11 files changed, 78 insertions, 20 deletions
diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php
index a5feac1902..7680d8996c 100644
--- a/phpBB/includes/acp/acp_board.php
+++ b/phpBB/includes/acp/acp_board.php
@@ -888,8 +888,8 @@ class acp_board
 		$old_tz = $user->timezone;
 		$old_dst = $user->dst;
 
-		$user->timezone = $config['board_timezone'];
-		$user->dst = $config['board_dst'];
+		$user->timezone = $config['board_timezone'] * 3600;
+		$user->dst = $config['board_dst'] * 3600;
 
 		$dateformat_options = '';
 
diff --git a/phpBB/includes/acp/acp_database.php b/phpBB/includes/acp/acp_database.php
index abfad2b90b..0582d6204e 100644
--- a/phpBB/includes/acp/acp_database.php
+++ b/phpBB/includes/acp/acp_database.php
@@ -394,6 +394,7 @@ class acp_database
 
 								case 'mssql':
 								case 'mssql_odbc':
+								case 'mssqlnative':
 									while (($sql = $fgetd($fp, "GO\n", $read, $seek, $eof)) !== false)
 									{
 										$db->sql_query($sql);
diff --git a/phpBB/includes/acp/acp_forums.php b/phpBB/includes/acp/acp_forums.php
index 5a5adc57ae..54bf905374 100644
--- a/phpBB/includes/acp/acp_forums.php
+++ b/phpBB/includes/acp/acp_forums.php
@@ -1705,6 +1705,9 @@ class acp_forums
 					)
 				);
 
+				// Amount of rows we select and delete in one iteration.
+				$batch_size = 500;
+
 				foreach ($tables_ary as $field => $tables)
 				{
 					$start = 0;
@@ -1714,7 +1717,7 @@ class acp_forums
 						$sql = "SELECT $field
 							FROM " . POSTS_TABLE . '
 							WHERE forum_id = ' . $forum_id;
-						$result = $db->sql_query_limit($sql, 500, $start);
+						$result = $db->sql_query_limit($sql, $batch_size, $start);
 
 						$ids = array();
 						while ($row = $db->sql_fetchrow($result))
@@ -1733,7 +1736,7 @@ class acp_forums
 							}
 						}
 					}
-					while ($row);
+					while (sizeof($ids) == $batch_size);
 				}
 				unset($ids);
 
diff --git a/phpBB/includes/acp/acp_profile.php b/phpBB/includes/acp/acp_profile.php
index fc08c7e8e8..2288a0728b 100644
--- a/phpBB/includes/acp/acp_profile.php
+++ b/phpBB/includes/acp/acp_profile.php
@@ -1480,6 +1480,7 @@ class acp_profile
 
 			case 'mssql':
 			case 'mssql_odbc':
+			case 'mssqlnative':
 
 				// We are defining the biggest common value, because of the possibility to edit the min/max values of each field.
 				$sql = 'ALTER TABLE [' . PROFILE_FIELDS_DATA_TABLE . "] ADD [$field_ident] ";
diff --git a/phpBB/includes/acp/acp_reasons.php b/phpBB/includes/acp/acp_reasons.php
index 8d7bc88769..dbc9fcb6cc 100644
--- a/phpBB/includes/acp/acp_reasons.php
+++ b/phpBB/includes/acp/acp_reasons.php
@@ -233,6 +233,7 @@ class acp_reasons
 						// Standard? What's that?
 						case 'mssql':
 						case 'mssql_odbc':
+						case 'mssqlnative':
 							// Change the reports using this reason to 'other'
 							$sql = "DECLARE @ptrval binary(16)
 
diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php
index 4905840e02..bd64f1e89e 100644
--- a/phpBB/includes/acp/acp_users.php
+++ b/phpBB/includes/acp/acp_users.php
@@ -105,7 +105,7 @@ class acp_users
 				LEFT JOIN ' . SESSIONS_TABLE . ' s ON (s.session_user_id = u.user_id)
 			WHERE u.user_id = ' . $user_id . '
 			ORDER BY s.session_time DESC';
-		$result = $db->sql_query($sql);
+		$result = $db->sql_query_limit($sql, 1);
 		$user_row = $db->sql_fetchrow($result);
 		$db->sql_freeresult($result);
 
@@ -1550,6 +1550,31 @@ class acp_users
 							WHERE user_id = $user_id";
 						$db->sql_query($sql);
 
+						// Check if user has an active session
+						if ($user_row['session_id'])
+						{
+							// We'll update the session if user_allow_viewonline has changed and the user is a bot
+							// Or if it's a regular user and the admin set it to hide the session
+							if ($user_row['user_allow_viewonline'] != $sql_ary['user_allow_viewonline'] && $user_row['user_type'] == USER_IGNORE
+								|| $user_row['user_allow_viewonline'] && !$sql_ary['user_allow_viewonline'])
+							{
+								// We also need to check if the user has the permission to cloak.
+								$user_auth = new auth();
+								$user_auth->acl($user_row);
+
+								$session_sql_ary = array(
+									'session_viewonline'	=> ($user_auth->acl_get('u_hideonline')) ? $sql_ary['user_allow_viewonline'] : true,
+								);
+
+								$sql = 'UPDATE ' . SESSIONS_TABLE . '
+									SET ' . $db->sql_build_array('UPDATE', $session_sql_ary) . "
+									WHERE session_user_id = $user_id";
+								$db->sql_query($sql);
+
+								unset($user_auth);
+							}
+						}
+
 						trigger_error($user->lang['USER_PREFS_UPDATED'] . adm_back_link($this->u_action . '&amp;u=' . $user_id));
 					}
 
@@ -2084,7 +2109,7 @@ class acp_users
 									LEFT JOIN ' . SESSIONS_TABLE . ' s ON (s.session_user_id = u.user_id)
 								WHERE u.user_id = ' . $user_id . '
 								ORDER BY s.session_time DESC';
-							$result = $db->sql_query($sql);
+							$result = $db->sql_query_limit($sql, 1);
 							$user_row = $db->sql_fetchrow($result);
 							$db->sql_freeresult($result);
 						}
diff --git a/phpBB/includes/db/postgres.php b/phpBB/includes/db/postgres.php
index d117e8c948..b3139b3d79 100644
--- a/phpBB/includes/db/postgres.php
+++ b/phpBB/includes/db/postgres.php
@@ -76,7 +76,14 @@ class dbal_postgres extends dbal
 
 		$this->persistency = $persistency;
 
-		$this->db_connect_id = ($this->persistency) ? @pg_pconnect($connect_string, $new_link) : @pg_connect($connect_string, $new_link);
+		if ($this->persistency)
+		{
+			$this->db_connect_id = (!$new_link) ? @pg_pconnect($connect_string) : @pg_pconnect($connect_string, PGSQL_CONNECT_FORCE_NEW);
+		}
+		else
+		{
+			$this->db_connect_id = (!$new_link) ? @pg_connect($connect_string) : @pg_connect($connect_string, PGSQL_CONNECT_FORCE_NEW);
+		}
 
 		if ($this->db_connect_id)
 		{
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index 4f52c7c2ce..c88e434b4b 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -3409,13 +3409,14 @@ function phpbb_checkdnsrr($host, $type = '')
 {
 	$type = (!$type) ? 'MX' : $type;
 
-	if (DIRECTORY_SEPARATOR == '\\')
+	// Call checkdnsrr() if available. This is also the case on Windows with PHP 5.3 or later.
+	if (function_exists('checkdnsrr'))
+	{
+		// The dot indicates to search the DNS root (helps those having DNS prefixes on the same domain)
+		return checkdnsrr($host . '.', $type);
+	}
+	else if (DIRECTORY_SEPARATOR == '\\' && function_exists('exec'))
 	{
-		if (!function_exists('exec'))
-		{
-			return NULL;
-		}
-
 		// @exec('nslookup -retry=1 -timout=1 -type=' . escapeshellarg($type) . ' ' . escapeshellarg($host), $output);
 		@exec('nslookup -type=' . escapeshellarg($type) . ' ' . escapeshellarg($host) . '.', $output);
 
@@ -3441,11 +3442,6 @@ function phpbb_checkdnsrr($host, $type = '')
 
 		return false;
 	}
-	else if (function_exists('checkdnsrr'))
-	{
-		// The dot indicates to search the DNS root (helps those having DNS prefixes on the same domain)
-		return (checkdnsrr($host . '.', $type)) ? true : false;
-	}
 
 	return NULL;
 }
diff --git a/phpBB/includes/functions_profile_fields.php b/phpBB/includes/functions_profile_fields.php
index 61e3587158..fa1cc98e10 100644
--- a/phpBB/includes/functions_profile_fields.php
+++ b/phpBB/includes/functions_profile_fields.php
@@ -366,6 +366,7 @@ class custom_profile
 			case 'sqlite':
 			case 'mssql':
 			case 'mssql_odbc':
+			case 'mssqlnative':
 				$right_delim = ']';
 				$left_delim = '[';
 			break;
diff --git a/phpBB/includes/functions_upload.php b/phpBB/includes/functions_upload.php
index 054af29045..51fed45ebd 100644
--- a/phpBB/includes/functions_upload.php
+++ b/phpBB/includes/functions_upload.php
@@ -775,7 +775,18 @@ class fileupload
 		{
 			if ($get_info)
 			{
-				$data .= @fread($fsock, 1024);
+				$block = @fread($fsock, 1024);
+				$filesize += strlen($block);
+
+				if ($this->max_filesize && $filesize > $this->max_filesize)
+				{
+					$max_filesize = get_formatted_filesize($this->max_filesize, false);
+
+					$file = new fileerror(sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit']));
+					return $file;
+				}
+
+				$data .= $block;
 			}
 			else
 			{
@@ -791,6 +802,18 @@ class fileupload
 					{
 						$upload_ary['type'] = rtrim(str_replace('content-type: ', '', strtolower($line)));
 					}
+					else if ($this->max_filesize && stripos($line, 'content-length: ') !== false)
+					{
+						$length = (int) str_replace('content-length: ', '', strtolower($line));
+
+						if ($length && $length > $this->max_filesize)
+						{
+							$max_filesize = get_formatted_filesize($this->max_filesize, false);
+
+							$file = new fileerror(sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit']));
+							return $file;
+						}
+					}
 					else if (stripos($line, '404 not found') !== false)
 					{
 						$file = new fileerror($user->lang[$this->error_prefix . 'URL_NOT_FOUND']);
diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php
index 50aad8588a..952b55cc8c 100644
--- a/phpBB/includes/message_parser.php
+++ b/phpBB/includes/message_parser.php
@@ -300,7 +300,7 @@ class bbcode_firstpass extends bbcode
 
 		if ($config['max_' . $this->mode . '_img_height'] || $config['max_' . $this->mode . '_img_width'])
 		{
-			$stats = @getimagesize($in);
+			$stats = @getimagesize(htmlspecialchars_decode($in));
 
 			if ($stats === false)
 			{