8 files changed, 62 insertions, 5 deletions
diff --git a/phpBB/adm/images/phpbb_logo.png b/phpBB/adm/images/phpbb_logo.png
index c3f9248ed7..2d76ef18cb 100644
--- a/phpBB/adm/images/phpbb_logo.png
+++ b/phpBB/adm/images/phpbb_logo.png
diff --git a/phpBB/develop/strip_icc_profiles.sh b/phpBB/develop/strip_icc_profiles.sh
new file mode 100755
index 0000000000..779c7ffca7
--- /dev/null
+++ b/phpBB/develop/strip_icc_profiles.sh
@@ -0,0 +1,26 @@
+#!/bin/sh
+#
+# @copyright (c) 2014 phpBB Group
+# @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+#
+
+if [ "$#" -ne 1 ]
+then
+	SCRIPT=$(basename "$0")
+	echo "Description: Finds and strips ICC Profiles from given image file." >&2
+	echo "Usage: $SCRIPT /path/to/image/file" >&2
+	echo "Exit Status: 0 if no ICC profiles have been stripped, otherwise 1." >&2
+	echo "Requires: exiftool" >&2
+	exit 1
+fi
+
+FILE=$1
+HASH_OLD=$(md5sum "$FILE")
+exiftool -icc_profile"-<=" -overwrite_original_in_place "$FILE" > /dev/null 2>&1
+HASH_NEW=$(md5sum "$FILE")
+
+if [ "$HASH_OLD" != "$HASH_NEW" ]
+then
+	echo "Stripped ICC Profile from $FILE."
+	exit 1
+fi
diff --git a/phpBB/docs/AUTHORS b/phpBB/docs/AUTHORS
index 25d2849dbe..36dd847e96 100644
--- a/phpBB/docs/AUTHORS
+++ b/phpBB/docs/AUTHORS
@@ -25,9 +25,9 @@ phpBB Lead Developer:  naderman (Nils Adermann)
 phpBB Developers:      bantu (Andreas Fischer)
                        dhruv.goel92 (Dhruv Goel)
                        EXreaction (Nathan Guse)
-                       imkingdavid (David King)
                        marc1706 (Marc Alexander)
                        nickvergessen (Joas Schilling)
+                       nicofuma (Tristan Darricau)
                        prototech (Cesar Gallegos)
 
 Contributions by:      leviatan21 (Gabriel Vazquez)
@@ -53,8 +53,9 @@ phpBB Developers:      A_Jelly_Doughnut (Josh Woody) [01/2010 - 11/2010]
                        DavidMJ (David M.)            [12/2005 - 08/2009]
                        dhn (Dominik Dröscher)        [05/2007 - 01/2011]
                        GrahamJE (Graham Eames)       [09/2005 - 11/2006]
-                       kellanved (Henry Sudhof)      [04/2007 - 03/2011]
                        igorw (Igor Wiedler)          [08/2010 - 02/2013]
+                       imkingdavid (David King)      [11/2012 - 06/2014]
+                       kellanved (Henry Sudhof)      [04/2007 - 03/2011]
                        Oleg (Oleg Pudeyev)           [01/2011 - 05/2013]
                        rxu (Ruslan Uzdenov)          [04/2010 - 12/2012]
                        TerraFrost (Jim Wigginton)    [04/2009 - 01/2011]
diff --git a/phpBB/includes/acp/acp_php_info.php b/phpBB/includes/acp/acp_php_info.php
index 7dd345971a..88e2ac3f8d 100644
--- a/phpBB/includes/acp/acp_php_info.php
+++ b/phpBB/includes/acp/acp_php_info.php
@@ -47,7 +47,7 @@ class acp_php_info
 		// for this was nabbed from the PHP annotated manual
 		preg_match_all('#<body[^>]*>(.*)</body>#si', $phpinfo, $output);
 
-		if (empty($phpinfo) || empty($output))
+		if (empty($phpinfo) || empty($output[1][0]))
 		{
 			trigger_error('NO_PHPINFO_AVAILABLE', E_USER_WARNING);
 		}
diff --git a/phpBB/includes/functions_upload.php b/phpBB/includes/functions_upload.php
index 73ac1df2d2..69f10911ec 100644
--- a/phpBB/includes/functions_upload.php
+++ b/phpBB/includes/functions_upload.php
@@ -466,6 +466,9 @@ class fileupload
 	var $max_height = 0;
 	var $error_prefix = '';
 
+	/** @var int Timeout for remote upload */
+	var $upload_timeout = 6;
+
 	/**
 	* Init file upload class.
 	*
@@ -795,13 +798,28 @@ class fileupload
 		fputs($fsock, "HOST: " . $host . "\r\n");
 		fputs($fsock, "Connection: close\r\n\r\n");
 
+		// Set a proper timeout for the socket
+		socket_set_timeout($fsock, $this->upload_timeout);
+
 		$get_info = false;
 		$data = '';
-		while (!@feof($fsock))
+		$length = false;
+		$timer_stop = time() + $this->upload_timeout;
+
+		while ((!$length || $filesize < $length) && !@feof($fsock))
 		{
 			if ($get_info)
 			{
-				$block = @fread($fsock, 1024);
+				if ($length)
+				{
+					// Don't attempt to read past end of file if server indicated length
+					$block = @fread($fsock, min($length - $filesize, 1024));
+				}
+				else
+				{
+					$block = @fread($fsock, 1024);
+				}
+
 				$filesize += strlen($block);
 
 				if ($remote_max_filesize && $filesize > $remote_max_filesize)
@@ -847,6 +865,15 @@ class fileupload
 					}
 				}
 			}
+
+			$stream_meta_data = stream_get_meta_data($fsock);
+
+			// Cancel upload if we exceed timeout
+			if (!empty($stream_meta_data['timed_out']) || time() >= $timer_stop)
+			{
+				$file = new fileerror($user->lang[$this->error_prefix . 'REMOTE_UPLOAD_TIMEOUT']);
+				return $file;
+			}
 		}
 		@fclose($fsock);
 
diff --git a/phpBB/includes/mcp/mcp_post.php b/phpBB/includes/mcp/mcp_post.php
index ba45037a18..df5dc27996 100644
--- a/phpBB/includes/mcp/mcp_post.php
+++ b/phpBB/includes/mcp/mcp_post.php
@@ -157,6 +157,7 @@ function mcp_post_details($id, $mode, $action)
 
 		if (sizeof($attachments))
 		{
+			$user->add_lang('viewtopic');
 			$update_count = array();
 			parse_attachments($post_info['forum_id'], $message, $attachments, $update_count);
 		}
diff --git a/phpBB/language/en/common.php b/phpBB/language/en/common.php
index cc38804fe2..2d3710e15c 100644
--- a/phpBB/language/en/common.php
+++ b/phpBB/language/en/common.php
@@ -88,6 +88,7 @@ $lang = array_merge($lang, array(
 	'AVATAR_PARTIAL_UPLOAD'			=> 'The specified file was only partially uploaded.',
 	'AVATAR_PHP_SIZE_NA'			=> 'The avatar’s filesize is too large.<br />The maximum allowed filesize set in php.ini could not be determined.',
 	'AVATAR_PHP_SIZE_OVERRUN'		=> 'The avatar’s filesize is too large. The maximum allowed upload size is %1$d %2$s.<br />Please note this is set in php.ini and cannot be overridden.',
+	'AVATAR_REMOTE_UPLOAD_TIMEOUT'		=> 'The specified avatar could not be uploaded because the request timed out.',
 	'AVATAR_URL_INVALID'			=> 'The URL you specified is invalid.',
 	'AVATAR_URL_NOT_FOUND'			=> 'The file specified could not be found.',
 	'AVATAR_WRONG_FILESIZE'			=> 'The avatar’s filesize must be between 0 and %1$d %2$s.',
diff --git a/phpBB/language/en/posting.php b/phpBB/language/en/posting.php
index df411c3228..5316011f4e 100644
--- a/phpBB/language/en/posting.php
+++ b/phpBB/language/en/posting.php
@@ -178,6 +178,7 @@ $lang = array_merge($lang, array(
 
 	'QUOTE_DEPTH_EXCEEDED'		=> 'You may embed only %1$d quotes within each other.',
 
+	'REMOTE_UPLOAD_TIMEOUT'		=> 'The specified file could not be uploaded because the request timed out.',
 	'SAVE'						=> 'Save',
 	'SAVE_DATE'					=> 'Saved at',
 	'SAVE_DRAFT'				=> 'Save draft',