3 files changed, 47 insertions, 2 deletions
diff --git a/phpBB/includes/functions_admin.php b/phpBB/includes/functions_admin.php
index e3e8657afb..5ddaf31cf5 100644
--- a/phpBB/includes/functions_admin.php
+++ b/phpBB/includes/functions_admin.php
@@ -2512,6 +2512,7 @@ function phpbb_cache_moderators($db, $cache, $auth)
 			{
 				$usernames_ary[$row['user_id']] = $row['username'];
 			}
+			$db->sql_freeresult($result);
 
 			foreach ($hold_ary as $user_id => $forum_id_ary)
 			{
@@ -2806,6 +2807,7 @@ function view_inactive_users(&$users, &$user_count, $limit = 0, $offset = 0, $li
 
 		$users[] = $row;
 	}
+	$db->sql_freeresult($result);
 
 	return $offset;
 }
diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php
index 92ace7b585..bc996cf275 100644
--- a/phpBB/includes/message_parser.php
+++ b/phpBB/includes/message_parser.php
@@ -1103,7 +1103,7 @@ class parse_message extends bbcode_firstpass
 	*/
 	function parse($allow_bbcode, $allow_magic_url, $allow_smilies, $allow_img_bbcode = true, $allow_flash_bbcode = true, $allow_quote_bbcode = true, $allow_url_bbcode = true, $update_this_message = true, $mode = 'post')
 	{
-		global $config, $db, $user;
+		global $config, $db, $user, $phpbb_dispatcher;
 
 		$this->mode = $mode;
 
@@ -1158,6 +1158,49 @@ class parse_message extends bbcode_firstpass
 			}
 		}
 
+		/**
+		* This event can be used for additional message checks/cleanup before parsing
+		*
+		* @event core.message_parser_check_message
+		* @var bool		allow_bbcode			Do we allow BBCodes
+		* @var bool		allow_magic_url			Do we allow magic urls
+		* @var bool		allow_smilies			Do we allow smilies
+		* @var bool		allow_img_bbcode		Do we allow image BBCode
+		* @var bool		allow_flash_bbcode		Do we allow flash BBCode
+		* @var bool		allow_quote_bbcode		Do we allow quote BBCode
+		* @var bool		allow_url_bbcode		Do we allow url BBCode
+		* @var bool		update_this_message		Do we alter the parsed message
+		* @var string	mode					Posting mode
+		* @var string	message					The message text to parse
+		* @var bool		return					Do we return after the event is triggered if $warn_msg is not empty
+		* @var array	warn_msg				Array of the warning messages
+		* @since 3.1.2-RC1
+		*/
+		$message = $this->message;
+		$warn_msg = $this->warn_msg;
+		$return = false;
+		$vars = array(
+			'allow_bbcode',
+			'allow_magic_url',
+			'allow_smilies',
+			'allow_img_bbcode',
+			'allow_flash_bbcode',
+			'allow_quote_bbcode',
+			'allow_url_bbcode',
+			'update_this_message',
+			'mode',
+			'message',
+			'return',
+			'warn_msg',
+		);
+		extract($phpbb_dispatcher->trigger_event('core.message_parser_check_message', compact($vars)));
+		$this->message = $message;
+		$this->warn_msg = $warn_msg;
+		if ($return && !empty($this->warn_msg))
+		{
+			return (!$update_this_message) ? $return_message : $this->warn_msg;
+		}
+
 		// Prepare BBcode (just prepares some tags for better parsing)
 		if ($allow_bbcode && strpos($this->message, '[') !== false)
 		{
diff --git a/phpBB/includes/ucp/ucp_login_link.php b/phpBB/includes/ucp/ucp_login_link.php
index 27d59c56b7..bfe4804286 100644
--- a/phpBB/includes/ucp/ucp_login_link.php
+++ b/phpBB/includes/ucp/ucp_login_link.php
@@ -75,7 +75,7 @@ class ucp_login_link
 		{
 			if ($request->is_set_post('login'))
 			{
-				$login_username = $request->variable('login_username', '', false, \phpbb\request\request_interface::POST);
+				$login_username = $request->variable('login_username', '', true, \phpbb\request\request_interface::POST);
 				$login_password = $request->untrimmed_variable('login_password', '', true, \phpbb\request\request_interface::POST);
 
 				$login_result = $auth_provider->login($login_username, $login_password);