diff --git a/phpBB/adm/images/progress_bar.gif b/phpBB/adm/images/progress_bar.gif
old mode 100755
new mode 100644
diff --git a/phpBB/adm/index.php b/phpBB/adm/index.php
index 358e5a4bf2..c0fa2fdddb 100644
--- a/phpBB/adm/index.php
+++ b/phpBB/adm/index.php
@@ -45,7 +45,7 @@ define('IN_ADMIN', true);
 $phpbb_admin_path = (defined('PHPBB_ADMIN_PATH')) ? PHPBB_ADMIN_PATH : './';
 
 // Some oft used variables
-$safe_mode		= (@ini_get('safe_mode') == '1' || @strtolower(ini_get('safe_mode')) === 'on') ? true : false;
+$safe_mode		= (@ini_get('safe_mode') == '1' || strtolower(@ini_get('safe_mode')) === 'on') ? true : false;
 $file_uploads	= (@ini_get('file_uploads') == '1' || strtolower(@ini_get('file_uploads')) === 'on') ? true : false;
 $module_id		= request_var('i', '');
 $mode			= request_var('mode', '');
@@ -116,6 +116,7 @@ function adm_page_header($page_title)
 		'ROOT_PATH'				=> $phpbb_admin_path,
 
 		'U_LOGOUT'				=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=logout'),
+		'U_ADM_LOGOUT'			=> append_sid("{$phpbb_admin_path}index.$phpEx", 'action=admlogout'),
 		'U_ADM_INDEX'			=> append_sid("{$phpbb_admin_path}index.$phpEx"),
 		'U_INDEX'				=> append_sid("{$phpbb_root_path}index.$phpEx"),
 
diff --git a/phpBB/adm/style/acp_forums.html b/phpBB/adm/style/acp_forums.html
index e4662d9280..636d4ded7b 100644
--- a/phpBB/adm/style/acp_forums.html
+++ b/phpBB/adm/style/acp_forums.html
@@ -96,7 +96,7 @@
 
 	<a href="{U_BACK}" style="float: {S_CONTENT_FLOW_END};">&laquo; {L_BACK}</a>
 
-	<h1>{L_TITLE} :: {FORUM_NAME}</h1>
+	<h1>{L_TITLE} <!-- IF FORUM_NAME -->:: {FORUM_NAME}<!-- ENDIF --></h1>
 
 	<p>{L_FORUM_EDIT_EXPLAIN}</p>
 
diff --git a/phpBB/adm/style/acp_inactive.html b/phpBB/adm/style/acp_inactive.html
old mode 100755
new mode 100644
diff --git a/phpBB/adm/style/install_convert.html b/phpBB/adm/style/install_convert.html
old mode 100755
new mode 100644
diff --git a/phpBB/adm/style/install_error.html b/phpBB/adm/style/install_error.html
old mode 100755
new mode 100644
diff --git a/phpBB/adm/style/install_footer.html b/phpBB/adm/style/install_footer.html
old mode 100755
new mode 100644
diff --git a/phpBB/adm/style/install_header.html b/phpBB/adm/style/install_header.html
old mode 100755
new mode 100644
diff --git a/phpBB/adm/style/install_install.html b/phpBB/adm/style/install_install.html
old mode 100755
new mode 100644
diff --git a/phpBB/adm/style/install_main.html b/phpBB/adm/style/install_main.html
old mode 100755
new mode 100644
diff --git a/phpBB/adm/style/overall_header.html b/phpBB/adm/style/overall_header.html
index e883e66d80..6fd34ac678 100644
--- a/phpBB/adm/style/overall_header.html
+++ b/phpBB/adm/style/overall_header.html
@@ -181,11 +181,11 @@ function switch_menu()
 			<span class="corners-top"><span></span></span>
 				<div id="content">
 					<!-- IF not S_USER_NOTICE --> 
-					<div id="toggle">						
+					<div id="toggle">
 						<a id="toggle-handle" accesskey="m" title="{L_MENU_TOGGLE}" onclick="switch_menu(); return false;" href="#"></a></div>
 					<!-- ENDIF -->
 					<div id="menu">
-						<p>{L_LOGGED_IN_AS}<br /><strong>{USERNAME}</strong> [&nbsp;<a href="{U_LOGOUT}">{L_LOGOUT}</a>&nbsp;]</p>
+						<p>{L_LOGGED_IN_AS}<br /><strong>{USERNAME}</strong> [&nbsp;<a href="{U_LOGOUT}">{L_LOGOUT}</a>&nbsp;][&nbsp;<a href="{U_ADM_LOGOUT}">{L_ADM_LOGOUT}</a>&nbsp;]</p>
 						<ul>
 						<!-- BEGIN l_block1 -->
 							<!-- IF l_block1.S_SELECTED -->
diff --git a/phpBB/develop/adjust_avatars.php b/phpBB/develop/adjust_avatars.php
old mode 100755
new mode 100644
diff --git a/phpBB/develop/adjust_uids.php b/phpBB/develop/adjust_uids.php
old mode 100755
new mode 100644
diff --git a/phpBB/develop/repair_bots.php b/phpBB/develop/repair_bots.php
old mode 100755
new mode 100644
diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html
index dd4fd3b90a..da25ae64ab 100644
--- a/phpBB/docs/CHANGELOG.html
+++ b/phpBB/docs/CHANGELOG.html
@@ -53,6 +53,7 @@
 <ol>
 	<li><a href="#changelog">Changelog</a>
 	<ol style="list-style-type: lower-roman;">
+		<li><a href="#v301">Changes since 3.0.1</a></li>
 		<li><a href="#v300">Changes since 3.0.0</a></li>
 		<li><a href="#v30rc8">Changes since RC-8</a></li>
 		<li><a href="#v30rc7">Changes since RC-7</a></li>
@@ -81,7 +82,49 @@
 
 		<div class="content">
 
-	<a name="v300"></a><h3>1.i. Changes since 3.0.0</h3>
+	<a name="v301"></a><h3>1.i. Changes since 3.0.1</h3>
+
+	<ul>
+		<li>[Fix] Ability to set permissions on non-mysql dbms (Bug #24955)</li>
+		<li>[Fix] Fixed blank style on setups having no username defined within config.php (Bug #25065)</li>
+		<li>[Fix] Made the compress_tar class tolerate archives that do not properly have their archived contents listed (Bug #14429 / thanks to JRSweets for his patch)</li>
+		<li>[Fix] Moved topics should not count towards the number of topics in a forum (Bug #14648 / thanks to Schumi for his patch)</li>
+		<li>[Fix] Properly check for invalid characters in MySQL DB prefixes during install (Bug #18775)</li>
+		<li>[Change] Generalize load check (Bug #21255 / thanks to Xipher)</li>
+		<li>[Change] Make utf8_htmlspecialchars not pass its argument by reference (Bug #21885)</li>
+		<li>[Fix] Bring the PostgreSQL backup system back to working order (Bug #22385)</li>
+		<li>[Change] Sort the tables at the database table backup screen</li>
+		<li>[Fix] Update correct theme for cached styles in style.php (Bug #25805)</li>
+		<li>[Fix] Also add PHPBB_INSTALLED check to download/file.php for inline avatar delivery</li>
+		<li>[Fix] Unable to login to some jabber server, reverted previous change (Bug #25095)</li>
+		<li>[Fix] Do not return BMP as valid image type for GD image manipulation (Bug #25925)</li>
+		<li>[Change] For determining the maximum number of private messages in one box, use the biggest value from all groups the user is a member of (Bug #24665)</li>
+		<li>[Fix] Correctly determine safe mode for temp file creation in functions_upload.php (Bug #23525)</li>
+		<li>[Fix] Correctly sort by rank in memberlist (Bug #24435)</li>
+		<li>[Fix] Purge cache after database restore (Bug #24245)</li>
+		<li>[Fix] Correctly display subforum read/unread icons from RTL in FF3, Konqueror and Safari3+. (thanks arod-1 for the fix, related to Bug #14830)</li>
+		<li>[Feature] Added optional referer validation of POST requests as additional CSRF protection.</li>
+		<li>[Fix] Added missing form token in acp (thanks NBBN).</li>
+		<li>[Feature] Added optional stricter upload validation to avoid mime sniffing in addition to the safeguards provided by file.php. (thanks to Nicolas Grekas for compiling the list).</li>
+		<li>[Fix] Do not remove whitespace in front of url containing the boards url and no relative path appended (Bug #27355)</li>
+		<li>[Change] Show email ban reason on registration. Additionally allow custom errors properly returned if using validate_data(). (Bug #26885)</li>
+		<li>[Feature] Streamlined banning via the MCP by adding a ban link to the user profile. Also pre-fills ban fields as far as possible.</li>
+		<li>[Feature] Added ACP logout to reset an admin session.</li>
+		<li>[Fix] reset forum notifications in viewtopic (Bug #28025)</li>
+		<li>[Fix] corrected link for searching post author's other posts (Bug #26455)</li>
+		<li>[Fix] HTTP Authentication supports UTF-8 usernames now (Bug #21135)</li>
+		<li>[Fix] Topic searches by author no longer return invalid results (Bug #11777)</li>
+		<li>[Change] Don't allow redirects to different domains. (thanks nookieman)</li>
+		<li>[Fix] Delete drafts and bookmarks when deleting an user. (#27585, thanks Schumi for the fix)</li>
+		<li>[Fix] Set last_post_subject for new topics. (#23945)</li>
+		<li>[Fix] Allow moving posts to invisible forums. (#27325)</li>
+		<li>[Fix] Don't allow promoting unapproved group members (#16124)</li>
+		<li>[Fix] Correctly fetch server name if using non-standard port (#27395)</li>
+		<li>[Fix] Regular expression for email matching in posts will no longer die on long words.</li>
+		<li>[Sec] Only allow urls gone through redirect() being used within login_box(). (thanks nookieman)</li>
+	</ul>
+
+	<a name="v300"></a><h3>1.ii. Changes since 3.0.0</h3>
 
 	<ul>
 		<li>[Change] Validate birthdays (Bug #15004)</li>
@@ -99,7 +142,7 @@
 		<li>[Fix] Fixing wrong sync() calls if moving all posts by a member in ACP (Bug #18385)</li>
 		<li>[Fix] Check entered imagemagick path for trailing slash (Bug #18205)</li>
 		<li>[Fix] Use proper title on index for new/unread posts (Bug #13101) - patch provided by Pyramide</li>
-		<li>[Fix] Allow calls to $user->set_cookie() define no cookie time for setting session cookies (Bug #18025)</li>
+		<li>[Fix] Allow calls to $user-&gt;set_cookie() define no cookie time for setting session cookies (Bug #18025)</li>
 		<li>[Fix] Stricter checks on smilie packs (Bug #19675)</li>
 		<li>[Fix] Gracefully return from cancelling pm drafts (Bug #19675)</li>
 		<li>[Fix] Possible login problems with IE7 if browser check is activated (Bug #20135)</li>
@@ -152,7 +195,7 @@
 		<li>[Fix] Find and display colliding usernames correctly when converting from one database to another (Bug #23925)</li>
 	</ul>
 
-	<a name="v30rc8"></a><h3>1.i. Changes since 3.0.RC8</h3>
+	<a name="v30rc8"></a><h3>1.iii. Changes since 3.0.RC8</h3>
 
 	<ul>
 		<li>[Fix] Cleaned usernames contain only single spaces, so &quot;a_name&quot; and &quot;a__name&quot; are treated as the same name (Bug #15634)</li>
@@ -161,7 +204,7 @@
 		<li>[Fix] Call garbage_collection() within database updater to correctly close connections (affects Oracle for example)</li>
 	</ul>
 
-	<a name="v30rc7"></a><h3>1.ii. Changes since 3.0.RC7</h3>
+	<a name="v30rc7"></a><h3>1.iv. Changes since 3.0.RC7</h3>
 
 	<ul>
 		<li>[Fix] Fixed MSSQL related bug in the update system</li>
@@ -196,7 +239,7 @@
 		<li>[Fix] No duplication of active topics (Bug #15474)</li>
 	</ul>
 
-	<a name="v30rc6"></a><h3>1.iii. Changes since 3.0.RC6</h3>
+	<a name="v30rc6"></a><h3>1.v. Changes since 3.0.RC6</h3>
 
 	<ul>
 		<li>[Fix] Submitting language changes using acp_language (Bug #14736)</li>
@@ -206,7 +249,7 @@
 		<li>[Fix] Able to request new password (Bug #14743)</li>
 	</ul>
 
-	<a name="v30rc5"></a><h3>1.iv. Changes since 3.0.RC5</h3>
+	<a name="v30rc5"></a><h3>1.vi. Changes since 3.0.RC5</h3>
 
 	<ul>
 		<li>[Feature] Removing constant PHPBB_EMBEDDED in favor of using an exit_handler(); the constant was meant to achive this more or less.</li>
@@ -269,7 +312,7 @@
 		<li>[Sec] New password hashing mechanism for storing passwords (#i42)</li>
 	</ul>
 
-	<a name="v30rc4"></a><h3>1.v. Changes since 3.0.RC4</h3>
+	<a name="v30rc4"></a><h3>1.vii. Changes since 3.0.RC4</h3>
 
 	<ul>
 		<li>[Fix] MySQL, PostgreSQL and SQLite related database fixes (Bug #13862)</li>
@@ -320,7 +363,7 @@
 		<li>[Fix] odbc_autocommit causing existing result sets to be dropped (Bug #14182)</li>
 	</ul>
 
-	<a name="v30rc3"></a><h3>1.vi. Changes since 3.0.RC3</h3>
+	<a name="v30rc3"></a><h3>1.viii. Changes since 3.0.RC3</h3>
 
 	<ul>
 		<li>[Fix] Fixing some subsilver2 and prosilver style issues</li>
@@ -429,7 +472,7 @@
 
 	</ul>
 
-	<a name="v30rc2"></a><h3>1.vii. Changes since 3.0.RC2</h3>
+	<a name="v30rc2"></a><h3>1.ix. Changes since 3.0.RC2</h3>
 
 	<ul>
 		<li>[Fix] Re-allow searching within the memberlist</li>
@@ -471,11 +514,11 @@
 		<li>[Fix] Some jabber related bugs (Bug #12989, #11805, #11809)</li>
 		<li>[Fix] Added UTF-8 support for banning via the MCP (Bug #13013)</li>
 		<li>[Fix] Properly detect the script name in session::extract_current_page() if PHP_SELF is not defined (Bug #12705) - patch provided by ToonArmy</li>
-		<li>[Fix] Show role mask for global permission class under Permissions->Permission Roles (Bug #13057)</li>
+		<li>[Fix] Show role mask for global permission class under Permissions-&gt;Permission Roles (Bug #13057)</li>
 
 	</ul>
 
-	<a name="v30rc1"></a><h3>1.viii. Changes since 3.0.RC1</h3>
+	<a name="v30rc1"></a><h3>1.x. Changes since 3.0.RC1</h3>
 
 	<ul>
 		<li>[Fix] (X)HTML issues within the templates (Bug #11255, #11255)</li>
diff --git a/phpBB/docs/INSTALL.html b/phpBB/docs/INSTALL.html
index 40ae50047b..41642f1cb6 100644
--- a/phpBB/docs/INSTALL.html
+++ b/phpBB/docs/INSTALL.html
@@ -273,7 +273,7 @@
 
 	<p>This package is meant for those wanting to only replace changed files from a previous version to the latest version. This package normally contains the changed files from up to five previous versions.</p>
 
-	<p>This package contains a number of archives, each contains the files changed from a given release to the latest version. You should select the appropriate archive for your current version, e.g. if you currently have <samp>3.0.0</samp> you should select the phpBB-3.0.0_to_3.0.1.zip/tar.gz file.</p>
+	<p>This package contains a number of archives, each contains the files changed from a given release to the latest version. You should select the appropriate archive for your current version, e.g. if you currently have <samp>3.0.1</samp> you should select the phpBB-3.0.1_to_3.0.2.zip/tar.gz file.</p>
 
 	<p>The directory structure has been preserved enabling you (if you wish) to simply upload the contents of the archive to the appropriate location on your server, i.e. simply overwrite the existing files with the new versions. Do not forget that if you have installed any MODs these files will overwrite the originals possibly destroying them in the process. You will need to re-add MODs to any affected file before uploading.</p>
 
@@ -285,7 +285,7 @@
 
 	<p>The patch file is one solution for those with many Modifications (MODs) or other changes who do not want to re-add them back to all the changed files if they use the method explained above. To use this you will need command line access to a standard UNIX type <strong>patch</strong> application. If you do not have access to such an application but still want to use this update approach, we strongly recommend the <a href="#update_auto">Automatic update package</a> explained below. It is also the preferred update method.</p>
 
-	<p>A number of patch files are provided to allow you to update from previous stable releases. Select the correct patch, e.g. if your current version is 3.0.0 you need the phpBB-3.0.0_to_3.0.1.patch file. Place the correct patch in the parent directory containing the phpBB3 core files (i.e. index.php, viewforum.php, etc.). With this done you should run the following command: <strong>patch -cl -d [PHPBB DIRECTORY] -p1 &lt; [PATCH NAME]</strong> (where PHPBB DIRECTORY is the directory name your phpBB Installation resides in, for example phpBB3, and where PATCH NAME is the relevant filename of the selected patch file). This should complete quickly, hopefully without any HUNK FAILED comments.</p>
+	<p>A number of patch files are provided to allow you to update from previous stable releases. Select the correct patch, e.g. if your current version is 3.0.1 you need the phpBB-3.0.1_to_3.0.1.patch file. Place the correct patch in the parent directory containing the phpBB3 core files (i.e. index.php, viewforum.php, etc.). With this done you should run the following command: <strong>patch -cl -d [PHPBB DIRECTORY] -p1 &lt; [PATCH NAME]</strong> (where PHPBB DIRECTORY is the directory name your phpBB Installation resides in, for example phpBB3, and where PATCH NAME is the relevant filename of the selected patch file). This should complete quickly, hopefully without any HUNK FAILED comments.</p>
 
 	<p>If you do get failures you should look at using the <a href="#update_files">Changed files only</a> package to replace the files which failed to patch, please note that you will need to manually re-add any Modifications (MODs) to these particular files. Alternatively if you know how you can examine the .rej files to determine what failed where and make manual adjustments to the relevant source.</p>
 
diff --git a/phpBB/docs/coding-guidelines.html b/phpBB/docs/coding-guidelines.html
index 837ae55227..7d777056d9 100644
--- a/phpBB/docs/coding-guidelines.html
+++ b/phpBB/docs/coding-guidelines.html
@@ -1450,7 +1450,7 @@ div
 
 
 <h4>What are Unicode, UCS and UTF-8?</h4>
-<p>The <a href="http://en.wikipedia.org/wiki/Universal_Character_Set">Universal Character Set (UCS)</a> described in ISO/IEC 10646 consists of a large amount of characters. Each of them has a unique name and a code point which is an integer number. <a href="http://en.wikipedia.org/wiki/Unicode">Unicode</a> - which is an industry standard - complements the Universal Character Set with further information about the characters' properties and alternative character encodings. More information on Unicode can be found on the <a href="http://www.unicode.org/">Unicode Consortium's website</a>. One of the Unicode encodings is the <a href="http://en.wikipedia.org/wiki/UTF-8">8-bit Unicode Transformation Format (UTF-8)</a>. It encodes characters with up to four bytes aiming for maximum compatability with the <a href="http://en.wikipedia.org/wiki/ASCII">American Standard Code for Information Interchange</a> which is a 7-bit encoding of a relatively small subset of the UCS.</p>
+<p>The <a href="http://en.wikipedia.org/wiki/Universal_Character_Set">Universal Character Set (UCS)</a> described in ISO/IEC 10646 consists of a large amount of characters. Each of them has a unique name and a code point which is an integer number. <a href="http://en.wikipedia.org/wiki/Unicode">Unicode</a> - which is an industry standard - complements the Universal Character Set with further information about the characters' properties and alternative character encodings. More information on Unicode can be found on the <a href="http://www.unicode.org/">Unicode Consortium's website</a>. One of the Unicode encodings is the <a href="http://en.wikipedia.org/wiki/UTF-8">8-bit Unicode Transformation Format (UTF-8)</a>. It encodes characters with up to four bytes aiming for maximum compatibility with the <a href="http://en.wikipedia.org/wiki/ASCII">American Standard Code for Information Interchange</a> which is a 7-bit encoding of a relatively small subset of the UCS.</p>
 
 <h4>phpBB's use of Unicode</h4>
 <p>Unfortunately PHP does not faciliate the use of Unicode prior to version 6. Most functions simply treat strings as sequences of bytes assuming that each character takes up exactly one byte. This behaviour still allows for storing UTF-8 encoded text in PHP strings but many operations on strings have unexpected results. To circumvent this problem we have created some alternative functions to PHP's native string operations which use code points instead of bytes. These functions can be found in <code>/includes/utf/utf_tools.php</code>. They are also covered in the <a href="http://area51.phpbb.com/docs/code/">phpBB3 Sourcecode Documentation</a>. A lot of native PHP functions still work with UTF-8 as long as you stick to certain restrictions. For example <code>explode</code> still works as long as the first and the last character of the delimiter string are ASCII characters.</p>
diff --git a/phpBB/download/file.php b/phpBB/download/file.php
index 9940bf9aa5..1d325a500e 100644
--- a/phpBB/download/file.php
+++ b/phpBB/download/file.php
@@ -18,6 +18,12 @@ $phpEx = substr(strrchr(__FILE__, '.'), 1);
 if (isset($_GET['avatar']))
 {
 	require($phpbb_root_path . 'config.' . $phpEx);
+
+	if (!defined('PHPBB_INSTALLED') || empty($dbms) || empty($acm_type))
+	{
+		exit;
+	}
+
 	require($phpbb_root_path . 'includes/acm/acm_' . $acm_type . '.' . $phpEx);
 	require($phpbb_root_path . 'includes/cache.' . $phpEx);
 	require($phpbb_root_path . 'includes/db/' . $dbms . '.' . $phpEx);
diff --git a/phpBB/download/index.htm b/phpBB/download/index.htm
old mode 100755
new mode 100644
diff --git a/phpBB/images/avatars/upload/.htaccess b/phpBB/images/avatars/upload/.htaccess
old mode 100755
new mode 100644
diff --git a/phpBB/includes/acp/acp_attachments.php b/phpBB/includes/acp/acp_attachments.php
index c60f453238..4e8a8ef719 100644
--- a/phpBB/includes/acp/acp_attachments.php
+++ b/phpBB/includes/acp/acp_attachments.php
@@ -117,7 +117,9 @@ class acp_attachments
 						'max_attachments_pm'	=> array('lang' => 'MAX_ATTACHMENTS_PM',	'validate' => 'int',	'type' => 'text:3:3', 'explain' => false),
 						'secure_downloads'		=> array('lang' => 'SECURE_DOWNLOADS',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'secure_allow_deny'		=> array('lang' => 'SECURE_ALLOW_DENY',		'validate' => 'int',	'type' => 'custom', 'method' => 'select_allow_deny', 'explain' => true),
-						'secure_allow_empty_referer' => array('lang' => 'SECURE_EMPTY_REFERRER', 'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
+						'secure_allow_empty_referer'	=> array('lang' => 'SECURE_EMPTY_REFERRER', 'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
+						'check_attachment_content' 		=> array('lang' => 'CHECK_CONTENT', 'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
+
 
 						'legend2'					=> $l_legend_cat_images,
 						'img_display_inlined'		=> array('lang' => 'DISPLAY_INLINED',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
@@ -156,7 +158,7 @@ class acp_attachments
 					if (in_array($config_name, array('attachment_quota', 'max_filesize', 'max_filesize_pm')))
 					{
 						$size_var = request_var($config_name, '');
-						$this->new_config[$config_name] = $config_value = ($size_var == 'kb') ? ($config_value << 10) : (($size_var == 'mb') ? ($config_value << 20) : $config_value);
+						$this->new_config[$config_name] = $config_value = ($size_var == 'kb') ? round($config_value * 1024) : (($size_var == 'mb') ? round($config_value * 1048576) : $config_value);
 					}
 
 					if ($submit)
@@ -277,13 +279,19 @@ class acp_attachments
 					{
 						$l_explain = (isset($user->lang[$vars['lang'] . '_EXPLAIN'])) ? $user->lang[$vars['lang'] . '_EXPLAIN'] : '';
 					}
+					
+					$content = build_cfg_template($type, $config_key, $this->new_config, $config_key, $vars);
+					if (empty($content))
+					{
+						continue;
+					}
 
 					$template->assign_block_vars('options', array(
 						'KEY'			=> $config_key,
 						'TITLE'			=> $user->lang[$vars['lang']],
 						'S_EXPLAIN'		=> $vars['explain'],
 						'TITLE_EXPLAIN'	=> $l_explain,
-						'CONTENT'		=> build_cfg_template($type, $config_key, $this->new_config, $config_key, $vars),
+						'CONTENT'		=> $content,
 						)
 					);
 
@@ -504,7 +512,7 @@ class acp_attachments
 						$allowed_forums	= request_var('allowed_forums', array(0));
 						$allow_in_pm	= (isset($_POST['allow_in_pm'])) ? true : false;
 						$max_filesize	= request_var('max_filesize', 0);
-						$max_filesize	= ($size_select == 'kb') ? ($max_filesize << 10) : (($size_select == 'mb') ? ($max_filesize << 20) : $max_filesize);
+						$max_filesize	= ($size_select == 'kb') ? round($max_filesize * 1024) : (($size_select == 'mb') ? round($max_filesize * 1048576) : $max_filesize);
 						$allow_group	= (isset($_POST['allow_group'])) ? true : false;
 
 						if ($max_filesize == $config['max_filesize'])
diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php
index 1b7ae383cc..a7abae286a 100644
--- a/phpBB/includes/acp/acp_board.php
+++ b/phpBB/includes/acp/acp_board.php
@@ -164,21 +164,21 @@ class acp_board
 
 						'legend2'				=> 'POSTING',
 						'bump_type'				=> false,
-						'edit_time'				=> array('lang' => 'EDIT_TIME',				'validate' => 'int:0',	'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['MINUTES']),
-						'display_last_edited'	=> array('lang' => 'DISPLAY_LAST_EDITED',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
-						'flood_interval'		=> array('lang' => 'FLOOD_INTERVAL',		'validate' => 'int:0',	'type' => 'text:3:10', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
-						'bump_interval'			=> array('lang' => 'BUMP_INTERVAL',			'validate' => 'int:0',	'type' => 'custom', 'method' => 'bump_interval', 'explain' => true),
-						'topics_per_page'		=> array('lang' => 'TOPICS_PER_PAGE',		'validate' => 'int:1',	'type' => 'text:3:4', 'explain' => false),
-						'posts_per_page'		=> array('lang' => 'POSTS_PER_PAGE',		'validate' => 'int:1',	'type' => 'text:3:4', 'explain' => false),
-						'hot_threshold'			=> array('lang' => 'HOT_THRESHOLD',			'validate' => 'int:0',	'type' => 'text:3:4', 'explain' => true),
-						'max_poll_options'		=> array('lang' => 'MAX_POLL_OPTIONS',		'validate' => 'int:0',	'type' => 'text:4:4', 'explain' => false),
-						'max_post_chars'		=> array('lang' => 'CHAR_LIMIT',			'validate' => 'int:0',	'type' => 'text:4:6', 'explain' => true),
-						'max_post_smilies'		=> array('lang' => 'SMILIES_LIMIT',			'validate' => 'int:0',	'type' => 'text:4:4', 'explain' => true),
-						'max_post_urls'			=> array('lang' => 'MAX_POST_URLS',			'validate' => 'int:0',	'type' => 'text:5:4', 'explain' => true),
-						'max_post_font_size'	=> array('lang' => 'MAX_POST_FONT_SIZE',	'validate' => 'int:0',	'type' => 'text:5:4', 'explain' => true, 'append' => ' %'),
-						'max_quote_depth'		=> array('lang' => 'QUOTE_DEPTH_LIMIT',		'validate' => 'int:0',	'type' => 'text:4:4', 'explain' => true),
-						'max_post_img_width'	=> array('lang' => 'MAX_POST_IMG_WIDTH',	'validate' => 'int:0',	'type' => 'text:5:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
-						'max_post_img_height'	=> array('lang' => 'MAX_POST_IMG_HEIGHT',	'validate' => 'int:0',	'type' => 'text:5:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
+						'edit_time'				=> array('lang' => 'EDIT_TIME',				'validate' => 'int:0',		'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['MINUTES']),
+						'display_last_edited'	=> array('lang' => 'DISPLAY_LAST_EDITED',	'validate' => 'bool',		'type' => 'radio:yes_no', 'explain' => true),
+						'flood_interval'		=> array('lang' => 'FLOOD_INTERVAL',		'validate' => 'int:0',		'type' => 'text:3:10', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
+						'bump_interval'			=> array('lang' => 'BUMP_INTERVAL',			'validate' => 'int:0',		'type' => 'custom', 'method' => 'bump_interval', 'explain' => true),
+						'topics_per_page'		=> array('lang' => 'TOPICS_PER_PAGE',		'validate' => 'int:1',		'type' => 'text:3:4', 'explain' => false),
+						'posts_per_page'		=> array('lang' => 'POSTS_PER_PAGE',		'validate' => 'int:1',		'type' => 'text:3:4', 'explain' => false),
+						'hot_threshold'			=> array('lang' => 'HOT_THRESHOLD',			'validate' => 'int:0',		'type' => 'text:3:4', 'explain' => true),
+						'max_poll_options'		=> array('lang' => 'MAX_POLL_OPTIONS',		'validate' => 'int:2:127',	'type' => 'text:4:4', 'explain' => false),
+						'max_post_chars'		=> array('lang' => 'CHAR_LIMIT',			'validate' => 'int:0',		'type' => 'text:4:6', 'explain' => true),
+						'max_post_smilies'		=> array('lang' => 'SMILIES_LIMIT',			'validate' => 'int:0',		'type' => 'text:4:4', 'explain' => true),
+						'max_post_urls'			=> array('lang' => 'MAX_POST_URLS',			'validate' => 'int:0',		'type' => 'text:5:4', 'explain' => true),
+						'max_post_font_size'	=> array('lang' => 'MAX_POST_FONT_SIZE',	'validate' => 'int:0',		'type' => 'text:5:4', 'explain' => true, 'append' => ' %'),
+						'max_quote_depth'		=> array('lang' => 'QUOTE_DEPTH_LIMIT',		'validate' => 'int:0',		'type' => 'text:4:4', 'explain' => true),
+						'max_post_img_width'	=> array('lang' => 'MAX_POST_IMG_WIDTH',	'validate' => 'int:0',		'type' => 'text:5:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
+						'max_post_img_height'	=> array('lang' => 'MAX_POST_IMG_HEIGHT',	'validate' => 'int:0',		'type' => 'text:5:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
 					)
 				);
 			break;
@@ -323,6 +323,7 @@ class acp_board
 						'ip_check'				=> array('lang' => 'IP_VALID',				'validate' => 'int',	'type' => 'custom', 'method' => 'select_ip_check', 'explain' => true),
 						'browser_check'			=> array('lang' => 'BROWSER_VALID',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'forwarded_for_check'	=> array('lang' => 'FORWARDED_FOR_VALID',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
+						'referer_validation'	=> array('lang' => 'REFERER_VALID',		'validate' => 'int:0:3','type' => 'custom', 'method' => 'select_ref_check', 'explain' => true),
 						'check_dnsbl'			=> array('lang' => 'CHECK_DNSBL',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'email_check_mx'		=> array('lang' => 'EMAIL_CHECK_MX',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'pass_complex'			=> array('lang' => 'PASSWORD_TYPE',			'validate' => 'string',	'type' => 'select', 'method' => 'select_password_chars', 'explain' => true),
@@ -569,7 +570,7 @@ class acp_board
 				'TITLE'			=> (isset($user->lang[$vars['lang']])) ? $user->lang[$vars['lang']] : $vars['lang'],
 				'S_EXPLAIN'		=> $vars['explain'],
 				'TITLE_EXPLAIN'	=> $l_explain,
-				'CONTENT'		=> build_cfg_template($type, $config_key, $this->new_config, $config_key, $vars),
+				'CONTENT'		=> $content,
 				)
 			);
 
@@ -676,7 +677,17 @@ class acp_board
 
 		return h_radio('config[ip_check]', $radio_ary, $value, $key);
 	}
+	
+	/**
+	* Select referer validation
+	*/
+	function select_ref_check($value, $key = '')
+	{
+		$radio_ary = array(REFERER_VALIDATE_PATH => 'REF_PATH', REFERER_VALIDATE_HOST => 'REF_HOST', REFERER_VALIDATE_NONE => 'NO_REF_VALIDATION');
 
+		return h_radio('config[referer_validation]', $radio_ary, $value, $key);
+	}
+	
 	/**
 	* Select account activation method
 	*/
diff --git a/phpBB/includes/acp/acp_captcha.php b/phpBB/includes/acp/acp_captcha.php
index 0d653c22d1..18523506a4 100644
--- a/phpBB/includes/acp/acp_captcha.php
+++ b/phpBB/includes/acp/acp_captcha.php
@@ -29,7 +29,7 @@ class acp_captcha
 
 		$user->add_lang('acp/board');
 
-		
+
 		$captcha_vars = array(
 			'captcha_gd_x_grid'				=> 'CAPTCHA_GD_X_GRID',
 			'captcha_gd_y_grid'				=> 'CAPTCHA_GD_Y_GRID',
@@ -54,7 +54,7 @@ class acp_captcha
 			}
 			$captcha = new captcha();
 			$captcha->execute(gen_rand_string(mt_rand(5, 8)), time());
-			exit_handler();
+			exit;
 		}
 
 		$config_vars = array(
@@ -90,7 +90,7 @@ class acp_captcha
 		}
 		else
 		{
-			
+
 			$preview_image_src = append_sid(append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&amp;demo=demo"));
 			if (@extension_loaded('gd'))
 			{
@@ -110,7 +110,7 @@ class acp_captcha
 				'CAPTCHA_PREVIEW'	=> $preview_image_src,
 				'PREVIEW'			=> isset($_POST['preview']),
 			));
-			
+
 		}
 	}
 }
diff --git a/phpBB/includes/acp/acp_database.php b/phpBB/includes/acp/acp_database.php
index 1600aa266d..5b479a08eb 100644
--- a/phpBB/includes/acp/acp_database.php
+++ b/phpBB/includes/acp/acp_database.php
@@ -25,7 +25,7 @@ class acp_database
 
 	function main($id, $mode)
 	{
-		global $db, $user, $auth, $template, $table_prefix;
+		global $cache, $db, $user, $auth, $template, $table_prefix;
 		global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx;
 		
 		$user->add_lang('acp/database');
@@ -159,18 +159,20 @@ class acp_database
 
 						$extractor->write_end();
 
+						add_log('admin', 'LOG_DB_BACKUP');
+
 						if ($download == true)
 						{
 							exit;
 						}
 
-						add_log('admin', 'LOG_DB_BACKUP');
 						trigger_error($user->lang['BACKUP_SUCCESS'] . adm_back_link($this->u_action));
 					break;
 
 					default:
 						include($phpbb_root_path . 'includes/functions_install.' . $phpEx);
 						$tables = get_tables($db);
+						asort($tables);
 						foreach ($tables as $table_name)
 						{
 							if (strlen($table_prefix) === 0 || stripos($table_name, $table_prefix) === 0)
@@ -345,7 +347,25 @@ class acp_database
 									while (($sql = $fgetd($fp, $delim, $read, $seek, $eof)) !== false)
 									{
 										$query = trim($sql);
-										$db->sql_query($query);
+
+										if (substr($query, 0, 13) == 'CREATE DOMAIN')
+										{
+											list(, , $domain) = explode(' ', $query);
+											$sql = "SELECT domain_name
+												FROM information_schema.domains
+												WHERE domain_name = '$domain';";
+											$result = $db->sql_query($sql);
+											if (!$db->sql_fetchrow($result))
+											{
+												$db->sql_query($query);
+											}
+											$db->sql_freeresult($result);
+										}
+										else
+										{
+											$db->sql_query($query);
+										}
+
 										if (substr($query, 0, 4) == 'COPY')
 										{
 											while (($sub = $fgetd($fp, "\n", $read, $seek, $eof)) !== '\.')
@@ -380,6 +400,9 @@ class acp_database
 
 							$close($fp);
 
+							// Purge the cache due to updated data
+							$cache->purge();
+
 							add_log('admin', 'LOG_DB_RESTORE');
 							trigger_error($user->lang['RESTORE_SUCCESS'] . adm_back_link($this->u_action));
 							break;
@@ -1087,7 +1110,7 @@ class postgres_extractor extends base_extractor
 		}
 
 		$sql_data = '-- Table: ' . $table_name . "\n";
-		//$sql_data .= "DROP TABLE $table_name;\n";
+		$sql_data .= "DROP TABLE $table_name;\n";
 		// PGSQL does not "tightly" bind sequences and tables, we must guess...
 		$sql = "SELECT relname
 			FROM pg_class
@@ -1156,7 +1179,7 @@ class postgres_extractor extends base_extractor
 				$line .= ')';
 			}
 
-			if (!empty($row['rowdefault']))
+			if (isset($row['rowdefault']))
 			{
 				$line .= ' DEFAULT ' . $row['rowdefault'];
 			}
diff --git a/phpBB/includes/acp/acp_forums.php b/phpBB/includes/acp/acp_forums.php
index 99e53b8667..8c05cce5b1 100644
--- a/phpBB/includes/acp/acp_forums.php
+++ b/phpBB/includes/acp/acp_forums.php
@@ -56,7 +56,7 @@ class acp_forums
 				$total = request_var('total', 0);
 
 				$this->display_progress_bar($start, $total);
-				exit_handler();
+				exit;
 			break;
 
 			case 'delete':
@@ -74,7 +74,7 @@ class acp_forums
 				{
 					trigger_error($user->lang['NO_PERMISSION_FORUM_ADD'] . adm_back_link($this->u_action . '&amp;parent_id=' . $this->parent_id), E_USER_WARNING);
 				}
-			
+
 			break;
 		}
 
@@ -100,7 +100,7 @@ class acp_forums
 					$cache->destroy('sql', FORUMS_TABLE);
 
 					trigger_error($user->lang['FORUM_DELETED'] . adm_back_link($this->u_action . '&amp;parent_id=' . $this->parent_id));
-	
+
 				break;
 
 				case 'edit':
@@ -189,7 +189,7 @@ class acp_forums
 								$sql = 'DELETE FROM ' . ACL_USERS_TABLE . '
 									WHERE forum_id = ' . (int) $forum_data['forum_id'];
 								$db->sql_query($sql);
-	
+
 								$sql = 'DELETE FROM ' . ACL_GROUPS_TABLE . '
 									WHERE forum_id = ' . (int) $forum_data['forum_id'];
 								$db->sql_query($sql);
@@ -245,7 +245,7 @@ class acp_forums
 
 						$auth->acl_clear_prefetch();
 						$cache->destroy('sql', FORUMS_TABLE);
-	
+
 						$acl_url = '&amp;mode=setting_forum_local&amp;forum_id[]=' . $forum_data['forum_id'];
 
 						$message = ($action == 'add') ? $user->lang['FORUM_CREATED'] : $user->lang['FORUM_UPDATED'];
@@ -543,7 +543,7 @@ class acp_forums
 
 				$forum_type_options = '';
 				$forum_type_ary = array(FORUM_CAT => 'CAT', FORUM_POST => 'FORUM', FORUM_LINK => 'LINK');
-		
+
 				foreach ($forum_type_ary as $value => $lang)
 				{
 					$forum_type_options .= '<option value="' . $value . '"' . (($value == $forum_data['forum_type']) ? ' selected="selected"' : '') . '>' . $user->lang['TYPE_' . $lang] . '</option>';
@@ -613,7 +613,7 @@ class acp_forums
 						}
 					}
 				}
-				
+
 				if (strlen($forum_data['forum_password']) == 32)
 				{
 					$errors[] = $user->lang['FORUM_PASSWORD_OLD'];
@@ -918,7 +918,7 @@ class acp_forums
 			$forum_data['prune_days'] = $forum_data['prune_viewed'] = $forum_data['prune_freq'] = 0;
 			$errors[] = $user->lang['FORUM_DATA_NEGATIVE'];
 		}
-		
+
 		$range_test_ary = array(
 			array('lang' => 'FORUM_TOPICS_PAGE', 'value' => $forum_data['forum_topics_per_page'], 'column_type' => 'TINT:0'),
 		);
@@ -974,7 +974,7 @@ class acp_forums
 			$forum_data_sql['forum_password'] = phpbb_hash($forum_data_sql['forum_password']);
 		}
 		unset($forum_data_sql['forum_password_unset']);
-		
+
 		if (!isset($forum_data_sql['forum_id']))
 		{
 			// no forum_id means we're creating a new forum
@@ -1632,7 +1632,7 @@ class acp_forums
 			WHERE p.forum_id = $forum_id
 				AND a.in_message = 0
 				AND a.topic_id = p.topic_id";
-		$result = $db->sql_query($sql);	
+		$result = $db->sql_query($sql);
 
 		$topic_ids = array();
 		while ($row = $db->sql_fetchrow($result))
@@ -1690,7 +1690,7 @@ class acp_forums
 			break;
 
 			default:
-			
+
 				// Delete everything else and curse your DB for not offering multi-table deletion
 				$tables_ary = array(
 					'post_id'	=>	array(
diff --git a/phpBB/includes/acp/acp_groups.php b/phpBB/includes/acp/acp_groups.php
index eb785ced23..6d789fb5ff 100644
--- a/phpBB/includes/acp/acp_groups.php
+++ b/phpBB/includes/acp/acp_groups.php
@@ -87,24 +87,32 @@ class acp_groups
 
 				// Approve, demote or promote
 				$group_name = ($group_row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $group_row['group_name']] : $group_row['group_name'];
-				group_user_attributes($action, $group_id, $mark_ary, false, $group_name);
-
-				switch ($action)
+				$error = group_user_attributes($action, $group_id, $mark_ary, false, $group_name);
+				
+				if (!$error)
 				{
-					case 'demote':
-						$message = 'GROUP_MODS_DEMOTED';
-					break;
+					switch ($action)
+					{
+						case 'demote':
+							$message = 'GROUP_MODS_DEMOTED';
+						break;
 
-					case 'promote':
-						$message = 'GROUP_MODS_PROMOTED';
-					break;
+						case 'promote':
+							$message = 'GROUP_MODS_PROMOTED';
+						break;
 
-					case 'approve':
-						$message = 'USERS_APPROVED';
-					break;
+						case 'approve':
+							$message = 'USERS_APPROVED';
+						break;
+					}
+
+					trigger_error($user->lang[$message] . adm_back_link($this->u_action . '&amp;action=list&amp;g=' . $group_id));
 				}
-
-				trigger_error($user->lang[$message] . adm_back_link($this->u_action . '&amp;action=list&amp;g=' . $group_id));
+				else
+				{
+					trigger_error($user->lang[$error] . adm_back_link($this->u_action . '&amp;action=list&amp;g=' . $group_id), E_USER_WARNING);
+				}
+				
 			break;
 
 			case 'default':
diff --git a/phpBB/includes/acp/acp_icons.php b/phpBB/includes/acp/acp_icons.php
index f66f45cd36..00d99d2f9a 100644
--- a/phpBB/includes/acp/acp_icons.php
+++ b/phpBB/includes/acp/acp_icons.php
@@ -436,7 +436,7 @@ class acp_icons
 					default:
 						$suc_lang = $lang;
 				}
-				$errormsgs = '<br />';
+				$errormsgs = '';
 				foreach ($errors as $img => $error)
 				{
 					$errormsgs .= '<br />' . sprintf($user->lang[$error], $img);
@@ -447,7 +447,7 @@ class acp_icons
 				}
 				else
 				{
-					trigger_error($user->lang[$suc_lang . '_ADDED'] . $errormsgs .adm_back_link($this->u_action), $level);
+					trigger_error($user->lang[$suc_lang . '_ADDED'] . $errormsgs . adm_back_link($this->u_action), $level);
 				}
 
 			break;
diff --git a/phpBB/includes/acp/acp_inactive.php b/phpBB/includes/acp/acp_inactive.php
old mode 100755
new mode 100644
diff --git a/phpBB/includes/acp/acp_main.php b/phpBB/includes/acp/acp_main.php
index be337a20f3..7498ab2aef 100644
--- a/phpBB/includes/acp/acp_main.php
+++ b/phpBB/includes/acp/acp_main.php
@@ -61,6 +61,14 @@ class acp_main
 
 		if ($action)
 		{
+			if ($action === 'admlogout')
+			{
+				$user->unset_admin();
+				$redirect_url = append_sid("{$phpbb_root_path}index.$phpEx");
+				meta_refresh(3, $redirect_url);
+				trigger_error($user->lang['ADM_LOGGED_OUT'] . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . $redirect_url . '">', '</a>'));
+			}
+
 			if (!confirm_box(true))
 			{
 				switch ($action)
@@ -108,6 +116,7 @@ class acp_main
 			{
 				switch ($action)
 				{
+
 					case 'online':
 						if (!$auth->acl_get('a_board'))
 						{
diff --git a/phpBB/includes/acp/acp_permissions.php b/phpBB/includes/acp/acp_permissions.php
index a9e64b74ae..9240db271c 100644
--- a/phpBB/includes/acp/acp_permissions.php
+++ b/phpBB/includes/acp/acp_permissions.php
@@ -1156,7 +1156,7 @@ class acp_permissions
 		}
 
 		// Not ideal, due to the filesort, non-use of indexes, etc.
-		$sql = 'SELECT DISTINCT u.user_id, u.username
+		$sql = 'SELECT DISTINCT u.user_id, u.username, u.username_clean, u.user_regdate
 			FROM ' . USERS_TABLE . ' u, ' . ACL_USERS_TABLE . " a
 			WHERE u.user_id = a.user_id
 				$sql_forum_id
diff --git a/phpBB/includes/acp/acp_styles.php b/phpBB/includes/acp/acp_styles.php
index 88850d59b3..dd5255f755 100644
--- a/phpBB/includes/acp/acp_styles.php
+++ b/phpBB/includes/acp/acp_styles.php
@@ -695,6 +695,15 @@ parse_css_file = {PARSE_CSS_FILE}
 		{
 			trigger_error($user->lang['NO_TEMPLATE'] . adm_back_link($this->u_action), E_USER_WARNING);
 		}
+		
+		if ($save_changes && !check_form_key('acp_styles'))
+		{
+			trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+		}
+		else if (!$save_changes)
+		{
+			add_form_key('acp_styles');
+		}
 
 		// save changes to the template if the user submitted any
 		if ($save_changes && $template_file)
diff --git a/phpBB/includes/acp/info/acp_inactive.php b/phpBB/includes/acp/info/acp_inactive.php
old mode 100755
new mode 100644
diff --git a/phpBB/includes/auth.php b/phpBB/includes/auth.php
index 8dd15fea64..d0b38b67a3 100644
--- a/phpBB/includes/auth.php
+++ b/phpBB/includes/auth.php
@@ -800,7 +800,7 @@ class auth
 			{
 				$this->_set_group_hold_ary($hold_ary[$row['forum_id']], $row['auth_option_id'], $row['auth_setting']);
 			}
-			else
+			else if (!empty($this->role_cache[$row['auth_role_id']]))
 			{
 				foreach (unserialize($this->role_cache[$row['auth_role_id']]) as $option_id => $setting)
 				{
diff --git a/phpBB/includes/auth/auth_apache.php b/phpBB/includes/auth/auth_apache.php
index 4581a1bbdb..80ac81ed46 100644
--- a/phpBB/includes/auth/auth_apache.php
+++ b/phpBB/includes/auth/auth_apache.php
@@ -148,8 +148,8 @@ function autologin_apache()
 
 	if (!empty($php_auth_user) && !empty($php_auth_pw))
 	{
-		set_var($php_auth_user, $php_auth_user, 'string');
-		set_var($php_auth_pw, $php_auth_pw, 'string');
+		set_var($php_auth_user, $php_auth_user, 'string', true);
+		set_var($php_auth_pw, $php_auth_pw, 'string', true);
 
 		$sql = 'SELECT *
 			FROM ' . USERS_TABLE . "
@@ -233,7 +233,7 @@ function validate_session_apache(&$user)
 	}
 
 	$php_auth_user = '';
-	set_var($php_auth_user, $_SERVER['PHP_AUTH_USER'], 'string');
+	set_var($php_auth_user, $_SERVER['PHP_AUTH_USER'], 'string', true);
 
 	return ($php_auth_user === $user['username']) ? true : false;
 }
diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php
index eb4eb77f22..7c681a4040 100644
--- a/phpBB/includes/constants.php
+++ b/phpBB/includes/constants.php
@@ -171,6 +171,11 @@ define('FIELD_BOOL', 4);
 define('FIELD_DROPDOWN', 5);
 define('FIELD_DATE', 6);
 
+// referer validation
+define('REFERER_VALIDATE_NONE', 0);
+define('REFERER_VALIDATE_HOST', 1);
+define('REFERER_VALIDATE_PATH', 2);
+
 
 // Additional constants
 define('VOTE_CONVERTED', 127);
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index 1baa7abd9a..40eb3fa823 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -255,7 +255,7 @@ function still_on_time($extra_time = 15)
 
 /**
 *
-* @version Version 0.1 / $Id$
+* @version Version 0.1 / slightly modified for phpBB 3.0.x (using $H$ as hash type identifier)
 *
 * Portable PHP password hashing framework.
 *
@@ -1778,7 +1778,7 @@ function generate_board_url($without_script_path = false)
 
 	if ($server_port && (($config['cookie_secure'] && $server_port <> 443) || (!$config['cookie_secure'] && $server_port <> 80)))
 	{
-		// HTTP HOST can carry a port number...
+		// HTTP HOST can carry a port number (we fetch $user->host, but for old versions this may be true)
 		if (strpos($server_name, ':') === false)
 		{
 			$url .= ':' . $server_port;
@@ -1801,6 +1801,7 @@ function generate_board_url($without_script_path = false)
 
 /**
 * Redirects the user to another page then exits the script nicely
+* This function is intended for urls within the board. It's not meant to redirect to cross-domains.
 */
 function redirect($url, $return = false)
 {
@@ -1829,7 +1830,11 @@ function redirect($url, $return = false)
 	}
 	else if (!empty($url_parts['scheme']) && !empty($url_parts['host']))
 	{
-		// Full URL
+		// Attention: only able to redirect within the same domain (yourdomain.com -> www.yourdomain.com will not work)
+		if ($url_parts['host'] !== $user->host)
+		{
+			$url = generate_board_url();
+		}
 	}
 	else if ($url[0] == '/')
 	{
@@ -2045,11 +2050,14 @@ function meta_refresh($time, $url)
 	global $template;
 
 	$url = redirect($url, true);
+	$url = str_replace('&', '&amp;', $url);
 
 	// For XHTML compatibility we change back & to &amp;
 	$template->assign_vars(array(
-		'META' => '<meta http-equiv="refresh" content="' . $time . ';url=' . str_replace('&', '&amp;', $url) . '" />')
+		'META' => '<meta http-equiv="refresh" content="' . $time . ';url=' . $url . '" />')
 	);
+
+	return $url;
 }
 
 //Form validation
@@ -2331,7 +2339,7 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
 				return;
 			}
 
-			meta_refresh(3, $redirect);
+			$redirect = meta_refresh(3, $redirect);
 			trigger_error($message . '<br /><br />' . sprintf($l_redirect, '<a href="' . $redirect . '">', '</a>'));
 		}
 
@@ -2771,7 +2779,7 @@ function get_preg_expression($mode)
 	switch ($mode)
 	{
 		case 'email':
-			return '(?:[a-z0-9\'\.\-_\+\|]|&amp;)+@[a-z0-9\-]+\.(?:[a-z0-9\-]+\.)*[a-z]+';
+			return '(?:[a-z0-9\'\.\-_\+\|]++|&amp;)+@[a-z0-9\-]+\.(?:[a-z0-9\-]+\.)*[a-z]+';
 		break;
 
 		case 'bbcode_htm':
@@ -2941,9 +2949,15 @@ function msg_handler($errno, $msg_text, $errfile, $errline)
 			if (strpos($errfile, 'cache') === false && strpos($errfile, 'template.') === false)
 			{
 				// flush the content, else we get a white page if output buffering is on
+				if ((int) @ini_get('output_buffering') === 1 || strtolower(@ini_get('output_buffering')) === 'on')
+				{
+					@ob_flush();
+				}
+
+				// Another quick fix for those having gzip compression enabled, but do not flush if the coder wants to catch "something". ;)
 				if ($config['gzip_compress'])
 				{
-					if (@extension_loaded('zlib') && !headers_sent())
+					if (@extension_loaded('zlib') && !headers_sent() && !ob_get_level())
 					{
 						@ob_flush();
 					}
@@ -3106,16 +3120,16 @@ function msg_handler($errno, $msg_text, $errfile, $errline)
 function obtain_guest_count($forum_id = 0)
 {
 	global $db, $config;
-	
+
 	if ($forum_id)
 	{
 		$reading_sql = ' AND s.session_forum_id = ' . (int) $forum_id;
-	} 
+	}
 	else
 	{
 		$reading_sql = '';
 	}
-	$time = (time() - (intval($config['load_online_time']) * 60)); 
+	$time = (time() - (intval($config['load_online_time']) * 60));
 
 	// Get number of online guests
 
@@ -3141,7 +3155,7 @@ function obtain_guest_count($forum_id = 0)
 	$result = $db->sql_query($sql, 60);
 	$guests_online = (int) $db->sql_fetchfield('num_guests');
 	$db->sql_freeresult($result);
-	
+
 	return $guests_online;
 }
 
@@ -3173,16 +3187,16 @@ function obtain_users_online($forum_id = 0)
 	{
 		$online_users['guests_online'] = obtain_guest_count($forum_id);
 	}
-	
+
 	// a little discrete magic to cache this for 30 seconds
-	$time = (time() - (intval($config['load_online_time']) * 60)); 
+	$time = (time() - (intval($config['load_online_time']) * 60));
 
 	$sql = 'SELECT s.session_user_id, s.session_ip, s.session_viewonline
 		FROM ' . SESSIONS_TABLE . ' s
 		WHERE s.session_time >= ' . ($time - ((int) ($time % 30))) .
 			$reading_sql .
 		' AND s.session_user_id <> ' . ANONYMOUS;
-	$result = $db->sql_query($sql, 30); 
+	$result = $db->sql_query($sql);
 
 	while ($row = $db->sql_fetchrow($result))
 	{
@@ -3203,7 +3217,7 @@ function obtain_users_online($forum_id = 0)
 	}
 	$online_users['total_online'] = $online_users['guests_online'] + $online_users['visible_online'] + $online_users['hidden_online'];
 	$db->sql_freeresult($result);
-	
+
 	return $online_users;
 }
 
@@ -3652,7 +3666,7 @@ function garbage_collection()
 */
 function exit_handler()
 {
-	global $phpbb_hook;
+	global $phpbb_hook, $config;
 
 	if (!empty($phpbb_hook) && $phpbb_hook->call_hook(__FUNCTION__))
 	{
@@ -3663,7 +3677,7 @@ function exit_handler()
 	}
 
 	// As a pre-caution... some setups display a blank page if the flush() is not there.
-	@flush();
+	(!$config['gzip_compress']) ? @flush() : @ob_flush();
 
 	exit;
 }
diff --git a/phpBB/includes/functions_admin.php b/phpBB/includes/functions_admin.php
index afaf165d66..028456c246 100644
--- a/phpBB/includes/functions_admin.php
+++ b/phpBB/includes/functions_admin.php
@@ -1545,7 +1545,8 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 					$sql = 'SELECT SUM(t.topic_replies + 1) AS forum_posts
 						FROM ' . TOPICS_TABLE . ' t
 						WHERE ' . $db->sql_in_set('t.forum_id', $forum_ids) . '
-							AND t.topic_approved = 1';
+							AND t.topic_approved = 1
+							AND t.topic_status <> ' . ITEM_MOVED;
 				}
 				else
 				{
@@ -1553,6 +1554,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 						FROM ' . TOPICS_TABLE . ' t
 						WHERE ' . $db->sql_in_set('t.forum_id', $forum_ids) . '
 							AND t.topic_approved = 1
+							AND t.topic_status <> ' . ITEM_MOVED . '
 						GROUP BY t.forum_id';
 				}
 
diff --git a/phpBB/includes/functions_compress.php b/phpBB/includes/functions_compress.php
index 36b7d575d9..021079deef 100644
--- a/phpBB/includes/functions_compress.php
+++ b/phpBB/includes/functions_compress.php
@@ -179,7 +179,7 @@ class compress_zip extends compress
 	* Extract archive
 	*/
 	function extract($dst)
-	{		
+	{
 		// Loop the file, looking for files and folders
 		$dd_try = false;
 		rewind($this->fp);
@@ -215,6 +215,12 @@ class compress_zip extends compress
 							// Create and folders and subfolders if they do not exist
 							foreach ($folders as $folder)
 							{
+								$folder = trim($folder);
+								if (!$folder)
+								{
+									continue;
+								}
+
 								$str = (!empty($str)) ? $str . '/' . $folder : $folder;
 								if (!is_dir($str))
 								{
@@ -231,13 +237,19 @@ class compress_zip extends compress
 					}
 					else
 					{
-						// Some archivers are punks, they don't don't include folders in their archives!
+						// Some archivers are punks, they don't include folders in their archives!
 						$str = '';
 						$folders = explode('/', pathinfo($target_filename, PATHINFO_DIRNAME));
 
 						// Create and folders and subfolders if they do not exist
 						foreach ($folders as $folder)
 						{
+							$folder = trim($folder);
+							if (!$folder)
+							{
+								continue;
+							}
+
 							$str = (!empty($str)) ? $str . '/' . $folder : $folder;
 							if (!is_dir($str))
 							{
@@ -267,7 +279,7 @@ class compress_zip extends compress
 							// Not compressed
 							fwrite($fp, $content);
 						break;
-					
+
 						case 8:
 							// Deflate
 							fwrite($fp, gzinflate($content, $data['uc_size']));
@@ -278,7 +290,7 @@ class compress_zip extends compress
 							fwrite($fp, bzdecompress($content));
 						break;
 					}
-					
+
 					fclose($fp);
 				break;
 
@@ -288,11 +300,11 @@ class compress_zip extends compress
 				// This case should simply never happen.. but it does exist..
 				case "\x50\x4b\x05\x06":
 				break 2;
-				
+
 				// 'Packed to Removable Disk', ignore it and look for the next signature...
 				case 'PK00':
 				continue 2;
-				
+
 				// We have encountered a header that is weird. Lets look for better data...
 				default:
 					if (!$dd_try)
@@ -507,16 +519,24 @@ class compress_tar extends compress
 				$tmp = unpack('A12size', substr($buffer, 124, 12));
 				$filesize = octdec((int) trim($tmp['size']));
 
+				$target_filename = "$dst$filename";
+
 				if ($filetype == 5)
 				{
-					if (!is_dir("$dst$filename"))
+					if (!is_dir($target_filename))
 					{
 						$str = '';
-						$folders = explode('/', "$dst$filename");
+						$folders = explode('/', $target_filename);
 
 						// Create and folders and subfolders if they do not exist
 						foreach ($folders as $folder)
 						{
+							$folder = trim($folder);
+							if (!$folder)
+							{
+								continue;
+							}
+
 							$str = (!empty($str)) ? $str . '/' . $folder : $folder;
 							if (!is_dir($str))
 							{
@@ -529,17 +549,41 @@ class compress_tar extends compress
 						}
 					}
 				}
-				else if ($filesize != 0 && ($filetype == 0 || $filetype == "\0"))
+				else if ($filesize >= 0 && ($filetype == 0 || $filetype == "\0"))
 				{
+					// Some archivers are punks, they don't properly order the folders in their archives!
+					$str = '';
+					$folders = explode('/', pathinfo($target_filename, PATHINFO_DIRNAME));
+
+					// Create and folders and subfolders if they do not exist
+					foreach ($folders as $folder)
+					{
+						$folder = trim($folder);
+						if (!$folder)
+						{
+							continue;
+						}
+
+						$str = (!empty($str)) ? $str . '/' . $folder : $folder;
+						if (!is_dir($str))
+						{
+							if (!@mkdir($str, 0777))
+							{
+								trigger_error("Could not create directory $folder");
+							}
+							@chmod($str, 0777);
+						}
+					}
+
 					// Write out the files
-					if (!($fp = fopen("$dst$filename", 'wb')))
+					if (!($fp = fopen($target_filename, 'wb')))
 					{
 						trigger_error("Couldn't create file $filename");
 					}
-					@chmod("$dst$filename", 0777);
+					@chmod($target_filename, 0777);
 
 					// Grab the file contents
-					fwrite($fp, $fzread($this->fp, ($filesize + 511) &~ 511), $filesize);
+					fwrite($fp, ($filesize) ? $fzread($this->fp, ($filesize + 511) &~ 511) : '', $filesize);
 					fclose($fp);
 				}
 			}
diff --git a/phpBB/includes/functions_content.php b/phpBB/includes/functions_content.php
index 9eab477a8a..97ec78abcc 100644
--- a/phpBB/includes/functions_content.php
+++ b/phpBB/includes/functions_content.php
@@ -438,6 +438,7 @@ function generate_text_for_storage(&$text, &$uid, &$bitfield, &$flags, $allow_bb
 	global $phpbb_root_path, $phpEx;
 
 	$uid = $bitfield = '';
+	$flags = (($allow_bbcode) ? OPTION_FLAG_BBCODE : 0) + (($allow_smilies) ? OPTION_FLAG_SMILIES : 0) + (($allow_urls) ? OPTION_FLAG_LINKS : 0);
 
 	if (!$text)
 	{
@@ -461,7 +462,6 @@ function generate_text_for_storage(&$text, &$uid, &$bitfield, &$flags, $allow_bb
 		$uid = '';
 	}
 
-	$flags = (($allow_bbcode) ? OPTION_FLAG_BBCODE : 0) + (($allow_smilies) ? OPTION_FLAG_SMILIES : 0) + (($allow_urls) ? OPTION_FLAG_LINKS : 0);
 	$bitfield = $message_parser->bbcode_bitfield;
 
 	return;
@@ -568,13 +568,13 @@ function make_clickable_callback($type, $whitespace, $url, $relative_url, $class
 			$relative_url	= preg_replace('/[&?]sid=[0-9a-f]{32}$/', '', preg_replace('/([&?])sid=[0-9a-f]{32}&/', '$1', $relative_url));
 			$url			= $url . '/' . $relative_url;
 			$text			= $relative_url;
-			
+
 			// this url goes to http://domain.tld/path/to/board/ which
 			// would result in an empty link if treated as local so
 			// don't touch it and let MAGIC_URL_FULL take care of it.
 			if (!$relative_url)
 			{
-				return $orig_url . '/'; // slash is taken away by relative url pattern
+				return $whitespace . $orig_url . '/'; // slash is taken away by relative url pattern
 			}
 		break;
 
diff --git a/phpBB/includes/functions_install.php b/phpBB/includes/functions_install.php
index f43ef7c5c7..90459813f1 100644
--- a/phpBB/includes/functions_install.php
+++ b/phpBB/includes/functions_install.php
@@ -286,7 +286,7 @@ function connect_check_db($error_connect, &$error, $dbms_details, $table_prefix,
 	{
 		case 'mysql':
 		case 'mysqli':
-			if (strpos($table_prefix, '-') !== false || strpos($table_prefix, '.') !== false)
+			if (strspn($table_prefix, '-./\\') !== 0)
 			{
 				$error[] = $lang['INST_ERR_PREFIX_INVALID'];
 				return false;
diff --git a/phpBB/includes/functions_jabber.php b/phpBB/includes/functions_jabber.php
index 7633c10be9..6cae90d1c2 100644
--- a/phpBB/includes/functions_jabber.php
+++ b/phpBB/includes/functions_jabber.php
@@ -399,12 +399,13 @@ class jabber
 				$second_time = isset($this->session['id']);
 				$this->session['id'] = $xml['stream:stream'][0]['@']['id'];
 
+				/** Currently commented out due to problems with some jabber server - reason unknown
 				if ($second_time)
 				{
 					// If we are here for the second time after TLS, we need to continue logging in
 					$this->login();
 					return;
-				}
+				}*/
 
 				// go on with authentication?
 				if (isset($this->features['stream:features'][0]['#']['bind']) || !empty($this->session['tls']))
diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php
index 2f12732e8b..fe41bc448d 100644
--- a/phpBB/includes/functions_posting.php
+++ b/phpBB/includes/functions_posting.php
@@ -358,6 +358,11 @@ function upload_attachment($form_name, $forum_id, $local = false, $local_storage
 	include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx);
 	$upload = new fileupload();
 
+	if ($config['check_attachment_content'])
+	{
+		$upload->set_disallowed_content(explode('|', $config['mime_triggers']));
+	}
+	
 	if (!$local)
 	{
 		$filedata['post_attach'] = ($upload->is_valid($form_name)) ? true : false;
@@ -524,6 +529,8 @@ function get_supported_image_types($type = false)
 
 		if ($type !== false)
 		{
+			// Type is one of the IMAGETYPE constants - it is fetched from getimagesize()
+			// We do not use the constants here, because some were not available in PHP 4.3.x
 			switch ($type)
 			{
 				// GIF
@@ -545,8 +552,7 @@ function get_supported_image_types($type = false)
 					$new_type = ($format & IMG_PNG) ? IMG_PNG : false;
 				break;
 
-				// BMP, WBMP
-				case 6:
+				// WBMP
 				case 15:
 					$new_type = ($format & IMG_WBMP) ? IMG_WBMP : false;
 				break;
@@ -1856,6 +1862,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 				'topic_last_poster_id'		=> (int) $user->data['user_id'],
 				'topic_last_poster_name'	=> (!$user->data['is_registered'] && $username) ? $username : (($user->data['user_id'] != ANONYMOUS) ? $user->data['username'] : ''),
 				'topic_last_poster_colour'	=> $user->data['user_colour'],
+				'topic_last_post_subject'	=> (string) $subject,
 			);
 		}
 
diff --git a/phpBB/includes/functions_privmsgs.php b/phpBB/includes/functions_privmsgs.php
index bffa64158a..d01d89a7e3 100644
--- a/phpBB/includes/functions_privmsgs.php
+++ b/phpBB/includes/functions_privmsgs.php
@@ -208,6 +208,11 @@ function get_folder($user_id, $folder_id = false)
 		);
 	}
 
+	if ($folder_id !== false && !isset($folder[$folder_id]))
+	{
+		trigger_error('UNKNOWN_FOLDER');
+	}
+
 	return $folder;
 }
 
@@ -1803,4 +1808,25 @@ function message_history($msg_id, $user_id, $message_row, $folder, $in_post_mode
 	return true;
 }
 
+/**
+* Set correct users max messages in PM folder.
+* If several group memberships define different amount of messages, the highest will be chosen.
+*/
+function set_user_message_limit()
+{
+	global $user, $db, $config;
+
+	// Get maximum about from user memberships - if it is 0, there is no limit set and we use the maximum value within the config.
+	$sql = 'SELECT MAX(g.group_message_limit) as max_message_limit
+		FROM ' . GROUPS_TABLE . ' g, ' . USER_GROUP_TABLE . ' ug
+		WHERE ug.user_id = ' . $user->data['user_id'] . '
+			AND ug.user_pending = 0
+			AND ug.group_id = g.group_id';
+	$result = $db->sql_query($sql);
+	$message_limit = (int) $db->sql_fetchfield('max_message_limit');
+	$db->sql_freeresult($result);
+
+	$user->data['message_limit'] = (!$message_limit) ? $config['pm_max_msgs'] : $message_limit;
+}
+
 ?>
\ No newline at end of file
diff --git a/phpBB/includes/functions_upload.php b/phpBB/includes/functions_upload.php
index ca4f51c12f..a1374b8d54 100644
--- a/phpBB/includes/functions_upload.php
+++ b/phpBB/includes/functions_upload.php
@@ -228,6 +228,34 @@ class filespec
 	{
 		return @filesize($filename);
 	}
+	
+	
+	/**
+	* Check the first 256 bytes for forbidden content
+	*/
+	function check_content($disallowed_content)
+	{
+		if (empty($disallowed_content))
+		{
+			return true;
+		}
+		
+		$fp = @fopen($this->filename, 'rb');
+
+		if ($fp !== false)
+		{
+			$ie_mime_relevant = fread($fp, 256);
+			fclose($fp);
+			foreach ($disallowed_content as $forbidden)
+			{
+				if (stripos($ie_mime_relevant, '<' . $forbidden) !== false)
+				{
+					return false;
+				}
+			}
+		}
+		return true;
+	}
 
 	/**
 	* Move file to destination folder
@@ -257,7 +285,7 @@ class filespec
 			return false;
 		}
 
-		$upload_mode = (@ini_get('open_basedir') || @ini_get('safe_mode')) ? 'move' : 'copy';
+		$upload_mode = (@ini_get('open_basedir') || @ini_get('safe_mode') || strtolower(@ini_get('safe_mode')) == 'on') ? 'move' : 'copy';
 		$upload_mode = ($this->local) ? 'local' : $upload_mode;
 		$this->destination_file = $this->destination_path . '/' . basename($this->realname);
 
@@ -427,6 +455,7 @@ class fileerror extends filespec
 class fileupload
 {
 	var $allowed_extensions = array();
+	var $disallowed_content = array();
 	var $max_filesize = 0;
 	var $min_width = 0;
 	var $min_height = 0;
@@ -446,12 +475,13 @@ class fileupload
 	* @param int $max_height Maximum image height (only checked for images)
 	*
 	*/
-	function fileupload($error_prefix = '', $allowed_extensions = false, $max_filesize = false, $min_width = false, $min_height = false, $max_width = false, $max_height = false)
+	function fileupload($error_prefix = '', $allowed_extensions = false, $max_filesize = false, $min_width = false, $min_height = false, $max_width = false, $max_height = false, $disallowed_content = false)
 	{
 		$this->set_allowed_extensions($allowed_extensions);
 		$this->set_max_filesize($max_filesize);
 		$this->set_allowed_dimensions($min_width, $min_height, $max_width, $max_height);
 		$this->set_error_prefix($error_prefix);
+		$this->set_disallowed_content($disallowed_content);
 	}
 
 	/**
@@ -463,6 +493,7 @@ class fileupload
 		$this->min_width = $this->min_height = $this->max_width = $this->max_height = 0;
 		$this->error_prefix = '';
 		$this->allowed_extensions = array();
+		$this->disallowed_content = array();
 	}
 
 	/**
@@ -497,6 +528,17 @@ class fileupload
 			$this->max_filesize = (int) $max_filesize;
 		}
 	}
+	
+	/**
+	* Set disallowed strings
+	*/
+	function set_disallowed_content($disallowed_content)
+	{
+		if ($disallowed_content !== false && is_array($disallowed_content))
+		{
+			$this->disallowed_content = $disallowed_content;
+		}
+	}
 
 	/**
 	* Set error prefix
@@ -741,7 +783,7 @@ class fileupload
 			return $file;
 		}
 
-		$tmp_path = (!@ini_get('safe_mode')) ? false : $phpbb_root_path . 'cache';
+		$tmp_path = (!@ini_get('safe_mode') || strtolower(@ini_get('safe_mode')) == 'off') ? false : $phpbb_root_path . 'cache';
 		$filename = tempnam($tmp_path, unique_id() . '-');
 
 		if (!($fp = @fopen($filename, 'wb')))
@@ -830,6 +872,12 @@ class fileupload
 		{
 			$file->error[] = sprintf($user->lang[$this->error_prefix . 'DISALLOWED_EXTENSION'], $file->get('extension'));
 		}
+		
+		// MIME Sniffing
+		if (!$this->valid_content($file))
+		{
+			$file->error[] = sprintf($user->lang[$this->error_prefix . 'DISALLOWED_CONTENT']);
+		}
 	}
 
 	/**
@@ -869,6 +917,15 @@ class fileupload
 		return (isset($_FILES[$form_name]) && $_FILES[$form_name]['name'] != 'none') ? true : false;
 	}
 
+
+	/**
+	* Check for allowed extension
+	*/
+	function valid_content(&$file)
+	{
+		return ($file->check_content($this->disallowed_content));
+	}
+
 	/**
 	* Return image type/extension mapping
 	*/
diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php
index 1d1a24389c..daa571a790 100644
--- a/phpBB/includes/functions_user.php
+++ b/phpBB/includes/functions_user.php
@@ -183,7 +183,6 @@ function user_add($user_row, $cp_data = false)
 		'user_dateformat'	=> $config['default_dateformat'],
 		'user_lang'			=> $config['default_lang'],
 		'user_style'		=> (int) $config['default_style'],
-		'user_allow_pm'		=> 1,
 		'user_actkey'		=> '',
 		'user_ip'			=> '',
 		'user_regdate'		=> time(),
@@ -486,7 +485,7 @@ function user_delete($mode, $user_id, $post_username = false)
 		break;
 	}
 
-	$table_ary = array(USERS_TABLE, USER_GROUP_TABLE, TOPICS_WATCH_TABLE, FORUMS_WATCH_TABLE, ACL_USERS_TABLE, TOPICS_TRACK_TABLE, TOPICS_POSTED_TABLE, FORUMS_TRACK_TABLE, PROFILE_FIELDS_DATA_TABLE, MODERATOR_CACHE_TABLE);
+	$table_ary = array(USERS_TABLE, USER_GROUP_TABLE, TOPICS_WATCH_TABLE, FORUMS_WATCH_TABLE, ACL_USERS_TABLE, TOPICS_TRACK_TABLE, TOPICS_POSTED_TABLE, FORUMS_TRACK_TABLE, PROFILE_FIELDS_DATA_TABLE, MODERATOR_CACHE_TABLE, DRAFTS_TABLE, BOOKMARKS_TABLE);
 
 	foreach ($table_ary as $table)
 	{
@@ -1195,6 +1194,8 @@ function user_ipwhois($ip)
 */
 function validate_data($data, $val_ary)
 {
+	global $user;
+
 	$error = array();
 
 	foreach ($val_ary as $var => $val_seq)
@@ -1211,7 +1212,8 @@ function validate_data($data, $val_ary)
 
 			if ($result = call_user_func_array('validate_' . $function, $validate))
 			{
-				$error[] = $result . '_' . strtoupper($var);
+				// Since errors are checked later for their language file existence, we need to make sure custom errors are not adjusted.
+				$error[] = (empty($user->lang[$result . '_' . strtoupper($var)])) ? $result : $result . '_' . strtoupper($var);
 			}
 		}
 	}
@@ -1611,9 +1613,9 @@ function validate_email($email, $allowed_email = false)
 		}
 	}
 
-	if ($user->check_ban(false, false, $email, true) == true)
+	if (($ban_reason = $user->check_ban(false, false, $email, true)) !== false)
 	{
-		return 'EMAIL_BANNED';
+		return ($ban_reason === true) ? 'EMAIL_BANNED' : $ban_reason;
 	}
 
 	if (!$config['allow_emailreuse'])
@@ -1953,7 +1955,7 @@ function avatar_upload($data, &$error)
 
 	// Init upload class
 	include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx);
-	$upload = new fileupload('AVATAR_', array('jpg', 'jpeg', 'gif', 'png'), $config['avatar_filesize'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height']);
+	$upload = new fileupload('AVATAR_', array('jpg', 'jpeg', 'gif', 'png'), $config['avatar_filesize'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], explode('|', $config['mime_triggers']));
 
 	if (!empty($_FILES['uploadfile']['name']))
 	{
@@ -2909,7 +2911,7 @@ function group_user_attributes($action, $group_id, $user_id_ary = false, $userna
 
 	if (!sizeof($user_id_ary) || $result !== false)
 	{
-		return false;
+		return 'NO_USERS';
 	}
 
 	if (!$group_name)
@@ -2921,9 +2923,23 @@ function group_user_attributes($action, $group_id, $user_id_ary = false, $userna
 	{
 		case 'demote':
 		case 'promote':
+		
+			$sql = 'SELECT user_id FROM ' . USER_GROUP_TABLE . "
+				WHERE group_id = $group_id
+					AND user_pending = 1
+					AND " . $db->sql_in_set('user_id', $user_id_ary);
+			$result = $db->sql_query_limit($sql, 1);
+			$not_empty = ($db->sql_fetchrow($result));
+			$db->sql_freeresult($result);
+			if ($not_empty)
+			{
+				return 'NO_VALID_USERS';
+			}
+			
 			$sql = 'UPDATE ' . USER_GROUP_TABLE . '
 				SET group_leader = ' . (($action == 'promote') ? 1 : 0) . "
 				WHERE group_id = $group_id
+					AND user_pending = 0
 					AND " . $db->sql_in_set('user_id', $user_id_ary);
 			$db->sql_query($sql);
 
@@ -3017,7 +3033,7 @@ function group_user_attributes($action, $group_id, $user_id_ary = false, $userna
 
 	group_update_listings($group_id);
 
-	return true;
+	return false;
 }
 
 /**
diff --git a/phpBB/includes/mcp/mcp_ban.php b/phpBB/includes/mcp/mcp_ban.php
index cb6211abda..d9f5eb8f22 100644
--- a/phpBB/includes/mcp/mcp_ban.php
+++ b/phpBB/includes/mcp/mcp_ban.php
@@ -151,7 +151,7 @@ class mcp_ban
 			'U_FIND_USERNAME'	=> append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&amp;form=mcp_ban&amp;field=ban'),
 		));
 
-		if ($mode != 'user')
+		if ($mode === 'email' && !$auth->acl_get('a_user'))
 		{
 			return;
 		}
@@ -159,15 +159,28 @@ class mcp_ban
 		// As a "service" we will check if any post id is specified and populate the username of the poster id if given
 		$post_id = request_var('p', 0);
 		$user_id = request_var('u', 0);
-		$username = false;
+		$username = $pre_fill = false;
 
 		if ($user_id && $user_id <> ANONYMOUS)
 		{
-			$sql = 'SELECT username
+			$sql = 'SELECT username, user_email, user_ip
 				FROM ' . USERS_TABLE . '
 				WHERE user_id = ' . $user_id;
 			$result = $db->sql_query($sql);
-			$username = (string) $db->sql_fetchfield('username');
+			switch ($mode)
+			{
+				case 'user':
+					$pre_fill = (string) $db->sql_fetchfield('username');
+				break;
+				
+				case 'ip':
+					$pre_fill = (string) $db->sql_fetchfield('user_ip');
+				break;
+
+				case 'email':
+					$pre_fill = (string) $db->sql_fetchfield('user_email');
+				break;
+			}
 			$db->sql_freeresult($result);
 		}
 		else if ($post_id)
@@ -176,13 +189,29 @@ class mcp_ban
 
 			if (sizeof($post_info) && !empty($post_info[$post_id]))
 			{
-				$username = $post_info[$post_id]['username'];
+				switch ($mode)
+				{
+					case 'user':
+						$pre_fill = $post_info[$post_id]['username'];
+					break;
+
+					case 'ip':
+						$pre_fill = $post_info[$post_id]['poster_ip'];
+					break;
+
+					case 'email':
+						$pre_fill = $post_info[$post_id]['user_email'];
+					break;
+				}
+
 			}
 		}
 
-		if ($username)
+		if ($pre_fill)
 		{
-			$template->assign_var('USERNAMES', $username);
+			// left for legacy template compatibility
+			$template->assign_var('USERNAMES', $pre_fill);
+			$template->assign_var('BAN_QUANTIFIER', $pre_fill);
 		}
 	}
 }
diff --git a/phpBB/includes/mcp/mcp_logs.php b/phpBB/includes/mcp/mcp_logs.php
old mode 100755
new mode 100644
diff --git a/phpBB/includes/mcp/mcp_main.php b/phpBB/includes/mcp/mcp_main.php
index 3332ab04d8..85f9a1e839 100644
--- a/phpBB/includes/mcp/mcp_main.php
+++ b/phpBB/includes/mcp/mcp_main.php
@@ -235,7 +235,7 @@ function lock_unlock($action, $ids)
 	}
 	unset($orig_ids);
 
-	$redirect = request_var('redirect', build_url(array('_f_', 'action', 'quickmod')));
+	$redirect = request_var('redirect', build_url(array('action', 'quickmod')));
 
 	$s_hidden_fields = build_hidden_fields(array(
 		$sql_id . '_list'	=> $ids,
@@ -321,7 +321,7 @@ function change_topic_type($action, $topic_ids)
 		break;
 	}
 
-	$redirect = request_var('redirect', build_url(array('_f_', 'action', 'quickmod')));
+	$redirect = request_var('redirect', build_url(array('action', 'quickmod')));
 
 	$s_hidden_fields = array(
 		'topic_id_list'	=> $topic_ids,
@@ -542,7 +542,7 @@ function mcp_move_topic($topic_ids)
 	}
 
 	$to_forum_id = request_var('to_forum_id', 0);
-	$redirect = request_var('redirect', build_url(array('_f_', 'action', 'quickmod')));
+	$redirect = request_var('redirect', build_url(array('action', 'quickmod')));
 	$additional_msg = $success_msg = '';
 
 	$s_hidden_fields = build_hidden_fields(array(
@@ -554,7 +554,7 @@ function mcp_move_topic($topic_ids)
 
 	if ($to_forum_id)
 	{
-		$forum_data = get_forum_data($to_forum_id);
+		$forum_data = get_forum_data($to_forum_id, 'f_post');
 
 		if (!sizeof($forum_data))
 		{
@@ -762,7 +762,7 @@ function mcp_delete_topic($topic_ids)
 		return;
 	}
 
-	$redirect = request_var('redirect', build_url(array('_f_', 'action', 'quickmod')));
+	$redirect = request_var('redirect', build_url(array('action', 'quickmod')));
 	$forum_id = request_var('f', 0);
 
 	$s_hidden_fields = build_hidden_fields(array(
@@ -818,7 +818,7 @@ function mcp_delete_post($post_ids)
 		return;
 	}
 
-	$redirect = request_var('redirect', build_url(array('_f_', 'action', 'quickmod')));
+	$redirect = request_var('redirect', build_url(array('action', 'quickmod')));
 	$forum_id = request_var('f', 0);
 
 	$s_hidden_fields = build_hidden_fields(array(
@@ -941,7 +941,7 @@ function mcp_fork_topic($topic_ids)
 
 	$to_forum_id = request_var('to_forum_id', 0);
 	$forum_id = request_var('f', 0);
-	$redirect = request_var('redirect', build_url(array('_f_', 'action', 'quickmod')));
+	$redirect = request_var('redirect', build_url(array('action', 'quickmod')));
 	$additional_msg = $success_msg = '';
 
 	$s_hidden_fields = build_hidden_fields(array(
@@ -953,7 +953,7 @@ function mcp_fork_topic($topic_ids)
 
 	if ($to_forum_id)
 	{
-		$forum_data = get_forum_data($to_forum_id);
+		$forum_data = get_forum_data($to_forum_id, 'f_post');
 
 		if (!sizeof($topic_ids))
 		{
@@ -990,7 +990,7 @@ function mcp_fork_topic($topic_ids)
 
 	if (confirm_box(true))
 	{
-		$topic_data = get_topic_data($topic_ids);
+		$topic_data = get_topic_data($topic_ids, 'f_post');
 
 		$total_posts = 0;
 		$new_topic_id_list = array();
diff --git a/phpBB/includes/mcp/mcp_notes.php b/phpBB/includes/mcp/mcp_notes.php
old mode 100755
new mode 100644
diff --git a/phpBB/includes/mcp/mcp_queue.php b/phpBB/includes/mcp/mcp_queue.php
index 6d7f9ffaba..ab09761378 100644
--- a/phpBB/includes/mcp/mcp_queue.php
+++ b/phpBB/includes/mcp/mcp_queue.php
@@ -74,7 +74,7 @@ class mcp_queue
 
 				$this->tpl_name = 'mcp_post';
 
-				$user->add_lang('posting');
+				$user->add_lang(array('posting', 'viewtopic'));
 
 				$post_id = request_var('p', 0);
 				$topic_id = request_var('t', 0);
@@ -459,7 +459,7 @@ function approve_post($post_id_list, $id, $mode)
 		trigger_error('NOT_AUTHORISED');
 	}
 
-	$redirect = request_var('redirect', build_url(array('_f_', 'quickmod')));
+	$redirect = request_var('redirect', build_url(array('quickmod')));
 	$success_msg = '';
 
 	$s_hidden_fields = build_hidden_fields(array(
@@ -758,7 +758,7 @@ function disapprove_post($post_id_list, $id, $mode)
 		trigger_error('NOT_AUTHORISED');
 	}
 
-	$redirect = request_var('redirect', build_url(array('t', 'mode', '_f_', 'quickmod')) . "&amp;mode=$mode");
+	$redirect = request_var('redirect', build_url(array('t', 'mode', 'quickmod')) . "&amp;mode=$mode");
 	$reason = utf8_normalize_nfc(request_var('reason', '', true));
 	$reason_id = request_var('reason_id', 0);
 	$success_msg = $additional_msg = '';
diff --git a/phpBB/includes/mcp/mcp_reports.php b/phpBB/includes/mcp/mcp_reports.php
old mode 100755
new mode 100644
index 9419a37ab8..ce55fec7df
--- a/phpBB/includes/mcp/mcp_reports.php
+++ b/phpBB/includes/mcp/mcp_reports.php
@@ -450,15 +450,15 @@ function close_report($report_id_list, $mode, $action)
 
 	if ($action == 'delete' && strpos($user->data['session_page'], 'mode=report_details') !== false)
 	{
-		$redirect = request_var('redirect', build_url(array('mode', '_f_', 'r', 'quickmod')) . '&amp;mode=reports');
+		$redirect = request_var('redirect', build_url(array('mode', 'r', 'quickmod')) . '&amp;mode=reports');
 	}
 	else if ($action == 'close' && !request_var('r', 0))
 	{
-		$redirect = request_var('redirect', build_url(array('mode', '_f_', 'p', 'quickmod')) . '&amp;mode=reports');
+		$redirect = request_var('redirect', build_url(array('mode', 'p', 'quickmod')) . '&amp;mode=reports');
 	}
 	else
 	{
-		$redirect = request_var('redirect', build_url(array('_f_', 'quickmod')));
+		$redirect = request_var('redirect', build_url(array('quickmod')));
 	}
 	$success_msg = '';
 	$forum_ids = array();
diff --git a/phpBB/includes/mcp/mcp_topic.php b/phpBB/includes/mcp/mcp_topic.php
index f8214e4f1b..a468712a25 100644
--- a/phpBB/includes/mcp/mcp_topic.php
+++ b/phpBB/includes/mcp/mcp_topic.php
@@ -386,7 +386,7 @@ function split_topic($action, $topic_id, $to_forum_id, $subject)
 		return;
 	}
 
-	$redirect = request_var('redirect', build_url(array('_f_', 'quickmod')));
+	$redirect = request_var('redirect', build_url(array('quickmod')));
 
 	$s_hidden_fields = build_hidden_fields(array(
 		'i'				=> 'main',
@@ -550,7 +550,7 @@ function merge_posts($topic_id, $to_topic_id)
 		return;
 	}
 
-	$redirect = request_var('redirect', build_url(array('_f_', 'quickmod')));
+	$redirect = request_var('redirect', build_url(array('quickmod')));
 
 	$s_hidden_fields = build_hidden_fields(array(
 		'i'				=> 'main',
diff --git a/phpBB/includes/mcp/mcp_warn.php b/phpBB/includes/mcp/mcp_warn.php
old mode 100755
new mode 100644
index 315a2c1362..7c17de9f43
--- a/phpBB/includes/mcp/mcp_warn.php
+++ b/phpBB/includes/mcp/mcp_warn.php
@@ -170,7 +170,7 @@ class mcp_warn
 				'USERNAME'			=> $row['username'],
 				'USERNAME_COLOUR'	=> ($row['user_colour']) ? '#' . $row['user_colour'] : '',
 				'U_USER'			=> append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&amp;u=' . $row['user_id']),
-			
+
 				'WARNING_TIME'	=> $user->format_date($row['user_last_warning']),
 				'WARNINGS'		=> $row['user_warnings'],
 			));
@@ -262,11 +262,11 @@ class mcp_warn
 			}
 			$redirect = append_sid("{$phpbb_root_path}mcp.$phpEx", "i=notes&amp;mode=user_notes&amp;u=$user_id");
 			meta_refresh(2, $redirect);
-			trigger_error($user->lang['USER_WARNING_ADDED'] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a>'));
+			trigger_error($msg . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a>'));
 		}
 
 		// OK, they didn't submit a warning so lets build the page for them to do so
-		
+
 		// We want to make the message available here as a reminder
 		// Parse the message and subject
 		$message = censor_text($user_row['post_text']);
diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php
index 674e13de49..6c12903999 100644
--- a/phpBB/includes/message_parser.php
+++ b/phpBB/includes/message_parser.php
@@ -346,6 +346,12 @@ class bbcode_firstpass extends bbcode
 		$in = trim($in);
 		$error = false;
 
+		// Do not allow 0-sizes generally being entered
+		if ($width <= 0 || $height <= 0)
+		{
+			return '[flash=' . $width . ',' . $height . ']' . $in . '[/flash]';
+		}
+
 		// Apply the same size checks on flash files as on images
 		if ($config['max_' . $this->mode . '_img_height'] || $config['max_' . $this->mode . '_img_width'])
 		{
diff --git a/phpBB/includes/search/fulltext_mysql.php b/phpBB/includes/search/fulltext_mysql.php
index 1cd28fc6d2..80724fb5c5 100644
--- a/phpBB/includes/search/fulltext_mysql.php
+++ b/phpBB/includes/search/fulltext_mysql.php
@@ -546,8 +546,8 @@ class fulltext_mysql extends search_backend
 			break;
 
 			case 't':
-				$sql_sort_table	= ($type == 'posts') ? TOPICS_TABLE . ' t, ' : '';
-				$sql_sort_join	= ($type == 'posts') ? ' AND t.topic_id = p.topic_id ' : '';
+				$sql_sort_table	= ($type == 'posts' && !$firstpost_only) ? TOPICS_TABLE . ' t, ' : '';
+				$sql_sort_join	= ($type == 'posts' && !$firstpost_only) ? ' AND t.topic_id = p.topic_id ' : '';
 			break;
 
 			case 'f':
diff --git a/phpBB/includes/search/fulltext_native.php b/phpBB/includes/search/fulltext_native.php
old mode 100755
new mode 100644
index bfcb02f8e6..b0e95a1559
--- a/phpBB/includes/search/fulltext_native.php
+++ b/phpBB/includes/search/fulltext_native.php
@@ -813,8 +813,8 @@ class fulltext_native extends search_backend
 			break;
 
 			case 't':
-				$sql_sort_table	= ($type == 'posts') ? TOPICS_TABLE . ' t, ' : '';
-				$sql_sort_join	= ($type == 'posts') ? ' AND t.topic_id = p.topic_id ' : '';
+				$sql_sort_table	= ($type == 'posts' && !$firstpost_only) ? TOPICS_TABLE . ' t, ' : '';
+				$sql_sort_join	= ($type == 'posts' && !$firstpost_only) ? ' AND t.topic_id = p.topic_id ' : '';
 			break;
 
 			case 'f':
@@ -900,7 +900,7 @@ class fulltext_native extends search_backend
 		if ($type == 'posts')
 		{
 			$sql = "SELECT $select
-				FROM " . $sql_sort_table . POSTS_TABLE . ' p' . (($topic_id || $firstpost_only) ? ', ' . TOPICS_TABLE . ' t' : '') . "
+				FROM " . $sql_sort_table . POSTS_TABLE . ' p' . (($firstpost_only) ? ', ' . TOPICS_TABLE . ' t' : '') . "
 				WHERE $sql_author
 					$sql_topic_id
 					$sql_firstpost
diff --git a/phpBB/includes/search/search.php b/phpBB/includes/search/search.php
old mode 100755
new mode 100644
diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php
index da54a6c512..8a3a16727e 100644
--- a/phpBB/includes/session.php
+++ b/phpBB/includes/session.php
@@ -68,7 +68,7 @@ class session
 
 		foreach ($args as $key => $argument)
 		{
-			if (strpos($argument, 'sid=') === 0 || strpos($argument, '_f_=') === 0)
+			if (strpos($argument, 'sid=') === 0)
 			{
 				continue;
 			}
@@ -158,8 +158,16 @@ class session
 		$this->cookie_data			= array('u' => 0, 'k' => '');
 		$this->update_session_page	= $update_session_page;
 		$this->browser				= (!empty($_SERVER['HTTP_USER_AGENT'])) ? htmlspecialchars((string) $_SERVER['HTTP_USER_AGENT']) : '';
+		$this->referer				= (!empty($_SERVER['HTTP_REFERER'])) ? htmlspecialchars((string) $_SERVER['HTTP_REFERER']) : '';
 		$this->forwarded_for		= (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) ? (string) $_SERVER['HTTP_X_FORWARDED_FOR'] : '';
 		$this->host					= (!empty($_SERVER['HTTP_HOST'])) ? (string) strtolower($_SERVER['HTTP_HOST']) : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME'));
+
+		// Since HTTP_HOST may carry a port definition, we need to remove it here...
+		if (strpos($this->host, ':') !== false)
+		{
+			$this->host = substr($this->host, 0, strpos($this->host, ':'));
+		}
+
 		$this->page					= $this->extract_current_page($phpbb_root_path);
 
 		// if the forwarded for header shall be checked we have to validate its contents
@@ -217,9 +225,9 @@ class session
 		// Load limit check (if applicable)
 		if ($config['limit_load'] || $config['limit_search_load'])
 		{
-			if ($load = @file_get_contents('/proc/loadavg'))
+			if ((function_exists('sys_getloadavg') && $load = sys_getloadavg()) || ($load = explode(' ', @file_get_contents('/proc/loadavg'))))
 			{
-				$this->load = array_slice(explode(' ', $load), 0, 1);
+				$this->load = array_slice($load, 0, 1);
 				$this->load = floatval($this->load[0]);
 			}
 			else
@@ -264,7 +272,18 @@ class session
 				$s_forwarded_for = ($config['forwarded_for_check']) ? substr($this->data['session_forwarded_for'], 0, 254) : '';
 				$u_forwarded_for = ($config['forwarded_for_check']) ? substr($this->forwarded_for, 0, 254) : '';
 
-				if ($u_ip === $s_ip && $s_browser === $u_browser && $s_forwarded_for === $u_forwarded_for)
+				// referer checks
+				// The @ before $config['referer_validation'] suppresses notices present while running the updater
+				$check_referer_path = (@$config['referer_validation'] == REFERER_VALIDATE_PATH);
+				$referer_valid = true;
+
+				// we assume HEAD and TRACE to be foul play and thus only whitelist GET
+				if (@$config['referer_validation'] && isset($_SERVER['REQUEST_METHOD']) && strtolower($_SERVER['REQUEST_METHOD']) !== 'get')
+				{
+					$referer_valid = $this->validate_referer($check_referer_path);
+				}
+
+				if ($u_ip === $s_ip && $s_browser === $u_browser && $s_forwarded_for === $u_forwarded_for && $referer_valid)
 				{
 					$session_expired = false;
 
@@ -343,7 +362,14 @@ class session
 					// Added logging temporarly to help debug bugs...
 					if (defined('DEBUG_EXTRA') && $this->data['user_id'] != ANONYMOUS)
 					{
-						add_log('critical', 'LOG_IP_BROWSER_FORWARDED_CHECK', $u_ip, $s_ip, $u_browser, $s_browser, htmlspecialchars($u_forwarded_for), htmlspecialchars($s_forwarded_for));
+						if ($referer_valid)
+						{
+							add_log('critical', 'LOG_IP_BROWSER_FORWARDED_CHECK', $u_ip, $s_ip, $u_browser, $s_browser, htmlspecialchars($u_forwarded_for), htmlspecialchars($s_forwarded_for));
+						}
+						else
+						{
+							add_log('critical', 'LOG_REFERER_INVALID', $this->referer);
+						}
 					}
 				}
 			}
@@ -1101,7 +1127,7 @@ class session
 			trigger_error($message);
 		}
 
-		return ($banned) ? true : false;
+		return ($banned && $ban_row['ban_give_reason']) ? $ban_row['ban_give_reason'] : $banned;
 	}
 
 	/**
@@ -1279,6 +1305,55 @@ class session
 			$this->set_login_key($user_id);
 		}
 	}
+
+
+	/**
+	* Check if the request originated from the same page.
+	* @param bool $check_script_path If true, the path will be checked as well
+	*/
+	function validate_referer($check_script_path = false)
+	{
+		// no referer - nothing to validate, user's fault for turning it off (we only check on POST; so meta can't be the reason)
+		if (empty($this->referer) || empty($this->host) )
+		{
+			return true;
+		}
+
+		$host = htmlspecialchars($this->host);
+		$ref = substr($this->referer, strpos($this->referer, '://') + 3);
+
+		if (!(stripos($ref , $host) === 0))
+		{
+			return false;
+		}
+		else if ($check_script_path && rtrim($this->page['root_script_path'], '/') !== '')
+		{
+			$ref = substr($ref, strlen($host));
+			$server_port = (!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT');
+
+			if ($server_port !== 80 && $server_port !== 443 && stripos($ref, ":$server_port") === 0)
+			{
+				$ref = substr($ref, strlen(":$server_port"));
+			}
+
+			if (!(stripos(rtrim($ref, '/'), rtrim($this->page['root_script_path'], '/')) === 0))
+			{
+				return false;
+			}
+		}
+
+		return true;
+	}
+
+
+	function unset_admin()
+	{
+		global $db;
+		$sql = 'UPDATE ' . SESSIONS_TABLE . '
+			SET session_admin = 0
+			WHERE session_id = \'' . $db->sql_escape($this->session_id) . '\'';
+		$db->sql_query($sql);
+	}
 }
 
 
diff --git a/phpBB/includes/ucp/ucp_confirm.php b/phpBB/includes/ucp/ucp_confirm.php
index 0f37c456fa..b91c88b7e8 100644
--- a/phpBB/includes/ucp/ucp_confirm.php
+++ b/phpBB/includes/ucp/ucp_confirm.php
@@ -73,7 +73,9 @@ class ucp_confirm
 
 		$captcha = new captcha();
 		$captcha->execute($row['code'], $row['seed']);
-		exit;
+
+		garbage_collection();
+		exit_handler();
 	}
 }
 
diff --git a/phpBB/includes/ucp/ucp_pm.php b/phpBB/includes/ucp/ucp_pm.php
index 46b23efb54..b4ac0c11da 100644
--- a/phpBB/includes/ucp/ucp_pm.php
+++ b/phpBB/includes/ucp/ucp_pm.php
@@ -129,15 +129,7 @@ class ucp_pm
 			break;
 
 			case 'options':
-				$sql = 'SELECT group_message_limit
-					FROM ' . GROUPS_TABLE . '
-					WHERE group_id = ' . $user->data['group_id'];
-				$result = $db->sql_query($sql, 3600);
-				$message_limit = (int) $db->sql_fetchfield('group_message_limit');
-				$db->sql_freeresult($result);
-
-				$user->data['message_limit'] = (!$message_limit) ? $config['pm_max_msgs'] : $message_limit;
-
+				set_user_message_limit();
 				get_folder($user->data['user_id']);
 
 				include($phpbb_root_path . 'includes/ucp/ucp_pm_options.' . $phpEx);
@@ -168,14 +160,7 @@ class ucp_pm
 
 			case 'view':
 
-				$sql = 'SELECT group_message_limit
-					FROM ' . GROUPS_TABLE . '
-					WHERE group_id = ' . $user->data['group_id'];
-				$result = $db->sql_query($sql, 3600);
-				$message_limit = (int) $db->sql_fetchfield('group_message_limit');
-				$db->sql_freeresult($result);
-
-				$user->data['message_limit'] = (!$message_limit) ? $config['pm_max_msgs'] : $message_limit;
+				set_user_message_limit();
 
 				if ($folder_specified)
 				{
diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php
index af592e3612..6271639cd1 100644
--- a/phpBB/includes/ucp/ucp_pm_compose.php
+++ b/phpBB/includes/ucp/ucp_pm_compose.php
@@ -636,7 +636,6 @@ function compose_pm($id, $mode, $action)
 				'filename_data'			=> $message_parser->filename_data,
 				'address_list'			=> $address_list
 			);
-			unset($message_parser);
 
 			// ((!$message_subject) ? $subject : $message_subject)
 			$msg_id = submit_pm($action, $subject, $pm_data);
@@ -770,7 +769,6 @@ function compose_pm($id, $mode, $action)
 	$attachment_data = $message_parser->attachment_data;
 	$filename_data = $message_parser->filename_data;
 	$message_text = $message_parser->message;
-	unset($message_parser);
 
 	// MAIN PM PAGE BEGINS HERE
 
@@ -892,8 +890,8 @@ function compose_pm($id, $mode, $action)
 
 	// Build hidden address list
 	$s_hidden_address_field = build_address_field($address_list);
-	 
-	
+
+
 	$bbcode_checked		= (isset($enable_bbcode)) ? !$enable_bbcode : (($config['allow_bbcode'] && $auth->acl_get('u_pm_bbcode')) ? !$user->optionget('bbcode') : 1);
 	$smilies_checked	= (isset($enable_smilies)) ? !$enable_smilies : (($config['allow_smilies'] && $auth->acl_get('u_pm_smilies')) ? !$user->optionget('smilies') : 1);
 	$urls_checked		= (isset($enable_urls)) ? !$enable_urls : 0;
@@ -1114,7 +1112,7 @@ function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove
 	}
 }
 
-/** 
+/**
 * Build the hidden field for the recipients. Needed, as the variable is not read via request_var.
 */
 function build_address_field($address_list)
diff --git a/phpBB/includes/ucp/ucp_pm_viewfolder.php b/phpBB/includes/ucp/ucp_pm_viewfolder.php
index e9c337519a..8c765b1e90 100644
--- a/phpBB/includes/ucp/ucp_pm_viewfolder.php
+++ b/phpBB/includes/ucp/ucp_pm_viewfolder.php
@@ -493,7 +493,7 @@ function get_pm_from($folder_id, $folder, $user_id)
 	}
 	else
 	{
-		$pm_count = $folder[$folder_id]['num_messages'];
+		$pm_count = (!empty($folder[$folder_id]['num_messages'])) ? $folder[$folder_id]['num_messages'] : 0;
 		$sql_limit_time = '';
 	}
 
diff --git a/phpBB/includes/utf/utf_tools.php b/phpBB/includes/utf/utf_tools.php
index b30f28aac9..8098176837 100644
--- a/phpBB/includes/utf/utf_tools.php
+++ b/phpBB/includes/utf/utf_tools.php
@@ -1840,7 +1840,7 @@ function utf8_clean_string($text)
 /**
 * A wrapper for htmlspecialchars($value, ENT_COMPAT, 'UTF-8')
 */
-function utf8_htmlspecialchars(&$value)
+function utf8_htmlspecialchars($value)
 {
 	return htmlspecialchars($value, ENT_COMPAT, 'UTF-8');
 }
diff --git a/phpBB/install/convertors/convert_phpbb20.php b/phpBB/install/convertors/convert_phpbb20.php
index ae7c9959f1..63644d7212 100644
--- a/phpBB/install/convertors/convert_phpbb20.php
+++ b/phpBB/install/convertors/convert_phpbb20.php
@@ -31,8 +31,8 @@ unset($dbpasswd);
 */
 $convertor_data = array(
 	'forum_name'	=> 'phpBB 2.0.x',
-	'version'		=> '1.0.1',
-	'phpbb_version'	=> '3.0.1',
+	'version'		=> '1.0.2',
+	'phpbb_version'	=> '3.0.2',
 	'author'		=> '<a href="http://www.phpbb.com/">phpBB Group</a>',
 	'dbms'			=> $dbms,
 	'dbhost'		=> $dbhost,
@@ -191,7 +191,7 @@ if (!$get_info)
 	{
 		$src_db->sql_freeresult($result);
 	}
-	
+
 
 	/**
 	* Tests for further MODs can be included here.
@@ -265,7 +265,7 @@ if (!$get_info)
 *								- empty string == execute nothing
 *								- string == function to execute
 *								- array == complex execution instructions
-*		
+*
 *		Complex execution instructions:
 *		@todo test complex execution instructions - in theory they will work fine
 *
@@ -307,7 +307,7 @@ if (!$get_info)
 			array('target', $convert->truncate_statement . SEARCH_WORDMATCH_TABLE),
 			array('target', $convert->truncate_statement . LOG_TABLE),
 		),
-		
+
 //	with this you are able to import all attachment files on the fly. For large boards this is not an option, therefore commented out by default.
 //	Instead every file gets copied while processing the corresponding attachment entry.
 //		if (defined("MOD_ATTACHMENT")) { import_attachment_files(); phpbb_copy_thumbnails(); }
@@ -489,7 +489,7 @@ if (!$get_info)
 				array('poll_max_options',		1,									''),
 				array('poll_vote_change',		0,									''),
 
-				'left_join'		=>	array (	'topics LEFT JOIN vote_desc ON topics.topic_id = vote_desc.topic_id AND topics.topic_vote = 1', 
+				'left_join'		=>	array (	'topics LEFT JOIN vote_desc ON topics.topic_id = vote_desc.topic_id AND topics.topic_vote = 1',
 											'topics LEFT JOIN posts ON topics.topic_last_post_id = posts.post_id',
 									),
 				'where'			=> 'topics.topic_moved_id = 0',
@@ -687,7 +687,7 @@ if (!$get_info)
 				array('user_id',				'users.user_id',						'phpbb_user_id'),
 				array('folder_name',			$user->lang['CONV_SAVED_MESSAGES'],		''),
 				array('pm_count',				0,										''),
-			
+
 				'where'			=> 'users.user_id <> -1',
 			),
 
@@ -711,7 +711,7 @@ if (!$get_info)
 				'where'			=> 'privmsgs.privmsgs_id = privmsgs_text.privmsgs_text_id
 										AND (privmsgs.privmsgs_type = 0 OR privmsgs.privmsgs_type = 1 OR privmsgs.privmsgs_type = 5)',
 			),
-			
+
 			// Outbox
 			array(
 				'target'		=> PRIVMSGS_TO_TABLE,
diff --git a/phpBB/install/database_update.php b/phpBB/install/database_update.php
index 211bbec8d1..43d8c06a27 100644
--- a/phpBB/install/database_update.php
+++ b/phpBB/install/database_update.php
@@ -8,7 +8,7 @@
 *
 */
 
-$updates_to_version = '3.0.1';
+$updates_to_version = '3.0.2-RC1';
 
 // Return if we "just include it" to find out for which version the database update is responsible for
 if (defined('IN_PHPBB') && defined('IN_INSTALL'))
@@ -33,7 +33,7 @@ error_reporting(E_ALL);
 // Include essential scripts
 include($phpbb_root_path . 'config.' . $phpEx);
 
-if (!isset($dbms))
+if (!defined('PHPBB_INSTALLED') || empty($dbms) || empty($acm_type))
 {
 	die("Please read: <a href='../docs/INSTALL.html'>INSTALL.html</a> before attempting to update.");
 }
@@ -496,6 +496,12 @@ $database_update_info = array(
 			GROUPS_TABLE			=> array('group_legend'),
 		),
 	),
+	// No changes from 3.0.1-RC1 to 3.0.1
+	'3.0.1-RC1'		=> array(),
+	// No changes from 3.0.1 to 3.0.2-RC1
+	'3.0.1'			=> array(),
+// uncomment once RC1 out - no changes from 3.0.2-RC1 to 3.0.2
+//	'3.0.2-RC1'		=> array(),
 );
 
 // Determine mapping database type
@@ -581,6 +587,11 @@ while ($row = $db->sql_fetchrow($result))
 }
 $db->sql_freeresult($result);
 
+/*if ($debug_from_version !== false)
+{
+	$config['version'] = $debug_from_version;
+}*/
+
 echo $lang['PREVIOUS_VERSION'] . ' :: <strong>' . $config['version'] . '</strong><br />';
 echo $lang['UPDATED_VERSION'] . ' :: <strong>' . $updates_to_version . '</strong></p>';
 
@@ -604,7 +615,7 @@ else
 
 // Checks/Operations that have to be completed prior to starting the update itself
 $exit = false;
-if (version_compare($current_version, '3.0.RC8', '<='))
+if (version_compare($current_version, '3.0.RC8', '<=')) /* && $debug_from_version === false) */
 {
 	// Define missing language entries...
 	if (!isset($lang['CLEANING_USERNAMES']))
@@ -932,7 +943,7 @@ if (version_compare($current_version, '3.0.RC8', '<='))
 			foreach ($user_ids as $i => $user_id)
 			{
 				$row = $users[$user_id];
-				
+
 				$rank_title = $rank_img = '';
 				get_user_rank($row['user_rank'], $row['user_posts'], $rank_title, $rank_img, $rank_img_src);
 
@@ -1092,13 +1103,20 @@ for ($i = 0; $i < sizeof($versions); $i++)
 
 	$next_version = (isset($versions[$i + 1])) ? $versions[$i + 1] : $updates_to_version;
 
-	if (!sizeof($schema_changes))
+	// If the installed version to be updated to is < than the current version, and if the current version is >= as the version to be updated to next, we will skip the process
+	if (version_compare($version, $current_version, '<') && version_compare($current_version, $next_version, '>='))
 	{
 		continue;
 	}
 
-	// If the installed version to be updated to is < than the current version, and if the current version is >= as the version to be updated to next, we will skip the process
-	if (version_compare($version, $current_version, '<') && version_compare($current_version, $next_version, '>='))
+/*	if ($debug_from_version !== false)
+	{
+		// Applying update schema for version array with key '$version'
+		// for version '$version' to '$next_version'
+		continue;
+	}*/
+
+	if (!sizeof($schema_changes))
 	{
 		continue;
 	}
@@ -1209,10 +1227,7 @@ $errored = $no_updates = false;
 flush();
 
 $no_updates = true;
-
-$versions = array(
-	'3.0.RC2', '3.0.RC3', '3.0.RC4', '3.0.RC5', '3.0.0'
-);
+$versions = array_keys($database_update_info);
 
 // some code magic
 for ($i = 0; $i < sizeof($versions); $i++)
@@ -1226,8 +1241,14 @@ for ($i = 0; $i < sizeof($versions); $i++)
 		continue;
 	}
 
-	$no_updates = false;
-	change_database_data($version);
+/*	if ($debug_from_version !== false)
+	{
+		// Applying update schema for version array with key '$version'
+		// for version '$version' to '$next_version'
+		continue;
+	}*/
+
+	change_database_data($no_updates, $version);
 }
 
 _write_result($no_updates, $errored, $error_ary);
@@ -1246,6 +1267,9 @@ $errored = $no_updates = false;
 
 flush();
 
+//if ($debug_from_version === false)
+// {
+
 // update the version
 $sql = "UPDATE " . CONFIG_TABLE . "
 	SET config_value = '$updates_to_version'
@@ -1258,6 +1282,8 @@ $sql = 'UPDATE ' . USERS_TABLE . "
 		user_perm_from = 0";
 _sql($sql, $errored, $error_ary);
 
+// }
+
 /* Optimize/vacuum analyze the tables where appropriate
 // this should be done for each version in future along with
 // the version number update
@@ -1324,7 +1350,7 @@ $cache->purge();
 		</div>
 		</div>
 	</div>
-	
+
 	<div id="page-footer">
 		Powered by phpBB &copy; 2000, 2002, 2005, 2007 <a href="http://www.phpbb.com/">phpBB Group</a>
 	</div>
@@ -1345,7 +1371,7 @@ if (function_exists('exit_handler'))
 /**
 * Function where all data changes are executed
 */
-function change_database_data($version)
+function change_database_data(&$no_updates, $version)
 {
 	global $db, $map_dbms, $errored, $error_ary, $config, $phpbb_root_path;
 
@@ -1364,7 +1390,7 @@ function change_database_data($version)
 				$smileys[$row['smiley_id']] = $row['code'];
 			}
 			$db->sql_freeresult($result);
-	
+
 			foreach ($smileys as $id => $code)
 			{
 				// 2.0 only entitized lt and gt; We need to do something about double quotes.
@@ -1392,6 +1418,7 @@ function change_database_data($version)
 				sql_create_index($map_dbms, 'ath_op_id', ACL_ROLES_DATA_TABLE, array('auth_option_id'));
 			}
 
+			$no_updates = false;
 		break;
 
 		case '3.0.RC3':
@@ -1481,6 +1508,7 @@ function change_database_data($version)
 			set_config('allow_birthdays', '1');
 			set_config('cron_lock', '0', true);
 
+			$no_updates = false;
 		break;
 
 		case '3.0.RC4':
@@ -1678,6 +1706,7 @@ function change_database_data($version)
 			set_config('ldap_port', '');
 			set_config('ldap_user_filter', '');
 
+			$no_updates = false;
 		break;
 
 		case '3.0.RC5':
@@ -1699,7 +1728,7 @@ function change_database_data($version)
 			$sql = 'SELECT forum_id, forum_password
 					FROM ' . FORUMS_TABLE;
 			$result = _sql($sql, $errored, $error_ary);
-			
+
 			while ($row = $db->sql_fetchrow($result))
 			{
 				if (!empty($row['forum_password']))
@@ -1708,9 +1737,10 @@ function change_database_data($version)
 				}
 			}
 			$db->sql_freeresult($result);
-			
+
 			$db->sql_transaction('commit');
 
+			$no_updates = false;
 		break;
 
 		case '3.0.0':
@@ -1719,7 +1749,7 @@ function change_database_data($version)
 				SET topic_last_view_time = topic_last_post_time
 				WHERE topic_last_view_time = 0";
 			_sql($sql, $errored, $error_ary);
-	
+
 			// Update smiley sizes
 			$smileys = array('icon_e_surprised.gif', 'icon_eek.gif', 'icon_cool.gif', 'icon_lol.gif', 'icon_mad.gif', 'icon_razz.gif', 'icon_redface.gif', 'icon_cry.gif', 'icon_evil.gif', 'icon_twisted.gif', 'icon_rolleyes.gif', 'icon_exclaim.gif', 'icon_question.gif', 'icon_idea.gif', 'icon_arrow.gif', 'icon_neutral.gif', 'icon_mrgreen.gif', 'icon_e_ugeek.gif');
 
@@ -1728,18 +1758,27 @@ function change_database_data($version)
 				if (file_exists($phpbb_root_path . 'images/smilies/' . $smiley))
 				{
 					list($width, $height) = getimagesize($phpbb_root_path . 'images/smilies/' . $smiley);
-			
+
 					$sql = 'UPDATE ' . SMILIES_TABLE . '
 						SET smiley_width = ' . $width . ', smiley_height = ' . $height . "
 						WHERE smiley_url = '" . $db->sql_escape($smiley) . "'";
-			
+
 					_sql($sql, $errored, $error_ary);
 				}
 			}
-	
-			// TODO: remove all form token min times
 
+			$no_updates = false;
 		break;
+
+		case '3.0.1-RC1':
+
+			set_config('referer_validation', '1');
+			set_config('check_attachment_content', '1');
+			set_config('mime_triggers', 'body|head|html|img|plaintext|a href|pre|script|table|title');
+
+			$no_updates = false;
+		break;
+
 	}
 }
 
diff --git a/phpBB/install/index.php b/phpBB/install/index.php
old mode 100755
new mode 100644
diff --git a/phpBB/install/install_convert.php b/phpBB/install/install_convert.php
index 081b1a6c31..25d8551df4 100644
--- a/phpBB/install/install_convert.php
+++ b/phpBB/install/install_convert.php
@@ -298,7 +298,7 @@ class install_convert extends module
 				if (isset($convertor_data))
 				{
 					$sort[strtolower($convertor_data['forum_name'])] = sizeof($convertors);
-					
+
 					$convertors[] = array(
 						'tag'			=>	$m[1],
 						'forum_name'	=>	$convertor_data['forum_name'],
@@ -585,7 +585,7 @@ class install_convert extends module
 	function convert_data($sub)
 	{
 		global $template, $user, $phpbb_root_path, $phpEx, $db, $lang, $config, $cache;
-		global $convert, $convert_row, $message_parser, $skip_rows;
+		global $convert, $convert_row, $message_parser, $skip_rows, $language;
 
 		require($phpbb_root_path . 'config.' . $phpEx);
 		require($phpbb_root_path . 'includes/constants.' . $phpEx);
@@ -891,7 +891,7 @@ class install_convert extends module
 								{
 									$table = $convert->src_table_prefix . $m[1];
 									$tables_list[$table] = $table;
-		
+
 									if (!empty($m[3]))
 									{
 										$aliases[] = $convert->src_table_prefix . $m[3];
@@ -948,7 +948,7 @@ class install_convert extends module
 
 				// Throw an error if some tables are missing
 				// We used to do some guessing here, but since we have a suggestion of possible values earlier, I don't see it adding anything here to do it again
-				
+
 				if (sizeof($missing_tables) == sizeof($tables_list))
 				{
 					$this->p_master->error($user->lang['NO_TABLES_FOUND'] . ' ' . $user->lang['CHECK_TABLE_PREFIX'], __LINE__, __FILE__);
@@ -1299,7 +1299,7 @@ class install_convert extends module
 									if ($errored)
 									{
 										$db->sql_return_on_error(true);
-	
+
 										// Because it errored out we will try to insert the rows one by one... most of the time this
 										// is caused by duplicate entries - but we also do not want to miss one...
 										foreach ($waiting_rows as $waiting_sql)
@@ -1607,7 +1607,7 @@ class install_convert extends module
 				'TITLE'		=> $user->lang['UPDATE_TOPICS_POSTED'],
 				'RESULT'	=> $user->lang['DONE'],
 			));
-			
+
 			if ($db->sql_error_triggered)
 			{
 				$template->assign_vars(array(
@@ -1617,7 +1617,7 @@ class install_convert extends module
 				));
 			}
 			$db->sql_return_on_error(false);
-			
+
 			$this->finish_conversion();
 			return;
 		}
@@ -1949,7 +1949,7 @@ class install_convert extends module
 
 				$firstkey_set = false;
 				$firstkey = 0;
-	
+
 				foreach ($fields[1] as $inner_key => $inner_value)
 				{
 					if (!$firstkey_set)
@@ -1974,7 +1974,7 @@ class install_convert extends module
 					{
 						$sql_flag = true;
 					}
-		
+
 					// No function assigned?
 					if (empty($fields[2]))
 					{
diff --git a/phpBB/install/install_install.php b/phpBB/install/install_install.php
old mode 100755
new mode 100644
index f7d6d0a9c4..282afd5e23
--- a/phpBB/install/install_install.php
+++ b/phpBB/install/install_install.php
@@ -1021,6 +1021,12 @@ class install_install extends module
 		// HTTP_HOST is having the correct browser url in most cases...
 		$server_name = (!empty($_SERVER['HTTP_HOST'])) ? strtolower($_SERVER['HTTP_HOST']) : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME'));
 
+		// HTTP HOST can carry a port number...
+		if (strpos($server_name, ':') !== false)
+		{
+			$server_name = substr($server_name, 0, strpos($server_name, ':'));
+		}
+
 		$data['email_enable'] = ($data['email_enable'] !== '') ? $data['email_enable'] : true;
 		$data['server_name'] = ($data['server_name'] !== '') ? $data['server_name'] : $server_name;
 		$data['server_port'] = ($data['server_port'] !== '') ? $data['server_port'] : ((!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT'));
@@ -1114,6 +1120,13 @@ class install_install extends module
 
 		// HTTP_HOST is having the correct browser url in most cases...
 		$server_name = (!empty($_SERVER['HTTP_HOST'])) ? strtolower($_SERVER['HTTP_HOST']) : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME'));
+
+		// HTTP HOST can carry a port number...
+		if (strpos($server_name, ':') !== false)
+		{
+			$server_name = substr($server_name, 0, strpos($server_name, ':'));
+		}
+
 		$cookie_domain = ($data['server_name'] != '') ? $data['server_name'] : $server_name;
 
 		// Try to come up with the best solution for cookie domain...
diff --git a/phpBB/install/install_main.php b/phpBB/install/install_main.php
old mode 100755
new mode 100644
diff --git a/phpBB/install/schemas/schema_data.sql b/phpBB/install/schemas/schema_data.sql
index 43ab04d77e..3dfe8ae0d9 100644
--- a/phpBB/install/schemas/schema_data.sql
+++ b/phpBB/install/schemas/schema_data.sql
@@ -64,6 +64,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('captcha_gd', '0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('captcha_gd_foreground_noise', '0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('captcha_gd_x_grid', '25');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('captcha_gd_y_grid', '25');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('check_attachment_content', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('check_dnsbl', '0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('chg_passforce', '0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('cookie_domain', '');
@@ -172,8 +173,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('max_sig_urls', '5'
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('min_name_chars', '3');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('min_pass_chars', '6');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('min_search_author_chars', '3');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('min_time_reg', '0');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('min_time_terms', '0');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('mime_triggers', 'body|head|html|img|plaintext|a href|pre|script|table|title');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('override_user_style', '0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('pass_complex', 'PASS_TYPE_ANY');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('pm_edit_time', '0');
@@ -184,6 +184,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('print_pm', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('queue_interval', '600');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('ranks_path', 'images/ranks');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('require_activation', '0');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('referer_validation', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('script_path', '');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('search_block_size', '250');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('search_gc', '7200');
@@ -213,7 +214,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('topics_per_page',
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('tpl_allow_php', '0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_icons_path', 'images/upload_icons');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_path', 'files');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.0.1');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.0.2-RC1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_expire_days', '90');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_gc', '14400');
 
diff --git a/phpBB/language/en/acp/attachments.php b/phpBB/language/en/acp/attachments.php
index 6edae1a4cc..594eb9de33 100644
--- a/phpBB/language/en/acp/attachments.php
+++ b/phpBB/language/en/acp/attachments.php
@@ -71,6 +71,8 @@ $lang = array_merge($lang, array(
 	'CAT_QUICKTIME_FILES'		=> 'Quicktime media files',
 	'CAT_RM_FILES'				=> 'RealMedia media files',
 	'CAT_WM_FILES'				=> 'Windows Media media files',
+	'CHECK_CONTENT'				=> 'Check attachment files',
+	'CHECK_CONTENT_EXPLAIN'		=> 'Some browsers can be tricked to assume an incorrect mimetype for uploaded files. This option ensures that such files likely to cause this are rejected.',
 	'CREATE_GROUP'				=> 'Create new group',
 	'CREATE_THUMBNAIL'			=> 'Create thumbnail',
 	'CREATE_THUMBNAIL_EXPLAIN'	=> 'Create a thumbnail in all possible situations.',
diff --git a/phpBB/language/en/acp/board.php b/phpBB/language/en/acp/board.php
index f328c05882..ae122c54ee 100644
--- a/phpBB/language/en/acp/board.php
+++ b/phpBB/language/en/acp/board.php
@@ -206,10 +206,6 @@ $lang = array_merge($lang, array(
 	'ENABLE_COPPA_EXPLAIN'		=> 'This requires users to declare whether they are 13 or over for compliance with the U.S. COPPA. If this is disabled the COPPA specific groups will no longer be displayed.',
 	'MAX_CHARS'					=> 'Max',
 	'MIN_CHARS'					=> 'Min',
-	'MIN_TIME_REG'				=> 'Minimum time for registration',
-	'MIN_TIME_REG_EXPLAIN'		=> 'The registration form cannot be submitted before this time has passed.',
-	'MIN_TIME_TERMS'			=> 'Minimum time for accepting terms',
-	'MIN_TIME_TERMS_EXPLAIN'	=> 'The terms page cannot be skipped before this time has passed.',
 	'NO_AUTH_PLUGIN'			=> 'No suitable auth plugin found.',
 	'PASSWORD_LENGTH'			=> 'Password length',
 	'PASSWORD_LENGTH_EXPLAIN'	=> 'Minimum and maximum number of characters in passwords.',
@@ -375,8 +371,6 @@ $lang = array_merge($lang, array(
 	'FORCE_PASS_CHANGE_EXPLAIN'		=> 'Require user to change their password after a set number of days. Setting this value to 0 disables this behaviour.',
 	'FORM_TIME_MAX'					=> 'Maximum time to submit forms',
 	'FORM_TIME_MAX_EXPLAIN'			=> 'The time a user has to submit a form. Use -1 to disable. Note that a form might become invalid if the session expires, regardless of this setting.',
-	'FORM_TIME_MIN'					=> 'Minimum time to submit forms',
-	'FORM_TIME_MIN_EXPLAIN'			=> 'Submissions faster than this time are ignored by the board. Use 0 to disable.',
 	'FORM_SID_GUESTS'				=> 'Tie forms to guest sessions',
 	'FORM_SID_GUESTS_EXPLAIN'		=> 'If enabled, the form token issued to guests will be session-exclusive. This can cause problems with some ISPs.',
 	'FORWARDED_FOR_VALID'			=> 'Validated <var>X_FORWARDED_FOR</var> header',
@@ -386,12 +380,17 @@ $lang = array_merge($lang, array(
 	'MAX_LOGIN_ATTEMPTS'			=> 'Maximum number of login attempts',
 	'MAX_LOGIN_ATTEMPTS_EXPLAIN'	=> 'After this number of failed logins the user needs to additionally confirm his login visually (visual confirmation).',
 	'NO_IP_VALIDATION'				=> 'None',
+	'NO_REF_VALIDATION'				=> 'None',
 	'PASSWORD_TYPE'					=> 'Password complexity',
 	'PASSWORD_TYPE_EXPLAIN'			=> 'Determines how complex a password needs to be when set or altered, subsequent options include the previous ones.',
 	'PASS_TYPE_ALPHA'				=> 'Must contain letters and numbers',
 	'PASS_TYPE_ANY'					=> 'No requirements',
 	'PASS_TYPE_CASE'				=> 'Must be mixed case',
 	'PASS_TYPE_SYMBOL'				=> 'Must contain symbols',
+	'REF_HOST'						=> 'Only validate host',
+	'REF_PATH'						=> 'Also validate path',
+	'REFERER_VALID'					=> 'Validate Referer',
+	'REFERER_VALID_EXPLAIN'			=> 'If enabled, the referer of POST requests will be checked against the host/script path settings. This may cause issues with boards using several domains and or external logins.',
 	'TPL_ALLOW_PHP'					=> 'Allow php in templates',
 	'TPL_ALLOW_PHP_EXPLAIN'			=> 'If this option is enabled, <code>PHP</code> and <code>INCLUDEPHP</code> statements will be recognised and parsed in templates.',
 ));
diff --git a/phpBB/language/en/acp/common.php b/phpBB/language/en/acp/common.php
index f380b1f570..9ed92bfcfb 100644
--- a/phpBB/language/en/acp/common.php
+++ b/phpBB/language/en/acp/common.php
@@ -201,6 +201,9 @@ $lang = array_merge($lang, array(
 	'ADMIN_INDEX'			=> 'Admin index',
 	'ADMIN_PANEL'			=> 'Administration Control Panel',
 
+	'ADM_LOGOUT'			=> 'ACP Logout',
+	'ADM_LOGGED_OUT'		=> 'Successfully logged out from Administration Control Panel',
+
 	'BACK'					=> 'Back',
 
 	'COLOUR_SWATCH'			=> 'Web-safe colour swatch',
@@ -608,6 +611,7 @@ $lang = array_merge($lang, array(
 	'LOG_REASON_REMOVED'	=> '<strong>Removed report/denial reason</strong><br />» %s',
 	'LOG_REASON_UPDATED'	=> '<strong>Updated report/denial reason</strong><br />» %s',
 
+	'LOG_REFERER_INVALID'		=> '<strong>Referer validation failed</strong><br />»Referer was “<em>%1$s</em>”. The request was rejected and the session killed.',
 	'LOG_RESET_DATE'			=> '<strong>Board start date reset</strong>',
 	'LOG_RESET_ONLINE'			=> '<strong>Most users online reset</strong>',
 	'LOG_RESYNC_POSTCOUNTS'		=> '<strong>User post counts resynchronised</strong>',
diff --git a/phpBB/language/en/acp/groups.php b/phpBB/language/en/acp/groups.php
index 714cbe7f0d..f74110a7d3 100644
--- a/phpBB/language/en/acp/groups.php
+++ b/phpBB/language/en/acp/groups.php
@@ -108,6 +108,7 @@ $lang = array_merge($lang, array(
 	'NO_PERMISSIONS'			=> 'Do not copy permissions',
 	'NO_USERS'					=> 'You haven’t entered any users.',
 	'NO_USERS_ADDED'			=> 'No users were added to the group.',
+	'NO_VALID_USERS'			=> 'You haven’t entered any users eligible for that action.',
 
 	'SPECIAL_GROUPS'			=> 'Pre-defined groups',
 	'SPECIAL_GROUPS_EXPLAIN'	=> 'Pre-defined groups are special groups, they cannot be deleted or directly modified. However you can still add users and alter basic settings.',
diff --git a/phpBB/language/en/common.php b/phpBB/language/en/common.php
index db5f49339a..7739c63521 100644
--- a/phpBB/language/en/common.php
+++ b/phpBB/language/en/common.php
@@ -78,6 +78,7 @@ $lang = array_merge($lang, array(
 	'ATTACHED_IMAGE_NOT_IMAGE'		=> 'The image file you tried to attach is invalid.',
 	'AUTHOR'						=> 'Author',
 	'AUTH_NO_PROFILE_CREATED'		=> 'The creation of a user profile was unsuccessful.',
+	'AVATAR_DISALLOWED_CONTENT'		=> 'The upload was rejected because the uploaded file was identified as a possible attack vector.',
 	'AVATAR_DISALLOWED_EXTENSION'	=> 'This file cannot be displayed because the extension <strong>%s</strong> is not allowed.',
 	'AVATAR_EMPTY_REMOTE_DATA'		=> 'The specified avatar could not be uploaded because the remote data appears to be invalid or corrupted.',
 	'AVATAR_EMPTY_FILEUPLOAD'		=> 'The uploaded avatar file is empty.',
diff --git a/phpBB/language/en/install.php b/phpBB/language/en/install.php
old mode 100755
new mode 100644
diff --git a/phpBB/language/en/memberlist.php b/phpBB/language/en/memberlist.php
index ad4dd83ca4..b5b8434776 100644
--- a/phpBB/language/en/memberlist.php
+++ b/phpBB/language/en/memberlist.php
@@ -132,6 +132,7 @@ $lang = array_merge($lang, array(
 
 	'USERNAME_BEGINS_WITH'	=> 'Username begins with',
 	'USER_ADMIN'			=> 'Administrate user',
+	'USER_BAN'				=> 'Banning',
 	'USER_FORUM'			=> 'User statistics',
 	'USER_ONLINE'			=> 'Online',
 	'USER_PRESENCE'			=> 'Board presence',
diff --git a/phpBB/language/en/posting.php b/phpBB/language/en/posting.php
index 76878c8f7c..f75837e96f 100644
--- a/phpBB/language/en/posting.php
+++ b/phpBB/language/en/posting.php
@@ -82,6 +82,7 @@ $lang = array_merge($lang, array(
 	'DISABLE_BBCODE'			=> 'Disable BBCode',
 	'DISABLE_MAGIC_URL'			=> 'Do not automatically parse URLs',
 	'DISABLE_SMILIES'			=> 'Disable smilies',
+	'DISALLOWED_CONTENT'		=> 'The upload was rejected because the uploaded file was identified as a possible attack vector.',
 	'DISALLOWED_EXTENSION'		=> 'The extension %s is not allowed.',
 	'DRAFT_LOADED'				=> 'Draft loaded into posting area, you may want to finish your post now.<br />Your draft will be deleted after submitting this post.',
 	'DRAFT_LOADED_PM'			=> 'Draft loaded into message area, you may want to finish your private message now.<br />Your draft will be deleted after submitting this private message.',
diff --git a/phpBB/mcp.php b/phpBB/mcp.php
index cd6d20b19c..cb6c14ca0c 100644
--- a/phpBB/mcp.php
+++ b/phpBB/mcp.php
@@ -166,7 +166,7 @@ if ($quickmod)
 		case 'delete_post':
 		case 'delete_topic':
 			$module->load('mcp', 'main', 'quickmod');
-			exit_handler();
+			exit;
 		break;
 
 		case 'topic_logs':
@@ -390,7 +390,7 @@ function get_topic_data($topic_ids, $acl_list = false, $read_tracking = false)
 
 		$sql = $db->sql_build_query('SELECT', $sql_array);
 		$result = $db->sql_query($sql);
-	
+
 		while ($row = $db->sql_fetchrow($result))
 		{
 			if (!$row['forum_id'])
diff --git a/phpBB/memberlist.php b/phpBB/memberlist.php
index a4c6b18f8f..f33eac5bac 100644
--- a/phpBB/memberlist.php
+++ b/phpBB/memberlist.php
@@ -551,6 +551,8 @@ switch ($mode)
 			'S_CUSTOM_FIELDS'	=> (isset($profile_fields['row']) && sizeof($profile_fields['row'])) ? true : false,
 
 			'U_USER_ADMIN'			=> ($auth->acl_get('a_user')) ? append_sid("{$phpbb_root_path}adm/index.$phpEx", 'i=users&amp;mode=overview&amp;u=' . $user_id, true, $user->session_id) : '',
+			'U_USER_BAN'			=> ($auth->acl_get('m_ban')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=ban&amp;mode=user&amp;u=' . $user_id, true, $user->session_id) : '',
+
 			'U_SWITCH_PERMISSIONS'	=> ($auth->acl_get('a_switchperm') && $user->data['user_id'] != $user_id) ? append_sid("{$phpbb_root_path}ucp.$phpEx", "mode=switch_perm&amp;u={$user_id}") : '',
 
 			'S_ZEBRA'			=> ($user->data['user_id'] != $user_id && $user->data['is_registered'] && $zebra_enabled) ? true : false,
@@ -896,7 +898,7 @@ switch ($mode)
 		}
 
 		$sort_key_text['m'] = $user->lang['SORT_RANK'];
-		$sort_key_sql['m'] = 'u.user_rank DESC, u.user_posts';
+		$sort_key_sql['m'] = 'u.user_rank';
 
 		$sort_dir_text = array('a' => $user->lang['ASCENDING'], 'd' => $user->lang['DESCENDING']);
 
@@ -1156,6 +1158,12 @@ switch ($mode)
 
 		$order_by .= $sort_key_sql[$sort_key] . ' ' . (($sort_dir == 'a') ? 'ASC' : 'DESC');
 
+		// Unfortunately we must do this here for sorting by rank, else the sort order is applied wrongly
+		if ($sort_key == 'm')
+		{
+			$order_by .= ', u.user_posts DESC';
+		}
+
 		// Count the users ...
 		if ($sql_where)
 		{
@@ -1556,6 +1564,7 @@ function show_profile($data)
 
 		'A_USERNAME'		=> addslashes(get_username_string('username', $user_id, $username, $data['user_colour'])),
 
+		'AVATAR_IMG'		=> get_user_avatar($data['user_avatar'], $data['user_avatar_type'], $data['user_avatar_width'], $data['user_avatar_height']),
 		'ONLINE_IMG'		=> (!$config['load_onlinetrack']) ? '' : (($online) ? $user->img('icon_user_online', 'ONLINE') : $user->img('icon_user_offline', 'OFFLINE')),
 		'S_ONLINE'			=> ($config['load_onlinetrack'] && $online) ? true : false,
 		'RANK_IMG'			=> $rank_img,
diff --git a/phpBB/posting.php b/phpBB/posting.php
index dfe7b348a7..1dd2244656 100644
--- a/phpBB/posting.php
+++ b/phpBB/posting.php
@@ -114,8 +114,7 @@ switch ($mode)
 		else
 		{
 			upload_popup();
-			garbage_collection();
-			exit_handler();
+			exit;
 		}
 	break;
 
@@ -146,7 +145,7 @@ if (!$post_data)
 if ($mode == 'popup')
 {
 	upload_popup($post_data['forum_style']);
-	exit_handler();
+	exit;
 }
 
 $user->setup(array('posting', 'mcp', 'viewtopic'), $post_data['forum_style']);
@@ -277,7 +276,7 @@ if ($mode == 'edit' && !$auth->acl_get('m_edit', $forum_id))
 if ($mode == 'delete')
 {
 	handle_post_delete($forum_id, $topic_id, $post_id, $post_data);
-	exit_handler();
+	exit;
 }
 
 // Handle bump mode...
@@ -998,8 +997,6 @@ if ($submit || $preview || $refresh)
 				$data['topic_replies'] = $post_data['topic_replies'];
 			}
 
-			unset($message_parser);
-
 			$redirect_url = submit_post($mode, $post_data['post_subject'], $post_data['username'], $post_data['topic_type'], $poll, $data, $update_message);
 			$post_need_approval = (!$auth->acl_get('f_noapprove', $data['forum_id']) && !$auth->acl_get('m_approve', $data['forum_id'])) ? true : false;
 
@@ -1155,7 +1152,6 @@ if (sizeof($post_data['poll_options']) && $post_data['poll_title'])
 	$message_parser->decode_message();
 	$post_data['poll_options'] = explode("\n", $message_parser->message);
 }
-unset($message_parser);
 
 // MAIN POSTING PAGE BEGINS HERE
 
@@ -1405,6 +1401,9 @@ function upload_popup($forum_style = 0)
 	);
 
 	$template->display('popup');
+
+	garbage_collection();
+	exit_handler();
 }
 
 /**
diff --git a/phpBB/style.php b/phpBB/style.php
index 9d38128356..cb2bcff115 100644
--- a/phpBB/style.php
+++ b/phpBB/style.php
@@ -20,7 +20,7 @@ error_reporting(E_ALL ^ E_NOTICE);
 
 require($phpbb_root_path . 'config.' . $phpEx);
 
-if (!defined('PHPBB_INSTALLED') || empty($dbms) || !isset($dbhost) || !isset($dbpasswd) || empty($dbuser))
+if (!defined('PHPBB_INSTALLED') || empty($dbms) || empty($acm_type))
 {
 	exit;
 }
@@ -57,11 +57,6 @@ if (strspn($sid, 'abcdefABCDEF0123456789') !== strlen($sid))
 // server a little
 if ($id)
 {
-	if (empty($acm_type) || empty($dbms))
-	{
-		die('Hacking attempt');
-	}
-
 	// Include files
 	require($phpbb_root_path . 'includes/acm/acm_' . $acm_type . '.' . $phpEx);
 	require($phpbb_root_path . 'includes/cache.' . $phpEx);
@@ -100,7 +95,7 @@ if ($id)
 		$user		= array('user_id' => ANONYMOUS);
 	}
 
-	$sql = 'SELECT s.style_id, c.theme_data, c.theme_path, c.theme_name, c.theme_mtime, i.*, t.template_path
+	$sql = 'SELECT s.style_id, c.theme_id, c.theme_data, c.theme_path, c.theme_name, c.theme_mtime, i.*, t.template_path
 		FROM ' . STYLES_TABLE . ' s, ' . STYLES_TEMPLATE_TABLE . ' t, ' . STYLES_THEME_TABLE . ' c, ' . STYLES_IMAGESET_TABLE . ' i
 		WHERE s.style_id = ' . $id . '
 			AND t.template_id = s.template_id
@@ -198,7 +193,7 @@ if ($id)
 		);
 
 		$sql = 'UPDATE ' . STYLES_THEME_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
-			WHERE theme_id = $id";
+			WHERE theme_id = {$theme['theme_id']}";
 		$db->sql_query($sql);
 
 		$cache->destroy('sql', STYLES_THEME_TABLE);
diff --git a/phpBB/styles/prosilver/imageset/icon_user_warn.gif b/phpBB/styles/prosilver/imageset/icon_user_warn.gif
old mode 100755
new mode 100644
diff --git a/phpBB/styles/prosilver/imageset/imageset.cfg b/phpBB/styles/prosilver/imageset/imageset.cfg
index 83b5cdb710..4635a8bcef 100644
--- a/phpBB/styles/prosilver/imageset/imageset.cfg
+++ b/phpBB/styles/prosilver/imageset/imageset.cfg
@@ -19,7 +19,7 @@
 # General Information about this style
 name = prosilver
 copyright = &copy; phpBB Group, 2007
-version = 3.0.0
+version = 3.0.2
 
 # Images
 img_site_logo = site_logo.gif*52*139
diff --git a/phpBB/styles/prosilver/style.cfg b/phpBB/styles/prosilver/style.cfg
index f1ea67f7ce..988dee1650 100644
--- a/phpBB/styles/prosilver/style.cfg
+++ b/phpBB/styles/prosilver/style.cfg
@@ -19,4 +19,4 @@
 # General Information about this style
 name = prosilver
 copyright = &copy; phpBB Group, 2007
-version = 3.0.0
\ No newline at end of file
+version = 3.0.2
\ No newline at end of file
diff --git a/phpBB/styles/prosilver/template/mcp_ban.html b/phpBB/styles/prosilver/template/mcp_ban.html
index c803ba253f..460c95e2a1 100644
--- a/phpBB/styles/prosilver/template/mcp_ban.html
+++ b/phpBB/styles/prosilver/template/mcp_ban.html
@@ -44,7 +44,7 @@
 	<fieldset>
 	<dl>
 		<dt><label for="ban">{L_BAN_CELL}:</label></dt>
-		<dd><label for="ban"><textarea name="ban" id="ban" class="inputbox" cols="40" rows="3">{USERNAMES}</textarea></label></dd>
+		<dd><label for="ban"><textarea name="ban" id="ban" class="inputbox" cols="40" rows="3">{BAN_QUANTIFIER}</textarea></label></dd>
 		<!-- IF S_USERNAME_BAN --><dd><strong><a href="{U_FIND_USERNAME}" onclick="find_username(this.href); return false;">{L_FIND_USERNAME}</a></strong></dd><!-- ENDIF -->
 	</dl>
 	<dl>
diff --git a/phpBB/styles/prosilver/template/mcp_queue.html b/phpBB/styles/prosilver/template/mcp_queue.html
index e2f140667c..0af3032fcf 100644
--- a/phpBB/styles/prosilver/template/mcp_queue.html
+++ b/phpBB/styles/prosilver/template/mcp_queue.html
@@ -36,7 +36,7 @@
 		<!-- BEGIN postrow -->
 
 		<!-- IF postrow.S_DELETED_TOPIC -->
-			<li><p class="notopics">{L_DELETED_TOPIC}</li>		
+			<li><p class="notopics">{L_DELETED_TOPIC}</p></li>
 		<!-- ELSE -->
 	
 		<li class="row<!-- IF postrow.S_ROW_COUNT is odd --> bg1<!-- ELSE --> bg2<!-- ENDIF -->">
diff --git a/phpBB/styles/prosilver/template/memberlist_view.html b/phpBB/styles/prosilver/template/memberlist_view.html
index 53f516b193..7df3eb6a91 100644
--- a/phpBB/styles/prosilver/template/memberlist_view.html
+++ b/phpBB/styles/prosilver/template/memberlist_view.html
@@ -19,6 +19,7 @@
 		<dd>
 			<!-- IF USER_COLOR --><span style="color: {USER_COLOR}; font-weight: bold;"><!-- ELSE --><span><!-- ENDIF -->{USERNAME}</span>
 			<!-- IF U_USER_ADMIN --> [ <a href="{U_USER_ADMIN}">{L_USER_ADMIN}</a> ]<!-- ENDIF -->
+			<!-- IF U_USER_BAN --> [ <a href="{U_USER_BAN}">{L_USER_BAN}</a> ]<!-- ENDIF -->
 			<!-- IF U_SWITCH_PERMISSIONS --> [ <a href="{U_SWITCH_PERMISSIONS}">{L_USE_PERMISSIONS}</a> ]<!-- ENDIF -->
 		</dd>
 		<!-- IF not AVATAR_IMG -->
diff --git a/phpBB/styles/prosilver/template/template.cfg b/phpBB/styles/prosilver/template/template.cfg
index 1251dcdce2..dbf3a29077 100644
--- a/phpBB/styles/prosilver/template/template.cfg
+++ b/phpBB/styles/prosilver/template/template.cfg
@@ -19,7 +19,7 @@
 # General Information about this template
 name = prosilver
 copyright = &copy; phpBB Group, 2007
-version = 3.0.0
+version = 3.0.2
 
 # Defining a different template bitfield
 template_bitfield = lNg=
diff --git a/phpBB/styles/prosilver/template/ucp_main_subscribed.html b/phpBB/styles/prosilver/template/ucp_main_subscribed.html
index 9dd28a0956..b146619f75 100644
--- a/phpBB/styles/prosilver/template/ucp_main_subscribed.html
+++ b/phpBB/styles/prosilver/template/ucp_main_subscribed.html
@@ -81,7 +81,7 @@
 <!-- IF .topicrow or .forumrow -->
 	<fieldset class="display-actions">	
 		<input type="submit" name="unwatch" value="{L_UNWATCH_MARKED}" class="button2" />
-		<div><a href="#" onclick="marklist('ucp', '', true); return false;">{L_MARK_ALL}</a> &bull; <a href="#" onclick="marklist('ucp', '', false); return false;">{L_UNMARK_ALL}</a></div>
+		<div><a href="#" onclick="marklist('ucp', 't', true); return false;">{L_MARK_ALL}</a> &bull; <a href="#" onclick="marklist('ucp', 't', false); return false;">{L_UNMARK_ALL}</a></div>
 		{S_FORM_TOKEN}
 	</fieldset>
 <!-- ENDIF -->
diff --git a/phpBB/styles/prosilver/template/ucp_pm_history.html b/phpBB/styles/prosilver/template/ucp_pm_history.html
index cadb44e914..5f2994f145 100644
--- a/phpBB/styles/prosilver/template/ucp_pm_history.html
+++ b/phpBB/styles/prosilver/template/ucp_pm_history.html
@@ -9,7 +9,7 @@
 	<div class="post <!-- IF history_row.S_ROW_COUNT is even -->bg1<!-- ELSE -->bg2<!-- ENDIF -->">
 		<div class="inner"><span class="corners-top"><span></span></span>
 
-		<div class="postbody" id="pr{history_row.U_MSG_ID}">
+		<div class="postbody" id="pr{history_row.MSG_ID}">
 			<!-- IF history_row.U_QUOTE -->
 			<ul class="profile-icons">
 				<li class="quote-icon"><a href="{history_row.U_QUOTE}" title="{L_QUOTE} {history_row.MESSAGE_AUTHOR}"><span>{L_QUOTE} {history_row.MESSAGE_AUTHOR}</span></a></li>
@@ -19,7 +19,7 @@
 			<h3><a href="{history_row.U_VIEW_MESSAGE}" <!-- IF history_row.S_CURRENT_MSG -->class="current"<!-- ENDIF -->>{history_row.SUBJECT}</a></h3>
 			<p class="author<!-- IF history_row.S_CURRENT_MSG --> current<!-- ENDIF -->">{history_row.MINI_POST_IMG} {L_SENT_AT}: <strong>{history_row.SENT_DATE}</strong><br />
 				{L_MESSAGE_BY_AUTHOR} {history_row.MESSAGE_AUTHOR_FULL}</p>
-			<div class="content<!-- IF history_row.S_CURRENT_MSG --> current<!-- ENDIF -->" id="message_{history_row.U_MSG_ID}">
+			<div class="content<!-- IF history_row.S_CURRENT_MSG --> current<!-- ENDIF -->" id="message_{history_row.MSG_ID}">
 				{history_row.MESSAGE}
 			</div>
 		</div>
diff --git a/phpBB/styles/prosilver/theme/bidi.css b/phpBB/styles/prosilver/theme/bidi.css
index fc0b306a6c..a5327bd0d1 100644
--- a/phpBB/styles/prosilver/theme/bidi.css
+++ b/phpBB/styles/prosilver/theme/bidi.css
@@ -253,8 +253,8 @@
 }
 
 .rtl ul.topiclist li.row dt a.subforum {
-	padding: 0 0 0 12px;
-	background-position: 100% 100%;
+	padding-right: 12px;
+	background-position: right;
 	position: static;
 }
 
diff --git a/phpBB/styles/prosilver/theme/theme.cfg b/phpBB/styles/prosilver/theme/theme.cfg
index 19fb8517b2..070d356aa5 100644
--- a/phpBB/styles/prosilver/theme/theme.cfg
+++ b/phpBB/styles/prosilver/theme/theme.cfg
@@ -21,7 +21,7 @@
 # General Information about this theme
 name = prosilver
 copyright = &copy; phpBB Group, 2007
-version = 3.0.0
+version = 3.0.2
 
 # Some configuration options
 
diff --git a/phpBB/styles/subsilver2/imageset/imageset.cfg b/phpBB/styles/subsilver2/imageset/imageset.cfg
index 44f44007d7..11800f5fb7 100644
--- a/phpBB/styles/subsilver2/imageset/imageset.cfg
+++ b/phpBB/styles/subsilver2/imageset/imageset.cfg
@@ -19,7 +19,7 @@
 # General Information about this style
 name = subsilver2
 copyright = &copy; phpBB Group, 2003
-version = 3.0.0
+version = 3.0.2
 
 # Images 
 img_site_logo = site_logo.gif*94*170
diff --git a/phpBB/styles/subsilver2/style.cfg b/phpBB/styles/subsilver2/style.cfg
index 7465d36673..6451ea13db 100644
--- a/phpBB/styles/subsilver2/style.cfg
+++ b/phpBB/styles/subsilver2/style.cfg
@@ -19,4 +19,4 @@
 # General Information about this style
 name = subsilver2
 copyright = &copy; 2005 phpBB Group
-version = 3.0.0
+version = 3.0.2
diff --git a/phpBB/styles/subsilver2/template/template.cfg b/phpBB/styles/subsilver2/template/template.cfg
index c83a1d94ad..c1f549eac2 100644
--- a/phpBB/styles/subsilver2/template/template.cfg
+++ b/phpBB/styles/subsilver2/template/template.cfg
@@ -19,5 +19,5 @@
 # General Information about this template
 name = subsilver2
 copyright = &copy; phpBB Group, 2003
-version = 3.0.0
+version = 3.0.2
 
diff --git a/phpBB/styles/subsilver2/theme/theme.cfg b/phpBB/styles/subsilver2/theme/theme.cfg
index 648c5732a8..96a68258cb 100644
--- a/phpBB/styles/subsilver2/theme/theme.cfg
+++ b/phpBB/styles/subsilver2/theme/theme.cfg
@@ -21,7 +21,7 @@
 # General Information about this theme
 name = subsilver2
 copyright = &copy; phpBB Group, 2003
-version = 3.0.0
+version = 3.0.2
 
 # Some configuration options
 
diff --git a/phpBB/ucp.php b/phpBB/ucp.php
old mode 100755
new mode 100644
index 1d182a713a..2b236c29c5
--- a/phpBB/ucp.php
+++ b/phpBB/ucp.php
@@ -69,7 +69,7 @@ switch ($mode)
 
 	case 'confirm':
 		$module->load('ucp', 'confirm');
-		exit_handler();
+		exit;
 	break;
 
 	case 'login':
@@ -93,7 +93,7 @@ switch ($mode)
 			$message = ($user->data['user_id'] == ANONYMOUS) ? $user->lang['LOGOUT_REDIRECT'] : $user->lang['LOGOUT_FAILED'];
 		}
 		meta_refresh(3, append_sid("{$phpbb_root_path}index.$phpEx"));
-	
+
 		$message = $message . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.$phpEx") . '">', '</a> ');
 		trigger_error($message);
 
@@ -135,7 +135,7 @@ switch ($mode)
 	break;
 
 	case 'delete_cookies':
-		
+
 		// Delete Cookies with dynamic names (do NOT delete poll cookies)
 		if (confirm_box(true))
 		{
diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php
index daae349401..0fafefad1e 100644
--- a/phpBB/viewtopic.php
+++ b/phpBB/viewtopic.php
@@ -451,9 +451,16 @@ $s_watching_topic = array(
 	'is_watching'	=> false,
 );
 
-if ($config['email_enable'] && $config['allow_topic_notify'] && $user->data['is_registered'])
+if (($config['email_enable'] || $config['jab_enable']) && $config['allow_topic_notify'] && $user->data['is_registered'])
 {
 	watch_topic_forum('topic', $s_watching_topic, $user->data['user_id'], $forum_id, $topic_id, $topic_data['notify_status'], $start);
+
+	// Reset forum notification if forum notify is set
+	if ($config['allow_forum_notify'] && $auth->acl_get('f_subscribe', $forum_id))
+	{
+		$s_watching_forum = $s_watching_topic;
+		watch_topic_forum('forum', $s_watching_forum, $user->data['user_id'], $forum_id, 0);
+	}
 }
 
 // Bookmarks
@@ -1003,7 +1010,6 @@ while ($row = $db->sql_fetchrow($result))
 				'rank_image'		=> '',
 				'rank_image_src'	=> '',
 				'sig'				=> '',
-				'posts'				=> '',
 				'profile'			=> '',
 				'pm'				=> '',
 				'email'				=> '',
@@ -1066,7 +1072,7 @@ while ($row = $db->sql_fetchrow($result))
 				'msn'			=> ($row['user_msnm'] && $auth->acl_get('u_sendim')) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", "mode=contact&amp;action=msnm&amp;u=$poster_id") : '',
 				'yim'			=> ($row['user_yim']) ? 'http://edit.yahoo.com/config/send_webmesg?.target=' . urlencode($row['user_yim']) . '&amp;.src=pg' : '',
 				'jabber'		=> ($row['user_jabber'] && $auth->acl_get('u_sendim')) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", "mode=contact&amp;action=jabber&amp;u=$poster_id") : '',
-				'search'		=> ($auth->acl_get('u_search')) ? append_sid("{$phpbb_root_path}search.$phpEx", 'search_author=' . urlencode($row['username']) .'&amp;showresults=posts') : '',
+				'search'		=> ($auth->acl_get('u_search')) ? append_sid("{$phpbb_root_path}search.$phpEx", 'search_author=' . urlencode($row['username']) .'&amp;sr=posts') : '',
 			);
 
 			get_user_rank($row['user_rank'], $row['user_posts'], $user_cache[$poster_id]['rank_title'], $user_cache[$poster_id]['rank_image'], $user_cache[$poster_id]['rank_image_src']);