11 files changed, 113 insertions, 39 deletions
diff --git a/phpBB/includes/acp/acp_main.php b/phpBB/includes/acp/acp_main.php
index 2a28226d6c..48ca05a118 100644
--- a/phpBB/includes/acp/acp_main.php
+++ b/phpBB/includes/acp/acp_main.php
@@ -655,8 +655,8 @@ class acp_main
 				'S_MBSTRING_LOADED'						=> true,
 				'S_MBSTRING_FUNC_OVERLOAD_FAIL'			=> (intval(@ini_get('mbstring.func_overload')) & (MB_OVERLOAD_MAIL | MB_OVERLOAD_STRING)),
 				'S_MBSTRING_ENCODING_TRANSLATION_FAIL'	=> (@ini_get('mbstring.encoding_translation') != 0),
-				'S_MBSTRING_HTTP_INPUT_FAIL'			=> (@ini_get('mbstring.http_input') != 'pass'),
-				'S_MBSTRING_HTTP_OUTPUT_FAIL'			=> (@ini_get('mbstring.http_output') != 'pass'),
+				'S_MBSTRING_HTTP_INPUT_FAIL'			=> !in_array(@ini_get('mbstring.http_input'), array('pass', '')),
+				'S_MBSTRING_HTTP_OUTPUT_FAIL'			=> !in_array(@ini_get('mbstring.http_output'), array('pass', '')),
 			));
 		}
 
diff --git a/phpBB/includes/acp/acp_styles.php b/phpBB/includes/acp/acp_styles.php
index 42c67a88b5..af3fd7937c 100644
--- a/phpBB/includes/acp/acp_styles.php
+++ b/phpBB/includes/acp/acp_styles.php
@@ -70,11 +70,6 @@ class acp_styles
 		$action = $this->request->variable('action', '');
 		$post_actions = array('install', 'activate', 'deactivate', 'uninstall');
 
-		if ($action && in_array($action, $post_actions) && !check_link_hash($request->variable('hash', ''), $action))
-		{
-			trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
-		}
-
 		foreach ($post_actions as $key)
 		{
 			if ($this->request->is_set_post($key))
@@ -83,6 +78,18 @@ class acp_styles
 			}
 		}
 
+		// The uninstall action uses confirm_box() to verify the validity of the request,
+		// so there is no need to check for a valid token here.
+		if (in_array($action, $post_actions) && $action != 'uninstall')
+		{
+			$is_valid_request = check_link_hash($request->variable('hash', ''), $action) || check_form_key('styles_management');
+
+			if (!$is_valid_request)
+			{
+				trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+			}
+		}
+
 		if ($action != '')
 		{
 			$this->s_hidden_fields['action'] = $action;
@@ -122,6 +129,8 @@ class acp_styles
 	*/
 	protected function frontend()
 	{
+		add_form_key('styles_management');
+
 		// Check mode
 		switch ($this->mode)
 		{
diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php
index 6693b822fe..4bf604fc3b 100644
--- a/phpBB/includes/constants.php
+++ b/phpBB/includes/constants.php
@@ -28,7 +28,7 @@ if (!defined('IN_PHPBB'))
 */
 
 // phpBB Version
-define('PHPBB_VERSION', '3.1.0-RC6-dev');
+define('PHPBB_VERSION', '3.1.1-RC1-dev');
 
 // QA-related
 // define('PHPBB_QA', 1);
diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php
index 1fdc7ee9ea..af44f6270e 100644
--- a/phpBB/includes/functions_posting.php
+++ b/phpBB/includes/functions_posting.php
@@ -2384,6 +2384,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 	* @var	int		topic_type			Variable containing topic type value
 	* @var	array	poll				Array with the poll data for the post
 	* @var	array	data				Array with the data for the post
+	* @var	int		post_visibility		Variable containing up to date post visibility
 	* @var	bool	update_message		Flag indicating if the post will be updated
 	* @var	bool	update_search_index	Flag indicating if the search index will be updated
 	* @var	string	url					The "Return to topic" URL
@@ -2399,6 +2400,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 		'topic_type',
 		'poll',
 		'data',
+		'post_visibility',
 		'update_message',
 		'update_search_index',
 		'url',
diff --git a/phpBB/includes/functions_privmsgs.php b/phpBB/includes/functions_privmsgs.php
index ad142b1cca..838c6a0fec 100644
--- a/phpBB/includes/functions_privmsgs.php
+++ b/phpBB/includes/functions_privmsgs.php
@@ -914,6 +914,24 @@ function update_unread_status($unread, $msg_id, $user_id, $folder_id)
 	}
 }
 
+function mark_folder_read($user_id, $folder_id)
+{
+	global $db;
+
+	$sql = 'SELECT msg_id
+		FROM ' . PRIVMSGS_TO_TABLE . '
+		WHERE folder_id = ' . ((int) $folder_id) . '
+			AND user_id = ' . ((int) $user_id) . '
+			AND pm_unread = 1';
+	$result = $db->sql_query($sql);
+
+	while ($row = $db->sql_fetchrow($result))
+	{
+		update_unread_status(true, $row['msg_id'], $user_id, $folder_id);
+	}
+	$db->sql_freeresult($result);
+}
+
 /**
 * Handle all actions possible with marked messages
 */
diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php
index e4479f07b0..f79a8998c4 100644
--- a/phpBB/includes/functions_user.php
+++ b/phpBB/includes/functions_user.php
@@ -161,9 +161,10 @@ function user_update_name($old_name, $new_name)
 *
 * @param mixed $user_row An array containing the following keys (and the appropriate values): username, group_id (the group to place the user in), user_email and the user_type(usually 0). Additional entries not overridden by defaults will be forwarded.
 * @param string $cp_data custom profile fields, see custom_profile::build_insert_sql_array
+* @param array $notifications_data The notifications settings for the new user
 * @return the new user's ID.
 */
-function user_add($user_row, $cp_data = false)
+function user_add($user_row, $cp_data = false, $notifications_data = null)
 {
 	global $db, $user, $auth, $config, $phpbb_root_path, $phpEx;
 	global $phpbb_dispatcher, $phpbb_container;
@@ -347,6 +348,31 @@ function user_add($user_row, $cp_data = false)
 		set_config('newest_user_colour', $row['group_colour'], true);
 	}
 
+	// Use default notifications settings if notifications_data is not set
+	if ($notifications_data === null)
+	{
+		$notifications_data = array(
+			array(
+				'item_type'	=> 'notification.type.post',
+				'method'	=> 'notification.method.email',
+			),
+			array(
+				'item_type'	=> 'notification.type.topic',
+				'method'	=> 'notification.method.email',
+			),
+		);
+	}
+
+	// Subscribe user to notifications if necessary
+	if (!empty($notifications_data))
+	{
+		$phpbb_notifications = $phpbb_container->get('notification_manager');
+		foreach ($notifications_data as $subscription)
+		{
+			$phpbb_notifications->add_subscription($subscription['item_type'], 0, $subscription['method'], $user_id);
+		}
+	}
+
 	/**
 	* Event that returns user id, user detals and user CPF of newly registared user
 	*
diff --git a/phpBB/includes/mcp/mcp_main.php b/phpBB/includes/mcp/mcp_main.php
index 74bf687fc8..19a0ee3051 100644
--- a/phpBB/includes/mcp/mcp_main.php
+++ b/phpBB/includes/mcp/mcp_main.php
@@ -754,7 +754,8 @@ function mcp_delete_topic($topic_ids, $is_soft = false, $soft_delete_reason = ''
 {
 	global $auth, $user, $db, $phpEx, $phpbb_root_path, $request, $phpbb_container;
 
-	if (!phpbb_check_ids($topic_ids, TOPICS_TABLE, 'topic_id', array('m_delete')))
+	$check_permission = ($is_soft) ? 'm_softdelete' : 'm_delete';
+	if (!phpbb_check_ids($topic_ids, TOPICS_TABLE, 'topic_id', array($check_permission)))
 	{
 		return;
 	}
@@ -882,7 +883,8 @@ function mcp_delete_post($post_ids, $is_soft = false, $soft_delete_reason = '',
 {
 	global $auth, $user, $db, $phpEx, $phpbb_root_path, $request, $phpbb_container;
 
-	if (!phpbb_check_ids($post_ids, POSTS_TABLE, 'post_id', array('m_softdelete')))
+	$check_permission = ($is_soft) ? 'm_softdelete' : 'm_delete';
+	if (!phpbb_check_ids($post_ids, POSTS_TABLE, 'post_id', array($check_permission)))
 	{
 		return;
 	}
diff --git a/phpBB/includes/mcp/mcp_warn.php b/phpBB/includes/mcp/mcp_warn.php
index 425c3ac235..d724b8703b 100644
--- a/phpBB/includes/mcp/mcp_warn.php
+++ b/phpBB/includes/mcp/mcp_warn.php
@@ -332,7 +332,7 @@ class mcp_warn
 
 		// We want to make the message available here as a reminder
 		// Parse the message and subject
-		$parse_flags = OPTION_FLAG_SMILIES | ($row['bbcode_bitfield'] ? OPTION_FLAG_BBCODE : 0);
+		$parse_flags = OPTION_FLAG_SMILIES | ($user_row['bbcode_bitfield'] ? OPTION_FLAG_BBCODE : 0);
 		$message = generate_text_for_display($user_row['post_text'], $user_row['bbcode_uid'], $user_row['bbcode_bitfield'], $parse_flags, true);
 
 		// Generate the appropriate user information for the user we are looking at
diff --git a/phpBB/includes/ucp/ucp_notifications.php b/phpBB/includes/ucp/ucp_notifications.php
index 5691302b83..b0aeaba227 100644
--- a/phpBB/includes/ucp/ucp_notifications.php
+++ b/phpBB/includes/ucp/ucp_notifications.php
@@ -95,35 +95,25 @@ class ucp_notifications
 			case 'notification_list':
 			default:
 				// Mark all items read
-				if ($request->variable('mark', '') == 'all' && (confirm_box(true) || check_link_hash($request->variable('token', ''), 'mark_all_notifications_read')))
+				if ($request->variable('mark', '') == 'all' && check_link_hash($request->variable('token', ''), 'mark_all_notifications_read'))
 				{
-					if (confirm_box(true))
-					{
-						$phpbb_notifications->mark_notifications_read(false, false, $user->data['user_id'], $form_time);
-
-						meta_refresh(3, $this->u_action);
-						$message = $user->lang['NOTIFICATIONS_MARK_ALL_READ_SUCCESS'];
+					$phpbb_notifications->mark_notifications_read(false, false, $user->data['user_id'], $form_time);
 
-						if ($request->is_ajax())
-						{
-							$json_response = new \phpbb\json_response();
-							$json_response->send(array(
-								'MESSAGE_TITLE'	=> $user->lang['INFORMATION'],
-								'MESSAGE_TEXT'	=> $message,
-								'success'		=> true,
-							));
-						}
-						$message .= '<br /><br />' . $user->lang('RETURN_UCP', '<a href="' . $this->u_action . '">', '</a>');
+					meta_refresh(3, $this->u_action);
+					$message = $user->lang['NOTIFICATIONS_MARK_ALL_READ_SUCCESS'];
 
-						trigger_error($message);
-					}
-					else
+					if ($request->is_ajax())
 					{
-						confirm_box(false, 'NOTIFICATIONS_MARK_ALL_READ', build_hidden_fields(array(
-							'mark'		=> 'all',
-							'form_time'	=> $form_time,
-						)));
+						$json_response = new \phpbb\json_response();
+						$json_response->send(array(
+							'MESSAGE_TITLE'	=> $user->lang['INFORMATION'],
+							'MESSAGE_TEXT'	=> $message,
+							'success'		=> true,
+						));
 					}
+					$message .= '<br /><br />' . $user->lang('RETURN_UCP', '<a href="' . $this->u_action . '">', '</a>');
+
+					trigger_error($message);
 				}
 
 				// Mark specific notifications read
diff --git a/phpBB/includes/ucp/ucp_pm.php b/phpBB/includes/ucp/ucp_pm.php
index 7a8c694870..425a56cf6c 100644
--- a/phpBB/includes/ucp/ucp_pm.php
+++ b/phpBB/includes/ucp/ucp_pm.php
@@ -45,7 +45,7 @@ class ucp_pm
 
 	function main($id, $mode)
 	{
-		global $user, $template, $phpbb_root_path, $auth, $phpEx, $db, $config;
+		global $user, $template, $phpbb_root_path, $auth, $phpEx, $db, $config, $request;
 
 		if (!$user->data['is_registered'])
 		{
@@ -246,6 +246,27 @@ class ucp_pm
 					$folder_id = (int) $row['folder_id'];
 				}
 
+				if ($request->variable('mark', '') == 'all' && check_link_hash($request->variable('token', ''), 'mark_all_pms_read'))
+				{
+					mark_folder_read($user->data['user_id'], $folder_id);
+
+					meta_refresh(3, $this->u_action);
+					$message = $user->lang['PM_MARK_ALL_READ_SUCCESS'];
+
+					if ($request->is_ajax())
+					{
+						$json_response = new \phpbb\json_response();
+						$json_response->send(array(
+							'MESSAGE_TITLE'	=> $user->lang['INFORMATION'],
+							'MESSAGE_TEXT'	=> $message,
+							'success'		=> true,
+						));
+					}
+					$message .= '<br /><br />' . $user->lang('RETURN_UCP', '<a href="' . $this->u_action . '">', '</a>');
+
+					trigger_error($message);
+				}
+
 				$message_row = array();
 				if ($action == 'view_message' && $msg_id)
 				{
@@ -332,6 +353,7 @@ class ucp_pm
 					'U_SENTBOX'				=> $this->u_action . '&amp;folder=sentbox',
 					'U_CREATE_FOLDER'		=> $this->u_action . '&amp;mode=options',
 					'U_CURRENT_FOLDER'		=> $this->u_action . '&amp;folder=' . $folder_id,
+					'U_MARK_ALL'			=> $this->u_action . '&amp;folder=' . $folder_id . '&amp;mark=all&amp;token=' . generate_link_hash('mark_all_pms_read'),
 
 					'S_IN_INBOX'			=> ($folder_id == PRIVMSGS_INBOX) ? true : false,
 					'S_IN_OUTBOX'			=> ($folder_id == PRIVMSGS_OUTBOX) ? true : false,
diff --git a/phpBB/includes/ucp/ucp_profile.php b/phpBB/includes/ucp/ucp_profile.php
index 361dc831aa..a876d0133a 100644
--- a/phpBB/includes/ucp/ucp_profile.php
+++ b/phpBB/includes/ucp/ucp_profile.php
@@ -655,9 +655,14 @@ class ucp_profile
 					{
 						if (!empty($keys))
 						{
+							foreach ($keys as $key => $id)
+							{
+								$keys[$key] = $db->sql_like_expression($id . $db->get_any_char());
+							}
+							$sql_where = '(key_id ' . implode(' OR key_id ', $keys) . ')';
 							$sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . '
 								WHERE user_id = ' . (int) $user->data['user_id'] . '
-								AND ' . $db->sql_in_set('key_id', $keys) ;
+								AND ' . $sql_where ;
 
 							$db->sql_query($sql);
 
@@ -681,7 +686,7 @@ class ucp_profile
 				while ($row = $db->sql_fetchrow($result))
 				{
 					$template->assign_block_vars('sessions', array(
-						'KEY' => $row['key_id'],
+						'KEY' => substr($row['key_id'], 0, 8),
 						'IP' => $row['last_ip'],
 						'LOGIN_TIME' => $user->format_date($row['last_login']),
 					));