_ids)
 */
 function mcp_delete_topic($topic_ids)
 {
-	global $auth, $user, $db, $SID, $phpEx, $phpbb_root_path;
+	global $auth, $user, $db, $phpEx, $phpbb_root_path;
 
 	if (!($forum_id = check_ids($topic_ids, TOPICS_TABLE, 'topic_id', 'm_delete')))
 	{
@@ -566,8 +559,9 @@ function mcp_delete_topic($topic_ids)
 	}
 	else
 	{
-		meta_refresh(3, "viewforum.$phpEx$SID&amp;f=$forum_id");
+		$redirect_url = append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_id);
-		trigger_error($user->lang[$success_msg] . '<br /><br />' . sprintf($user->lang['RETURN_FORUM'], '<a href="viewforum.' . $phpEx . $SID . '&amp;f=' . $forum_id . '">', '</a>'));
+		meta_refresh(3, $redirect_url);
+		trigger_error($user->lang[$success_msg] . '<br /><br />' . sprintf($user->lang['RETURN_FORUM'], '<a href="' . $redirect_url . '">', '</a>'));
 	}
 }
 
@@ -576,7 +570,7 @@ function mcp_delete_topic($topic_ids)
 */
 function mcp_delete_post($post_ids)
 {
-	global $auth, $user, $db, $SID, $phpEx, $phpbb_root_path;
+	global $auth, $user, $db, $phpEx, $phpbb_root_path;
 
 	if (!($forum_id = check_ids($post_ids, POSTS_TABLE, 'post_id', 'm_delete')))
 	{
@@ -641,9 +635,9 @@ function mcp_delete_post($post_ids)
 		$return_link = array();
 		if ($affected_topics == 1 && !$deleted_topics && $topic_id)
 		{
-			$return_link[] = sprintf($user->lang['RETURN_TOPIC'], "<a href=\"viewtopic.$phpEx$SID&amp;f=$forum_id&amp;t=$topic_id\">", '</a>');
+			$return_link[] = sprintf($user->lang['RETURN_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$forum_id&amp;t=$topic_id") . '">', '</a>');
 		}
-		$return_link[] = sprintf($user->lang['RETURN_FORUM'], "<a href=\"viewforum.$phpEx$SID&amp;f=$forum_id\">", '</a>');
+		$return_link[] = sprintf($user->lang['RETURN_FORUM'], '<a href="' . append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_id) . '">', '</a>');
 
 		if (sizeof($post_ids) == 1)
 		{
@@ -696,7 +690,7 @@ function mcp_delete_post($post_ids)
 function mcp_fork_topic($topic_ids)
 {
 	global $auth, $user, $db, $template, $config;
-	global $SID, $phpEx, $phpbb_root_path;
+	global $phpEx, $phpbb_root_path;
 
 	if (!($forum_id = check_ids($topic_ids, TOPICS_TABLE, 'topic_id', 'm_')))
 	{
@@ -927,12 +921,13 @@ function mcp_fork_topic($topic_ids)
 	}
 	else
 	{
-		meta_refresh(3, "viewforum.$phpEx$SID&amp;f=$forum_id");
+		$redirect_url = append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_id);
-		$return_link = sprintf($user->lang['RETURN_FORUM'], '<a href="viewforum.' . $phpEx . $SID . '&amp;f=' . $forum_id . '">', '</a>');
+		meta_refresh(3, $redirect_url);
+		$return_link = sprintf($user->lang['RETURN_FORUM'], '<a href="' . $redirect_url . '">', '</a>');
 
 		if ($forum_id != $to_forum_id)
 		{
-			$return_link .= '<br /><br />' . sprintf($user->lang['RETURN_NEW_FORUM'], '<a href="viewforum.' . $phpEx . $SID . '&amp;f=' . $to_forum_id . '">', '</a>');
+			$return_link .= '<br /><br />' . sprintf($user->lang['RETURN_NEW_FORUM'], '<a href="' . append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $to_forum_id) . '">', '</a>');
 		}
 
 		trigger_error($user->lang[$success_msg] . '<br /><br />' . $return_link);

phpBB/includes/mcp/mcp_notes.php

@@ -15,8 +15,8 @@
 */
 class mcp_notes
 {
-
 	var $p_master;
+	var $u_action;
 
 	function mcp_main(&$p_master)
 	{
@@ -26,7 +26,7 @@ class mcp_notes
 	function main($id, $mode)
 	{
 		global $auth, $db, $user, $template;
-		global $config, $phpbb_root_path, $phpEx, $SID;
+		global $config, $phpbb_root_path, $phpEx;
 
 		$action = request_var('action', array('' => ''));
 
@@ -41,10 +41,10 @@ class mcp_notes
 		{
 			case 'front':
 				$template->assign_vars(array(
-					'L_TITLE'			=> $user->lang['MCP_NOTES'],
+					'U_FIND_MEMBER'		=> append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=mcp&field=username'),
-					'U_FIND_MEMBER'		=> "memberlist.$phpEx$SID&mode=searchuser&form=mcp&field=username",
+					'U_POST_ACTION'		=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=notes&mode=user_notes'),
-					'U_POST_ACTION'		=> "mcp.$phpEx$SID&i=notes&mode=user_notes",
+
-					)
+					'L_TITLE'			=> $user->lang['MCP_NOTES'])
 				);
 
 				$this->tpl_name = 'mcp_notes_front';
@@ -53,20 +53,18 @@ class mcp_notes
 			case 'user_notes':
 				$user->add_lang('acp/common');
 
-				mcp_notes_user_view($id, $mode, $action);
+				$this->mcp_notes_user_view($action);
 				$this->tpl_name = 'mcp_notes_user';
 			break;
 		}
 	}
-}
 
-//
+	/**
-// Functions
+	* Display user notes
-//
+	*/
-
+	function mcp_notes_user_view($action)
-function mcp_notes_user_view($id, $mode, $action)
 	{
-	global $SID, $phpEx, $phpbb_root_path, $config;
+		global $phpEx, $phpbb_root_path, $config;
 		global $template, $db, $user, $auth;
 
 		$user_id = request_var('u', 0);
@@ -78,14 +76,17 @@ function mcp_notes_user_view($id, $mode, $action)
 
 		$sql_where = ($user_id) ? "user_id = $user_id" : "username = '" . $db->sql_escape($username) . "'";
 
-	$sql = 'SELECT * FROM ' . USERS_TABLE . " WHERE $sql_where";
+		$sql = 'SELECT *
+			FROM ' . USERS_TABLE . "
+			WHERE $sql_where";
 		$result = $db->sql_query($sql);
+		$userrow = $db->sql_fetchrow($result);
+		$db->sql_freeresult($result);
 
-	if (!$userrow = $db->sql_fetchrow($result))
+		if (!$userrow)
 		{
 			trigger_error($user->lang['NO_USER']);
 		}
-	$db->sql_freeresult($result);
 
 		$user_id = $userrow['user_id'];
 
@@ -120,8 +121,8 @@ function mcp_notes_user_view($id, $mode, $action)
 				add_log('admin', 'LOG_CLEAR_USER', $userrow['username']);
 
 				$msg = ($deletemark) ? 'MARKED_NOTES_DELETED' : 'ALL_NOTES_DELETED';
-			$redirect = "mcp.$phpEx$SID&i=$id&mode=$mode&u=$user_id";
+				$redirect = $this->u_action . '&u=' . $user_id;
-			meta_refresh(2, $redirect);
+				meta_refresh(3, $redirect);
 				trigger_error($user->lang[$msg] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a>'));
 			}
 		}
@@ -131,8 +132,8 @@ function mcp_notes_user_view($id, $mode, $action)
 			add_log('admin', 'LOG_USER_FEEDBACK', $userrow['username']);
 			add_log('user', $user_id, 'LOG_USER_GENERAL', $usernote);
 
-		$redirect = "mcp.$phpEx$SID&amp;i=$id&amp;mode=$mode&amp;u=$user_id";
+			$redirect = $this->u_action . '&amp;u=' . $user_id;
-		meta_refresh(2, $redirect);
+			meta_refresh(3, $redirect);
 			trigger_error($user->lang['USER_FEEDBACK_ADDED'] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a>'));
 		}
 
@@ -148,13 +149,14 @@ function mcp_notes_user_view($id, $mode, $action)
 				case AVATAR_UPLOAD:
 					$avatar_img = $config['avatar_path'] . '/';
 				break;
+
 				case AVATAR_GALLERY:
 					$avatar_img = $config['avatar_gallery_path'] . '/';
 				break;
 			}
 			$avatar_img .= $userrow['user_avatar'];
 
-		$avatar_img = '<img src="' . $avatar_img . '" width="' . $userrow['user_avatar_width'] . '" height="' . $userrow['user_avatar_height'] . '" border="0" alt="" />';
+			$avatar_img = '<img src="' . $avatar_img . '" width="' . $userrow['user_avatar_width'] . '" height="' . $userrow['user_avatar_height'] . '" alt="" />';
 		}
 		else
 		{
@@ -192,15 +194,16 @@ function mcp_notes_user_view($id, $mode, $action)
 		}
 
 		$template->assign_vars(array(
-		'U_POST_ACTION'		=> "mcp.$phpEx$SID&amp;i=$id&amp;mode=$mode&amp;u=$user_id",
+			'U_POST_ACTION'			=> $this->u_action . '&amp;u=' . $user_id,
 			'S_CLEAR_ALLOWED'		=> ($auth->acl_get('a_clearlogs')) ? true : false,
 			'S_SELECT_SORT_DIR'		=> $s_sort_dir,
 			'S_SELECT_SORT_KEY'		=> $s_sort_key,
 			'S_SELECT_SORT_DAYS'	=> $s_limit_days,
 
 			'L_TITLE'			=> $user->lang['MCP_NOTES_USER'],
+
 			'PAGE_NUMBER'		=> on_page($log_count, $config['posts_per_page'], $start),
-		'PAGINATION'		=> generate_pagination("mcp.$phpEx$SID&amp;i=$id&amp;mode=$mode&amp;u=$user_id&amp;st=$st&amp;sk=$sk&amp;sd=$sd", $log_count, $config['posts_per_page'], $start),
+			'PAGINATION'		=> generate_pagination($this->u_action . "&amp;u=$user_id&amp;st=$st&amp;sk=$sk&amp;sd=$sd", $log_count, $config['posts_per_page'], $start),
 			'TOTAL_REPORTS'		=> ($log_count == 1) ? $user->lang['LIST_REPORT'] : sprintf($user->lang['LIST_REPORTS'], $log_count),
 
 			'USERNAME'			=> $userrow['username'],
@@ -214,6 +217,7 @@ function mcp_notes_user_view($id, $mode, $action)
 			'RANK_IMG'			=> $rank_img,
 			)
 		);
+	}
 
 }
 

phpBB/includes/mcp/mcp_post.php

@@ -13,7 +13,7 @@
 */
 function mcp_post_details($id, $mode, $action)
 {
-	global $SID, $phpEx, $phpbb_root_path, $config;
+	global $phpEx, $phpbb_root_path, $config;
 	global $template, $db, $user, $auth;
 
 	$user->add_lang('posting');
@@ -30,7 +30,7 @@ function mcp_post_details($id, $mode, $action)
 	}
 
 	$post_info = $post_info[$post_id];
-	$url = "{$phpbb_root_path}mcp.$phpEx$SID" . extra_url();
+	$url = append_sid("{$phpbb_root_path}mcp.$phpEx?" . extra_url());
 
 	switch ($action)
 	{
@@ -45,7 +45,7 @@ function mcp_post_details($id, $mode, $action)
 			$whois = preg_replace('#(\s)(http:/{2}[^\s]*)(\s)#', '\1<a href="\2" target="_blank">\2</a>\3', $whois);
 			
 			$template->assign_vars(array(
-				'RETURN_POST'	=> sprintf($user->lang['RETURN_POST'], "<a href=\"{$phpbb_root_path}mcp.$phpEx$SID&amp;i=$id&amp;mode=$mode&amp;p=$post_id\">", '</a>'),
+				'RETURN_POST'	=> sprintf($user->lang['RETURN_POST'], '<a href="' . append_sid("{$phpbb_root_path}mcp.$phpEx", "i=$id&amp;mode=$mode&amp;p=$post_id") . '">', '</a>'),
 				'WHOIS'			=> trim($whois))
 			);
 
@@ -101,7 +101,7 @@ function mcp_post_details($id, $mode, $action)
 	$template->assign_vars(array(
 		'U_MCP_ACTION'			=> "$url&amp;i=main&amp;quickmod=1", // Use this for mode paramaters
 		'U_POST_ACTION'			=> "$url&amp;i=$id&amp;mode=post_details", // Use this for action parameters
-		'U_APPROVE_ACTION'		=> "{$phpbb_root_path}mcp.$phpEx$SID&amp;i=queue&amp;p=$post_id",
+		'U_APPROVE_ACTION'		=> append_sid("{$phpbb_root_path}mcp.$phpEx", "i=queue&amp;p=$post_id"),
 
 		'S_CAN_VIEWIP'			=> $auth->acl_get('m_info', $post_info['forum_id']),
 		'S_CAN_CHGPOSTER'		=> $auth->acl_get('m_chgposter', $post_info['forum_id']),
@@ -114,14 +114,14 @@ function mcp_post_details($id, $mode, $action)
 		'S_USER_NOTES'			=> true,
 		'S_CLEAR_ALLOWED'		=> ($auth->acl_get('a_clearlogs')) ? true : false,
 
-		'U_FIND_MEMBER'			=> "{$phpbb_root_path}memberlist.$phpEx$SID&amp;mode=searchuser&amp;form=mcp_chgposter&amp;field=username",
+		'U_FIND_MEMBER'			=> append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&amp;form=mcp_chgposter&amp;field=username'),
-		'U_VIEW_PROFILE'		=> "{$phpbb_root_path}memberlist.$phpEx$SID&amp;mode=viewprofile&amp;u=" . $post_info['user_id'],
+		'U_VIEW_PROFILE'		=> append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&amp;u=' . $post_info['user_id']),
-		'U_MCP_USER_NOTES'		=> ($auth->acl_gets('m_', 'a_')) ? "{$phpbb_root_path}mcp.$phpEx$SID&amp;i=notes&amp;mode=user_notes&amp;u=" . $post_info['user_id'] : '',
+		'U_MCP_USER_NOTES'		=> ($auth->acl_gets('m_', 'a_')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=notes&amp;mode=user_notes&amp;u=' . $post_info['user_id']) : '',
-		'U_MCP_WARN_USER'		=> "{$phpbb_root_path}mcp.$phpEx$SID&amp;i=warn&amp;mode=warn_user&amp;u=" . $post_info['user_id'],
+		'U_MCP_WARN_USER'		=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=warn&amp;mode=warn_user&amp;u=' . $post_info['user_id']),
-		'U_EDIT'				=> ($auth->acl_get('m_edit', $post_info['forum_id'])) ? "{$phpbb_root_path}posting.$phpEx$SID&amp;mode=edit&amp;f={$post_info['forum_id']}&amp;p={$post_info['post_id']}" : '',
+		'U_EDIT'				=> ($auth->acl_get('m_edit', $post_info['forum_id'])) ? append_sid("{$phpbb_root_path}posting.$phpEx", "mode=edit&amp;f={$post_info['forum_id']}&amp;p={$post_info['post_id']}") : '',
 
-		'RETURN_TOPIC'			=> sprintf($user->lang['RETURN_TOPIC'], "<a href=\"{$phpbb_root_path}viewtopic.$phpEx$SID&amp;p=$post_id#p$post_id\">", '</a>'),
+		'RETURN_TOPIC'			=> sprintf($user->lang['RETURN_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", "p=$post_id") . "#p$post_id\">", '</a>'),
-		'RETURN_FORUM'			=> sprintf($user->lang['RETURN_FORUM'], "<a href=\"{$phpbb_root_path}viewforum.$phpEx$SID&amp;f={$post_info['forum_id']}&amp;start={$start}\">", '</a>'),
+		'RETURN_FORUM'			=> sprintf($user->lang['RETURN_FORUM'], '<a href="' . append_sid("{$phpbb_root_path}viewforum.$phpEx", "f={$post_info['forum_id']}&amp;start={$start}") . '">', '</a>'),
 		'REPORTED_IMG'			=> $user->img('icon_reported', $user->lang['POST_REPORTED']),
 		'UNAPPROVED_IMG'		=> $user->img('icon_unapproved', $user->lang['POST_UNAPPROVED']),
 		'EDIT_IMG'				=> $user->img('btn_edit', $user->lang['EDIT_POST']),
@@ -184,7 +184,7 @@ function mcp_post_details($id, $mode, $action)
 					'REASON_TITLE'	=> $row['reason_title'],
 					'REASON_DESC'	=> $row['reason_description'],
 					'REPORTER'		=> ($row['user_id'] != ANONYMOUS) ? $row['username'] : $user->lang['GUEST'],
-					'U_REPORTER'	=> ($row['user_id'] != ANONYMOUS) ? "{$phpbb_root_path}memberlist.$phpEx$SID&amp;mode=viewprofile&amp;u={$row['user_id']}" : '',
+					'U_REPORTER'	=> ($row['user_id'] != ANONYMOUS) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&amp;u=' . $row['user_id']) : '',
 					'USER_NOTIFY'	=> ($row['user_notify']) ? true : false,
 					'REPORT_TIME'	=> $user->format_date($row['report_time']),
 					'REPORT_TEXT'	=> str_replace("\n", '<br />', trim($row['report_text'])))
@@ -249,8 +249,8 @@ function mcp_post_details($id, $mode, $action)
 				'NUM_POSTS'		=> $row['postings'],
 				'L_POST_S'		=> ($row['postings'] == 1) ? $user->lang['POST'] : $user->lang['POSTS'],
 
-				'U_PROFILE'		=> ($row['user_id'] == ANONYMOUS) ? '' : "{$phpbb_root_path}memberlist.$phpEx$SID&amp;mode=viewprofile&amp;u=" . $row['user_id'],
+				'U_PROFILE'		=> ($row['user_id'] == ANONYMOUS) ? '' : append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&amp;u=' . $row['user_id']),
-				'U_SEARCHPOSTS' => "{$phpbb_root_path}search.$phpEx$SID&amp;author=" . urlencode($row['username']) . "&amp;sr=topics")
+				'U_SEARCHPOSTS' => append_sid("{$phpbb_root_path}search.$phpEx", 'author=' . urlencode($row['username']) . '&amp;sr=topics'))
 			);
 		}
 		$db->sql_freeresult($result);
@@ -290,7 +290,7 @@ function mcp_post_details($id, $mode, $action)
 				'L_POST_S'		=> ($row['postings'] == 1) ? $user->lang['POST'] : $user->lang['POSTS'],
 
 				'U_LOOKUP_IP'	=> ($rdns_ip_num == $row['poster_ip'] || $rdns_ip_num == 'all') ? '' : "$url&amp;i=$id&amp;mode=post_details&amp;rdns={$row['poster_ip']}#ip",
-				'U_WHOIS'		=> "{$phpbb_root_path}mcp.$phpEx$SID&amp;i=$id&amp;mode=$mode&amp;action=whois&amp;p=$post_id&amp;ip={$row['poster_ip']}")
+				'U_WHOIS'		=> append_sid("{$phpbb_root_path}mcp.$phpEx", "i=$id&amp;mode=$mode&amp;action=whois&amp;p=$post_id&amp;ip={$row['poster_ip']}"))
 			);
 		}
 		$db->sql_freeresult($result);

phpBB/includes/mcp/mcp_queue.php

@@ -15,8 +15,8 @@
 */
 class mcp_queue
 {
-
 	var $p_master;
+	var $u_action;
 
 	function mcp_main(&$p_master)
 	{
@@ -26,7 +26,7 @@ class mcp_queue
 	function main($id, $mode)
 	{
 		global $auth, $db, $user, $template;
-		global $config, $phpbb_root_path, $phpEx, $SID, $action;
+		global $config, $phpbb_root_path, $phpEx, $action;
 
 		include_once($phpbb_root_path . 'includes/functions_posting.' . $phpEx);
 
@@ -112,19 +112,19 @@ class mcp_queue
 
 				$template->assign_vars(array(
 					'S_MCP_QUEUE'			=> true,
-					'S_APPROVE_ACTION'		=> "{$phpbb_root_path}mcp.$phpEx$SID&i=queue&p=$post_id&f=$forum_id",
+					'S_APPROVE_ACTION'		=> append_sid("{$phpbb_root_path}mcp.$phpEx", "i=queue&p=$post_id&f=$forum_id"),
 					'S_CAN_VIEWIP'			=> $auth->acl_get('m_info', $post_info['forum_id']),
 					'S_POST_REPORTED'		=> $post_info['post_reported'],
 					'S_POST_UNAPPROVED'		=> !$post_info['post_approved'],
 					'S_POST_LOCKED'			=> $post_info['post_edit_locked'],
 					'S_USER_NOTES'			=> $auth->acl_gets('m_', 'a_') ? true : false,
 
-					'U_VIEW_PROFILE'		=> ($post_info['user_id'] != ANONYMOUS) ? "{$phpbb_root_path}memberlist.$phpEx$SID&mode=viewprofile&u=" . $post_info['user_id'] : '',
+					'U_VIEW_PROFILE'		=> ($post_info['user_id'] != ANONYMOUS) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $post_info['user_id']) : '',
-					'U_MCP_USER_NOTES'		=> "{$phpbb_root_path}mcp.$phpEx$SID&i=notes&mode=user_notes&u=" . $post_info['user_id'],
+					'U_MCP_USER_NOTES'		=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=notes&mode=user_notes&u=' . $post_info['user_id']),
-					'U_MCP_WARN_USER'		=> "{$phpbb_root_path}mcp.$phpEx$SID&i=warn&mode=warn_user&u=" . $post_info['user_id'],
+					'U_MCP_WARN_USER'		=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=warn&mode=warn_user&u=' . $post_info['user_id']),
-					'U_EDIT'				=> ($auth->acl_get('m_edit', $post_info['forum_id'])) ? "{$phpbb_root_path}posting.$phpEx$SID&mode=edit&f={$post_info['forum_id']}&p={$post_info['post_id']}" : '',
+					'U_EDIT'				=> ($auth->acl_get('m_edit', $post_info['forum_id'])) ? append_sid("{$phpbb_root_path}posting.$phpEx", "mode=edit&f={$post_info['forum_id']}&p={$post_info['post_id']}") : '',
 
-					'RETURN_QUEUE'			=> sprintf($user->lang['RETURN_QUEUE'], "<a href=\"{$phpbb_root_path}mcp.$phpEx$SID&amp;i=queue" . (($topic_id) ? '&amp;mode=unapproved_topics' : '&amp;mode=unapproved_posts') . "&amp;start=$start\">", '</a>'),
+					'RETURN_QUEUE'			=> sprintf($user->lang['RETURN_QUEUE'], '<a href="' . append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue' . (($topic_id) ? '&amp;mode=unapproved_topics' : '&amp;mode=unapproved_posts')) . "&amp;start=$start\">", '</a>'),
 					'REPORTED_IMG'			=> $user->img('icon_reported', $user->lang['POST_REPORTED']),
 					'UNAPPROVED_IMG'		=> $user->img('icon_unapproved', $user->lang['POST_UNAPPROVED']),
 					'EDIT_IMG'				=> $user->img('btn_edit', $user->lang['EDIT_POST']),
@@ -293,12 +293,12 @@ class mcp_queue
 					$s_checkbox = '<input type="checkbox" name="post_id_list[]" value="' . $row['post_id'] . '" />';
 
 					$template->assign_block_vars('postrow', array(
-						'U_VIEWFORUM'	=> "{$phpbb_root_path}viewforum.$phpEx$SID&amp;f=" . $row['forum_id'],
+						'U_VIEWFORUM'	=> append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $row['forum_id']),
 						// Q: Why accessing the topic by a post_id instead of its topic_id?
 						// A: To prevent the post from being hidden because of wrong encoding or different charset
-						'U_VIEWTOPIC'	=> "{$phpbb_root_path}viewtopic.$phpEx$SID&amp;f=" . $row['forum_id'] . '&amp;p=' . $row['post_id'] . (($mode == 'unapproved_posts') ? '#p' . $row['post_id'] : ''),
+						'U_VIEWTOPIC'	=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $row['forum_id'] . '&amp;p=' . $row['post_id']) . (($mode == 'unapproved_posts') ? '#p' . $row['post_id'] : ''),
-						'U_VIEW_DETAILS'=> "{$phpbb_root_path}mcp.$phpEx$SID&amp;i=queue&amp;start=$start&amp;mode=approve_details&amp;f={$forum_id}&amp;p={$row['post_id']}" . (($mode == 'unapproved_topics') ? "&amp;t={$row['topic_id']}" : '' ),
+						'U_VIEW_DETAILS'=> append_sid("{$phpbb_root_path}mcp.$phpEx", "i=queue&amp;start=$start&amp;mode=approve_details&amp;f={$forum_id}&amp;p={$row['post_id']}" . (($mode == 'unapproved_topics') ? "&amp;t={$row['topic_id']}" : '')),
-						'U_VIEWPROFILE'	=> ($row['poster_id'] != ANONYMOUS) ? "{$phpbb_root_path}memberlist.$phpEx$SID&amp;mode=viewprofile&amp;u={$row['poster_id']}" : '',
+						'U_VIEWPROFILE'	=> ($row['poster_id'] != ANONYMOUS) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&amp;u=' . $row['poster_id']) : '',
 
 						'FORUM_NAME'	=> $row['forum_name'],
 						'TOPIC_TITLE'	=> $row['topic_title'],
@@ -319,7 +319,7 @@ class mcp_queue
 					'S_FORUM_OPTIONS'		=> $forum_options,
 					'S_MCP_ACTION'			=> build_url(array('t', 'f', 'sd', 'st', 'sk')),
 
-					'PAGINATION'			=> generate_pagination("{$phpbb_root_path}mcp.$phpEx$SID&amp;i=$id&amp;mode=$mode&amp;f=$forum_id", $total, $config['topics_per_page'], $start),
+					'PAGINATION'			=> generate_pagination($this->u_action . "&amp;f=$forum_id", $total, $config['topics_per_page'], $start),
 					'PAGE_NUMBER'			=> on_page($total, $config['topics_per_page'], $start),
 					'TOPIC_ID'				=> $topic_id,
 					'TOTAL'					=> $total)
@@ -335,7 +335,7 @@ class mcp_queue
 function approve_post($post_id_list, $mode)
 {
 	global $db, $template, $user, $config;
-	global $phpEx, $phpbb_root_path, $SID;
+	global $phpEx, $phpbb_root_path;
 
 	if (!($forum_id = check_ids($post_id_list, POSTS_TABLE, 'post_id', 'm_approve')))
 	{
@@ -551,7 +551,7 @@ function approve_post($post_id_list, $mode)
 function disapprove_post($post_id_list, $mode)
 {
 	global $db, $template, $user, $config;
-	global $phpEx, $phpbb_root_path, $SID;
+	global $phpEx, $phpbb_root_path;
 
 	if (!($forum_id = check_ids($post_id_list, POSTS_TABLE, 'post_id', 'm_approve')))
 	{

phpBB/includes/mcp/mcp_reports.php

@@ -15,8 +15,8 @@
 */
 class mcp_reports
 {
-
 	var $p_master;
+	var $u_action;
 
 	function mcp_main(&$p_master)
 	{
@@ -26,7 +26,7 @@ class mcp_reports
 	function main($id, $mode)
 	{
 		global $auth, $db, $user, $template;
-		global $config, $phpbb_root_path, $phpEx, $SID, $action;
+		global $config, $phpbb_root_path, $phpEx, $action;
 
 		include_once($phpbb_root_path . 'includes/functions_posting.' . $phpEx);
 
@@ -119,24 +119,24 @@ class mcp_reports
 
 				$template->assign_vars(array(
 					'S_MCP_REPORT'			=> true,
-					'S_CLOSE_ACTION'		=> "{$phpbb_root_path}mcp.$phpEx$SID&i=reports&p=$post_id&f=$forum_id",
+					'S_CLOSE_ACTION'		=> append_sid("{$phpbb_root_path}mcp.$phpEx", "i=reports&p=$post_id&f=$forum_id"),
 					'S_CAN_VIEWIP'			=> $auth->acl_get('m_info', $post_info['forum_id']),
 					'S_POST_REPORTED'		=> $post_info['post_reported'],
 					'S_POST_UNAPPROVED'		=> !$post_info['post_approved'],
 					'S_POST_LOCKED'			=> $post_info['post_edit_locked'],
 					'S_USER_NOTES'			=> $auth->acl_gets('m_', 'a_') ? true : false,
 
-					'U_VIEW_PROFILE'		=> ($post_info['user_id'] != ANONYMOUS) ? "{$phpbb_root_path}memberlist.$phpEx$SID&mode=viewprofile&u=" . $post_info['user_id'] : '',
+					'U_VIEW_PROFILE'		=> ($post_info['user_id'] != ANONYMOUS) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $post_info['user_id']) : '',
-					'U_MCP_USER_NOTES'		=> "{$phpbb_root_path}mcp.$phpEx$SID&i=notes&mode=user_notes&u=" . $post_info['user_id'],
+					'U_MCP_USER_NOTES'		=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=notes&mode=user_notes&u=' . $post_info['user_id']),
-					'U_MCP_WARN_USER'		=> "{$phpbb_root_path}mcp.$phpEx$SID&i=warn&mode=warn_user&u=" . $post_info['user_id'],
+					'U_MCP_WARN_USER'		=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=warn&mode=warn_user&u=' . $post_info['user_id']),
-					'U_VIEW_REPORTER_PROFILE'	=> "{$phpbb_root_path}memberlist.$phpEx$SID&mode=viewprofile&u=" . $report['user_id'],
+					'U_VIEW_REPORTER_PROFILE'	=> append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $report['user_id']),
-					'U_MCP_REPORTER_NOTES'	=> "{$phpbb_root_path}mcp.$phpEx$SID&i=notes&mode=user_notes&u=" . $report['user_id'],
+					'U_MCP_REPORTER_NOTES'	=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=notes&mode=user_notes&u=' . $report['user_id']),
-					'U_MCP_WARN_REPORTER'	=> "{$phpbb_root_path}mcp.$phpEx$SID&i=warn&mode=warn_user&u=" . $report['user_id'],
+					'U_MCP_WARN_REPORTER'	=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=warn&mode=warn_user&u=' . $report['user_id']),
-					'U_EDIT'				=> ($auth->acl_get('m_edit', $post_info['forum_id'])) ? "{$phpbb_root_path}posting.$phpEx$SID&mode=edit&f={$post_info['forum_id']}&p={$post_info['post_id']}" : '',
+					'U_EDIT'				=> ($auth->acl_get('m_edit', $post_info['forum_id'])) ? append_sid("{$phpbb_root_path}posting.$phpEx", "mode=edit&f={$post_info['forum_id']}&p={$post_info['post_id']}") : '',
 
 					'EDIT_IMG'				=> $user->img('btn_edit', $user->lang['EDIT_POST']),
 
-					'RETURN_REPORTS'		=> sprintf($user->lang['RETURN_REPORTS'], "<a href=\"{$phpbb_root_path}mcp.$phpEx$SID&amp;i=reports" . (($post_info['post_reported']) ? '&amp;mode=reports' : '&amp;mode=reports_closed') . "&amp;start=$start\">", '</a>'),
+					'RETURN_REPORTS'		=> sprintf($user->lang['RETURN_REPORTS'], '<a href="' . append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=reports' . (($post_info['post_reported']) ? '&amp;mode=reports' : '&amp;mode=reports_closed') . '&amp;start=' . $start) . '">', '</a>'),
 					'REPORTED_IMG'			=> $user->img('icon_reported', $user->lang['POST_REPORTED']),
 					'REPORT_REASON_TITLE'	=> $reason['title'],
 					'REPORT_REASON_DESCRIPTION'	=> $reason['description'],
@@ -292,13 +292,13 @@ class mcp_reports
 						$s_checkbox = '<input type="checkbox" name="post_id_list[]" value="' . $row['post_id'] . '" />';
 
 						$template->assign_block_vars('postrow', array(
-							'U_VIEWFORUM'				=> "{$phpbb_root_path}viewforum.$phpEx$SID&amp;f=" . $row['forum_id'],
+							'U_VIEWFORUM'				=> append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $row['forum_id']),
 							// Q: Why accessing the topic by a post_id instead of its topic_id?
 							// A: To prevent the post from being hidden because of wrong encoding or different charset
-							'U_VIEWTOPIC'				=> "{$phpbb_root_path}viewtopic.$phpEx$SID&amp;f=" . $row['forum_id'] . '&amp;p=' . $row['post_id'] . '#p' . $row['post_id'],
+							'U_VIEWTOPIC'				=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $row['forum_id'] . '&amp;p=' . $row['post_id']) . '#p' . $row['post_id'],
-							'U_VIEW_DETAILS'			=> "{$phpbb_root_path}mcp.$phpEx$SID&amp;i=reports&amp;start=$start&amp;mode=report_details&amp;f={$forum_id}&amp;p={$row['post_id']}",
+							'U_VIEW_DETAILS'			=> append_sid("{$phpbb_root_path}mcp.$phpEx", "i=reports&amp;start=$start&amp;mode=report_details&amp;f={$forum_id}&amp;p={$row['post_id']}"),
-							'U_VIEW_POSTER_PROFILE'		=> ($row['poster_id'] != ANONYMOUS) ? "{$phpbb_root_path}memberlist.$phpEx$SID&amp;mode=viewprofile&amp;u={$row['poster_id']}" : '',
+							'U_VIEW_POSTER_PROFILE'		=> ($row['poster_id'] != ANONYMOUS) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&amp;u=' . $row['poster_id']) : '',
-							'U_VIEW_REPORTER_PROFILE'	=> ($row['reporter_id'] != ANONYMOUS) ? "{$phpbb_root_path}memberlist.$phpEx$SID&amp;mode=viewprofile&amp;u={$row['reporter_id']}" : '',
+							'U_VIEW_REPORTER_PROFILE'	=> ($row['reporter_id'] != ANONYMOUS) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&amp;u=' . $row['reporter_id']) : '',
 
 							'S_CHECKBOX'	=> $s_checkbox,
 
@@ -324,7 +324,7 @@ class mcp_reports
 					'S_FORUM_OPTIONS'		=> $forum_options,
 					'S_CLOSED'				=> ($mode == 'reports_closed') ? true : false,
 
-					'PAGINATION'			=> generate_pagination("{$phpbb_root_path}mcp.$phpEx$SID&amp;i=$id&amp;mode=$mode&amp;f=$forum_id&amp;t=$topic_id", $total, $config['topics_per_page'], $start),
+					'PAGINATION'			=> generate_pagination($this->u_action . "&amp;f=$forum_id&amp;t=$topic_id", $total, $config['topics_per_page'], $start),
 					'PAGE_NUMBER'			=> on_page($total, $config['topics_per_page'], $start),
 					'TOPIC_ID'				=> $topic_id,
 					'TOTAL'					=> $total)
@@ -342,7 +342,7 @@ class mcp_reports
 function close_report($post_id_list, $mode, $action)
 {
 	global $db, $template, $user, $config;
-	global $phpEx, $phpbb_root_path, $SID;
+	global $phpEx, $phpbb_root_path;
 
 	if (!($forum_id = check_ids($post_id_list, POSTS_TABLE, 'post_id', 'm_report')))
 	{

phpBB/includes/mcp/mcp_topic.php

@@ -13,10 +13,10 @@
 */
 function mcp_topic_view($id, $mode, $action)
 {
-	global $SID, $phpEx, $phpbb_root_path, $config;
+	global $phpEx, $phpbb_root_path, $config;
 	global $template, $db, $user, $auth;
 
-	$url = "{$phpbb_root_path}mcp.$phpEx$SID" . extra_url();
+	$url = append_sid("{$phpbb_root_path}mcp.$phpEx?" . extra_url());
 
 	$user->add_lang('viewtopic');
 
@@ -132,7 +132,7 @@ function mcp_topic_view($id, $mode, $action)
 			'POST_SUBJECT'	=> $post_subject,
 			'MESSAGE'		=> $message,
 			'POST_ID'		=> $row['post_id'],
-			'RETURN_TOPIC'	=> sprintf($user->lang['RETURN_TOPIC'], "<a href=\"{$phpbb_root_path}viewtopic.$phpEx$SID&amp;t=$topic_id\">", '</a>'),
+			'RETURN_TOPIC'	=> sprintf($user->lang['RETURN_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", 't=' . $topic_id) . '">', '</a>'),
 
 			'MINI_POST_IMG'		=> ($row['post_time'] > $user->data['user_lastvisit'] && $user->data['is_registered']) ? $user->img('icon_post_new', $user->lang['NEW_POST']) : $user->img('icon_post', $user->lang['POST']),
 
@@ -141,8 +141,8 @@ function mcp_topic_view($id, $mode, $action)
 			'S_POST_UNAPPROVED'	=> ($row['post_approved']) ? false : true,
 
 			'U_POST_DETAILS'	=> "$url&amp;i=$id&amp;p={$row['post_id']}&amp;mode=post_details",
-			'U_MCP_APPROVE'		=> "{$phpbb_root_path}mcp.$phpEx$SID&amp;i=queue&amp;mode=unapproved_posts&amp;action=approve&amp;post_id_list[]=" . $row['post_id'],
+			'U_MCP_APPROVE'		=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue&amp;mode=unapproved_posts&amp;action=approve&amp;post_id_list[]=' . $row['post_id']),
-			'U_MCP_REPORT'		=> "{$phpbb_root_path}mcp.$phpEx$SID&amp;i=reports&amp;mode=report_details&amp;p=" . $row['post_id'])
+			'U_MCP_REPORT'		=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=reports&amp;mode=report_details&amp;p=' . $row['post_id']))
 		);
 
 		unset($rowset[$i]);
@@ -179,10 +179,10 @@ function mcp_topic_view($id, $mode, $action)
 
 	$template->assign_vars(array(
 		'TOPIC_TITLE'		=> $topic_info['topic_title'],
-		'U_VIEWTOPIC'		=> "{$phpbb_root_path}viewtopic.$phpEx$SID&amp;f=" . $topic_info['forum_id'] . '&amp;t=' . $topic_info['topic_id'],
+		'U_VIEWTOPIC'		=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $topic_info['forum_id'] . '&amp;t=' . $topic_info['topic_id']),
 
 		'TO_TOPIC_ID'		=> $to_topic_id,
-		'TO_TOPIC_INFO'		=> ($to_topic_id) ? sprintf($user->lang['YOU_SELECTED_TOPIC'], $to_topic_id, '<a href="' . $phpbb_root_path . "viewtopic.$phpEx$SID&amp;f=" . $to_topic_info['forum_id'] . '&amp;t=' . $to_topic_id . '" target="_new">' . $to_topic_info['topic_title'] . '</a>') : '',
+		'TO_TOPIC_INFO'		=> ($to_topic_id) ? sprintf($user->lang['YOU_SELECTED_TOPIC'], $to_topic_id, '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $to_topic_info['forum_id'] . '&amp;t=' . $to_topic_id) . '" target="_new">' . $to_topic_info['topic_title'] . '</a>') : '',
 
 		'SPLIT_SUBJECT'		=> $subject,
 		'POSTS_PER_PAGE'	=> $posts_per_page,
@@ -205,11 +205,11 @@ function mcp_topic_view($id, $mode, $action)
 
 		'U_SELECT_TOPIC'	=> "$url&amp;i=$id&amp;mode=forum_view&amp;action=merge_select",
 
-		'RETURN_TOPIC'		=> sprintf($user->lang['RETURN_TOPIC'], "<a href=\"{$phpbb_root_path}viewtopic.$phpEx$SID&amp;f={$topic_info['forum_id']}&amp;t={$topic_info['topic_id']}&amp;start=$start\">", '</a>'),
+		'RETURN_TOPIC'		=> sprintf($user->lang['RETURN_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f={$topic_info['forum_id']}&amp;t={$topic_info['topic_id']}&amp;start=$start") . '">', '</a>'),
-		'RETURN_FORUM'		=> sprintf($user->lang['RETURN_FORUM'], "<a href=\"{$phpbb_root_path}viewforum.$phpEx$SID&amp;f={$topic_info['forum_id']}&amp;start=$start\">", '</a>'),
+		'RETURN_FORUM'		=> sprintf($user->lang['RETURN_FORUM'], '<a href="' . append_sid("{$phpbb_root_path}viewforum.$phpEx", "f={$topic_info['forum_id']}&amp;start=$start") . '">', '</a>'),
 
 		'PAGE_NUMBER'		=> on_page($total, $posts_per_page, $start),
-		'PAGINATION'		=> (!$posts_per_page) ? '' : generate_pagination("{$phpbb_root_path}mcp.$phpEx$SID&amp;i=$id&amp;t=" . $topic_info['topic_id'] . "&amp;mode=$mode&amp;action=$action&amp;to_topic_id=$to_topic_id&amp;posts_per_page=$posts_per_page&amp;st=$sort_days&amp;sk=$sort_key&amp;sd=$sort_dir", $total, $posts_per_page, $start),
+		'PAGINATION'		=> (!$posts_per_page) ? '' : generate_pagination(append_sid("{$phpbb_root_path}mcp.$phpEx", "i=$id&amp;t={$topic_info['topic_id']}&amp;mode=$mode&amp;action=$action&amp;to_topic_id=$to_topic_id&amp;posts_per_page=$posts_per_page&amp;st=$sort_days&amp;sk=$sort_key&amp;sd=$sort_dir"), $total, $posts_per_page, $start),
 		'TOTAL'				=> $total)
 	);
 }
@@ -219,7 +219,7 @@ function mcp_topic_view($id, $mode, $action)
 */
 function split_topic($action, $topic_id, $to_forum_id, $subject)
 {
-	global $db, $template, $user, $phpEx, $SID, $phpbb_root_path, $auth;
+	global $db, $template, $user, $phpEx, $phpbb_root_path, $auth;
 
 	$post_id_list	= request_var('post_id_list', array(0));
 	$start			= request_var('start', 0);
@@ -375,7 +375,7 @@ function split_topic($action, $topic_id, $to_forum_id, $subject)
 		$success_msg = 'TOPIC_SPLIT_SUCCESS';
 
 		// Link back to both topics
-		$return_link = sprintf($user->lang['RETURN_TOPIC'], "<a href=\"{$phpbb_root_path}viewtopic.$phpEx$SID&amp;f=" . $post_info['forum_id'] . '&amp;t=' . $post_info['topic_id'] . '">', '</a>') . '<br /><br />' . sprintf($user->lang['RETURN_NEW_TOPIC'], "<a href=\"{$phpbb_root_path}viewtopic.$phpEx$SID&amp;f=" . $to_forum_id . '&amp;t=' . $to_topic_id . '">', '</a>');
+		$return_link = sprintf($user->lang['RETURN_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $post_info['forum_id'] . '&amp;t=' . $post_info['topic_id']) . '">', '</a>') . '<br /><br />' . sprintf($user->lang['RETURN_NEW_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $to_forum_id . '&amp;t=' . $to_topic_id) . '">', '</a>');
 	}
 	else
 	{
@@ -391,7 +391,7 @@ function split_topic($action, $topic_id, $to_forum_id, $subject)
 	}
 	else
 	{
-		meta_refresh(3, "viewtopic.$phpEx$SID&amp;f=$to_forum_id&amp;t=$to_topic_id");
+		meta_refresh(3, append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$to_forum_id&amp;t=$to_topic_id"));
 		trigger_error($user->lang[$success_msg] . '<br /><br />' . $return_link);
 	}
 }
@@ -401,7 +401,7 @@ function split_topic($action, $topic_id, $to_forum_id, $subject)
 */
 function merge_posts($topic_id, $to_topic_id)
 {
-	global $db, $template, $user, $phpEx, $SID, $phpbb_root_path, $auth;
+	global $db, $template, $user, $phpEx, $phpbb_root_path, $auth;
 
 	if (!$to_topic_id)
 	{
@@ -463,11 +463,11 @@ function merge_posts($topic_id, $to_topic_id)
 
 		if (sizeof($topic_data))
 		{
-			$return_link .= sprintf($user->lang['RETURN_TOPIC'], '<a href="viewtopic.' . $phpEx . $SID . '&amp;f=' . $forum_id . '&amp;t=' . $topic_id . '">', '</a>');
+			$return_link .= sprintf($user->lang['RETURN_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $forum_id . '&amp;t=' . $topic_id) . '">', '</a>');
 		}
 
 		// Link to the new topic
-		$return_link .= (($return_link) ? '<br /><br />' : '') . sprintf($user->lang['RETURN_NEW_TOPIC'], '<a href="viewtopic.' . $phpEx . $SID . '&amp;f=' . $to_forum_id . '&amp;t=' . $to_topic_id . '">', '</a>');
+		$return_link .= (($return_link) ? '<br /><br />' : '') . sprintf($user->lang['RETURN_NEW_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $to_forum_id . '&amp;t=' . $to_topic_id) . '">', '</a>');
 	}
 	else
 	{
@@ -483,7 +483,7 @@ function merge_posts($topic_id, $to_topic_id)
 	}
 	else
 	{
-		meta_refresh(3, "{$phpbb_root_path}viewtopic.$phpEx$SID&amp;f=$to_forum_id&amp;t=$to_topic_id");
+		meta_refresh(3, append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$to_forum_id&amp;t=$to_topic_id"));
 		trigger_error($user->lang[$success_msg] . '<br /><br />' . $return_link);
 	}
 }

phpBB/includes/mcp/mcp_warn.php

@@ -15,8 +15,8 @@
 */
 class mcp_warn
 {
-
 	var $p_master;
+	var $u_action;
 
 	function mcp_main(&$p_master)
 	{
@@ -26,7 +26,7 @@ class mcp_warn
 	function main($id, $mode)
 	{
 		global $auth, $db, $user, $template;
-		global $config, $phpbb_root_path, $phpEx, $SID;
+		global $config, $phpbb_root_path, $phpEx;
 
 		$action = request_var('action', array('' => ''));
 
@@ -59,21 +59,17 @@ class mcp_warn
 	}
 }
 
-//
-// Functions
-//
-
 /**
 * Generates the summary on the main page of the warning module
 */
 function mcp_warn_front_view($id, $mode)
 {
-	global $SID, $phpEx, $phpbb_root_path, $config;
+	global $phpEx, $phpbb_root_path, $config;
 	global $template, $db, $user, $auth;
 
 	$template->assign_vars(array(
-		'U_FIND_MEMBER'		=> "memberlist.$phpEx$SID&mode=searchuser&form=mcp&field=username",
+		'U_FIND_MEMBER'		=> append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=mcp&field=username'),
-		'U_POST_ACTION'		=> "mcp.$phpEx$SID&i=warn&mode=warn_user",
+		'U_POST_ACTION'		=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=warn&mode=warn_user'),
 		)
 	);
 
@@ -88,8 +84,8 @@ function mcp_warn_front_view($id, $mode)
 	foreach ($highest as $row)
 	{
 		$template->assign_block_vars('highest', array(
-			'U_NOTES'		=> 'mcp.' . $phpEx . $SID . '&i=notes&mode=user_notes&u=' . $row['user_id'],
+			'U_NOTES'		=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=notes&mode=user_notes&u=' . $row['user_id']),
-			'U_USER'		=> 'memberlist.' . $phpEx . $SID . '&mode=viewprofile&u=' . $row['user_id'],
+			'U_USER'		=> append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $row['user_id']),
 
 			'USERNAME'		=> $row['username'],
 			'WARNING_TIME'	=> $user->format_date($row['user_last_warning']),
@@ -109,8 +105,8 @@ function mcp_warn_front_view($id, $mode)
 	while ($row = $db->sql_fetchrow($result))
 	{
 		$template->assign_block_vars('latest', array(
-			'U_NOTES'		=> 'mcp.' . $phpEx . $SID . '&i=notes&mode=user_notes&u=' . $row['user_id'],
+			'U_NOTES'		=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=notes&mode=user_notes&u=' . $row['user_id']),
-			'U_USER'		=> 'memberlist.' . $phpEx . $SID . '&mode=viewprofile&u=' . $row['user_id'],
+			'U_USER'		=> append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $row['user_id']),
 
 			'USERNAME'		=> $row['username'],
 			'WARNING_TIME'	=> $user->format_date($row['warning_time']),
@@ -126,7 +122,7 @@ function mcp_warn_front_view($id, $mode)
 */
 function mcp_warn_list_view($id, $mode, $action)
 {
-	global $SID, $phpEx, $phpbb_root_path, $config;
+	global $phpEx, $phpbb_root_path, $config;
 	global $template, $db, $user, $auth;
 
 	$user->add_lang('memberlist');
@@ -155,8 +151,8 @@ function mcp_warn_list_view($id, $mode, $action)
 	foreach ($users as $row)
 	{
 		$template->assign_block_vars('user', array(
-			'U_NOTES'		=> 'mcp.' . $phpEx . $SID . '&i=notes&mode=user_notes&u=' . $row['user_id'],
+			'U_NOTES'		=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=notes&mode=user_notes&u=' . $row['user_id']),
-			'U_USER'		=> 'memberlist.' . $phpEx . $SID . '&mode=viewprofile&u=' . $row['user_id'],
+			'U_USER'		=> append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $row['user_id']),
 
 			'USERNAME'		=> $row['username'],
 			'WARNING_TIME'	=> $user->format_date($row['user_last_warning']),
@@ -166,14 +162,14 @@ function mcp_warn_list_view($id, $mode, $action)
 	}
 
 	$template->assign_vars(array(
-		'U_POST_ACTION'		=> "mcp.$phpEx$SID&i=$id&mode=$mode",
+		'U_POST_ACTION'		=> append_sid("{$phpbb_root_path}mcp.$phpEx", "i=$id&mode=$mode"),
 		'S_CLEAR_ALLOWED'	=> ($auth->acl_get('a_clearlogs')) ? true : false,
 		'S_SELECT_SORT_DIR' 	=> $s_sort_dir,
 		'S_SELECT_SORT_KEY' 	=> $s_sort_key,
 		'S_SELECT_SORT_DAYS' 	=> $s_limit_days,
 
 		'PAGE_NUMBER'		=> on_page($user_count, $config['topics_per_page'], $start),
-		'PAGINATION'		=> generate_pagination("mcp.$phpEx$SID&i=$id&mode=$mode&st=$st&sk=$sk&sd=$sd", $user_count, $config['topics_per_page'], $start),
+		'PAGINATION'		=> generate_pagination(append_sid("{$phpbb_root_path}mcp.$phpEx", "i=$id&mode=$mode&st=$st&sk=$sk&sd=$sd"), $user_count, $config['topics_per_page'], $start),
 		'TOTAL_USERS'		=> ($user_count == 1) ? $user->lang['LIST_USER'] : sprintf($user->lang['LIST_USERS'], $user_count),
 		)
 	);
@@ -185,7 +181,7 @@ function mcp_warn_list_view($id, $mode, $action)
 */
 function mcp_warn_post_view($id, $mode, $action)
 {
-	global $SID, $phpEx, $phpbb_root_path, $config;
+	global $phpEx, $phpbb_root_path, $config;
 	global $template, $db, $user, $auth;
 
 	$post_id = request_var('p', 0);
@@ -227,7 +223,7 @@ function mcp_warn_post_view($id, $mode, $action)
 	{
 		add_warning($userrow, $warning, $notify, $post_id);
 
-		$redirect = "mcp.$phpEx$SID&i=notes&mode=user_notes&u=$user_id";
+		$redirect = append_sid("{$phpbb_root_path}mcp.$phpEx", "i=notes&mode=user_notes&u=$user_id");
 		meta_refresh(2, $redirect);
 		trigger_error($user->lang['USER_WARNING_ADDED'] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a>'));
 	}
@@ -274,11 +270,11 @@ function mcp_warn_post_view($id, $mode, $action)
 	}
 	else
 	{
-		$avatar_img = '<img src="adm/images/no_avatar.gif" alt="" />';
+		$avatar_img = '<img src="' . $phpbb_root_path . 'images/no_avatar.gif" alt="" />';
 	}
 
 	$template->assign_vars(array(
-		'U_POST_ACTION'		=> "mcp.$phpEx$SID&amp;i=$id&amp;mode=$mode&amp;p=$post_id",
+		'U_POST_ACTION'		=> append_sid("{$phpbb_root_path}mcp.$phpEx", "i=$id&amp;mode=$mode&amp;p=$post_id"),
 
 		'POST'				=> $message,
 		'USERNAME'			=> $userrow['username'],
@@ -298,7 +294,7 @@ function mcp_warn_post_view($id, $mode, $action)
 */
 function mcp_warn_user_view($id, $mode, $action)
 {
-	global $SID, $phpEx, $phpbb_root_path, $config;
+	global $phpEx, $phpbb_root_path, $config;
 	global $template, $db, $user, $auth;
 
 	$user_id = request_var('u', 0);
@@ -321,7 +317,7 @@ function mcp_warn_user_view($id, $mode, $action)
 	{
 		add_warning($userrow, $warning, $notify);
 
-		$redirect = "mcp.$phpEx$SID&amp;i=notes&amp;mode=user_notes&amp;u=$user_id";
+		$redirect = append_sid("{$phpbb_root_path}mcp.$phpEx", "i=notes&amp;mode=user_notes&amp;u=$user_id");
 		meta_refresh(2, $redirect);
 		trigger_error($user->lang['USER_WARNING_ADDED'] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a>'));
 	}
@@ -353,7 +349,7 @@ function mcp_warn_user_view($id, $mode, $action)
 
 	// OK, they didn't submit a warning so lets build the page for them to do so
 	$template->assign_vars(array(
-		'U_POST_ACTION'		=> "mcp.$phpEx$SID&amp;i=$id&amp;mode=$mode&amp;u=$user_id",
+		'U_POST_ACTION'		=> append_sid("{$phpbb_root_path}mcp.$phpEx", "i=$id&amp;mode=$mode&amp;u=$user_id"),
 
 		'USERNAME'			=> $userrow['username'],
 		'USER_COLOR'		=> (!empty($userrow['user_colour'])) ? $userrow['user_colour'] : '',
@@ -373,7 +369,7 @@ function mcp_warn_user_view($id, $mode, $action)
 */
 function add_warning($userrow, $warning, $send_pm = true, $post_id = 0)
 {
-	global $SID, $phpEx, $phpbb_root_path, $config;
+	global $phpEx, $phpbb_root_path, $config;
 	global $template, $db, $user, $auth;
 
 	if ($send_pm)

phpBB/includes/message_parser.php

@@ -251,6 +251,20 @@ class bbcode_firstpass extends bbcode
 			return '';
 		}
 
+		// Apply the same size checks on flash files as on images
+		if ($config['max_' . $this->mode . '_img_height'] || $config['max_' . $this->mode . '_img_width'])
+		{
+			if ($config['max_' . $this->mode . '_img_height'] && $config['max_' . $this->mode . '_img_height'] < $height)
+			{
+				$this->warn_msg[] = sprintf($user->lang['MAX_FLASH_HEIGHT_EXCEEDED'], $config['max_' . $this->mode . '_img_height']);
+			}
+
+			if ($config['max_' . $this->mode . '_img_width'] && $config['max_' . $this->mode . '_img_width'] < $width)
+			{
+				$this->warn_msg[] = sprintf($user->lang['MAX_FLASH_WIDTH_EXCEEDED'], $config['max_' . $this->mode . '_img_width']);
+			}
+		}
+
 		return '[flash=' . $width . ',' . $height . ':' . $this->bbcode_uid . ']' . $in . '[/flash:' . $this->bbcode_uid . ']';
 	}
 

phpBB/includes/session.php

@@ -73,7 +73,7 @@ class session
 
 		$page_dir = str_repeat('../', sizeof($root_dirs)) . implode('/', $page_dirs);
 
-		if ($page_dir && $page_dir{strlen($page_dir) - 1} == '/')
+		if ($page_dir && substr($page_dir, -1, 1) == '/')
 		{
 			$page_dir = substr($page_dir, 0, -1);
 		}
@@ -81,10 +81,10 @@ class session
 		// Current page from phpBB root (for example: adm/index.php?i=10&b=2)
 		$page = (($page_dir) ? $page_dir . '/' : '') . $page_name . (($query_string) ? "?$query_string" : '');
 
-		// The script path from the webroot to the current directory (for example: /phpBB2/adm) : always prefixed with /
+		// The script path from the webroot to the current directory (for example: /phpBB2/adm/) : always prefixed with / and ends in /
 		$script_path = trim(str_replace('\\', '/', dirname($script_name)));
 
-		// The script path from the webroot to the phpBB root (for example: /phpBB2)
+		// The script path from the webroot to the phpBB root (for example: /phpBB2/)
 		$script_dirs = explode('/', $script_path);
 		array_splice($script_dirs, -sizeof($page_dirs));
 		$root_script_path = implode('/', $script_dirs) . (sizeof($root_dirs) ?  '/' . implode('/', $root_dirs) : '');
@@ -95,6 +95,9 @@ class session
 			$root_script_path = ($page_dir) ? str_replace($page_dir, '', $script_path) : $script_path;
 		}
 
+		$script_path .= (substr($script_path, -1, 1) == '/') ? '' : '/';
+		$root_script_path .= (substr($root_script_path, -1, 1) == '/') ? '' : '/';
+
 		$page_array += array(
 			'page_name'			=> $page_name,
 			'page_dir'			=> $page_dir,
@@ -124,7 +127,7 @@ class session
 	*/
 	function session_begin()
 	{
-		global $phpEx, $SID, $db, $config, $phpbb_root_path;
+		global $phpEx, $SID, $_SID, $db, $config, $phpbb_root_path;
 
 		$this->time_now = time();
 		
@@ -145,10 +148,11 @@ class session
 			$this->session_id 		= request_var($config['cookie_name'] . '_sid', '');
 
 			$SID = (defined('NEED_SID')) ? '?sid=' . $this->session_id : '?sid=';
+			$_SID = (defined('NEED_SID')) ? $this->session_id : '';
 		}
 		else
 		{
-			$this->session_id = request_var('sid', '');
+			$this->session_id = $_SID = request_var('sid', '');
 			$SID = '?sid=' . $this->session_id;
 		}
 		
@@ -282,7 +286,7 @@ class session
 	*/
 	function session_create($user_id = false, $set_admin = false, $persist_login = false, $viewonline = true)
 	{
-		global $SID, $db, $config, $cache, $phpbb_root_path, $phpEx;
+		global $SID, $_SID, $db, $config, $cache, $phpbb_root_path, $phpEx;
 
 		$this->data = array();
 		
@@ -490,6 +494,7 @@ class session
 		}
 		
 		$SID = '?sid=';
+		$_SID = '';
 		if (!$bot)
 		{
 			$cookie_expire = $this->time_now + (($config['max_autologin_time']) ? 86400 * (int) $config['max_autologin_time'] : 31536000);
@@ -499,6 +504,7 @@ class session
 			$this->set_cookie('sid', $this->session_id, $cookie_expire);
 
 			$SID = '?sid=' . $this->session_id;
+			$_SID = $this->session_id;
 
 			if ($this->data['user_id'] != ANONYMOUS)
 			{
@@ -521,7 +527,7 @@ class session
 	*/
 	function session_kill()
 	{
-		global $SID, $db, $config, $phpbb_root_path, $phpEx;
+		global $SID, $_SID, $db, $config, $phpbb_root_path, $phpEx;
 
 		$sql = 'DELETE FROM ' . SESSIONS_TABLE . "
 			WHERE session_id = '" . $db->sql_escape($this->session_id) . "'
@@ -583,7 +589,7 @@ class session
 		unset($cookie_expire);
 		
 		$SID = '?sid=';
-		$this->session_id = '';
+		$this->session_id = $_SID = '';
 
 		return true;
 	}
@@ -966,10 +972,11 @@ class user extends session
 
 		if (!empty($_GET['style']) && $auth->acl_get('a_styles'))
 		{
-			global $SID;
+			global $SID, $_EXTRA_URL;
 
 			$style = request_var('style', 0);
 			$SID .= '&style=' . $style;
+			$_EXTRA_URL = array('style=' . $style);
 		}
 		else
 		{
@@ -1075,11 +1082,9 @@ class user extends session
 		// already in the ucp
 		if (!defined('IN_ADMIN') && $config['chg_passforce'] && $this->data['user_passchg'] < time() - ($config['chg_passforce'] * 86400))
 		{
-			global $SID;
-
 			if (strpos($this->page['query_string'], 'mode=reg_details') !== false && $this->page['page_name'] == "ucp.$phpEx")
 			{
-				redirect("ucp.$phpEx$SID&i=profile&mode=reg_details");
+				redirect(append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=profile&amp;mode=reg_details'));
 			}
 		}
 

phpBB/includes/ucp/ucp_activate.php

@@ -17,7 +17,7 @@ class ucp_activate
 {
 	function main($id, $mode)
 	{
-		global $config, $db, $user, $auth, $SID, $template, $phpbb_root_path, $phpEx;
+		global $config, $db, $user, $auth, $template, $phpbb_root_path, $phpEx;
 
 		$user_id = request_var('u', 0);
 		$key = request_var('k', '');
@@ -36,7 +36,7 @@ class ucp_activate
 
 		if ($row['user_type'] <> USER_INACTIVE && !$row['user_newpasswd'])
 		{
-			meta_refresh(3, "index.$phpEx$SID");
+			meta_refresh(3, append_sid("{$phpbb_root_path}index.$phpEx"));
 			trigger_error($user->lang['ALREADY_ACTIVATED']);
 		}
 		
@@ -110,7 +110,7 @@ class ucp_activate
 			set_config('num_users', $config['num_users'] + 1, true);
 		}
 
-		meta_refresh(3, "{$phpbb_root_path}index.$phpEx$SID");
+		meta_refresh(3, append_sid("{$phpbb_root_path}index.$phpEx"));
 		trigger_error($user->lang[$message]);
 	}
 }

phpBB/includes/ucp/ucp_attachments.php

@@ -15,9 +15,11 @@
 */
 class ucp_attachments
 {
+	var $u_action;
+
 	function main($id, $mode)
 	{
-		global $template, $user, $db, $config, $phpEx, $phpbb_root_path, $SID;
+		global $template, $user, $db, $config, $phpEx, $phpbb_root_path;
 
 		$start		= request_var('start', 0);
 		$sort_key	= request_var('sk', 'a');
@@ -44,9 +46,8 @@ class ucp_attachments
 				}
 				delete_attachments('attach', $delete_ids);
 
-				$refresh_url = "{$phpbb_root_path}ucp.$phpEx$SID&i=$id";
+				meta_refresh(3, $this->u_action);
-				meta_refresh(3, $refresh_url);
+				$message = ((sizeof($delete_ids) == 1) ? $user->lang['ATTACHMENT_DELETED'] : $user->lang['ATTACHMENTS_DELETED']) . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
-				$message = ((sizeof($delete_ids) == 1) ? $user->lang['ATTACHMENT_DELETED'] : $user->lang['ATTACHMENTS_DELETED']) . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $refresh_url . '">', '</a>');
 				trigger_error($message);
 			}
 			else
@@ -103,11 +104,11 @@ class ucp_attachments
 			{
 				if ($row['in_message'])
 				{
-					$view_topic = "{$phpbb_root_path}ucp.$phpEx$SID&amp;i=pm&amp;p={$row['post_msg_id']}";
+					$view_topic = append_sid("{$phpbb_root_path}ucp.$phpEx", "i=pm&amp;p={$row['post_msg_id']}");
 				}
 				else
 				{
-					$view_topic = "{$phpbb_root_path}viewtopic.$phpEx$SID&amp;t={$row['topic_id']}&amp;p={$row['post_msg_id']}#p{$row['post_msg_id']}";
+					$view_topic = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "t={$row['topic_id']}&amp;p={$row['post_msg_id']}") . "#p{$row['post_msg_id']}";
 				}
 
 				$template->assign_block_vars('attachrow', array(
@@ -126,7 +127,7 @@ class ucp_attachments
 				
 					'S_IN_MESSAGE'		=> $row['in_message'],
 
-					'U_VIEW_ATTACHMENT'	=> $phpbb_root_path . 'download.' . $phpEx . $SID . '&amp;id=' . $row['attach_id'],
+					'U_VIEW_ATTACHMENT'	=> append_sid("{$phpbb_root_path}download.$phpEx", 'id=' . $row['attach_id']),
 					'U_VIEW_TOPIC'		=> $view_topic)
 				);
 
@@ -138,22 +139,22 @@ class ucp_attachments
 
 		$template->assign_vars(array( 
 			'PAGE_NUMBER'			=> on_page($num_attachments, $config['posts_per_page'], $start),
-			'PAGINATION'			=> generate_pagination("{$phpbb_root_path}ucp.$phpEx$SID&amp;i=$id&amp;sk=$sort_key&amp;sd=$sort_dir", $num_attachments, $config['posts_per_page'], $start),
+			'PAGINATION'			=> generate_pagination($this->u_action . "&amp;sk=$sort_key&amp;sd=$sort_dir", $num_attachments, $config['posts_per_page'], $start),
 			'TOTAL_ATTACHMENTS'		=> $num_attachments,
 
 			'L_TITLE'				=> $user->lang['UCP_ATTACHMENTS'],
 
-			'U_SORT_FILENAME'		=> "{$phpbb_root_path}ucp.$phpEx$SID&amp;i=$id&amp;sk=a&amp;sd=" . (($sort_key == 'a' && $sort_dir == 'a') ? 'd' : 'a'), 
+			'U_SORT_FILENAME'		=> $this->u_action . "&amp;sk=a&amp;sd=" . (($sort_key == 'a' && $sort_dir == 'a') ? 'd' : 'a'), 
-			'U_SORT_FILE_COMMENT'	=> "{$phpbb_root_path}ucp.$phpEx$SID&amp;i=$id&amp;sk=b&amp;sd=" . (($sort_key == 'b' && $sort_dir == 'a') ? 'd' : 'a'), 
+			'U_SORT_FILE_COMMENT'	=> $this->u_action . "&amp;sk=b&amp;sd=" . (($sort_key == 'b' && $sort_dir == 'a') ? 'd' : 'a'), 
-			'U_SORT_EXTENSION'		=> "{$phpbb_root_path}ucp.$phpEx$SID&amp;i=$id&amp;sk=c&amp;sd=" . (($sort_key == 'c' && $sort_dir == 'a') ? 'd' : 'a'), 
+			'U_SORT_EXTENSION'		=> $this->u_action . "&amp;i=$id&amp;sk=c&amp;sd=" . (($sort_key == 'c' && $sort_dir == 'a') ? 'd' : 'a'), 
-			'U_SORT_FILESIZE'		=> "{$phpbb_root_path}ucp.$phpEx$SID&amp;i=$id&amp;sk=d&amp;sd=" . (($sort_key == 'd' && $sort_dir == 'a') ? 'd' : 'a'), 
+			'U_SORT_FILESIZE'		=> $this->u_action . "&amp;sk=d&amp;sd=" . (($sort_key == 'd' && $sort_dir == 'a') ? 'd' : 'a'), 
-			'U_SORT_DOWNLOADS'		=> "{$phpbb_root_path}ucp.$phpEx$SID&amp;i=$id&amp;sk=e&amp;sd=" . (($sort_key == 'e' && $sort_dir == 'a') ? 'd' : 'a'), 
+			'U_SORT_DOWNLOADS'		=> $this->u_action . "&amp;sk=e&amp;sd=" . (($sort_key == 'e' && $sort_dir == 'a') ? 'd' : 'a'), 
-			'U_SORT_POST_TIME'		=> "{$phpbb_root_path}ucp.$phpEx$SID&amp;i=$id&amp;sk=f&amp;sd=" . (($sort_key == 'f' && $sort_dir == 'a') ? 'd' : 'a'), 
+			'U_SORT_POST_TIME'		=> $this->u_action . "&amp;sk=f&amp;sd=" . (($sort_key == 'f' && $sort_dir == 'a') ? 'd' : 'a'), 
-			'U_SORT_TOPIC_TITLE'	=> "{$phpbb_root_path}ucp.$phpEx$SID&amp;i=$id&amp;sk=g&amp;sd=" . (($sort_key == 'f' && $sort_dir == 'a') ? 'd' : 'a'), 
+			'U_SORT_TOPIC_TITLE'	=> $this->u_action . "&amp;sk=g&amp;sd=" . (($sort_key == 'f' && $sort_dir == 'a') ? 'd' : 'a'), 
 
 			'S_DISPLAY_MARK_ALL'	=> ($num_attachments) ? true : false,
 			'S_DISPLAY_PAGINATION'	=> ($num_attachments) ? true : false,
-			'S_UCP_ACTION'			=> "{$phpbb_root_path}ucp.$phpEx$SID&amp;i=$id",
+			'S_UCP_ACTION'			=> $this->u_action,
 			'S_SORT_OPTIONS' 		=> $s_sort_key,
 			'S_ORDER_SELECT'		=> $s_sort_dir)
 		);

phpBB/includes/ucp/ucp_confirm.php

@@ -24,7 +24,7 @@ class ucp_confirm
 {
 	function main($id, $mode)
 	{
-		global $db, $user, $phpbb_root_path, $config;
+		global $db, $user, $phpbb_root_path, $config, $phpEx;
 
 		// Do we have an id? No, then just exit
 		$confirm_id = request_var('id', '');
@@ -74,12 +74,12 @@ class ucp_confirm
 		$policy = '';
 		if (extension_loaded('gd') && sizeof($policy_modules))
 		{
-			include($phpbb_root_path . 'includes/captcha/captcha_gd.php');
+			include($phpbb_root_path . 'includes/captcha/captcha_gd.' . $phpEx);
 			$policy = $policy_modules[array_rand($policy_modules)];
 		}
 		else
 		{
-			include($phpbb_root_path . 'includes/captcha/captcha_non_gd.php');
+			include($phpbb_root_path . 'includes/captcha/captcha_non_gd.' . $phpEx);
 		}
 
 		$captcha = new captcha();