14 files changed, 186 insertions, 32 deletions
diff --git a/phpBB/includes/acm/acm_wincache.php b/phpBB/includes/acm/acm_wincache.php
new file mode 100644
index 0000000000..0501ab74c5
--- /dev/null
+++ b/phpBB/includes/acm/acm_wincache.php
@@ -0,0 +1,84 @@
+<?php
+/**
+*
+* @package acm
+* @copyright (c) 2010 phpBB Group
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License
+*
+*/
+
+/**
+* @ignore
+*/
+if (!defined('IN_PHPBB'))
+{
+	exit;
+}
+
+// Include the abstract base
+if (!class_exists('acm_memory'))
+{
+	require("{$phpbb_root_path}includes/acm/acm_memory.$phpEx");
+}
+
+/**
+* ACM for WinCache
+* @package acm
+*/
+class acm extends acm_memory
+{
+	var $extension = 'wincache';
+
+	/**
+	* Purge cache data
+	*
+	* @return void
+	*/
+	function purge()
+	{
+		wincache_ucache_clear();
+
+		parent::purge();
+	}
+
+	/**
+	* Fetch an item from the cache
+	*
+	* @access protected
+	* @param string $var Cache key
+	* @return mixed Cached data
+	*/
+	function _read($var)
+	{
+		$success = false;
+		$result = wincache_ucache_get($this->key_prefix . $var, $success);
+
+		return ($success) ? $result : false;
+	}
+
+	/**
+	* Store data in the cache
+	*
+	* @access protected
+	* @param string $var Cache key
+	* @param mixed $data Data to store
+	* @param int $ttl Time-to-live of cached data
+	* @return bool True if the operation succeeded
+	*/
+	function _write($var, $data, $ttl = 2592000)
+	{
+		return wincache_ucache_set($this->key_prefix . $var, $data, $ttl);
+	}
+
+	/**
+	* Remove an item from the cache
+	*
+	* @access protected
+	* @param string $var Cache key
+	* @return bool True if the operation succeeded
+	*/
+	function _delete($var)
+	{
+		return wincache_ucache_delete($this->key_prefix . $var);
+	}
+}
diff --git a/phpBB/includes/acp/acp_update.php b/phpBB/includes/acp/acp_update.php
index 3204e0204e..b0ce8f1084 100644
--- a/phpBB/includes/acp/acp_update.php
+++ b/phpBB/includes/acp/acp_update.php
@@ -51,6 +51,14 @@ class acp_update
 		$announcement_url = (strpos($announcement_url, '&amp;') === false) ? str_replace('&', '&amp;', $announcement_url) : $announcement_url;
 		$update_link = append_sid($phpbb_root_path . 'install/index.' . $phpEx, 'mode=update');
 
+		// next feature release
+		$next_feature_version = $next_feature_announcement_url = false;
+		if (isset($info[2]) && trim($info[2]) !== '')
+		{
+			$next_feature_version = trim($info[2]);
+			$next_feature_announcement_url = trim($info[3]);
+		}
+
 		// Determine automatic update...
 		$sql = 'SELECT config_value
 			FROM ' . CONFIG_TABLE . "
@@ -74,8 +82,10 @@ class acp_update
 			'LATEST_VERSION'	=> $latest_version,
 			'CURRENT_VERSION'	=> $config['version'],
 			'AUTO_VERSION'		=> $version_update_from,
+			'NEXT_FEATURE_VERSION'	=> $next_feature_version,
 
 			'UPDATE_INSTRUCTIONS'	=> sprintf($user->lang['UPDATE_INSTRUCTIONS'], $announcement_url, $update_link),
+			'UPGRADE_INSTRUCTIONS'	=> $next_feature_version ? $user->lang('UPGRADE_INSTRUCTIONS', $next_feature_version, $next_feature_announcement_url) : false,
 		));
 	}
 }
diff --git a/phpBB/includes/acp/acp_words.php b/phpBB/includes/acp/acp_words.php
index 1cb9545967..88c5bbe592 100644
--- a/phpBB/includes/acp/acp_words.php
+++ b/phpBB/includes/acp/acp_words.php
@@ -95,6 +95,9 @@ class acp_words
 					trigger_error($user->lang['ENTER_WORD'] . adm_back_link($this->u_action), E_USER_WARNING);
 				}
 
+				// Replace multiple consecutive asterisks with single one as those are not needed
+				$word = preg_replace('#\*{2,}#', '*', $word);
+
 				$sql_ary = array(
 					'word'			=> $word,
 					'replacement'	=> $replacement
diff --git a/phpBB/includes/cache.php b/phpBB/includes/cache.php
index b50fab4ca2..612adcca4f 100644
--- a/phpBB/includes/cache.php
+++ b/phpBB/includes/cache.php
@@ -82,26 +82,9 @@ class cache extends acm
 			$result = $db->sql_query($sql);
 
 			$censors = array();
-			$unicode = ((version_compare(PHP_VERSION, '5.1.0', '>=') || (version_compare(PHP_VERSION, '5.0.0-dev', '<=') && version_compare(PHP_VERSION, '4.4.0', '>='))) && @preg_match('/\p{L}/u', 'a') !== false) ? true : false;
-
 			while ($row = $db->sql_fetchrow($result))
 			{
-				if ($unicode)
-				{
-					// Unescape the asterisk to simplify further conversions
-					$row['word'] = str_replace('\*', '*', preg_quote($row['word'], '#'));
-					
-					// Replace the asterisk inside the pattern, at the start and at the end of it with regexes
-					$row['word'] = preg_replace(array('#(?<=[\p{Nd}\p{L}_])\*(?=[\p{Nd}\p{L}_])#iu', '#^\*#', '#\*$#'), array('([\x20]*?|[\p{Nd}\p{L}_-]*?)', '[\p{Nd}\p{L}_-]*?', '[\p{Nd}\p{L}_-]*?'), $row['word']);
-
-					// Generate the final substitution
-					$censors['match'][] = '#(?<![\p{Nd}\p{L}_-])(' . $row['word'] . ')(?![\p{Nd}\p{L}_-])#iu';
-				}
-				else
-				{
-					$censors['match'][] = '#(?<!\S)(' . str_replace('\*', '\S*?', preg_quote($row['word'], '#')) . ')(?!\S)#iu';
-				}
-
+				$censors['match'][] = get_censor_preg_expression($row['word']);
 				$censors['replace'][] = $row['replacement'];
 			}
 			$db->sql_freeresult($result);
diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php
index ebaa342f54..90440f74b8 100644
--- a/phpBB/includes/constants.php
+++ b/phpBB/includes/constants.php
@@ -25,7 +25,7 @@ if (!defined('IN_PHPBB'))
 */
 
 // phpBB Version
-define('PHPBB_VERSION', '3.0.7-PL1');
+define('PHPBB_VERSION', '3.0.9-dev');
 
 // QA-related
 // define('PHPBB_QA', 1);
@@ -275,4 +275,4 @@ define('ZEBRA_TABLE',				$table_prefix . 'zebra');
 // Additional tables
 
 
-?>
-\ No newline at end of file
+?>
diff --git a/phpBB/includes/db/mssqlnative.php b/phpBB/includes/db/mssqlnative.php
index d6ac3b3acc..7ed4146f27 100644
--- a/phpBB/includes/db/mssqlnative.php
+++ b/phpBB/includes/db/mssqlnative.php
@@ -349,7 +349,8 @@ class dbal_mssqlnative extends dbal
 	{
 		$this->query_result = false;
 
-		if ($offset === false || $offset == 0)
+		// total == 0 means all results - not zero results
+		if ($offset == 0 && $total !== 0)
 		{
 			if (strpos($query, "SELECT") === false)
 			{
@@ -360,13 +361,21 @@ class dbal_mssqlnative extends dbal
 				$query = preg_replace('/SELECT(\s*DISTINCT)?/Dsi', 'SELECT$1 TOP '.$total, $query);
 			}
 		}
-		else
+		else if ($offset > 0)
 		{
 			$query = preg_replace('/SELECT(\s*DISTINCT)?/Dsi', 'SELECT$1 TOP(10000000) ', $query);
 			$query = 'SELECT *
 					FROM (SELECT sub2.*, ROW_NUMBER() OVER(ORDER BY sub2.line2) AS line3
-					FROM (SELECT 1 AS line2, sub1.* FROM (' . $query . ') AS sub1) as sub2) AS sub3
-					WHERE line3 BETWEEN ' . ($offset+1) . ' AND ' . ($offset + $total);
+					FROM (SELECT 1 AS line2, sub1.* FROM (' . $query . ') AS sub1) as sub2) AS sub3';
+
+			if ($total > 0)
+			{
+				$query .= ' WHERE line3 BETWEEN ' . ($offset+1) . ' AND ' . ($offset + $total);
+			}
+			else
+			{
+				$query .= ' WHERE line3 > ' . $offset;
+			}
 		}
 
 		$result = $this->sql_query($query, $cache_ttl);
@@ -406,13 +415,18 @@ class dbal_mssqlnative extends dbal
 
 		$row = @sqlsrv_fetch_array($query_id, SQLSRV_FETCH_ASSOC);
 
-		// I hope i am able to remove this later... hopefully only a PHP or MSSQL bug
 		if ($row)
 		{
 			foreach ($row as $key => $value)
 			{
 				$row[$key] = ($value === ' ' || $value === NULL) ? '' : $value;
 			}
+
+			// remove helper values from LIMIT queries
+			if (isset($row['line2']))
+			{
+				unset($row['line2'], $row['line3']);
+			}
 		}
 		return $row;
 	}
@@ -624,4 +638,4 @@ class dbal_mssqlnative extends dbal
 	}
 }
 
-?>
-\ No newline at end of file
+?>
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index e154aa44b0..69be1627cf 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -1052,7 +1052,7 @@ function phpbb_own_realpath($path)
 	// @todo If the file exists fine and open_basedir only has one path we should be able to prepend it
 	// because we must be inside that basedir, the question is where...
 	// @internal The slash in is_dir() gets around an open_basedir restriction
-	if (!@file_exists($resolved) || (!is_dir($resolved . '/') && !is_file($resolved)))
+	if (!@file_exists($resolved) || (!@is_dir($resolved . '/') && !is_file($resolved)))
 	{
 		return false;
 	}
@@ -2353,12 +2353,12 @@ function redirect($url, $return = false, $disable_cd_check = false)
 		// Relative uri
 		$pathinfo = pathinfo($url);
 
-		if (!$disable_cd_check && !file_exists($pathinfo['dirname']))
+		if (!$disable_cd_check && !file_exists($pathinfo['dirname'] . '/'))
 		{
 			$url = str_replace('../', '', $url);
 			$pathinfo = pathinfo($url);
 
-			if (!file_exists($pathinfo['dirname']))
+			if (!file_exists($pathinfo['dirname'] . '/'))
 			{
 				// fallback to "last known user page"
 				// at least this way we know the user does not leave the phpBB root
@@ -3429,6 +3429,48 @@ function get_preg_expression($mode)
 }
 
 /**
+* Generate regexp for naughty words censoring
+* Depends on whether installed PHP version supports unicode properties
+*
+* @param string	$word	word template to be replaced
+*
+* @return string $preg_expr		regex to use with word censor
+*/
+function get_censor_preg_expression($word)
+{
+	static $unicode = null;
+
+	if (empty($word))
+	{
+		return '';
+	}
+
+	// Check whether PHP version supports unicode properties
+	if (is_null($unicode))
+	{
+		$unicode = ((version_compare(PHP_VERSION, '5.1.0', '>=') || (version_compare(PHP_VERSION, '5.0.0-dev', '<=') && version_compare(PHP_VERSION, '4.4.0', '>='))) && @preg_match('/\p{L}/u', 'a') !== false) ? true : false;
+	}
+
+	if ($unicode)
+	{
+		// Unescape the asterisk to simplify further conversions
+		$word = str_replace('\*', '*', preg_quote($word, '#'));
+
+		// Replace asterisk(s) inside the pattern, at the start and at the end of it with regexes
+		$word = preg_replace(array('#(?<=[\p{Nd}\p{L}_])\*+(?=[\p{Nd}\p{L}_])#iu', '#^\*+#', '#\*+$#'), array('([\x20]*?|[\p{Nd}\p{L}_-]*?)', '[\p{Nd}\p{L}_-]*?', '[\p{Nd}\p{L}_-]*?'), $word);
+
+		// Generate the final substitution
+		$preg_expr = '#(?<![\p{Nd}\p{L}_-])(' . $word . ')(?![\p{Nd}\p{L}_-])#iu';
+	}
+	else
+	{
+		$preg_expr = '#(?<!\S)(' . str_replace('\*', '\S*?', preg_quote($word, '#')) . ')(?!\S)#iu';
+	}
+
+	return $preg_expr;
+}
+
+/**
 * Returns the first block of the specified IPv6 address and as many additional
 * ones as specified in the length paramater.
 * If length is zero, then an empty string is returned.
diff --git a/phpBB/includes/functions_admin.php b/phpBB/includes/functions_admin.php
index 3178d35c34..2aa12adb2e 100644
--- a/phpBB/includes/functions_admin.php
+++ b/phpBB/includes/functions_admin.php
@@ -3299,7 +3299,7 @@ function obtain_latest_version_info($force_update = false, $warn_fail = false, $
 		$errstr = '';
 		$errno = 0;
 
-		$info = get_remote_file('www.phpbb.com', '/updatecheck',
+		$info = get_remote_file('version.phpbb.com', '/phpbb',
 				((defined('PHPBB_QA')) ? '30x_qa.txt' : '30x.txt'), $errstr, $errno);
 
 		if ($info === false)
diff --git a/phpBB/includes/functions_convert.php b/phpBB/includes/functions_convert.php
index 9e26043b39..4a359dcade 100644
--- a/phpBB/includes/functions_convert.php
+++ b/phpBB/includes/functions_convert.php
@@ -1816,6 +1816,7 @@ function add_bots()
 		'Alta Vista [Bot]'			=> array('Scooter/', ''),
 		'Ask Jeeves [Bot]'			=> array('Ask Jeeves', ''),
 		'Baidu [Spider]'			=> array('Baiduspider+(', ''),
+		'Bing [Bot]'				=> array('bingbot/', ''),
 		'Exabot [Bot]'				=> array('Exabot/', ''),
 		'FAST Enterprise [Crawler]'	=> array('FAST Enterprise Crawler', ''),
 		'FAST WebCrawler [Crawler]'	=> array('FAST-WebCrawler/', ''),
diff --git a/phpBB/includes/functions_display.php b/phpBB/includes/functions_display.php
index 2de7e1b169..acaef49fe8 100644
--- a/phpBB/includes/functions_display.php
+++ b/phpBB/includes/functions_display.php
@@ -456,7 +456,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 			'S_LOCKED_FORUM'	=> ($row['forum_status'] == ITEM_LOCKED) ? true : false,
 			'S_LIST_SUBFORUMS'	=> ($row['display_subforum_list']) ? true : false,
 			'S_SUBFORUMS'		=> (sizeof($subforums_list)) ? true : false,
-			'S_FEED_ENABLED'	=> ($config['feed_forum'] && !phpbb_optionget(FORUM_OPTION_FEED_EXCLUDE, $row['forum_options'])) ? true : false,
+			'S_FEED_ENABLED'	=> ($config['feed_forum'] && !phpbb_optionget(FORUM_OPTION_FEED_EXCLUDE, $row['forum_options']) && $row['forum_type'] == FORUM_POST) ? true : false,
 
 			'FORUM_ID'				=> $row['forum_id'],
 			'FORUM_NAME'			=> $row['forum_name'],
diff --git a/phpBB/includes/functions_profile_fields.php b/phpBB/includes/functions_profile_fields.php
index 3937cf9c21..78fe049f40 100644
--- a/phpBB/includes/functions_profile_fields.php
+++ b/phpBB/includes/functions_profile_fields.php
@@ -878,6 +878,11 @@ class custom_profile
 				$now = getdate();
 				$row['field_default_value'] = sprintf('%2d-%2d-%4d', $now['mday'], $now['mon'], $now['year']);
 			}
+			else if ($row['field_default_value'] === '' && $row['field_type'] == FIELD_INT)
+			{
+				// We cannot insert an empty string into an integer column.
+				$row['field_default_value'] = NULL;
+			}
 
 			$cp_data['pf_' . $row['field_ident']] = (in_array($row['field_type'], array(FIELD_TEXT, FIELD_STRING))) ? $row['lang_default_value'] : $row['field_default_value'];
 		}
diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php
index 952b55cc8c..b2d0b6c566 100644
--- a/phpBB/includes/message_parser.php
+++ b/phpBB/includes/message_parser.php
@@ -352,6 +352,15 @@ class bbcode_firstpass extends bbcode
 			return '[flash=' . $width . ',' . $height . ']' . $in . '[/flash]';
 		}
 
+		$in = str_replace(' ', '%20', $in);
+
+		// Make sure $in is a URL.
+		if (!preg_match('#^' . get_preg_expression('url') . '$#i', $in) &&
+			!preg_match('#^' . get_preg_expression('www_url') . '$#i', $in))
+		{
+			return '[flash=' . $width . ',' . $height . ']' . $in . '[/flash]';
+		}
+
 		// Apply the same size checks on flash files as on images
 		if ($config['max_' . $this->mode . '_img_height'] || $config['max_' . $this->mode . '_img_width'])
 		{
diff --git a/phpBB/includes/template.php b/phpBB/includes/template.php
index f1c8094a9b..6347633b14 100644
--- a/phpBB/includes/template.php
+++ b/phpBB/includes/template.php
@@ -205,7 +205,7 @@ class template
 	{
 		global $user, $phpbb_hook;
 
-		if (!empty($phpbb_hook) && $phpbb_hook->call_hook(array(__CLASS__, __FUNCTION__), $handle, $include_once))
+		if (!empty($phpbb_hook) && $phpbb_hook->call_hook(array(__CLASS__, __FUNCTION__), $handle, $include_once, $this))
 		{
 			if ($phpbb_hook->hook_return(array(__CLASS__, __FUNCTION__)))
 			{
diff --git a/phpBB/includes/ucp/ucp_pm_viewmessage.php b/phpBB/includes/ucp/ucp_pm_viewmessage.php
index 16700c490c..b91636a9c8 100644
--- a/phpBB/includes/ucp/ucp_pm_viewmessage.php
+++ b/phpBB/includes/ucp/ucp_pm_viewmessage.php
@@ -172,6 +172,8 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row)
 	// Number of "to" recipients
 	$num_recipients = (int) preg_match_all('/:?(u|g)_([0-9]+):?/', $message_row['to_address'], $match);
 
+	$bbcode_status	= ($config['allow_bbcode'] && $config['auth_bbcode_pm'] && $auth->acl_get('u_pm_bbcode')) ? true : false;
+
 	$template->assign_vars(array(
 		'MESSAGE_AUTHOR_FULL'		=> get_username_string('full', $author_id, $user_info['username'], $user_info['user_colour'], $user_info['username']),
 		'MESSAGE_AUTHOR_COLOUR'		=> get_username_string('colour', $author_id, $user_info['username'], $user_info['user_colour'], $user_info['username']),
@@ -229,6 +231,7 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row)
 		'S_AUTHOR_DELETED'	=> ($author_id == ANONYMOUS) ? true : false,
 		'S_SPECIAL_FOLDER'	=> in_array($folder_id, array(PRIVMSGS_NO_BOX, PRIVMSGS_OUTBOX)),
 		'S_PM_RECIPIENTS'	=> $num_recipients,
+		'S_BBCODE_ALLOWED'	=> ($bbcode_status) ? 1 : 0,
 
 		'U_PRINT_PM'		=> ($config['print_pm'] && $auth->acl_get('u_pm_printpm')) ? "$url&amp;f=$folder_id&amp;p=" . $message_row['msg_id'] . "&amp;view=print" : '',
 		'U_FORWARD_PM'		=> ($config['forward_pm'] && $auth->acl_get('u_sendpm') && $auth->acl_get('u_pm_forward')) ? "$url&amp;mode=compose&amp;action=forward&amp;f=$folder_id&amp;p=" . $message_row['msg_id'] : '')