3 files changed, 54 insertions, 11 deletions
diff --git a/phpBB/includes/bbcode.php b/phpBB/includes/bbcode.php
index d77bb3c4a7..9356e3e9b4 100644
--- a/phpBB/includes/bbcode.php
+++ b/phpBB/includes/bbcode.php
@@ -584,6 +584,13 @@ class bbcode
 				$code = str_replace("\t", '&nbsp; &nbsp;', $code);
 				$code = str_replace('  ', '&nbsp; ', $code);
 				$code = str_replace('  ', ' &nbsp;', $code);
+				$code = str_replace("\n ", "\n&nbsp;", $code);
+
+				// keep space at the beginning
+				if (!empty($code) && $code[0] == ' ')
+				{
+					$code = '&nbsp;' . substr($code, 1);
+				}
 
 				// remove newline at the beginning
 				if (!empty($code) && $code[0] == "\n")
diff --git a/phpBB/includes/functions_content.php b/phpBB/includes/functions_content.php
index b7650ecd6a..b34976db2a 100644
--- a/phpBB/includes/functions_content.php
+++ b/phpBB/includes/functions_content.php
@@ -691,6 +691,9 @@ function censor_text($text)
 		return '';
 	}
 
+	// Strip control characters
+	$text = preg_replace('/[\x00-\x0f]/', '', $text);
+
 	// We moved the word censor checks in here because we call this function quite often - and then only need to do the check once
 	if (!isset($censors) || !is_array($censors))
 	{
diff --git a/phpBB/includes/functions_transfer.php b/phpBB/includes/functions_transfer.php
index 046abede8e..5ab7a87efd 100644
--- a/phpBB/includes/functions_transfer.php
+++ b/phpBB/includes/functions_transfer.php
@@ -808,23 +808,56 @@ class ftp_fsock extends transfer
 	*/
 	function _open_data_connection()
 	{
-		$this->_send_command('PASV', '', false);
-
-		if (!$ip_port = $this->_check_command(true))
+		// Try to find out whether we have a IPv4 or IPv6 (control) connection
+		if (function_exists('stream_socket_get_name'))
 		{
-			return false;
+			$socket_name = stream_socket_get_name($this->connection, true);
+			$server_ip = substr($socket_name, 0, strrpos($socket_name, ':'));
 		}
 
-		// open the connection to start sending the file
-		if (!preg_match('#[0-9]{1,3},[0-9]{1,3},[0-9]{1,3},[0-9]{1,3},[0-9]+,[0-9]+#', $ip_port, $temp))
+		if (!isset($server_ip) || preg_match(get_preg_expression('ipv4'), $server_ip))
 		{
-			// bad ip and port
-			return false;
+			// Passive mode
+			$this->_send_command('PASV', '', false);
+
+			if (!$ip_port = $this->_check_command(true))
+			{
+				return false;
+			}
+
+			// open the connection to start sending the file
+			if (!preg_match('#[0-9]{1,3},[0-9]{1,3},[0-9]{1,3},[0-9]{1,3},[0-9]+,[0-9]+#', $ip_port, $temp))
+			{
+				// bad ip and port
+				return false;
+			}
+
+			$temp = explode(',', $temp[0]);
+			$server_ip = $temp[0] . '.' . $temp[1] . '.' . $temp[2] . '.' . $temp[3];
+			$server_port = $temp[4] * 256 + $temp[5];
+		}
+		else
+		{
+			// Extended Passive Mode - RFC2428
+			$this->_send_command('EPSV', '', false);
+
+			if (!$epsv_response = $this->_check_command(true))
+			{
+				return false;
+			}
+
+			// Response looks like "229 Entering Extended Passive Mode (|||12345|)"
+			// where 12345 is the tcp port for the data connection
+			if (!preg_match('#\(\|\|\|([0-9]+)\|\)#', $epsv_response, $match))
+			{
+				return false;
+			}
+			$server_port = (int) $match[1];
+
+			// fsockopen expects IPv6 address in square brackets
+			$server_ip = "[$server_ip]";
 		}
 
-		$temp = explode(',', $temp[0]);
-		$server_ip = $temp[0] . '.' . $temp[1] . '.' . $temp[2] . '.' . $temp[3];
-		$server_port = $temp[4] * 256 + $temp[5];
 		$errno = 0;
 		$errstr = '';