5 files changed, 29 insertions, 24 deletions
diff --git a/phpBB/includes/acp/acp_attachments.php b/phpBB/includes/acp/acp_attachments.php
index 9a5e04f787..688cb4d20f 100644
--- a/phpBB/includes/acp/acp_attachments.php
+++ b/phpBB/includes/acp/acp_attachments.php
@@ -785,7 +785,9 @@ class acp_attachments
 					$act_deact = ($row['allow_group']) ? 'deactivate' : 'activate';
 			
 					$template->assign_block_vars('groups', array(
-						'S_ADD_SPACER'	=> $s_add_spacer,
+						'S_ADD_SPACER'		=> $s_add_spacer,
+						'S_ALLOWED_IN_PM'	=> ($row['allow_in_pm']) ? true : false,
+						'S_GROUP_ALLOWED'	=> ($row['allow_group']) ? true : false,
 
 						'U_EDIT'		=> $this->u_action . "&amp;action=edit&amp;g={$row['group_id']}",
 						'U_DELETE'		=> $this->u_action . "&amp;action=delete&amp;g={$row['group_id']}",
diff --git a/phpBB/includes/acp/acp_bbcodes.php b/phpBB/includes/acp/acp_bbcodes.php
index ab684dd447..4586a58fe8 100644
--- a/phpBB/includes/acp/acp_bbcodes.php
+++ b/phpBB/includes/acp/acp_bbcodes.php
@@ -71,8 +71,8 @@ class acp_bbcodes
 			case 'create':
 				$display_on_posting = request_var('display_on_posting', 0);
 
-				$bbcode_match = (isset($_POST['bbcode_match'])) ? htmlspecialchars(stripslashes($_POST['bbcode_match'])) : '';
-				$bbcode_tpl = (isset($_POST['bbcode_tpl'])) ? stripslashes($_POST['bbcode_tpl']) : '';
+				$bbcode_match = request_var('bbcode_match', '');
+				$bbcode_tpl = html_entity_decode(request_var('bbcode_tpl', ''));
 			break;
 		}
 
@@ -207,19 +207,19 @@ class acp_bbcodes
 	/*
 	* Build regular expression for custom bbcode
 	*/
-	function build_regexp($msg_bbcode, $msg_html)
+	function build_regexp(&$bbcode_match, &$bbcode_tpl)
 	{
-		$msg_bbcode = trim($msg_bbcode);
-		$msg_html = trim($msg_html);
+		$bbcode_match = trim($bbcode_match);
+		$bbcode_tpl = trim($bbcode_tpl);
 
-		$fp_match = preg_quote($msg_bbcode, '!');
-		$fp_replace = preg_replace('#^\[(.*?)\]#', '[$1:$uid]', $msg_bbcode);
+		$fp_match = preg_quote($bbcode_match, '!');
+		$fp_replace = preg_replace('#^\[(.*?)\]#', '[$1:$uid]', $bbcode_match);
 		$fp_replace = preg_replace('#\[/(.*?)\]$#', '[/$1:$uid]', $fp_replace);
 
-		$sp_match = preg_quote($msg_bbcode, '!');
+		$sp_match = preg_quote($bbcode_match, '!');
 		$sp_match = preg_replace('#^\\\\\[(.*?)\\\\\]#', '\[$1:$uid\]', $sp_match);
 		$sp_match = preg_replace('#\\\\\[/(.*?)\\\\\]$#', '\[/$1:$uid\]', $sp_match);
-		$sp_replace = $msg_html;
+		$sp_replace = $bbcode_tpl;
 
 		// @todo Make sure to change this too if something changed in message parsing
 		$tokens = array(
@@ -236,7 +236,7 @@ class acp_bbcodes
 				'!(.*?)!es'	 =>	"str_replace('\\\"', '&quot;', str_replace('\\'', '&#39;', '\$1'))"
 			),
 			'COLOR' => array(
-				'!([a-z]+|#[0-9abcdef]+!i'	=>	'$1'
+				'!([a-z]+|#[0-9abcdef]+)!i'	=>	'$1'
 			),
 			'NUMBER' => array(
 				'!([0-9]+)!'	=>	'$1'
@@ -246,7 +246,7 @@ class acp_bbcodes
 		$pad = 0;
 		$modifiers = 'i';
 
-		if (preg_match_all('/\{(' . implode('|', array_keys($tokens)) . ')[0-9]*\}/i', $msg_bbcode, $m))
+		if (preg_match_all('/\{(' . implode('|', array_keys($tokens)) . ')[0-9]*\}/i', $bbcode_match, $m))
 		{
 			foreach ($m[0] as $n => $token)
 			{
@@ -311,7 +311,7 @@ class acp_bbcodes
 		}
 
 		// Lowercase tags
-		$bbcode_tag = preg_replace('/.*?\[([a-z]+=?).*/i', '$1', $msg_bbcode);
+		$bbcode_tag = preg_replace('/.*?\[([a-z]+=?).*/i', '$1', $bbcode_match);
 		$fp_match = preg_replace('#\[/?' . $bbcode_tag . '#ie', "strtolower('\$0')", $fp_match);
 		$fp_replace = preg_replace('#\[/?' . $bbcode_tag . '#ie', "strtolower('\$0')", $fp_replace);
 		$sp_match = preg_replace('#\[/?' . $bbcode_tag . '#ie', "strtolower('\$0')", $sp_match);
diff --git a/phpBB/includes/acp/acp_email.php b/phpBB/includes/acp/acp_email.php
index e5e10223f7..86ddd5ce56 100644
--- a/phpBB/includes/acp/acp_email.php
+++ b/phpBB/includes/acp/acp_email.php
@@ -28,16 +28,16 @@ class acp_email
 		$submit = (isset($_POST['submit'])) ? true : false;
 		$error = array();
 
-		$usernames = request_var('usernames', '');
-		$group_id = request_var('g', 0);
+		$usernames	= request_var('usernames', '');
+		$group_id	= request_var('g', 0);
+		$subject	= request_var('subject', '', true);
+		$message	= request_var('message', '', true);
 
 		// Do the job ...
 		if ($submit)
 		{
 			// Error checking needs to go here ... if no subject and/or no message then skip 
 			// over the send and return to the form
-			$subject		= request_var('subject', '', true);
-			$message		= request_var('message', '', true);
 			$use_queue		= (isset($_POST['send_immediatly'])) ? false : true;
 			$priority		= request_var('mail_priority_flag', MAIL_NORMAL_PRIORITY);
 
diff --git a/phpBB/includes/acp/acp_prune.php b/phpBB/includes/acp/acp_prune.php
index 913b338ad1..c4db029b8d 100644
--- a/phpBB/includes/acp/acp_prune.php
+++ b/phpBB/includes/acp/acp_prune.php
@@ -26,13 +26,13 @@ class acp_prune
 		{
 			case 'forums':
 				$this->tpl_name = 'acp_prune_forums';
-				$this->page_header = 'ACP_PRUNE_FORUMS';
+				$this->page_title = 'ACP_PRUNE_FORUMS';
 				$this->prune_forums($id, $mode);
 			break;
 
 			case 'users':
 				$this->tpl_name = 'acp_prune_users';
-				$this->page_header = 'ACP_PRUNE_USERS';
+				$this->page_title = 'ACP_PRUNE_USERS';
 				$this->prune_users($id, $mode);
 			break;
 		}
diff --git a/phpBB/includes/acp/auth.php b/phpBB/includes/acp/auth.php
index b1448b100c..1bfde0887c 100644
--- a/phpBB/includes/acp/auth.php
+++ b/phpBB/includes/acp/auth.php
@@ -307,13 +307,20 @@ class auth_admin extends auth
 		
 		if (sizeof($roles))
 		{
+			$s_role_js_array = array();
+
+			// Make sure every role (even if empty) has its array defined
+			foreach ($roles as $_role_id => $null)
+			{
+				$s_role_js_array[$_role_id] = "\n" . 'role_options[' . $_role_id . '] = new Array();' . "\n";
+			}
+
 			$sql = 'SELECT r.role_id, o.auth_option, r.auth_setting
 				FROM ' . ACL_ROLES_DATA_TABLE . ' r, ' . ACL_OPTIONS_TABLE . ' o
 				WHERE o.auth_option_id = r.auth_option_id
 					AND r.role_id IN (' . implode(', ', array_keys($roles)) . ')';
 			$result = $db->sql_query($sql);
 
-			$s_role_js_array = array();
 			while ($row = $db->sql_fetchrow($result))
 			{
 				$flag = substr($row['auth_option'], 0, strpos($row['auth_option'], '_') + 1);
@@ -322,10 +329,6 @@ class auth_admin extends auth
 					continue;
 				}
 
-				if (!isset($s_role_js_array[$row['role_id']]))
-				{
-					$s_role_js_array[$row['role_id']] = "\n" . 'role_options[' . $row['role_id'] . '] = new Array();' . "\n";
-				}
 				$s_role_js_array[$row['role_id']] .= 'role_options[' . $row['role_id'] . '][\'' . $row['auth_option'] . '\'] = ' . $row['auth_setting'] . '; ';
 			}
 			$db->sql_freeresult($result);