• [Fix] incorrect handling of password resets if admin activation is enabled (Bug #88)
• [Fix] retrieving category rows in index.php (Bug #90)
• [Fix] improved index performance by determining the permissions before iterating through all forums (Bug #91)
• [Fix] wrong topic redirection after login redirect (Bug #94)
• [Fix] improved handling of username lists in admin_ug_auth.php (Bug #98)
• [Fix] incorrect removal of bbcode_uid values if bbcode has been turned off (Bug #100)
• [Fix] correctly preview signature if editing other users posts (Bug #101)
• [Fix] incorrect alt tag on generated search images in groupcp.php, viewtopic.php and usercp_viewprofile.php (Bug #102)
• [Fix] consistent forum ordering in all dropdown boxes (Bug #106)
• [Fix] correctly get compression status in page_tail.php and page_footer_admin.php (Bug #117)
• [Fix] set page title on summary page of groupcp.php (bug #125)
• [Fix] correctly test style and avatar in usercp_register.php (bug #129 and #317)
• [Fix] handling of reactivation notifications if admin activation is enabled (Bug #145)
• [Fix] handling of both forms of translation information used in language packs (Bug #159)
• [Fix] key length for activation keys fixed in usercp_sendpassword.php (Bug #171)
• [Fix] use GENERAL_MESSAGE constant in message_die instead of MESSAGE (Bug #176)
• [Fix] incorrect handling of move stubs (Bug #179)
• [Fix] wrong mode_type in memberlist (Bug #187)
• [Fix] SQL errors when setting maximum PMs to 0 (Bug #188)
• [Fix] removed unused variable from topic_notify email template (Bug #210)
• [Fix] removed unset variable from smilies popup window title (Bug #224)
• [Fix] removed duplicate template assignment from admin_board.php (Bug #226)
• [Fix] incorrect search link for guest posts in modcp.php (Bug #254)
• [Fix] all users removed from topics watch table on special occassions (Bug #271)
• [Fix] correctly check returned value from strpos in append_sid function (Bug #275)
• [Fix] correctly display username in private message notification (Bug #278)
• [Fix] fixed "var-by-ref" errors (Bug #322)
• [Fix] changed redirection to installation (Bug #325)
• [Fix] added timout of 10 seconds to version check (Bug #348)
• [Fix] fixed user_level default in postgresql schema file (Bug #444)
• [Fix] multiple minor HTML issues with subSilver
• [Change] deprecated the use of some PHP 3 compatability functions in favour of the native equivalents
• [Change] added 60 days limit for grabbing unread topics in index.php
• [Sec] backport of session keys system from olympus
• [Sec] fixed email bans to use the same pattern as email validation and allow wildcard domain bans
• [Sec] fixed validation of topic type when posting
• [Sec] unset database password once it is no longer needed
• [Sec] fixed potential to select images outside the specified path as avatars or smilies
• [Sec] fix globals de-registration code for PHP5 - (Stefan Esser/Matt Kavanagh)
• [Sec] changed avatar gallery code sections to prevent possible injection points (AnthraX101)
• [Sec] signature field is not properly sanitised for user input when an error occurs while accessing the avatar gallery (AnthraX101)
• [Sec] check to_username and ownership when editing a PM (AnthraX101)
• [Sec] fixed ability to edit PM's you did not send (depablo84)
• [Sec] compare imagetype on avatar uploading to match the file extension from uploaded file

• [Fix] incorrect handling of password resets if admin activation is enabled (Bug #88)
• [Fix] retrieving category rows in index.php (Bug #90)
• [Fix] improved index performance by determining the permissions before iterating through all forums (Bug #91)
• [Fix] wrong topic redirection after login redirect (Bug #94)
• [Fix] improved handling of username lists in admin_ug_auth.php (Bug #98)
• [Fix] incorrect removal of bbcode_uid values if bbcode has been turned off (Bug #100)
• [Fix] correctly preview signature if editing other users posts (Bug #101)
• [Fix] incorrect alt tag on generated search images in groupcp.php, viewtopic.php and usercp_viewprofile.php (Bug #102)
• [Fix] consistent forum ordering in all dropdown boxes (Bug #106)
• [Fix] correctly get compression status in page_tail.php and page_footer_admin.php (Bug #117)
• [Fix] set page title on summary page of groupcp.php (bug #125)
• [Fix] correctly test style and avatar in usercp_register.php (bug #129 and #317)
• [Fix] handling of reactivation notifications if admin activation is enabled (Bug #145)
• [Fix] handling of both forms of translation information used in language packs (Bug #159)
• [Fix] key length for activation keys fixed in usercp_sendpassword.php (Bug #171)
• [Fix] use GENERAL_MESSAGE constant in message_die instead of MESSAGE (Bug #176)
• [Fix] incorrect handling of move stubs (Bug #179)
• [Fix] wrong mode_type in memberlist (Bug #187)
• [Fix] SQL errors when setting maximum PMs to 0 (Bug #188)
• [Fix] removed unused variable from topic_notify email template (Bug #210)
• [Fix] removed unset variable from smilies popup window title (Bug #224)
• [Fix] removed duplicate template assignment from admin_board.php (Bug #226)
• [Fix] incorrect search link for guest posts in modcp.php (Bug #254)
• [Fix] all users removed from topics watch table on special occassions (Bug #271)
• [Fix] correctly check returned value from strpos in append_sid function (Bug #275)
• [Fix] correctly display username in private message notification (Bug #278)
• [Fix] fixed "var-by-ref" errors (Bug #322)
• [Fix] changed redirection to installation (Bug #325)
• [Fix] added timout of 10 seconds to version check (Bug #348)
• [Fix] fixed user_level default in postgresql schema file (Bug #444)
• [Fix] multiple minor HTML issues with subSilver
• [Change] deprecated the use of some PHP 3 compatability functions in favour of the native equivalents
• [Change] added 60 days limit for grabbing unread topics in index.php
• [Sec] backport of session keys system from olympus
• [Sec] fixed email bans to use the same pattern as email validation and allow wildcard domain bans
• [Sec] fixed validation of topic type when posting
• [Sec] unset database password once it is no longer needed
• [Sec] fixed potential to select images outside the specified path as avatars or smilies
• [Sec] fix globals de-registration code for PHP5 - (Stefan Esser/Matt Kavanagh)
• [Sec] changed avatar gallery code sections to prevent possible injection points (AnthraX101)
• [Sec] signature field is not properly sanitised for user input when an error occurs while accessing the avatar gallery (AnthraX101)
• [Sec] check to_username and ownership when editing a PM (AnthraX101)
• [Sec] fixed ability to edit PM's you did not send (depablo84)
• [Sec] compare imagetype on avatar uploading to match the file extension from uploaded file

What has changed in this release?

The changelog (contained within this release) is as follows:

* Prevent login attempts from incrementing for inactive users
* Do not check maximum login attempts on re-authentication to the admin panel - tomknight
* Regenerate session keys on password change
* retrieving category rows in index.php (Bug #90)
* improved index performance by determining the permissions before iterating through all forums (Bug #91)
* Better handling of short usernames within the search (bug
#105)
* Send a no-cache header on admin pages as well as normal board pages (Bug #149)
* Apply word censors to the message when quoting it (Bug #405)

* Improved performance of query in admin_groups (Bug #753)
* Workaround for an issue in either PHP or MSSQL resulting in a space being returned instead of an empty string (bug #830)
* Correct use of default_style config value (Bug #861)
* Replace unneeded unset calls in admin_db_utilities.php - vanderaj
* Improved error handling in modcp.php
* Improved handling of forums to which the user does not have any explicit permissions - vanderaj
* Assorted fixes and cleanup of admin_ranks.php, now requires confirmation of deletions
* Assorted fixes and cleanup of admin_words.php, now requires confirmation of deletions
* Addition and editing of smilies can no longer be performed via GET, now requires confirmation of deletions
* Escape group names in admin_groups.php
* Replace strip_tags with htmlspecialchars in private message subject
* Some changes to HTML handling if enabled
* Escape any special characters in reverse dns - Anthrax101
* Typecast poll id values - Anthrax101
* Added configurable search flood control to reduce the effect of DoS style attacks
* Changed the way we create "random" values for use as keys -
chinchilla/Anthrax101
* Enabled Visual Confirmation by default
* Changed handling of the case where a selected style doesn't exist in the database
* Changed handling of topic pruning to improve performance
* Changed default forum permissions to only allow registered users to post in new forums

What has changed in this release?

The changelog (contained within this release) is as follows:

* Prevent login attempts from incrementing for inactive users
* Do not check maximum login attempts on re-authentication to the admin panel - tomknight
* Regenerate session keys on password change
* retrieving category rows in index.php (Bug #90)
* improved index performance by determining the permissions before iterating through all forums (Bug #91)
* Better handling of short usernames within the search (bug
#105)
* Send a no-cache header on admin pages as well as normal board pages (Bug #149)
* Apply word censors to the message when quoting it (Bug #405)

* Improved performance of query in admin_groups (Bug #753)
* Workaround for an issue in either PHP or MSSQL resulting in a space being returned instead of an empty string (bug #830)
* Correct use of default_style config value (Bug #861)
* Replace unneeded unset calls in admin_db_utilities.php - vanderaj
* Improved error handling in modcp.php
* Improved handling of forums to which the user does not have any explicit permissions - vanderaj
* Assorted fixes and cleanup of admin_ranks.php, now requires confirmation of deletions
* Assorted fixes and cleanup of admin_words.php, now requires confirmation of deletions
* Addition and editing of smilies can no longer be performed via GET, now requires confirmation of deletions
* Escape group names in admin_groups.php
* Replace strip_tags with htmlspecialchars in private message subject
* Some changes to HTML handling if enabled
* Escape any special characters in reverse dns - Anthrax101
* Typecast poll id values - Anthrax101
* Added configurable search flood control to reduce the effect of DoS style attacks
* Changed the way we create "random" values for use as keys -
chinchilla/Anthrax101
* Enabled Visual Confirmation by default
* Changed handling of the case where a selected style doesn't exist in the database
* Changed handling of topic pruning to improve performance
* Changed default forum permissions to only allow registered users to post in new forums