diff -urN punbb-1.2.2/upload/admin_censoring.php punbb-1.2.4/upload/admin_censoring.php
--- punbb-1.2.2/upload/admin_censoring.php	Tue Jan 11 20:41:14 2005
+++ punbb-1.2.4/upload/admin_censoring.php	Fri Mar 11 19:17:26 2005
@@ -76,7 +76,7 @@
 {
 	confirm_referrer('admin_censoring.php');
 
-	$id = key($_POST['remove']);
+	$id = intval(key($_POST['remove']));
 
 	$db->query('DELETE FROM '.$db->prefix.'censoring WHERE id='.$id) or error('Unable to delete censor word', __FILE__, __LINE__, $db->error());
 
diff -urN punbb-1.2.2/upload/admin_groups.php punbb-1.2.4/upload/admin_groups.php
--- punbb-1.2.2/upload/admin_groups.php	Fri Feb 18 22:05:02 2005
+++ punbb-1.2.4/upload/admin_groups.php	Sun Mar 13 15:47:54 2005
@@ -229,8 +229,8 @@
 
 	if ($_POST['mode'] == 'add')
 	{
-		$db->query('SELECT 1 FROM '.$db->prefix.'groups WHERE g_title=\''.$db->escape($title).'\'') or error('Unable to check group title collision', __FILE__, __LINE__, $db->error());
-		if ($db->num_rows())
+		$result = $db->query('SELECT 1 FROM '.$db->prefix.'groups WHERE g_title=\''.$db->escape($title).'\'') or error('Unable to check group title collision', __FILE__, __LINE__, $db->error());
+		if ($db->num_rows($result))
 			message('There is already a group with the title \''.pun_htmlspecialchars($title).'\'.');
 
 		$db->query('INSERT INTO '.$db->prefix.'groups (g_title, g_user_title, g_read_board, g_post_replies, g_post_topics, g_edit_posts, g_delete_posts, g_delete_topics, g_set_title, g_search, g_search_users, g_edit_subjects_interval, g_post_flood, g_search_flood) VALUES(\''.$db->escape($title).'\', '.$user_title.', '.$read_board.', '.$post_replies.', '.$post_topics.', '.$edit_posts.', '.$delete_posts.', '.$delete_topics.', '.$set_title.', '.$search.', '.$search_users.', '.$edit_subjects_interval.', '.$post_flood.', '.$search_flood.')') or error('Unable to add group', __FILE__, __LINE__, $db->error());
@@ -242,7 +242,13 @@
 			$db->query('INSERT INTO '.$db->prefix.'forum_perms (group_id, forum_id, read_forum, post_replies, post_topics) VALUES('.$new_group_id.', '.$cur_forum_perm['forum_id'].', '.$cur_forum_perm['read_forum'].', '.$cur_forum_perm['post_replies'].', '.$cur_forum_perm['post_topics'].')') or error('Unable to insert group forum permissions', __FILE__, __LINE__, $db->error());
 	}
 	else
+	{
+		$result = $db->query('SELECT 1 FROM '.$db->prefix.'groups WHERE g_title=\''.$db->escape($title).'\' && g_id!='.$_POST['group_id']) or error('Unable to check group title collision', __FILE__, __LINE__, $db->error());
+		if ($db->num_rows($result))
+			message('There is already a group with the title \''.pun_htmlspecialchars($title).'\'.');
+
 		$db->query('UPDATE '.$db->prefix.'groups SET g_title=\''.$db->escape($title).'\', g_user_title='.$user_title.', g_read_board='.$read_board.', g_post_replies='.$post_replies.', g_post_topics='.$post_topics.', g_edit_posts='.$edit_posts.', g_delete_posts='.$delete_posts.', g_delete_topics='.$delete_topics.', g_set_title='.$set_title.', g_search='.$search.', g_search_users='.$search_users.', g_edit_subjects_interval='.$edit_subjects_interval.', g_post_flood='.$post_flood.', g_search_flood='.$search_flood.' WHERE g_id='.$_POST['group_id']) or error('Unable to update group', __FILE__, __LINE__, $db->error());
+	}
 
 	// Regenerate the quickjump cache
 	require_once PUN_ROOT.'include/cache.php';
diff -urN punbb-1.2.2/upload/admin_index.php punbb-1.2.4/upload/admin_index.php
--- punbb-1.2.2/upload/admin_index.php	Sun Jan 23 18:36:42 2005
+++ punbb-1.2.4/upload/admin_index.php	Sun Mar 13 00:34:06 2005
@@ -64,7 +64,7 @@
 
 
 // Show phpinfo() output
-else if ($action == 'phpinfo')
+else if ($action == 'phpinfo' && $pun_user['g_id'] == PUN_ADMIN)
 {
 	// Is phpinfo() a disabled function?
 	if (strpos(strtolower((string)@ini_get('disable_functions')), 'phpinfo') !== false)
diff -urN punbb-1.2.2/upload/admin_options.php punbb-1.2.4/upload/admin_options.php
--- punbb-1.2.2/upload/admin_options.php	Sun Jan 23 20:08:54 2005
+++ punbb-1.2.4/upload/admin_options.php	Mon Feb 28 01:52:52 2005
@@ -38,7 +38,7 @@
 if (isset($_POST['form_sent']))
 {
 	// Lazy referer check (in case base_url isn't correct)
-	if (!preg_match('#/admin_options\.php#i', $_SERVER['HTTP_REFERER']))
+	if (!isset($_SERVER['HTTP_REFERER']) || !preg_match('#/admin_options\.php#i', $_SERVER['HTTP_REFERER']))
 		message($lang_common['Bad referrer']);
 
 	$form = array_map('trim', $_POST['form']);
diff -urN punbb-1.2.2/upload/admin_ranks.php punbb-1.2.4/upload/admin_ranks.php
--- punbb-1.2.2/upload/admin_ranks.php	Tue Jan 11 20:41:14 2005
+++ punbb-1.2.4/upload/admin_ranks.php	Fri Mar 11 19:17:26 2005
@@ -69,7 +69,7 @@
 {
 	confirm_referrer('admin_ranks.php');
 
-	$id = key($_POST['update']);
+	$id = intval(key($_POST['update']));
 
 	$rank = trim($_POST['rank'][$id]);
 	$min_posts = trim($_POST['min_posts'][$id]);
@@ -100,7 +100,7 @@
 {
 	confirm_referrer('admin_ranks.php');
 
-	$id = key($_POST['remove']);
+	$id = intval(key($_POST['remove']));
 
 	$db->query('DELETE FROM '.$db->prefix.'ranks WHERE id='.$id) or error('Unable to delete rank', __FILE__, __LINE__, $db->error());
 
diff -urN punbb-1.2.2/upload/admin_reports.php punbb-1.2.4/upload/admin_reports.php
--- punbb-1.2.2/upload/admin_reports.php	Tue Jan 11 20:41:14 2005
+++ punbb-1.2.4/upload/admin_reports.php	Fri Mar 11 19:17:26 2005
@@ -40,7 +40,7 @@
 {
 	confirm_referrer('admin_reports.php');
 
-	$zap_id = key($_POST['zap_id']);
+	$zap_id = intval(key($_POST['zap_id']));
 
 	$result = $db->query('SELECT zapped FROM '.$db->prefix.'reports WHERE id='.$zap_id) or error('Unable to fetch report info', __FILE__, __LINE__, $db->error());
 	$zapped = $db->result($result);
diff -urN punbb-1.2.2/upload/admin_users.php punbb-1.2.4/upload/admin_users.php
--- punbb-1.2.2/upload/admin_users.php	Tue Feb  1 16:16:46 2005
+++ punbb-1.2.4/upload/admin_users.php	Fri Mar 11 19:17:26 2005
@@ -266,7 +266,7 @@
 		$conditions[] = 'u.num_posts<'.$posts_less;
 
 	if ($user_group != 'all')
-		$conditions[] = 'u.group_id='.$user_group;
+		$conditions[] = 'u.group_id='.$db->escape($user_group);
 
 	if (!isset($conditions))
 		message('You didn\'t enter any search terms.');
@@ -300,7 +300,7 @@
 			<tbody>
 <?php
 
-	$result = $db->query('SELECT u.id, u.username, u.email, u.title, u.num_posts, u.admin_note, g.g_id, g.g_user_title FROM '.$db->prefix.'users AS u LEFT JOIN '.$db->prefix.'groups AS g ON g.g_id=u.group_id WHERE u.id>1 AND '.implode(' AND ', $conditions).' ORDER BY '.$order_by.' '.$direction) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
+	$result = $db->query('SELECT u.id, u.username, u.email, u.title, u.num_posts, u.admin_note, g.g_id, g.g_user_title FROM '.$db->prefix.'users AS u LEFT JOIN '.$db->prefix.'groups AS g ON g.g_id=u.group_id WHERE u.id>1 AND '.implode(' AND ', $conditions).' ORDER BY '.$db->escape($order_by).' '.$db->escape($direction)) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
 	if ($db->num_rows($result))
 	{
 		while ($user_data = $db->fetch_assoc($result))
diff -urN punbb-1.2.2/upload/header.php punbb-1.2.4/upload/header.php
--- punbb-1.2.2/upload/header.php	Tue Feb  1 16:16:46 2005
+++ punbb-1.2.4/upload/header.php	Wed Mar  9 22:04:02 2005
@@ -15,7 +15,7 @@
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.
 
-  You should have received a copy of the GNU G>eneral Public License
+  You should have received a copy of the GNU General Public License
   along with this program; if not, write to the Free Software
   Foundation, Inc., 59 Temple Place, Suite 330, Boston,
   MA  02111-1307  USA
@@ -171,10 +171,8 @@
 			$tpl_temp .= "\n\t\t\t\t".'<li class="maintenancelink"><strong><a href="admin_options.php#maintenance">Maintenance mode is enabled!</a></strong></li>';
 	}
 
-	if (basename($_SERVER['PHP_SELF']) == 'index.php')
+	if (in_array(basename($_SERVER['PHP_SELF']), array('index.php', 'search.php')))
 		$tpl_temp .= "\n\t\t\t".'</ul>'."\n\t\t\t".'<ul class="conr">'."\n\t\t\t\t".'<li><a href="search.php?action=show_new">'.$lang_common['Show new posts'].'</a></li>'."\n\t\t\t\t".'<li><a href="misc.php?action=markread">'.$lang_common['Mark all as read'].'</a></li>'."\n\t\t\t".'</ul>'."\n\t\t\t".'<div class="clearer"></div>'."\n\t\t".'</div>';
-	else if (isset($_SERVER['QUERY_STRING']) && $_SERVER['QUERY_STRING'] == 'action=show_new')
-		$tpl_temp .= "\n\t\t\t".'</ul>'."\n\t\t\t".'<p class="conr"><a href="misc.php?action=markread">'.$lang_common['Mark all as read'].'</a></p>'."\n\t\t\t".'<div class="clearer"></div>'."\n\t\t".'</div>';
 	else
 		$tpl_temp .= "\n\t\t\t".'</ul>'."\n\t\t\t".'<div class="clearer"></div>'."\n\t\t".'</div>';
 }
diff -urN punbb-1.2.2/upload/help.php punbb-1.2.4/upload/help.php
--- punbb-1.2.2/upload/help.php	Wed Jan 12 21:17:34 2005
+++ punbb-1.2.4/upload/help.php	Fri Mar 18 22:20:44 2005
@@ -86,7 +86,7 @@
 		&nbsp;&nbsp;&nbsp;&nbsp;[quote]<?php echo $lang_help['Quote text'] ?>[/quote]<br /><br />
 		<?php echo $lang_help['produces quote box'] ?><br /><br />
 		<div class="postmsg">
-			<blockquote><div class="incqbox"></h4><p><?php echo $lang_help['Quote text'] ?></p></div></blockquote>
+			<blockquote><div class="incqbox"><p><?php echo $lang_help['Quote text'] ?></p></div></blockquote>
 		</div>
 	</div>
 </div>
diff -urN punbb-1.2.2/upload/include/dblayer/common_db.php punbb-1.2.4/upload/include/dblayer/common_db.php
--- punbb-1.2.2/upload/include/dblayer/common_db.php	Tue Jan 11 20:41:14 2005
+++ punbb-1.2.4/upload/include/dblayer/common_db.php	Fri Mar 18 22:07:48 2005
@@ -23,6 +23,11 @@
 ************************************************************************/
 
 
+// Make sure no one attempts to run this script "directly"
+if (!defined('PUN'))
+	exit;
+
+
 //
 // Return current timestamp (with microseconds) as a float (used in dblayer)
 //
diff -urN punbb-1.2.2/upload/include/email.php punbb-1.2.4/upload/include/email.php
--- punbb-1.2.2/upload/include/email.php	Fri Feb 18 22:05:02 2005
+++ punbb-1.2.4/upload/include/email.php	Fri Mar 18 21:57:02 2005
@@ -33,7 +33,7 @@
 //
 function is_valid_email($email)
 {
-	return preg_match('#^.{1,}@.{2,}\..{2,}$#', $email);
+	return preg_match('/^(([^<>()[\]\\.,;:\s@\"]+(\.[^<>()[\]\\.,;:\s@\"]+)*)|(\".+\"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/', $email);
 }
 
 
@@ -67,8 +67,10 @@
 	if (!$from)
 		$from = '"'.$pun_config['o_board_title'].' '.$lang_common['Mailer'].'" <'.$pun_config['o_webmaster_email'].'>';
 
-	// Make sure the from line doesn't contain a colon (the character, that is :D)
-	$from = str_replace(':', ' ', $from);
+	// Do a little spring cleaning
+	$to = trim(preg_replace('#[\n\r]+#s', '', $to));
+	$subject = trim(preg_replace('#[\n\r]+#s', '', $subject));
+	$from = trim(preg_replace('#[\n\r:]+#s', '', $from));
 
 	// Detect what linebreak we should use for the headers
 	if (strtoupper(substr(PHP_OS, 0, 3) == 'WIN'))
diff -urN punbb-1.2.2/upload/include/functions.php punbb-1.2.4/upload/include/functions.php
--- punbb-1.2.2/upload/include/functions.php	Mon Feb 21 21:00:14 2005
+++ punbb-1.2.4/upload/include/functions.php	Fri Mar 18 22:10:18 2005
@@ -46,7 +46,7 @@
 		$pun_user = $db->fetch_assoc($result);
 
 		// If user authorisation failed
-		if (!isset($pun_user['id']) || md5($cookie_seed.$pun_user['password']) != $cookie['password_hash'])
+		if (!isset($pun_user['id']) || md5($cookie_seed.$pun_user['password']) !== $cookie['password_hash'])
 		{
 			pun_setcookie(0, random_pass(8), $expire);
 			set_default_user();
@@ -739,7 +739,7 @@
 
 	if (strpos($lang_common['lang_encoding'], '8859') !== false)
 	{
-		$fishy_chars = array(chr(0x81), chr(0x8D), chr(0x8F), chr(0x90), chr(0x9D), chr(0xA0), chr(0xCA));
+		$fishy_chars = array(chr(0x81), chr(0x8D), chr(0x8F), chr(0x90), chr(0x9D), chr(0xA0));
 		return trim(str_replace($fishy_chars, ' ', $str));
 	}
 	else
diff -urN punbb-1.2.2/upload/include/parser.php punbb-1.2.4/upload/include/parser.php
--- punbb-1.2.2/upload/include/parser.php	Sun Jan 30 14:52:38 2005
+++ punbb-1.2.4/upload/include/parser.php	Fri Mar 18 23:08:32 2005
@@ -67,7 +67,7 @@
 	if (!$is_signature)
 	{
 		// For non-signatures, we have to do the quote and code tags as well
-		$a[] = '#\[quote=(&quot;|"|\'|)(.*)\\1\]\s*#i';
+		$a[] = '#\[quote=(&quot;|"|\'|)(.*?)\\1\]\s*#i';
 		$a[] = '#\[quote\]\s*#i';
 		$a[] = '#\s*\[/quote\]\s*#i';
 		$a[] = '#\[code\][\r\n]*(.*?)\s*\[/code\]\s*#is';
diff -urN punbb-1.2.2/upload/install.php punbb-1.2.4/upload/install.php
--- punbb-1.2.2/upload/install.php	Thu Feb 24 22:30:58 2005
+++ punbb-1.2.4/upload/install.php	Fri Mar 18 23:12:42 2005
@@ -24,7 +24,7 @@
 
 
 // The PunBB version this script installs
-$punbb_version = '1.2.2';
+$punbb_version = '1.2.4';
 
 
 define('PUN_ROOT', './');
diff -urN punbb-1.2.2/upload/misc.php punbb-1.2.4/upload/misc.php
--- punbb-1.2.2/upload/misc.php	Tue Jan 11 20:41:14 2005
+++ punbb-1.2.4/upload/misc.php	Mon Feb 28 02:02:16 2005
@@ -245,7 +245,7 @@
 
 else if (isset($_GET['subscribe']))
 {
-	if ($pun_user['is_guest'])
+	if ($pun_user['is_guest'] || $pun_config['o_subscriptions'] != '1')
 		message($lang_common['No permission']);
 
 	$topic_id = intval($_GET['subscribe']);
@@ -264,7 +264,7 @@
 
 else if (isset($_GET['unsubscribe']))
 {
-	if ($pun_user['is_guest'])
+	if ($pun_user['is_guest'] || $pun_config['o_subscriptions'] != '1')
 		message($lang_common['No permission']);
 
 	$topic_id = intval($_GET['unsubscribe']);
diff -urN punbb-1.2.2/upload/moderate.php punbb-1.2.4/upload/moderate.php
--- punbb-1.2.2/upload/moderate.php	Thu Feb 24 22:16:34 2005
+++ punbb-1.2.4/upload/moderate.php	Fri Mar 18 22:28:34 2005
@@ -50,7 +50,7 @@
 		$ip = $db->result($result);
 	}
 
-	message('The IP address is: '.$ip.'<br />The host name is: '.gethostbyaddr($ip).'<br /><br /><a href="admin_users.php?show_users='.$ip.'">Show more users for this IP</a>');
+	message('The IP address is: '.$ip.'<br />The host name is: '.@gethostbyaddr($ip).'<br /><br /><a href="admin_users.php?show_users='.$ip.'">Show more users for this IP</a>');
 }
 
 
@@ -285,7 +285,7 @@
 			message($lang_common['Bad request']);
 
 		$topics = explode(',', $_POST['topics']);
-		$move_to_forum = intval($_POST['move_to_forum']);
+		$move_to_forum = isset($_POST['move_to_forum']) ? intval($_POST['move_to_forum']) : 0;
 		if (empty($topics) || $move_to_forum < 1)
 			message($lang_common['Bad request']);
 
@@ -351,7 +351,7 @@
 						<br /><select name="move_to_forum">
 <?php
 
-	$result = $db->query('SELECT c.id AS cid, c.cat_name, f.id AS fid, f.forum_name FROM '.$db->prefix.'categories AS c INNER JOIN '.$db->prefix.'forums AS f ON c.id=f.cat_id WHERE f.redirect_url IS NULL ORDER BY c.disp_position, c.id, f.disp_position') or error('Unable to fetch category/forum list', __FILE__, __LINE__, $db->error());
+	$result = $db->query('SELECT c.id AS cid, c.cat_name, f.id AS fid, f.forum_name FROM '.$db->prefix.'categories AS c INNER JOIN '.$db->prefix.'forums AS f ON c.id=f.cat_id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['group_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND f.redirect_url IS NULL ORDER BY c.disp_position, c.id, f.disp_position', true) or error('Unable to fetch category/forum list', __FILE__, __LINE__, $db->error());
 
 	$cur_category = 0;
 	while ($cur_forum = $db->fetch_assoc($result))
diff -urN punbb-1.2.2/upload/post.php punbb-1.2.4/upload/post.php
--- punbb-1.2.2/upload/post.php	Sat Jan 22 01:32:28 2005
+++ punbb-1.2.4/upload/post.php	Mon Feb 28 02:02:16 2005
@@ -207,73 +207,76 @@
 
 			update_forum($cur_posting['id']);
 
-
-			// Get the post time for the previous post in this topic
-			$result = $db->query('SELECT posted FROM '.$db->prefix.'posts WHERE topic_id='.$tid.' ORDER BY id DESC LIMIT 1, 1') or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());
-			$previous_post_time = $db->result($result);
-
-			// Get any subscribed users that should be notified (banned users are excluded)
-			$result = $db->query('SELECT u.id, u.email, u.notify_with_post, u.language FROM '.$db->prefix.'users AS u INNER JOIN '.$db->prefix.'subscriptions AS s ON u.id=s.user_id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id='.$cur_posting['id'].' AND fp.group_id=u.group_id) LEFT JOIN '.$db->prefix.'online AS o ON u.id=o.user_id LEFT JOIN '.$db->prefix.'bans AS b ON u.username=b.username WHERE b.username IS NULL AND COALESCE(o.logged, u.last_visit)>'.$previous_post_time.' AND (fp.read_forum IS NULL OR fp.read_forum=1) AND s.topic_id='.$tid.' AND u.id!='.intval($pun_user['id'])) or error('Unable to fetch subscription info', __FILE__, __LINE__, $db->error());
-			if ($db->num_rows($result))
+			// Should we send out notifications?
+			if ($pun_config['o_subscriptions'] == '1')
 			{
-				require_once PUN_ROOT.'include/email.php';
+				// Get the post time for the previous post in this topic
+				$result = $db->query('SELECT posted FROM '.$db->prefix.'posts WHERE topic_id='.$tid.' ORDER BY id DESC LIMIT 1, 1') or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());
+				$previous_post_time = $db->result($result);
+
+				// Get any subscribed users that should be notified (banned users are excluded)
+				$result = $db->query('SELECT u.id, u.email, u.notify_with_post, u.language FROM '.$db->prefix.'users AS u INNER JOIN '.$db->prefix.'subscriptions AS s ON u.id=s.user_id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id='.$cur_posting['id'].' AND fp.group_id=u.group_id) LEFT JOIN '.$db->prefix.'online AS o ON u.id=o.user_id LEFT JOIN '.$db->prefix.'bans AS b ON u.username=b.username WHERE b.username IS NULL AND COALESCE(o.logged, u.last_visit)>'.$previous_post_time.' AND (fp.read_forum IS NULL OR fp.read_forum=1) AND s.topic_id='.$tid.' AND u.id!='.intval($pun_user['id'])) or error('Unable to fetch subscription info', __FILE__, __LINE__, $db->error());
+				if ($db->num_rows($result))
+				{
+					require_once PUN_ROOT.'include/email.php';
 
-				$notification_emails = array();
+					$notification_emails = array();
 
-				// Loop through subscribed users and send e-mails
-				while ($cur_subscriber = $db->fetch_assoc($result))
-				{
-					// Is the subscription e-mail for $cur_subscriber['language'] cached or not?
-					if (!isset($notification_emails[$cur_subscriber['language']]))
+					// Loop through subscribed users and send e-mails
+					while ($cur_subscriber = $db->fetch_assoc($result))
 					{
-						if (file_exists(PUN_ROOT.'lang/'.$cur_subscriber['language'].'/mail_templates/new_reply.tpl'))
+						// Is the subscription e-mail for $cur_subscriber['language'] cached or not?
+						if (!isset($notification_emails[$cur_subscriber['language']]))
 						{
-							// Load the "new reply" template
-							$mail_tpl = trim(file_get_contents(PUN_ROOT.'lang/'.$cur_subscriber['language'].'/mail_templates/new_reply.tpl'));
-
-							// Load the "new reply full" template (with post included)
-							$mail_tpl_full = trim(file_get_contents(PUN_ROOT.'lang/'.$cur_subscriber['language'].'/mail_templates/new_reply_full.tpl'));
+							if (file_exists(PUN_ROOT.'lang/'.$cur_subscriber['language'].'/mail_templates/new_reply.tpl'))
+							{
+								// Load the "new reply" template
+								$mail_tpl = trim(file_get_contents(PUN_ROOT.'lang/'.$cur_subscriber['language'].'/mail_templates/new_reply.tpl'));
+
+								// Load the "new reply full" template (with post included)
+								$mail_tpl_full = trim(file_get_contents(PUN_ROOT.'lang/'.$cur_subscriber['language'].'/mail_templates/new_reply_full.tpl'));
+
+								// The first row contains the subject (it also starts with "Subject:")
+								$first_crlf = strpos($mail_tpl, "\n");
+								$mail_subject = trim(substr($mail_tpl, 8, $first_crlf-8));
+								$mail_message = trim(substr($mail_tpl, $first_crlf));
+
+								$first_crlf = strpos($mail_tpl_full, "\n");
+								$mail_subject_full = trim(substr($mail_tpl_full, 8, $first_crlf-8));
+								$mail_message_full = trim(substr($mail_tpl_full, $first_crlf));
+
+								$mail_subject = str_replace('<topic_subject>', '\''.$cur_posting['subject'].'\'', $mail_subject);
+								$mail_message = str_replace('<topic_subject>', '\''.$cur_posting['subject'].'\'', $mail_message);
+								$mail_message = str_replace('<replier>', $username, $mail_message);
+								$mail_message = str_replace('<post_url>', $pun_config['o_base_url'].'/viewtopic.php?pid='.$new_pid.'#p'.$new_pid, $mail_message);
+								$mail_message = str_replace('<unsubscribe_url>', $pun_config['o_base_url'].'/misc.php?unsubscribe='.$tid, $mail_message);
+								$mail_message = str_replace('<board_mailer>', $pun_config['o_board_title'].' '.$lang_common['Mailer'], $mail_message);
+
+								$mail_subject_full = str_replace('<topic_subject>', '\''.$cur_posting['subject'].'\'', $mail_subject_full);
+								$mail_message_full = str_replace('<topic_subject>', '\''.$cur_posting['subject'].'\'', $mail_message_full);
+								$mail_message_full = str_replace('<replier>', $username, $mail_message_full);
+								$mail_message_full = str_replace('<message>', $message, $mail_message_full);
+								$mail_message_full = str_replace('<post_url>', $pun_config['o_base_url'].'/viewtopic.php?pid='.$new_pid.'#p'.$new_pid, $mail_message_full);
+								$mail_message_full = str_replace('<unsubscribe_url>', $pun_config['o_base_url'].'/misc.php?unsubscribe='.$tid, $mail_message_full);
+								$mail_message_full = str_replace('<board_mailer>', $pun_config['o_board_title'].' '.$lang_common['Mailer'], $mail_message_full);
+
+								$notification_emails[$cur_subscriber['language']][0] = $mail_subject;
+								$notification_emails[$cur_subscriber['language']][1] = $mail_message;
+								$notification_emails[$cur_subscriber['language']][2] = $mail_subject_full;
+								$notification_emails[$cur_subscriber['language']][3] = $mail_message_full;
 
-							// The first row contains the subject (it also starts with "Subject:")
-							$first_crlf = strpos($mail_tpl, "\n");
-							$mail_subject = trim(substr($mail_tpl, 8, $first_crlf-8));
-							$mail_message = trim(substr($mail_tpl, $first_crlf));
-
-							$first_crlf = strpos($mail_tpl_full, "\n");
-							$mail_subject_full = trim(substr($mail_tpl_full, 8, $first_crlf-8));
-							$mail_message_full = trim(substr($mail_tpl_full, $first_crlf));
-
-							$mail_subject = str_replace('<topic_subject>', '\''.$cur_posting['subject'].'\'', $mail_subject);
-							$mail_message = str_replace('<topic_subject>', '\''.$cur_posting['subject'].'\'', $mail_message);
-							$mail_message = str_replace('<replier>', $username, $mail_message);
-							$mail_message = str_replace('<post_url>', $pun_config['o_base_url'].'/viewtopic.php?pid='.$new_pid.'#p'.$new_pid, $mail_message);
-							$mail_message = str_replace('<unsubscribe_url>', $pun_config['o_base_url'].'/misc.php?unsubscribe='.$tid, $mail_message);
-							$mail_message = str_replace('<board_mailer>', $pun_config['o_board_title'].' '.$lang_common['Mailer'], $mail_message);
-
-							$mail_subject_full = str_replace('<topic_subject>', '\''.$cur_posting['subject'].'\'', $mail_subject_full);
-							$mail_message_full = str_replace('<topic_subject>', '\''.$cur_posting['subject'].'\'', $mail_message_full);
-							$mail_message_full = str_replace('<replier>', $username, $mail_message_full);
-							$mail_message_full = str_replace('<message>', $message, $mail_message_full);
-							$mail_message_full = str_replace('<post_url>', $pun_config['o_base_url'].'/viewtopic.php?pid='.$new_pid.'#p'.$new_pid, $mail_message_full);
-							$mail_message_full = str_replace('<unsubscribe_url>', $pun_config['o_base_url'].'/misc.php?unsubscribe='.$tid, $mail_message_full);
-							$mail_message_full = str_replace('<board_mailer>', $pun_config['o_board_title'].' '.$lang_common['Mailer'], $mail_message_full);
-
-							$notification_emails[$cur_subscriber['language']][0] = $mail_subject;
-							$notification_emails[$cur_subscriber['language']][1] = $mail_message;
-							$notification_emails[$cur_subscriber['language']][2] = $mail_subject_full;
-							$notification_emails[$cur_subscriber['language']][3] = $mail_message_full;
-
-							$mail_subject = $mail_message = $mail_subject_full = $mail_message_full = null;
+								$mail_subject = $mail_message = $mail_subject_full = $mail_message_full = null;
+							}
 						}
-					}
 
-					// We have to double check here because the templates could be missing
-					if (isset($notification_emails[$cur_subscriber['language']]))
-					{
-						if ($cur_subscriber['notify_with_post'] == '0')
-							pun_mail($cur_subscriber['email'], $notification_emails[$cur_subscriber['language']][0], $notification_emails[$cur_subscriber['language']][1]);
-						else
-							pun_mail($cur_subscriber['email'], $notification_emails[$cur_subscriber['language']][2], $notification_emails[$cur_subscriber['language']][3]);
+						// We have to double check here because the templates could be missing
+						if (isset($notification_emails[$cur_subscriber['language']]))
+						{
+							if ($cur_subscriber['notify_with_post'] == '0')
+								pun_mail($cur_subscriber['email'], $notification_emails[$cur_subscriber['language']][0], $notification_emails[$cur_subscriber['language']][1]);
+							else
+								pun_mail($cur_subscriber['email'], $notification_emails[$cur_subscriber['language']][2], $notification_emails[$cur_subscriber['language']][3]);
+						}
 					}
 				}
 			}
diff -urN punbb-1.2.2/upload/profile.php punbb-1.2.4/upload/profile.php
--- punbb-1.2.2/upload/profile.php	Thu Feb 24 22:16:34 2005
+++ punbb-1.2.4/upload/profile.php	Fri Mar 18 23:03:38 2005
@@ -59,7 +59,7 @@
 		$result = $db->query('SELECT activate_string, activate_key FROM '.$db->prefix.'users WHERE id='.$id) or error('Unable to fetch new password', __FILE__, __LINE__, $db->error());
 		list($new_password_hash, $new_password_key) = $db->fetch_row($result);
 
-		if ($key != $new_password_key)
+		if ($key == '' || $key != $new_password_key)
 			message($lang_profile['Pass key bad'].' <a href="mailto:'.$pun_config['o_admin_email'].'">'.$pun_config['o_admin_email'].'</a>.');
 		else
 		{
@@ -966,7 +966,7 @@
 					<div class="infldset">
 						<dl>
 							<dt><?php echo $lang_profile['Jabber'] ?>: </dt>
-							<dd><?php echo ($user['jabber'] !='') ? $user['jabber'] : $lang_profile['Unknown']; ?></dd>
+							<dd><?php echo ($user['jabber'] !='') ? pun_htmlspecialchars($user['jabber']) : $lang_profile['Unknown']; ?></dd>
 							<dt><?php echo $lang_profile['ICQ'] ?>: </dt>
 							<dd><?php echo ($user['icq'] !='') ? $user['icq'] : $lang_profile['Unknown']; ?></dd>
 							<dt><?php echo $lang_profile['MSN'] ?>: </dt>
diff -urN punbb-1.2.2/upload/userlist.php punbb-1.2.4/upload/userlist.php
--- punbb-1.2.2/upload/userlist.php	Mon Jan 17 21:35:36 2005
+++ punbb-1.2.4/upload/userlist.php	Thu Mar  3 01:08:18 2005
@@ -116,7 +116,7 @@
 	$where_sql[] = 'u.group_id='.$show_group;
 
 // Fetch user count
-$result = $db->query('SELECT COUNT(id)-1 FROM '.$db->prefix.'users AS u'.(!empty($where_sql) ? ' WHERE '.implode(' AND ', $where_sql) : '')) or error('Unable to fetch user list count', __FILE__, __LINE__, $db->error());
+$result = $db->query('SELECT COUNT(id) FROM '.$db->prefix.'users AS u'.(!empty($where_sql) ? ' WHERE u.id>1 AND '.implode(' AND ', $where_sql) : '')) or error('Unable to fetch user list count', __FILE__, __LINE__, $db->error());
 $num_users = $db->result($result);
 
 
@@ -154,7 +154,7 @@
 <?php
 
 // Grab the users
-$result = $db->query('SELECT u.id, u.username, u.title, u.num_posts, u.registered, g.g_id, g.g_user_title FROM '.$db->prefix.'users AS u INNER JOIN '.$db->prefix.'groups AS g ON g.g_id=u.group_id WHERE u.id>1'.(!empty($where_sql) ? ' AND '.implode(' AND ', $where_sql) : '').' ORDER BY '.$sort_by.' '.$sort_dir.' LIMIT '.$start_from.', 50') or error('Unable to fetch user list', __FILE__, __LINE__, $db->error());
+$result = $db->query('SELECT u.id, u.username, u.title, u.num_posts, u.registered, g.g_id, g.g_user_title FROM '.$db->prefix.'users AS u LEFT JOIN '.$db->prefix.'groups AS g ON g.g_id=u.group_id WHERE u.id>1'.(!empty($where_sql) ? ' AND '.implode(' AND ', $where_sql) : '').' ORDER BY '.$sort_by.' '.$sort_dir.' LIMIT '.$start_from.', 50') or error('Unable to fetch user list', __FILE__, __LINE__, $db->error());
 if ($db->num_rows($result))
 {
 	while ($user_data = $db->fetch_assoc($result))