10 files changed, 329 insertions, 34 deletions
diff --git a/phpBB/includes/captcha/captcha_non_gd.php b/phpBB/includes/captcha/captcha_non_gd.php
index f82896f628..2adf909b96 100644
--- a/phpBB/includes/captcha/captcha_non_gd.php
+++ b/phpBB/includes/captcha/captcha_non_gd.php
@@ -119,7 +119,7 @@ class captcha
 		$new_line = '';
 
 		$end = strlen($scanline) - ceil($width/2);
-		for ($i = floor($width/2); $i < $end; $i++)
+		for ($i = (int) floor($width / 2); $i < $end; $i++)
 		{
 			$pixel = ord($scanline{$i});
 
diff --git a/phpBB/includes/functions_database_helper.php b/phpBB/includes/functions_database_helper.php
new file mode 100644
index 0000000000..664c246888
--- /dev/null
+++ b/phpBB/includes/functions_database_helper.php
@@ -0,0 +1,206 @@
+<?php
+/**
+*
+* @package phpBB3
+* @copyright (c) 2012 phpBB Group
+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+*
+*/
+
+/**
+* @ignore
+*/
+if (!defined('IN_PHPBB'))
+{
+	exit;
+}
+
+/**
+* Updates rows in given table from a set of values to a new value.
+* If this results in rows violating uniqueness constraints, the duplicate
+* rows are eliminated.
+*
+* The only supported table is bookmarks.
+*
+* @param dbal $db Database object
+* @param string $table Table on which to perform the update
+* @param string $column Column whose values to change
+* @param array $from_values An array of values that should be changed
+* @param int $to_value The new value
+* @return null
+*/
+function phpbb_update_rows_avoiding_duplicates($db, $table, $column, $from_values, $to_value)
+{
+	$sql = "SELECT $column, user_id
+		FROM $table
+		WHERE " . $db->sql_in_set($column, $from_values);
+	$result = $db->sql_query($sql);
+
+	$old_user_ids = array();
+	while ($row = $db->sql_fetchrow($result))
+	{
+		$old_user_ids[$row[$column]][] = (int) $row['user_id'];
+	}
+	$db->sql_freeresult($result);
+
+	$sql = "SELECT $column, user_id
+		FROM $table
+		WHERE $column = " . (int) $to_value;
+	$result = $db->sql_query($sql);
+
+	$new_user_ids = array();
+	while ($row = $db->sql_fetchrow($result))
+	{
+		$new_user_ids[$row[$column]][] = (int) $row['user_id'];
+	}
+	$db->sql_freeresult($result);
+
+	$queries = array();
+	foreach ($from_values as $from_value)
+	{
+		if (!isset($old_user_ids[$from_value]))
+		{
+			continue;
+		}
+		if (empty($new_user_ids))
+		{
+			$sql = "UPDATE $table
+				SET $column = " . (int) $to_value . "
+				WHERE $column = '" . $db->sql_escape($from_value) . "'";
+			$queries[] = $sql;
+		}
+		else
+		{
+			$different_user_ids = array_diff($old_user_ids[$from_value], $new_user_ids[$to_value]);
+			if (!empty($different_user_ids))
+			{
+				$sql = "UPDATE $table
+					SET $column = " . (int) $to_value . "
+					WHERE $column = '" . $db->sql_escape($from_value) . "'
+					AND " . $db->sql_in_set('user_id', $different_user_ids);
+				$queries[] = $sql;
+			}
+		}
+	}
+
+	if (!empty($queries))
+	{
+		$db->sql_transaction('begin');
+
+		foreach ($queries as $sql)
+		{
+			$db->sql_query($sql);
+		}
+
+		$sql = "DELETE FROM $table
+			WHERE " . $db->sql_in_set($column, $from_values);
+		$db->sql_query($sql);
+
+		$db->sql_transaction('commit');
+	}
+}
+
+/**
+* Updates rows in given table from a set of values to a new value.
+* If this results in rows violating uniqueness constraints, the duplicate
+* rows are merged respecting notify_status (0 takes precedence over 1).
+*
+* The only supported table is topics_watch.
+*
+* @param dbal $db Database object
+* @param string $table Table on which to perform the update
+* @param string $column Column whose values to change
+* @param array $from_values An array of values that should be changed
+* @param int $to_value The new value
+* @return null
+*/
+function phpbb_update_rows_avoiding_duplicates_notify_status($db, $table, $column, $from_values, $to_value)
+{
+	$sql = "SELECT $column, user_id, notify_status
+		FROM $table
+		WHERE " . $db->sql_in_set($column, $from_values);
+	$result = $db->sql_query($sql);
+
+	$old_user_ids = array();
+	while ($row = $db->sql_fetchrow($result))
+	{
+		$old_user_ids[(int) $row['notify_status']][$row[$column]][] = (int) $row['user_id'];
+	}
+	$db->sql_freeresult($result);
+
+	$sql = "SELECT $column, user_id
+		FROM $table
+		WHERE $column = " . (int) $to_value;
+	$result = $db->sql_query($sql);
+
+	$new_user_ids = array();
+	while ($row = $db->sql_fetchrow($result))
+	{
+		$new_user_ids[$row[$column]][] = (int) $row['user_id'];
+	}
+	$db->sql_freeresult($result);
+
+	$queries = array();
+	$extra_updates = array(
+		0 => 'notify_status = 0',
+		1 => '',
+	);
+	foreach ($from_values as $from_value)
+	{
+		foreach ($extra_updates as $notify_status => $extra_update)
+		{
+			if (!isset($old_user_ids[$notify_status][$from_value]))
+			{
+				continue;
+			}
+			if (empty($new_user_ids))
+			{
+				$sql = "UPDATE $table
+					SET $column = " . (int) $to_value . "
+					WHERE $column = '" . $db->sql_escape($from_value) . "'";
+				$queries[] = $sql;
+			}
+			else
+			{
+				$different_user_ids = array_diff($old_user_ids[$notify_status][$from_value], $new_user_ids[$to_value]);
+				if (!empty($different_user_ids))
+				{
+					$sql = "UPDATE $table
+						SET $column = " . (int) $to_value . "
+						WHERE $column = '" . $db->sql_escape($from_value) . "'
+						AND " . $db->sql_in_set('user_id', $different_user_ids);
+					$queries[] = $sql;
+				}
+
+				if ($extra_update)
+				{
+					$same_user_ids = array_diff($old_user_ids[$notify_status][$from_value], $different_user_ids);
+					if (!empty($same_user_ids))
+					{
+						$sql = "UPDATE $table
+							SET $extra_update
+							WHERE $column = '" . (int) $to_value . "'
+							AND " . $db->sql_in_set('user_id', $same_user_ids);
+						$queries[] = $sql;
+					}
+				}
+			}
+		}
+	}
+
+	if (!empty($queries))
+	{
+		$db->sql_transaction('begin');
+
+		foreach ($queries as $sql)
+		{
+			$db->sql_query($sql);
+		}
+
+		$sql = "DELETE FROM $table
+			WHERE " . $db->sql_in_set($column, $from_values);
+		$db->sql_query($sql);
+
+		$db->sql_transaction('commit');
+	}
+}
diff --git a/phpBB/includes/functions_install.php b/phpBB/includes/functions_install.php
index eae136808c..47f4eac627 100644
--- a/phpBB/includes/functions_install.php
+++ b/phpBB/includes/functions_install.php
@@ -55,6 +55,8 @@ function get_available_dbms($dbms = false, $return_unavailable = false, $only_20
 			'AVAILABLE'		=> true,
 			'2.0.x'			=> false,
 		),
+		// Note: php 5.5 alpha 2 deprecated mysql.
+		// Keep mysqli before mysql in this list.
 		'mysqli'	=> array(
 			'LABEL'			=> 'MySQL with MySQLi Extension',
 			'SCHEMA'		=> 'mysql_41',
diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php
index a1029ab97a..e5cbae0d71 100644
--- a/phpBB/includes/functions_posting.php
+++ b/phpBB/includes/functions_posting.php
@@ -1698,8 +1698,9 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 	// The variable name should be $post_approved, because it indicates if the post is approved or not
 	$post_approval = 1;
 
-	// Check the permissions for post approval. Moderators are not affected.
-	if (!$auth->acl_get('f_noapprove', $data['forum_id']) && !$auth->acl_get('m_approve', $data['forum_id']))
+	// Check the permissions for post approval.
+	// Moderators must go through post approval like ordinary users.
+	if (!$auth->acl_get('f_noapprove', $data['forum_id']))
 	{
 		// Post not approved, but in queue
 		$post_approval = 0;
diff --git a/phpBB/includes/mcp/mcp_forum.php b/phpBB/includes/mcp/mcp_forum.php
index b70601b479..04e0e70f1d 100644
--- a/phpBB/includes/mcp/mcp_forum.php
+++ b/phpBB/includes/mcp/mcp_forum.php
@@ -414,13 +414,16 @@ function merge_topics($forum_id, $topic_ids, $to_topic_id)
 		// Message and return links
 		$success_msg = 'POSTS_MERGED_SUCCESS';
 
-		// If the topic no longer exist, we will update the topic watch table.
-		// To not let it error out on users watching both topics, we just return on an error...
-		$db->sql_return_on_error(true);
-		$db->sql_query('UPDATE ' . TOPICS_WATCH_TABLE . ' SET topic_id = ' . (int) $to_topic_id . ' WHERE ' . $db->sql_in_set('topic_id', $topic_ids));
-		$db->sql_return_on_error(false);
+		if (!function_exists('phpbb_update_rows_avoiding_duplicates_notify_status'))
+		{
+			include($phpbb_root_path . 'includes/functions_database_helper.' . $phpEx);
+		}
+
+		// Update the topic watch table.
+		phpbb_update_rows_avoiding_duplicates_notify_status($db, TOPICS_WATCH_TABLE, 'topic_id', $topic_ids, $to_topic_id);
 
-		$db->sql_query('DELETE FROM ' . TOPICS_WATCH_TABLE . ' WHERE ' . $db->sql_in_set('topic_id', $topic_ids));
+		// Update the bookmarks table.
+		phpbb_update_rows_avoiding_duplicates($db, BOOKMARKS_TABLE, 'topic_id', $topic_ids, $to_topic_id);
 
 		// Link to the new topic
 		$return_link .= (($return_link) ? '<br /><br />' : '') . sprintf($user->lang['RETURN_NEW_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $to_forum_id . '&amp;t=' . $to_topic_id) . '">', '</a>');
diff --git a/phpBB/includes/mcp/mcp_main.php b/phpBB/includes/mcp/mcp_main.php
index ffede11d37..0cef8933fc 100644
--- a/phpBB/includes/mcp/mcp_main.php
+++ b/phpBB/includes/mcp/mcp_main.php
@@ -1231,6 +1231,7 @@ function mcp_fork_topic($topic_ids)
 				}
 			}
 
+			// Copy topic subscriptions to new topic
 			$sql = 'SELECT user_id, notify_status
 				FROM ' . TOPICS_WATCH_TABLE . '
 				WHERE topic_id = ' . $topic_id;
@@ -1251,6 +1252,27 @@ function mcp_fork_topic($topic_ids)
 			{
 				$db->sql_multi_insert(TOPICS_WATCH_TABLE, $sql_ary);
 			}
+
+			// Copy bookmarks to new topic
+			$sql = 'SELECT user_id
+				FROM ' . BOOKMARKS_TABLE . '
+				WHERE topic_id = ' . $topic_id;
+			$result = $db->sql_query($sql);
+
+			$sql_ary = array();
+			while ($row = $db->sql_fetchrow($result))
+			{
+				$sql_ary[] = array(
+					'topic_id'		=> (int) $new_topic_id,
+					'user_id'		=> (int) $row['user_id'],
+				);
+			}
+			$db->sql_freeresult($result);
+
+			if (sizeof($sql_ary))
+			{
+				$db->sql_multi_insert(BOOKMARKS_TABLE, $sql_ary);
+			}
 		}
 
 		// Sync new topics, parent forums and board stats
diff --git a/phpBB/includes/mcp/mcp_pm_reports.php b/phpBB/includes/mcp/mcp_pm_reports.php
index 72f77fae7c..77bc7680e6 100644
--- a/phpBB/includes/mcp/mcp_pm_reports.php
+++ b/phpBB/includes/mcp/mcp_pm_reports.php
@@ -123,6 +123,7 @@ class mcp_pm_reports
 
 				$message = bbcode_nl2br($message);
 				$message = smiley_text($message);
+				$report['report_text'] = make_clickable(bbcode_nl2br($report['report_text']));
 
 				if ($pm_info['message_attachment'] && $auth->acl_get('u_pm_download'))
 				{
diff --git a/phpBB/includes/mcp/mcp_topic.php b/phpBB/includes/mcp/mcp_topic.php
index 7d4edaf362..76985488b7 100644
--- a/phpBB/includes/mcp/mcp_topic.php
+++ b/phpBB/includes/mcp/mcp_topic.php
@@ -517,6 +517,49 @@ function split_topic($action, $topic_id, $to_forum_id, $subject)
 			WHERE post_id = {$post_id_list[0]}";
 		$db->sql_query($sql);
 
+		// Copy topic subscriptions to new topic
+		$sql = 'SELECT user_id, notify_status
+			FROM ' . TOPICS_WATCH_TABLE . '
+			WHERE topic_id = ' . $topic_id;
+		$result = $db->sql_query($sql);
+
+		$sql_ary = array();
+		while ($row = $db->sql_fetchrow($result))
+		{
+			$sql_ary[] = array(
+				'topic_id'		=> (int) $to_topic_id,
+				'user_id'		=> (int) $row['user_id'],
+				'notify_status'	=> (int) $row['notify_status'],
+			);
+		}
+		$db->sql_freeresult($result);
+
+		if (sizeof($sql_ary))
+		{
+			$db->sql_multi_insert(TOPICS_WATCH_TABLE, $sql_ary);
+		}
+
+		// Copy bookmarks to new topic
+		$sql = 'SELECT user_id
+			FROM ' . BOOKMARKS_TABLE . '
+			WHERE topic_id = ' . $topic_id;
+		$result = $db->sql_query($sql);
+
+		$sql_ary = array();
+		while ($row = $db->sql_fetchrow($result))
+		{
+			$sql_ary[] = array(
+				'topic_id'		=> (int) $to_topic_id,
+				'user_id'		=> (int) $row['user_id'],
+			);
+		}
+		$db->sql_freeresult($result);
+
+		if (sizeof($sql_ary))
+		{
+			$db->sql_multi_insert(BOOKMARKS_TABLE, $sql_ary);
+		}
+
 		$success_msg = 'TOPIC_SPLIT_SUCCESS';
 
 		// Update forum statistics
@@ -619,13 +662,16 @@ function merge_posts($topic_id, $to_topic_id)
 		}
 		else
 		{
+			if (!function_exists('phpbb_update_rows_avoiding_duplicates_notify_status'))
+			{
+				include($phpbb_root_path . 'includes/functions_database_helper.' . $phpEx);
+			}
+
 			// If the topic no longer exist, we will update the topic watch table.
-			// To not let it error out on users watching both topics, we just return on an error...
-			$db->sql_return_on_error(true);
-			$db->sql_query('UPDATE ' . TOPICS_WATCH_TABLE . ' SET topic_id = ' . (int) $to_topic_id . ' WHERE topic_id = ' . (int) $topic_id);
-			$db->sql_return_on_error(false);
+			phpbb_update_rows_avoiding_duplicates_notify_status($db, TOPICS_WATCH_TABLE, 'topic_id', $topic_ids, $to_topic_id);
 
-			$db->sql_query('DELETE FROM ' . TOPICS_WATCH_TABLE . ' WHERE topic_id = ' . (int) $topic_id);
+			// If the topic no longer exist, we will update the bookmarks table.
+			phpbb_update_rows_avoiding_duplicates($db, BOOKMARKS_TABLE, 'topic_id', $topic_id, $to_topic_id);
 		}
 
 		// Link to the new topic
diff --git a/phpBB/install/database_update.php b/phpBB/install/database_update.php
index 983b1b46c4..8aa62af7e1 100644
--- a/phpBB/install/database_update.php
+++ b/phpBB/install/database_update.php
@@ -1017,7 +1017,7 @@ function database_update_info()
 *****************************************************************************/
 function change_database_data(&$no_updates, $version)
 {
-	global $db, $errored, $error_ary, $config, $phpbb_root_path, $phpEx;
+	global $db, $db_tools, $errored, $error_ary, $config, $table_prefix, $phpbb_root_path, $phpEx;
 
 	switch ($version)
 	{
@@ -1332,8 +1332,6 @@ function change_database_data(&$no_updates, $version)
 				),
 			);
 
-			global $db_tools;
-
 			$statements = $db_tools->perform_schema_changes($changes);
 
 			foreach ($statements as $sql)
@@ -1975,26 +1973,41 @@ function change_database_data(&$no_updates, $version)
 			}
 			$db->sql_freeresult($result);
 
-			global $db_tools, $table_prefix;
-
-			// Recover from potentially broken Q&A CAPTCHA table on firebird
-			// Q&A CAPTCHA was uninstallable, so it's safe to remove these
-			// without data loss
+			/*
+			* Due to a bug, vanilla phpbb could not create captcha tables
+			* in 3.0.8 on firebird. It was possible for board administrators
+			* to adjust the code to work. If code was manually adjusted by
+			* board administrators, index names would not be the same as
+			* what 3.0.9 and newer expect. This code fragment drops captcha
+			* tables, destroying all entered Q&A captcha configuration, such
+			* that when Q&A is configured next the respective tables will be
+			* created with correct index names.
+			*
+			* If you wish to preserve your Q&A captcha configuration, you can
+			* manually rename indexes to the currently expected name:
+			* 	phpbb_captcha_questions_lang_iso	=> phpbb_captcha_questions_lang
+			* 	phpbb_captcha_answers_question_id	=> phpbb_captcha_answers_qid
+			*
+			* Again, this needs to be done only if a board was manually modified
+			* to fix broken captcha code.
+			*
 			if ($db_tools->sql_layer == 'firebird')
 			{
-				$tables = array(
-					$table_prefix . 'captcha_questions',
-					$table_prefix . 'captcha_answers',
-					$table_prefix . 'qa_confirm',
+				$changes = array(
+					'drop_tables'	=> array(
+						$table_prefix . 'captcha_questions',
+						$table_prefix . 'captcha_answers',
+						$table_prefix . 'qa_confirm',
+					),
 				);
-				foreach ($tables as $table)
+				$statements = $db_tools->perform_schema_changes($changes);
+
+				foreach ($statements as $sql)
 				{
-					if ($db_tools->sql_table_exists($table))
-					{
-						$db_tools->sql_table_drop($table);
-					}
+					_sql($sql, $errored, $error_ary);
 				}
 			}
+			*/
 
 			$no_updates = false;
 		break;
diff --git a/phpBB/posting.php b/phpBB/posting.php
index 76c8100c78..e57f5420f5 100644
--- a/phpBB/posting.php
+++ b/phpBB/posting.php
@@ -1018,7 +1018,7 @@ if ($submit || $preview || $refresh)
 					$forum_type = (int) $db->sql_fetchfield('forum_type');
 					$db->sql_freeresult($result);
 
-					if ($forum_type != FORUM_POST || !$auth->acl_get('f_post', $to_forum_id) || (!$auth->acl_get('m_approve', $to_forum_id) && !$auth->acl_get('f_noapprove', $to_forum_id)))
+					if ($forum_type != FORUM_POST || !$auth->acl_get('f_post', $to_forum_id) || !$auth->acl_get('f_noapprove', $to_forum_id))
 					{
 						$to_forum_id = 0;
 					}
@@ -1138,8 +1138,9 @@ if ($submit || $preview || $refresh)
 				$captcha->reset();
 			}
 
-			// Check the permissions for post approval. Moderators are not affected.
-			if ((!$auth->acl_get('f_noapprove', $data['forum_id']) && !$auth->acl_get('m_approve', $data['forum_id']) && empty($data['force_approved_state'])) || (isset($data['force_approved_state']) && !$data['force_approved_state']))
+			// Check the permissions for post approval.
+			// Moderators must go through post approval like ordinary users.
+			if ((!$auth->acl_get('f_noapprove', $data['forum_id']) && empty($data['force_approved_state'])) || (isset($data['force_approved_state']) && !$data['force_approved_state']))
 			{
 				meta_refresh(10, $redirect_url);
 				$message = ($mode == 'edit') ? $user->lang['POST_EDITED_MOD'] : $user->lang['POST_STORED_MOD'];