12 files changed, 73 insertions, 8 deletions
diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php
index a5feac1902..7680d8996c 100644
--- a/phpBB/includes/acp/acp_board.php
+++ b/phpBB/includes/acp/acp_board.php
@@ -888,8 +888,8 @@ class acp_board
 		$old_tz = $user->timezone;
 		$old_dst = $user->dst;
 
-		$user->timezone = $config['board_timezone'];
-		$user->dst = $config['board_dst'];
+		$user->timezone = $config['board_timezone'] * 3600;
+		$user->dst = $config['board_dst'] * 3600;
 
 		$dateformat_options = '';
 
diff --git a/phpBB/includes/acp/acp_database.php b/phpBB/includes/acp/acp_database.php
index abfad2b90b..0582d6204e 100644
--- a/phpBB/includes/acp/acp_database.php
+++ b/phpBB/includes/acp/acp_database.php
@@ -394,6 +394,7 @@ class acp_database
 
 								case 'mssql':
 								case 'mssql_odbc':
+								case 'mssqlnative':
 									while (($sql = $fgetd($fp, "GO\n", $read, $seek, $eof)) !== false)
 									{
 										$db->sql_query($sql);
diff --git a/phpBB/includes/acp/acp_forums.php b/phpBB/includes/acp/acp_forums.php
index 5a5adc57ae..54bf905374 100644
--- a/phpBB/includes/acp/acp_forums.php
+++ b/phpBB/includes/acp/acp_forums.php
@@ -1705,6 +1705,9 @@ class acp_forums
 					)
 				);
 
+				// Amount of rows we select and delete in one iteration.
+				$batch_size = 500;
+
 				foreach ($tables_ary as $field => $tables)
 				{
 					$start = 0;
@@ -1714,7 +1717,7 @@ class acp_forums
 						$sql = "SELECT $field
 							FROM " . POSTS_TABLE . '
 							WHERE forum_id = ' . $forum_id;
-						$result = $db->sql_query_limit($sql, 500, $start);
+						$result = $db->sql_query_limit($sql, $batch_size, $start);
 
 						$ids = array();
 						while ($row = $db->sql_fetchrow($result))
@@ -1733,7 +1736,7 @@ class acp_forums
 							}
 						}
 					}
-					while ($row);
+					while (sizeof($ids) == $batch_size);
 				}
 				unset($ids);
 
diff --git a/phpBB/includes/acp/acp_profile.php b/phpBB/includes/acp/acp_profile.php
index fc08c7e8e8..2288a0728b 100644
--- a/phpBB/includes/acp/acp_profile.php
+++ b/phpBB/includes/acp/acp_profile.php
@@ -1480,6 +1480,7 @@ class acp_profile
 
 			case 'mssql':
 			case 'mssql_odbc':
+			case 'mssqlnative':
 
 				// We are defining the biggest common value, because of the possibility to edit the min/max values of each field.
 				$sql = 'ALTER TABLE [' . PROFILE_FIELDS_DATA_TABLE . "] ADD [$field_ident] ";
diff --git a/phpBB/includes/acp/acp_reasons.php b/phpBB/includes/acp/acp_reasons.php
index 8d7bc88769..dbc9fcb6cc 100644
--- a/phpBB/includes/acp/acp_reasons.php
+++ b/phpBB/includes/acp/acp_reasons.php
@@ -233,6 +233,7 @@ class acp_reasons
 						// Standard? What's that?
 						case 'mssql':
 						case 'mssql_odbc':
+						case 'mssqlnative':
 							// Change the reports using this reason to 'other'
 							$sql = "DECLARE @ptrval binary(16)
 
diff --git a/phpBB/includes/db/postgres.php b/phpBB/includes/db/postgres.php
index d117e8c948..b3139b3d79 100644
--- a/phpBB/includes/db/postgres.php
+++ b/phpBB/includes/db/postgres.php
@@ -76,7 +76,14 @@ class dbal_postgres extends dbal
 
 		$this->persistency = $persistency;
 
-		$this->db_connect_id = ($this->persistency) ? @pg_pconnect($connect_string, $new_link) : @pg_connect($connect_string, $new_link);
+		if ($this->persistency)
+		{
+			$this->db_connect_id = (!$new_link) ? @pg_pconnect($connect_string) : @pg_pconnect($connect_string, PGSQL_CONNECT_FORCE_NEW);
+		}
+		else
+		{
+			$this->db_connect_id = (!$new_link) ? @pg_connect($connect_string) : @pg_connect($connect_string, PGSQL_CONNECT_FORCE_NEW);
+		}
 
 		if ($this->db_connect_id)
 		{
diff --git a/phpBB/includes/functions_profile_fields.php b/phpBB/includes/functions_profile_fields.php
index 61e3587158..fa1cc98e10 100644
--- a/phpBB/includes/functions_profile_fields.php
+++ b/phpBB/includes/functions_profile_fields.php
@@ -366,6 +366,7 @@ class custom_profile
 			case 'sqlite':
 			case 'mssql':
 			case 'mssql_odbc':
+			case 'mssqlnative':
 				$right_delim = ']';
 				$left_delim = '[';
 			break;
diff --git a/phpBB/includes/functions_upload.php b/phpBB/includes/functions_upload.php
index 054af29045..51fed45ebd 100644
--- a/phpBB/includes/functions_upload.php
+++ b/phpBB/includes/functions_upload.php
@@ -775,7 +775,18 @@ class fileupload
 		{
 			if ($get_info)
 			{
-				$data .= @fread($fsock, 1024);
+				$block = @fread($fsock, 1024);
+				$filesize += strlen($block);
+
+				if ($this->max_filesize && $filesize > $this->max_filesize)
+				{
+					$max_filesize = get_formatted_filesize($this->max_filesize, false);
+
+					$file = new fileerror(sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit']));
+					return $file;
+				}
+
+				$data .= $block;
 			}
 			else
 			{
@@ -791,6 +802,18 @@ class fileupload
 					{
 						$upload_ary['type'] = rtrim(str_replace('content-type: ', '', strtolower($line)));
 					}
+					else if ($this->max_filesize && stripos($line, 'content-length: ') !== false)
+					{
+						$length = (int) str_replace('content-length: ', '', strtolower($line));
+
+						if ($length && $length > $this->max_filesize)
+						{
+							$max_filesize = get_formatted_filesize($this->max_filesize, false);
+
+							$file = new fileerror(sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit']));
+							return $file;
+						}
+					}
 					else if (stripos($line, '404 not found') !== false)
 					{
 						$file = new fileerror($user->lang[$this->error_prefix . 'URL_NOT_FOUND']);
diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php
index 50aad8588a..952b55cc8c 100644
--- a/phpBB/includes/message_parser.php
+++ b/phpBB/includes/message_parser.php
@@ -300,7 +300,7 @@ class bbcode_firstpass extends bbcode
 
 		if ($config['max_' . $this->mode . '_img_height'] || $config['max_' . $this->mode . '_img_width'])
 		{
-			$stats = @getimagesize($in);
+			$stats = @getimagesize(htmlspecialchars_decode($in));
 
 			if ($stats === false)
 			{
diff --git a/phpBB/language/en/install.php b/phpBB/language/en/install.php
index 1c27e2f40d..8515739dc9 100644
--- a/phpBB/language/en/install.php
+++ b/phpBB/language/en/install.php
@@ -128,7 +128,7 @@ $lang = array_merge($lang, array(
 	'DB_ERR_QUERY_FIRST_TABLE'	=> 'Error while executing <var>query_first</var>, %s (“%s”).',
 	'DB_ERR_SELECT'				=> 'Error while running <code>SELECT</code> query.',
 	'DB_HOST'					=> 'Database server hostname or DSN',
-	'DB_HOST_EXPLAIN'			=> 'DSN stands for Data Source Name and is relevant only for ODBC installs.',
+	'DB_HOST_EXPLAIN'			=> 'DSN stands for Data Source Name and is relevant only for ODBC installs. On PostgreSQL, use localhost to connect to the local server via UNIX domain socket and 127.0.0.1 to connect via TCP.',
 	'DB_NAME'					=> 'Database name',
 	'DB_PASSWORD'				=> 'Database password',
 	'DB_PORT'					=> 'Database server port',
diff --git a/phpBB/search.php b/phpBB/search.php
index ab2221a96e..7a9ab82f93 100644
--- a/phpBB/search.php
+++ b/phpBB/search.php
@@ -1155,6 +1155,7 @@ if ($auth->acl_get('a_search'))
 
 		case 'mssql':
 		case 'mssql_odbc':
+		case 'mssqlnative':
 			$sql = 'SELECT search_time, search_keywords
 				FROM ' . SEARCH_RESULTS_TABLE . '
 				WHERE DATALENGTH(search_keywords) > 0
diff --git a/phpBB/web.config b/phpBB/web.config
new file mode 100644
index 0000000000..128fe3c98f
--- /dev/null
+++ b/phpBB/web.config
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+	<system.webServer>
+		<security>
+			<requestFiltering>
+				<hiddenSegments>
+					<add segment="cache" />
+					<add segment="files" />
+					<add segment="store" />
+					<add segment="config.php" />
+					<add segment="common.php" />
+				</hiddenSegments>
+			</requestFiltering>
+		</security>
+	</system.webServer>
+	<location path="images/avatars">
+		<system.webServer>
+			<security>
+				<requestFiltering>
+					<hiddenSegments>
+						<add segment="upload" />
+					</hiddenSegments>
+				</requestFiltering>
+			</security>
+		</system.webServer>
+	</location>
+</configuration>