19 files changed, 469 insertions, 84 deletions
diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php
index 951166f086..d537885ef1 100644
--- a/phpBB/includes/acp/acp_board.php
+++ b/phpBB/includes/acp/acp_board.php
@@ -88,6 +88,7 @@ class acp_board
 						'allow_nocensors'		=> array('lang' => 'ALLOW_NO_CENSORS',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'allow_bookmarks'		=> array('lang' => 'ALLOW_BOOKMARKS',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'allow_birthdays'		=> array('lang' => 'ALLOW_BIRTHDAYS',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
+						'display_last_subject'	=> array('lang' => 'DISPLAY_LAST_SUBJECT',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'allow_quick_reply'		=> array('lang' => 'ALLOW_QUICK_REPLY',		'validate' => 'bool',	'type' => 'custom', 'method' => 'quick_reply', 'explain' => true),
 
 						'legend2'				=> 'ACP_LOAD_SETTINGS',
diff --git a/phpBB/includes/acp/acp_database.php b/phpBB/includes/acp/acp_database.php
index e66fd850c6..ebcbd28a87 100644
--- a/phpBB/includes/acp/acp_database.php
+++ b/phpBB/includes/acp/acp_database.php
@@ -20,6 +20,7 @@ if (!defined('IN_PHPBB'))
 */
 class acp_database
 {
+	var $db_tools;
 	var $u_action;
 
 	function main($id, $mode)
@@ -27,6 +28,12 @@ class acp_database
 		global $cache, $db, $user, $auth, $template, $table_prefix;
 		global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx;
 
+		if (!class_exists('phpbb_db_tools'))
+		{
+			require($phpbb_root_path . 'includes/db/db_tools.' . $phpEx);
+		}
+		$this->db_tools = new phpbb_db_tools($db);
+
 		$user->add_lang('acp/database');
 
 		$this->tpl_name = 'acp_database';
@@ -49,7 +56,7 @@ class acp_database
 				{
 					case 'download':
 						$type	= request_var('type', '');
-						$table	= request_var('table', array(''));
+						$table	= array_intersect($this->db_tools->sql_list_tables(), request_var('table', array('')));
 						$format	= request_var('method', '');
 						$where	= request_var('where', '');
 
@@ -172,8 +179,7 @@ class acp_database
 					break;
 
 					default:
-						include($phpbb_root_path . 'includes/functions_install.' . $phpEx);
-						$tables = get_tables($db);
+						$tables = $this->db_tools->sql_list_tables();
 						asort($tables);
 						foreach ($tables as $table_name)
 						{
diff --git a/phpBB/includes/acp/acp_styles.php b/phpBB/includes/acp/acp_styles.php
index de1f678e38..943bfe6a6f 100644
--- a/phpBB/includes/acp/acp_styles.php
+++ b/phpBB/includes/acp/acp_styles.php
@@ -21,7 +21,7 @@ if (!defined('IN_PHPBB'))
 class acp_styles
 {
 	public $u_action;
-	
+
 	protected $u_base_action;
 	protected $s_hidden_fields;
 	protected $mode;
diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php
index 44717452e8..17687b05c7 100644
--- a/phpBB/includes/acp/acp_users.php
+++ b/phpBB/includes/acp/acp_users.php
@@ -1001,6 +1001,13 @@ class acp_users
 				$user_row['posts_in_queue'] = (int) $db->sql_fetchfield('posts_in_queue');
 				$db->sql_freeresult($result);
 
+				$sql = 'SELECT post_id
+					FROM ' . POSTS_TABLE . '
+					WHERE poster_id = '. $user_id;
+				$result = $db->sql_query_limit($sql, 1);
+				$user_row['user_has_posts'] = (bool) $db->sql_fetchfield('post_id');
+				$db->sql_freeresult($result);
+
 				$template->assign_vars(array(
 					'L_NAME_CHARS_EXPLAIN'		=> $user->lang($config['allow_name_chars'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_name_chars']), $user->lang('CHARACTERS', (int) $config['max_name_chars'])),
 					'L_CHANGE_PASSWORD_EXPLAIN'	=> $user->lang($config['pass_complex'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_pass_chars']), $user->lang('CHARACTERS', (int) $config['max_pass_chars'])),
@@ -1028,6 +1035,7 @@ class acp_users
 					'USER_EMAIL'		=> $user_row['user_email'],
 					'USER_WARNINGS'		=> $user_row['user_warnings'],
 					'USER_POSTS'		=> $user_row['user_posts'],
+					'USER_HAS_POSTS'	=> $user_row['user_has_posts'],
 					'USER_INACTIVE_REASON'	=> $inactive_reason,
 				));
 
diff --git a/phpBB/includes/auth/auth_ldap.php b/phpBB/includes/auth/auth_ldap.php
index b2f45f046c..26029efe1e 100644
--- a/phpBB/includes/auth/auth_ldap.php
+++ b/phpBB/includes/auth/auth_ldap.php
@@ -155,7 +155,11 @@ function login_ldap(&$username, &$password)
 	{
 		if (!@ldap_bind($ldap, htmlspecialchars_decode($config['ldap_user']), htmlspecialchars_decode($config['ldap_password'])))
 		{
-			return $user->lang['LDAP_NO_SERVER_CONNECTION'];
+			return array(
+				'status'		=> LOGIN_ERROR_EXTERNAL_AUTH,
+				'error_msg'		=> 'LDAP_NO_SERVER_CONNECTION',
+				'user_row'		=> array('user_id' => ANONYMOUS),
+			);
 		}
 	}
 
diff --git a/phpBB/includes/db/dbal.php b/phpBB/includes/db/dbal.php
index db469ed969..cf54d455f7 100644
--- a/phpBB/includes/db/dbal.php
+++ b/phpBB/includes/db/dbal.php
@@ -522,6 +522,18 @@ class dbal
 	}
 
 	/**
+	* Run LOWER() on DB column of type text (i.e. neither varchar nor char).
+	*
+	* @param string $column_name	The column name to use
+	*
+	* @return string				A SQL statement like "LOWER($column_name)"
+	*/
+	function sql_lower_text($column_name)
+	{
+		return "LOWER($column_name)";
+	}
+
+	/**
 	* Run more than one insert statement.
 	*
 	* @param string $table table name to run the statements on
diff --git a/phpBB/includes/db/mssql.php b/phpBB/includes/db/mssql.php
index fd11dbad3c..abeabc389f 100644
--- a/phpBB/includes/db/mssql.php
+++ b/phpBB/includes/db/mssql.php
@@ -325,6 +325,14 @@ class dbal_mssql extends dbal
 	}
 
 	/**
+	* {@inheritDoc}
+	*/
+	function sql_lower_text($column_name)
+	{
+		return "LOWER(SUBSTRING($column_name, 1, DATALENGTH($column_name)))";
+	}
+
+	/**
 	* Build LIKE expression
 	* @access private
 	*/
diff --git a/phpBB/includes/db/mssql_odbc.php b/phpBB/includes/db/mssql_odbc.php
index 7ead00cece..6e24f4e9e8 100644
--- a/phpBB/includes/db/mssql_odbc.php
+++ b/phpBB/includes/db/mssql_odbc.php
@@ -310,6 +310,14 @@ class dbal_mssql_odbc extends dbal
 	}
 
 	/**
+	* {@inheritDoc}
+	*/
+	function sql_lower_text($column_name)
+	{
+		return "LOWER(SUBSTRING($column_name, 1, DATALENGTH($column_name)))";
+	}
+
+	/**
 	* Build LIKE expression
 	* @access private
 	*/
diff --git a/phpBB/includes/db/mssqlnative.php b/phpBB/includes/db/mssqlnative.php
index 8aac032135..8a4503f111 100644
--- a/phpBB/includes/db/mssqlnative.php
+++ b/phpBB/includes/db/mssqlnative.php
@@ -492,6 +492,14 @@ class dbal_mssqlnative extends dbal
 	}
 
 	/**
+	* {@inheritDoc}
+	*/
+	function sql_lower_text($column_name)
+	{
+		return "LOWER(SUBSTRING($column_name, 1, DATALENGTH($column_name)))";
+	}
+
+	/**
 	* Build LIKE expression
 	* @access private
 	*/
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index 28f06abbc1..ad64471388 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -1691,14 +1691,17 @@ function update_forum_tracking_info($forum_id, $forum_last_post_time, $f_mark_ti
 		}
 		else
 		{
-			$sql = 'SELECT t.forum_id FROM ' . TOPICS_TABLE . ' t
-				LEFT JOIN ' . TOPICS_TRACK_TABLE . ' tt ON (tt.topic_id = t.topic_id AND tt.user_id = ' . $user->data['user_id'] . ')
+			$sql = 'SELECT t.forum_id
+				FROM ' . TOPICS_TABLE . ' t
+				LEFT JOIN ' . TOPICS_TRACK_TABLE . ' tt
+					ON (tt.topic_id = t.topic_id
+						AND tt.user_id = ' . $user->data['user_id'] . ')
 				WHERE t.forum_id = ' . $forum_id . '
 					AND t.topic_last_post_time > ' . $mark_time_forum . '
 					AND t.topic_moved_id = 0 ' .
 					$sql_update_unapproved . '
-					AND (tt.topic_id IS NULL OR tt.mark_time < t.topic_last_post_time)
-				GROUP BY t.forum_id';
+					AND (tt.topic_id IS NULL
+						OR tt.mark_time < t.topic_last_post_time)';
 			$result = $db->sql_query_limit($sql, 1);
 			$row = $db->sql_fetchrow($result);
 			$db->sql_freeresult($result);
@@ -3247,7 +3250,7 @@ function get_preg_expression($mode)
 		case 'email':
 			// Regex written by James Watts and Francisco Jose Martin Moreno
 			// http://fightingforalostcause.net/misc/2006/compare-email-regex.php
-			return '([\w\!\#$\%\&\'\*\+\-\/\=\?\^\`{\|\}\~]+\.)*(?:[\w\!\#$\%\'\*\+\-\/\=\?\^\`{\|\}\~]|&amp;)+@((((([a-z0-9]{1}[a-z0-9\-]{0,62}[a-z0-9]{1})|[a-z])\.)+[a-z]{2,6})|(\d{1,3}\.){3}\d{1,3}(\:\d{1,5})?)';
+			return '([\w\!\#$\%\&\'\*\+\-\/\=\?\^\`{\|\}\~]+\.)*(?:[\w\!\#$\%\'\*\+\-\/\=\?\^\`{\|\}\~]|&amp;)+@((((([a-z0-9]{1}[a-z0-9\-]{0,62}[a-z0-9]{1})|[a-z])\.)+[a-z]{2,63})|(\d{1,3}\.){3}\d{1,3}(\:\d{1,5})?)';
 		break;
 
 		case 'bbcode_htm':
@@ -4984,3 +4987,16 @@ function phpbb_pcre_utf8_support()
 	}
 	return $utf8_pcre_properties;
 }
+
+/**
+* Casts a numeric string $input to an appropriate numeric type (i.e. integer or float)
+*
+* @param string $input		A numeric string.
+*
+* @return int|float			Integer $input if $input fits integer,
+*							float $input otherwise.
+*/
+function phpbb_to_numeric($input)
+{
+	return ($input > PHP_INT_MAX) ? (float) $input : (int) $input;
+}
diff --git a/phpBB/includes/functions_admin.php b/phpBB/includes/functions_admin.php
index 9798e514c1..5d19cd7adb 100644
--- a/phpBB/includes/functions_admin.php
+++ b/phpBB/includes/functions_admin.php
@@ -2556,7 +2556,8 @@ function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id
 		{
 			$sql_keywords .= $db->sql_in_set('l.log_operation', $operations) . ' OR ';
 		}
-		$sql_keywords .= 'LOWER(l.log_data) ' . implode(' OR LOWER(l.log_data) ', $keywords) . ')';
+		$sql_lower = $db->sql_lower_text('l.log_data');
+		$sql_keywords .= "$sql_lower " . implode(" OR $sql_lower ", $keywords) . ')';
 	}
 
 	if ($log_count !== false)
diff --git a/phpBB/includes/functions_display.php b/phpBB/includes/functions_display.php
index 18db64cc68..1f45d5e8e1 100644
--- a/phpBB/includes/functions_display.php
+++ b/phpBB/includes/functions_display.php
@@ -397,12 +397,13 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 		if ($row['forum_last_post_id'])
 		{
 			$last_post_subject = $row['forum_last_post_subject'];
+			$last_post_subject_truncated = truncate_string(censor_text($last_post_subject), 30, 255, false, $user->lang['ELLIPSIS']);
 			$last_post_time = $user->format_date($row['forum_last_post_time']);
 			$last_post_url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $row['forum_id_last_post'] . '&amp;p=' . $row['forum_last_post_id']) . '#p' . $row['forum_last_post_id'];
 		}
 		else
 		{
-			$last_post_subject = $last_post_time = $last_post_url = '';
+			$last_post_subject = $last_post_time = $last_post_url = $last_post_subject_truncated = '';
 		}
 
 		// Output moderator listing ... if applicable
@@ -451,6 +452,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 			'S_LOCKED_FORUM'	=> ($row['forum_status'] == ITEM_LOCKED) ? true : false,
 			'S_LIST_SUBFORUMS'	=> ($row['display_subforum_list']) ? true : false,
 			'S_SUBFORUMS'		=> (sizeof($subforums_list)) ? true : false,
+			'S_DISPLAY_SUBJECT'	=>	($last_post_subject && $config['display_last_subject'] && !$row['forum_password'] && $auth->acl_get('f_read', $row['forum_id'])) ? true : false,
 			'S_FEED_ENABLED'	=> ($config['feed_forum'] && !phpbb_optionget(FORUM_OPTION_FEED_EXCLUDE, $row['forum_options']) && $row['forum_type'] == FORUM_POST) ? true : false,
 
 			'FORUM_ID'				=> $row['forum_id'],
@@ -463,7 +465,8 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 			'FORUM_FOLDER_IMG_ALT'	=> isset($user->lang[$folder_alt]) ? $user->lang[$folder_alt] : '',
 			'FORUM_IMAGE'			=> ($row['forum_image']) ? '<img src="' . $phpbb_root_path . $row['forum_image'] . '" alt="' . $user->lang[$folder_alt] . '" />' : '',
 			'FORUM_IMAGE_SRC'		=> ($row['forum_image']) ? $phpbb_root_path . $row['forum_image'] : '',
-			'LAST_POST_SUBJECT'		=> censor_text($last_post_subject),
+			'LAST_POST_SUBJECT'		=> (!$row['forum_password'] && $auth->acl_get('f_read', $row['forum_id'])) ? censor_text($last_post_subject) : "",
+			'LAST_POST_SUBJECT_TRUNCATED'	=> (!$row['forum_password'] && $auth->acl_get('f_read', $row['forum_id'])) ? $last_post_subject_truncated : "",
 			'LAST_POST_TIME'		=> $last_post_time,
 			'LAST_POSTER'			=> get_username_string('username', $row['forum_last_poster_id'], $row['forum_last_poster_name'], $row['forum_last_poster_colour']),
 			'LAST_POSTER_COLOUR'	=> get_username_string('colour', $row['forum_last_poster_id'], $row['forum_last_poster_name'], $row['forum_last_poster_colour']),
diff --git a/phpBB/includes/functions_install.php b/phpBB/includes/functions_install.php
index 15b388728b..50af8fe019 100644
--- a/phpBB/includes/functions_install.php
+++ b/phpBB/includes/functions_install.php
@@ -558,7 +558,5 @@ function phpbb_create_config_file_data($data, $dbms, $load_extensions, $debug =
 		$config_data .= "// @define('DEBUG_EXTRA', true);\n";
 	}
 
-	$config_data .= '?' . '>'; // Done this to prevent highlighting editors getting confused!
-
 	return $config_data;
 }
diff --git a/phpBB/includes/functions_privmsgs.php b/phpBB/includes/functions_privmsgs.php
index 434349714b..8542e3ab0a 100644
--- a/phpBB/includes/functions_privmsgs.php
+++ b/phpBB/includes/functions_privmsgs.php
@@ -1128,6 +1128,166 @@ function delete_pm($user_id, $msg_ids, $folder_id)
 }
 
 /**
+* Delete all PM(s) for a given user and delete the ones without references
+*
+* @param	int		$user_id	ID of the user whose private messages we want to delete
+*
+* @return	boolean		False if there were no pms found, true otherwise.
+*/
+function phpbb_delete_user_pms($user_id)
+{
+	global $db, $user, $phpbb_root_path, $phpEx;
+
+	$user_id = (int) $user_id;
+
+	if (!$user_id)
+	{
+		return false;
+	}
+
+	// Get PM Information for later deleting
+	// The two queries where split, so we can use our indexes
+	// Part 1: get PMs the user received
+	$sql = 'SELECT msg_id, author_id, folder_id, pm_unread, pm_new
+		FROM ' . PRIVMSGS_TO_TABLE . '
+		WHERE user_id = ' . $user_id;
+	$result = $db->sql_query($sql);
+
+	$undelivered_msg = $undelivered_user = $delete_ids = array();
+	while ($row = $db->sql_fetchrow($result))
+	{
+		if ($row['author_id'] == $user_id && $row['folder_id'] == PRIVMSGS_NO_BOX)
+		{
+			// Undelivered messages
+			$undelivered_msg[] = $row['msg_id'];
+
+			if (isset($undelivered_user[$row['user_id']]))
+			{
+				++$undelivered_user[$row['user_id']];
+			}
+			else
+			{
+				$undelivered_user[$row['user_id']] = 1;
+			}
+		}
+
+		$delete_ids[(int) $row['msg_id']] = (int) $row['msg_id'];
+	}
+	$db->sql_freeresult($result);
+
+	// Part 2: get PMs the user sent
+	$sql = 'SELECT msg_id, author_id, folder_id, pm_unread, pm_new
+		FROM ' . PRIVMSGS_TO_TABLE . '
+		WHERE author_id = ' . $user_id . '
+				AND folder_id = ' . PRIVMSGS_NO_BOX;
+	$result = $db->sql_query($sql);
+
+	while ($row = $db->sql_fetchrow($result))
+	{
+		if ($row['author_id'] == $user_id && $row['folder_id'] == PRIVMSGS_NO_BOX)
+		{
+			// Undelivered messages
+			$undelivered_msg[] = $row['msg_id'];
+
+			if (isset($undelivered_user[$row['user_id']]))
+			{
+				++$undelivered_user[$row['user_id']];
+			}
+			else
+			{
+				$undelivered_user[$row['user_id']] = 1;
+			}
+		}
+
+		$delete_ids[(int) $row['msg_id']] = (int) $row['msg_id'];
+	}
+	$db->sql_freeresult($result);
+
+	if (empty($delete_ids))
+	{
+		return false;
+	}
+
+	$db->sql_transaction('begin');
+
+	if (sizeof($undelivered_msg))
+	{
+		$sql = 'DELETE FROM ' . PRIVMSGS_TABLE . '
+			WHERE ' . $db->sql_in_set('msg_id', $undelivered_msg);
+		$db->sql_query($sql);
+	}
+
+	// Reset the user�s pm count to 0
+	if (isset($undelivered_user[$user_id]))
+	{
+		$sql = 'UPDATE ' . USERS_TABLE . '
+			SET user_new_privmsg = 0,
+				user_unread_privmsg = 0
+			WHERE user_id = ' . $user_id;
+		$db->sql_query($sql);
+		unset($undelivered_user[$user_id]);
+	}
+
+	foreach ($undelivered_user as $_user_id => $count)
+	{
+		$sql = 'UPDATE ' . USERS_TABLE . '
+			SET user_new_privmsg = user_new_privmsg - ' . $count . ',
+				user_unread_privmsg = user_unread_privmsg - ' . $count . '
+			WHERE user_id = ' . $_user_id;
+		$db->sql_query($sql);
+	}
+
+	// Delete private message data
+	$sql = 'DELETE FROM ' . PRIVMSGS_TO_TABLE . "
+		WHERE user_id = $user_id
+			AND " . $db->sql_in_set('msg_id', $delete_ids);
+	$db->sql_query($sql);
+
+	// Now we have to check which messages we can delete completely
+	$sql = 'SELECT msg_id
+		FROM ' . PRIVMSGS_TO_TABLE . '
+		WHERE ' . $db->sql_in_set('msg_id', $delete_ids);
+	$result = $db->sql_query($sql);
+
+	while ($row = $db->sql_fetchrow($result))
+	{
+		unset($delete_ids[$row['msg_id']]);
+	}
+	$db->sql_freeresult($result);
+
+	if (!empty($delete_ids))
+	{
+		// Check if there are any attachments we need to remove
+		if (!function_exists('delete_attachments'))
+		{
+			include($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
+		}
+
+		delete_attachments('message', $delete_ids, false);
+
+		$sql = 'DELETE FROM ' . PRIVMSGS_TABLE . '
+			WHERE ' . $db->sql_in_set('msg_id', $delete_ids);
+		$db->sql_query($sql);
+	}
+
+	// Set the remaining author id to anonymous
+	// This way users are still able to read messages from users being removed
+	$sql = 'UPDATE ' . PRIVMSGS_TO_TABLE . '
+		SET author_id = ' . ANONYMOUS . '
+		WHERE author_id = ' . $user_id;
+	$db->sql_query($sql);
+
+	$sql = 'UPDATE ' . PRIVMSGS_TABLE . '
+		SET author_id = ' . ANONYMOUS . '
+		WHERE author_id = ' . $user_id;
+	$db->sql_query($sql);
+
+	$db->sql_transaction('commit');
+
+	return true;
+}
+
+/**
 * Rebuild message header
 */
 function rebuild_header($check_ary)
@@ -1406,12 +1566,6 @@ function submit_pm($mode, $subject, &$data, $put_in_outbox = true)
 
 			while ($row = $db->sql_fetchrow($result))
 			{
-				// Additionally, do not include the sender if he is in the group he wants to send to. ;)
-				if ($row['user_id'] === $user->data['user_id'])
-				{
-					continue;
-				}
-
 				$field = ($data['address_list']['g'][$row['group_id']] == 'to') ? 'to' : 'bcc';
 				$recipients[$row['user_id']] = $field;
 			}
diff --git a/phpBB/includes/functions_upload.php b/phpBB/includes/functions_upload.php
index 71fe627ac8..f70e20e616 100644
--- a/phpBB/includes/functions_upload.php
+++ b/phpBB/includes/functions_upload.php
@@ -756,6 +756,31 @@ class fileupload
 		$filename = $url['path'];
 		$filesize = 0;
 
+		$remote_max_filesize = $this->max_filesize;
+		if (!$remote_max_filesize)
+		{
+			$max_filesize = @ini_get('upload_max_filesize');
+
+			if (!empty($max_filesize))
+			{
+				$unit = strtolower(substr($max_filesize, -1, 1));
+				$remote_max_filesize = (int) $max_filesize;
+
+				switch ($unit)
+				{
+					case 'g':
+						$remote_max_filesize *= 1024;
+					// no break
+					case 'm':
+						$remote_max_filesize *= 1024;
+					// no break
+					case 'k':
+						$remote_max_filesize *= 1024;
+					// no break
+				}
+			}
+		}
+
 		$errno = 0;
 		$errstr = '';
 
@@ -784,9 +809,9 @@ class fileupload
 				$block = @fread($fsock, 1024);
 				$filesize += strlen($block);
 
-				if ($this->max_filesize && $filesize > $this->max_filesize)
+				if ($remote_max_filesize && $filesize > $remote_max_filesize)
 				{
-					$max_filesize = get_formatted_filesize($this->max_filesize, false);
+					$max_filesize = get_formatted_filesize($remote_max_filesize, false);
 
 					$file = new fileerror(sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit']));
 					return $file;
@@ -812,9 +837,9 @@ class fileupload
 					{
 						$length = (int) str_replace('content-length: ', '', strtolower($line));
 
-						if ($length && $length > $this->max_filesize)
+						if ($remote_max_filesize && $length && $length > $remote_max_filesize)
 						{
-							$max_filesize = get_formatted_filesize($this->max_filesize, false);
+							$max_filesize = get_formatted_filesize($remote_max_filesize, false);
 
 							$file = new fileerror(sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit']));
 							return $file;
diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php
index 5b05c3a78d..9b102b7387 100644
--- a/phpBB/includes/functions_user.php
+++ b/phpBB/includes/functions_user.php
@@ -527,62 +527,12 @@ function user_delete($mode, $user_id, $post_username = false)
 		WHERE session_user_id = ' . $user_id;
 	$db->sql_query($sql);
 
-	// Remove any undelivered mails...
-	$sql = 'SELECT msg_id, user_id
-		FROM ' . PRIVMSGS_TO_TABLE . '
-		WHERE author_id = ' . $user_id . '
-			AND folder_id = ' . PRIVMSGS_NO_BOX;
-	$result = $db->sql_query($sql);
-
-	$undelivered_msg = $undelivered_user = array();
-	while ($row = $db->sql_fetchrow($result))
-	{
-		$undelivered_msg[] = $row['msg_id'];
-		$undelivered_user[$row['user_id']][] = true;
-	}
-	$db->sql_freeresult($result);
-
-	if (sizeof($undelivered_msg))
+	// Clean the private messages tables from the user
+	if (!function_exists('phpbb_delete_user_pms'))
 	{
-		$sql = 'DELETE FROM ' . PRIVMSGS_TABLE . '
-			WHERE ' . $db->sql_in_set('msg_id', $undelivered_msg);
-		$db->sql_query($sql);
-	}
-
-	$sql = 'DELETE FROM ' . PRIVMSGS_TO_TABLE . '
-		WHERE author_id = ' . $user_id . '
-			AND folder_id = ' . PRIVMSGS_NO_BOX;
-	$db->sql_query($sql);
-
-	// Delete all to-information
-	$sql = 'DELETE FROM ' . PRIVMSGS_TO_TABLE . '
-		WHERE user_id = ' . $user_id;
-	$db->sql_query($sql);
-
-	// Set the remaining author id to anonymous - this way users are still able to read messages from users being removed
-	$sql = 'UPDATE ' . PRIVMSGS_TO_TABLE . '
-		SET author_id = ' . ANONYMOUS . '
-		WHERE author_id = ' . $user_id;
-	$db->sql_query($sql);
-
-	$sql = 'UPDATE ' . PRIVMSGS_TABLE . '
-		SET author_id = ' . ANONYMOUS . '
-		WHERE author_id = ' . $user_id;
-	$db->sql_query($sql);
-
-	foreach ($undelivered_user as $_user_id => $ary)
-	{
-		if ($_user_id == $user_id)
-		{
-			continue;
-		}
-
-		$sql = 'UPDATE ' . USERS_TABLE . '
-			SET user_new_privmsg = user_new_privmsg - ' . sizeof($ary) . ',
-				user_unread_privmsg = user_unread_privmsg - ' . sizeof($ary) . '
-			WHERE user_id = ' . $_user_id;
-		$db->sql_query($sql);
+		include($phpbb_root_path . 'includes/functions_privmsgs.' . $phpEx);
 	}
+	phpbb_delete_user_pms($user_id);
 
 	$db->sql_transaction('commit');
 
diff --git a/phpBB/includes/php/ini.php b/phpBB/includes/php/ini.php
new file mode 100644
index 0000000000..17e8c54a57
--- /dev/null
+++ b/phpBB/includes/php/ini.php
@@ -0,0 +1,175 @@
+<?php
+/**
+*
+* @package phpBB
+* @copyright (c) 2011 phpBB Group
+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+*
+*/
+
+/**
+* @ignore
+*/
+if (!defined('IN_PHPBB'))
+{
+	exit;
+}
+
+/**
+* Wrapper class for ini_get function.
+*
+* Provides easier handling of the different interpretations of ini values.
+*
+* @package phpBB
+*/
+class phpbb_php_ini
+{
+	/**
+	* Simple wrapper for ini_get()
+	* See http://php.net/manual/en/function.ini-get.php
+	*
+	* @param string $varname	The configuration option name.
+	* @return bool|string		False if configuration option does not exist,
+	*							the configuration option value (string) otherwise.
+	*/
+	public function get($varname)
+	{
+		return ini_get($varname);
+	}
+
+	/**
+	* Gets the configuration option value as a trimmed string.
+	*
+	* @param string $varname	The configuration option name.
+	* @return bool|string		False if configuration option does not exist,
+	*							the configuration option value (string) otherwise.
+	*/
+	public function get_string($varname)
+	{
+		$value = $this->get($varname);
+
+		if ($value === false)
+		{
+			return false;
+		}
+
+		return trim($value);
+	}
+
+	/**
+	* Gets configuration option value as a boolean.
+	* Interprets the string value 'off' as false.
+	*
+	* @param string $varname	The configuration option name.
+	* @return bool				False if configuration option does not exist.
+	*							False if configuration option is disabled.
+	*							True otherwise.
+	*/
+	public function get_bool($varname)
+	{
+		$value = $this->get_string($varname);
+
+		if (empty($value) || strtolower($value) == 'off')
+		{
+			return false;
+		}
+
+		return true;
+	}
+
+	/**
+	* Gets configuration option value as an integer.
+	*
+	* @param string $varname	The configuration option name.
+	* @return bool|int			False if configuration option does not exist,
+	*							false if configuration option value is not numeric,
+	*							the configuration option value (integer) otherwise.
+	*/
+	public function get_int($varname)
+	{
+		$value = $this->get_string($varname);
+
+		if (!is_numeric($value))
+		{
+			return false;
+		}
+
+		return (int) $value;
+	}
+
+	/**
+	* Gets configuration option value as a float.
+	*
+	* @param string $varname	The configuration option name.
+	* @return bool|float		False if configuration option does not exist,
+	*							false if configuration option value is not numeric,
+	*							the configuration option value (float) otherwise.
+	*/
+	public function get_float($varname)
+	{
+		$value = $this->get_string($varname);
+
+		if (!is_numeric($value))
+		{
+			return false;
+		}
+
+		return (float) $value;
+	}
+
+	/**
+	* Gets configuration option value in bytes.
+	* Converts strings like '128M' to bytes (integer or float).
+	*
+	* @param string $varname	The configuration option name.
+	* @return bool|int|float	False if configuration option does not exist,
+	*							false if configuration option value is not well-formed,
+	*							the configuration option value otherwise.
+	*/
+	public function get_bytes($varname)
+	{
+		$value = $this->get_string($varname);
+
+		if ($value === false)
+		{
+			return false;
+		}
+
+		if (is_numeric($value))
+		{
+			// Already in bytes.
+			return phpbb_to_numeric($value);
+		}
+		else if (strlen($value) < 2)
+		{
+			// Single character.
+			return false;
+		}
+		else if (strlen($value) < 3 && $value[0] === '-')
+		{
+			// Two characters but the first one is a minus.
+			return false;
+		}
+
+		$value_lower = strtolower($value);
+		$value_numeric = phpbb_to_numeric($value);
+
+		switch ($value_lower[strlen($value_lower) - 1])
+		{
+			case 'g':
+				$value_numeric *= 1024;
+			case 'm':
+				$value_numeric *= 1024;
+			case 'k':
+				$value_numeric *= 1024;
+			break;
+
+			default:
+				// It's not already in bytes (and thus numeric)
+				// and does not carry a unit.
+				return false;
+		}
+
+		return $value_numeric;
+	}
+}
diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php
index bcdff54457..257ffb07f6 100644
--- a/phpBB/includes/session.php
+++ b/phpBB/includes/session.php
@@ -342,8 +342,16 @@ class phpbb_session
 			}
 		}
 
-		// Is session_id is set or session_id is set and matches the url param if required
-		if (!empty($this->session_id) && (!defined('NEED_SID') || (isset($_GET['sid']) && $this->session_id === request_var('sid', ''))))
+		// if no session id is set, redirect to index.php
+		$session_id = $request->variable('sid', '');
+		if (defined('NEED_SID') && (empty($session_id) || $this->session_id !== $session_id))
+		{
+			send_status_line(401, 'Not authorized');
+			redirect(append_sid("{$phpbb_root_path}index.$phpEx"));
+		}
+
+		// if session id is set
+		if (!empty($this->session_id))
 		{
 			$sql = 'SELECT u.*, s.*
 				FROM ' . SESSIONS_TABLE . ' s, ' . USERS_TABLE . " u
diff --git a/phpBB/includes/startup.php b/phpBB/includes/startup.php
index f75d70e366..441eaec6b1 100644
--- a/phpBB/includes/startup.php
+++ b/phpBB/includes/startup.php
@@ -150,7 +150,7 @@ if (function_exists('date_default_timezone_set') && function_exists('date_defaul
 // Autoloading of dependencies.
 // Three options are supported:
 // 1. If dependencies are installed with Composer, Composer will create a
-//    vendor/.composer/autoload.php. If this file exists it will be
+//    vendor/autoload.php. If this file exists it will be
 //    automatically used by phpBB. This is the default mode that phpBB
 //    will use when shipped.
 // 2. To disable composer autoloading, PHPBB_NO_COMPOSER_AUTOLOAD can be specified.
@@ -171,11 +171,11 @@ if (getenv('PHPBB_NO_COMPOSER_AUTOLOAD'))
 }
 else
 {
-	if (!file_exists($phpbb_root_path . 'vendor/.composer/autoload.php'))
+	if (!file_exists($phpbb_root_path . 'vendor/autoload.php'))
 	{
 		trigger_error('You have not set up composer dependencies. See http://getcomposer.org/.', E_USER_ERROR);
 	}
-	require($phpbb_root_path . 'vendor/.composer/autoload.php');
+	require($phpbb_root_path . 'vendor/autoload.php');
 }
 
 $starttime = explode(' ', microtime());