diff -urbB punbb-1.1/upload/admin_bans.php punbb-1.1.2/upload/admin_bans.php
--- punbb-1.1/upload/admin_bans.php	2004-03-21 16:29:25.000000000 +0100
+++ punbb-1.1.2/upload/admin_bans.php	2004-03-21 16:29:21.000000000 +0100
@@ -54,7 +54,7 @@
 		}
 		else	// Otherwise the username is in POST
 		{
-			$ban_user = trim(strtolower($_POST['new_ban_user']));
+			$ban_user = trim($_POST['new_ban_user']);
 	
 			if ($ban_user != '')
 			{
@@ -121,7 +121,7 @@
 			<td class="puncon2">
 				<table class="punplain" cellpadding="6">
 					<tr>
-						<td class="punright" style="width: 35%"><b>Username</b><br>The username to ban (case insensitive).</td>
+						<td class="punright" style="width: 35%"><b>Username</b><br>The username to ban.</td>
 						<td style="width: 35%"><input type="text" name="ban_user" size="25" maxlength="25" value="<?php echo $ban_user ?>" tabindex="1"></td>
 					</tr>
 					<tr>
diff -urbB punbb-1.1/upload/admin_index.php punbb-1.1.2/upload/admin_index.php
--- punbb-1.1/upload/admin_index.php	2004-03-21 16:29:25.000000000 +0100
+++ punbb-1.1.2/upload/admin_index.php	2004-03-21 16:29:21.000000000 +0100
@@ -67,7 +67,7 @@
 
 
 // Get the server load averages (if possible)
-if (file_exists('/proc/loadavg'))
+if (@file_exists('/proc/loadavg'))
 {
 	// We use @ just in case
 	$fh = @fopen('/proc/loadavg', 'r');
diff -urbB punbb-1.1/upload/admin_maintenance.php punbb-1.1.2/upload/admin_maintenance.php
--- punbb-1.1/upload/admin_maintenance.php	2004-03-21 16:29:25.000000000 +0100
+++ punbb-1.1.2/upload/admin_maintenance.php	2004-03-21 16:29:21.000000000 +0100
@@ -42,6 +42,8 @@
 	if (empty($per_page) || empty($start_at))
 		message($lang_common['Bad request']);
 
+	@set_time_limit(0);
+
 	// If this is the first cycle of posts we empty the search index before we proceed
 	if (isset($_GET['empty_index']))
 	{
@@ -115,7 +117,7 @@
 else
 {
 	// Get the first post ID from the db
-	$result = $db->query('SELECT id FROM '.$db->prefix.'topics ORDER BY id LIMIT 1') or error('Unable to create category', __FILE__, __LINE__, $db->error());
+	$result = $db->query('SELECT id FROM '.$db->prefix.'topics ORDER BY id LIMIT 1') or error('Unable to fetch topic info', __FILE__, __LINE__, $db->error());
 	if ($db->num_rows($result))
 		$first_id = $db->result($result, 0);
 
diff -urbB punbb-1.1/upload/admin_options.php punbb-1.1.2/upload/admin_options.php
--- punbb-1.1/upload/admin_options.php	2004-03-21 16:29:25.000000000 +0100
+++ punbb-1.1.2/upload/admin_options.php	2004-03-21 16:29:22.000000000 +0100
@@ -392,11 +392,11 @@
 					</tr>
 					<tr>
 						<td class="punright" style="width: 35%"><b>SMTP username</b><br>Username for SMTP server. Only enter a username if it is required by the SMTP server (most servers <b>don't</b> require authentication).</td>
-						<td style="width: 65%"><input type="text" name="form[smtp_user]" size="25" maxlength="25" value="<?php echo $pun_config['o_smtp_user'] ?>"></td>
+						<td style="width: 65%"><input type="text" name="form[smtp_user]" size="25" maxlength="50" value="<?php echo $pun_config['o_smtp_user'] ?>"></td>
 					</tr>
 					<tr>
 						<td class="punright" style="width: 35%"><b>SMTP password</b><br>Password for SMTP server. Only enter a password if it is required by the SMTP server (most servers <b>don't</b> require authentication).</td>
-						<td style="width: 65%"><input type="text" name="form[smtp_pass]" size="25" maxlength="25" value="<?php echo $pun_config['o_smtp_pass'] ?>"></td>
+						<td style="width: 65%"><input type="text" name="form[smtp_pass]" size="25" maxlength="50" value="<?php echo $pun_config['o_smtp_pass'] ?>"></td>
 					</tr>
 				</table>
 			</td>
diff -urbB punbb-1.1/upload/admin_prune.php punbb-1.1.2/upload/admin_prune.php
--- punbb-1.1/upload/admin_prune.php	2004-03-21 16:29:25.000000000 +0100
+++ punbb-1.1.2/upload/admin_prune.php	2004-03-21 16:29:22.000000000 +0100
@@ -87,7 +87,7 @@
 		$prune_from = $_POST['prune_from'];
 
 		// Concatenate together the query for counting number or topics to prune
-		$sql = 'SELECT COUNT(id) FROM '.$db->prefix.'topics WHERE last_post<'.$prune_date;
+		$sql = 'SELECT COUNT(id) FROM '.$db->prefix.'topics WHERE last_post<'.$prune_date.' AND moved_to IS NULL';
 
 		if ($_POST['prune_sticky'] == '0')
 			$sql .= ' AND sticky=\'0\'';
@@ -98,7 +98,7 @@
 
 			// Fetch the forum name (just for cosmetic reasons)
 			$result = $db->query('SELECT forum_name FROM '.$db->prefix.'forums WHERE id='.$prune_from) or error('Unable to fetch forum name', __FILE__, __LINE__, $db->error());
-			$forum = '"'.$db->result($result, 0).'"';
+			$forum = '"'.pun_htmlspecialchars($db->result($result, 0)).'"';
 		}
 		else
 			$forum = 'all forums';
diff -urbB punbb-1.1/upload/admin_users.php punbb-1.1.2/upload/admin_users.php
--- punbb-1.1/upload/admin_users.php	2004-03-21 16:29:25.000000000 +0100
+++ punbb-1.1.2/upload/admin_users.php	2004-03-21 16:29:22.000000000 +0100
@@ -362,7 +362,7 @@
 					<tr>
 						<td class="punright" style="width: 35%">Username</td>
 						<td style="width: 35%"><input type="text" name="username" size="25" maxlength="25" tabindex="1"></td>
-						<td style="width: 30%" rowspan="16"><input type="submit" name="find_user" value=" Find " tabindex="21"></td>
+						<td style="width: 30%" rowspan="16"><input type="submit" name="find_user" value=" Find " tabindex="22"></td>
 					</tr>
 					<tr>
 						<td class="punright" style="width: 35%">E-mail address</td>
@@ -385,59 +385,63 @@
 						<td style="width: 35%"><input type="text" name="form[icq]" size="12" maxlength="12" tabindex="6"></td>
 					</tr>
 					<tr>
+						<td class="punright" style="width: 35%">MSN Messenger</td>
+						<td style="width: 35%"><input type="text" name="form[msn]" size="30" maxlength="50" tabindex="7"></td>
+					</tr>
+					<tr>
 						<td class="punright" style="width: 35%">AOL IM</td>
-						<td style="width: 35%"><input type="text" name="form[aim]" size="20" maxlength="20" tabindex="7"></td>
+						<td style="width: 35%"><input type="text" name="form[aim]" size="20" maxlength="20" tabindex="8"></td>
 					</tr>
 					<tr>
 						<td class="punright" style="width: 35%">Yahoo! Messenger</td>
-						<td style="width: 35%"><input type="text" name="form[yahoo]" size="20" maxlength="20" tabindex="8"></td>
+						<td style="width: 35%"><input type="text" name="form[yahoo]" size="20" maxlength="20" tabindex="9"></td>
 					</tr>
 					<tr>
 						<td class="punright" style="width: 35%">Location</td>
-						<td style="width: 35%"><input type="text" name="form[location]" size="30" maxlength="30" tabindex="9"></td>
+						<td style="width: 35%"><input type="text" name="form[location]" size="30" maxlength="30" tabindex="10"></td>
 					</tr>
 					<tr>
 						<td class="punright" style="width: 35%">Signature</td>
-						<td style="width: 35%"><input type="text" name="form[signature]" size="35" maxlength="512" tabindex="10"></td>
+						<td style="width: 35%"><input type="text" name="form[signature]" size="35" maxlength="512" tabindex="11"></td>
 					</tr>
 					<tr>
 						<td class="punright" style="width: 35%">Admin note</td>
-						<td style="width: 35%"><input type="text" name="form[admin_note]" size="30" maxlength="30" tabindex="11"></td>
+						<td style="width: 35%"><input type="text" name="form[admin_note]" size="30" maxlength="30" tabindex="12"></td>
 					</tr>
 					<tr>
 						<td class="punright" style="width: 35%">Number of posts greater than</td>
-						<td style="width: 35%"><input type="text" name="posts_greater" size="5" maxlength="8" tabindex="12"></td>
+						<td style="width: 35%"><input type="text" name="posts_greater" size="5" maxlength="8" tabindex="13"></td>
 					</tr>
 					<tr>
 						<td class="punright" style="width: 35%">Number of posts less than</td>
-						<td style="width: 35%"><input type="text" name="posts_less" size="5" maxlength="8" tabindex="13"></td>
+						<td style="width: 35%"><input type="text" name="posts_less" size="5" maxlength="8" tabindex="14"></td>
 					</tr>
 					<tr>
 						<td class="punright" style="width: 35%">Last post is after<br>(yyyy-mm-dd hh:mm:ss)</td>
-						<td style="width: 35%"><input type="text" name="last_post_after" size="24" maxlength="19" tabindex="14"></td>
+						<td style="width: 35%"><input type="text" name="last_post_after" size="24" maxlength="19" tabindex="15"></td>
 					</tr>
 					<tr>
 						<td class="punright" style="width: 35%">Last post is before<br>(yyyy-mm-dd hh:mm:ss)</td>
-						<td style="width: 35%"><input type="text" name="last_post_before" size="24" maxlength="19" tabindex="15"></td>
+						<td style="width: 35%"><input type="text" name="last_post_before" size="24" maxlength="19" tabindex="16"></td>
 					</tr>
 					<tr>
 						<td class="punright" style="width: 35%">Registered after<br>(yyyy-mm-dd hh:mm:ss)</td>
-						<td style="width: 35%"><input type="text" name="registered_after" size="24" maxlength="19" tabindex="16"></td>
+						<td style="width: 35%"><input type="text" name="registered_after" size="24" maxlength="19" tabindex="17"></td>
 					</tr>
 					<tr>
 						<td class="punright" style="width: 35%">Registered before<br>(yyyy-mm-dd hh:mm:ss)</td>
-						<td style="width: 35%"><input type="text" name="registered_before" size="24" maxlength="19" tabindex="17"></td>
+						<td style="width: 35%"><input type="text" name="registered_before" size="24" maxlength="19" tabindex="18"></td>
 					</tr>
 					<tr>
 						<td class="punright" style="width: 35%">Order by</td>
 						<td style="width: 35%">
-							<select name="order_by" tabindex="18">
+							<select name="order_by" tabindex="19">
 								<option value="username" selected>username</option>
 								<option value="email">e-mail</option>
 								<option value="num_posts">posts</option>
 								<option value="last_post">last post</option>
 								<option value="registered">registered</option>
-							</select>&nbsp;&nbsp;&nbsp;<select name="direction" tabindex="19">
+							</select>&nbsp;&nbsp;&nbsp;<select name="direction" tabindex="20">
 								<option value="ASC" selected>ascending</option>
 								<option value="DESC">descending</option>
 							</select>
@@ -446,7 +450,7 @@
 					<tr>
 						<td class="punright" style="width: 35%">User group</td>
 						<td style="width: 35%">
-							<select name="user_group" tabindex="20">
+							<select name="user_group" tabindex="21">
 								<option value="all" selected>All groups</option>
 								<option value="<?php echo PUN_USER ?>">Users</option>
 								<option value="<?php echo PUN_MOD ?>">Moderators</option>
@@ -474,8 +478,8 @@
 				<table class="punplain" cellspacing="0" cellpadding="4">
 					<tr>
 						<td class="punright" style="width: 35%"><b>IP address</b><br>The IP address to search for in the post database.</td>
-						<td style="width: 35%"><input type="text" name="show_users" size="18" maxlength="15" tabindex="22"></td>
-						<td style="width: 30%"><input type="submit" value=" Find " tabindex="23"></td>
+						<td style="width: 35%"><input type="text" name="show_users" size="18" maxlength="15" tabindex="23"></td>
+						<td style="width: 30%"><input type="submit" value=" Find " tabindex="24"></td>
 					</tr>
 				</table>
 			</td>
diff -urbB punbb-1.1/upload/edit.php punbb-1.1.2/upload/edit.php
--- punbb-1.1/upload/edit.php	2004-03-21 16:29:25.000000000 +0100
+++ punbb-1.1.2/upload/edit.php	2004-03-21 16:29:22.000000000 +0100
@@ -124,8 +124,7 @@
 
 	if ($smilies != '1') $smilies = '0';
 
-	if (!isset($_POST['silent']) || !$is_admmod)
-		$edited_sql = ', edited='.time().', edited_by=\''.addslashes($cur_user['username']).'\'';
+	$edited_sql = (!isset($_POST['silent']) || !$is_admmod) ? $edited_sql = ', edited='.time().', edited_by=\''.addslashes($cur_user['username']).'\'' : '';
 
 	if ($is_topicpost && $is_admmod)
 	{
diff -urbB punbb-1.1/upload/footer.php punbb-1.1.2/upload/footer.php
--- punbb-1.1/upload/footer.php	2004-03-21 16:29:25.000000000 +0100
+++ punbb-1.1.2/upload/footer.php	2004-03-21 16:29:22.000000000 +0100
@@ -72,10 +72,9 @@
 							<select name="id" onchange="window.location=('viewforum.php?id='+this.options[this.selectedIndex].value)">
 <?php
 
-	if ($cur_user['status'] < PUN_MOD)
-		$extra = ' WHERE f.admmod_only=\'0\'';
+	$extra_sql = ($cur_user['status'] < PUN_MOD) ? ' WHERE f.admmod_only=\'0\'' : '';
 
-	$result = $db->query('SELECT c.id AS cid, c.cat_name, f.id AS fid, f.forum_name FROM '.$db->prefix.'categories AS c INNER JOIN '.$db->prefix.'forums AS f ON c.id=f.cat_id'.$extra.' ORDER BY c.disp_position, c.id, f.disp_position') or error('Unable to fetch category/forum list', __FILE__, __LINE__, $db->error());
+	$result = $db->query('SELECT c.id AS cid, c.cat_name, f.id AS fid, f.forum_name FROM '.$db->prefix.'categories AS c INNER JOIN '.$db->prefix.'forums AS f ON c.id=f.cat_id'.$extra_sql.' ORDER BY c.disp_position, c.id, f.disp_position') or error('Unable to fetch category/forum list', __FILE__, __LINE__, $db->error());
 
 	while ($cur_forum = $db->fetch_assoc($result))
 	{
@@ -108,7 +107,7 @@
 	else if ($footer_style == 'topic' && $is_admmod)
 	{
 		echo "\t\t\t\t\t\t".'<br><a href="moderate.php?fid='.$forum_id.'&amp;tid='.$id.'&amp;p='.$p.'">'.$lang_common['Delete posts'].'</a><br>'."\n";
-		echo "\t\t\t\t\t\t".'<a href="moderate.php?fid='.$forum_id.'&amp;move='.$id.'">'.$lang_common['Move topic'].'</a><br>'."\n";
+		echo "\t\t\t\t\t\t".'<a href="moderate.php?fid='.$forum_id.'&amp;move_topics='.$id.'">'.$lang_common['Move topic'].'</a><br>'."\n";
 
 		if ($closed == '1')
 			echo "\t\t\t\t\t\t".'<a href="moderate.php?fid='.$forum_id.'&amp;open='.$id.'">'.$lang_common['Open topic'].'</a><br>'."\n";
diff -urbB punbb-1.1/upload/help.php punbb-1.1.2/upload/help.php
--- punbb-1.1/upload/help.php	2004-03-21 16:29:25.000000000 +0100
+++ punbb-1.1.2/upload/help.php	2004-03-21 16:29:22.000000000 +0100
@@ -93,7 +93,7 @@
 				<?php echo $lang_help['Quotes info'] ?><br><br>
 				&nbsp;&nbsp;&nbsp;&nbsp;[quote=James]<?php echo $lang_help['Quote text'] ?>[/quote]<br><br>
 				<?php echo $lang_help['produces quote box'] ?><br><br>
-				<table style="width: 95%" align="center" cellspacing="4" cellpadding="6"><tr><td class="punquote"><span class="puntext"><b>James <?php echo $lang_common['wrote'] ?>:</b><br><br>Text</span></td></tr></table><br>
+				<table style="width: 95%" align="center" cellspacing="4" cellpadding="6"><tr><td class="punquote"><span class="puntext"><b>James <?php echo $lang_common['wrote'] ?>:</b><br><br><?php echo $lang_help['Quote text'] ?></span></td></tr></table><br>
 				<?php echo $lang_help['Quotes info 2'] ?><br><br>
 				&nbsp;&nbsp;&nbsp;&nbsp;[quote]<?php echo $lang_help['Quote text'] ?>[/quote]<br><br>
 				<?php echo $lang_help['produces quote box'] ?><br><br>
diff -urbB punbb-1.1/upload/include/common.php punbb-1.1.2/upload/include/common.php
--- punbb-1.1/upload/include/common.php	2004-03-21 16:29:25.000000000 +0100
+++ punbb-1.1.2/upload/include/common.php	2004-03-21 16:29:23.000000000 +0100
@@ -48,9 +48,6 @@
 // Turn off magic_quotes_runtime
 set_magic_quotes_runtime(0);
 
-// Attempt to turn off register_globals (this really isn't needed, but we'll do it anyway)
-@ini_set('register_globals', 0);
-
 // Seed the random number generator
 mt_srand((double)microtime()*1000000);
 
diff -urbB punbb-1.1/upload/include/common_admin.php punbb-1.1.2/upload/include/common_admin.php
--- punbb-1.1/upload/include/common_admin.php	2004-03-21 16:29:25.000000000 +0100
+++ punbb-1.1.2/upload/include/common_admin.php	2004-03-21 16:29:23.000000000 +0100
@@ -84,14 +84,13 @@
 {
 	global $db;
 
-	if ($prune_date != -1)
-		$extra = ' AND last_post<'.$prune_date;
+	$extra_sql = ($prune_date != -1) ? ' AND last_post<'.$prune_date : '';
 
 	if (!$prune_sticky)
-		$extra .= ' AND sticky=\'0\'';
+		$extra_sql .= ' AND sticky=\'0\''; 
 
 	// Fetch topics to prune
-	$result = $db->query('SELECT id FROM '.$db->prefix.'topics WHERE forum_id='.$forum_id.$extra) or error('Unable to fetch topics', __FILE__, __LINE__, $db->error());
+	$result = $db->query('SELECT id FROM '.$db->prefix.'topics WHERE forum_id='.$forum_id.$extra_sql) or error('Unable to fetch topics', __FILE__, __LINE__, $db->error());
 
 	while ($row = $db->fetch_row($result))
 		$topic_ids .= (($topic_ids != '') ? ',' : '').$row[0];
diff -urbB punbb-1.1/upload/include/dblayer/pgsql.php punbb-1.1.2/upload/include/dblayer/pgsql.php
--- punbb-1.1/upload/include/dblayer/pgsql.php	2004-03-21 16:29:25.000000000 +0100
+++ punbb-1.1.2/upload/include/dblayer/pgsql.php	2004-03-21 16:29:23.000000000 +0100
@@ -23,7 +23,7 @@
 ************************************************************************/
 
 
-// Make sure we have built in support for MySQL
+// Make sure we have built in support for PostgreSQL
 if (!function_exists('pg_connect'))
 	exit('This PHP environment doesn\'t have PostgreSQL support built in. PostgreSQL support is required if you want to use a PostgreSQL database to run this forum. Consult the PHP documentation for further assistance.');
 
@@ -111,14 +111,14 @@
 				if (defined('PUN_SHOW_QUERIES'))
 					$this->saved_queries[] = array('BEGIN', 0);
 
-				if (!@pg_exec($this->link_id, 'BEGIN'))
+				if (!@pg_query($this->link_id, 'BEGIN'))
 					return false;
 			}
 
 			if (defined('PUN_SHOW_QUERIES'))
 				$q_start = get_microtime();
 
-			$this->query_result = @pg_exec($this->link_id, $sql);
+			$this->query_result = @pg_query($this->link_id, $sql);
 			if ($this->query_result)
 			{
 				if (defined('PUN_SHOW_QUERIES'))
@@ -131,12 +131,12 @@
 					if (defined('PUN_SHOW_QUERIES'))
 						$this->saved_queries[] = array('COMMIT', 0);
 
-					if (!@pg_exec($this->link_id, 'COMMIT'))
+					if (!@pg_query($this->link_id, 'COMMIT'))
 					{
 						if (defined('PUN_SHOW_QUERIES'))
 							$this->saved_queries[] = array('ROLLBACK', 0);
 
-						@pg_exec($this->link_id, 'ROLLBACK');
+						@pg_query($this->link_id, 'ROLLBACK');
 						return false;
 					}
 				}
@@ -154,7 +154,7 @@
 					$this->saved_queries[] = array('ROLLBACK', 0);
 
 				if ($this->in_transaction)
-					@pg_exec($this->link_id, 'ROLLBACK');
+					@pg_query($this->link_id, 'ROLLBACK');
 
 				$this->in_transaction = false;
 
@@ -170,12 +170,12 @@
 				if (defined('PUN_SHOW_QUERIES'))
 					$this->saved_queries[] = array('COMMIT', 0);
 
-				if (!@pg_exec($this->link_id, 'COMMIT'))
+				if (!@pg_query($this->link_id, 'COMMIT'))
 				{
 					if (defined('PUN_SHOW_QUERIES'))
 						$this->saved_queries[] = array('ROLLBACK', 0);
 
-					@pg_exec($this->link_id, 'ROLLBACK');
+					@pg_query($this->link_id, 'ROLLBACK');
 					return false;
 				}
 			}
@@ -260,9 +260,7 @@
 	function num_rows($query_id = 0)
 	{
 		if (!$query_id)
-		{
 			$query_id = $this->query_result;
-		}
 
 		return ($query_id) ? @pg_num_rows($query_id) : false;
 	}
@@ -286,7 +284,7 @@
 			if (preg_match('/^INSERT[\t\n ]+INTO[\t\n ]+([a-z0-9\_\-]+)/is', $this->last_query_text[$query_id], $tablename))
 			{
 				$sql = 'SELECT currval(\''.$tablename[1].'_id_seq\') AS lastval';
-				$temp_q_id = @pg_exec($this->link_id, $sql);
+				$temp_q_id = @pg_query($this->link_id, $sql);
 
 				if (!$temp_q_id)
 					return false;
@@ -318,7 +316,7 @@
 		if (!$query_id)
 			$query_id = $this->query_result;
 
-		return ($query_id) ? @pg_freeresult($query_id) : false;
+		return ($query_id) ? @pg_free_result($query_id) : false;
 	}
 
 
@@ -343,11 +341,11 @@
 				if (defined('PUN_SHOW_QUERIES'))
 					$this->saved_queries[] = array('COMMIT', 0);
 
-				@pg_exec($this->link_id, 'COMMIT');
+				@pg_query($this->link_id, 'COMMIT');
 			}
 
 			if ($this->query_result)
-				@pg_freeresult($this->query_result);
+				@pg_free_result($this->query_result);
 
 			return @pg_close($this->link_id);
 		}
diff -urbB punbb-1.1/upload/include/parser.php punbb-1.1.2/upload/include/parser.php
--- punbb-1.1/upload/include/parser.php	2004-03-21 16:29:25.000000000 +0100
+++ punbb-1.1.2/upload/include/parser.php	2004-03-21 16:29:23.000000000 +0100
@@ -72,8 +72,6 @@
 {
 	global $lang_common;
 
-	set_time_limit(3);
-
 	// The maximum allowed quote depth
 	$max_depth = 3;
 
@@ -207,11 +205,11 @@
 					 '#\[email=(.*?)\](.*?)\[/email\]#',
 					 '#\[color=([a-zA-Z]*|\#?[0-9a-fA-F]{6})](.*?)\[/color\]#s');
 
-	$replace = array('<b>$1</b>',
-					 '<i>$1</i>',
+	$replace = array('<strong>$1</strong>',
+					 '<em>$1</em>',
 					 '<u>$1</u>',
-					 'truncate_url("$1")',
-					 'truncate_url("$1", "$2")',
+					 'truncate_url(\'$1\')',
+					 'truncate_url(\'$1\', \'$2\')',
 					 '<a href="mailto:$1">$1</a>',
 					 '<a href="mailto:$1">$2</a>',
 					 '<span style="color: $1">$2</span>');
@@ -239,8 +237,8 @@
 
 	$message = ' '.$message;
 
-	$message = preg_replace('#([\t\n\(\) ])(https?|ftp|news){1}://([\w\-]+\.([\w\-]+\.)*[\w]+(:[0-9]+)?(/[^ "\(\)\n\r\t<]*)?)#ie', '"$1".truncate_url("$2://$3")', $message);
-	$message = preg_replace('#([\t\n\(\) ])(www|ftp)\.(([\w\-]+\.)*[\w]+(:[0-9]+)?(/[^ "\(\)\n\r\t<]*)?)#ie', '"$1".truncate_url("$2.$3", "$2.$3")', $message);
+	$message = preg_replace('#([\s\(\)])(https?|ftp|news){1}://([\w\-]+\.([\w\-]+\.)*[\w]+(:[0-9]+)?(/[^"\s\(\)<\[]*)?)#ie', '\'$1\'.truncate_url(\'$2://$3\')', $message);
+	$message = preg_replace('#([\s\(\)])(www|ftp)\.(([\w\-]+\.)*[\w]+(:[0-9]+)?(/[^"\s\(\)<\[]*)?)#ie', '\'$1\'.truncate_url(\'$2.$3\', \'$2.$3\')', $message);
 
 	return substr($message, 1);
 }
diff -urbB punbb-1.1/upload/index.php punbb-1.1.2/upload/index.php
--- punbb-1.1/upload/index.php	2004-03-21 16:29:25.000000000 +0100
+++ punbb-1.1.2/upload/index.php	2004-03-21 16:29:22.000000000 +0100
@@ -53,10 +53,9 @@
 
 
 // Print the categories and forums
-if ($cur_user['status'] < PUN_MOD)
-	$extra = ' WHERE f.admmod_only=\'0\'';
+$extra_sql = ($cur_user['status'] < PUN_MOD) ? ' WHERE f.admmod_only=\'0\'' : '';
 
-$result = $db->query('SELECT c.id AS cid, c.cat_name, f.id AS fid, f.forum_name, f.forum_desc, f.moderators, f.num_topics, f.num_posts, f.last_post, f.last_post_id, f.last_poster, f.closed FROM '.$db->prefix.'categories AS c INNER JOIN '.$db->prefix.'forums AS f ON c.id=f.cat_id'.$extra.' ORDER BY c.disp_position, c.id, f.disp_position') or error('Unable to fetch category/forum list', __FILE__, __LINE__, $db->error());
+$result = $db->query('SELECT c.id AS cid, c.cat_name, f.id AS fid, f.forum_name, f.forum_desc, f.moderators, f.num_topics, f.num_posts, f.last_post, f.last_post_id, f.last_poster, f.closed FROM '.$db->prefix.'categories AS c INNER JOIN '.$db->prefix.'forums AS f ON c.id=f.cat_id'.$extra_sql.' ORDER BY c.disp_position, c.id, f.disp_position') or error('Unable to fetch category/forum list', __FILE__, __LINE__, $db->error());
 
 while ($cur_forum = $db->fetch_assoc($result))
 {
diff -urbB punbb-1.1/upload/install.php punbb-1.1.2/upload/install.php
--- punbb-1.1/upload/install.php	2004-03-21 16:29:25.000000000 +0100
+++ punbb-1.1.2/upload/install.php	2004-03-21 16:29:22.000000000 +0100
@@ -24,7 +24,7 @@
 
 
 // The PunBB version this script installs
-$punbb_version = '1.1';
+$punbb_version = '1.1.2';
 
 
 $pun_root = './';
@@ -289,7 +289,7 @@
 			break;
 
 		default:
-			exit('\''.$db_type.'\' is not a valid database type. <a href="JavaScript: history.go(-1)">Go back</a>.');
+			exit('\''.htmlspecialchars($db_type).'\' is not a valid database type. <a href="JavaScript: history.go(-1)">Go back</a>.');
 			break;
 	}
 
@@ -864,7 +864,7 @@
 	$db->query('INSERT INTO '.$db_prefix."users (username, password, email) VALUES('Guest', 'Guest', 'Guest')", 1)
 		or exit('Unable to insert into table '.$db_prefix.'users. Please check your configuration and try again. <a href="JavaScript: history.go(-1)">Go back</a>.');
 
-	$db->query('INSERT INTO '.$db_prefix."users (username, password, email, num_posts, status, last_post, registered, last_visit) VALUES('".addslashes($username)."', '".pun_hash($password1)."', '$email', 1, 2, ".$now.", ".$now.", ".$now.')')
+	$db->query('INSERT INTO '.$db_prefix."users (username, password, email, num_posts, status, last_post, registered, last_visit, last_action) VALUES('".addslashes($username)."', '".pun_hash($password1)."', '$email', 1, 2, ".$now.", ".$now.", ".$now.", ".$now.')')
 		or exit('Unable to insert into table '.$db_prefix.'users. Please check your configuration and try again. <a href="JavaScript: history.go(-1)">Go back</a>.');
 
 	// Insert config data
@@ -975,7 +975,7 @@
 
 
 	/// Display config.php and give further instructions
-	$config = '<?php'."\n\n".'$db_type = \''.$db_type."';\n".'$db_host = \''.$db_host."';\n".'$db_name = \''.$db_name."';\n".'$db_username = \''.$db_username."';\n".'$db_password = \''.$db_password."';\n".'$db_prefix = \''.$db_prefix."';\n".'$p_connect = true;'."\n\n".'$cookie_name = '."'punbb_cookie';\n".'$cookie_domain = '."'';\n".'$cookie_path = '."'/';\n".'$cookie_secure = 0;'."\n\n".'$language = \'en\';'."\n\ndefine('PUN', 1);\n\n?>";
+	$config = '<?php'."\n\n".'$db_type = \''.$db_type."';\n".'$db_host = \''.$db_host."';\n".'$db_name = \''.$db_name."';\n".'$db_username = \''.$db_username."';\n".'$db_password = \''.$db_password."';\n".'$db_prefix = \''.$db_prefix."';\n".'$p_connect = false;'."\n\n".'$cookie_name = '."'punbb_cookie';\n".'$cookie_domain = '."'';\n".'$cookie_path = '."'/';\n".'$cookie_secure = 0;'."\n\n".'$language = \'en\';'."\n\ndefine('PUN', 1);\n\n?>";
 
 
 ?>
diff -urbB punbb-1.1/upload/lang/en/en_common.php punbb-1.1.2/upload/lang/en/en_common.php
--- punbb-1.1/upload/lang/en/en_common.php	2004-03-21 16:29:25.000000000 +0100
+++ punbb-1.1.2/upload/lang/en/en_common.php	2004-03-21 16:29:23.000000000 +0100
@@ -4,7 +4,7 @@
 $lang_common = array(
 
 // Text orientation and encoding
-'lang_direction'		=>	'LTR',	// LTR (Left-To-Right) or RTL (Right-To-Left)
+'lang_direction'		=>	'ltr',	// ltr (Left-To-Right) or rtl (Right-To-Left)
 'lang_encoding'			=>	'iso-8859-1',
 
 // Notices
diff -urbB punbb-1.1/upload/lang/en/en_edit.php punbb-1.1.2/upload/lang/en/en_edit.php
--- punbb-1.1/upload/lang/en/en_edit.php	2004-03-21 16:29:25.000000000 +0100
+++ punbb-1.1.2/upload/lang/en/en_edit.php	2004-03-21 16:29:23.000000000 +0100
@@ -8,7 +8,7 @@
 'Too long subject'		=>	'Subjects cannot be longer than 70 characters.',
 'No caps subject'		=>	'Subjects must not contain only capital letters and special characters in this forum.',
 'No message'			=>	'You must enter a message.',
-'Too long message'		=>	'Posts cannot be longer that 65535 characters (64 Kb).',
+'Too long message'		=>	'Posts cannot be longer that 65535 characters (64 KB).',
 'No caps message'		=>	'Messages must not contain only capital letters and special characters in this forum.',
 
 // Miscellaneous
diff -urbB punbb-1.1/upload/lang/en/mail_templates/activate_email.tpl punbb-1.1.2/upload/lang/en/mail_templates/activate_email.tpl
--- punbb-1.1/upload/lang/en/mail_templates/activate_email.tpl	2004-03-21 16:29:25.000000000 +0100
+++ punbb-1.1.2/upload/lang/en/mail_templates/activate_email.tpl	2004-03-21 16:29:23.000000000 +0100
@@ -2,7 +2,7 @@
 
 Hello <username>,
 
-You have requested to have a new e-mail address assigned to your account in the discussion forum at <base_url>. If you didn't request this or if you don't want to change your e-mail address you should just ignore this message. Only if you visit the activation page below will your password be changed. In order for the activation page to work, you must be logged in to the forum.
+You have requested to have a new e-mail address assigned to your account in the discussion forum at <base_url>. If you didn't request this or if you don't want to change your e-mail address you should just ignore this message. Only if you visit the activation page below will your e-mail address be changed. In order for the activation page to work, you must be logged in to the forum.
 
 To change your e-mail address, please visit the following page:
 <activation_url>
diff -urbB punbb-1.1/upload/lang/en/mail_templates/form_email.tpl punbb-1.1.2/upload/lang/en/mail_templates/form_email.tpl
--- punbb-1.1/upload/lang/en/mail_templates/form_email.tpl	2004-03-21 16:29:25.000000000 +0100
+++ punbb-1.1.2/upload/lang/en/mail_templates/form_email.tpl	2004-03-21 16:29:23.000000000 +0100
@@ -11,4 +11,3 @@
 
 -- 
 <board_mailer>
-(Do not reply to this message)
\ No newline at end of file
diff -urbB punbb-1.1/upload/login.php punbb-1.1.2/upload/login.php
--- punbb-1.1/upload/login.php	2004-03-21 16:29:25.000000000 +0100
+++ punbb-1.1.2/upload/login.php	2004-03-21 16:29:22.000000000 +0100
@@ -81,7 +81,10 @@
 else if ($action == 'out')
 {
 	if ($cookie['is_guest'])
+	{
 		header('Location: index.php');
+		exit;
+	}
 
 	// Remove user from "users online" list.
 	$db->query('DELETE FROM '.$db->prefix.'online WHERE ident=\''.addslashes($cur_user['username']).'\'') or error('Unable to delete from online list', __FILE__, __LINE__, $db->error());
diff -urbB punbb-1.1/upload/misc.php punbb-1.1.2/upload/misc.php
--- punbb-1.1/upload/misc.php	2004-03-21 16:29:25.000000000 +0100
+++ punbb-1.1.2/upload/misc.php	2004-03-21 16:29:22.000000000 +0100
@@ -105,10 +105,13 @@
 
 		pun_mail($recipient_email, $mail_subject, $mail_message, $cur_user['username'].' <'.$cur_user['email'].'>');
 
-		redirect('profile.php?id='.$recipient_id, $lang_misc['E-mail sent redirect']);
+		redirect($_POST['redirect_url'], $lang_misc['E-mail sent redirect']);
 	}
 
 
+	// Try to determine if the data in HTTP_REFERER is valid (if not, we redirect to the users profile after the e-mail is sent)
+	$redirect_url = (isset($_SERVER['HTTP_REFERER']) && preg_match('#^'.preg_quote($pun_config['o_base_url']).'/(.*?)\.php#i', $_SERVER['HTTP_REFERER'])) ? $_SERVER['HTTP_REFERER'] : 'index.php';
+
 	$page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_misc['Send e-mail'];
 	$validate_form = true;
 	$element_names = array('req_subject' => $lang_misc['E-mail subject'], 'req_message' => $lang_misc['E-mail message']);
@@ -121,6 +124,7 @@
 
 <form method="post" action="misc.php?email=<?php echo $recipient_id ?>" id="email" onsubmit="return process_form(this)">
 	<input type="hidden" name="form_sent" value="1">
+	<input type="hidden" name="redirect_url" value="<?php echo $redirect_url ?>">
 	<table class="punmain" cellspacing="1" cellpadding="4">
 		<tr class="punhead">
 			<td class="punhead" colspan="2"><?php echo $lang_misc['Send e-mail'] ?></td>
diff -urbB punbb-1.1/upload/moderate.php punbb-1.1.2/upload/moderate.php
--- punbb-1.1/upload/moderate.php	2004-03-21 16:29:25.000000000 +0100
+++ punbb-1.1.2/upload/moderate.php	2004-03-21 16:29:22.000000000 +0100
@@ -39,6 +39,9 @@
 		message($lang_common['No permission']);
 
 	$result = $db->query('SELECT poster_ip FROM '.$db->prefix.'posts WHERE id='.$get_host) or error('Unable to fetch post IP address', __FILE__, __LINE__, $db->error());
+	if (!$db->num_rows($result))
+		message($lang_common['Bad request']);
+
 	$ip = $db->result($result, 0);
 
 	message('The IP address is: '.$ip.'<br>The host name is: '.gethostbyaddr($ip).'<br><br><a href="admin_users.php?show_users='.$ip.'">Show more users for this IP</a>');
diff -urbB punbb-1.1/upload/post.php punbb-1.1.2/upload/post.php
--- punbb-1.1/upload/post.php	2004-03-21 16:29:25.000000000 +0100
+++ punbb-1.1.2/upload/post.php	2004-03-21 16:29:22.000000000 +0100
@@ -116,14 +116,16 @@
 		require $pun_root.'lang/'.$language.'/'.$language.'_prof_reg.php';
 		require $pun_root.'lang/'.$language.'/'.$language.'_register.php';
 
-		// It's a guest, so we have to check the username
+		// It's a guest, so we have to validate the username
 		if (strlen($username) < 2)
 			message($lang_prof_reg['Username too short']);
 		else if (!strcasecmp($username, 'Guest') || !strcasecmp($username, $lang_common['Guest']))
 			message($lang_prof_reg['Username guest']);
 		else if (preg_match('/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/', $username))
 			message($lang_prof_reg['Username IP']);
-		else if (preg_match('#\[b\]|\[/b\]|\[u\]|\[/u\]|\[i\]|\[/i\]|\[color|\[/color\]|\[quote\]|\[/quote\]|\[code\]|\[/code\]|\[img\]|\[/img\]|\[url|\[/url\]|\[email|\[/email\]#i', $username))
+		else if ((strpos($username, '[') !== false || strpos($username, ']') !== false) && strpos($username, '\'') !== false && strpos($username, '"') !== false)
+			message($lang_prof_reg['Username reserved chars']);
+		else if (preg_match('#\[b\]|\[/b\]|\[u\]|\[/u\]|\[i\]|\[/i\]|\[color|\[/color\]|\[quote\]|\[quote=|\[/quote\]|\[code\]|\[/code\]|\[img\]|\[/img\]|\[url|\[/url\]|\[email|\[/email\]#i', $username))
 			message($lang_prof_reg['Username BBCode']);
 
 		// Check username for any censored words
@@ -368,11 +370,22 @@
 					else
 						$q_poster = '\''.$q_poster.'\'';
 				}
+				else
+				{
+					// Get the characters at the start and end of $q_poster
+					$ends = substr($q_poster, 0, 1).substr($q_poster, -1, 1);
+
+					// Deal with quoting "Username" or 'Username' (becomes '"Username"' or "'Username'")
+					if ($ends == '\'\'')
+						$q_poster = '"'.$q_poster.'"';
+					else if ($ends == '""')
+						$q_poster = '\''.$q_poster.'\'';
+				}
 
 				$quote = '[quote='.$q_poster.']'.$q_message.'[/quote]'."\n";
 			}
 			else
-				$quote = '> '.$q_poster.' '.$lang_post['wrote'].':'."\n\n".'> '.$q_message."\n";
+				$quote = '> '.$q_poster.' '.$lang_common['wrote'].':'."\n\n".'> '.$q_message."\n";
 		}
 
 		// We have to fetch the forum name in order to display Title / Forum / Topic
@@ -525,7 +538,7 @@
 ?>
 	<tr>
 		<td class="puncon1" style="width: 140px; vertical-align: top"><?php echo pun_htmlspecialchars($cur_post['poster']) ?></td>
-		<td class="puncon2"><?php echo $cur_post['message'] ?></td>
+		<td class="puncon2"><span class="puntext"><?php echo $cur_post['message'] ?></span></td>
 	</tr>
 <?php
 
diff -urbB punbb-1.1/upload/profile.php punbb-1.1.2/upload/profile.php
--- punbb-1.1/upload/profile.php	2004-03-21 16:29:25.000000000 +0100
+++ punbb-1.1.2/upload/profile.php	2004-03-21 16:29:23.000000000 +0100
@@ -49,7 +49,10 @@
 	{
 		// If the user is already logged in we shouldn't be here :)
 		if (!$cookie['is_guest'])
+		{
 			header('Location: index.php');
+			exit;
+		}
 
 		$key = $_GET['key'];
 
@@ -940,7 +943,7 @@
 		{
 			$username_field = '<input type="hidden" name="old_username" value="'.pun_htmlspecialchars($user['username']).'"><input type="text" name="username" value="'.pun_htmlspecialchars($user['username']).'" size="25" maxlength="25">';
 			$email_field = '<input type="text" name="req_email" value="'.$user['email'].'" size="40" maxlength="50"> - <a href="misc.php?email='.$id.'">'.$lang_common['Send e-mail'].'</a>';
-			$user_title_field = '<input type="text" name="title" value="'.$user['title'].'" size="30" maxlength="50">&nbsp;&nbsp;'.$lang_prof_reg['Leave blank'];
+			$user_title_field = '<input type="text" name="title" value="'.$user['title'].'" size="30" maxlength="50">&nbsp;&nbsp;'.$lang_profile['Leave blank'];
 
 			if ($cur_user['status'] == PUN_ADMIN && $img_size)
 				$avatar_field .= '<br>&nbsp;<a href="profile.php?action=delete_avatar&amp;id='.$id.'">'.$lang_profile['Delete avatar'].'</a>';
@@ -955,7 +958,7 @@
 				$email_field = '<input type="text" name="req_email" value="'.$user['email'].'" size="40" maxlength="50">';
 
 			if ($pun_config['p_users_set_title'] == '1')
-				$user_title_field = '<input type="text" name="title" value="'.$user['title'].'" size="30" maxlength="50">&nbsp;&nbsp;'.$lang_prof_reg['Leave blank'];
+				$user_title_field = '<input type="text" name="title" value="'.$user['title'].'" size="30" maxlength="50">&nbsp;&nbsp;'.$lang_profile['Leave blank'];
 			else
 			{
 				$user_title_field = get_title($user);
@@ -1125,7 +1128,7 @@
 				&nbsp;<select name="form[style]">
 <?php
 
-		$d = dir('style');
+		$d = dir($pun_root.'style');
 		while (($entry = $d->read()) !== false)
 		{
 			if (substr($entry, strlen($entry)-4) == '.css')
diff -urbB punbb-1.1/upload/register.php punbb-1.1.2/upload/register.php
--- punbb-1.1/upload/register.php	2004-03-21 16:29:25.000000000 +0100
+++ punbb-1.1.2/upload/register.php	2004-03-21 16:29:23.000000000 +0100
@@ -29,7 +29,10 @@
 
 // If we are logged in, we shouldn't be here
 if (!$cookie['is_guest'])
+{
 	header('Location: index.php');
+	exit;
+}
 
 // Load the register.php language file
 require $pun_root.'lang/'.$language.'/'.$language.'_register.php';
diff -urbB punbb-1.1/upload/search.php punbb-1.1.2/upload/search.php
--- punbb-1.1/upload/search.php	2004-03-21 16:29:25.000000000 +0100
+++ punbb-1.1.2/upload/search.php	2004-03-21 16:29:23.000000000 +0100
@@ -189,16 +189,15 @@
 						{
 							$word = trim($word);
 							if ($word != 'and' || $word != 'or' || $word != 'not')
-								$text = preg_replace('#\b'.preg_quote($word).'\b#', ' ', $text);
+								$keywords = preg_replace('#\b'.preg_quote($word).'\b#', ' ', $keywords);
 						}
 					}
 
 					// Split up keywords
-					$keywords_array = preg_split('#[\s]+#', substr($keywords, 1, -1));
+					$keywords_array = preg_split('#[\s]+#', trim($keywords));
 
 					// Should we search in message body or topic subject specifically?
-					if ($search_in)
-						$search_in_cond = ($search_in > 0) ? ' AND m.subject_match = 0' : ' AND m.subject_match = 1';
+					$search_in_cond = ($search_in) ? (($search_in > 0) ? ' AND m.subject_match = 0' : ' AND m.subject_match = 1') : '';
 				}
 
 				$match_type = 'or';
@@ -693,8 +692,7 @@
 	echo "\t\t\t\t\t".'<option value="-1">'.$lang_search['All forums'].'</option>'."\n";
 
 
-if ($cur_user['status'] < PUN_USER)
-	$extra = ' WHERE f.admmod_only=\'0\'';
+$extra_sql = ($cur_user['status'] < PUN_MOD) ? ' WHERE f.admmod_only=\'0\'' : '';
 
 $result = $db->query('SELECT c.id AS cid, c.cat_name, f.id AS fid, f.forum_name FROM '.$db->prefix.'categories AS c INNER JOIN '.$db->prefix.'forums AS f ON c.id=f.cat_id'.$extra.' ORDER BY c.disp_position, c.id, f.disp_position') or error('Unable to fetch category/forum list', __FILE__, __LINE__, $db->error());
 $num_forums = $db->num_rows($result);
diff -urbB punbb-1.1/upload/userlist.php punbb-1.1.2/upload/userlist.php
--- punbb-1.1/upload/userlist.php	2004-03-21 16:29:25.000000000 +0100
+++ punbb-1.1.2/upload/userlist.php	2004-03-21 16:29:23.000000000 +0100
@@ -161,7 +161,7 @@
 
 <table class="punspacer" cellspacing="1" cellpadding="4">
 	<tr>
-		<td><?php echo $lang_common['Pages'].': '.paginate($num_pages, $p, 'userlist.php?prefix='.$prefix.'&amp;order_by='.$order_by.'&amp;direction='.strtolower($direction)) ?></td>
+		<td><?php echo $lang_common['Pages'].': '.paginate($num_pages, $p, 'userlist.php?order_by='.$order_by.'&amp;direction='.strtolower($direction)) ?></td>
 	</tr>
 </table>
 <?php
diff -urbB punbb-1.1/upload/viewtopic.php punbb-1.1.2/upload/viewtopic.php
--- punbb-1.1/upload/viewtopic.php	2004-03-21 16:29:25.000000000 +0100
+++ punbb-1.1.2/upload/viewtopic.php	2004-03-21 16:29:23.000000000 +0100
@@ -81,6 +81,8 @@
 		header('Location: viewtopic.php?pid='.$first_new_post_id.'#'.$first_new_post_id);
 	else	// If there is no new post, we go to the last post
 		header('Location: viewtopic.php?id='.$id.'&action=last');
+
+	exit;
 }
 
 
@@ -91,7 +93,10 @@
 	$last_post_id = $db->result($result, 0);
 
 	if ($last_post_id)
+	{
 		header('Location: viewtopic.php?pid='.$last_post_id.'#'.$last_post_id);
+		exit;
+	}
 }
 
 
@@ -257,16 +262,15 @@
 
 		$info .= $lang_common['Registered'].': '.$registered.'<br>';
 
-		if ($pun_config['o_show_post_count'] == '1')
-			$info .= "\n\t\t\t\t\t\t\t".$lang_common['Posts'].': '.$cur_post['num_posts'];
-
 		if ($cur_user['status'] > PUN_USER)
 		{
-			$info .= '<br>'."\n\t\t\t\t\t\t\t".'IP: <a href="moderate.php?get_host='.$cur_post['id'].'">'.$cur_post['poster_ip'].'</a>';
+			$info .= "\n\t\t\t\t\t\t\t".$lang_common['Posts'].': '.$cur_post['num_posts'].'<br>'."\n\t\t\t\t\t\t\t".'IP: <a href="moderate.php?get_host='.$cur_post['id'].'">'.$cur_post['poster_ip'].'</a>';
 
 			if ($cur_post['admin_note'] != '')
 				$info .= '<br><br>'."\n\t\t\t\t\t\t\t".$lang_topic['Note'].': <b>'.$cur_post['admin_note'].'</b>';
 		}
+		else if ($pun_config['o_show_post_count'] == '1')
+			$info .= "\n\t\t\t\t\t\t\t".$lang_common['Posts'].': '.$cur_post['num_posts'];
 
 		// Generate an array of links that appear at the bottom of every message.
 		$links = array();