diff -urN punbb-1.2.3/upload/admin_bans.php punbb-1.2.8/upload/admin_bans.php
--- punbb-1.2.3/upload/admin_bans.php	Tue Feb  1 16:16:46 2005
+++ punbb-1.2.8/upload/admin_bans.php	Thu Jul  7 19:31:54 2005
@@ -44,7 +44,7 @@
 		if (isset($_GET['add_ban']))
 		{
 			$add_ban = intval($_GET['add_ban']);
-			if ($add_ban < 1)
+			if ($add_ban < 2)
 				message($lang_common['Bad request']);
 
 			$user_id = $add_ban;
@@ -61,7 +61,7 @@
 
 			if ($ban_user != '')
 			{
-				$result = $db->query('SELECT id, group_id, username, email FROM '.$db->prefix.'users WHERE username=\''.$db->escape($ban_user).'\'') or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
+				$result = $db->query('SELECT id, group_id, username, email FROM '.$db->prefix.'users WHERE username=\''.$db->escape($ban_user).'\' AND id>1') or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
 				if ($db->num_rows($result))
 					list($user_id, $group_id, $ban_user, $ban_email) = $db->fetch_row($result);
 				else
@@ -244,7 +244,7 @@
 	if ($_POST['mode'] == 'add')
 		$db->query('INSERT INTO '.$db->prefix.'bans (username, ip, email, message, expire) VALUES('.$ban_user.', '.$ban_ip.', '.$ban_email.', '.$ban_message.', '.$ban_expire.')') or error('Unable to add ban', __FILE__, __LINE__, $db->error());
 	else
-		$db->query('UPDATE '.$db->prefix.'bans SET username='.$ban_user.', ip='.$ban_ip.', email='.$ban_email.', message='.$ban_message.', expire='.$ban_expire.' WHERE id='.$_POST['ban_id']) or error('Unable to update ban', __FILE__, __LINE__, $db->error());
+		$db->query('UPDATE '.$db->prefix.'bans SET username='.$ban_user.', ip='.$ban_ip.', email='.$ban_email.', message='.$ban_message.', expire='.$ban_expire.' WHERE id='.intval($_POST['ban_id'])) or error('Unable to update ban', __FILE__, __LINE__, $db->error());
 
 	// Regenerate the bans cache
 	require_once PUN_ROOT.'include/cache.php';
diff -urN punbb-1.2.3/upload/admin_categories.php punbb-1.2.8/upload/admin_categories.php
--- punbb-1.2.3/upload/admin_categories.php	Tue Jan 11 20:41:14 2005
+++ punbb-1.2.8/upload/admin_categories.php	Sun Apr  3 20:48:30 2005
@@ -123,7 +123,7 @@
 						</div>
 					</fieldset>
 				</div>
-				<p><input type="submit" name="del_cat_comply" value="Delete" />&nbsp;&nbsp;&nbsp;<a href="javascript:history.go(-1)" />Go back</a></p>
+				<p><input type="submit" name="del_cat_comply" value="Delete" /><a href="javascript:history.go(-1)">Go back</a></p>
 			</form>
 		</div>
 	</div>
diff -urN punbb-1.2.3/upload/admin_censoring.php punbb-1.2.8/upload/admin_censoring.php
--- punbb-1.2.3/upload/admin_censoring.php	Fri Mar 11 19:17:26 2005
+++ punbb-1.2.8/upload/admin_censoring.php	Thu Apr  7 21:38:22 2005
@@ -57,7 +57,7 @@
 {
 	confirm_referrer('admin_censoring.php');
 
-	$id = key($_POST['update']);
+	$id = intval(key($_POST['update']));
 
 	$search_for = trim($_POST['search_for'][$id]);
 	$replace_with = trim($_POST['replace_with'][$id]);
diff -urN punbb-1.2.3/upload/admin_forums.php punbb-1.2.8/upload/admin_forums.php
--- punbb-1.2.3/upload/admin_forums.php	Fri Feb 18 22:05:02 2005
+++ punbb-1.2.8/upload/admin_forums.php	Sun Apr  3 20:48:30 2005
@@ -117,7 +117,7 @@
 						</div>
 					</fieldset>
 				</div>
-				<p><input type="submit" name="del_forum_comply" value="Delete" />&nbsp;&nbsp;&nbsp;<a href="javascript:history.go(-1)" />Go back</a></p>
+				<p><input type="submit" name="del_forum_comply" value="Delete" /><a href="javascript:history.go(-1)">Go back</a></p>
 			</form>
 		</div>
 	</div>
diff -urN punbb-1.2.3/upload/admin_groups.php punbb-1.2.8/upload/admin_groups.php
--- punbb-1.2.3/upload/admin_groups.php	Fri Feb 18 22:05:02 2005
+++ punbb-1.2.8/upload/admin_groups.php	Fri Sep  2 16:04:40 2005
@@ -209,15 +209,15 @@
 
 	$title = trim($_POST['req_title']);
 	$user_title = trim($_POST['user_title']);
-	$read_board = isset($_POST['read_board']) ? $_POST['read_board'] : '1';
-	$post_replies = isset($_POST['post_replies']) ? $_POST['post_replies'] : '1';
-	$post_topics = isset($_POST['post_topics']) ? $_POST['post_topics'] : '1';
-	$edit_posts = isset($_POST['edit_posts']) ? $_POST['edit_posts'] : ($is_admin_group) ? '1' : '0';
-	$delete_posts = isset($_POST['delete_posts']) ? $_POST['delete_posts'] : ($is_admin_group) ? '1' : '0';
-	$delete_topics = isset($_POST['delete_topics']) ? $_POST['delete_topics'] : ($is_admin_group) ? '1' : '0';
-	$set_title = isset($_POST['set_title']) ? $_POST['set_title'] : ($is_admin_group) ? '1' : '0';
-	$search = isset($_POST['search']) ? $_POST['search'] : '1';
-	$search_users = isset($_POST['search_users']) ? $_POST['search_users'] : '1';
+	$read_board = isset($_POST['read_board']) ? intval($_POST['read_board']) : '1';
+	$post_replies = isset($_POST['post_replies']) ? intval($_POST['post_replies']) : '1';
+	$post_topics = isset($_POST['post_topics']) ? intval($_POST['post_topics']) : '1';
+	$edit_posts = isset($_POST['edit_posts']) ? intval($_POST['edit_posts']) : ($is_admin_group) ? '1' : '0';
+	$delete_posts = isset($_POST['delete_posts']) ? intval($_POST['delete_posts']) : ($is_admin_group) ? '1' : '0';
+	$delete_topics = isset($_POST['delete_topics']) ? intval($_POST['delete_topics']) : ($is_admin_group) ? '1' : '0';
+	$set_title = isset($_POST['set_title']) ? intval($_POST['set_title']) : ($is_admin_group) ? '1' : '0';
+	$search = isset($_POST['search']) ? intval($_POST['search']) : '1';
+	$search_users = isset($_POST['search_users']) ? intval($_POST['search_users']) : '1';
 	$edit_subjects_interval = isset($_POST['edit_subjects_interval']) ? intval($_POST['edit_subjects_interval']) : '0';
 	$post_flood = isset($_POST['post_flood']) ? intval($_POST['post_flood']) : '0';
 	$search_flood = isset($_POST['search_flood']) ? intval($_POST['search_flood']) : '0';
@@ -229,8 +229,8 @@
 
 	if ($_POST['mode'] == 'add')
 	{
-		$db->query('SELECT 1 FROM '.$db->prefix.'groups WHERE g_title=\''.$db->escape($title).'\'') or error('Unable to check group title collision', __FILE__, __LINE__, $db->error());
-		if ($db->num_rows())
+		$result = $db->query('SELECT 1 FROM '.$db->prefix.'groups WHERE g_title=\''.$db->escape($title).'\'') or error('Unable to check group title collision', __FILE__, __LINE__, $db->error());
+		if ($db->num_rows($result))
 			message('There is already a group with the title \''.pun_htmlspecialchars($title).'\'.');
 
 		$db->query('INSERT INTO '.$db->prefix.'groups (g_title, g_user_title, g_read_board, g_post_replies, g_post_topics, g_edit_posts, g_delete_posts, g_delete_topics, g_set_title, g_search, g_search_users, g_edit_subjects_interval, g_post_flood, g_search_flood) VALUES(\''.$db->escape($title).'\', '.$user_title.', '.$read_board.', '.$post_replies.', '.$post_topics.', '.$edit_posts.', '.$delete_posts.', '.$delete_topics.', '.$set_title.', '.$search.', '.$search_users.', '.$edit_subjects_interval.', '.$post_flood.', '.$search_flood.')') or error('Unable to add group', __FILE__, __LINE__, $db->error());
@@ -242,7 +242,13 @@
 			$db->query('INSERT INTO '.$db->prefix.'forum_perms (group_id, forum_id, read_forum, post_replies, post_topics) VALUES('.$new_group_id.', '.$cur_forum_perm['forum_id'].', '.$cur_forum_perm['read_forum'].', '.$cur_forum_perm['post_replies'].', '.$cur_forum_perm['post_topics'].')') or error('Unable to insert group forum permissions', __FILE__, __LINE__, $db->error());
 	}
 	else
-		$db->query('UPDATE '.$db->prefix.'groups SET g_title=\''.$db->escape($title).'\', g_user_title='.$user_title.', g_read_board='.$read_board.', g_post_replies='.$post_replies.', g_post_topics='.$post_topics.', g_edit_posts='.$edit_posts.', g_delete_posts='.$delete_posts.', g_delete_topics='.$delete_topics.', g_set_title='.$set_title.', g_search='.$search.', g_search_users='.$search_users.', g_edit_subjects_interval='.$edit_subjects_interval.', g_post_flood='.$post_flood.', g_search_flood='.$search_flood.' WHERE g_id='.$_POST['group_id']) or error('Unable to update group', __FILE__, __LINE__, $db->error());
+	{
+		$result = $db->query('SELECT 1 FROM '.$db->prefix.'groups WHERE g_title=\''.$db->escape($title).'\' AND g_id!='.intval($_POST['group_id'])) or error('Unable to check group title collision', __FILE__, __LINE__, $db->error());
+		if ($db->num_rows($result))
+			message('There is already a group with the title \''.pun_htmlspecialchars($title).'\'.');
+
+		$db->query('UPDATE '.$db->prefix.'groups SET g_title=\''.$db->escape($title).'\', g_user_title='.$user_title.', g_read_board='.$read_board.', g_post_replies='.$post_replies.', g_post_topics='.$post_topics.', g_edit_posts='.$edit_posts.', g_delete_posts='.$delete_posts.', g_delete_topics='.$delete_topics.', g_set_title='.$set_title.', g_search='.$search.', g_search_users='.$search_users.', g_edit_subjects_interval='.$edit_subjects_interval.', g_post_flood='.$post_flood.', g_search_flood='.$search_flood.' WHERE g_id='.intval($_POST['group_id'])) or error('Unable to update group', __FILE__, __LINE__, $db->error());
+	}
 
 	// Regenerate the quickjump cache
 	require_once PUN_ROOT.'include/cache.php';
diff -urN punbb-1.2.3/upload/admin_index.php punbb-1.2.8/upload/admin_index.php
--- punbb-1.2.3/upload/admin_index.php	Sun Jan 23 18:36:42 2005
+++ punbb-1.2.8/upload/admin_index.php	Fri Sep  2 16:03:18 2005
@@ -64,7 +64,7 @@
 
 
 // Show phpinfo() output
-else if ($action == 'phpinfo')
+else if ($action == 'phpinfo' && $pun_user['g_id'] == PUN_ADMIN)
 {
 	// Is phpinfo() a disabled function?
 	if (strpos(strtolower((string)@ini_get('disable_functions')), 'phpinfo') !== false)
@@ -86,14 +86,14 @@
 	$load_averages = @explode(' ', $load_averages);
 	$server_load = isset($load_averages[2]) ? $load_averages[0].' '.$load_averages[1].' '.$load_averages[2] : 'Not available';
 }
-else if (preg_match('/averages?: ([0-9\.]+),[\s]+([0-9\.]+),[\s]+([0-9\.]+)/i', @exec('uptime'), $load_averages))
+else if (!in_array(PHP_OS, array('WINNT', 'WIN32')) && preg_match('/averages?: ([0-9\.]+),[\s]+([0-9\.]+),[\s]+([0-9\.]+)/i', @exec('uptime'), $load_averages))
 	$server_load = $load_averages[1].' '.$load_averages[2].' '.$load_averages[3];
 else
 	$server_load = 'Not available';
 
 
 // Get number of current visitors
-$result = $db->query('SELECT COUNT(user_id) FROM '.$db->prefix.'online') or error('Unable to fetch online count', __FILE__, __LINE__, $db->error());
+$result = $db->query('SELECT COUNT(user_id) FROM '.$db->prefix.'online WHERE idle=0') or error('Unable to fetch online count', __FILE__, __LINE__, $db->error());
 $num_online = $db->result($result);
 
 
diff -urN punbb-1.2.3/upload/admin_options.php punbb-1.2.8/upload/admin_options.php
--- punbb-1.2.3/upload/admin_options.php	Mon Feb 28 01:52:52 2005
+++ punbb-1.2.8/upload/admin_options.php	Wed Jul 27 23:24:24 2005
@@ -117,14 +117,14 @@
 	while (list($key, $input) = @each($form))
 	{
 		// Only update values that have changed
-		if ($pun_config['o_'.$key] != $input)
+		if (array_key_exists('o_'.$key, $pun_config) && $pun_config['o_'.$key] != $input)
 		{
 			if ($input != '' || is_int($input))
 				$value = '\''.$db->escape($input).'\'';
 			else
 				$value = 'NULL';
 
-			$db->query('UPDATE '.$db->prefix.'config SET conf_value='.$value.' WHERE conf_name=\'o_'.$key.'\'') or error('Unable to update board config', __FILE__, __LINE__, $db->error());
+			$db->query('UPDATE '.$db->prefix.'config SET conf_value='.$value.' WHERE conf_name=\'o_'.$db->escape($key).'\'') or error('Unable to update board config', __FILE__, __LINE__, $db->error());
 		}
 	}
 
@@ -229,11 +229,13 @@
 		$d = dir(PUN_ROOT.'lang');
 		while (($entry = $d->read()) !== false)
 		{
-			if ($entry != '.' && $entry != '..' && is_dir(PUN_ROOT.'lang/'.$entry))
+			if ($entry != '.' && $entry != '..' && is_dir(PUN_ROOT.'lang/'.$entry) && file_exists(PUN_ROOT.'lang/'.$entry.'/common.php'))
 				$languages[] = $entry;
 		}
 		$d->close();
 
+		@natsort($languages);
+
 		while (list(, $temp) = @each($languages))
 		{
 			if ($pun_config['o_default_lang'] == $temp)
@@ -261,6 +263,8 @@
 				$styles[] = substr($entry, 0, strlen($entry)-4);
 		}
 		$d->close();
+
+		@natsort($styles);
 
 		while (list(, $temp) = @each($styles))
 		{
diff -urN punbb-1.2.3/upload/admin_permissions.php punbb-1.2.8/upload/admin_permissions.php
--- punbb-1.2.3/upload/admin_permissions.php	Tue Jan 11 20:41:14 2005
+++ punbb-1.2.8/upload/admin_permissions.php	Fri Sep  2 01:36:10 2005
@@ -39,23 +39,13 @@
 {
 	confirm_referrer('admin_permissions.php');
 
-	$form = array_map('trim', $_POST['form']);
-
-	$form['sig_length'] = intval($form['sig_length']);
-	$form['sig_lines'] = intval($form['sig_lines']);
+	$form = array_map('intval', $_POST['form']);
 
 	while (list($key, $input) = @each($form))
 	{
 		// Only update values that have changed
-		if ($pun_config['p_'.$key] != $input)
-		{
-			if ($input != '' || is_int($input))
-				$value = '\''.$db->escape($input).'\'';
-			else
-				$value = 'NULL';
-
-			$db->query('UPDATE '.$db->prefix.'config SET conf_value='.$value.' WHERE conf_name=\'p_'.$key.'\'') or error('Unable to update board config', __FILE__, __LINE__, $db->error());
-		}
+		if (array_key_exists('p_'.$key, $pun_config) && $pun_config['p_'.$key] != $input)
+			$db->query('UPDATE '.$db->prefix.'config SET conf_value='.$input.' WHERE conf_name=\'p_'.$db->escape($key).'\'') or error('Unable to update board config', __FILE__, __LINE__, $db->error());
 	}
 
 	// Regenerate the config cache
diff -urN punbb-1.2.3/upload/admin_prune.php punbb-1.2.8/upload/admin_prune.php
--- punbb-1.2.3/upload/admin_prune.php	Tue Jan 11 20:41:14 2005
+++ punbb-1.2.8/upload/admin_prune.php	Thu Jul  7 19:31:54 2005
@@ -62,6 +62,7 @@
 		}
 		else
 		{
+			$prune_from = intval($prune_from);
 			prune($prune_from, $_POST['prune_sticky'], $prune_date);
 			update_forum($prune_from);
 		}
@@ -97,6 +98,7 @@
 
 	if ($prune_from != 'all')
 	{
+		$prune_from = intval($prune_from);
 		$sql .= ' AND forum_id='.$prune_from;
 
 		// Fetch the forum name (just for cosmetic reasons)
@@ -135,7 +137,7 @@
 						</div>
 					</fieldset>
 				</div>
-				<p><input type="submit" name="prune_comply" value="Prune" />&nbsp;&nbsp;&nbsp;<a href="javascript:history.go(-1)" />Go back</a></p>
+				<p><input type="submit" name="prune_comply" value="Prune" /><a href="javascript:history.go(-1)">Go back</a></p>
 			</form>
 		</div>
 	</div>
diff -urN punbb-1.2.3/upload/admin_users.php punbb-1.2.8/upload/admin_users.php
--- punbb-1.2.3/upload/admin_users.php	Fri Mar 11 19:17:26 2005
+++ punbb-1.2.8/upload/admin_users.php	Fri Sep  2 16:04:40 2005
@@ -49,7 +49,7 @@
 ?>
 <div class="linkst">
 	<div class="inbox">
-		<div><a href="javascript:history.go(-1)" />Go back</a></div>
+		<div><a href="javascript:history.go(-1)">Go back</a></div>
 	</div>
 </div>
 
@@ -98,7 +98,7 @@
 
 <div class="linksb">
 	<div class="inbox">
-		<div><a href="javascript:history.go(-1)" />Go back</a></div>
+		<div><a href="javascript:history.go(-1)">Go back</a></div>
 	</div>
 </div>
 <?php
@@ -121,7 +121,7 @@
 ?>
 <div class="linkst">
 	<div class="inbox">
-		<div><a href="javascript:history.go(-1)" />Go back</a></div>
+		<div><a href="javascript:history.go(-1)">Go back</a></div>
 	</div>
 </div>
 
@@ -202,7 +202,7 @@
 
 <div class="linksb">
 	<div class="inbox">
-		<div><a href="javascript:history.go(-1)" />Go back</a></div>
+		<div><a href="javascript:history.go(-1)">Go back</a></div>
 	</div>
 </div>
 <?php
@@ -217,6 +217,7 @@
 
 	// trim() all elements in $form
 	$form = array_map('trim', $form);
+	$conditions = array();
 
 	$posts_greater = trim($_POST['posts_greater']);
 	$posts_less = trim($_POST['posts_less']);
@@ -257,7 +258,7 @@
 	while (list($key, $input) = @each($form))
 	{
 		if ($input != '')
-			$conditions[] = 'u.'.$key.' '.$like_command.' \''.str_replace('*', '%', $input).'\'';
+			$conditions[] = 'u.'.$db->escape($key).' '.$like_command.' \''.$db->escape(str_replace('*', '%', $input)).'\'';
 	}
 
 	if ($posts_greater != '')
@@ -268,7 +269,7 @@
 	if ($user_group != 'all')
 		$conditions[] = 'u.group_id='.$db->escape($user_group);
 
-	if (!isset($conditions))
+	if (empty($conditions))
 		message('You didn\'t enter any search terms.');
 
 
@@ -278,7 +279,7 @@
 ?>
 <div class="linkst">
 	<div class="inbox">
-		<div><a href="javascript:history.go(-1)" />Go back</a></div>
+		<div><a href="javascript:history.go(-1)">Go back</a></div>
 	</div>
 </div>
 
@@ -338,7 +339,7 @@
 
 <div class="linksb">
 	<div class="inbox">
-		<div><a href="javascript:history.go(-1)" />Go back</a></div>
+		<div><a href="javascript:history.go(-1)">Go back</a></div>
 	</div>
 </div>
 <?php
diff -urN punbb-1.2.3/upload/edit.php punbb-1.2.8/upload/edit.php
--- punbb-1.2.3/upload/edit.php	Tue Jan 11 20:41:14 2005
+++ punbb-1.2.8/upload/edit.php	Fri Sep  2 16:05:30 2005
@@ -175,7 +175,7 @@
 else if (isset($_POST['preview']))
 {
 	require_once PUN_ROOT.'include/parser.php';
-	$message = parse_message(trim($_POST['req_message']), $hide_smilies);
+	$preview_message = parse_message($message, $hide_smilies);
 
 ?>
 <div id="postpreview" class="blockpost">
@@ -184,7 +184,7 @@
 		<div class="inbox">
 			<div class="postright">
 				<div class="postmsg">
-					<?php echo $message."\n" ?>
+					<?php echo $preview_message."\n" ?>
 				</div>
 			</div>
 		</div>
@@ -208,7 +208,7 @@
 <?php if ($can_edit_subject): ?>						<label><?php echo $lang_common['Subject'] ?><br />
 						<input class="longinput" type="text" name="req_subject" size="80" maxlength="70" tabindex="<?php echo $cur_index++ ?>" value="<?php echo pun_htmlspecialchars(isset($_POST['req_subject']) ? $_POST['req_subject'] : $cur_post['subject']) ?>" /><br /></label>
 <?php endif; ?>						<label><?php echo $lang_common['Message'] ?><br />
-						<textarea name="req_message" rows="20" cols="95" tabindex="<?php echo $cur_index++ ?>"><?php echo pun_htmlspecialchars(isset($_POST['req_message']) ? $_POST['req_message'] : $cur_post['message']) ?></textarea><br /></label>
+						<textarea name="req_message" rows="20" cols="95" tabindex="<?php echo $cur_index++ ?>"><?php echo pun_htmlspecialchars(isset($_POST['req_message']) ? $message : $cur_post['message']) ?></textarea><br /></label>
 						<ul class="bblinks">
 							<li><a href="help.php#bbcode" onclick="window.open(this.href); return false;"><?php echo $lang_common['BBCode'] ?></a>: <?php echo ($pun_config['p_message_bbcode'] == '1') ? $lang_common['on'] : $lang_common['off']; ?></li>
 							<li><a href="help.php#img" onclick="window.open(this.href); return false;"><?php echo $lang_common['img tag'] ?></a>: <?php echo ($pun_config['p_message_img_tag'] == '1') ? $lang_common['on'] : $lang_common['off']; ?></li>
diff -urN punbb-1.2.3/upload/extern.php punbb-1.2.8/upload/extern.php
--- punbb-1.2.3/upload/extern.php	Tue Jan 11 20:41:14 2005
+++ punbb-1.2.8/upload/extern.php	Wed Jul 27 23:25:14 2005
@@ -116,8 +116,8 @@
 	exit('The file \'config.php\' doesn\'t exist or is corrupt. Please run install.php to install PunBB first.');
 
 
-// Disable error reporting for uninitialized variables
-error_reporting(E_ALL);
+// Make sure PHP reports all errors except E_NOTICE
+error_reporting(E_ALL ^ E_NOTICE);
 
 // Turn off magic_quotes_runtime
 set_magic_quotes_runtime(0);
@@ -129,10 +129,14 @@
 // Load DB abstraction layer and try to connect
 require PUN_ROOT.'include/dblayer/common_db.php';
 
-// Get the forum config
-$result = $db->query('SELECT * FROM '.$db->prefix.'config') or error('Unable to fetch forum config', __FILE__, __LINE__, $db->error());
-while ($cur_config_item = $db->fetch_row($result))
-	$pun_config[$cur_config_item[0]] = $cur_config_item[1];
+// Load cached config
+@include PUN_ROOT.'cache/cache_config.php';
+if (!defined('PUN_CONFIG_LOADED'))
+{
+    require PUN_ROOT.'include/cache.php';
+    generate_config_cache();
+    require PUN_ROOT.'cache/cache_config.php';
+}
 
 // Make sure we (guests) have permission to read the forums
 $result = $db->query('SELECT g_read_board FROM '.$db->prefix.'groups WHERE g_id=3') or error('Unable to fetch group info', __FILE__, __LINE__, $db->error());
diff -urN punbb-1.2.3/upload/footer.php punbb-1.2.8/upload/footer.php
--- punbb-1.2.3/upload/footer.php	Tue Feb 22 23:31:02 2005
+++ punbb-1.2.8/upload/footer.php	Thu Jul  7 18:44:40 2005
@@ -140,10 +140,13 @@
 
 
 // START SUBST - <pun_include "*">
-while (preg_match('/<pun_include "(.*?)">/', $tpl_main, $cur_include))
+while (preg_match('#<pun_include "([^/\\\\]*?)">#', $tpl_main, $cur_include))
 {
+	if (!file_exists(PUN_ROOT.'include/user/'.$cur_include[1]))
+		error('Unable to process user include &lt;pun_include "'.htmlspecialchars($cur_include[1]).'"&gt; from template main.tpl. There is no such file in folder /include/user/');
+
 	ob_start();
-	include PUN_ROOT.$cur_include[1];
+	include PUN_ROOT.'include/user/'.$cur_include[1];
 	$tpl_temp = ob_get_contents();
 	$tpl_main = str_replace($cur_include[0], $tpl_temp, $tpl_main);
     ob_end_clean();
diff -urN punbb-1.2.3/upload/header.php punbb-1.2.8/upload/header.php
--- punbb-1.2.3/upload/header.php	Wed Mar  9 22:04:02 2005
+++ punbb-1.2.8/upload/header.php	Thu Jul  7 18:48:00 2005
@@ -68,10 +68,7 @@
 if (defined('PUN_ADMIN_CONSOLE'))
 	echo '<link rel="stylesheet" type="text/css" href="style/imports/base_admin.css" />'."\n";
 
-if (isset($destination_url))
-	echo '<meta http-equiv="refresh" content="'.$delay.';URL='.$destination.'" />'."\n";
-
-else if (isset($required_fields))
+if (isset($required_fields))
 {
 	// Output JavaScript to validate form (make sure required fields are filled out)
 
diff -urN punbb-1.2.3/upload/help.php punbb-1.2.8/upload/help.php
--- punbb-1.2.3/upload/help.php	Wed Jan 12 21:17:34 2005
+++ punbb-1.2.8/upload/help.php	Fri Mar 18 23:20:44 2005
@@ -86,7 +86,7 @@
 		&nbsp;&nbsp;&nbsp;&nbsp;[quote]<?php echo $lang_help['Quote text'] ?>[/quote]<br /><br />
 		<?php echo $lang_help['produces quote box'] ?><br /><br />
 		<div class="postmsg">
-			<blockquote><div class="incqbox"></h4><p><?php echo $lang_help['Quote text'] ?></p></div></blockquote>
+			<blockquote><div class="incqbox"><p><?php echo $lang_help['Quote text'] ?></p></div></blockquote>
 		</div>
 	</div>
 </div>
diff -urN punbb-1.2.3/upload/include/cache.php punbb-1.2.8/upload/include/cache.php
--- punbb-1.2.3/upload/include/cache.php	Sun Jan 30 18:40:38 2005
+++ punbb-1.2.8/upload/include/cache.php	Thu Jul  7 19:00:08 2005
@@ -129,7 +129,7 @@
 	global $db;
 
 	// Get the rank list from the DB
-	$result = $db->query('SELECT * FROM '.$db->prefix.'ranks', true) or error('Unable to fetch rank list', __FILE__, __LINE__, $db->error());
+	$result = $db->query('SELECT * FROM '.$db->prefix.'ranks ORDER BY min_posts', true) or error('Unable to fetch rank list', __FILE__, __LINE__, $db->error());
 
 	$output = array();
 	while ($cur_rank = $db->fetch_assoc($result))
@@ -174,7 +174,7 @@
 		if (!$fh)
 			error('Unable to write quickjump cache file to cache directory. Please make sure PHP has write access to the directory \'cache\'', __FILE__, __LINE__);
 
-		$output = '<?php'."\n\n".'define(\'PUN_QJ_LOADED\', 1);'."\n\n".'?>';
+		$output = '<?php'."\n\n".'if (!defined(\'PUN\')) exit;'."\n".'define(\'PUN_QJ_LOADED\', 1);'."\n\n".'?>';
 		$output .= "\t\t\t\t".'<form id="qjump" method="get" action="viewforum.php">'."\n\t\t\t\t\t".'<div><label><?php echo $lang_common[\'Jump to\'] ?>'."\n\n\t\t\t\t\t".'<br /><select name="id" onchange="window.location=(\'viewforum.php?id=\'+this.options[this.selectedIndex].value)">'."\n";
 
 
diff -urN punbb-1.2.3/upload/include/common.php punbb-1.2.8/upload/include/common.php
--- punbb-1.2.3/upload/include/common.php	Tue Jan 11 20:41:14 2005
+++ punbb-1.2.8/upload/include/common.php	Thu Jul  7 19:38:16 2005
@@ -43,8 +43,8 @@
 list($usec, $sec) = explode(' ', microtime());
 $pun_start = ((float)$usec + (float)$sec);
 
-// Enable full error, warning and notice reporting
-error_reporting(E_ALL);
+// Make sure PHP reports all errors except E_NOTICE. PunBB supports E_ALL, but a lot of scripts it may interact with, do not.
+error_reporting(E_ALL ^ E_NOTICE);
 
 // Turn off magic_quotes_runtime
 set_magic_quotes_runtime(0);
@@ -117,7 +117,7 @@
 // Attempt to load the common language file
 @include PUN_ROOT.'lang/'.$pun_user['language'].'/common.php';
 if (!isset($lang_common))
-	exit('There is no valid language pack \''.$pun_user['language'].'\' installed. Please reinstall a language of that name.');
+	exit('There is no valid language pack \''.pun_htmlspecialchars($pun_user['language']).'\' installed. Please reinstall a language of that name.');
 
 // Check if we are to display a maintenance message
 if ($pun_config['o_maintenance'] && $pun_user['g_id'] > PUN_ADMIN && !defined('PUN_TURN_OFF_MAINT'))
diff -urN punbb-1.2.3/upload/include/dblayer/common_db.php punbb-1.2.8/upload/include/dblayer/common_db.php
--- punbb-1.2.3/upload/include/dblayer/common_db.php	Tue Jan 11 20:41:14 2005
+++ punbb-1.2.8/upload/include/dblayer/common_db.php	Fri Mar 18 23:07:48 2005
@@ -23,6 +23,11 @@
 ************************************************************************/
 
 
+// Make sure no one attempts to run this script "directly"
+if (!defined('PUN'))
+	exit;
+
+
 //
 // Return current timestamp (with microseconds) as a float (used in dblayer)
 //
diff -urN punbb-1.2.3/upload/include/email.php punbb-1.2.8/upload/include/email.php
--- punbb-1.2.3/upload/include/email.php	Fri Mar 11 19:15:58 2005
+++ punbb-1.2.8/upload/include/email.php	Thu Sep 22 00:35:04 2005
@@ -33,7 +33,10 @@
 //
 function is_valid_email($email)
 {
-	return preg_match('#^.{1,}@.{2,}\..{2,}$#', $email);
+	if (strlen($email) > 50)
+		return false;
+
+	return preg_match('/^(([^<>()[\]\\.,;:\s@"\']+(\.[^<>()[\]\\.,;:\s@"\']+)*)|("[^"\']+"))@((\[\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\])|(([a-zA-Z\d\-]+\.)+[a-zA-Z]{2,}))$/', $email);
 }
 
 
@@ -65,22 +68,14 @@
 
 	// Default sender/return address
 	if (!$from)
-		$from = '"'.$pun_config['o_board_title'].' '.$lang_common['Mailer'].'" <'.$pun_config['o_webmaster_email'].'>';
+		$from = '"'.str_replace('"', '', $pun_config['o_board_title'].' '.$lang_common['Mailer']).'" <'.$pun_config['o_webmaster_email'].'>';
 
 	// Do a little spring cleaning
 	$to = trim(preg_replace('#[\n\r]+#s', '', $to));
 	$subject = trim(preg_replace('#[\n\r]+#s', '', $subject));
 	$from = trim(preg_replace('#[\n\r:]+#s', '', $from));
 
-	// Detect what linebreak we should use for the headers
-	if (strtoupper(substr(PHP_OS, 0, 3) == 'WIN'))
-		$eol = "\r\n";
-	else if (strtoupper(substr(PHP_OS, 0, 3) == 'MAC'))
-		$eol = "\r";
-	else
-		$eol = "\n";
-
-	$headers = 'From: '.$from.$eol.'Date: '.date('r').$eol.'MIME-Version: 1.0'.$eol.'Content-transfer-encoding: 8bit'.$eol.'Content-type: text/plain; charset='.$lang_common['lang_encoding'].$eol.'X-Mailer: PunBB Mailer';
+	$headers = 'From: '.$from."\r\n".'Date: '.date('r')."\r\n".'MIME-Version: 1.0'."\r\n".'Content-transfer-encoding: 8bit'."\r\n".'Content-type: text/plain; charset='.$lang_common['lang_encoding']."\r\n".'X-Mailer: PunBB Mailer';
 
 	// Make sure all linebreaks are CRLF in message
 	$message = str_replace("\n", "\r\n", pun_linebreaks($message));
@@ -88,7 +83,15 @@
 	if ($pun_config['o_smtp_host'] != '')
 		smtp_mail($to, $subject, $message, $headers);
 	else
+	{
+		// Change the linebreaks used in the headers according to OS
+		if (strtoupper(substr(PHP_OS, 0, 3)) == 'MAC')
+			$headers = str_replace("\r\n", "\r", $headers);
+		else if (strtoupper(substr(PHP_OS, 0, 3)) != 'WIN')
+			$headers = str_replace("\r\n", "\n", $headers);
+
 		mail($to, $subject, $message, $headers);
+	}
 }
 
 
diff -urN punbb-1.2.3/upload/include/functions.php punbb-1.2.8/upload/include/functions.php
--- punbb-1.2.3/upload/include/functions.php	Fri Mar 11 18:57:06 2005
+++ punbb-1.2.8/upload/include/functions.php	Thu Sep 22 00:35:32 2005
@@ -168,7 +168,10 @@
 		}
 
 		if ($cur_ban['username'] != '' && !strcasecmp($pun_user['username'], $cur_ban['username']))
+		{
+			$db->query('DELETE FROM '.$db->prefix.'online WHERE ident=\''.$db->escape($pun_user['username']).'\'') or error('Unable to delete from online list', __FILE__, __LINE__, $db->error());
 			message($lang_common['Ban message'].' '.(($cur_ban['expire'] != '') ? $lang_common['Ban message 2'].' '.strtolower(format_time($cur_ban['expire'], true)).'. ' : '').(($cur_ban['message'] != '') ? $lang_common['Ban message 3'].'<br /><br /><strong>'.pun_htmlspecialchars($cur_ban['message']).'</strong><br /><br />' : '<br /><br />').$lang_common['Ban message 4'].' <a href="mailto:'.$pun_config['o_admin_email'].'">'.$pun_config['o_admin_email'].'</a>.', true);
+		}
 
 		if ($cur_ban['ip'] != '')
 		{
@@ -179,7 +182,10 @@
 				$cur_ban_ips[$i] = $cur_ban_ips[$i].'.';
 
 				if (substr($user_ip, 0, strlen($cur_ban_ips[$i])) == $cur_ban_ips[$i])
+				{
+					$db->query('DELETE FROM '.$db->prefix.'online WHERE ident=\''.$db->escape($pun_user['username']).'\'') or error('Unable to delete from online list', __FILE__, __LINE__, $db->error());
 					message($lang_common['Ban message'].' '.(($cur_ban['expire'] != '') ? $lang_common['Ban message 2'].' '.strtolower(format_time($cur_ban['expire'], true)).'. ' : '').(($cur_ban['message'] != '') ? $lang_common['Ban message 3'].'<br /><br /><strong>'.pun_htmlspecialchars($cur_ban['message']).'</strong><br /><br />' : '<br /><br />').$lang_common['Ban message 4'].' <a href="mailto:'.$pun_config['o_admin_email'].'">'.$pun_config['o_admin_email'].'</a>.', true);
+				}
 			}
 		}
 	}
@@ -203,7 +209,7 @@
 	$now = time();
 
 	// Fetch all online list entries that are older than "o_timeout_online"
-	$result = $db->query('SELECT * FROM '.$db->prefix.'online WHERE logged<'.($now-$pun_config['o_timeout_online'])) or error('Unable to delete from online list', __FILE__, __LINE__, $db->error());
+	$result = $db->query('SELECT * FROM '.$db->prefix.'online WHERE logged<'.($now-$pun_config['o_timeout_online'])) or error('Unable to fetch old entries from online list', __FILE__, __LINE__, $db->error());
 	while ($cur_user = $db->fetch_assoc($result))
 	{
 		// If the entry is a guest, delete it
@@ -739,7 +745,7 @@
 
 	if (strpos($lang_common['lang_encoding'], '8859') !== false)
 	{
-		$fishy_chars = array(chr(0x81), chr(0x8D), chr(0x8F), chr(0x90), chr(0x9D), chr(0xA0), chr(0xCA));
+		$fishy_chars = array(chr(0x81), chr(0x8D), chr(0x8F), chr(0x90), chr(0x9D), chr(0xA0));
 		return trim(str_replace($fishy_chars, ' ', $str));
 	}
 	else
@@ -803,12 +809,15 @@
 
 
 	// START SUBST - <pun_include "*">
-	while (preg_match('<pun_include "(.*?)">', $tpl_maint, $cur_include))
+	while (preg_match('#<pun_include "([^/\\\\]*?)">#', $tpl_maint, $cur_include))
 	{
+		if (!file_exists(PUN_ROOT.'include/user/'.$cur_include[1]))
+			error('Unable to process user include &lt;pun_include "'.htmlspecialchars($cur_include[1]).'"&gt; from template maintenance.tpl. There is no such file in folder /include/user/');
+
 		ob_start();
-		include PUN_ROOT.$cur_include[1];
+		include PUN_ROOT.'include/user/'.$cur_include[1];
 		$tpl_temp = ob_get_contents();
-		$tpl_maint = str_replace('<'.$cur_include[0].'>', $tpl_temp, $tpl_maint);
+		$tpl_maint = str_replace($cur_include[0], $tpl_temp, $tpl_maint);
 	    ob_end_clean();
 	}
 	// END SUBST - <pun_include "*">
@@ -854,7 +863,7 @@
 	ob_start();
 
 ?>
-<meta http-equiv="refresh" content="<?php echo $pun_config['o_redirect_delay'] ?>;URL=<?php echo $destination_url ?>" />
+<meta http-equiv="refresh" content="<?php echo $pun_config['o_redirect_delay'] ?>;URL=<?php echo str_replace(array('<', '>', '"'), array('&lt;', '&gt;', '&quot;'), $destination_url) ?>" />
 <title><?php echo pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_common['Redirecting'] ?></title>
 <link rel="stylesheet" type="text/css" href="style/<?php echo $pun_user['style'].'.css' ?>" />
 <?php
@@ -893,12 +902,15 @@
 
 
 	// START SUBST - <pun_include "*">
-	while (preg_match('<pun_include "(.*?)">', $tpl_redir, $cur_include))
+	while (preg_match('#<pun_include "([^/\\\\]*?)">#', $tpl_redir, $cur_include))
 	{
+		if (!file_exists(PUN_ROOT.'include/user/'.$cur_include[1]))
+			error('Unable to process user include &lt;pun_include "'.htmlspecialchars($cur_include[1]).'"&gt; from template redirect.tpl. There is no such file in folder /include/user/');
+
 		ob_start();
-		include PUN_ROOT.$cur_include[1];
+		include PUN_ROOT.'include/user/'.$cur_include[1];
 		$tpl_temp = ob_get_contents();
-		$tpl_redir = str_replace('<'.$cur_include[0].'>', $tpl_temp, $tpl_redir);
+		$tpl_redir = str_replace($cur_include[0], $tpl_temp, $tpl_redir);
 	    ob_end_clean();
 	}
 	// END SUBST - <pun_include "*">
diff -urN punbb-1.2.3/upload/include/parser.php punbb-1.2.8/upload/include/parser.php
--- punbb-1.2.3/upload/include/parser.php	Sun Jan 30 14:52:38 2005
+++ punbb-1.2.8/upload/include/parser.php	Fri Sep  2 16:01:04 2005
@@ -45,29 +45,29 @@
 	$b = array('[b]', '[i]', '[u]', '[/b]', '[/i]', '[/u]');
 	$text = str_replace($a, $b, $text);
 
-	// Do the more complex BBCodes (and strip excessive whitespace)
-	$a = array( '#\[url=(.*?)\]\s*#i',
+	// Do the more complex BBCodes (also strip excessive whitespace and useless quotes)
+	$a = array( '#\[url=("|\'|)(.*?)\\1\]\s*#i',
 				'#\[url\]\s*#i',
 				'#\s*\[/url\]#i',
-				'#\[email=(.*?)\]\s*#i',
+				'#\[email=("|\'|)(.*?)\\1\]\s*#i',
 				'#\[email\]\s*#i',
 				'#\s*\[/email\]#i',
 				'#\[img\]\s*(.*?)\s*\[/img\]#is',
-				'#\[colou?r=(.*?)\](.*?)\[/colou?r\]#is');
+				'#\[colou?r=("|\'|)(.*?)\\1\](.*?)\[/colou?r\]#is');
 
-	$b = array(	'[url=$1]',
+	$b = array(	'[url=$2]',
 				'[url]',
 				'[/url]',
-				'[email=$1]',
+				'[email=$2]',
 				'[email]',
 				'[/email]',
 				'[img]$1[/img]',
-				'[color=$1]$2[/color]');
+				'[color=$2]$3[/color]');
 
 	if (!$is_signature)
 	{
 		// For non-signatures, we have to do the quote and code tags as well
-		$a[] = '#\[quote=(&quot;|"|\'|)(.*)\\1\]\s*#i';
+		$a[] = '#\[quote=(&quot;|"|\'|)(.*?)\\1\]\s*#i';
 		$a[] = '#\[quote\]\s*#i';
 		$a[] = '#\s*\[/quote\]\s*#i';
 		$a[] = '#\[code\][\r\n]*(.*?)\s*\[/code\]\s*#is';
@@ -182,8 +182,13 @@
 		// We found a [code]
 		else if ($c_start < min($c_end, $q_start, $q_end))
 		{
+			// Make sure there's a [/code] and that any new [code] doesn't occur before the end tag
 			$tmp = strpos($text, '[/code]');
-			if ($tmp === false)
+			$tmp2 = strpos(substr($text, $c_start+6), '[code]');
+			if ($tmp2 !== false)
+				$tmp2 += $c_start+6;
+
+			if ($tmp === false || ($tmp2 !== false && $tmp2 < $tmp))
 			{
 				$error = $lang_common['BBCode error'].' '.$lang_common['BBCode error 2'];
 				return;
@@ -259,7 +264,7 @@
 {
 	global $pun_user;
 
-	$full_url = str_replace(' ', '%20', $url);
+	$full_url = str_replace(array(' ', '\'', '`'), array('%20', '', ''), $url);
 	if (strpos($url, 'www.') === 0)			// If it starts with www, we add http://
 		$full_url = 'http://'.$full_url;
 	else if (strpos($url, 'ftp.') === 0)	// Else if it starts with ftp, we add ftp://
@@ -299,13 +304,20 @@
 {
 	global $lang_common, $pun_user;
 
+	if (strpos($text, 'quote') !== false)
+	{
+		$text = str_replace('[quote]', '</p><blockquote><div class="incqbox"><p>', $text);
+		$text = preg_replace('#\[quote=(&quot;|"|\'|)(.*)\\1\]#seU', '"</p><blockquote><div class=\"incqbox\"><h4>".str_replace(array(\'[\', \'\\"\'), array(\'&#91;\', \'"\'), \'$2\')." ".$lang_common[\'wrote\'].":</h4><p>"', $text);
+		$text = preg_replace('#\[\/quote\]\s*#', '</p></div></blockquote><p>', $text);
+	}
+
 	$pattern = array('#\[b\](.*?)\[/b\]#s',
 					 '#\[i\](.*?)\[/i\]#s',
 					 '#\[u\](.*?)\[/u\]#s',
-					 '#\[url\](.*?)\[/url\]#e',
-					 '#\[url=(.*?)\](.*?)\[/url\]#e',
-					 '#\[email\](.*?)\[/email\]#',
-					 '#\[email=(.*?)\](.*?)\[/email\]#',
+					 '#\[url\]([^\[]*?)\[/url\]#e',
+					 '#\[url=([^\[]*?)\](.*?)\[/url\]#e',
+					 '#\[email\]([^\[]*?)\[/email\]#',
+					 '#\[email=([^\[]*?)\](.*?)\[/email\]#',
 					 '#\[color=([a-zA-Z]*|\#?[0-9a-fA-F]{6})](.*?)\[/color\]#s');
 
 	$replace = array('<strong>$1</strong>',
@@ -319,13 +331,6 @@
 
 	// This thing takes a while! :)
 	$text = preg_replace($pattern, $replace, $text);
-
-	if (strpos($text, 'quote') !== false)
-	{
-		$text = str_replace('[quote]', '</p><blockquote><div class="incqbox"><p>', $text);
-		$text = preg_replace('#\[quote=(&quot;|"|\'|)(.*)\\1\]#seU', '"</p><blockquote><div class=\"incqbox\"><h4>".str_replace(\'[\', \'&#91;\', \'$2\')." ".$lang_common[\'wrote\'].":</h4><p>"', $text);
-		$text = preg_replace('#\[\/quote\]\s*#', '</p></div></blockquote><p>', $text);
-	}
 
 	return $text;
 }
diff -urN punbb-1.2.3/upload/include/search_idx.php punbb-1.2.8/upload/include/search_idx.php
--- punbb-1.2.3/upload/include/search_idx.php	Sun Jan 30 12:58:04 2005
+++ punbb-1.2.8/upload/include/search_idx.php	Thu Jul  7 22:11:26 2005
@@ -43,8 +43,8 @@
 
 	if (empty($noise_match))
 	{
-		$noise_match = 		array('quote', 'code', 'url', 'img', 'email', 'color', 'colour', '^', '$', '&', '(', ')', '<', '>', '`', '\'', '"', '|', ',', '@', '_', '?', '%', '~', '+', '[', ']', '{', '}', ':', '\\', '/', '=', '#', ';', '!', '*');
-		$noise_replace =	array('',      '',     '',    '',    '',      '',      '',       ' ', ' ', ' ', ' ', ' ', ' ', ' ', '',  '',   ' ', ' ', ' ', ' ', '',  ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', '' ,  ' ', ' ', ' ', ' ', ' ', ' ');
+		$noise_match = 		array('[quote', '[code', '[url', '[img', '[email', '[color', '[colour', 'quote]', 'code]', 'url]', 'img]', 'email]', 'color]', 'colour]', '^', '$', '&', '(', ')', '<', '>', '`', '\'', '"', '|', ',', '@', '_', '?', '%', '~', '+', '[', ']', '{', '}', ':', '\\', '/', '=', '#', ';', '!', '*');
+		$noise_replace =	array('',       '',      '',     '',     '',       '',       '',        '',       '',      '',     '',     '',       '',       '',        ' ', ' ', ' ', ' ', ' ', ' ', ' ', '',  '',   ' ', ' ', ' ', ' ', '',  ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', '' ,  ' ', ' ', ' ', ' ', ' ', ' ');
 
 		$stopwords = (array)@file(PUN_ROOT.'lang/'.$pun_user['language'].'/stopwords.txt');
 		$stopwords = array_map('trim', $stopwords);
diff -urN punbb-1.2.3/upload/install.php punbb-1.2.8/upload/install.php
--- punbb-1.2.3/upload/install.php	Fri Mar 11 18:55:20 2005
+++ punbb-1.2.8/upload/install.php	Thu Sep 22 00:42:32 2005
@@ -24,7 +24,7 @@
 
 
 // The PunBB version this script installs
-$punbb_version = '1.2.3';
+$punbb_version = '1.2.8';
 
 
 define('PUN_ROOT', './');
@@ -165,7 +165,7 @@
 				<fieldset>
 					<legend>Enter then name of your database</legend>
 					<div class="infldset">
-						<p>The name of the database that PunBB will be installed into. The database must exist. For SQLite, this is the relative path to the database file. If it doesn't exists, PunBB will attempt to create it.</p>
+						<p>The name of the database that PunBB will be installed into. The database must exist. For SQLite, this is the relative path to the database file. If the SQLite database file does not exist, PunBB will attempt to create it.</p>
 						<label for="req_db_name"><strong>Database name</strong><br /><input id="req_db_name" type="text" name="req_db_name" size="30" maxlength="50" /><br /></label>
 					</div>
 				</fieldset>
@@ -324,7 +324,7 @@
 	if (preg_match('#\[b\]|\[/b\]|\[u\]|\[/u\]|\[i\]|\[/i\]|\[color|\[/color\]|\[quote\]|\[/quote\]|\[code\]|\[/code\]|\[img\]|\[/img\]|\[url|\[/url\]|\[email|\[/email\]#i', $username))
 		error('Usernames may not contain any of the text formatting tags (BBCode) that the forum uses. Please go back and correct.');
 
-	if (!preg_match('/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$/', $email))
+	if (strlen($email) > 50 || !preg_match('/^(([^<>()[\]\\.,;:\s@"\']+(\.[^<>()[\]\\.,;:\s@"\']+)*)|("[^"\']+"))@((\[\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\])|(([a-zA-Z\d\-]+\.)+[a-zA-Z]{2,}))$/', $email))
 		error('The administrator e-mail address you entered is invalid. Please go back and correct.');
 
 
@@ -346,6 +346,9 @@
 		case 'sqlite':
 			require PUN_ROOT.'include/dblayer/sqlite.php';
 			break;
+
+		default:
+			error('\''.$db_type.'\' is not a valid database type.');
 	}
 
 	// Create the database object (and connect/select db)
@@ -525,7 +528,7 @@
 			break;
 	}
 
-	$db->query($sql) or error('Unable to create table '.$db_prefix.'online. Please check your settings and try again.',  __FILE__, __LINE__, $db->error());
+	$db->query($sql) or error('Unable to create table '.$db_prefix.'config. Please check your settings and try again.',  __FILE__, __LINE__, $db->error());
 
 
 
@@ -1420,7 +1423,7 @@
 		<div class="fakeform">
 			<div class="inform">
 				<div class="forminfo">
-					<p>To finalize the installation all you need to do is to <strong>copy and paste the text in the text box below into a file called config.php and then upload this file to the root directory of your PunBB installation</strong>. Make sure there are no linebreaks or spaces before &lt;?php and after ?&gt; in the file. You can later edit config.php if you reconfigure your setup (e.g. change the database password or ).</p>
+					<p>To finalize the installation all you need to do is to <strong>copy and paste the text in the text box below into a file called config.php and then upload this file to the root directory of your PunBB installation</strong>. Make sure there are no linebreaks or spaces before &lt;?php. You can later edit config.php if you reconfigure your setup (e.g. change the database password or ).</p>
 <?php if ($alerts != ''): ?>					<?php echo $alerts."\n" ?>
 <?php endif; ?>				</div>
 				<fieldset>
diff -urN punbb-1.2.3/upload/login.php punbb-1.2.8/upload/login.php
--- punbb-1.2.3/upload/login.php	Mon Feb 21 23:33:52 2005
+++ punbb-1.2.8/upload/login.php	Thu Sep 22 00:36:08 2005
@@ -40,7 +40,9 @@
 	$form_username = trim($_POST['req_username']);
 	$form_password = trim($_POST['req_password']);
 
-	$result = $db->query('SELECT id, group_id, password, save_pass FROM '.$db->prefix.'users WHERE username=\''.$db->escape($form_username).'\'') or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
+	$username_sql = ($db_type == 'mysql' || $db_type == 'mysqli') ? 'username=\''.$db->escape($form_username).'\'' : 'LOWER(username)=LOWER(\''.$db->escape($form_username).'\')';
+
+	$result = $db->query('SELECT id, group_id, password, save_pass FROM '.$db->prefix.'users WHERE '.$username_sql) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
 	list($user_id, $group_id, $db_password_hash, $save_pass) = $db->fetch_row($result);
 
 	$authorized = false;
@@ -151,7 +153,7 @@
 			message($lang_login['Forget mail'].' <a href="mailto:'.$pun_config['o_admin_email'].'">'.$pun_config['o_admin_email'].'</a>.');
 		}
 		else
-			message($lang_login['No e-mail match'].' '.$email.'.');
+			message($lang_login['No e-mail match'].' '.htmlspecialchars($email).'.');
 	}
 
 
@@ -189,7 +191,7 @@
 	header('Location: index.php');
 
 // Try to determine if the data in HTTP_REFERER is valid (if not, we redirect to index.php after login)
-$redirect_url = (isset($_SERVER['HTTP_REFERER']) && preg_match('#^'.preg_quote($pun_config['o_base_url']).'/(.*?)\.php#i', $_SERVER['HTTP_REFERER'])) ? $_SERVER['HTTP_REFERER'] : 'index.php';
+$redirect_url = (isset($_SERVER['HTTP_REFERER']) && preg_match('#^'.preg_quote($pun_config['o_base_url']).'/(.*?)\.php#i', $_SERVER['HTTP_REFERER'])) ? htmlspecialchars($_SERVER['HTTP_REFERER']) : 'index.php';
 
 $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_common['Login'];
 $required_fields = array('req_username' => $lang_common['Username'], 'req_password' => $lang_common['Password']);
diff -urN punbb-1.2.3/upload/misc.php punbb-1.2.8/upload/misc.php
--- punbb-1.2.3/upload/misc.php	Mon Feb 28 02:02:16 2005
+++ punbb-1.2.8/upload/misc.php	Sun Jul  3 13:54:30 2005
@@ -76,7 +76,7 @@
 		message($lang_common['No permission']);
 
 	$recipient_id = intval($_GET['email']);
-	if ($recipient_id < 1)
+	if ($recipient_id < 2)
 		message($lang_common['Bad request']);
 
 	$result = $db->query('SELECT username, email, email_setting FROM '.$db->prefix.'users WHERE id='.$recipient_id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
@@ -118,7 +118,7 @@
 
 		require_once PUN_ROOT.'include/email.php';
 
-		pun_mail($recipient_email, $mail_subject, $mail_message, $pun_user['username'].' <'.$pun_user['email'].'>');
+		pun_mail($recipient_email, $mail_subject, $mail_message, '"'.str_replace('"', '', $pun_user['username']).'" <'.$pun_user['email'].'>');
 
 		redirect($_POST['redirect_url'], $lang_misc['E-mail sent redirect']);
 	}
diff -urN punbb-1.2.3/upload/moderate.php punbb-1.2.8/upload/moderate.php
--- punbb-1.2.3/upload/moderate.php	Thu Feb 24 22:16:34 2005
+++ punbb-1.2.8/upload/moderate.php	Thu May  5 01:13:32 2005
@@ -50,7 +50,7 @@
 		$ip = $db->result($result);
 	}
 
-	message('The IP address is: '.$ip.'<br />The host name is: '.gethostbyaddr($ip).'<br /><br /><a href="admin_users.php?show_users='.$ip.'">Show more users for this IP</a>');
+	message('The IP address is: '.$ip.'<br />The host name is: '.@gethostbyaddr($ip).'<br /><br /><a href="admin_users.php?show_users='.$ip.'">Show more users for this IP</a>');
 }
 
 
@@ -285,7 +285,7 @@
 			message($lang_common['Bad request']);
 
 		$topics = explode(',', $_POST['topics']);
-		$move_to_forum = intval($_POST['move_to_forum']);
+		$move_to_forum = isset($_POST['move_to_forum']) ? intval($_POST['move_to_forum']) : 0;
 		if (empty($topics) || $move_to_forum < 1)
 			message($lang_common['Bad request']);
 
@@ -351,7 +351,7 @@
 						<br /><select name="move_to_forum">
 <?php
 
-	$result = $db->query('SELECT c.id AS cid, c.cat_name, f.id AS fid, f.forum_name FROM '.$db->prefix.'categories AS c INNER JOIN '.$db->prefix.'forums AS f ON c.id=f.cat_id WHERE f.redirect_url IS NULL ORDER BY c.disp_position, c.id, f.disp_position') or error('Unable to fetch category/forum list', __FILE__, __LINE__, $db->error());
+	$result = $db->query('SELECT c.id AS cid, c.cat_name, f.id AS fid, f.forum_name FROM '.$db->prefix.'categories AS c INNER JOIN '.$db->prefix.'forums AS f ON c.id=f.cat_id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND f.redirect_url IS NULL ORDER BY c.disp_position, c.id, f.disp_position', true) or error('Unable to fetch category/forum list', __FILE__, __LINE__, $db->error());
 
 	$cur_category = 0;
 	while ($cur_forum = $db->fetch_assoc($result))
@@ -472,7 +472,7 @@
 		if (empty($topics))
 			message($lang_misc['No topics selected']);
 
-		$db->query('UPDATE '.$db->prefix.'topics SET closed='.$action.' WHERE id IN('.implode(',', array_keys($topics)).')') or error('Unable to close topics', __FILE__, __LINE__, $db->error());
+		$db->query('UPDATE '.$db->prefix.'topics SET closed='.$action.' WHERE id IN('.implode(',', $topics).')') or error('Unable to close topics', __FILE__, __LINE__, $db->error());
 
 		$redirect_msg = ($action) ? $lang_misc['Close topics redirect'] : $lang_misc['Open topics redirect'];
 		redirect('moderate.php?fid='.$fid, $redirect_msg);
diff -urN punbb-1.2.3/upload/post.php punbb-1.2.8/upload/post.php
--- punbb-1.2.3/upload/post.php	Mon Feb 28 02:02:16 2005
+++ punbb-1.2.8/upload/post.php	Fri Sep  2 16:05:30 2005
@@ -33,7 +33,7 @@
 
 $tid = isset($_GET['tid']) ? intval($_GET['tid']) : 0;
 $fid = isset($_GET['fid']) ? intval($_GET['fid']) : 0;
-if ($tid < 1 && $fid < 1)
+if ($tid < 1 && $fid < 1 || $tid > 0 && $fid > 0)
 	message($lang_common['Bad request']);
 
 // Fetch some info about the topic and/or the forum
@@ -440,7 +440,7 @@
 else if (isset($_POST['preview']))
 {
 	require_once PUN_ROOT.'include/parser.php';
-	$message = parse_message($message, $hide_smilies);
+	$preview_message = parse_message($message, $hide_smilies);
 
 ?>
 <div id="postpreview" class="blockpost">
@@ -449,7 +449,7 @@
 		<div class="inbox">
 			<div class="postright">
 				<div class="postmsg">
-					<?php echo $message."\n" ?>
+					<?php echo $preview_message."\n" ?>
 				</div>
 			</div>
 		</div>
@@ -491,7 +491,7 @@
 if ($fid): ?>
 						<label><strong><?php echo $lang_common['Subject'] ?></strong><br /><input class="longinput" type="text" name="req_subject" value="<?php if (isset($_POST['req_subject'])) echo pun_htmlspecialchars($subject); ?>" size="80" maxlength="70" tabindex="<?php echo $cur_index++ ?>" /><br /></label>
 <?php endif; ?>						<label><strong><?php echo $lang_common['Message'] ?></strong><br />
-						<textarea name="req_message" rows="20" cols="95" tabindex="<?php echo $cur_index++ ?>"><?php echo isset($_POST['req_message']) ? pun_htmlspecialchars(trim($_POST['req_message'])) : (isset($quote) ? $quote : ''); ?></textarea><br /></label>
+						<textarea name="req_message" rows="20" cols="95" tabindex="<?php echo $cur_index++ ?>"><?php echo isset($_POST['req_message']) ? pun_htmlspecialchars($message) : (isset($quote) ? $quote : ''); ?></textarea><br /></label>
 						<ul class="bblinks">
 							<li><a href="help.php#bbcode" onclick="window.open(this.href); return false;"><?php echo $lang_common['BBCode'] ?></a>: <?php echo ($pun_config['p_message_bbcode'] == '1') ? $lang_common['on'] : $lang_common['off']; ?></li>
 							<li><a href="help.php#img" onclick="window.open(this.href); return false;"><?php echo $lang_common['img tag'] ?></a>: <?php echo ($pun_config['p_message_img_tag'] == '1') ? $lang_common['on'] : $lang_common['off']; ?></li>
diff -urN punbb-1.2.3/upload/profile.php punbb-1.2.8/upload/profile.php
--- punbb-1.2.3/upload/profile.php	Thu Feb 24 22:16:34 2005
+++ punbb-1.2.8/upload/profile.php	Thu Sep 22 07:50:40 2005
@@ -59,7 +59,7 @@
 		$result = $db->query('SELECT activate_string, activate_key FROM '.$db->prefix.'users WHERE id='.$id) or error('Unable to fetch new password', __FILE__, __LINE__, $db->error());
 		list($new_password_hash, $new_password_key) = $db->fetch_row($result);
 
-		if ($key != $new_password_key)
+		if ($key == '' || $key != $new_password_key)
 			message($lang_profile['Pass key bad'].' <a href="mailto:'.$pun_config['o_admin_email'].'">'.$pun_config['o_admin_email'].'</a>.');
 		else
 		{
@@ -194,7 +194,7 @@
 			message($lang_profile['E-mail key bad'].' <a href="mailto:'.$pun_config['o_admin_email'].'">'.$pun_config['o_admin_email'].'</a>.');
 		else
 		{
-			$db->query('UPDATE '.$db->prefix.'users SET email=\''.$new_email.'\', activate_string=NULL, activate_key=NULL WHERE id='.$id) or error('Unable to update e-mail address', __FILE__, __LINE__, $db->error());
+			$db->query('UPDATE '.$db->prefix.'users SET email=activate_string, activate_string=NULL, activate_key=NULL WHERE id='.$id) or error('Unable to update e-mail address', __FILE__, __LINE__, $db->error());
 
 			message($lang_profile['E-mail updated'], true);
 		}
@@ -303,6 +303,9 @@
 
 	if (isset($_POST['form_sent']))
 	{
+		if (!isset($_FILES['req_file']))
+			message($lang_profile['No file']);
+			
 		$uploaded_file = $_FILES['req_file'];
 
 		// Make sure the upload went smooth
@@ -360,7 +363,7 @@
 
 			// Now check the width/height
 			list($width, $height, ,) = getimagesize($pun_config['o_avatars_dir'].'/'.$id.'.tmp');
-			if ($width > $pun_config['o_avatars_width'] || $height > $pun_config['o_avatars_height'])
+			if (empty($width) || empty($height) || $width > $pun_config['o_avatars_width'] || $height > $pun_config['o_avatars_height'])
 			{
 				@unlink($pun_config['o_avatars_dir'].'/'.$id.'.tmp');
 				message($lang_profile['Too wide or high'].' '.$pun_config['o_avatars_width'].'x'.$pun_config['o_avatars_height'].' '.$lang_profile['pixels'].'.');
@@ -527,6 +530,9 @@
 	$result = $db->query('SELECT group_id, username FROM '.$db->prefix.'users WHERE id='.$id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
 	list($group_id, $username) = $db->fetch_row($result);
 
+	if ($group_id == PUN_ADMIN)
+		message('Administrators cannot be deleted. In order to delete this user, you must first move him/her to a different user group.');
+
 	if (isset($_POST['delete_user_comply']))
 	{
 		// If the user is a moderator or an administrator, we remove him/her from the moderator list in all forums as well
@@ -704,6 +710,14 @@
 					message($lang_common['Invalid e-mail']);
 			}
 
+			// Make sure we got a valid language string
+			if (isset($form['language']))
+			{
+				$form['language'] = preg_replace('#[\.\\\/]#', '', $form['language']);
+				if (!file_exists(PUN_ROOT.'lang/'.$form['language'].'/common.php'))
+						message($lang_common['Bad request']);
+			}
+
 			break;
 		}
 
@@ -795,7 +809,7 @@
 		{
 			$form = extract_elements(array('email_setting', 'save_pass', 'notify_with_post'));
 
-			$form['email_setting'] == intval($form['email_setting']);
+			$form['email_setting'] = intval($form['email_setting']);
 			if ($form['email_setting'] < 0 && $form['email_setting'] > 2) $form['email_setting'] = 1;
 
 			if (!isset($form['save_pass']) || $form['save_pass'] != '1') $form['save_pass'] = '0';
@@ -817,6 +831,7 @@
 
 
 	// Singlequotes around non-empty values and NULL for empty values
+	$temp = array();
 	while (list($key, $input) = @each($form))
 	{
 		$value = ($input !== '') ? '\''.$db->escape($input).'\'' : 'NULL';
@@ -824,6 +839,9 @@
 		$temp[] = $key.'='.$value;
 	}
 
+	if (empty($temp))
+		message($lang_common['Bad request']);
+
 
 	$db->query('UPDATE '.$db->prefix.'users SET '.implode(',', $temp).' WHERE id='.$id) or error('Unable to update profile', __FILE__, __LINE__, $db->error());
 
@@ -864,7 +882,7 @@
 }
 
 
-$result = $db->query('SELECT u.username, u.email, u.title, u.realname, u.url, u.jabber, u.icq, u.msn, u.aim, u.yahoo, u.location, u.use_avatar, u.signature, u.disp_topics, u.disp_posts, u.email_setting, u.save_pass, u.notify_with_post, u.show_smilies, u.show_img, u.show_img_sig, u.show_avatars, u.show_sig, u.timezone, u.style, u.num_posts, u.last_post, u.registered, u.registration_ip, u.admin_note, g.g_id, g.g_user_title FROM '.$db->prefix.'users AS u LEFT JOIN '.$db->prefix.'groups AS g ON g.g_id=u.group_id WHERE u.id='.$id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
+$result = $db->query('SELECT u.username, u.email, u.title, u.realname, u.url, u.jabber, u.icq, u.msn, u.aim, u.yahoo, u.location, u.use_avatar, u.signature, u.disp_topics, u.disp_posts, u.email_setting, u.save_pass, u.notify_with_post, u.show_smilies, u.show_img, u.show_img_sig, u.show_avatars, u.show_sig, u.timezone, u.language, u.style, u.num_posts, u.last_post, u.registered, u.registration_ip, u.admin_note, g.g_id, g.g_user_title FROM '.$db->prefix.'users AS u LEFT JOIN '.$db->prefix.'groups AS g ON g.g_id=u.group_id WHERE u.id='.$id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
 if (!$db->num_rows($result))
 	message($lang_common['Bad request']);
 
@@ -966,7 +984,7 @@
 					<div class="infldset">
 						<dl>
 							<dt><?php echo $lang_profile['Jabber'] ?>: </dt>
-							<dd><?php echo ($user['jabber'] !='') ? $user['jabber'] : $lang_profile['Unknown']; ?></dd>
+							<dd><?php echo ($user['jabber'] !='') ? pun_htmlspecialchars($user['jabber']) : $lang_profile['Unknown']; ?></dd>
 							<dt><?php echo $lang_profile['ICQ'] ?>: </dt>
 							<dd><?php echo ($user['icq'] !='') ? $user['icq'] : $lang_profile['Unknown']; ?></dd>
 							<dt><?php echo $lang_profile['MSN'] ?>: </dt>
@@ -1128,7 +1146,7 @@
 		$d = dir(PUN_ROOT.'lang');
 		while (($entry = $d->read()) !== false)
 		{
-			if ($entry != '.' && $entry != '..' && is_dir(PUN_ROOT.'lang/'.$entry))
+			if ($entry != '.' && $entry != '..' && is_dir(PUN_ROOT.'lang/'.$entry) && file_exists(PUN_ROOT.'lang/'.$entry.'/common.php'))
 				$languages[] = $entry;
 		}
 		$d->close();
@@ -1136,6 +1154,7 @@
 		// Only display the language selection box if there's more than one language available
 		if (count($languages) > 1)
 		{
+			natsort($languages);
 
 ?>
 							<label><?php echo $lang_prof_reg['Language'] ?>: <?php echo $lang_prof_reg['Language info'] ?>
@@ -1144,7 +1163,7 @@
 
 			while (list(, $temp) = @each($languages))
 			{
-				if ($pun_user['language'] == $temp)
+				if ($user['language'] == $temp)
 					echo "\t\t\t\t\t\t\t\t".'<option value="'.$temp.'" selected="selected">'.$temp.'</option>'."\n";
 				else
 					echo "\t\t\t\t\t\t\t\t".'<option value="'.$temp.'">'.$temp.'</option>'."\n";
@@ -1232,7 +1251,7 @@
 						<legend><?php echo $lang_profile['Contact details legend'] ?></legend>
 						<div class="infldset">
 							<input type="hidden" name="form_sent" value="1" />
-							<label><?php echo $lang_profile['Jabber'] ?><br /><input id="jabber" type="text" name="form[jabber]" value="<?php echo $user['jabber'] ?>" size="40" maxlength="75" /><br /></label>
+							<label><?php echo $lang_profile['Jabber'] ?><br /><input id="jabber" type="text" name="form[jabber]" value="<?php echo pun_htmlspecialchars($user['jabber']) ?>" size="40" maxlength="75" /><br /></label>
 							<label><?php echo $lang_profile['ICQ'] ?><br /><input id="icq" type="text" name="form[icq]" value="<?php echo $user['icq'] ?>" size="12" maxlength="12" /><br /></label>
 							<label><?php echo $lang_profile['MSN'] ?><br /><input id="msn" type="text" name="form[msn]" value="<?php echo pun_htmlspecialchars($user['msn']) ?>" size="40" maxlength="50" /><br /></label>
 							<label><?php echo $lang_profile['AOL IM'] ?><br /><input id="aim" type="text" name="form[aim]" value="<?php echo pun_htmlspecialchars($user['aim']) ?>" size="20" maxlength="30" /><br /></label>
@@ -1347,6 +1366,7 @@
 			echo "\t\t\t".'<div><input type="hidden" name="form[style]" value="'.$styles[0].'" /></div>'."\n";
 		else if (count($styles) > 1)
 		{
+			natsort($styles);
 
 ?>
 				<div class="inform">
@@ -1485,6 +1505,8 @@
 		}
 		else
 		{
+			if ($pun_user['id'] != $id)
+			{
 
 ?>
 						<legend><?php echo $lang_profile['Group membership legend'] ?></legend>
@@ -1492,15 +1514,15 @@
 							<select id="group_id" name="group_id">
 <?php
 
-			$result = $db->query('SELECT g_id, g_title FROM '.$db->prefix.'groups WHERE g_id!='.PUN_GUEST.' ORDER BY g_title') or error('Unable to fetch user group list', __FILE__, __LINE__, $db->error());
+				$result = $db->query('SELECT g_id, g_title FROM '.$db->prefix.'groups WHERE g_id!='.PUN_GUEST.' ORDER BY g_title') or error('Unable to fetch user group list', __FILE__, __LINE__, $db->error());
 
-			while ($cur_group = $db->fetch_assoc($result))
-			{
-				if ($cur_group['g_id'] == $user['g_id'] || ($cur_group['g_id'] == $pun_config['o_default_user_group'] && $user['g_id'] == ''))
-					echo "\t\t\t\t\t\t\t\t".'<option value="'.$cur_group['g_id'].'" selected="selected">'.pun_htmlspecialchars($cur_group['g_title']).'</option>'."\n";
-				else
-					echo "\t\t\t\t\t\t\t\t".'<option value="'.$cur_group['g_id'].'">'.pun_htmlspecialchars($cur_group['g_title']).'</option>'."\n";
-			}
+				while ($cur_group = $db->fetch_assoc($result))
+				{
+					if ($cur_group['g_id'] == $user['g_id'] || ($cur_group['g_id'] == $pun_config['o_default_user_group'] && $user['g_id'] == ''))
+						echo "\t\t\t\t\t\t\t\t".'<option value="'.$cur_group['g_id'].'" selected="selected">'.pun_htmlspecialchars($cur_group['g_title']).'</option>'."\n";
+					else
+						echo "\t\t\t\t\t\t\t\t".'<option value="'.$cur_group['g_id'].'">'.pun_htmlspecialchars($cur_group['g_title']).'</option>'."\n";
+				}
 
 ?>
 							</select>
@@ -1510,6 +1532,11 @@
 				</div>
 				<div class="inform">
 					<fieldset>
+<?php
+
+			}
+
+?>
 						<legend><?php echo $lang_profile['Delete ban legend'] ?></legend>
 						<div class="infldset">
 							<input type="submit" name="delete_user" value="<?php echo $lang_profile['Delete user'] ?>" />&nbsp;&nbsp;<input type="submit" name="ban" value="<?php echo $lang_profile['Ban user'] ?>" />
diff -urN punbb-1.2.3/upload/register.php punbb-1.2.8/upload/register.php
--- punbb-1.2.3/upload/register.php	Thu Feb 24 22:16:34 2005
+++ punbb-1.2.8/upload/register.php	Tue Aug 30 02:45:44 2005
@@ -125,7 +125,7 @@
 	}
 
 	// Check that the username (or a too similar username) is not already registered
-	$result = $db->query('SELECT username FROM '.$db->prefix.'users WHERE username=\''.$db->escape($username).'\' OR username=\''.$db->escape(preg_replace('/[^\w]/', '', $username)).'\'') or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
+	$result = $db->query('SELECT username FROM '.$db->prefix.'users WHERE UPPER(username)=UPPER(\''.$db->escape($username).'\') OR UPPER(username)=UPPER(\''.$db->escape(preg_replace('/[^\w]/', '', $username)).'\')') or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
 
 	if ($db->num_rows($result))
 	{
@@ -171,7 +171,7 @@
 	$save_pass = (!isset($_POST['save_pass']) || $_POST['save_pass'] != '1') ? '0' : '1';
 
 	$email_setting = intval($_POST['email_setting']);
-	if ($email_setting < 0 && $email_setting > 2) $email_setting = 1;
+	if ($email_setting < 0 || $email_setting > 2) $email_setting = 1;
 
 	// Insert the new user into the database. We do this now to get the last inserted id for later use.
 	$now = time();
@@ -337,7 +337,7 @@
 		$d = dir(PUN_ROOT.'lang');
 		while (($entry = $d->read()) !== false)
 		{
-			if ($entry != '.' && $entry != '..' && is_dir(PUN_ROOT.'lang/'.$entry))
+			if ($entry != '.' && $entry != '..' && is_dir(PUN_ROOT.'lang/'.$entry) && file_exists(PUN_ROOT.'lang/'.$entry.'/common.php'))
 				$languages[] = $entry;
 		}
 		$d->close();
diff -urN punbb-1.2.3/upload/search.php punbb-1.2.8/upload/search.php
--- punbb-1.2.3/upload/search.php	Tue Feb  1 16:16:46 2005
+++ punbb-1.2.8/upload/search.php	Thu Sep 22 00:36:42 2005
@@ -51,6 +51,7 @@
 	$action = (isset($_GET['action'])) ? $_GET['action'] : null;
 	$forum = (isset($_GET['forum'])) ? intval($_GET['forum']) : -1;
 	$sort_dir = (isset($_GET['sort_dir'])) ? (($_GET['sort_dir'] == 'DESC') ? 'DESC' : 'ASC') : 'DESC';
+	if (isset($search_id)) unset($search_id);
 
 	// If a search_id was supplied
 	if (isset($_GET['search_id']))
@@ -65,6 +66,12 @@
 		$keywords = (isset($_GET['keywords'])) ? strtolower(trim($_GET['keywords'])) : null;
 		$author = (isset($_GET['author'])) ? strtolower(trim($_GET['author'])) : null;
 
+		if (preg_match('#^[\*%]+$#', $keywords) || strlen(str_replace(array('*', '%'), '', $keywords)) < 3)
+			$keywords = '';
+
+		if (preg_match('#^[\*%]+$#', $author) || strlen(str_replace(array('*', '%'), '', $author)) < 3)
+			$author = '';
+
 		if (!$keywords && !$author)
 			message($lang_search['No terms']);
 
@@ -704,7 +711,7 @@
 if ($pun_config['o_search_all_forums'] == '1' || $pun_user['g_id'] < PUN_GUEST)
 	echo "\t\t\t\t\t\t\t".'<option value="-1">'.$lang_search['All forums'].'</option>'."\n";
 
-$result = $db->query('SELECT c.id AS cid, c.cat_name, f.id AS fid, f.forum_name, f.redirect_url FROM '.$db->prefix.'categories AS c INNER JOIN '.$db->prefix.'forums AS f ON c.id=f.cat_id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['group_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND f.redirect_url IS NULL ORDER BY c.disp_position, c.id, f.disp_position', true) or error('Unable to fetch category/forum list', __FILE__, __LINE__, $db->error());
+$result = $db->query('SELECT c.id AS cid, c.cat_name, f.id AS fid, f.forum_name, f.redirect_url FROM '.$db->prefix.'categories AS c INNER JOIN '.$db->prefix.'forums AS f ON c.id=f.cat_id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND f.redirect_url IS NULL ORDER BY c.disp_position, c.id, f.disp_position', true) or error('Unable to fetch category/forum list', __FILE__, __LINE__, $db->error());
 
 $cur_category = 0;
 while ($cur_forum = $db->fetch_assoc($result))
diff -urN punbb-1.2.3/upload/viewforum.php punbb-1.2.8/upload/viewforum.php
--- punbb-1.2.3/upload/viewforum.php	Tue Feb  1 16:16:46 2005
+++ punbb-1.2.8/upload/viewforum.php	Thu Sep 22 00:39:30 2005
@@ -242,7 +242,7 @@
 
 <div class="linksb">
 	<div class="inbox">
-		<p class="pagelink conl"><?php echo $lang_common['Pages'].': '.paginate($num_pages, $p, 'viewforum.php?id='.$id) ?></p>
+		<p class="pagelink conl"><?php echo $paging_links ?></p>
 <?php echo $post_link ?>
 		<ul><li><a href="index.php"><?php echo $lang_common['Index'] ?></a>&nbsp;</li><li>&raquo;&nbsp;<?php echo pun_htmlspecialchars($cur_forum['forum_name']) ?></li></ul>
 		<div class="clearer"></div>
diff -urN punbb-1.2.3/upload/viewtopic.php punbb-1.2.8/upload/viewtopic.php
--- punbb-1.2.3/upload/viewtopic.php	Tue Feb  1 16:16:46 2005
+++ punbb-1.2.8/upload/viewtopic.php	Sat Apr  9 02:35:34 2005
@@ -183,7 +183,7 @@
 $post_count = 0;	// Keep track of post numbers
 
 // Retrieve the posts (and their respective poster/online status)
-$result = $db->query('SELECT DISTINCT u.email, u.title, u.url, u.location, u.use_avatar, u.signature, u.email_setting, u.num_posts, u.registered, u.admin_note, p.id, p.poster AS username, p.poster_id, p.poster_ip, p.poster_email, p.message, p.hide_smilies, p.posted, p.edited, p.edited_by, g.g_id, g.g_user_title, o.user_id AS is_online FROM '.$db->prefix.'posts AS p INNER JOIN '.$db->prefix.'users AS u ON u.id=p.poster_id INNER JOIN '.$db->prefix.'groups AS g ON g.g_id=u.group_id LEFT JOIN '.$db->prefix.'online AS o ON (o.user_id=u.id AND o.idle=0) WHERE p.topic_id='.$id.' ORDER BY p.id LIMIT '.$start_from.','.$pun_user['disp_posts'], true) or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());
+$result = $db->query('SELECT u.email, u.title, u.url, u.location, u.use_avatar, u.signature, u.email_setting, u.num_posts, u.registered, u.admin_note, p.id, p.poster AS username, p.poster_id, p.poster_ip, p.poster_email, p.message, p.hide_smilies, p.posted, p.edited, p.edited_by, g.g_id, g.g_user_title, o.user_id AS is_online FROM '.$db->prefix.'posts AS p INNER JOIN '.$db->prefix.'users AS u ON u.id=p.poster_id INNER JOIN '.$db->prefix.'groups AS g ON g.g_id=u.group_id LEFT JOIN '.$db->prefix.'online AS o ON (o.user_id=u.id AND o.user_id!=1 AND o.idle=0) WHERE p.topic_id='.$id.' ORDER BY p.id LIMIT '.$start_from.','.$pun_user['disp_posts'], true) or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());
 while ($cur_post = $db->fetch_assoc($result))
 {
 	$post_count++;