diff -urN punbb-1.2.6/upload/admin_groups.php punbb-1.2.8/upload/admin_groups.php
--- punbb-1.2.6/upload/admin_groups.php	Thu Jul  7 19:31:54 2005
+++ punbb-1.2.8/upload/admin_groups.php	Fri Sep  2 16:04:40 2005
@@ -243,11 +243,11 @@
 	}
 	else
 	{
-		$result = $db->query('SELECT 1 FROM '.$db->prefix.'groups WHERE g_title=\''.$db->escape($title).'\' AND g_id!='.$_POST['group_id']) or error('Unable to check group title collision', __FILE__, __LINE__, $db->error());
+		$result = $db->query('SELECT 1 FROM '.$db->prefix.'groups WHERE g_title=\''.$db->escape($title).'\' AND g_id!='.intval($_POST['group_id'])) or error('Unable to check group title collision', __FILE__, __LINE__, $db->error());
 		if ($db->num_rows($result))
 			message('There is already a group with the title \''.pun_htmlspecialchars($title).'\'.');
 
-		$db->query('UPDATE '.$db->prefix.'groups SET g_title=\''.$db->escape($title).'\', g_user_title='.$user_title.', g_read_board='.$read_board.', g_post_replies='.$post_replies.', g_post_topics='.$post_topics.', g_edit_posts='.$edit_posts.', g_delete_posts='.$delete_posts.', g_delete_topics='.$delete_topics.', g_set_title='.$set_title.', g_search='.$search.', g_search_users='.$search_users.', g_edit_subjects_interval='.$edit_subjects_interval.', g_post_flood='.$post_flood.', g_search_flood='.$search_flood.' WHERE g_id='.$_POST['group_id']) or error('Unable to update group', __FILE__, __LINE__, $db->error());
+		$db->query('UPDATE '.$db->prefix.'groups SET g_title=\''.$db->escape($title).'\', g_user_title='.$user_title.', g_read_board='.$read_board.', g_post_replies='.$post_replies.', g_post_topics='.$post_topics.', g_edit_posts='.$edit_posts.', g_delete_posts='.$delete_posts.', g_delete_topics='.$delete_topics.', g_set_title='.$set_title.', g_search='.$search.', g_search_users='.$search_users.', g_edit_subjects_interval='.$edit_subjects_interval.', g_post_flood='.$post_flood.', g_search_flood='.$search_flood.' WHERE g_id='.intval($_POST['group_id'])) or error('Unable to update group', __FILE__, __LINE__, $db->error());
 	}
 
 	// Regenerate the quickjump cache
diff -urN punbb-1.2.6/upload/admin_index.php punbb-1.2.8/upload/admin_index.php
--- punbb-1.2.6/upload/admin_index.php	Sun Mar 20 20:13:24 2005
+++ punbb-1.2.8/upload/admin_index.php	Fri Sep  2 16:03:18 2005
@@ -86,7 +86,7 @@
 	$load_averages = @explode(' ', $load_averages);
 	$server_load = isset($load_averages[2]) ? $load_averages[0].' '.$load_averages[1].' '.$load_averages[2] : 'Not available';
 }
-else if (preg_match('/averages?: ([0-9\.]+),[\s]+([0-9\.]+),[\s]+([0-9\.]+)/i', @exec('uptime'), $load_averages))
+else if (!in_array(PHP_OS, array('WINNT', 'WIN32')) && preg_match('/averages?: ([0-9\.]+),[\s]+([0-9\.]+),[\s]+([0-9\.]+)/i', @exec('uptime'), $load_averages))
 	$server_load = $load_averages[1].' '.$load_averages[2].' '.$load_averages[3];
 else
 	$server_load = 'Not available';
diff -urN punbb-1.2.6/upload/admin_options.php punbb-1.2.8/upload/admin_options.php
--- punbb-1.2.6/upload/admin_options.php	Thu Jul  7 19:31:54 2005
+++ punbb-1.2.8/upload/admin_options.php	Wed Jul 27 23:24:24 2005
@@ -117,7 +117,7 @@
 	while (list($key, $input) = @each($form))
 	{
 		// Only update values that have changed
-		if (isset($pun_config['o_'.$key]) && $pun_config['o_'.$key] != $input)
+		if (array_key_exists('o_'.$key, $pun_config) && $pun_config['o_'.$key] != $input)
 		{
 			if ($input != '' || is_int($input))
 				$value = '\''.$db->escape($input).'\'';
diff -urN punbb-1.2.6/upload/admin_permissions.php punbb-1.2.8/upload/admin_permissions.php
--- punbb-1.2.6/upload/admin_permissions.php	Thu Jul  7 19:31:54 2005
+++ punbb-1.2.8/upload/admin_permissions.php	Fri Sep  2 01:36:10 2005
@@ -39,23 +39,13 @@
 {
 	confirm_referrer('admin_permissions.php');
 
-	$form = array_map('trim', $_POST['form']);
-
-	$form['sig_length'] = intval($form['sig_length']);
-	$form['sig_lines'] = intval($form['sig_lines']);
+	$form = array_map('intval', $_POST['form']);
 
 	while (list($key, $input) = @each($form))
 	{
 		// Only update values that have changed
-		if (isset($pun_config['p_'.$key]) && $pun_config['p_'.$key] != $input)
-		{
-			if ($input != '' || is_int($input))
-				$value = '\''.$db->escape($input).'\'';
-			else
-				$value = 'NULL';
-
-			$db->query('UPDATE '.$db->prefix.'config SET conf_value='.$value.' WHERE conf_name=\'p_'.$key.'\'') or error('Unable to update board config', __FILE__, __LINE__, $db->error());
-		}
+		if (array_key_exists('p_'.$key, $pun_config) && $pun_config['p_'.$key] != $input)
+			$db->query('UPDATE '.$db->prefix.'config SET conf_value='.$input.' WHERE conf_name=\'p_'.$db->escape($key).'\'') or error('Unable to update board config', __FILE__, __LINE__, $db->error());
 	}
 
 	// Regenerate the config cache
diff -urN punbb-1.2.6/upload/admin_users.php punbb-1.2.8/upload/admin_users.php
--- punbb-1.2.6/upload/admin_users.php	Thu Jul  7 19:31:54 2005
+++ punbb-1.2.8/upload/admin_users.php	Fri Sep  2 16:04:40 2005
@@ -217,6 +217,7 @@
 
 	// trim() all elements in $form
 	$form = array_map('trim', $form);
+	$conditions = array();
 
 	$posts_greater = trim($_POST['posts_greater']);
 	$posts_less = trim($_POST['posts_less']);
@@ -268,7 +269,7 @@
 	if ($user_group != 'all')
 		$conditions[] = 'u.group_id='.$db->escape($user_group);
 
-	if (!isset($conditions))
+	if (empty($conditions))
 		message('You didn\'t enter any search terms.');
 
 
diff -urN punbb-1.2.6/upload/edit.php punbb-1.2.8/upload/edit.php
--- punbb-1.2.6/upload/edit.php	Tue Jan 11 21:41:14 2005
+++ punbb-1.2.8/upload/edit.php	Fri Sep  2 16:05:30 2005
@@ -175,7 +175,7 @@
 else if (isset($_POST['preview']))
 {
 	require_once PUN_ROOT.'include/parser.php';
-	$message = parse_message(trim($_POST['req_message']), $hide_smilies);
+	$preview_message = parse_message($message, $hide_smilies);
 
 ?>
 <div id="postpreview" class="blockpost">
@@ -184,7 +184,7 @@
 		<div class="inbox">
 			<div class="postright">
 				<div class="postmsg">
-					<?php echo $message."\n" ?>
+					<?php echo $preview_message."\n" ?>
 				</div>
 			</div>
 		</div>
@@ -208,7 +208,7 @@
 <?php if ($can_edit_subject): ?>						<label><?php echo $lang_common['Subject'] ?><br />
 						<input class="longinput" type="text" name="req_subject" size="80" maxlength="70" tabindex="<?php echo $cur_index++ ?>" value="<?php echo pun_htmlspecialchars(isset($_POST['req_subject']) ? $_POST['req_subject'] : $cur_post['subject']) ?>" /><br /></label>
 <?php endif; ?>						<label><?php echo $lang_common['Message'] ?><br />
-						<textarea name="req_message" rows="20" cols="95" tabindex="<?php echo $cur_index++ ?>"><?php echo pun_htmlspecialchars(isset($_POST['req_message']) ? $_POST['req_message'] : $cur_post['message']) ?></textarea><br /></label>
+						<textarea name="req_message" rows="20" cols="95" tabindex="<?php echo $cur_index++ ?>"><?php echo pun_htmlspecialchars(isset($_POST['req_message']) ? $message : $cur_post['message']) ?></textarea><br /></label>
 						<ul class="bblinks">
 							<li><a href="help.php#bbcode" onclick="window.open(this.href); return false;"><?php echo $lang_common['BBCode'] ?></a>: <?php echo ($pun_config['p_message_bbcode'] == '1') ? $lang_common['on'] : $lang_common['off']; ?></li>
 							<li><a href="help.php#img" onclick="window.open(this.href); return false;"><?php echo $lang_common['img tag'] ?></a>: <?php echo ($pun_config['p_message_img_tag'] == '1') ? $lang_common['on'] : $lang_common['off']; ?></li>
diff -urN punbb-1.2.6/upload/extern.php punbb-1.2.8/upload/extern.php
--- punbb-1.2.6/upload/extern.php	Thu Jul  7 21:36:06 2005
+++ punbb-1.2.8/upload/extern.php	Wed Jul 27 23:25:14 2005
@@ -116,8 +116,8 @@
 	exit('The file \'config.php\' doesn\'t exist or is corrupt. Please run install.php to install PunBB first.');
 
 
-// Disable error reporting for uninitialized variables
-error_reporting(E_ALL);
+// Make sure PHP reports all errors except E_NOTICE
+error_reporting(E_ALL ^ E_NOTICE);
 
 // Turn off magic_quotes_runtime
 set_magic_quotes_runtime(0);
diff -urN punbb-1.2.6/upload/include/email.php punbb-1.2.8/upload/include/email.php
--- punbb-1.2.6/upload/include/email.php	Thu Apr  7 21:41:16 2005
+++ punbb-1.2.8/upload/include/email.php	Thu Sep 22 00:35:04 2005
@@ -75,15 +75,7 @@
 	$subject = trim(preg_replace('#[\n\r]+#s', '', $subject));
 	$from = trim(preg_replace('#[\n\r:]+#s', '', $from));
 
-	// Detect what linebreak we should use for the headers
-	if (strtoupper(substr(PHP_OS, 0, 3) == 'WIN'))
-		$eol = "\r\n";
-	else if (strtoupper(substr(PHP_OS, 0, 3) == 'MAC'))
-		$eol = "\r";
-	else
-		$eol = "\n";
-
-	$headers = 'From: '.$from.$eol.'Date: '.date('r').$eol.'MIME-Version: 1.0'.$eol.'Content-transfer-encoding: 8bit'.$eol.'Content-type: text/plain; charset='.$lang_common['lang_encoding'].$eol.'X-Mailer: PunBB Mailer';
+	$headers = 'From: '.$from."\r\n".'Date: '.date('r')."\r\n".'MIME-Version: 1.0'."\r\n".'Content-transfer-encoding: 8bit'."\r\n".'Content-type: text/plain; charset='.$lang_common['lang_encoding']."\r\n".'X-Mailer: PunBB Mailer';
 
 	// Make sure all linebreaks are CRLF in message
 	$message = str_replace("\n", "\r\n", pun_linebreaks($message));
@@ -91,7 +83,15 @@
 	if ($pun_config['o_smtp_host'] != '')
 		smtp_mail($to, $subject, $message, $headers);
 	else
+	{
+		// Change the linebreaks used in the headers according to OS
+		if (strtoupper(substr(PHP_OS, 0, 3)) == 'MAC')
+			$headers = str_replace("\r\n", "\r", $headers);
+		else if (strtoupper(substr(PHP_OS, 0, 3)) != 'WIN')
+			$headers = str_replace("\r\n", "\n", $headers);
+
 		mail($to, $subject, $message, $headers);
+	}
 }
 
 
diff -urN punbb-1.2.6/upload/include/functions.php punbb-1.2.8/upload/include/functions.php
--- punbb-1.2.6/upload/include/functions.php	Fri Jul  8 20:10:57 2005
+++ punbb-1.2.8/upload/include/functions.php	Thu Sep 22 00:35:32 2005
@@ -168,7 +168,10 @@
 		}
 
 		if ($cur_ban['username'] != '' && !strcasecmp($pun_user['username'], $cur_ban['username']))
+		{
+			$db->query('DELETE FROM '.$db->prefix.'online WHERE ident=\''.$db->escape($pun_user['username']).'\'') or error('Unable to delete from online list', __FILE__, __LINE__, $db->error());
 			message($lang_common['Ban message'].' '.(($cur_ban['expire'] != '') ? $lang_common['Ban message 2'].' '.strtolower(format_time($cur_ban['expire'], true)).'. ' : '').(($cur_ban['message'] != '') ? $lang_common['Ban message 3'].'<br /><br /><strong>'.pun_htmlspecialchars($cur_ban['message']).'</strong><br /><br />' : '<br /><br />').$lang_common['Ban message 4'].' <a href="mailto:'.$pun_config['o_admin_email'].'">'.$pun_config['o_admin_email'].'</a>.', true);
+		}
 
 		if ($cur_ban['ip'] != '')
 		{
@@ -179,7 +182,10 @@
 				$cur_ban_ips[$i] = $cur_ban_ips[$i].'.';
 
 				if (substr($user_ip, 0, strlen($cur_ban_ips[$i])) == $cur_ban_ips[$i])
+				{
+					$db->query('DELETE FROM '.$db->prefix.'online WHERE ident=\''.$db->escape($pun_user['username']).'\'') or error('Unable to delete from online list', __FILE__, __LINE__, $db->error());
 					message($lang_common['Ban message'].' '.(($cur_ban['expire'] != '') ? $lang_common['Ban message 2'].' '.strtolower(format_time($cur_ban['expire'], true)).'. ' : '').(($cur_ban['message'] != '') ? $lang_common['Ban message 3'].'<br /><br /><strong>'.pun_htmlspecialchars($cur_ban['message']).'</strong><br /><br />' : '<br /><br />').$lang_common['Ban message 4'].' <a href="mailto:'.$pun_config['o_admin_email'].'">'.$pun_config['o_admin_email'].'</a>.', true);
+				}
 			}
 		}
 	}
@@ -203,7 +209,7 @@
 	$now = time();
 
 	// Fetch all online list entries that are older than "o_timeout_online"
-	$result = $db->query('SELECT * FROM '.$db->prefix.'online WHERE logged<'.($now-$pun_config['o_timeout_online'])) or error('Unable to delete from online list', __FILE__, __LINE__, $db->error());
+	$result = $db->query('SELECT * FROM '.$db->prefix.'online WHERE logged<'.($now-$pun_config['o_timeout_online'])) or error('Unable to fetch old entries from online list', __FILE__, __LINE__, $db->error());
 	while ($cur_user = $db->fetch_assoc($result))
 	{
 		// If the entry is a guest, delete it
diff -urN punbb-1.2.6/upload/include/parser.php punbb-1.2.8/upload/include/parser.php
--- punbb-1.2.6/upload/include/parser.php	Thu Jul  7 22:00:42 2005
+++ punbb-1.2.8/upload/include/parser.php	Fri Sep  2 16:01:04 2005
@@ -264,7 +264,7 @@
 {
 	global $pun_user;
 
-	$full_url = str_replace(' ', '%20', $url);
+	$full_url = str_replace(array(' ', '\'', '`'), array('%20', '', ''), $url);
 	if (strpos($url, 'www.') === 0)			// If it starts with www, we add http://
 		$full_url = 'http://'.$full_url;
 	else if (strpos($url, 'ftp.') === 0)	// Else if it starts with ftp, we add ftp://
@@ -314,10 +314,10 @@
 	$pattern = array('#\[b\](.*?)\[/b\]#s',
 					 '#\[i\](.*?)\[/i\]#s',
 					 '#\[u\](.*?)\[/u\]#s',
-					 '#\[url\](.*?)\[/url\]#e',
-					 '#\[url=(.*?)\](.*?)\[/url\]#e',
-					 '#\[email\](.*?)\[/email\]#',
-					 '#\[email=(.*?)\](.*?)\[/email\]#',
+					 '#\[url\]([^\[]*?)\[/url\]#e',
+					 '#\[url=([^\[]*?)\](.*?)\[/url\]#e',
+					 '#\[email\]([^\[]*?)\[/email\]#',
+					 '#\[email=([^\[]*?)\](.*?)\[/email\]#',
 					 '#\[color=([a-zA-Z]*|\#?[0-9a-fA-F]{6})](.*?)\[/color\]#s');
 
 	$replace = array('<strong>$1</strong>',
diff -urN punbb-1.2.6/upload/install.php punbb-1.2.8/upload/install.php
--- punbb-1.2.6/upload/install.php	Thu Jul  7 22:43:44 2005
+++ punbb-1.2.8/upload/install.php	Thu Sep 22 00:42:32 2005
@@ -24,7 +24,7 @@
 
 
 // The PunBB version this script installs
-$punbb_version = '1.2.6';
+$punbb_version = '1.2.8';
 
 
 define('PUN_ROOT', './');
@@ -528,7 +528,7 @@
 			break;
 	}
 
-	$db->query($sql) or error('Unable to create table '.$db_prefix.'online. Please check your settings and try again.',  __FILE__, __LINE__, $db->error());
+	$db->query($sql) or error('Unable to create table '.$db_prefix.'config. Please check your settings and try again.',  __FILE__, __LINE__, $db->error());
 
 
 
diff -urN punbb-1.2.6/upload/login.php punbb-1.2.8/upload/login.php
--- punbb-1.2.6/upload/login.php	Thu Jul  7 19:35:30 2005
+++ punbb-1.2.8/upload/login.php	Thu Sep 22 00:36:08 2005
@@ -153,7 +153,7 @@
 			message($lang_login['Forget mail'].' <a href="mailto:'.$pun_config['o_admin_email'].'">'.$pun_config['o_admin_email'].'</a>.');
 		}
 		else
-			message($lang_login['No e-mail match'].' '.$email.'.');
+			message($lang_login['No e-mail match'].' '.htmlspecialchars($email).'.');
 	}
 
 
diff -urN punbb-1.2.6/upload/post.php punbb-1.2.8/upload/post.php
--- punbb-1.2.6/upload/post.php	Wed May  4 21:52:38 2005
+++ punbb-1.2.8/upload/post.php	Fri Sep  2 16:05:30 2005
@@ -440,7 +440,7 @@
 else if (isset($_POST['preview']))
 {
 	require_once PUN_ROOT.'include/parser.php';
-	$message = parse_message($message, $hide_smilies);
+	$preview_message = parse_message($message, $hide_smilies);
 
 ?>
 <div id="postpreview" class="blockpost">
@@ -449,7 +449,7 @@
 		<div class="inbox">
 			<div class="postright">
 				<div class="postmsg">
-					<?php echo $message."\n" ?>
+					<?php echo $preview_message."\n" ?>
 				</div>
 			</div>
 		</div>
@@ -491,7 +491,7 @@
 if ($fid): ?>
 						<label><strong><?php echo $lang_common['Subject'] ?></strong><br /><input class="longinput" type="text" name="req_subject" value="<?php if (isset($_POST['req_subject'])) echo pun_htmlspecialchars($subject); ?>" size="80" maxlength="70" tabindex="<?php echo $cur_index++ ?>" /><br /></label>
 <?php endif; ?>						<label><strong><?php echo $lang_common['Message'] ?></strong><br />
-						<textarea name="req_message" rows="20" cols="95" tabindex="<?php echo $cur_index++ ?>"><?php echo isset($_POST['req_message']) ? pun_htmlspecialchars(trim($_POST['req_message'])) : (isset($quote) ? $quote : ''); ?></textarea><br /></label>
+						<textarea name="req_message" rows="20" cols="95" tabindex="<?php echo $cur_index++ ?>"><?php echo isset($_POST['req_message']) ? pun_htmlspecialchars($message) : (isset($quote) ? $quote : ''); ?></textarea><br /></label>
 						<ul class="bblinks">
 							<li><a href="help.php#bbcode" onclick="window.open(this.href); return false;"><?php echo $lang_common['BBCode'] ?></a>: <?php echo ($pun_config['p_message_bbcode'] == '1') ? $lang_common['on'] : $lang_common['off']; ?></li>
 							<li><a href="help.php#img" onclick="window.open(this.href); return false;"><?php echo $lang_common['img tag'] ?></a>: <?php echo ($pun_config['p_message_img_tag'] == '1') ? $lang_common['on'] : $lang_common['off']; ?></li>
diff -urN punbb-1.2.6/upload/profile.php punbb-1.2.8/upload/profile.php
--- punbb-1.2.6/upload/profile.php	Thu Jul  7 22:37:30 2005
+++ punbb-1.2.8/upload/profile.php	Thu Sep 22 07:50:40 2005
@@ -710,6 +710,14 @@
 					message($lang_common['Invalid e-mail']);
 			}
 
+			// Make sure we got a valid language string
+			if (isset($form['language']))
+			{
+				$form['language'] = preg_replace('#[\.\\\/]#', '', $form['language']);
+				if (!file_exists(PUN_ROOT.'lang/'.$form['language'].'/common.php'))
+						message($lang_common['Bad request']);
+			}
+
 			break;
 		}
 
diff -urN punbb-1.2.6/upload/register.php punbb-1.2.8/upload/register.php
--- punbb-1.2.6/upload/register.php	Thu May  5 00:26:04 2005
+++ punbb-1.2.8/upload/register.php	Tue Aug 30 02:45:44 2005
@@ -171,7 +171,7 @@
 	$save_pass = (!isset($_POST['save_pass']) || $_POST['save_pass'] != '1') ? '0' : '1';
 
 	$email_setting = intval($_POST['email_setting']);
-	if ($email_setting < 0 && $email_setting > 2) $email_setting = 1;
+	if ($email_setting < 0 || $email_setting > 2) $email_setting = 1;
 
 	// Insert the new user into the database. We do this now to get the last inserted id for later use.
 	$now = time();
diff -urN punbb-1.2.6/upload/search.php punbb-1.2.8/upload/search.php
--- punbb-1.2.6/upload/search.php	Thu Jul  7 18:58:46 2005
+++ punbb-1.2.8/upload/search.php	Thu Sep 22 00:36:42 2005
@@ -51,6 +51,7 @@
 	$action = (isset($_GET['action'])) ? $_GET['action'] : null;
 	$forum = (isset($_GET['forum'])) ? intval($_GET['forum']) : -1;
 	$sort_dir = (isset($_GET['sort_dir'])) ? (($_GET['sort_dir'] == 'DESC') ? 'DESC' : 'ASC') : 'DESC';
+	if (isset($search_id)) unset($search_id);
 
 	// If a search_id was supplied
 	if (isset($_GET['search_id']))
diff -urN punbb-1.2.6/upload/viewforum.php punbb-1.2.8/upload/viewforum.php
--- punbb-1.2.6/upload/viewforum.php	Tue Feb  1 17:16:46 2005
+++ punbb-1.2.8/upload/viewforum.php	Thu Sep 22 00:39:30 2005
@@ -242,7 +242,7 @@
 
 <div class="linksb">
 	<div class="inbox">
-		<p class="pagelink conl"><?php echo $lang_common['Pages'].': '.paginate($num_pages, $p, 'viewforum.php?id='.$id) ?></p>
+		<p class="pagelink conl"><?php echo $paging_links ?></p>
 <?php echo $post_link ?>
 		<ul><li><a href="index.php"><?php echo $lang_common['Index'] ?></a>&nbsp;</li><li>&raquo;&nbsp;<?php echo pun_htmlspecialchars($cur_forum['forum_name']) ?></li></ul>
 		<div class="clearer"></div>