diff -urbB punbb-1.1.1/upload/admin_bans.php punbb-1.1.4/upload/admin_bans.php
--- punbb-1.1.1/upload/admin_bans.php	2004-03-21 16:29:19.000000000 +0100
+++ punbb-1.1.4/upload/admin_bans.php	2004-04-25 22:34:48.000000000 +0200
@@ -54,7 +54,7 @@
 		}
 		else	// Otherwise the username is in POST
 		{
-			$ban_user = trim(strtolower($_POST['new_ban_user']));
+			$ban_user = trim($_POST['new_ban_user']);
 	
 			if ($ban_user != '')
 			{
@@ -121,8 +121,8 @@
 			<td class="puncon2">
 				<table class="punplain" cellpadding="6">
 					<tr>
-						<td class="punright" style="width: 35%"><b>Username</b><br>The username to ban (case insensitive).</td>
-						<td style="width: 35%"><input type="text" name="ban_user" size="25" maxlength="25" value="<?php echo $ban_user ?>" tabindex="1"></td>
+						<td class="punright" style="width: 35%"><b>Username</b><br>The username to ban.</td>
+						<td style="width: 35%"><input type="text" name="ban_user" size="25" maxlength="25" value="<?php echo pun_htmlspecialchars($ban_user) ?>" tabindex="1"></td>
 					</tr>
 					<tr>
 						<td class="punright" style="width: 35%"><b>IP-adresses</b><br>The IP or IP-ranges you wish to ban (e.g. 150.11.110.1 or 150.11.110). Separate addresses with spaces. If an IP is entered already it is the last known IP of this user in the database.<?php if ($ban_user != '') echo ' Click <a href="admin_users.php?ip_stats='.$user_id.'">here</a> to see IP statistics for this user.' ?></td>
diff -urbB punbb-1.1.1/upload/admin_maintenance.php punbb-1.1.4/upload/admin_maintenance.php
--- punbb-1.1.1/upload/admin_maintenance.php	2004-03-21 16:29:19.000000000 +0100
+++ punbb-1.1.4/upload/admin_maintenance.php	2004-03-21 16:29:24.000000000 +0100
@@ -42,6 +42,8 @@
 	if (empty($per_page) || empty($start_at))
 		message($lang_common['Bad request']);
 
+	@set_time_limit(0);
+
 	// If this is the first cycle of posts we empty the search index before we proceed
 	if (isset($_GET['empty_index']))
 	{
diff -urbB punbb-1.1.1/upload/admin_options.php punbb-1.1.4/upload/admin_options.php
--- punbb-1.1.1/upload/admin_options.php	2004-03-21 16:29:19.000000000 +0100
+++ punbb-1.1.4/upload/admin_options.php	2004-03-21 16:29:24.000000000 +0100
@@ -94,13 +94,24 @@
 			$form['maintenance'] = '0';
 	}
 
+	$form['timeout_visit'] = intval($form['timeout_visit']);
+	$form['timeout_online'] = intval($form['timeout_online']);
+	$form['redirect_delay'] = intval($form['redirect_delay']);
+	$form['flood_interval'] = intval($form['flood_interval']);
+	$form['topic_review'] = intval($form['topic_review']);
+	$form['disp_topics_default'] = intval($form['disp_topics_default']);
+	$form['disp_posts_default'] = intval($form['disp_posts_default']);
+	$form['indent_num_spaces'] = intval($form['indent_num_spaces']);
+	$form['avatars_width'] = intval($form['avatars_width']);
+	$form['avatars_height'] = intval($form['avatars_height']);
+	$form['avatars_size'] = intval($form['avatars_size']);
 
 	while (list($key, $input) = @each($form))
 	{
 		// Only update values that have changed
 		if ($pun_config['o_'.$key] != $input)
 		{
-			if ($input != '')
+			if ($input != '' || is_int($input))
 				$value = '\''.escape($input).'\'';
 			else
 				$value = 'NULL';
@@ -392,11 +403,11 @@
 					</tr>
 					<tr>
 						<td class="punright" style="width: 35%"><b>SMTP username</b><br>Username for SMTP server. Only enter a username if it is required by the SMTP server (most servers <b>don't</b> require authentication).</td>
-						<td style="width: 65%"><input type="text" name="form[smtp_user]" size="25" maxlength="25" value="<?php echo $pun_config['o_smtp_user'] ?>"></td>
+						<td style="width: 65%"><input type="text" name="form[smtp_user]" size="25" maxlength="50" value="<?php echo $pun_config['o_smtp_user'] ?>"></td>
 					</tr>
 					<tr>
 						<td class="punright" style="width: 35%"><b>SMTP password</b><br>Password for SMTP server. Only enter a password if it is required by the SMTP server (most servers <b>don't</b> require authentication).</td>
-						<td style="width: 65%"><input type="text" name="form[smtp_pass]" size="25" maxlength="25" value="<?php echo $pun_config['o_smtp_pass'] ?>"></td>
+						<td style="width: 65%"><input type="text" name="form[smtp_pass]" size="25" maxlength="50" value="<?php echo $pun_config['o_smtp_pass'] ?>"></td>
 					</tr>
 				</table>
 			</td>
diff -urbB punbb-1.1.1/upload/admin_permissions.php punbb-1.1.4/upload/admin_permissions.php
--- punbb-1.1.1/upload/admin_permissions.php	2004-03-21 16:29:19.000000000 +0100
+++ punbb-1.1.4/upload/admin_permissions.php	2004-03-21 16:29:24.000000000 +0100
@@ -38,12 +38,15 @@
 
 	$form = array_map('trim', $_POST['form']);
 
+	$form['sig_length'] = intval($form['sig_length']);
+	$form['sig_lines'] = intval($form['sig_lines']);
+
 	while (list($key, $input) = @each($form))
 	{
 		// Only update values that have changed
 		if ($pun_config['p_'.$key] != $input)
 		{
-			if ($input != '')
+			if ($input != '' || is_int($input))
 				$value = '\''.escape($input).'\'';
 			else
 				$value = 'NULL';
diff -urbB punbb-1.1.1/upload/admin_prune.php punbb-1.1.4/upload/admin_prune.php
--- punbb-1.1.1/upload/admin_prune.php	2004-03-21 16:29:19.000000000 +0100
+++ punbb-1.1.4/upload/admin_prune.php	2004-03-21 16:29:24.000000000 +0100
@@ -87,7 +87,7 @@
 		$prune_from = $_POST['prune_from'];
 
 		// Concatenate together the query for counting number or topics to prune
-		$sql = 'SELECT COUNT(id) FROM '.$db->prefix.'topics WHERE last_post<'.$prune_date;
+		$sql = 'SELECT COUNT(id) FROM '.$db->prefix.'topics WHERE last_post<'.$prune_date.' AND moved_to IS NULL';
 
 		if ($_POST['prune_sticky'] == '0')
 			$sql .= ' AND sticky=\'0\'';
@@ -98,7 +98,7 @@
 
 			// Fetch the forum name (just for cosmetic reasons)
 			$result = $db->query('SELECT forum_name FROM '.$db->prefix.'forums WHERE id='.$prune_from) or error('Unable to fetch forum name', __FILE__, __LINE__, $db->error());
-			$forum = '"'.$db->result($result, 0).'"';
+			$forum = '"'.pun_htmlspecialchars($db->result($result, 0)).'"';
 		}
 		else
 			$forum = 'all forums';
diff -urbB punbb-1.1.1/upload/edit.php punbb-1.1.4/upload/edit.php
--- punbb-1.1.1/upload/edit.php	2004-03-21 16:29:19.000000000 +0100
+++ punbb-1.1.4/upload/edit.php	2004-03-21 16:29:24.000000000 +0100
@@ -124,8 +124,7 @@
 
 	if ($smilies != '1') $smilies = '0';
 
-	if (!isset($_POST['silent']) || !$is_admmod)
-		$edited_sql = ', edited='.time().', edited_by=\''.addslashes($cur_user['username']).'\'';
+	$edited_sql = (!isset($_POST['silent']) || !$is_admmod) ? $edited_sql = ', edited='.time().', edited_by=\''.addslashes($cur_user['username']).'\'' : '';
 
 	if ($is_topicpost && $is_admmod)
 	{
diff -urbB punbb-1.1.1/upload/footer.php punbb-1.1.4/upload/footer.php
--- punbb-1.1.1/upload/footer.php	2004-03-21 16:29:19.000000000 +0100
+++ punbb-1.1.4/upload/footer.php	2004-03-21 16:29:24.000000000 +0100
@@ -72,10 +72,9 @@
 							<select name="id" onchange="window.location=('viewforum.php?id='+this.options[this.selectedIndex].value)">
 <?php
 
-	if ($cur_user['status'] < PUN_MOD)
-		$extra = ' WHERE f.admmod_only=\'0\'';
+	$extra_sql = ($cur_user['status'] < PUN_MOD) ? ' WHERE f.admmod_only=\'0\'' : '';
 
-	$result = $db->query('SELECT c.id AS cid, c.cat_name, f.id AS fid, f.forum_name FROM '.$db->prefix.'categories AS c INNER JOIN '.$db->prefix.'forums AS f ON c.id=f.cat_id'.$extra.' ORDER BY c.disp_position, c.id, f.disp_position') or error('Unable to fetch category/forum list', __FILE__, __LINE__, $db->error());
+	$result = $db->query('SELECT c.id AS cid, c.cat_name, f.id AS fid, f.forum_name FROM '.$db->prefix.'categories AS c INNER JOIN '.$db->prefix.'forums AS f ON c.id=f.cat_id'.$extra_sql.' ORDER BY c.disp_position, c.id, f.disp_position') or error('Unable to fetch category/forum list', __FILE__, __LINE__, $db->error());
 
 	while ($cur_forum = $db->fetch_assoc($result))
 	{
diff -urbB punbb-1.1.1/upload/header.php punbb-1.1.4/upload/header.php
--- punbb-1.1.1/upload/header.php	2004-03-21 16:29:19.000000000 +0100
+++ punbb-1.1.4/upload/header.php	2004-04-18 10:34:36.000000000 +0200
@@ -24,7 +24,7 @@
 
 
 // Send no-cache headers
-header('Cache-Control: no-store, no-cache, must-revalidate');
+//header('Cache-Control: no-store, no-cache, must-revalidate');
 header('Cache-Control: post-check=0, pre-check=0', false);
 header('Last-Modified: '.gmdate('D, d M Y H:i:s').' GMT');
 header('Expires: Thu, 21 Jul 1977 07:30:00 GMT');	// When yours truly first set eyes on this world! :)
diff -urbB punbb-1.1.1/upload/help.php punbb-1.1.4/upload/help.php
--- punbb-1.1.1/upload/help.php	2004-03-21 16:29:19.000000000 +0100
+++ punbb-1.1.4/upload/help.php	2004-03-21 16:29:24.000000000 +0100
@@ -93,7 +93,7 @@
 				<?php echo $lang_help['Quotes info'] ?><br><br>
 				&nbsp;&nbsp;&nbsp;&nbsp;[quote=James]<?php echo $lang_help['Quote text'] ?>[/quote]<br><br>
 				<?php echo $lang_help['produces quote box'] ?><br><br>
-				<table style="width: 95%" align="center" cellspacing="4" cellpadding="6"><tr><td class="punquote"><span class="puntext"><b>James <?php echo $lang_common['wrote'] ?>:</b><br><br>Text</span></td></tr></table><br>
+				<table style="width: 95%" align="center" cellspacing="4" cellpadding="6"><tr><td class="punquote"><span class="puntext"><b>James <?php echo $lang_common['wrote'] ?>:</b><br><br><?php echo $lang_help['Quote text'] ?></span></td></tr></table><br>
 				<?php echo $lang_help['Quotes info 2'] ?><br><br>
 				&nbsp;&nbsp;&nbsp;&nbsp;[quote]<?php echo $lang_help['Quote text'] ?>[/quote]<br><br>
 				<?php echo $lang_help['produces quote box'] ?><br><br>
diff -urbB punbb-1.1.1/upload/include/common.php punbb-1.1.4/upload/include/common.php
--- punbb-1.1.1/upload/include/common.php	2004-03-21 16:29:19.000000000 +0100
+++ punbb-1.1.4/upload/include/common.php	2004-03-21 16:29:24.000000000 +0100
@@ -48,9 +48,6 @@
 // Turn off magic_quotes_runtime
 set_magic_quotes_runtime(0);
 
-// Attempt to turn off register_globals (this really isn't needed, but we'll do it anyway)
-@ini_set('register_globals', 0);
-
 // Seed the random number generator
 mt_srand((double)microtime()*1000000);
 
diff -urbB punbb-1.1.1/upload/include/common_admin.php punbb-1.1.4/upload/include/common_admin.php
--- punbb-1.1.1/upload/include/common_admin.php	2004-03-21 16:29:19.000000000 +0100
+++ punbb-1.1.4/upload/include/common_admin.php	2004-03-21 16:29:24.000000000 +0100
@@ -82,16 +82,15 @@
 //
 function prune($forum_id, $prune_sticky, $prune_date)
 {
-	global $db;
+	global $pun_root, $db;
 
-	if ($prune_date != -1)
-		$extra = ' AND last_post<'.$prune_date;
+	$extra_sql = ($prune_date != -1) ? ' AND last_post<'.$prune_date : '';
 
 	if (!$prune_sticky)
-		$extra .= ' AND sticky=\'0\'';
+		$extra_sql .= ' AND sticky=\'0\''; 
 
 	// Fetch topics to prune
-	$result = $db->query('SELECT id FROM '.$db->prefix.'topics WHERE forum_id='.$forum_id.$extra) or error('Unable to fetch topics', __FILE__, __LINE__, $db->error());
+	$result = $db->query('SELECT id FROM '.$db->prefix.'topics WHERE forum_id='.$forum_id.$extra_sql) or error('Unable to fetch topics', __FILE__, __LINE__, $db->error());
 
 	while ($row = $db->fetch_row($result))
 		$topic_ids .= (($topic_ids != '') ? ',' : '').$row[0];
@@ -112,7 +111,7 @@
 			$db->query('DELETE FROM '.$db->prefix.'posts WHERE id IN('.$post_ids.')') or error('Unable to prune posts', __FILE__, __LINE__, $db->error());
 
 			// We removed a bunch of posts, so now we have to update the search index
-			require $pun_root.'include/search_idx.php';
+			require_once $pun_root.'include/search_idx.php';
 			strip_search_index($post_ids);
 		}
 	}
diff -urbB punbb-1.1.1/upload/include/functions.php punbb-1.1.4/upload/include/functions.php
--- punbb-1.1.1/upload/include/functions.php	2004-03-21 16:29:19.000000000 +0100
+++ punbb-1.1.4/upload/include/functions.php	2004-03-21 16:29:24.000000000 +0100
@@ -328,7 +328,7 @@
 	if ($user['title'] != '')
 		$user_title = pun_htmlspecialchars($user['title']);
 	// If the user is banned
-	else if (in_array(strtolower($user['username']), $ban_list))
+	else if (in_array(strtolower($user['username']), $ban_list, true))
 		$user_title = $lang_common['Banned'];
 	else if ($user['status'] <= PUN_USER)
 	{
diff -urbB punbb-1.1.1/upload/include/parser.php punbb-1.1.4/upload/include/parser.php
--- punbb-1.1.1/upload/include/parser.php	2004-03-21 16:29:19.000000000 +0100
+++ punbb-1.1.4/upload/include/parser.php	2004-03-21 16:29:24.000000000 +0100
@@ -178,6 +178,8 @@
 		$full_url = 'http://'.$full_url;
 	else if (strpos($url, 'ftp.') === 0)
 		$full_url = 'ftp://'.$full_url;
+	else if (strpos($url, 'http://') !== 0)
+		$full_url = 'http://'.$full_url;
 
 	// Ok, not very pretty :-)
 	$link = ($link == '' || $link == $url) ? ((strlen($url) > 55) ? substr($url, 0 , 39).' ... '.substr($url, -10) : $url) : stripslashes($link);
diff -urbB punbb-1.1.1/upload/include/search_idx.php punbb-1.1.4/upload/include/search_idx.php
--- punbb-1.1.1/upload/include/search_idx.php	2004-03-21 16:29:19.000000000 +0100
+++ punbb-1.1.4/upload/include/search_idx.php	2004-03-30 02:05:06.000000000 +0200
@@ -43,8 +43,8 @@
 
 	if (empty($noise_match))
 	{
-		$noise_match = 		array('^', '$', '&', '(', ')', '<', '>', '`', '\'', '"', '|', ',', '@', '_', '?', '%', '-', '~', '+', '.', '[', ']', '{', '}', ':', '\\', '/', '=', '#', ';', '!', '*');
-		$noise_replace =	array(' ', ' ', ' ', ' ', ' ', ' ', ' ', '',  '',   ' ', ' ', ' ', ' ', '',  ' ', ' ', '',  ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', '' ,  ' ', ' ', ' ', ' ', ' ', ' ');
+		$noise_match = 		array('quote', 'code', 'url', 'img', 'email', 'color', 'colour', '^', '$', '&', '(', ')', '<', '>', '`', '\'', '"', '|', ',', '@', '_', '?', '%', '-', '~', '+', '.', '[', ']', '{', '}', ':', '\\', '/', '=', '#', ';', '!', '*');
+		$noise_replace =	array('',      '',     '',    '',    '',      '',      '',       ' ', ' ', ' ', ' ', ' ', ' ', ' ', '',  '',   ' ', ' ', ' ', ' ', '',  ' ', ' ', '',  ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', '' ,  ' ', ' ', ' ', ' ', ' ', ' ');
 
 		$stopwords = @file('lang/'.$language.'/'.$language.'_stopwords.txt');
 	}
diff -urbB punbb-1.1.1/upload/index.php punbb-1.1.4/upload/index.php
--- punbb-1.1.1/upload/index.php	2004-03-21 16:29:19.000000000 +0100
+++ punbb-1.1.4/upload/index.php	2004-03-21 16:29:24.000000000 +0100
@@ -53,10 +53,9 @@
 
 
 // Print the categories and forums
-if ($cur_user['status'] < PUN_MOD)
-	$extra = ' WHERE f.admmod_only=\'0\'';
+$extra_sql = ($cur_user['status'] < PUN_MOD) ? ' WHERE f.admmod_only=\'0\'' : '';
 
-$result = $db->query('SELECT c.id AS cid, c.cat_name, f.id AS fid, f.forum_name, f.forum_desc, f.moderators, f.num_topics, f.num_posts, f.last_post, f.last_post_id, f.last_poster, f.closed FROM '.$db->prefix.'categories AS c INNER JOIN '.$db->prefix.'forums AS f ON c.id=f.cat_id'.$extra.' ORDER BY c.disp_position, c.id, f.disp_position') or error('Unable to fetch category/forum list', __FILE__, __LINE__, $db->error());
+$result = $db->query('SELECT c.id AS cid, c.cat_name, f.id AS fid, f.forum_name, f.forum_desc, f.moderators, f.num_topics, f.num_posts, f.last_post, f.last_post_id, f.last_poster, f.closed FROM '.$db->prefix.'categories AS c INNER JOIN '.$db->prefix.'forums AS f ON c.id=f.cat_id'.$extra_sql.' ORDER BY c.disp_position, c.id, f.disp_position') or error('Unable to fetch category/forum list', __FILE__, __LINE__, $db->error());
 
 while ($cur_forum = $db->fetch_assoc($result))
 {
diff -urbB punbb-1.1.1/upload/install.php punbb-1.1.4/upload/install.php
--- punbb-1.1.1/upload/install.php	2004-03-21 16:29:19.000000000 +0100
+++ punbb-1.1.4/upload/install.php	2004-04-26 10:49:00.000000000 +0200
@@ -24,7 +24,7 @@
 
 
 // The PunBB version this script installs
-$punbb_version = '1.1.1';
+$punbb_version = '1.1.4';
 
 
 $pun_root = './';
@@ -289,7 +289,7 @@
 			break;
 
 		default:
-			exit('\''.$db_type.'\' is not a valid database type. <a href="JavaScript: history.go(-1)">Go back</a>.');
+			exit('\''.htmlspecialchars($db_type).'\' is not a valid database type. <a href="JavaScript: history.go(-1)">Go back</a>.');
 			break;
 	}
 
@@ -864,7 +864,7 @@
 	$db->query('INSERT INTO '.$db_prefix."users (username, password, email) VALUES('Guest', 'Guest', 'Guest')", 1)
 		or exit('Unable to insert into table '.$db_prefix.'users. Please check your configuration and try again. <a href="JavaScript: history.go(-1)">Go back</a>.');
 
-	$db->query('INSERT INTO '.$db_prefix."users (username, password, email, num_posts, status, last_post, registered, last_visit) VALUES('".addslashes($username)."', '".pun_hash($password1)."', '$email', 1, 2, ".$now.", ".$now.", ".$now.')')
+	$db->query('INSERT INTO '.$db_prefix."users (username, password, email, num_posts, status, last_post, registered, last_visit, last_action) VALUES('".addslashes($username)."', '".pun_hash($password1)."', '$email', 1, 2, ".$now.", ".$now.", ".$now.", ".$now.')')
 		or exit('Unable to insert into table '.$db_prefix.'users. Please check your configuration and try again. <a href="JavaScript: history.go(-1)">Go back</a>.');
 
 	// Insert config data
@@ -975,7 +975,7 @@
 
 
 	/// Display config.php and give further instructions
-	$config = '<?php'."\n\n".'$db_type = \''.$db_type."';\n".'$db_host = \''.$db_host."';\n".'$db_name = \''.$db_name."';\n".'$db_username = \''.$db_username."';\n".'$db_password = \''.$db_password."';\n".'$db_prefix = \''.$db_prefix."';\n".'$p_connect = true;'."\n\n".'$cookie_name = '."'punbb_cookie';\n".'$cookie_domain = '."'';\n".'$cookie_path = '."'/';\n".'$cookie_secure = 0;'."\n\n".'$language = \'en\';'."\n\ndefine('PUN', 1);\n\n?>";
+	$config = '<?php'."\n\n".'$db_type = \''.$db_type."';\n".'$db_host = \''.$db_host."';\n".'$db_name = \''.$db_name."';\n".'$db_username = \''.$db_username."';\n".'$db_password = \''.$db_password."';\n".'$db_prefix = \''.$db_prefix."';\n".'$p_connect = false;'."\n\n".'$cookie_name = '."'punbb_cookie';\n".'$cookie_domain = '."'';\n".'$cookie_path = '."'/';\n".'$cookie_secure = 0;'."\n\n".'$language = \'en\';'."\n\ndefine('PUN', 1);\n\n?>";
 
 
 ?>
diff -urbB punbb-1.1.1/upload/lang/en/en_common.php punbb-1.1.4/upload/lang/en/en_common.php
--- punbb-1.1.1/upload/lang/en/en_common.php	2004-03-21 16:29:19.000000000 +0100
+++ punbb-1.1.4/upload/lang/en/en_common.php	2004-03-30 00:46:36.000000000 +0200
@@ -4,8 +4,9 @@
 $lang_common = array(
 
 // Text orientation and encoding
-'lang_direction'		=>	'ltr',	// LTR (Left-To-Right) or RTL (Right-To-Left)
+'lang_direction'		=>	'ltr',	// ltr (Left-To-Right) or rtl (Right-To-Left)
 'lang_encoding'			=>	'iso-8859-1',
+'lang_multibyte'		=>	false,
 
 // Notices
 'Bad request'			=>	'Bad request. The link you followed is incorrect or outdated.',
diff -urbB punbb-1.1.1/upload/lang/en/en_edit.php punbb-1.1.4/upload/lang/en/en_edit.php
--- punbb-1.1.1/upload/lang/en/en_edit.php	2004-03-21 16:29:19.000000000 +0100
+++ punbb-1.1.4/upload/lang/en/en_edit.php	2004-03-30 00:09:00.000000000 +0200
@@ -8,11 +8,11 @@
 'Too long subject'		=>	'Subjects cannot be longer than 70 characters.',
 'No caps subject'		=>	'Subjects must not contain only capital letters and special characters in this forum.',
 'No message'			=>	'You must enter a message.',
-'Too long message'		=>	'Posts cannot be longer that 65535 characters (64 Kb).',
+'Too long message'		=>	'Posts cannot be longer that 65535 characters (64 KB).',
 'No caps message'		=>	'Messages must not contain only capital letters and special characters in this forum.',
 
 // Miscellaneous
-'Show smilies'			=>	'Show smilies',
+'Show smilies'			=>	'Convert smilies to icons',
 'Silent edit'			=>	'Silent edit (don\'t display "Edited by ..." in topic view)',
 'Edit message'			=>	'Edit message',
 'Edit redirect'			=>	'Post updated. Redirecting ...'
diff -urbB punbb-1.1.1/upload/lang/en/en_post.php punbb-1.1.4/upload/lang/en/en_post.php
--- punbb-1.1.1/upload/lang/en/en_post.php	2004-03-21 16:29:19.000000000 +0100
+++ punbb-1.1.4/upload/lang/en/en_post.php	2004-03-30 00:08:58.000000000 +0200
@@ -8,14 +8,14 @@
 'Too long subject'		=>	'Subjects cannot be longer than 70 characters.',
 'No caps subject'		=>	'Subjects must not contain only capital letters and special characters in this forum.',
 'No message'			=>	'You must enter a message.',
-'Too long message'		=>	'Posts cannot be longer that 65535 characters (64 Kb).',
+'Too long message'		=>	'Posts cannot be longer that 65535 characters (64 KB).',
 'No caps message'		=>	'Messages must not contain only capital letters and special characters in this forum.',
 
 // Miscellaneous
 'Post redirect'			=>	'Post entered. Redirecting ...',
 'Post a reply'			=>	'Post a reply',
 'Post new topic'		=>	'Post new topic',
-'Show smilies'			=>	'Show smilies as icons',
+'Show smilies'			=>	'Convert smilies to icons',
 'Subscribe'				=>	'Subscribe to this topic',
 'Topic review'			=>	'Topic review (newest first)',
 'Flood start'			=>	'At least',
diff -urbB punbb-1.1.1/upload/lang/en/en_stopwords.txt punbb-1.1.4/upload/lang/en/en_stopwords.txt
--- punbb-1.1.1/upload/lang/en/en_stopwords.txt	2004-03-21 16:29:19.000000000 +0100
+++ punbb-1.1.4/upload/lang/en/en_stopwords.txt	2004-03-30 02:06:30.000000000 +0200
@@ -143,8 +143,3 @@
 you
 your
 yours
-lol
-quote
-code
-img
-wrote
diff -urbB punbb-1.1.1/upload/login.php punbb-1.1.4/upload/login.php
--- punbb-1.1.1/upload/login.php	2004-03-21 16:29:19.000000000 +0100
+++ punbb-1.1.4/upload/login.php	2004-03-21 16:29:24.000000000 +0100
@@ -81,7 +81,10 @@
 else if ($action == 'out')
 {
 	if ($cookie['is_guest'])
+	{
 		header('Location: index.php');
+		exit;
+	}
 
 	// Remove user from "users online" list.
 	$db->query('DELETE FROM '.$db->prefix.'online WHERE ident=\''.addslashes($cur_user['username']).'\'') or error('Unable to delete from online list', __FILE__, __LINE__, $db->error());
diff -urbB punbb-1.1.1/upload/misc.php punbb-1.1.4/upload/misc.php
--- punbb-1.1.1/upload/misc.php	2004-03-21 16:29:19.000000000 +0100
+++ punbb-1.1.4/upload/misc.php	2004-03-21 16:29:24.000000000 +0100
@@ -105,10 +105,13 @@
 
 		pun_mail($recipient_email, $mail_subject, $mail_message, $cur_user['username'].' <'.$cur_user['email'].'>');
 
-		redirect('profile.php?id='.$recipient_id, $lang_misc['E-mail sent redirect']);
+		redirect($_POST['redirect_url'], $lang_misc['E-mail sent redirect']);
 	}
 
 
+	// Try to determine if the data in HTTP_REFERER is valid (if not, we redirect to the users profile after the e-mail is sent)
+	$redirect_url = (isset($_SERVER['HTTP_REFERER']) && preg_match('#^'.preg_quote($pun_config['o_base_url']).'/(.*?)\.php#i', $_SERVER['HTTP_REFERER'])) ? $_SERVER['HTTP_REFERER'] : 'index.php';
+
 	$page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_misc['Send e-mail'];
 	$validate_form = true;
 	$element_names = array('req_subject' => $lang_misc['E-mail subject'], 'req_message' => $lang_misc['E-mail message']);
@@ -121,6 +124,7 @@
 
 <form method="post" action="misc.php?email=<?php echo $recipient_id ?>" id="email" onsubmit="return process_form(this)">
 	<input type="hidden" name="form_sent" value="1">
+	<input type="hidden" name="redirect_url" value="<?php echo $redirect_url ?>">
 	<table class="punmain" cellspacing="1" cellpadding="4">
 		<tr class="punhead">
 			<td class="punhead" colspan="2"><?php echo $lang_misc['Send e-mail'] ?></td>
diff -urbB punbb-1.1.1/upload/moderate.php punbb-1.1.4/upload/moderate.php
--- punbb-1.1.1/upload/moderate.php	2004-03-21 16:29:19.000000000 +0100
+++ punbb-1.1.4/upload/moderate.php	2004-03-21 16:29:24.000000000 +0100
@@ -316,7 +316,7 @@
 				$moved_to = $db->fetch_assoc($result);
 
 				// Create the redirect topic
-				$db->query('INSERT INTO '.$db->prefix.'topics (poster, subject, posted, last_post, moved_to, forum_id) VALUES(\''.$moved_to['poster'].'\', \''.$moved_to['subject'].'\', '.$moved_to['posted'].', '.$moved_to['last_post'].', '.$cur_topic.', '.$fid.')') or error('Unable to create redirect topic', __FILE__, __LINE__, $db->error());
+				$db->query('INSERT INTO '.$db->prefix.'topics (poster, subject, posted, last_post, moved_to, forum_id) VALUES(\''.addslashes($moved_to['poster']).'\', \''.addslashes($moved_to['subject']).'\', '.$moved_to['posted'].', '.$moved_to['last_post'].', '.$cur_topic.', '.$fid.')') or error('Unable to create redirect topic', __FILE__, __LINE__, $db->error());
 			}
 		}
 
diff -urbB punbb-1.1.1/upload/post.php punbb-1.1.4/upload/post.php
--- punbb-1.1.1/upload/post.php	2004-03-21 16:29:19.000000000 +0100
+++ punbb-1.1.4/upload/post.php	2004-04-25 22:14:22.000000000 +0200
@@ -40,7 +40,7 @@
 		message($lang_post['Flood start'].' '.$pun_config['o_flood_interval'].' '.$lang_post['flood end']);
 
 	// Make sure form_user is correct
-	if (($cookie['is_guest'] && $_POST['form_user'] != 'Guest') || (!$cookie['is_guest'] && $_POST['form_user'] != $cur_user['username']))
+	if (($cookie['is_guest'] && $_POST['form_user'] != 'Guest') || (!$cookie['is_guest'] && unescape($_POST['form_user']) != $cur_user['username']))
 		message($lang_common['Bad request']);
 
 	$smilies = $_POST['smilies'];
@@ -110,7 +110,7 @@
 	else
 	{
 		$username = trim(unescape($_POST['req_username']));
-		$email = trim($_POST['req_email']);
+		$email = strtolower(trim($_POST['req_email']));
 
 		// Load the register.php/profile.php language files
 		require $pun_root.'lang/'.$language.'/'.$language.'_prof_reg.php';
diff -urbB punbb-1.1.1/upload/profile.php punbb-1.1.4/upload/profile.php
--- punbb-1.1.1/upload/profile.php	2004-03-21 16:29:19.000000000 +0100
+++ punbb-1.1.4/upload/profile.php	2004-04-25 14:52:38.000000000 +0200
@@ -49,7 +49,10 @@
 	{
 		// If the user is already logged in we shouldn't be here :)
 		if (!$cookie['is_guest'])
+		{
 			header('Location: index.php');
+			exit;
+		}
 
 		$key = $_GET['key'];
 
@@ -600,7 +603,15 @@
 	if ($cur_user['id'] != $id && $cur_user['status'] < PUN_MOD)
 		message($lang_common['No permission']);
 
-	$form = $_POST['form'];
+	// Extract elements from $_POST['form']
+	$wanted_elements = array('realname', 'url', 'icq', 'msn', 'aim', 'yahoo', 'location', 'use_avatar', 'disp_topics', 'disp_posts', 'timezone', 'email_setting', 'save_pass', 'notify_with_post', 'smilies', 'show_img', 'show_avatars', 'show_sig', 'link_to_new_win', 'style');
+	$form = array();
+
+	while (list($key, $value) = @each($_POST['form']))
+	{
+	    if (in_array($key, $wanted_elements))
+	        $form[$key] = $value;
+	}
 
 
 	if ($cur_user['status'] > PUN_USER)
@@ -612,6 +623,8 @@
 
 		if (strlen($username) < 2)
 			message($lang_prof_reg['Username too short']);
+		else if (pun_strlen($username) > 25)	// This usually doesn't happen since the form element only accepts 25 characters
+		    message($lang_common['Bad request']);
 		else if (!strcasecmp($username, 'Guest') || !strcasecmp($username, $lang_common['Guest']))
 			message($lang_prof_reg['Username guest']);
 		else if (preg_match('/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/', $username))
@@ -669,7 +682,7 @@
 		$form['url'] = 'http://'.$form['url'];
 
 	// If the ICQ UIN contains anything other than digits it's invalid
-	if ($form['icq'] != '' && preg_match('/[^0-9]/', $form[icq]))
+	if ($form['icq'] != '' && preg_match('/[^0-9]/', $form['icq']))
 		message($lang_prof_reg['Bad ICQ']);
 
 
@@ -940,7 +953,7 @@
 		{
 			$username_field = '<input type="hidden" name="old_username" value="'.pun_htmlspecialchars($user['username']).'"><input type="text" name="username" value="'.pun_htmlspecialchars($user['username']).'" size="25" maxlength="25">';
 			$email_field = '<input type="text" name="req_email" value="'.$user['email'].'" size="40" maxlength="50"> - <a href="misc.php?email='.$id.'">'.$lang_common['Send e-mail'].'</a>';
-			$user_title_field = '<input type="text" name="title" value="'.$user['title'].'" size="30" maxlength="50">&nbsp;&nbsp;'.$lang_prof_reg['Leave blank'];
+			$user_title_field = '<input type="text" name="title" value="'.$user['title'].'" size="30" maxlength="50">&nbsp;&nbsp;'.$lang_profile['Leave blank'];
 
 			if ($cur_user['status'] == PUN_ADMIN && $img_size)
 				$avatar_field .= '<br>&nbsp;<a href="profile.php?action=delete_avatar&amp;id='.$id.'">'.$lang_profile['Delete avatar'].'</a>';
@@ -955,7 +968,7 @@
 				$email_field = '<input type="text" name="req_email" value="'.$user['email'].'" size="40" maxlength="50">';
 
 			if ($pun_config['p_users_set_title'] == '1')
-				$user_title_field = '<input type="text" name="title" value="'.$user['title'].'" size="30" maxlength="50">&nbsp;&nbsp;'.$lang_prof_reg['Leave blank'];
+				$user_title_field = '<input type="text" name="title" value="'.$user['title'].'" size="30" maxlength="50">&nbsp;&nbsp;'.$lang_profile['Leave blank'];
 			else
 			{
 				$user_title_field = get_title($user);
@@ -1040,7 +1053,7 @@
 		</tr>
 <?php endif; ?>		<tr>
 			<td class="puncon1right" style="width: 140px; white-space: nowrap">
-				<?php echo $lang_prof_reg['Signature'] ?>&nbsp;&nbsp;<br><br>
+				<?php echo $lang_profile['Signature'] ?>&nbsp;&nbsp;<br><br>
 				<a href="help.php#bbcode" target="_blank"><?php echo $lang_common['BBCode'] ?></a>: <?php echo ($pun_config['p_sig_bbcode'] == '1') ? $lang_common['on'] : $lang_common['off']; ?>&nbsp;&nbsp;<br>
 				<a href="help.php#img" target="_blank"><?php echo $lang_common['img tag'] ?></a>: <?php echo ($pun_config['p_sig_img_tag'] == '1') ? $lang_common['on'] : $lang_common['off']; ?>&nbsp;&nbsp;<br>
 				<a href="help.php#smilies" target="_blank"><?php echo $lang_common['Smilies'] ?></a>: <?php echo ($pun_config['o_smilies_sig'] == '1') ? $lang_common['on'] : $lang_common['off']; ?>&nbsp;&nbsp;<br>
diff -urbB punbb-1.1.1/upload/register.php punbb-1.1.4/upload/register.php
--- punbb-1.1.1/upload/register.php	2004-03-21 16:29:19.000000000 +0100
+++ punbb-1.1.4/upload/register.php	2004-04-25 14:14:32.000000000 +0200
@@ -29,7 +29,10 @@
 
 // If we are logged in, we shouldn't be here
 if (!$cookie['is_guest'])
+{
 	header('Location: index.php');
+	exit;
+}
 
 // Load the register.php language file
 require $pun_root.'lang/'.$language.'/'.$language.'_register.php';
@@ -99,6 +102,8 @@
 	// Validate username and passwords
 	if (strlen($username) < 2)
 		message($lang_prof_reg['Username too short']);
+	else if (pun_strlen($username) > 25)	// This usually doesn't happen since the form element only accepts 25 characters
+	    message($lang_common['Bad request']);
 	else if (strlen($password1) < 4)
 		message($lang_prof_reg['Pass too short']);
 	else if ($password1 != $password2)
diff -urbB punbb-1.1.1/upload/search.php punbb-1.1.4/upload/search.php
--- punbb-1.1.1/upload/search.php	2004-03-21 16:29:19.000000000 +0100
+++ punbb-1.1.4/upload/search.php	2004-03-21 16:29:24.000000000 +0100
@@ -53,7 +53,7 @@
 
 
 // Detect two byte character sets
-$multibyte = (in_array($lang_common['lang_encoding'], array('utf-8', 'gb2312', 'big5', 'shift_jis', 'euc-kr'))) ? true : false;
+$multibyte = (isset($lang_common['lang_multibyte']) && $lang_common['lang_multibyte']) ? true : false;
 
 
 // Figure out what to do :-)
@@ -188,17 +188,16 @@
 						while (list(, $word) = @each($stopwords))
 						{
 							$word = trim($word);
-							if ($word != 'and' || $word != 'or' || $word != 'not')
-								$text = preg_replace('#\b'.preg_quote($word).'\b#', ' ', $text);
+							if ($word != 'and' && $word != 'or' && $word != 'not')
+								$keywords = preg_replace('#\b'.preg_quote($word).'\b#', ' ', $keywords);
 						}
 					}
 
 					// Split up keywords
-					$keywords_array = preg_split('#[\s]+#', substr($keywords, 1, -1));
+					$keywords_array = preg_split('#[\s]+#', trim($keywords));
 
 					// Should we search in message body or topic subject specifically?
-					if ($search_in)
-						$search_in_cond = ($search_in > 0) ? ' AND m.subject_match = 0' : ' AND m.subject_match = 1';
+					$search_in_cond = ($search_in) ? (($search_in > 0) ? ' AND m.subject_match = 0' : ' AND m.subject_match = 1') : '';
 				}
 
 				$match_type = 'or';
@@ -565,7 +564,7 @@
 				if ($search_set[$i]['poster_id'] > 1)
 					$pposter = '<a href="profile.php?id='.$search_set[$i]['poster_id'].'">'.$pposter.'</a>';
 
-				if (pun_strlen($message) == 140)
+				if (pun_strlen($message) >= 140)
 					$message .= ' ...';
 
 ?>
@@ -693,8 +692,7 @@
 	echo "\t\t\t\t\t".'<option value="-1">'.$lang_search['All forums'].'</option>'."\n";
 
 
-if ($cur_user['status'] < PUN_USER)
-	$extra = ' WHERE f.admmod_only=\'0\'';
+$extra_sql = ($cur_user['status'] < PUN_MOD) ? ' WHERE f.admmod_only=\'0\'' : '';
 
 $result = $db->query('SELECT c.id AS cid, c.cat_name, f.id AS fid, f.forum_name FROM '.$db->prefix.'categories AS c INNER JOIN '.$db->prefix.'forums AS f ON c.id=f.cat_id'.$extra.' ORDER BY c.disp_position, c.id, f.disp_position') or error('Unable to fetch category/forum list', __FILE__, __LINE__, $db->error());
 $num_forums = $db->num_rows($result);
diff -urbB punbb-1.1.1/upload/userlist.php punbb-1.1.4/upload/userlist.php
--- punbb-1.1.1/upload/userlist.php	2004-03-21 16:29:19.000000000 +0100
+++ punbb-1.1.4/upload/userlist.php	2004-03-21 16:29:24.000000000 +0100
@@ -161,7 +161,7 @@
 
 <table class="punspacer" cellspacing="1" cellpadding="4">
 	<tr>
-		<td><?php echo $lang_common['Pages'].': '.paginate($num_pages, $p, 'userlist.php?prefix='.$prefix.'&amp;order_by='.$order_by.'&amp;direction='.strtolower($direction)) ?></td>
+		<td><?php echo $lang_common['Pages'].': '.paginate($num_pages, $p, 'userlist.php?order_by='.$order_by.'&amp;direction='.strtolower($direction)) ?></td>
 	</tr>
 </table>
 <?php
diff -urbB punbb-1.1.1/upload/viewtopic.php punbb-1.1.4/upload/viewtopic.php
--- punbb-1.1.1/upload/viewtopic.php	2004-03-21 16:29:19.000000000 +0100
+++ punbb-1.1.4/upload/viewtopic.php	2004-03-21 16:29:24.000000000 +0100
@@ -81,6 +81,8 @@
 		header('Location: viewtopic.php?pid='.$first_new_post_id.'#'.$first_new_post_id);
 	else	// If there is no new post, we go to the last post
 		header('Location: viewtopic.php?id='.$id.'&action=last');
+
+	exit;
 }
 
 
@@ -91,7 +93,10 @@
 	$last_post_id = $db->result($result, 0);
 
 	if ($last_post_id)
+	{
 		header('Location: viewtopic.php?pid='.$last_post_id.'#'.$last_post_id);
+		exit;
+	}
 }
 
 

Username The username to ban (case insensitive).		Username The username to ban.
IP-adresses The IP or IP-ranges you wish to ban (e.g. 150.11.110.1 or 150.11.110). Separate addresses with spaces. If an IP is entered already it is the last known IP of this user in the database.here to see IP statistics for this user.' ?>
SMTP username Username for SMTP server. Only enter a username if it is required by the SMTP server (most servers don't require authentication).
SMTP password Password for SMTP server. Only enter a password if it is required by the SMTP server (most servers don't require authentication).