Merge branch 'release-2.1' of https://github.com/SimpleMachines/SMF2.1 into release-2.1

Signed-off-by: Peter Spicer <[email protected]>

Conflicts:
	Sources/ManageServer.php

Sources/Display.php

@@ -1046,7 +1046,7 @@ function Display()
 
 	$context['jump_to'] = array(
 		'label' => addslashes(un_htmlspecialchars($txt['jump_to'])),
-		'board_name' => htmlspecialchars(strtr(strip_tags($board_info['name']), array('&' => '&'))),
+		'board_name' => $smcFunc['htmlspecialchars'](strtr(strip_tags($board_info['name']), array('&' => '&'))),
 		'child_level' => $board_info['child_level'],
 	);
 
@@ -1556,12 +1556,12 @@ function loadAttachmentContext($id_msg)
 		{
 			$attachmentData[$i] = array(
 				'id' => $attachment['id_attach'],
-				'name' => preg_replace('~&#(\\d{1,7}|x[0-9a-fA-F]{1,6});~', '&#\\1;', htmlspecialchars($attachment['filename'])),
+				'name' => preg_replace('~&#(\\d{1,7}|x[0-9a-fA-F]{1,6});~', '&#\\1;', $smcFunc['htmlspecialchars']($attachment['filename'])),
 				'downloads' => $attachment['downloads'],
 				'size' => ($attachment['filesize'] < 1024000) ? round($attachment['filesize'] / 1024, 2) . ' ' . $txt['kilobyte'] : round($attachment['filesize'] / 1024 / 1024, 2) . ' ' . $txt['megabyte'],
 				'byte_size' => $attachment['filesize'],
 				'href' => $scripturl . '?action=dlattach;topic=' . $topic . '.0;attach=' . $attachment['id_attach'],
-				'link' => '<a href="' . $scripturl . '?action=dlattach;topic=' . $topic . '.0;attach=' . $attachment['id_attach'] . '">' . htmlspecialchars($attachment['filename']) . '</a>',
+				'link' => '<a href="' . $scripturl . '?action=dlattach;topic=' . $topic . '.0;attach=' . $attachment['id_attach'] . '">' . $smcFunc['htmlspecialchars']($attachment['filename']) . '</a>',
 				'is_image' => !empty($attachment['width']) && !empty($attachment['height']) && !empty($modSettings['attachmentShowImages']),
 				'is_approved' => $attachment['approved'],
 			);

Sources/Errors.php

@@ -66,7 +66,7 @@ function log_error($error_message, $error_type = 'general', $file = null, $line
 	$query_string = empty($_SERVER['QUERY_STRING']) ? (empty($_SERVER['REQUEST_URL']) ? '' : str_replace($scripturl, '', $_SERVER['REQUEST_URL'])) : $_SERVER['QUERY_STRING'];
 
 	// Don't log the session hash in the url twice, it's a waste.
-	$query_string = htmlspecialchars((SMF == 'SSI' ? '' : '?') . preg_replace(array('~;sesc=[^&;]+~', '~' . session_name() . '=' . session_id() . '[&;]~'), array(';sesc', ''), $query_string));
+	$query_string = $smcFunc['htmlspecialchars']((SMF == 'SSI' ? '' : '?') . preg_replace(array('~;sesc=[^&;]+~', '~' . session_name() . '=' . session_id() . '[&;]~'), array(';sesc', ''), $query_string));
 
 	// Just so we know what board error messages are from.
 	if (isset($_POST['board']) && !isset($_GET['board']))

Sources/Load.php

@@ -1186,7 +1186,7 @@ function loadMemberContext($user, $display_custom_fields = false)
 			'posts' => $profile['posts'] > 500000 ? $txt['geek'] : comma_format($profile['posts']),
 			'avatar' => array(
 				'name' => $profile['avatar'],
-				'image' => $profile['avatar'] == '' ? ($profile['id_attach'] > 0 ? '<img class="avatar" src="' . (empty($profile['attachment_type']) ? $scripturl . '?action=dlattach;attach=' . $profile['id_attach'] . ';type=avatar' : $modSettings['custom_avatar_url'] . '/' . $profile['filename']) . '" alt="" />' : '') : (stristr($profile['avatar'], 'http://') ? '<img class="avatar" src="' . $profile['avatar'] . '"' . $avatar_width . $avatar_height . ' alt="" />' : '<img class="avatar" src="' . $modSettings['avatar_url'] . '/' . htmlspecialchars($profile['avatar']) . '" alt="" />'),
+				'image' => $profile['avatar'] == '' ? ($profile['id_attach'] > 0 ? '<img class="avatar" src="' . (empty($profile['attachment_type']) ? $scripturl . '?action=dlattach;attach=' . $profile['id_attach'] . ';type=avatar' : $modSettings['custom_avatar_url'] . '/' . $profile['filename']) . '" alt="" />' : '') : (stristr($profile['avatar'], 'http://') ? '<img class="avatar" src="' . $profile['avatar'] . '"' . $avatar_width . $avatar_height . ' alt="" />' : '<img class="avatar" src="' . $modSettings['avatar_url'] . '/' . $smcFunc['htmlspecialchars']($profile['avatar']) . '" alt="" />'),
 				'href' => $profile['avatar'] == '' ? ($profile['id_attach'] > 0 ? (empty($profile['attachment_type']) ? $scripturl . '?action=dlattach;attach=' . $profile['id_attach'] . ';type=avatar' : $modSettings['custom_avatar_url'] . '/' . $profile['filename']) : '') : (stristr($profile['avatar'], 'http://') ? $profile['avatar'] : $modSettings['avatar_url'] . '/' . $profile['avatar']),
 				'url' => $profile['avatar'] == '' ? '' : (stristr($profile['avatar'], 'http://') ? $profile['avatar'] : $modSettings['avatar_url'] . '/' . $profile['avatar'])
 			),
@@ -1198,8 +1198,8 @@ function loadMemberContext($user, $display_custom_fields = false)
 				'allow' => !$user_info['is_guest'] && !empty($modSettings['karmaMode']) && $user_info['id'] != $user && allowedTo('karma_edit') &&
 				($user_info['posts'] >= $modSettings['karmaMinPosts'] || $user_info['is_admin']),
 			),
-			'ip' => htmlspecialchars($profile['member_ip']),
-			'ip2' => htmlspecialchars($profile['member_ip2']),
+			'ip' => $smcFunc['htmlspecialchars']($profile['member_ip']),
+			'ip2' => $smcFunc['htmlspecialchars']($profile['member_ip2']),
 			'online' => array(
 				'is_online' => $profile['is_online'],
 				'text' => $smcFunc['htmlspecialchars']($txt[$profile['is_online'] ? 'online' : 'offline']),
@@ -1649,7 +1649,7 @@ function loadTheme($id_theme = 0, $initialize = true)
 	$context['forum_name'] = $mbname;
 	$context['forum_name_html_safe'] = $smcFunc['htmlspecialchars']($context['forum_name']);
 	$context['header_logo_url_html_safe'] = empty($settings['header_logo_url']) ? '' : $smcFunc['htmlspecialchars']($settings['header_logo_url']);
-	$context['current_action'] = isset($_REQUEST['action']) ? $_REQUEST['action'] : null;
+	$context['current_action'] = isset($_REQUEST['action']) ? $smcFunc['htmlspecialchars']($_REQUEST['action']) : null;
 	$context['current_subaction'] = isset($_REQUEST['sa']) ? $_REQUEST['sa'] : null;
 	$context['can_register'] = empty($modSettings['registration_method']) || $modSettings['registration_method'] != 3;
 	if (isset($modSettings['load_average']))

Sources/LogInOut.php

@@ -168,7 +168,7 @@ function Login2()
 	}
 
 	// Set up the default/fallback stuff.
-	$context['default_username'] = isset($_POST['user']) ? preg_replace('~&#(\\d{1,7}|x[0-9a-fA-F]{1,6});~', '&#\\1;', htmlspecialchars($_POST['user'])) : '';
+	$context['default_username'] = isset($_POST['user']) ? preg_replace('~&#(\\d{1,7}|x[0-9a-fA-F]{1,6});~', '&#\\1;', $smcFunc['htmlspecialchars']($_POST['user'])) : '';
 	$context['default_password'] = '';
 	$context['never_expire'] = $modSettings['cookieTime'] == 525600 || $modSettings['cookieTime'] == 3153600;
 	$context['login_errors'] = array($txt['error_occured']);

Sources/Logging.php

@@ -202,7 +202,7 @@ function logLastDatabaseError()
 function displayDebug()
 {
 	global $context, $scripturl, $boarddir, $modSettings, $boarddir;
-	global $db_cache, $db_count, $db_show_debug, $cache_count, $cache_hits, $txt;
+	global $db_cache, $db_count, $db_show_debug, $cache_count, $cache_hits, $smcFunc, $txt;
 
 	// Add to Settings.php if you want to show the debugging information.
 	if (!isset($db_show_debug) || $db_show_debug !== true || (isset($_GET['action']) && $_GET['action'] == 'viewquery') || WIRELESS)
@@ -303,7 +303,7 @@ function displayDebug()
 				$qq['f'] = preg_replace('~^' . preg_quote($boarddir, '~') . '~', '...', $qq['f']);
 
 			echo '
-	<strong>', $is_select ? '<a href="' . $scripturl . '?action=viewquery;qq=' . ($q + 1) . '#qq' . $q . '" target="_blank" class="new_win" style="text-decoration: none;">' : '', nl2br(str_replace("\t", '&nbsp;&nbsp;&nbsp;', htmlspecialchars(ltrim($qq['q'], "\n\r")))) . ($is_select ? '</a></strong>' : '</strong>') . '<br />
+	<strong>', $is_select ? '<a href="' . $scripturl . '?action=viewquery;qq=' . ($q + 1) . '#qq' . $q . '" target="_blank" class="new_win" style="text-decoration: none;">' : '', nl2br(str_replace("\t", '&nbsp;&nbsp;&nbsp;', $smcFunc['htmlspecialchars'](ltrim($qq['q'], "\n\r")))) . ($is_select ? '</a></strong>' : '</strong>') . '<br />
 	&nbsp;&nbsp;&nbsp;';
 			if (!empty($qq['f']) && !empty($qq['l']))
 				echo sprintf($txt['debug_query_in_line'], $qq['f'], $qq['l']);

Sources/ManageAttachments.php

@@ -414,7 +414,7 @@ function BrowseFiles()
 				),
 				'data' => array(
 					'function' => create_function('$rowData', '
-						global $modSettings, $context, $scripturl;
+						global $modSettings, $context, $scripturl, $smcFunc;
 
 						$link = \'<a href="\';
 
@@ -436,7 +436,7 @@ function BrowseFiles()
 						if (!empty($rowData[\'width\']) && !empty($rowData[\'height\']))
 							$link .= sprintf(\' onclick="return reqWin(this.href\' . ($rowData[\'attachment_type\'] == 1 ? \'\' : \' + \\\';image\\\'\') . \', %1$d, %2$d, true);"\', $rowData[\'width\'] + 20, $rowData[\'height\'] + 20);
 
-						$link .= sprintf(\'>%1$s</a>\', preg_replace(\'~&amp;#(\\\\d{1,7}|x[0-9a-fA-F]{1,6});~\', \'&#\\\\1;\', htmlspecialchars($rowData[\'filename\'])));
+						$link .= sprintf(\'>%1$s</a>\', preg_replace(\'~&amp;#(\\\\d{1,7}|x[0-9a-fA-F]{1,6});~\', \'&#\\\\1;\', $smcFunc[\'htmlspecialchars\']($rowData[\'filename\'])));
 
 						// Show the dimensions.
 						if (!empty($rowData[\'width\']) && !empty($rowData[\'height\']))
@@ -472,11 +472,11 @@ function BrowseFiles()
 				),
 				'data' => array(
 					'function' => create_function('$rowData', '
-						global $scripturl;
+						global $scripturl, $smcFunc;
 
 						// In case of an attachment, return the poster of the attachment.
 						if (empty($rowData[\'id_member\']))
-							return htmlspecialchars($rowData[\'poster_name\']);
+							return $smcFunc[\'htmlspecialchars\']($rowData[\'poster_name\']);
 
 						// Otherwise it must be an avatar, return the link to the owner of it.
 						else
@@ -2209,7 +2209,7 @@ function ManageAttachmentPaths()
 		if (!empty($_POST['new_base_dir']))
 		{
 			require_once($sourcedir . '/Subs-Attachments.php');
-			$_POST['new_base_dir'] = htmlspecialchars($_POST['new_base_dir'], ENT_QUOTES);
+			$_POST['new_base_dir'] = $smcFunc['htmlspecialchars']($_POST['new_base_dir'], ENT_QUOTES);
 
 			$current_dir = $modSettings['currentAttachmentUploadDir'];
 
@@ -2720,6 +2720,9 @@ function TransferAttachments()
 			$moved = array();
 			while ($row = $smcFunc['db_fetch_assoc']($request))
 			{
+				$source = getAttachmentFilename($row['filename'], $row['id_attach'], $row['id_folder'], false, $row['file_hash']);
+				$dest = $modSettings['attachmentUploadDir'][$new_dir] . '/' . basename($source);
+
 				// Size and file count check
 				if (!empty($modSettings['attachmentDirSizeLimit']) || !empty($modSettings['attachmentDirFileLimit']))
 				{
@@ -2755,9 +2758,6 @@ function TransferAttachments()
 					}
 				}
 
-				$source = getAttachmentFilename($row['filename'], $row['id_attach'], $row['id_folder'], false, $row['file_hash']);
-				$dest = $modSettings['attachmentUploadDir'][$new_dir] . '/' . basename($source);
-
 				if (@rename($source, $dest))
 				{
 					$total_moved++;

Sources/ManageBoards.php

@@ -81,7 +81,7 @@ function ManageBoards()
  */
 function ManageBoardsMain()
 {
-	global $txt, $context, $cat_tree, $boards, $boardList, $scripturl, $sourcedir, $txt;
+	global $txt, $context, $cat_tree, $boards, $boardList, $scripturl, $sourcedir, $txt, $smcFunc;
 
 	loadTemplate('ManageBoards');
 
@@ -137,7 +137,7 @@ function ManageBoardsMain()
 	{
 		createToken('admin-bm-' . $context['move_board'], 'request');
 
-		$context['move_title'] = sprintf($txt['mboards_select_destination'], htmlspecialchars($boards[$context['move_board']]['name']));
+		$context['move_title'] = sprintf($txt['mboards_select_destination'], $smcFunc['htmlspecialchars']($boards[$context['move_board']]['name']));
 		foreach ($cat_tree as $catid => $tree)
 		{
 			$prev_child_level = 0;
@@ -150,7 +150,7 @@ function ManageBoardsMain()
 				if (!isset($context['categories'][$catid]['move_link']))
 					$context['categories'][$catid]['move_link'] = array(
 						'child_level' => 0,
-						'label' => $txt['mboards_order_before'] . ' \'' . htmlspecialchars($boards[$boardid]['name']) . '\'',
+						'label' => $txt['mboards_order_before'] . ' \'' . $smcFunc['htmlspecialchars']($boards[$boardid]['name']) . '\'',
 						'href' => $scripturl . '?action=admin;area=manageboards;sa=move;src_board=' . $context['move_board'] . ';target_board=' . $boardid . ';move_to=before;' . $security,
 					);
 
@@ -158,12 +158,12 @@ function ManageBoardsMain()
 				$context['categories'][$catid]['boards'][$boardid]['move_links'] = array(
 					array(
 						'child_level' => $boards[$boardid]['level'],
-						'label' => $txt['mboards_order_after'] . '\'' . htmlspecialchars($boards[$boardid]['name']) . '\'',
+						'label' => $txt['mboards_order_after'] . '\'' . $smcFunc['htmlspecialchars']($boards[$boardid]['name']) . '\'',
 						'href' => $scripturl . '?action=admin;area=manageboards;sa=move;src_board=' . $context['move_board'] . ';target_board=' . $boardid . ';move_to=after;' . $security,
 					),
 					array(
 						'child_level' => $boards[$boardid]['level'] + 1,
-						'label' => $txt['mboards_order_child_of'] . ' \'' . htmlspecialchars($boards[$boardid]['name']) . '\'',
+						'label' => $txt['mboards_order_child_of'] . ' \'' . $smcFunc['htmlspecialchars']($boards[$boardid]['name']) . '\'',
 						'href' => $scripturl . '?action=admin;area=manageboards;sa=move;src_board=' . $context['move_board'] . ';target_board=' . $boardid . ';move_to=child;' . $security,
 					),
 				);
@@ -192,7 +192,7 @@ function ManageBoardsMain()
 			if (empty($boardList[$catid]))
 				$context['categories'][$catid]['move_link'] = array(
 					'child_level' => 0,
-					'label' => $txt['mboards_order_before'] . ' \'' . htmlspecialchars($tree['node']['name']) . '\'',
+					'label' => $txt['mboards_order_before'] . ' \'' . $smcFunc['htmlspecialchars']($tree['node']['name']) . '\'',
 					'href' => $scripturl . '?action=admin;area=manageboards;sa=move;src_board=' . $context['move_board'] . ';target_cat=' . $catid . ';move_to=top;' . $security,
 				);
 		}
@@ -216,7 +216,7 @@ function ManageBoardsMain()
  */
 function EditCategory()
 {
-	global $txt, $context, $cat_tree, $boardList, $boards, $sourcedir;
+	global $txt, $context, $cat_tree, $boardList, $boards, $smcFunc, $sourcedir;
 
 	loadTemplate('ManageBoards');
 	require_once($sourcedir . '/Subs-Boards.php');
@@ -241,7 +241,7 @@ function EditCategory()
 		$context['category'] = array(
 			'id' => 0,
 			'name' => $txt['mboards_new_cat_name'],
-			'editable_name' => htmlspecialchars($txt['mboards_new_cat_name']),
+			'editable_name' => $smcFunc['htmlspecialchars']($txt['mboards_new_cat_name']),
 			'can_collapse' => true,
 			'is_new' => true,
 			'is_empty' => true
@@ -255,7 +255,7 @@ function EditCategory()
 		$context['category'] = array(
 			'id' => $_REQUEST['cat'],
 			'name' => $cat_tree[$_REQUEST['cat']]['node']['name'],
-			'editable_name' => htmlspecialchars($cat_tree[$_REQUEST['cat']]['node']['name']),
+			'editable_name' => $smcFunc['htmlspecialchars']($cat_tree[$_REQUEST['cat']]['node']['name']),
 			'can_collapse' => !empty($cat_tree[$_REQUEST['cat']]['node']['can_collapse']),
 			'children' => array(),
 			'is_empty' => empty($cat_tree[$_REQUEST['cat']]['children'])
@@ -372,7 +372,8 @@ function EditCategory2()
  */
 function EditBoard()
 {
-	global $txt, $context, $cat_tree, $boards, $boardList, $sourcedir, $smcFunc, $modSettings;
+	global $txt, $context, $cat_tree, $boards, $boardList;
+	global $sourcedir, $smcFunc, $modSettings;
 
 	loadTemplate('ManageBoards');
 	require_once($sourcedir . '/Subs-Boards.php');
@@ -425,8 +426,8 @@ function EditBoard()
 		// Just some easy shortcuts.
 		$curBoard = &$boards[$_REQUEST['boardid']];
 		$context['board'] = $boards[$_REQUEST['boardid']];
-		$context['board']['name'] = htmlspecialchars(strtr($context['board']['name'], array('&' => '&')));
-		$context['board']['description'] = htmlspecialchars($context['board']['description']);
+		$context['board']['name'] = $smcFunc['htmlspecialchars'](strtr($context['board']['name'], array('&' => '&')));
+		$context['board']['description'] = $smcFunc['htmlspecialchars']($context['board']['description']);
 		$context['board']['no_children'] = empty($boards[$_REQUEST['boardid']]['tree']['children']);
 		$context['board']['is_recycle'] = !empty($modSettings['recycle_enable']) && !empty($modSettings['recycle_board']) && $modSettings['recycle_board'] == $context['board']['id'];
 	}

Sources/ManageErrors.php

@@ -125,7 +125,7 @@ function ViewErrorLog()
 			'time' => timeformat($row['log_time']),
 			'timestamp' => $row['log_time'],
 			'url' => array(
-				'html' => htmlspecialchars((substr($row['url'], 0, 1) == '?' ? $scripturl : '') . $row['url']),
+				'html' => $smcFunc['htmlspecialchars']((substr($row['url'], 0, 1) == '?' ? $scripturl : '') . $row['url']),
 				'href' => base64_encode($smcFunc['db_escape_wildcard_string']($row['url']))
 			),
 			'message' => array(
@@ -206,15 +206,15 @@ function ViewErrorLog()
 			$context['filter']['value']['html'] = '<a href="' . $scripturl . '?action=profile;u=' . $id . '">' . $user_profile[$id]['real_name'] . '</a>';
 		}
 		elseif ($filter['variable'] == 'url')
-			$context['filter']['value']['html'] = '\'' . strtr(htmlspecialchars((substr($filter['value']['sql'], 0, 1) == '?' ? $scripturl : '') . $filter['value']['sql']), array('\_' => '_')) . '\'';
+			$context['filter']['value']['html'] = '\'' . strtr($smcFunc['htmlspecialchars']((substr($filter['value']['sql'], 0, 1) == '?' ? $scripturl : '') . $filter['value']['sql']), array('\_' => '_')) . '\'';
 		elseif ($filter['variable'] == 'message')
 		{
-			$context['filter']['value']['html'] = '\'' . strtr(htmlspecialchars($filter['value']['sql']), array("\n" => '<br />', '&lt;br /&gt;' => '<br />', "\t" => '&nbsp;&nbsp;&nbsp;', '\_' => '_', '\\%' => '%', '\\\\' => '\\')) . '\'';
+			$context['filter']['value']['html'] = '\'' . strtr($smcFunc['htmlspecialchars']($filter['value']['sql']), array("\n" => '<br />', '&lt;br /&gt;' => '<br />', "\t" => '&nbsp;&nbsp;&nbsp;', '\_' => '_', '\\%' => '%', '\\\\' => '\\')) . '\'';
 			$context['filter']['value']['html'] = preg_replace('~&amp;lt;span class=&amp;quot;remove&amp;quot;&amp;gt;(.+?)&amp;lt;/span&amp;gt;~', '$1', $context['filter']['value']['html']);
 		}
 		elseif ($filter['variable'] == 'error_type')
 		{
-			$context['filter']['value']['html'] = '\'' . strtr(htmlspecialchars($filter['value']['sql']), array("\n" => '<br />', '&lt;br /&gt;' => '<br />', "\t" => '&nbsp;&nbsp;&nbsp;', '\_' => '_', '\\%' => '%', '\\\\' => '\\')) . '\'';
+			$context['filter']['value']['html'] = '\'' . strtr($smcFunc['htmlspecialchars']($filter['value']['sql']), array("\n" => '<br />', '&lt;br /&gt;' => '<br />', "\t" => '&nbsp;&nbsp;&nbsp;', '\_' => '_', '\\%' => '%', '\\\\' => '\\')) . '\'';
 		}
 		else
 			$context['filter']['value']['html'] = &$filter['value']['sql'];
@@ -332,7 +332,8 @@ function deleteErrors()
  */
 function ViewFile()
 {
-	global $context, $txt, $boarddir, $sourcedir, $cachedir;
+	global $context, $txt, $boarddir, $sourcedir, $cachedir, $smcFunc;
+
 	// Check for the administrative permission to do this.
 	isAllowedTo('admin_forum');
 
@@ -347,7 +348,7 @@ function ViewFile()
 
 	// Make sure the file we are looking for is one they are allowed to look at
 	if ($ext != '.php' || (strpos($file, $real_board) === false && strpos($file, $real_source) === false) || ($basename == 'settings.php' || $basename == 'settings_bak.php') || strpos($file, $real_cache) !== false || !is_readable($file))
-		fatal_lang_error('error_bad_file', true, array(htmlspecialchars($file)));
+		fatal_lang_error('error_bad_file', true, array($smcFunc['htmlspecialchars']($file)));
 
 	// get the min and max lines
 	$min = $line - 20 <= 0 ? 1 : $line - 20;
@@ -356,7 +357,7 @@ function ViewFile()
 	if ($max <= 0 || $min >= $max)
 		fatal_lang_error('error_bad_line');
 
-	$file_data = explode('<br />', highlight_php_code(htmlspecialchars(implode('', file($file)))));
+	$file_data = explode('<br />', highlight_php_code($smcFunc['htmlspecialchars'](implode('', file($file)))));
 
 	// We don't want to slice off too many so lets make sure we stop at the last one
 	$max = min($max, max(array_keys($file_data)));

Sources/ManageLanguages.php

@@ -74,7 +74,7 @@ function AddLanguage()
 		// Need fetch_web_data.
 		require_once($sourcedir . '/Subs-Package.php');
 
-		$context['smf_search_term'] = htmlspecialchars(trim($_POST['smf_add']));
+		$context['smf_search_term'] = $smcFunc['htmlspecialchars'](trim($_POST['smf_add']));
 
 		$listOptions = array(
 			'id' => 'smf_languages',

Sources/ManageMail.php

@@ -116,7 +116,7 @@ function BrowseMailQueue()
 				'data' => array(
 					'function' => create_function('$rowData', '
 						global $smcFunc;
-						return $smcFunc[\'strlen\']($rowData[\'subject\']) > 50 ? sprintf(\'%1$s...\', htmlspecialchars($smcFunc[\'substr\']($rowData[\'subject\'], 0, 47))) : htmlspecialchars($rowData[\'subject\']);
+						return $smcFunc[\'strlen\']($rowData[\'subject\']) > 50 ? sprintf(\'%1$s...\', $smcFunc[\'htmlspecialchars\']($smcFunc[\'substr\']($rowData[\'subject\'], 0, 47))) : $smcFunc[\'htmlspecialchars\']($rowData[\'subject\']);
 					'),
 					'class' => 'smalltext',
 				),

Sources/ManageMembergroups.php

@@ -1021,7 +1021,7 @@ function EditMembergroup()
 	$context['group'] = array(
 		'id' => $_REQUEST['group'],
 		'name' => $row['group_name'],
-		'description' => htmlspecialchars($row['description']),
+		'description' => $smcFunc['htmlspecialchars']($row['description'], ENT_QUOTES),
 		'editable_name' => $row['group_name'],
 		'color' => $row['online_color'],
 		'min_posts' => $row['min_posts'],

Sources/ManageNews.php

@@ -491,8 +491,8 @@ function ComposeMailing()
 	$context['page_title'] = $txt['admin_newsletters'];
 	$context['sub_template'] = 'email_members_compose';
 
-	$context['subject'] = !empty($_POST['subject']) ? $_POST['subject'] : htmlspecialchars($context['forum_name'] . ': ' . $txt['subject']);
-	$context['message'] = !empty($_POST['message']) ? $_POST['message'] : htmlspecialchars($txt['message'] . "\n\n" . $txt['regards_team'] . "\n\n" . '{$board_url}');
+	$context['subject'] = !empty($_POST['subject']) ? $_POST['subject'] : $smcFunc['htmlspecialchars']($context['forum_name'] . ': ' . $txt['subject']);
+	$context['message'] = !empty($_POST['message']) ? $_POST['message'] : $smcFunc['htmlspecialchars']($txt['message'] . "\n\n" . $txt['regards_team'] . "\n\n" . '{$board_url}');
 
 	// Needed for the WYSIWYG editor.
 	require_once($sourcedir . '/Subs-Editor.php');
@@ -803,8 +803,8 @@ function SendMailing($clean_only = false)
 	$_POST['message'] = !empty($_POST['message']) ? $_POST['message'] : '';
 
 	// Save the message and its subject in $context
-	$context['subject'] = htmlspecialchars($_POST['subject']);
-	$context['message'] = htmlspecialchars($_POST['message']);
+	$context['subject'] = $smcFunc['htmlspecialchars']($_POST['subject'], ENT_QUOTES);
+	$context['message'] = $smcFunc['htmlspecialchars']($_POST['message'], ENT_QUOTES);
 
 	// Prepare the message for sending it as HTML
 	if (!$context['send_pm'] && !empty($_POST['send_html']))

Sources/ManagePaid.php

@@ -601,7 +601,7 @@ function ModifySubscription()
 				'repeatable' => $row['repeatable'],
 				'allow_partial' => $row['allow_partial'],
 				'duration' => $isFlexible ? 'flexible' : 'fixed',
-				'email_complete' => htmlspecialchars($row['email_complete']),
+				'email_complete' => $smcFunc['htmlspecialchars']($row['email_complete']),
 				'reminder' => $row['reminder'],
 			);
 		}

Sources/ManagePosts.php

@@ -142,7 +142,7 @@ function SetCensor()
 	if (isset($_POST['censortest']))
 	{
 		require_once($sourcedir . '/Subs-Post.php');
-		$censorText = htmlspecialchars($_POST['censortest'], ENT_QUOTES);
+		$censorText = $smcFunc['htmlspecialchars']($_POST['censortest'], ENT_QUOTES);
 		preparsecode($censorText);
 		$context['censor_test'] = strtr(censorText($censorText), array('"' => '"'));
 	}
@@ -161,11 +161,11 @@ function SetCensor()
 		if (trim(strtr($censor_vulgar[$i], '*', ' ')) == '')
 			continue;
 
-		$context['censored_words'][htmlspecialchars(trim($censor_vulgar[$i]))] = isset($censor_proper[$i]) ? htmlspecialchars($censor_proper[$i]) : '';
+		$context['censored_words'][$smcFunc['htmlspecialchars'](trim($censor_vulgar[$i]))] = isset($censor_proper[$i]) ? $smcFunc['htmlspecialchars']($censor_proper[$i]) : '';
 	}
 
 	call_integration_hook('integrate_censors');
-	
+
 	// Since the "Allow users to disable the word censor" stuff was moved from a theme setting to a global one, we need this...
 	loadLanguage('Themes');
 

Sources/ManageRegistration.php

@@ -18,7 +18,7 @@ if (!defined('SMF'))
 	die('No direct access...');
 
 /**
- * Entrance point for the registration center, it checks permisions and forwards
+ * Entrance point for the registration center, it checks permissions and forwards
  * to the right function based on the subaction.
  * Accessed by ?action=admin;area=regcenter.
  * Requires either the moderate_forum or the admin_forum permission.
@@ -212,7 +212,7 @@ function EditAgreement()
 		updateSettings(array('requireAgreement' => !empty($_POST['requireAgreement'])));
 	}
 
-	$context['agreement'] = file_exists($boarddir . '/agreement' . $context['current_agreement'] . '.txt') ? htmlspecialchars(file_get_contents($boarddir . '/agreement' . $context['current_agreement'] . '.txt')) : '';
+	$context['agreement'] = file_exists($boarddir . '/agreement' . $context['current_agreement'] . '.txt') ? $smcFunc['htmlspecialchars'](file_get_contents($boarddir . '/agreement' . $context['current_agreement'] . '.txt')) : '';
 	$context['warning'] = is_writable($boarddir . '/agreement' . $context['current_agreement'] . '.txt') ? '' : $txt['agreement_not_writable'];
 	$context['require_agreement'] = !empty($modSettings['requireAgreement']);
 

Sources/ManageSearchEngines.php

@@ -241,9 +241,9 @@ function ViewSpiders()
 				),
 				'data' => array(
 					'function' => create_function('$rowData', '
-						global $scripturl;
+						global $scripturl, $smcFunc;
 
-						return sprintf(\'<a href="%1$s?action=admin;area=sengines;sa=editspiders;sid=%2$d">%3$s</a>\', $scripturl, $rowData[\'id_spider\'], htmlspecialchars($rowData[\'spider_name\']));
+						return sprintf(\'<a href="%1$s?action=admin;area=sengines;sa=editspiders;sid=%2$d">%3$s</a>\', $scripturl, $rowData[\'id_spider\'], $smcFunc[\'htmlspecialchars\']($rowData[\'spider_name\']));
 					'),
 				),
 				'sort' => array(

Sources/ManageServer.php

@@ -595,7 +595,7 @@ function ModifyLoadBalancingSettings($return_config = false)
  */
 function prepareServerSettingsContext(&$config_vars)
 {
-	global $context, $modSettings;
+	global $context, $modSettings, $smcFunc;
 
 	$context['config_vars'] = array();
 	foreach ($config_vars as $identifier => $config_var)
@@ -624,7 +624,7 @@ function prepareServerSettingsContext(&$config_vars)
 				'size' => empty($config_var[4]) ? 0 : $config_var[4],
 				'data' => isset($config_var[4]) && is_array($config_var[4]) && $config_var[3] != 'select' ? $config_var[4] : array(),
 				'name' => $config_var[0],
-				'value' => $config_var[2] == 'file' ? htmlspecialchars($$varname) : (isset($modSettings[$config_var[0]]) ? htmlspecialchars($modSettings[$config_var[0]]) : (in_array($config_var[3], array('int', 'float')) ? 0 : '')),
+				'value' => $config_var[2] == 'file' ? $smcFunc['htmlspecialchars']($$varname) : (isset($modSettings[$config_var[0]]) ? $smcFunc['htmlspecialchars']($modSettings[$config_var[0]]) : (in_array($config_var[3], array('int', 'float')) ? 0 : '')),
 				'disabled' => !empty($context['settings_not_writable']) || !empty($config_var['disabled']),
 				'invalid' => false,
 				'subtext' => !empty($config_var['subtext']) ? $config_var['subtext'] : $subtext,

Sources/ManageSmileys.php

@@ -273,8 +273,8 @@ function EditSmileySets()
 	foreach ($context['smiley_sets'] as $i => $set)
 		$context['smiley_sets'][$i] = array(
 			'id' => $i,
-			'path' => htmlspecialchars($set),
-			'name' => htmlspecialchars($set_names[$i]),
+			'path' => $smcFunc['htmlspecialchars']($set),
+			'name' => $smcFunc['htmlspecialchars']($set_names[$i]),
 			'selected' => $set == $modSettings['smiley_sets_default']
 		);
 
@@ -546,8 +546,8 @@ function AddSmiley()
 	foreach ($context['smiley_sets'] as $i => $set)
 		$context['smiley_sets'][$i] = array(
 			'id' => $i,
-			'path' => htmlspecialchars($set),
-			'name' => htmlspecialchars($set_names[$i]),
+			'path' => $smcFunc['htmlspecialchars']($set),
+			'name' => $smcFunc['htmlspecialchars']($set_names[$i]),
 			'selected' => $set == $modSettings['smiley_sets_default']
 		);
 
@@ -759,7 +759,7 @@ function AddSmiley()
 			{
 				if (!in_array($entry, $context['filenames']) && in_array(strrchr($entry, '.'), array('.jpg', '.gif', '.jpeg', '.png')))
 					$context['filenames'][strtolower($entry)] = array(
-						'id' => htmlspecialchars($entry),
+						'id' => $smcFunc['htmlspecialchars']($entry),
 						'selected' => false,
 					);
 			}
@@ -909,8 +909,8 @@ function EditSmileys()
 	foreach ($context['smiley_sets'] as $i => $set)
 		$context['smiley_sets'][$i] = array(
 			'id' => $i,
-			'path' => htmlspecialchars($set),
-			'name' => htmlspecialchars($set_names[$i]),
+			'path' => $smcFunc['htmlspecialchars']($set),
+			'name' => $smcFunc['htmlspecialchars']($set_names[$i]),
 			'selected' => $set == $modSettings['smiley_sets_default']
 		);
 
@@ -1012,9 +1012,10 @@ function EditSmileys()
 					),
 					'data' => array(
 						'function' => create_function('$rowData', empty($modSettings['smileys_dir']) || !is_dir($modSettings['smileys_dir']) ? '
-							return htmlspecialchars($rowData[\'description\']);
+							global $smcFunc;
+							return $smcFunc[\'htmlspecialchars\']($rowData[\'description\']);
 						' : '
-							global $context, $txt, $modSettings;
+							global $context, $txt, $modSettings, $smcFunc;
 
 							// Check if there are smileys missing in some sets.
 							$missing_sets = array();
@@ -1022,7 +1023,7 @@ function EditSmileys()
 								if (!file_exists(sprintf(\'%1$s/%2$s/%3$s\', $modSettings[\'smileys_dir\'], $smiley_set[\'path\'], $rowData[\'filename\'])))
 									$missing_sets[] = $smiley_set[\'path\'];
 
-							$description = htmlspecialchars($rowData[\'description\']);
+							$description = $smcFunc[\'htmlspecialchars\']($rowData[\'description\']);
 
 							if (!empty($missing_sets))
 								$description .= sprintf(\'<br /><span class="smalltext"><strong>%1$s:</strong> %2$s</span>\', $txt[\'smileys_not_found_in_set\'], implode(\', \', $missing_sets));
@@ -1144,8 +1145,8 @@ function EditSmileys()
 		foreach ($context['smiley_sets'] as $i => $set)
 			$context['smiley_sets'][$i] = array(
 				'id' => $i,
-				'path' => htmlspecialchars($set),
-				'name' => htmlspecialchars($set_names[$i]),
+				'path' => $smcFunc['htmlspecialchars']($set),
+				'name' => $smcFunc['htmlspecialchars']($set_names[$i]),
 				'selected' => $set == $modSettings['smiley_sets_default']
 			);
 
@@ -1165,7 +1166,7 @@ function EditSmileys()
 				{
 					if (!in_array($entry, $context['filenames']) && in_array(strrchr($entry, '.'), array('.jpg', '.gif', '.jpeg', '.png')))
 						$context['filenames'][strtolower($entry)] = array(
-							'id' => htmlspecialchars($entry),
+							'id' => $smcFunc['htmlspecialchars']($entry),
 							'selected' => false,
 						);
 				}
@@ -1187,9 +1188,9 @@ function EditSmileys()
 		$context['current_smiley'] = $smcFunc['db_fetch_assoc']($request);
 		$smcFunc['db_free_result']($request);
 
-		$context['current_smiley']['code'] = htmlspecialchars($context['current_smiley']['code']);
-		$context['current_smiley']['filename'] = htmlspecialchars($context['current_smiley']['filename']);
-		$context['current_smiley']['description'] = htmlspecialchars($context['current_smiley']['description']);
+		$context['current_smiley']['code'] = $smcFunc['htmlspecialchars']($context['current_smiley']['code']);
+		$context['current_smiley']['filename'] = $smcFunc['htmlspecialchars']($context['current_smiley']['filename']);
+		$context['current_smiley']['description'] = $smcFunc['htmlspecialchars']($context['current_smiley']['description']);
 
 		if (isset($context['filenames'][strtolower($context['current_smiley']['filename'])]))
 			$context['filenames'][strtolower($context['current_smiley']['filename'])]['selected'] = true;
@@ -1339,9 +1340,9 @@ function EditSmileyOrder()
 		$location = empty($row['hidden']) ? 'postform' : 'popup';
 		$context['smileys'][$location]['rows'][$row['smiley_row']][] = array(
 			'id' => $row['id_smiley'],
-			'code' => htmlspecialchars($row['code']),
-			'filename' => htmlspecialchars($row['filename']),
-			'description' => htmlspecialchars($row['description']),
+			'code' => $smcFunc['htmlspecialchars']($row['code']),
+			'filename' => $smcFunc['htmlspecialchars']($row['filename']),
+			'description' => $smcFunc['htmlspecialchars']($row['description']),
 			'row' => $row['smiley_row'],
 			'order' => $row['smiley_order'],
 			'selected' => !empty($_REQUEST['move']) && $_REQUEST['move'] == $row['id_smiley'],
@@ -1526,9 +1527,9 @@ function InstallSmileySet()
 			$has_readme = true;
 			$type = 'package_' . $action['type'];
 			if (file_exists($packagesdir . '/temp/' . $base_path . $action['filename']))
-				$context[$type] = htmlspecialchars(trim(file_get_contents($packagesdir . '/temp/' . $base_path . $action['filename']), "\n\r"));
+				$context[$type] = $smcFunc['htmlspecialchars'](trim(file_get_contents($packagesdir . '/temp/' . $base_path . $action['filename']), "\n\r"));
 			elseif (file_exists($action['filename']))
-				$context[$type] = htmlspecialchars(trim(file_get_contents($action['filename']), "\n\r"));
+				$context[$type] = $smcFunc['htmlspecialchars'](trim(file_get_contents($action['filename']), "\n\r"));
 
 			if (!empty($action['parse_bbc']))
 			{
@@ -1868,10 +1869,10 @@ function EditMessageIcons()
 			'icon' => array(
 				'data' => array(
 					'function' => create_function('$rowData', '
-						global $settings;
+						global $settings, $smcFunc;
 
 						$images_url = $settings[file_exists(sprintf(\'%1$s/images/post/%2$s.png\', $settings[\'theme_dir\'], $rowData[\'filename\'])) ? \'actual_images_url\' : \'default_images_url\'];
-						return sprintf(\'<img src="%1$s/post/%2$s.png" alt="%3$s" />\', $images_url, $rowData[\'filename\'], htmlspecialchars($rowData[\'title\']));
+						return sprintf(\'<img src="%1$s/post/%2$s.png" alt="%3$s" />\', $images_url, $rowData[\'filename\'], $smcFunc[\'htmlspecialchars\']($rowData[\'title\']));
 					'),
 					'class' => 'centercol',
 				),

Sources/Memberlist.php

@@ -389,7 +389,7 @@ function MLAll()
 
 			if ($this_letter != $last_letter && preg_match('~[a-z]~', $this_letter) === 1)
 			{
-				$context['members'][$i]['sort_letter'] = htmlspecialchars($this_letter);
+				$context['members'][$i]['sort_letter'] = $smcFunc['htmlspecialchars']($this_letter);
 				$last_letter = $this_letter;
 			}
 		}
@@ -572,7 +572,7 @@ function MLSearch()
 		$context['search_defaults'] = array('name', 'email');
 
 		$context['sub_template'] = 'search';
-		$context['old_search'] = isset($_GET['search']) ? $_GET['search'] : (isset($_POST['search']) ? htmlspecialchars($_POST['search']) : '');
+		$context['old_search'] = isset($_GET['search']) ? $_GET['search'] : (isset($_POST['search']) ? $smcFunc['htmlspecialchars']($_POST['search']) : '');
 	}
 
 	$context['linktree'][] = array(

Sources/MessageIndex.php

@@ -573,7 +573,7 @@ function MessageIndex()
 			if (!empty($settings['avatars_on_indexes']))
 				$context['topics'][$row['id_topic']]['last_post']['member']['avatar'] = array(
 					'name' => $row['avatar'],
-					'image' => $row['avatar'] == '' ? ($row['id_attach'] > 0 ? '<img class="avatar" src="' . (empty($row['attachment_type']) ? $scripturl . '?action=dlattach;attach=' . $row['id_attach'] . ';type=avatar' : $modSettings['custom_avatar_url'] . '/' . $row['filename']) . '" alt="" />' : '') : (stristr($row['avatar'], 'http://') ? '<img class="avatar" src="' . $row['avatar'] . '"' . $avatar_width . $avatar_height . ' alt="" />' : '<img class="avatar" src="' . $modSettings['avatar_url'] . '/' . htmlspecialchars($row['avatar']) . '" alt="" />'),
+					'image' => $row['avatar'] == '' ? ($row['id_attach'] > 0 ? '<img class="avatar" src="' . (empty($row['attachment_type']) ? $scripturl . '?action=dlattach;attach=' . $row['id_attach'] . ';type=avatar' : $modSettings['custom_avatar_url'] . '/' . $row['filename']) . '" alt="" />' : '') : (stristr($row['avatar'], 'http://') ? '<img class="avatar" src="' . $row['avatar'] . '"' . $avatar_width . $avatar_height . ' alt="" />' : '<img class="avatar" src="' . $modSettings['avatar_url'] . '/' . $smcFunc['htmlspecialchars']($row['avatar']) . '" alt="" />'),
 					'href' => $row['avatar'] == '' ? ($row['id_attach'] > 0 ? (empty($row['attachment_type']) ? $scripturl . '?action=dlattach;attach=' . $row['id_attach'] . ';type=avatar' : $modSettings['custom_avatar_url'] . '/' . $row['filename']) : '') : (stristr($row['avatar'], 'http://') ? $row['avatar'] : $modSettings['avatar_url'] . '/' . $row['avatar']),
 					'url' => $row['avatar'] == '' ? '' : (stristr($row['avatar'], 'http://') ? $row['avatar'] : $modSettings['avatar_url'] . '/' . $row['avatar'])
 				);
@@ -611,7 +611,7 @@ function MessageIndex()
 
 	$context['jump_to'] = array(
 		'label' => addslashes(un_htmlspecialchars($txt['jump_to'])),
-		'board_name' => htmlspecialchars(strtr(strip_tags($board_info['name']), array('&amp;' => '&'))),
+		'board_name' => $smcFunc['htmlspecialchars'](strtr(strip_tags($board_info['name']), array('&amp;' => '&'))),
 		'child_level' => $board_info['child_level'],
 	);
 

Sources/News.php

@@ -217,7 +217,7 @@ function ShowXmlFeed()
 			cache_put_data('xmlfeed-' . $xml_format . ':' . ($user_info['is_guest'] ? '' : $user_info['id'] . '-') . $cachekey, $xml, 240);
 	}
 
-	$feed_title = htmlspecialchars(strip_tags($context['forum_name'])) . (isset($feed_title) ? $feed_title : '');
+	$feed_title = $smcFunc['htmlspecialchars'](strip_tags($context['forum_name'])) . (isset($feed_title) ? $feed_title : '');
 
 	// This is an xml file....
 	ob_end_clean();
@@ -572,7 +572,7 @@ function getXmlMembers($xml_format)
 		else
 			$data[] = array(
 				'name' => cdata_parse($row['real_name']),
-				'time' => htmlspecialchars(strip_tags(timeformat($row['date_registered']))),
+				'time' => $smcFunc['htmlspecialchars'](strip_tags(timeformat($row['date_registered']))),
 				'id' => $row['id_member'],
 				'link' => $scripturl . '?action=profile;u=' . $row['id_member']
 			);
@@ -694,7 +694,7 @@ function getXmlNews($xml_format)
 		// The biggest difference here is more information.
 		else
 			$data[] = array(
-				'time' => htmlspecialchars(strip_tags(timeformat($row['poster_time']))),
+				'time' => $smcFunc['htmlspecialchars'](strip_tags(timeformat($row['poster_time']))),
 				'id' => $row['id_topic'],
 				'subject' => cdata_parse($row['subject']),
 				'body' => cdata_parse($row['body']),
@@ -846,7 +846,7 @@ function getXmlRecent($xml_format)
 		// A lot of information here.  Should be enough to please the rss-ers.
 		else
 			$data[] = array(
-				'time' => htmlspecialchars(strip_tags(timeformat($row['poster_time']))),
+				'time' => $smcFunc['htmlspecialchars'](strip_tags(timeformat($row['poster_time']))),
 				'id' => $row['id_msg'],
 				'subject' => cdata_parse($row['subject']),
 				'body' => cdata_parse($row['body']),

Sources/PackageGet.php

@@ -230,7 +230,7 @@ function PackageGBrowse()
 			$context['sub_template'] = 'package_confirm';
 
 			$context['page_title'] = $txt['package_servers'];
-			$context['confirm_message'] = sprintf($txt['package_confirm_view_package_content'], htmlspecialchars($_GET['absolute']));
+			$context['confirm_message'] = sprintf($txt['package_confirm_view_package_content'], $smcFunc['htmlspecialchars']($_GET['absolute']));
 			$context['proceed_href'] = $scripturl . '?action=admin;area=packages;get;sa=browse;absolute=' . urlencode($_GET['absolute']) . ';confirm=' . $token;
 
 			return;

Sources/Packages.php

@@ -321,9 +321,9 @@ function PackageInstallTest()
 		{
 			$type = 'package_' . $action['type'];
 			if (file_exists($packagesdir . '/temp/' . $context['base_path'] . $action['filename']))
-				$context[$type] = htmlspecialchars(trim(file_get_contents($packagesdir . '/temp/' . $context['base_path'] . $action['filename']), "\n\r"));
+				$context[$type] = $smcFunc['htmlspecialchars'](trim(file_get_contents($packagesdir . '/temp/' . $context['base_path'] . $action['filename']), "\n\r"));
 			elseif (file_exists($action['filename']))
-				$context[$type] = htmlspecialchars(trim(file_get_contents($action['filename']), "\n\r"));
+				$context[$type] = $smcFunc['htmlspecialchars'](trim(file_get_contents($action['filename']), "\n\r"));
 
 			if (!empty($action['parse_bbc']))
 			{
@@ -1241,7 +1241,7 @@ function PackageList()
  */
 function ExamineFile()
 {
-	global $txt, $scripturl, $boarddir, $context, $sourcedir, $packagesdir;
+	global $txt, $scripturl, $boarddir, $context, $sourcedir, $packagesdir, $smcFunc;
 
 	require_once($sourcedir . '/Subs-Package.php');
 
@@ -1283,9 +1283,9 @@ function ExamineFile()
 	else
 	{
 		if (is_file($packagesdir . '/' . $_REQUEST['package']))
-			$context['filedata'] = htmlspecialchars(read_tgz_file($packagesdir . '/' . $_REQUEST['package'], $_REQUEST['file'], true));
+			$context['filedata'] = $smcFunc['htmlspecialchars'](read_tgz_file($packagesdir . '/' . $_REQUEST['package'], $_REQUEST['file'], true));
 		elseif (is_dir($packagesdir . '/' . $_REQUEST['package']))
-			$context['filedata'] = htmlspecialchars(file_get_contents($packagesdir . '/' . $_REQUEST['package'] . '/' . $_REQUEST['file']));
+			$context['filedata'] = $smcFunc['htmlspecialchars'](file_get_contents($packagesdir . '/' . $_REQUEST['package'] . '/' . $_REQUEST['file']));
 
 		if (strtolower(strrchr($_REQUEST['file'], '.')) == '.php')
 			$context['filedata'] = highlight_php_code($context['filedata']);
@@ -1896,8 +1896,8 @@ function ViewOperations()
 
 	// Ok lets get the content of the file.
 	$context['operations'] = array(
-		'search' => strtr(htmlspecialchars($mod_actions[$_REQUEST['operation_key']]['search_original']), array('[' => '[', ']' => ']')),
-		'replace' => strtr(htmlspecialchars($mod_actions[$_REQUEST['operation_key']]['replace_original']), array('[' => '[', ']' => ']')),
+		'search' => strtr($smcFunc['htmlspecialchars']($mod_actions[$_REQUEST['operation_key']]['search_original']), array('[' => '[', ']' => ']')),
+		'replace' => strtr($smcFunc['htmlspecialchars']($mod_actions[$_REQUEST['operation_key']]['replace_original']), array('[' => '[', ']' => ']')),
 		'position' => $mod_actions[$_REQUEST['operation_key']]['position'],
 	);
 

Sources/PersonalMessage.php

@@ -1028,9 +1028,9 @@ function MessageSearch()
 		$context['search_params']['search'] = un_htmlspecialchars($_REQUEST['search']);
 
 	if (isset($context['search_params']['search']))
-		$context['search_params']['search'] = htmlspecialchars($context['search_params']['search']);
+		$context['search_params']['search'] = $smcFunc['htmlspecialchars']($context['search_params']['search']);
 	if (isset($context['search_params']['userspec']))
-		$context['search_params']['userspec'] = htmlspecialchars($context['search_params']['userspec']);
+		$context['search_params']['userspec'] = $smcFunc['htmlspecialchars']($context['search_params']['userspec']);
 
 	if (!empty($context['search_params']['searchtype']))
 		$context['search_params']['searchtype'] = 2;
@@ -1329,9 +1329,9 @@ function MessageSearch2()
 	// Sort out the search query so the user can edit it - if they want.
 	$context['search_params'] = $search_params;
 	if (isset($context['search_params']['search']))
-		$context['search_params']['search'] = htmlspecialchars($context['search_params']['search']);
+		$context['search_params']['search'] = $smcFunc['htmlspecialchars']($context['search_params']['search']);
 	if (isset($context['search_params']['userspec']))
-		$context['search_params']['userspec'] = htmlspecialchars($context['search_params']['userspec']);
+		$context['search_params']['userspec'] = $smcFunc['htmlspecialchars']($context['search_params']['userspec']);
 
 	// Now we have all the parameters, combine them together for pagination and the like...
 	$context['params'] = array();
@@ -1736,7 +1736,7 @@ function MessagePost()
 			if ($row_quoted['id_member'] != $user_info['id'])
 				$context['recipients']['to'][] = array(
 					'id' => $row_quoted['id_member'],
-					'name' => htmlspecialchars($row_quoted['real_name']),
+					'name' => $smcFunc['htmlspecialchars']($row_quoted['real_name']),
 				);
 
 			// Now to get the others.

Sources/Post.php

@@ -223,7 +223,7 @@ function Post($post_errors = array())
 
 		// Start loading up the event info.
 		$context['event'] = array();
-		$context['event']['title'] = isset($_REQUEST['evtitle']) ? htmlspecialchars(stripslashes($_REQUEST['evtitle'])) : '';
+		$context['event']['title'] = isset($_REQUEST['evtitle']) ? $smcFunc['htmlspecialchars'](stripslashes($_REQUEST['evtitle'])) : '';
 
 		$context['event']['id'] = isset($_REQUEST['eventid']) ? (int) $_REQUEST['eventid'] : -1;
 		$context['event']['new'] = $context['event']['id'] == -1;
@@ -446,9 +446,9 @@ function Post($post_errors = array())
 			$_REQUEST['guestname'] = !isset($_REQUEST['guestname']) ? '' : trim($_REQUEST['guestname']);
 			$_REQUEST['email'] = !isset($_REQUEST['email']) ? '' : trim($_REQUEST['email']);
 
-			$_REQUEST['guestname'] = htmlspecialchars($_REQUEST['guestname']);
+			$_REQUEST['guestname'] = $smcFunc['htmlspecialchars']($_REQUEST['guestname']);
 			$context['name'] = $_REQUEST['guestname'];
-			$_REQUEST['email'] = htmlspecialchars($_REQUEST['email']);
+			$_REQUEST['email'] = $smcFunc['htmlspecialchars']($_REQUEST['email']);
 			$context['email'] = $_REQUEST['email'];
 
 			$user_info['name'] = $_REQUEST['guestname'];
@@ -565,7 +565,7 @@ function Post($post_errors = array())
 					if ($row['filesize'] <= 0)
 						continue;
 					$context['current_attachments'][] = array(
-						'name' => htmlspecialchars($row['filename']),
+						'name' => $smcFunc['htmlspecialchars']($row['filename']),
 						'size' => $row['filesize'],
 						'id' => $row['id_attach'],
 						'approved' => $row['approved'],
@@ -593,8 +593,8 @@ function Post($post_errors = array())
 
 				if (empty($row['id_member']))
 				{
-					$context['name'] = htmlspecialchars($row['poster_name']);
-					$context['email'] = htmlspecialchars($row['poster_email']);
+					$context['name'] = $smcFunc['htmlspecialchars']($row['poster_name']);
+					$context['email'] = $smcFunc['htmlspecialchars']($row['poster_email']);
 				}
 			}
 		}
@@ -694,7 +694,7 @@ function Post($post_errors = array())
 		foreach ($temp as $attachment)
 		{
 			$context['current_attachments'][] = array(
-				'name' => htmlspecialchars($attachment['filename']),
+				'name' => $smcFunc['htmlspecialchars']($attachment['filename']),
 				'size' => $attachment['filesize'],
 				'id' => $attachment['id_attach'],
 				'approved' => $attachment['attachment_approved'],
@@ -704,8 +704,8 @@ function Post($post_errors = array())
 		// Allow moderators to change names....
 		if (allowedTo('moderate_forum') && empty($row['id_member']))
 		{
-			$context['name'] = htmlspecialchars($row['poster_name']);
-			$context['email'] = htmlspecialchars($row['poster_email']);
+			$context['name'] = $smcFunc['htmlspecialchars']($row['poster_name']);
+			$context['email'] = $smcFunc['htmlspecialchars']($row['poster_email']);
 		}
 
 		// Set the destinaton.
@@ -938,7 +938,7 @@ function Post($post_errors = array())
 					$context['files_in_session_warning'] = $txt['attached_files_in_session'];
 
 				$context['current_attachments'][] = array(
-					'name' => '<u>' . htmlspecialchars($attachment['name']) . '</u>',
+					'name' => '<u>' . $smcFunc['htmlspecialchars']($attachment['name']) . '</u>',
 					'size' => $attachment['size'],
 					'id' => $attachID,
 					'unchecked' => false,
@@ -1613,8 +1613,8 @@ function Post2()
 
 	// Add special html entities to the subject, name, and email.
 	$_POST['subject'] = strtr($smcFunc['htmlspecialchars']($_POST['subject']), array("\r" => '', "\n" => '', "\t" => ''));
-	$_POST['guestname'] = htmlspecialchars($_POST['guestname']);
-	$_POST['email'] = htmlspecialchars($_POST['email']);
+	$_POST['guestname'] = $smcFunc['htmlspecialchars']($_POST['guestname']);
+	$_POST['email'] = $smcFunc['htmlspecialchars']($_POST['email']);
 
 	// At this point, we want to make sure the subject isn't too long.
 	if ($smcFunc['strlen']($_POST['subject']) > 100)
@@ -1659,7 +1659,7 @@ function Post2()
 			$_POST['poll_hide'] = 1;
 
 		// Clean up the question and answers.
-		$_POST['question'] = htmlspecialchars($_POST['question']);
+		$_POST['question'] = $smcFunc['htmlspecialchars']($_POST['question']);
 		$_POST['question'] = $smcFunc['truncate']($_POST['question'], 255);
 		$_POST['question'] = preg_replace('~&amp;#(\d{4,5}|[2-9]\d{2,4}|1[2-9]\d);~', '&#$1;', $_POST['question']);
 		$_POST['options'] = htmlspecialchars__recursive($_POST['options']);

Sources/Profile-Modify.php

@@ -541,7 +541,7 @@ function loadProfileFields($force_reload = false)
 			'enabled' => !empty($modSettings['smiley_sets_enable']),
 			'permission' => 'profile_extra',
 			'preload' => create_function('', '
-				global $modSettings, $context, $txt, $cur_profile;
+				global $modSettings, $context, $txt, $cur_profile, $smcFunc;
 
 				$context[\'member\'][\'smiley_set\'][\'id\'] = empty($cur_profile[\'smiley_set\']) ? \'\' : $cur_profile[\'smiley_set\'];
 				$context[\'smiley_sets\'] = explode(\',\', \'none,,\' . $modSettings[\'smiley_sets_known\']);
@@ -549,8 +549,8 @@ function loadProfileFields($force_reload = false)
 				foreach ($context[\'smiley_sets\'] as $i => $set)
 				{
 					$context[\'smiley_sets\'][$i] = array(
-						\'id\' => htmlspecialchars($set),
-						\'name\' => htmlspecialchars($set_names[$i]),
+						\'id\' => $smcFunc[\'htmlspecialchars\']($set),
+						\'name\' => $smcFunc[\'htmlspecialchars\']($set_names[$i]),
 						\'selected\' => $set == $context[\'member\'][\'smiley_set\'][\'id\']
 					);
 
@@ -1649,7 +1649,7 @@ function pmprefs($memID)
  */
 function getAvatars($directory, $level)
 {
-	global $context, $txt, $modSettings;
+	global $context, $txt, $modSettings, $smcFunc;
 
 	$result = array();
 
@@ -1692,9 +1692,9 @@ function getAvatars($directory, $level)
 		$tmp = getAvatars($directory . (!empty($directory) ? '/' : '') . $line, $level + 1);
 		if (!empty($tmp))
 			$result[] = array(
-				'filename' => htmlspecialchars($line),
+				'filename' => $smcFunc['htmlspecialchars']($line),
 				'checked' => strpos($context['member']['avatar']['server_pic'], $line . '/') !== false,
-				'name' => '[' . htmlspecialchars(str_replace('_', ' ', $line)) . ']',
+				'name' => '[' . $smcFunc['htmlspecialchars'](str_replace('_', ' ', $line)) . ']',
 				'is_dir' => true,
 				'files' => $tmp
 		);
@@ -1711,9 +1711,9 @@ function getAvatars($directory, $level)
 			continue;
 
 		$result[] = array(
-			'filename' => htmlspecialchars($line),
+			'filename' => $smcFunc['htmlspecialchars']($line),
 			'checked' => $line == $context['member']['avatar']['server_pic'],
-			'name' => htmlspecialchars(str_replace('_', ' ', $filename)),
+			'name' => $smcFunc['htmlspecialchars'](str_replace('_', ' ', $filename)),
 			'is_dir' => false
 		);
 		if ($level == 1)
@@ -3070,7 +3070,7 @@ function profileValidateSignature(&$value)
 	// Too long?
 	if (!allowedTo('admin_forum') && !empty($sig_limits[1]) && $smcFunc['strlen'](str_replace('<br />', "\n", $value)) > $sig_limits[1])
 	{
-		$_POST['signature'] = trim(htmlspecialchars(str_replace('<br />', "\n", $value), ENT_QUOTES));
+		$_POST['signature'] = trim($smcFunc['htmlspecialchars'](str_replace('<br />', "\n", $value), ENT_QUOTES));
 		$txt['profile_error_signature_max_length'] = sprintf($txt['profile_error_signature_max_length'], $sig_limits[1]);
 		return 'signature_max_length';
 	}

Sources/Profile.php

@@ -41,9 +41,13 @@ function ModifyProfile($post_errors = array())
 	// ... or by id_member?
 	elseif (!empty($_REQUEST['u']))
 		$memberResult = loadMemberData((int) $_REQUEST['u'], false, 'profile');
-	// If it was just ?action=profile, edit your own profile.
+	// If it was just ?action=profile, edit your own profile, but only if you're not a guest.
 	else
+	{
+		// Members only...
+		is_not_guest();
 		$memberResult = loadMemberData($user_info['id'], false, 'profile');
+	}
 
 	// Check if loadMemberData() has returned a valid result.
 	if (!is_array($memberResult))

Sources/QueryString.php

@@ -283,7 +283,7 @@ function cleanRequest()
 		$_SERVER['REQUEST_URL'] = $_SERVER['REQUEST_URI'];
 
 	// And make sure HTTP_USER_AGENT is set.
-	$_SERVER['HTTP_USER_AGENT'] = isset($_SERVER['HTTP_USER_AGENT']) ? htmlspecialchars($smcFunc['db_unescape_string']($_SERVER['HTTP_USER_AGENT']), ENT_QUOTES) : '';
+	$_SERVER['HTTP_USER_AGENT'] = isset($_SERVER['HTTP_USER_AGENT']) ? (isset($smcFunc['htmlspecialchars']) ? $smcFunc['htmlspecialchars']($smcFunc['db_unescape_string']($_SERVER['HTTP_USER_AGENT']), ENT_QUOTES) : htmlspecialchars($smcFunc['db_unescape_string']($_SERVER['HTTP_USER_AGENT']), ENT_QUOTES)) : '';
 
 	// Some final checking.
 	if (preg_match('~^((([1]?\d)?\d|2[0-4]\d|25[0-5])\.){3}(([1]?\d)?\d|2[0-4]\d|25[0-5])$~', $_SERVER['BAN_CHECK_IP']) === 0 || !isValidIPv6($_SERVER['BAN_CHECK_IP']))

Sources/Register.php

@@ -613,7 +613,7 @@ function Activate()
 
 		// @todo Separate the sprintf?
 		if (preg_match('~^[0-9A-Za-z=_+\-/][0-9A-Za-z=_\'+\-/\.]*@[\w\-]+(\.[\w\-]+)*(\.[\w]{2,6})$~', $_POST['new_email']) == 0)
-			fatal_error(sprintf($txt['valid_email_needed'], htmlspecialchars($_POST['new_email'])), false);
+			fatal_error(sprintf($txt['valid_email_needed'], $smcFunc['htmlspecialchars']($_POST['new_email'])), false);
 
 		// Make sure their email isn't banned.
 		isBannedEmail($_POST['new_email'], 'cannot_register', $txt['ban_register_prohibited']);
@@ -630,7 +630,7 @@ function Activate()
 		);
 		// @todo Separate the sprintf?
 		if ($smcFunc['db_num_rows']($request) != 0)
-			fatal_lang_error('email_in_use', false, array(htmlspecialchars($_POST['new_email'])));
+			fatal_lang_error('email_in_use', false, array($smcFunc['htmlspecialchars']($_POST['new_email'])));
 		$smcFunc['db_free_result']($request);
 
 		updateMemberData($row['id_member'], array('email_address' => $_POST['new_email']));

Sources/Search.php

@@ -95,7 +95,7 @@ function PlushSearch1()
 	if (isset($context['search_params']['search']))
 		$context['search_params']['search'] = $smcFunc['htmlspecialchars']($context['search_params']['search']);
 	if (isset($context['search_params']['userspec']))
-		$context['search_params']['userspec'] = htmlspecialchars($context['search_params']['userspec']);
+		$context['search_params']['userspec'] = $smcFunc['htmlspecialchars']($context['search_params']['userspec']);
 	if (!empty($context['search_params']['searchtype']))
 		$context['search_params']['searchtype'] = 2;
 	if (!empty($context['search_params']['minage']))
@@ -1952,7 +1952,7 @@ function prepareSearchContext($reset = false)
 				$message['body'] = '';
 				foreach ($matches[0] as $index => $match)
 				{
-					$match = strtr(htmlspecialchars($match, ENT_QUOTES), array("\n" => ' '));
+					$match = strtr($smcFunc['htmlspecialchars']($match, ENT_QUOTES), array("\n" => ' '));
 					$message['body'] .= '<strong>......</strong>&nbsp;' . $match . '&nbsp;<strong>......</strong>';
 				}
 			}

Sources/SendTopic.php

@@ -407,7 +407,7 @@ function ReportToModerator2()
 
 		isBannedEmail($_POST['email'], 'cannot_post', sprintf($txt['you_are_post_banned'], $txt['guest_title']));
 
-		$user_info['email'] = htmlspecialchars($_POST['email']);
+		$user_info['email'] = $smcFunc['htmlspecialchars']($_POST['email']);
 	}
 
 	// Could they get the right verification code?

Sources/Subs-Attachments.php

@@ -439,7 +439,7 @@ function processAttachments()
 		if (empty($errors))
 		{
 			$_SESSION['temp_attachments'][$attachID] = array(
-				'name' => htmlspecialchars(basename($_FILES['attachment']['name'][$n])),
+				'name' => $smcFunc['htmlspecialchars'](basename($_FILES['attachment']['name'][$n])),
 				'tmp_name' => $destName,
 				'size' => $_FILES['attachment']['size'][$n],
 				'type' => $_FILES['attachment']['type'][$n],
@@ -460,7 +460,7 @@ function processAttachments()
 		else
 		{
 			$_SESSION['temp_attachments'][$attachID] = array(
-				'name' => htmlspecialchars(basename($_FILES['attachment']['name'][$n])),
+				'name' => $smcFunc['htmlspecialchars'](basename($_FILES['attachment']['name'][$n])),
 				'tmp_name' => $destName,
 				'errors' => $errors,
 			);

Sources/Subs-Auth.php

@@ -262,7 +262,7 @@ function adminLogin_outputPostVars($k, $v)
 
 	if (!is_array($v))
 		return '
-<input type="hidden" name="' . htmlspecialchars($k) . '" value="' . strtr($v, array('"' => '&quot;', '<' => '&lt;', '>' => '&gt;')) . '" />';
+<input type="hidden" name="' . $smcFunc['htmlspecialchars']($k) . '" value="' . strtr($v, array('"' => '&quot;', '<' => '&lt;', '>' => '&gt;')) . '" />';
 	else
 	{
 		$ret = '';
@@ -622,7 +622,7 @@ function validateUsername($memID, $username, $return_error = false, $check_reser
 	{
 		require_once($sourcedir . '/Subs-Members.php');
 		if (isReservedName($username, $memID, false))
-			$errors[] = array('done', '(' . htmlspecialchars($username) . ') ' . $txt['name_in_use']);
+			$errors[] = array('done', '(' . $smcFunc['htmlspecialchars']($username) . ') ' . $txt['name_in_use']);
 	}
 
 	if ($return_error)

Sources/Subs-BoardIndex.php

@@ -292,7 +292,7 @@ function getBoardIndex($boardIndexOptions)
 		if (!empty($settings['avatars_on_indexes']))
 			$this_last_post['member']['avatar'] = array(
 				'name' => $row_board['avatar'],
-				'image' => $row_board['avatar'] == '' ? ($row_board['id_attach'] > 0 ? '<img class="avatar" src="' . (empty($row_board['attachment_type']) ? $scripturl . '?action=dlattach;attach=' . $row_board['id_attach'] . ';type=avatar' : $modSettings['custom_avatar_url'] . '/' . $row_board['filename']) . '" alt="" />' : '') : (stristr($row_board['avatar'], 'http://') ? '<img class="avatar" src="' . $row_board['avatar'] . '"' . $avatar_width . $avatar_height . ' alt="" />' : '<img class="avatar" src="' . $modSettings['avatar_url'] . '/' . htmlspecialchars($row_board['avatar']) . '" alt="" />'),
+				'image' => $row_board['avatar'] == '' ? ($row_board['id_attach'] > 0 ? '<img class="avatar" src="' . (empty($row_board['attachment_type']) ? $scripturl . '?action=dlattach;attach=' . $row_board['id_attach'] . ';type=avatar' : $modSettings['custom_avatar_url'] . '/' . $row_board['filename']) . '" alt="" />' : '') : (stristr($row_board['avatar'], 'http://') ? '<img class="avatar" src="' . $row_board['avatar'] . '"' . $avatar_width . $avatar_height . ' alt="" />' : '<img class="avatar" src="' . $modSettings['avatar_url'] . '/' . $smcFunc['htmlspecialchars']($row_board['avatar']) . '" alt="" />'),
 				'href' => $row_board['avatar'] == '' ? ($row_board['id_attach'] > 0 ? (empty($row_board['attachment_type']) ? $scripturl . '?action=dlattach;attach=' . $row_board['id_attach'] . ';type=avatar' : $modSettings['custom_avatar_url'] . '/' . $row_board['filename']) : '') : (stristr($row_board['avatar'], 'http://') ? $row_board['avatar'] : $modSettings['avatar_url'] . '/' . $row_board['avatar']),
 				'url' => $row_board['avatar'] == '' ? '' : (stristr($row_board['avatar'], 'http://') ? $row_board['avatar'] : $modSettings['avatar_url'] . '/' . $row_board['avatar'])
 			);

Sources/Subs-Db-mysql.php

@@ -122,7 +122,7 @@ function db_fix_prefix(&$db_prefix, $db_name)
  */
 function smf_db_replacement__callback($matches)
 {
-	global $db_callback, $user_info, $db_prefix;
+	global $db_callback, $user_info, $db_prefix, $smcFunc;
 
 	list ($values, $connection) = $db_callback;
 
@@ -149,7 +149,7 @@ function smf_db_replacement__callback($matches)
 		return mysql_real_escape_string($matches[2], $connection);
 
 	if (!isset($values[$matches[2]]))
-		smf_db_error_backtrace('The database value you\'re trying to insert does not exist: ' . htmlspecialchars($matches[2]), '', E_USER_ERROR, __FILE__, __LINE__);
+		smf_db_error_backtrace('The database value you\'re trying to insert does not exist: ' . (isset($smcFunc['htmlspecialchars']) ? $smcFunc['htmlspecialchars']($matches[2]) : htmlspecialchars($matches[2])), '', E_USER_ERROR, __FILE__, __LINE__);
 
 	$replacement = $values[$matches[2]];
 

Sources/Subs-Db-mysqli.php

@@ -146,7 +146,7 @@ function smf_db_get_server_info($connection = null)
  */
 function smf_db_replacement__callback($matches)
 {
-	global $db_callback, $user_info, $db_prefix;
+	global $db_callback, $user_info, $db_prefix, $smcFunc;
 
 	list ($values, $connection) = $db_callback;
 	if (!is_object($connection))
@@ -171,7 +171,7 @@ function smf_db_replacement__callback($matches)
 		return mysqli_real_escape_string($connection, $matches[2]);
 
 	if (!isset($values[$matches[2]]))
-		smf_db_error_backtrace('The database value you\'re trying to insert does not exist: ' . htmlspecialchars($matches[2]), '', E_USER_ERROR, __FILE__, __LINE__);
+		smf_db_error_backtrace('The database value you\'re trying to insert does not exist: ' . (isset($smcFunc['htmlspecialchars']) ? $smcFunc['htmlspecialchars']($matches[2]) : htmlspecialchars($matches[2])), '', E_USER_ERROR, __FILE__, __LINE__);
 
 	$replacement = $values[$matches[2]];
 

Sources/Subs-Db-postgresql.php

@@ -120,7 +120,7 @@ function db_fix_prefix (&$db_prefix, $db_name)
  */
 function smf_db_replacement__callback($matches)
 {
-	global $db_callback, $user_info, $db_prefix;
+	global $db_callback, $user_info, $db_prefix, $smcFunc;
 
 	list ($values, $connection) = $db_callback;
 
@@ -143,7 +143,7 @@ function smf_db_replacement__callback($matches)
 		return pg_escape_string($matches[2]);
 
 	if (!isset($values[$matches[2]]))
-		smf_db_error_backtrace('The database value you\'re trying to insert does not exist: ' . htmlspecialchars($matches[2]), '', E_USER_ERROR, __FILE__, __LINE__);
+		smf_db_error_backtrace('The database value you\'re trying to insert does not exist: ' . (isset($smcFunc['htmlspecialchars']) ? $smcFunc['htmlspecialchars']($matches[2]) : htmlspecialchars($matches[2])), '', E_USER_ERROR, __FILE__, __LINE__);
 
 	$replacement = $values[$matches[2]];
 

Sources/Subs-Db-sqlite.php

@@ -132,7 +132,7 @@ function db_fix_prefix(&$db_prefix, $db_name)
  */
 function smf_db_replacement__callback($matches)
 {
-	global $db_callback, $user_info, $db_prefix;
+	global $db_callback, $user_info, $db_prefix, $smcFunc;
 
 	list ($values, $connection) = $db_callback;
 
@@ -155,7 +155,7 @@ function smf_db_replacement__callback($matches)
 		return sqlite_escape_string($matches[2]);
 
 	if (!isset($values[$matches[2]]))
-		smf_db_error_backtrace('The database value you\'re trying to insert does not exist: ' . htmlspecialchars($matches[2]), '', E_USER_ERROR, __FILE__, __LINE__);
+		smf_db_error_backtrace('The database value you\'re trying to insert does not exist: ' . (isset($smcFunc['htmlspecialchars']) ? $smcFunc['htmlspecialchars']($matches[2]) : htmlspecialchars($matches[2])), '', E_USER_ERROR, __FILE__, __LINE__);
 
 	$replacement = $values[$matches[2]];
 

Sources/Subs-Db-sqlite3.php

@@ -163,7 +163,7 @@ function db_fix_prefix(&$db_prefix, $db_name)
  */
 function smf_db_replacement__callback($matches)
 {
-	global $db_callback, $user_info, $db_prefix;
+	global $db_callback, $user_info, $db_prefix, $smcFunc;
 
 	list ($values, $connection) = $db_callback;
 
@@ -186,7 +186,7 @@ function smf_db_replacement__callback($matches)
 		return SQLite::escapeString($matches[2]);
 
 	if (!isset($values[$matches[2]]))
-		smf_db_error_backtrace('The database value you\'re trying to insert does not exist: ' . htmlspecialchars($matches[2]), '', E_USER_ERROR, __FILE__, __LINE__);
+		smf_db_error_backtrace('The database value you\'re trying to insert does not exist: ' . (isset($smcFunc['htmlspecialchars']) ? $smcFunc['htmlspecialchars']($matches[2]) : htmlspecialchars($matches[2])), '', E_USER_ERROR, __FILE__, __LINE__);
 
 	$replacement = $values[$matches[2]];
 

Sources/Subs-Editor.php

@@ -147,7 +147,7 @@ function html_to_bbc($text)
 				$found = array_search($file, $smileysto);
 				// Note the weirdness here is to stop double spaces between smileys.
 				if ($found)
-					$matches[1][$k] = '-[]-smf_smily_start#|#' . htmlspecialchars($smileysfrom[$found]) . '-[]-smf_smily_end#|#';
+					$matches[1][$k] = '-[]-smf_smily_start#|#' . $smcFunc['htmlspecialchars']($smileysfrom[$found]) . '-[]-smf_smily_end#|#';
 				else
 					$matches[1][$k] = '';
 			}
@@ -172,7 +172,7 @@ function html_to_bbc($text)
 				);
 				$mappings = array();
 				while ($row = $smcFunc['db_fetch_assoc']($request))
-					$mappings[$row['filename']] = htmlspecialchars($row['code']);
+					$mappings[$row['filename']] = $smcFunc['htmlspecialchars']($row['code']);
 				$smcFunc['db_free_result']($request);
 
 				foreach ($matches[1] as $k => $file)
@@ -1478,6 +1478,7 @@ function create_control_richedit($editorOptions)
 		loadJavascriptFile('editor.js', array('default_theme' => true), 'smf_editor');
 		loadJavascriptFile('jquery.sceditor.js', array('default_theme' => true));
 		loadJavascriptFile('jquery.sceditor.bbcode.js', array('default_theme' => true));
+		loadJavascriptFile('jquery.sceditor.smf.js', array('default_theme' => true));
 		addInlineJavascript('
 		var smf_smileys_url = \'' . $settings['smileys_url'] . '\';
 		var bbc_quote_from = \'' . addcslashes($txt['quote_from'], "'") . '\';
@@ -1893,8 +1894,8 @@ function create_control_richedit($editorOptions)
 				);
 				while ($row = $smcFunc['db_fetch_assoc']($request))
 				{
-					$row['filename'] = htmlspecialchars($row['filename']);
-					$row['description'] = htmlspecialchars($row['description']);
+					$row['filename'] = $smcFunc['htmlspecialchars']($row['filename']);
+					$row['description'] = $smcFunc['htmlspecialchars']($row['description']);
 
 					$context['smileys'][empty($row['hidden']) ? 'postform' : 'popup'][$row['smiley_row']]['smileys'][] = $row;
 				}

Sources/Subs-List.php

@@ -22,7 +22,7 @@ if (!defined('SMF'))
 
 function createList($listOptions)
 {
-	global $context, $settings, $options, $txt, $modSettings, $scripturl;
+	global $context, $settings, $options, $txt, $modSettings, $scripturl, $smcFunc;
 
 	assert(isset($listOptions['id']));
 	assert(isset($listOptions['columns']));
@@ -126,14 +126,14 @@ function createList($listOptions)
 
 			// Take the value from the database and make it HTML safe.
 			elseif (isset($column['data']['db_htmlsafe']))
-				$cur_data['value'] = htmlspecialchars($list_item[$column['data']['db_htmlsafe']]);
+				$cur_data['value'] = $smcFunc['htmlspecialchars']($list_item[$column['data']['db_htmlsafe']]);
 
 			// Using sprintf is probably the most readable way of injecting data.
 			elseif (isset($column['data']['sprintf']))
 			{
 				$params = array();
 				foreach ($column['data']['sprintf']['params'] as $sprintf_param => $htmlsafe)
-					$params[] = $htmlsafe ? htmlspecialchars($list_item[$sprintf_param]) : $list_item[$sprintf_param];
+					$params[] = $htmlsafe ? $smcFunc['htmlspecialchars']($list_item[$sprintf_param]) : $list_item[$sprintf_param];
 				$cur_data['value'] = vsprintf($column['data']['sprintf']['format'], $params);
 			}
 

Sources/Subs-Members.php

@@ -538,7 +538,8 @@ function registerMember(&$regOptions, $return_errors = false)
 	);
 	// @todo Separate the sprintf?
 	if ($smcFunc['db_num_rows']($request) != 0)
-		$reg_errors[] = array('lang', 'email_in_use', false, array(htmlspecialchars($regOptions['email'])));
+		$reg_errors[] = array('lang', 'email_in_use', false, array($smcFunc['htmlspecialchars']($regOptions['email'])));
+
 	$smcFunc['db_free_result']($request);
 
 	// Perhaps someone else wants to check this user

Sources/Subs-Package.php

@@ -1031,7 +1031,7 @@ function packageRequireFTP($destination_url, $files = null, $return = false)
  */
 function parsePackageInfo(&$packageXML, $testing_only = true, $method = 'install', $previous_version = '')
 {
-	global $boarddir, $packagesdir, $forum_version, $context, $temp_path, $language;
+	global $boarddir, $packagesdir, $forum_version, $context, $temp_path, $language, $smcFunc;
 
 	// Mayday!  That action doesn't exist!!
 	if (empty($packageXML) || !$packageXML->exists($method))
@@ -1113,12 +1113,12 @@ function parsePackageInfo(&$packageXML, $testing_only = true, $method = 'install
 						if (isset($context[$type]['selected']) && $context[$type]['selected'] == 'default')
 							$context[$type][] = 'default';
 
-						$context[$type]['selected'] = htmlspecialchars($action->fetch('@lang'));
+						$context[$type]['selected'] = $smcFunc['htmlspecialchars']($action->fetch('@lang'));
 					}
 					else
 					{
 						// We don't want this now, but we'll allow the user to select to read it.
-						$context[$type][] = htmlspecialchars($action->fetch('@lang'));
+						$context[$type][] = $smcFunc['htmlspecialchars']($action->fetch('@lang'));
 						continue;
 					}
 				}

Sources/Subs-Post.php

@@ -267,7 +267,10 @@ function un_preparsecode($message)
 		// If $i is a multiple of four (0, 4, 8, ...) then it's not a code section...
 		if ($i % 4 == 0)
 		{
-			$parts[$i] = preg_replace_callback('~\[html\](.+?)\[/html\]~i', create_function('$m', 'return "[html]" . strtr(htmlspecialchars("$m[1]", ENT_QUOTES), array("\\&quot;" => "&quot;", "&amp;#13;" => "<br />", "&amp;#32;" => " ", "&amp;#91;" => "[", "&amp;#93;" => "]")) . "[/html]";'), $parts[$i]);
+			$parts[$i] = preg_replace_callback('~\[html\](.+?)\[/html\]~i', create_function('$m', '
+				global $smcFunc;
+
+			return "[html]" . strtr($smcFunc[\'htmlspecialchars\']("$m[1]", ENT_QUOTES), array("\\&quot;" => "&quot;", "&amp;#13;" => "<br />", "&amp;#32;" => " ", "&amp;#91;" => "[", "&amp;#93;" => "]")) . "[/html]";'), $parts[$i]);
 
 			// Attempt to un-parse the time to something less awful.
 			$parts[$i] = preg_replace_callback('~\[time\](\d{0,10})\[/time\]~i', create_function('$m', ' return "[time]" . timeformat("$m[1]", false) . "[/time]";'), $parts[$i]);
@@ -1120,7 +1123,7 @@ function sendpm($recipients, $subject, $message, $store_outbox = false, $from =
 	if (empty($modSettings['disallow_sendBody']))
 	{
 		censorText($message);
-		$message = trim(un_htmlspecialchars(strip_tags(strtr(parse_bbc(htmlspecialchars($message), false), array('<br />' => "\n", '</div>' => "\n", '</li>' => "\n", '&#91;' => '[', '&#93;' => ']')))));
+		$message = trim(un_htmlspecialchars(strip_tags(strtr(parse_bbc($smcFunc['htmlspecialchars']($message), false), array('<br />' => "\n", '</div>' => "\n", '</li>' => "\n", '&#91;' => '[', '&#93;' => ']')))));
 	}
 	else
 		$message = '';

Sources/Subs.php

@@ -501,7 +501,7 @@ function updateSettings($changeArray, $update = false)
  */
 function constructPageIndex($base_url, &$start, $max_value, $num_per_page, $flexible_start = false, $show_prevnext = true)
 {
-	global $modSettings, $context, $txt;
+	global $modSettings, $context, $txt, $smcFunc;
 
 	// Save whether $start was less than 0 or not.
 	$start = (int) $start;
@@ -558,7 +558,7 @@ function constructPageIndex($base_url, &$start, $max_value, $num_per_page, $flex
 
 		// Show the ... after the first page.  (prev page 1 >...< 6 7 [8] 9 10 ... 15 next page)
 		if ($start > $num_per_page * ($PageContiguous + 1))
-			$pageindex .= '<span class="expand_pages" onclick="' . htmlspecialchars('expandPages(this, ' . JavaScriptEscape(($flexible_start ? $base_url : strtr($base_url, array('%' => '%%')) . ';start=%1$d')) . ', ' . $num_per_page . ', ' . ($start - $num_per_page * $PageContiguous) . ', ' . $num_per_page . ');') . '"><strong> ... </strong></span>';
+			$pageindex .= '<span class="expand_pages" onclick="' . $smcFunc['htmlspecialchars']('expandPages(this, ' . JavaScriptEscape(($flexible_start ? $base_url : strtr($base_url, array('%' => '%%')) . ';start=%1$d')) . ', ' . $num_per_page . ', ' . ($start - $num_per_page * $PageContiguous) . ', ' . $num_per_page . ');') . '"><strong> ... </strong></span>';
 
 		// Show the pages before the current one. (prev page 1 ... >6 7< [8] 9 10 ... 15 next page)
 		for ($nCont = $PageContiguous; $nCont >= 1; $nCont--)
@@ -585,7 +585,7 @@ function constructPageIndex($base_url, &$start, $max_value, $num_per_page, $flex
 
 		// Show the '...' part near the end. (prev page 1 ... 6 7 [8] 9 10 >...< 15 next page)
 		if ($start + $num_per_page * ($PageContiguous + 1) < $tmpMaxPages)
-			$pageindex .= '<span class="expand_pages" onclick="' . htmlspecialchars('expandPages(this, ' . JavaScriptEscape(($flexible_start ? $base_url : strtr($base_url, array('%' => '%%')) . ';start=%1$d')) . ', ' . ($start + $num_per_page * ($PageContiguous + 1)) . ', ' . $tmpMaxPages . ', ' . $num_per_page . ');') . '" onmouseover="this.style.cursor=\'pointer\';"> ... </span>';
+			$pageindex .= '<span class="expand_pages" onclick="' . $smcFunc['htmlspecialchars']('expandPages(this, ' . JavaScriptEscape(($flexible_start ? $base_url : strtr($base_url, array('%' => '%%')) . ';start=%1$d')) . ', ' . ($start + $num_per_page * ($PageContiguous + 1)) . ', ' . $tmpMaxPages . ', ' . $num_per_page . ');') . '" onmouseover="this.style.cursor=\'pointer\';"> ... </span>';
 
 		// Show the last number in the list. (prev page 1 ... 6 7 [8] 9 10 ... >15<  next page)
 		if ($start + $num_per_page * $PageContiguous < $tmpMaxPages)
@@ -994,8 +994,8 @@ function parse_bbc($message, $smileys = true, $cache_id = '', $parse_tags = arra
 			array(
 				'tag' => 'acronym',
 				'type' => 'unparsed_equals',
-				'before' => '<acronym title="$1">',
-				'after' => '</acronym>',
+				'before' => '<abbr title="$1">',
+				'after' => '</abbr>',
 				'quoted' => 'optional',
 				'disabled_after' => ' ($1)',
 			),
@@ -2425,7 +2425,7 @@ function parsesmileys(&$message)
 				while ($row = $smcFunc['db_fetch_assoc']($result))
 				{
 					$smileysfrom[] = $row['code'];
-					$smileysto[] = htmlspecialchars($row['filename']);
+					$smileysto[] = $smcFunc['htmlspecialchars']($row['filename']);
 					$smileysdescs[] = $row['description'];
 				}
 				$smcFunc['db_free_result']($result);
@@ -2442,12 +2442,12 @@ function parsesmileys(&$message)
 		// This smiley regex makes sure it doesn't parse smileys within code tags (so [url=mailto:[email protected]] doesn't parse the :D smiley)
 		$smileyPregReplacements = array();
 		$searchParts = array();
-		$smileys_path = htmlspecialchars($modSettings['smileys_url'] . '/' . $user_info['smiley_set'] . '/');
+		$smileys_path = $smcFunc['htmlspecialchars']($modSettings['smileys_url'] . '/' . $user_info['smiley_set'] . '/');
 
 		for ($i = 0, $n = count($smileysfrom); $i < $n; $i++)
 		{
-			$specialChars = htmlspecialchars($smileysfrom[$i], ENT_QUOTES);
-			$smileyCode = '<img src="' . $smileys_path . $smileysto[$i] . '" alt="' . strtr($specialChars, array(':' => '&#58;', '(' => '&#40;', ')' => '&#41;', '$' => '&#36;', '[' => '&#091;')). '" title="' . strtr(htmlspecialchars($smileysdescs[$i]), array(':' => '&#58;', '(' => '&#40;', ')' => '&#41;', '$' => '&#36;', '[' => '&#091;')) . '" class="smiley" />';
+			$specialChars = $smcFunc['htmlspecialchars']($smileysfrom[$i], ENT_QUOTES);
+			$smileyCode = '<img src="' . $smileys_path . $smileysto[$i] . '" alt="' . strtr($specialChars, array(':' => '&#58;', '(' => '&#40;', ')' => '&#41;', '$' => '&#36;', '[' => '&#091;')). '" title="' . strtr($smcFunc['htmlspecialchars']($smileysdescs[$i]), array(':' => '&#58;', '(' => '&#40;', ')' => '&#41;', '$' => '&#36;', '[' => '&#091;')) . '" class="smiley" />';
 
 			$smileyPregReplacements[$smileysfrom[$i]] = $smileyCode;
 
@@ -2855,7 +2855,7 @@ function setupThemeContext($forceload = false)
 
 	$context['in_maintenance'] = !empty($maintenance);
 	$context['current_time'] = timeformat(time(), false);
-	$context['current_action'] = isset($_GET['action']) ? $_GET['action'] : '';
+	$context['current_action'] = isset($_GET['action']) ? $smcFunc['htmlspecialchars']($_GET['action']) : '';
 	$context['show_quick_login'] = !empty($modSettings['enableVBStyleLogin']) && $user_info['is_guest'];
 
 	// Get some news...
@@ -2908,7 +2908,7 @@ function setupThemeContext($forceload = false)
 		}
 		// Otherwise we assume it's server stored?
 		elseif ($user_info['avatar']['url'] != '')
-			$context['user']['avatar']['href'] = $modSettings['avatar_url'] . '/' . htmlspecialchars($user_info['avatar']['url']);
+			$context['user']['avatar']['href'] = $modSettings['avatar_url'] . '/' . $smcFunc['htmlspecialchars']($user_info['avatar']['url']);
 
 		if (!empty($context['user']['avatar']))
 			$context['user']['avatar']['image'] = '<img src="' . $context['user']['avatar']['href'] . '"' . (isset($context['user']['avatar']['width']) ? ' width="' . $context['user']['avatar']['width'] . '"' : '') . (isset($context['user']['avatar']['height']) ? ' height="' . $context['user']['avatar']['height'] . '"' : '') . ' alt="" class="avatar" />';

Sources/Themes.php

@@ -722,7 +722,7 @@ function SetThemeSettings()
 		'' => $txt['smileys_no_default']
 	);
 	foreach ($sets as $i => $set)
-		$context['smiley_sets'][$set] = htmlspecialchars($set_names[$i]);
+		$context['smiley_sets'][$set] = $smcFunc['htmlspecialchars']($set_names[$i]);
 
 	$old_id = $settings['theme_id'];
 	$old_settings = $settings;
@@ -1920,11 +1920,11 @@ function EditTheme()
 
 			// Recycle the submitted data.
 			if (is_array($_POST['entire_file']))
-				$context['entire_file'] = htmlspecialchars(implode("\n", $_POST['entire_file']));
+				$context['entire_file'] = $smcFunc['htmlspecialchars'](implode("\n", $_POST['entire_file']));
 			else
-				$context['entire_file'] = htmlspecialchars($_POST['entire_file']);
+				$context['entire_file'] = $smcFunc['htmlspecialchars']($_POST['entire_file']);
 
-			$context['edit_filename'] = htmlspecialchars($_POST['filename']);
+			$context['edit_filename'] = $smcFunc['htmlspecialchars']($_POST['filename']);
 
 			// You were able to submit it, so it's reasonable to assume you are allowed to save.
 			$context['allow_save'] = true;
@@ -1938,13 +1938,13 @@ function EditTheme()
 
 	$context['allow_save'] = is_writable($theme_dir . '/' . $_REQUEST['filename']);
 	$context['allow_save_filename'] = strtr($theme_dir . '/' . $_REQUEST['filename'], array($boarddir => '...'));
-	$context['edit_filename'] = htmlspecialchars($_REQUEST['filename']);
+	$context['edit_filename'] = $smcFunc['htmlspecialchars']($_REQUEST['filename']);
 
 	if (substr($_REQUEST['filename'], -4) == '.css')
 	{
 		$context['sub_template'] = 'edit_style';
 
-		$context['entire_file'] = htmlspecialchars(strtr(file_get_contents($theme_dir . '/' . $_REQUEST['filename']), array("\t" => '   ')));
+		$context['entire_file'] = $smcFunc['htmlspecialchars'](strtr(file_get_contents($theme_dir . '/' . $_REQUEST['filename']), array("\t" => '   ')));
 	}
 	elseif (substr($_REQUEST['filename'], -13) == '.template.php')
 	{
@@ -1975,16 +1975,16 @@ function EditTheme()
 			}
 
 			$context['file_parts'][$j]['lines']++;
-			$context['file_parts'][$j]['data'] .= htmlspecialchars(strtr($file_data[$i], array("\t" => '   ')));
+			$context['file_parts'][$j]['data'] .= $smcFunc['htmlspecialchars'](strtr($file_data[$i], array("\t" => '   ')));
 		}
 
-		$context['entire_file'] = htmlspecialchars(strtr(implode('', $file_data), array("\t" => '   ')));
+		$context['entire_file'] = $smcFunc['htmlspecialchars'](strtr(implode('', $file_data), array("\t" => '   ')));
 	}
 	else
 	{
 		$context['sub_template'] = 'edit_file';
 
-		$context['entire_file'] = htmlspecialchars(strtr(file_get_contents($theme_dir . '/' . $_REQUEST['filename']), array("\t" => '   ')));
+		$context['entire_file'] = $smcFunc['htmlspecialchars'](strtr(file_get_contents($theme_dir . '/' . $_REQUEST['filename']), array("\t" => '   ')));
 	}
 
 	// Create a special token to allow editing of multiple files.

Sources/ViewQuery.php

@@ -121,7 +121,7 @@ function ViewQuery()
 		echo '
 		<div id="qq', $q, '" style="margin-bottom: 2ex;">
 			<a', $is_select_query ? ' href="' . $scripturl . '?action=viewquery;qq=' . ($q + 1) . '#qq' . $q . '"' : '', ' style="font-weight: bold; text-decoration: none;">
-				', nl2br(str_replace("\t", '&nbsp;&nbsp;&nbsp;', htmlspecialchars($query_data['q']))), '
+				', nl2br(str_replace("\t", '&nbsp;&nbsp;&nbsp;', $smcFunc['htmlspecialchars']($query_data['q']))), '
 			</a><br />';
 
 		if (!empty($query_data['f']) && !empty($query_data['l']))

Themes/default/GenericControls.template.php

@@ -31,12 +31,16 @@ function template_control_richedit($editor_id, $smileyContainer = null, $bbcCont
 			$(document).ready(function() {
 				', !empty($context['bbcodes_handlers']) ? $context['bbcodes_handlers'] : '', '
 
-				$("#', $editor_id, '").sceditorBBCodePlugin({
+				$("#', $editor_id, '").sceditor({
 					style: "', $settings['default_theme_url'], '/css/jquery.sceditor.default.css",
 					emoticonsCompat: true,',
 					!empty($editor_context['locale']) ? '
 					locale: \'' . $editor_context['locale'] . '\',' : '', '
-					colors: "black,red,yellow,pink,green,orange,purple,blue,beige,brown,teal,navy,maroon,limegreen,white"';
+					colors: "black,red,yellow,pink,green,orange,purple,blue,beige,brown,teal,navy,maroon,limegreen,white",
+					plugins: "bbcode",
+					parserOptions: {
+						quoteType: $.sceditor.BBCodeParser.QuoteType.auto
+					}';
 
 		// Show the smileys.
 		if ((!empty($context['smileys']['postform']) || !empty($context['smileys']['popup'])) && !$editor_context['disable_smiley_box'] && $smileyContainer !== null)

Themes/default/PersonalMessage.template.php

@@ -175,27 +175,23 @@ function template_folder()
 			echo '
 	<div class="', $window_class, '">
 		<div class="poster">
-			<ul>
-				<li>
 					<h4>
 						<a id="msg', $message['id'], '"></a>';
 						
-		
-		// Show a link to the member's profile (but only if the sender isn't a guest).
-		if (!$message['member']['is_guest'])
-			echo '
-						<a href="', $scripturl, '?action=profile;u=', $message['member']['id'], '">';
-		
-		echo '
-							<span style="padding: 6px; display: block;">', $message['member']['name'], '</span>';
-
-		if (!$message['member']['is_guest'])
+		// Show online and offline buttons?
+		if (!empty($modSettings['onlineEnable']) && !$message['member']['is_guest'])
 			echo '
-						</a>';
+				<img src="', $message['member']['online']['image_href'], '" alt="', $message['member']['online']['text'], '" />';
+	
+		// Show a link to the member's profile (but only if the sender isn't a guest).
+				echo '
+					', $message['member']['link'], '';
 
 		echo '
-					</h4>
-				</li>';
+					</h4>';
+					
+		echo '
+								<ul>';
 
 			// Show the user's avatar.
 			if (!empty($settings['show_user_images']) && empty($options['show_no_avatars']) && !empty($message['member']['avatar']['image']))
@@ -268,14 +264,14 @@ function template_folder()
 							$shown = true;
 							echo '
 				<li class="im_icons">
-					<ul>';
+					<ol>';
 						}
 						echo '
 						<li>', $custom['value'], '</li>';
 					}
 					if ($shown)
 					echo '
-					</ul>
+					</ol>
 				</li>';
 				}
 
@@ -283,18 +279,14 @@ function template_folder()
 				if ($message['member']['has_messenger'] && $message['member']['can_view_profile'])
 					echo '
 				<li class="im_icons">
-					<ul>
+					<ol>
 						', !isset($context['disabled_fields']['icq']) && !empty($message['member']['icq']['link']) ? '<li>' . $message['member']['icq']['link'] . '</li>' : '', '
 						', !isset($context['disabled_fields']['skype']) && !empty($message['member']['skype']['link']) ? '<li>' . $message['member']['skype']['link'] . '</li>' : '', '
 						', !isset($context['disabled_fields']['aim']) && !empty($message['member']['aim']['link']) ? '<li>' . $message['member']['aim']['link'] . '</li>' : '', '
 						', !isset($context['disabled_fields']['yim']) && !empty($message['member']['yim']['link']) ? '<li>' . $message['member']['yim']['link'] . '</li>' : '', '
-					</ul>
+					</ol>
 				</li>';
 
-				// Stuff for the staff to wallop them with.
-				echo '
-				<li>';
-
 				if ($message['can_report'])
 					echo '
 				<li class="report_link"><a href="' . $scripturl . '?action=pm;sa=report;l=' . $context['current_label_id'] . ';pmsg=' . $message['id'] . '">' . $txt['pm_report_to_admin'] . '</a></li>';
@@ -319,7 +311,7 @@ function template_folder()
 				{
 					echo '
 				<li class="profile">
-					<ul class="profile_icons">';
+					<ol class="profile_icons">';
 
 					// Show the profile button
 					if ($message['member']['can_view_profile'])
@@ -342,7 +334,7 @@ function template_folder()
 						<li><a href="', $scripturl, '?action=pm;sa=send;u=', $message['member']['id'], '" title="', $message['member']['online']['is_online'] ? $txt['pm_online'] : $txt['pm_offline'], '">', $settings['use_image_buttons'] ? '<img src="' . $settings['images_url'] . '/im_' . ($message['member']['online']['is_online'] ? 'on' : 'off') . '.png" alt="' . ($message['member']['online']['is_online'] ? $txt['pm_online'] : $txt['pm_offline']) . '" />' : ($message['member']['online']['is_online'] ? $txt['pm_online'] : $txt['pm_offline']), '</a></li>';
 
 					echo '
-					</ul>
+					</ol>
 				</li>';
 				}
 
@@ -361,29 +353,6 @@ function template_folder()
 				<li class="warning">', $context['can_issue_warning'] ? '<a href="' . $scripturl . '?action=profile;area=issuewarning;u=' . $message['member']['id'] . '">' : '', '<img src="', $settings['images_url'], '/warning_', $message['member']['warning_status'], '.png" alt="', $txt['user_warn_' . $message['member']['warning_status']], '" />', $context['can_issue_warning'] ? '</a>' : '', '<span class="warn_', $message['member']['warning_status'], '">', $txt['warn_' . $message['member']['warning_status']], '</span></li>';
 			}
 
-		// Show online and offline buttons? PHP could do with a little bit of cleaning up here for brevity, but it works.
-		// The plan is to make these buttons act sensibly, and link to your own inbox in your own posts (with new PM notification).
-		// Still has a little bit of hard-coded text. This may be a place where translators should be able to write inclusive strings,
-		// instead of dealing with $txt['by'] etc in the markup. Must be brief to work, anyway. Cannot ramble on at all.
-		if ($context['can_send_pm'] && $message['is_message_author'])
-		{
-			echo '
-				<li class="poster_online"><a href="', $scripturl,'?action=pm">', $txt['pm_short'], ' ', $context['user']['unread_messages'] > 0 ? '[<strong>'. $context['user']['unread_messages'] . '</strong>]' : '' , '</a></li>';
-		}
-		elseif ($context['can_send_pm'] && !$message['is_message_author'] && !$message['member']['is_guest'])
-		{
-			if (!empty($modSettings['onlineEnable']))
-				echo '
-				<li class="poster_online"><a href="', $scripturl,'?action=pm;sa=send;u=', $message['member']['id'], '" title="', $message['member']['online']['member_online_text'], '">', $txt['send_message'], ' <img src="'. $message['member']['online']['image_href']. '" alt="" /></a></li>';
-			else
-				echo '
-				<li class="poster_online"><a href="', $scripturl,'?action=pm;sa=send;u=', $message['member']['id'], '">', $txt['send_message'], '</a></li>';
-		}
-		elseif (!$context['can_send_pm'] && !empty($modSettings['onlineEnable']))
-			echo '
-				<li class="poster_online">', ($message['member']['online']['is_online']) ? $txt['online'] : $txt['offline'], '<img src="'. $message['member']['online']['image_href']. '" alt="" /></li>';
-
-
 			// Done with the information about the poster... on to the post itself.
 			echo '
 			</ul>

Themes/default/css/jquery.sceditor.css

@@ -115,9 +115,9 @@ div.sceditor-smileyPopup {
 }
 .sceditor-fontsize-option, .sceditor-font-option {
 	display: block;
-	padding: 4px 6px;
+	padding: 6px;
 	cursor: pointer;
-	font-size: 14px;
+	font-size: 1.2em;
 	text-decoration: none;
 	color: #222;
 }

Themes/default/index.template.php

@@ -167,8 +167,8 @@ function template_html_above()
 
 	echo '
 </head>
-<body id="', $context['browser_body_id'], '" class="action_', !empty($context['current_action']) ? htmlspecialchars($context['current_action']) : (!empty($context['current_board']) ?
-		'messageindex' : (!empty($context['current_topic']) ? 'display' : 'home')), !empty($context['current_board']) ? ' board_' . htmlspecialchars($context['current_board']) : '', '">';
+<body id="', $context['browser_body_id'], '" class="action_', !empty($context['current_action']) ? $context['current_action'] : (!empty($context['current_board']) ?
+		'messageindex' : (!empty($context['current_topic']) ? 'display' : 'home')), !empty($context['current_board']) ? ' board_' . $context['current_board'] : '', '">';
 }
 
 function template_body_above()

Themes/default/languages/Editor.english.php

@@ -43,7 +43,7 @@ $editortxt['URL:'] = 'URL:';
 $editortxt['Insert a link'] = 'Insert a link';
 $editortxt['Unlink'] = 'Unlink';
 $editortxt['More'] = 'More';
-$editortxt['Insert an emoticon'] = 'Insert an emoticon';
+$editortxt['Insert an emoticon'] = 'Insert a smiley';
 $editortxt['Video URL:'] = 'Video URL:';
 $editortxt['Insert'] = 'Insert';
 $editortxt['Insert a YouTube video'] = 'Insert a YouTube video';
@@ -52,5 +52,31 @@ $editortxt['Insert current time'] = 'Insert current time';
 $editortxt['Print'] = 'Print';
 $editortxt['Preformatted Text'] = 'Preformatted Text';
 $editortxt['View source'] = 'View source';
+$editortxt['Marquee'] = 'Marquee';
+$editortxt['Teletype'] = 'Teletype';
+$editortxt['Glow'] = 'Glow';
+$editortxt['Shadow'] = 'Shadow';
+$editortxt['Pre'] = 'Preformatted text';
+// @todo flash doesn't seem to be there
+$editortxt['flash'] = 'Insert Flash';
 
+$editortxt['Insert FTP Link'] = 'Insert FTP Link';
+
+// @todo Not sure if these are really needed
+$editortxt['Black'] = 'Black';
+$editortxt['Red'] = 'Red';
+$editortxt['Yellow'] = 'Yellow';
+$editortxt['Pink'] = 'Pink';
+$editortxt['Green'] = 'Green';
+$editortxt['Orange'] = 'Orange';
+$editortxt['Purple'] = 'Purple';
+$editortxt['Blue'] = 'Blue';
+$editortxt['Beige'] = 'Beige';
+$editortxt['Brown'] = 'Brown';
+$editortxt['Teal'] = 'Teal';
+$editortxt['Navy'] = 'Navy';
+$editortxt['Maroon'] = 'Maroon';
+$editortxt['Lime Green'] = 'Lime Green';
+$editortxt['White'] = 'White';
+// end @todo
 ?>

Themes/default/languages/Post.english.php

@@ -9,35 +9,35 @@ $txt['subject_not_filled'] = 'The subject field was not filled out. It is requir
 $txt['message_body_not_filled'] = 'The message body was not filled out. It is required.';
 // Use numeric entities in the below string.
 $txt['add_bbc'] = 'Add BBC tags';
-$txt['bold'] = 'Bold';
-$txt['italic'] = 'Italicized';
-$txt['underline'] = 'Underline';
-$txt['center'] = 'Centered';
-$txt['hyperlink'] = 'Insert Hyperlink';
-$txt['insert_email'] = 'Insert Email';
-$txt['bbc_code'] = 'Insert Code';
+$txt['bold'] = 'Bold'; // deprecated
+$txt['italic'] = 'Italicized'; // deprecated
+$txt['underline'] = 'Underline'; // deprecated
+$txt['center'] = 'Centered'; // deprecated
+$txt['hyperlink'] = 'Insert Hyperlink'; // deprecated
+$txt['insert_email'] = 'Insert Email'; // deprecated
+$txt['bbc_code'] = 'Insert Code'; // deprecated
 // Escape any single quotes in here twice.. 'it\'s' -> 'it\\\'s'.
-$txt['bbc_quote'] = 'Insert Quote';
-$txt['list'] = 'Insert List';
-$txt['list_unordered'] = 'Insert unordered list';
-$txt['list_ordered'] = 'Insert ordered list';
-
-$txt['change_color'] = 'Change color';
-$txt['black'] = 'Black';
-$txt['red'] = 'Red';
-$txt['yellow'] = 'Yellow';
-$txt['pink'] = 'Pink';
-$txt['green'] = 'Green';
-$txt['orange'] = 'Orange';
-$txt['purple'] = 'Purple';
-$txt['blue'] = 'Blue';
-$txt['beige'] = 'Beige';
-$txt['brown'] = 'Brown';
-$txt['teal'] = 'Teal';
-$txt['navy'] = 'Navy';
-$txt['maroon'] = 'Maroon';
-$txt['lime_green'] = 'Lime Green';
-$txt['white'] = 'White';
+$txt['bbc_quote'] = 'Insert Quote'; // deprecated
+$txt['list'] = 'Insert List'; // deprecated
+$txt['list_unordered'] = 'Insert unordered list'; // deprecated
+$txt['list_ordered'] = 'Insert ordered list'; // deprecated
+
+$txt['change_color'] = 'Change color'; // deprecated
+$txt['black'] = 'Black'; // deprecated
+$txt['red'] = 'Red'; // deprecated
+$txt['yellow'] = 'Yellow'; // deprecated
+$txt['pink'] = 'Pink'; // deprecated
+$txt['green'] = 'Green'; // deprecated
+$txt['orange'] = 'Orange'; // deprecated
+$txt['purple'] = 'Purple'; // deprecated
+$txt['blue'] = 'Blue'; // deprecated
+$txt['beige'] = 'Beige'; // deprecated
+$txt['brown'] = 'Brown'; // deprecated
+$txt['teal'] = 'Teal'; // deprecated
+$txt['navy'] = 'Navy'; // deprecated
+$txt['maroon'] = 'Maroon'; // deprecated
+$txt['lime_green'] = 'Lime Green'; // deprecated
+$txt['white'] = 'White'; // deprecated
 $txt['disable_smileys'] = 'Disable smileys';
 $txt['dont_use_smileys'] = 'Don\'t use smileys.';
 // Escape any single quotes in here twice.. 'it\'s' -> 'it\\\'s'.
@@ -50,33 +50,33 @@ $txt['question_mark'] = 'Question mark';
 $txt['icon_poll'] = 'Poll';
 $txt['lamp'] = 'Lamp';
 $txt['add_smileys'] = 'Add smileys';
-$txt['flash'] = 'Insert Flash';
-$txt['ftp'] = 'Insert FTP Link';
-$txt['image'] = 'Insert image';
-$txt['table'] = 'Insert table';
-$txt['table_td'] = 'Insert table column';
+$txt['flash'] = 'Insert Flash'; // deprecated
+$txt['ftp'] = 'Insert FTP Link'; // deprecated
+$txt['image'] = 'Insert image'; // deprecated
+$txt['table'] = 'Insert table'; // deprecated
+$txt['table_td'] = 'Insert table column'; // deprecated
 $txt['topic_notify_no'] = 'There are no topics with notification.';
-$txt['marquee'] = 'Marquee';
-$txt['teletype'] = 'Teletype';
-$txt['strike'] = 'Strikethrough';
-$txt['glow'] = 'Glow';
-$txt['shadow'] = 'Shadow';
-$txt['preformatted'] = 'Preformatted text';
-$txt['left_align'] = 'Left align';
-$txt['right_align'] = 'Right align';
-$txt['superscript'] = 'Superscript';
-$txt['subscript'] = 'Subscript';
-$txt['table_tr'] = 'Insert table row';
+$txt['marquee'] = 'Marquee'; // deprecated
+$txt['teletype'] = 'Teletype'; // deprecated
+$txt['strike'] = 'Strikethrough'; // deprecated
+$txt['glow'] = 'Glow'; // deprecated
+$txt['shadow'] = 'Shadow'; // deprecated
+$txt['preformatted'] = 'Preformatted text'; // deprecated
+$txt['left_align'] = 'Left align'; // deprecated
+$txt['right_align'] = 'Right align'; // deprecated
+$txt['superscript'] = 'Superscript'; // deprecated
+$txt['subscript'] = 'Subscript'; // deprecated
+$txt['table_tr'] = 'Insert table row'; // deprecated
 // post_too_long seems unused (duplicate in Errors: error_post_too_long
 $txt['post_too_long'] = 'Your message is too long. Please go back and shorten it, then try again.';
-$txt['horizontal_rule'] = 'Horizontal Rule';
-$txt['font_size'] = 'Font size';
-$txt['font_face'] = 'Font face';
-$txt['toggle_view'] = 'Toggle view';
-$txt['unformat_text'] = 'Remove formatting';
-
-$txt['rich_edit_wont_work'] = 'Your browser does not support Rich Text editing.';
-$txt['rich_edit_function_disabled'] = 'Your browser does not support this function.';
+$txt['horizontal_rule'] = 'Horizontal Rule'; // deprecated
+$txt['font_size'] = 'Font size'; // deprecated
+$txt['font_face'] = 'Font face'; // deprecated
+$txt['toggle_view'] = 'Toggle view'; // deprecated
+$txt['unformat_text'] = 'Remove formatting'; // deprecated
+
+$txt['rich_edit_wont_work'] = 'Your browser does not support Rich Text editing.'; // deprecated
+$txt['rich_edit_function_disabled'] = 'Your browser does not support this function.'; // deprecated
 
 // Use numeric entities in the below five strings.
 $txt['notifyUnsubscribe'] = 'Unsubscribe to this topic by clicking here';

Themes/default/scripts/jquery.sceditor.smf.js

@@ -0,0 +1,693 @@
+/**
+ * Simple Machines Forum (SMF)
+ *
+ * @package SMF
+ * @author Simple Machines
+ * @copyright 2013 Simple Machines and individual contributors
+ * @license http://www.simplemachines.org/about/smf/license.php BSD
+ *
+ * @version 2.1 Alpha 1
+ */
+
+(function($) {
+	var extensionMethods = {
+		InsertText: function(text, bClear) {
+			var bIsSource = this.inSourceMode();
+
+			// @TODO make it put the quote close to the current selection
+
+			if (!bIsSource)
+				this.toggleSourceMode();
+
+			var current_value = bClear ? text + "\n" : this.getSourceEditorValue(false) + "\n" + text + "\n";
+			this.setSourceEditorValue(current_value);
+
+			if (!bIsSource)
+				this.toggleSourceMode();
+
+		},
+		getText: function(filter) {
+			var current_value = '';
+
+			if(this.inSourceMode())
+				current_value = this.getSourceEditorValue(false);
+			else
+				current_value  = this.getWysiwygEditorValue(filter);
+
+			return current_value;
+		},
+		appendEmoticon: function (code, emoticon) {
+			if (emoticon == '')
+				line.append($('<br />'));
+			else
+				line.append($('<img />')
+					.attr({
+						src: emoticon,
+						alt: code,
+					})
+					.click(function (e) {
+						var	start = '', end = '';
+						
+						if (base.opts.emoticonsCompat)
+						{
+							start = '<span> ';
+							end   = ' </span>';
+						}
+
+						if (base.inSourceMode())
+							base.sourceEditorInsertText(' ' + $(this).attr('alt') + ' ');
+						else
+							base.wysiwygEditorInsertHtml(start + '<img src="' + $(this).attr("src") + '" data-sceditor-emoticon="' + $(this).attr('alt') + '" />' + end);
+
+						e.preventDefault();
+					})
+				);
+
+			if (line.children().length > 0)
+				content.append(line);
+
+			$(".sceditor-toolbar").append(content);
+		},
+		storeLastState: function (){
+			this.wasSource = this.inSourceMode();
+		},
+		setTextMode: function () {
+			if (!this.inSourceMode())
+				this.toggleSourceMode();
+		},
+		createPermanentDropDown: function() {
+			var	emoticons	= $.extend({}, this.opts.emoticons.dropdown);
+			var popup_exists = false;
+			content = $('<div class="sceditor-insertemoticon" />');
+			line = $('<div />');
+			base = this;
+
+			for (smiley_popup in this.opts.emoticons.popup)
+			{
+				popup_exists = true;
+				break;
+			}
+			if (popup_exists)
+			{
+				this.opts.emoticons.more = this.opts.emoticons.popup;
+				moreButton = $('<div class="sceditor-more-button sceditor-more" />').text('[' + this._('More') + ']').click(function () {
+					if ($(".sceditor-smileyPopup").length > 0)
+					{
+						$(".sceditor-smileyPopup").fadeIn('fast');
+					}
+					else
+					{
+						var emoticons = $.extend({}, base.opts.emoticons.popup);
+						var popup_position;
+						var titlebar = $('<div class="catbg sceditor-popup-grip"/>');
+						popupContent = $('<div id="sceditor-popup"/>');
+						allowHide = true;
+						line = $('<div id="sceditor-popup-smiley"/>');
+						adjheight = 0;
+
+						popupContent.append(titlebar);
+						closeButton = $('<span />').text('[' + base._('Close') + ']').click(function () {
+							$(".sceditor-smileyPopup").fadeOut('fast');
+						});
+
+						$.each(emoticons, base.appendEmoticon);
+
+						if (line.children().length > 0)
+							popupContent.append(line);
+						if (typeof closeButton !== "undefined")
+							popupContent.append(closeButton);
+
+						// IE needs unselectable attr to stop it from unselecting the text in the editor.
+						// The editor can cope if IE does unselect the text it's just not nice.
+						if(base.ieUnselectable !== false) {
+							content = $(content);
+							content.find(':not(input,textarea)').filter(function() { return this.nodeType===1; }).attr('unselectable', 'on');
+						}
+
+						$dropdown = $('<div class="sceditor-dropdown sceditor-smileyPopup" />').append(popupContent);
+
+						$dropdown.appendTo($('body'));
+						dropdownIgnoreLastClick = true;
+						adjheight = closeButton.height() + titlebar.height();
+						$dropdown.css({
+							position: "fixed",
+							top: $(window).height() * 0.2,
+							left: $(window).width() * 0.5 - ($dropdown.find('#sceditor-popup-smiley').width() / 2),
+							"max-width": "50%",
+							"max-height": "50%",
+						}).find('#sceditor-popup-smiley').css({
+							height: $dropdown.height() - adjheight,
+							"overflow": "auto"
+						});
+
+						$('.sceditor-smileyPopup').animaDrag({ 
+							speed: 150, 
+							interval: 120, 
+							during: function(e) {
+								$(this).height(this.startheight);
+								$(this).width(this.startwidth);
+							},
+							before: function(e) {
+								this.startheight = $(this).innerHeight();
+								this.startwidth = $(this).innerWidth();
+							},
+							grip: '.sceditor-popup-grip'
+						});
+						// stop clicks within the dropdown from being handled
+						$dropdown.click(function (e) {
+							e.stopPropagation();
+						});
+					}
+				});
+			}
+			$.each(emoticons, base.appendEmoticon);
+			if (typeof moreButton !== "undefined")
+				content.append(moreButton);
+		}
+	};
+
+	$.extend(true, $['sceditor'].prototype, extensionMethods);
+})(jQuery);
+
+$.sceditor.command.set(
+	'ftp', {
+		tooltip: 'Insert FTP Link',
+		txtExec: ["[ftp]", "[/ftp]"],
+		exec: function (caller) {
+			var	editor  = this,
+				content = $(this._('<form><div><label for="link">{0}</label> <input type="text" id="link" value="ftp://" /></div>' +
+						'<div><label for="des">{1}</label> <input type="text" id="des" value="" /></div></form>',
+					this._("URL:"),
+					this._("Description (optional):")
+				))
+				.submit(function () {return false;});
+
+			content.append($(
+				this._('<div><input type="button" class="button" value="{0}" /></div>',
+					this._("Insert")
+				)).click(function (e) {
+				var val = $(this).parent("form").find("#link").val(),
+					description = $(this).parent("form").find("#des").val();
+
+				if(val !== "" && val !== "ftp://") {
+					// needed for IE to reset the last range
+					editor.focus();
+
+					if(!editor.getRangeHelper().selectedHtml() || description)
+					{
+						if(!description)
+							description = val;
+
+						editor.wysiwygEditorInsertHtml('<a href="' + val + '">' + description + '</a>');
+					}
+					else
+						editor.execCommand("createlink", val);
+				}
+
+				editor.closeDropDown(true);
+				e.preventDefault();
+			}));
+
+			editor.createDropDown(caller, "insertlink", content);
+		}
+	}
+);
+$.sceditor.command.set(
+	'glow', {
+		tooltip: 'Glow',
+		txtExec: ["[glow=red,2,300]", "[/glow]"],
+		exec: function () {
+			this.wysiwygEditorInsertHtml('[glow=red,2,300]', '[/glow]');
+		}
+	}
+);
+$.sceditor.command.set(
+	'shadow', {
+		tooltip: 'Shadow',
+		txtExec: ["[shadow=red,left]", "[/shadow]"],
+		exec: function () {
+			this.wysiwygEditorInsertHtml('[shadow=red,left]', '[/shadow]');
+		}
+	}
+);
+$.sceditor.command.set(
+	'tt', {
+		tooltip: 'Teletype',
+		txtExec: ["[tt]", "[/tt]"],
+		exec: function () {
+			this.wysiwygEditorInsertHtml('<tt>', '</tt>');
+		}
+	}
+);
+$.sceditor.command.set(
+	'pre', {
+		tooltip: 'Pre',
+		txtExec: ["[pre]", "[/pre]"],
+		exec: function () {
+			this.wysiwygEditorInsertHtml('<pre>', '</pre>');
+		}
+	}
+);
+$.sceditor.command.set(
+	'move', {
+		tooltip: 'Marquee',
+		txtExec: ["[move]", "[/move]"],
+		exec: function () {
+			this.wysiwygEditorInsertHtml('<marquee>', '</marquee>');
+		}
+	}
+);
+
+$.sceditor.command.set(
+	'email', {
+		txtExec: function(caller, selected) {
+			var	display = selected && selected.indexOf('@') > -1 ? null : selected,
+				email	= prompt(this._("Enter the e-mail address:"), (display ? '' : selected));
+			if (email)
+			{
+				var text	= prompt(this._("Enter the displayed text:"), display || email) || email;
+				this.insertText("[email=" + email + "]" + text + "[/email]");
+			}
+		}
+	}
+);
+$.sceditor.command.set(
+	'link', {
+		txtExec: function(caller, selected) {
+			var	display = selected && selected.indexOf('http://') > -1 ? null : selected,
+				url	= prompt(this._("Enter URL:"), (display ? 'http://' : selected));
+			if (url)
+			{
+				var text	= prompt(this._("Enter the displayed text:"), display || url) || url;
+				this.insertText("[url=" + url + "]" + text + "[/url]");
+			}
+		}
+	}
+);
+
+$.sceditor.command.set(
+	'bulletlist', {
+		txtExec: ["[list]\n[li]", "[/li]\n[li][/li]\n[/list]"]
+	}
+);
+
+$.sceditor.command.set(
+	'orderedlist', {
+		txtExec:  ["[list type=decimal]\n[li]", "[/li]\n[li][/li]\n[/list]"]
+	}
+);
+
+$.sceditor.command.set(
+	'table', {
+		txtExec: ["[table]\n[tr]\n[td]", "[/td]\n[/tr]\n[/table]"]
+	}
+);
+
+$.sceditorBBCodePlugin.bbcode.set(
+	'abbr', {
+		tags: {
+			abbr: {
+				title: null
+			}
+		},
+		format: function(element, content) {
+			return '[abbr=' + element.attr('title') + ']' + content + '[/abbr]';
+		},
+		html: function(element, attrs, content) {
+			if(typeof attrs.defaultattr === "undefined" || attrs.defaultattr.length === 0)
+				return content;
+
+			return '<abbr title="' + attrs.defaultattr + '">' + content + '</abbr>';
+		}
+	}
+);
+
+$.sceditorBBCodePlugin.bbcode.set(
+	'acronym', {
+		tags: {
+			acronym: {
+				title: null
+			}
+		},
+		format: function(element, content) {
+			return '[abbr=' + element.attr('title') + ']' + content + '[/abbr]';
+		},
+		html: function(element, attrs, content) {
+			if(typeof attrs.defaultattr === "undefined" || attrs.defaultattr.length === 0)
+				return content;
+
+			return '<abbr title="' + attrs.defaultattr + '">' + content + '</abbr>';
+		}
+	}
+);
+
+$.sceditorBBCodePlugin.bbcode.set(
+	'bdo', {
+		tags: {
+			bdo: {
+				dir: null
+			}
+		},
+		format: function(element, content) {
+			return '[bdo=' + element.attr('dir') + ']' + content + '[/bdo]';
+		},
+		html: function(element, attrs, content) {
+			if(typeof attrs.defaultattr === "undefined" || attrs.defaultattr.length === 0)
+				return content;
+			if (attrs.defaultattr != 'rtl' && attrs.defaultattr != 'ltr')
+				return '[bdo=' + attrs.defaultattr + ']' + content + '[/bdo]';
+
+			return '<bdo dir="' + attrs.defaultattr + '">' + content + '</bdo>';
+		}
+	}
+);
+
+$.sceditorBBCodePlugin.bbcode.set(
+	'black', {
+		html: '<font color="black">{0}</font>'
+	}
+);
+
+$.sceditorBBCodePlugin.bbcode.set(
+	'blue', {
+		html: '<font color="blue">{0}</font>'
+	}
+);
+
+$.sceditorBBCodePlugin.bbcode.set(
+	'green', {
+		html: '<font color="green">{0}</font>'
+	}
+);
+
+$.sceditorBBCodePlugin.bbcode.set(
+	'red', {
+		html: '<font color="red">{0}</font>'
+	}
+);
+
+$.sceditorBBCodePlugin.bbcode.set(
+	'white', {
+		html: '<font color="white">{0}</font>'
+	}
+);
+
+$.sceditorBBCodePlugin.bbcode.set(
+	'list', {
+		breakStart: true,
+		isInline: false,
+		allowedChildren: ['*', 'li'],
+		html: function(element, attrs, content) {
+			var style = '';
+			var code = 'ul';
+
+			if (attrs.type)
+					style = ' style="list-style-type: ' + attrs.type + '"';
+
+			return '<' + code + style + '>' + content + '</' + code + '>';
+		}
+	}
+);
+
+$.sceditorBBCodePlugin.bbcode.set(
+	'ul', {
+		tags: {
+			ul: null
+		},
+		breakStart: true,
+		isInline: false,
+		html: '<ul>{0}</ul>',
+		format: function(element, content) {
+			if ($(element[0]).css('list-style-type') == 'disc')
+				return '[list]' + content + '[/list]';
+			else
+				return '[list type=' + $(element[0]).css('list-style-type') + ']' + content + '[/list]';
+		}
+	}
+);
+
+$.sceditorBBCodePlugin.bbcode.set(
+	'ol', {
+		tags: {
+			ol: null
+		},
+		breakStart: true,
+		isInline: false,
+		format: "[list type=decimal]{0}[/list]",
+		html: '<ol>{0}</ol>'
+	}
+);
+
+$.sceditorBBCodePlugin.bbcode.set(
+	'img', {
+		tags: {
+			img: {
+				src: null
+			}
+		},
+		allowsEmpty: true,
+		quoteType: $.sceditor.BBCodeParser.QuoteType.never,
+		format: function(element, content) {
+			var	attribs = '',
+				style = function(name) {
+					return element.style ? element.style[name] : null;
+				};
+
+			// check if this is an emoticon image
+			if(typeof element.attr('data-sceditor-emoticon') !== "undefined")
+				return content;
+
+			// only add width and height if one is specified
+			if(element.attr('width') || style('width'))
+				attribs += " width=" + $(element).width();
+			if(element.attr('height') || style('height'))
+				attribs += " height=" + $(element).height();
+			if(element.attr('alt'))
+				attribs += " alt=" + element.attr('alt');
+
+			return '[img' + attribs + ']' + element.attr('src') + '[/img]';
+		},
+		html: function(token, attrs, content) {
+			var	parts,
+				attribs = '';
+
+			// handle [img width=340 height=240]url[/img]
+			if(typeof attrs.width !== "undefined")
+				attribs += ' width="' + attrs.width + '"';
+			if(typeof attrs.height !== "undefined")
+				attribs += ' height="' + attrs.height + '"';
+			if(typeof attrs.alt !== "undefined")
+				attribs += ' alt="' + attrs.alt + '"';
+
+			return '<img' + attribs + ' src="' + content + '" />';
+		}
+	}
+);
+
+$.sceditorBBCodePlugin.bbcode.set(
+	'url', {
+		allowsEmpty: true,
+		tags: {
+			a: {
+				href: null
+			}
+		},
+		format: function(element, content) {
+			var url = element.attr('href');
+
+			// make sure this link is not an e-mail, if it is return e-mail BBCode
+			if(url.substr(0, 7) === 'mailto:')
+				return '[email=' + url.substr(7) + ']' + content + '[/email]';
+			// make sure this link is not an ftp, if it is return ftp BBCode
+			else if(url.substr(0, 3) === 'ftp')
+				return '[ftp=' +  url + ']' + content + '[/ftp]';
+
+			if(element.attr('target') !== undefined)
+				return '[url=' + decodeURI(url) + ']' + content + '[/url]';
+			else
+				return '[iurl=' + decodeURI(url) + ']' + content + '[/iurl]';
+		},
+		html: function(token, attrs, content) {
+			if(typeof attrs.defaultattr === "undefined" || attrs.defaultattr.length === 0)
+				attrs.defaultattr = content;
+
+			return '<a target="_blank" href="' + encodeURI(attrs.defaultattr) + '">' + content + '</a>';
+		}
+	}
+);
+
+$.sceditorBBCodePlugin.bbcode.set(
+	'iurl', {
+		allowsEmpty: true,
+		html: function(token, attrs, content) {
+			if(typeof attrs.defaultattr === "undefined" || attrs.defaultattr.length === 0)
+				attrs.defaultattr = content;
+
+			return '<a href="' + encodeURI(attrs.defaultattr) + '">' + content + '</a>';
+		}
+	}
+);
+
+$.sceditorBBCodePlugin.bbcode.set(
+	'ftp', {
+		allowsEmpty: true,
+		html: function(token, attrs, content) {
+			if(typeof attrs.defaultattr === "undefined" || attrs.defaultattr.length === 0)
+				attrs.defaultattr = content;
+
+			return '<a target="_blank" href="' + encodeURI(attrs.defaultattr) + '">' + content + '</a>';
+		}
+	}
+);
+
+$.sceditorBBCodePlugin.bbcode.set(
+	'tt', {
+		tags: {
+			tt: null
+		},
+		format: "[tt]{0}[/tt]",
+		html: '<tt>{0}</tt>'
+	}
+);
+
+$.sceditorBBCodePlugin.bbcode.set(
+	'pre', {
+		tags: {
+			pre: null
+		},
+		isBlock: true,
+		format: "[pre]{0}[/pre]",
+		html: "<pre>{0}</pre>\n"
+	}
+);
+
+$.sceditorBBCodePlugin.bbcode.set(
+	'move', {
+		tags: {
+			marquee: null
+		},
+		format: "[move]{0}[/move]",
+		html: '<marquee>{0}</marquee>'
+	}
+);
+
+$.sceditorBBCodePlugin.bbcode.set(
+	'php', {
+		isInline: false,
+		format: "[php]{0}[/php]",
+		html: '<code class="php">{0}</code>'
+	}
+);
+
+$.sceditorBBCodePlugin.bbcode.set(
+	'code', {
+		tags: {
+			code: null
+		},
+		isInline: false,
+		allowedChildren: ['#', '#newline'],
+		format: function(element, content) {
+			if ($(element[0]).hasClass('php'))
+				return '[php]' + content.replace('&#91;', '[') + '[/php]';
+
+			var from = '';
+			if ($(element).children("cite:first").length === 1)
+			{
+				from = $(element).children("cite:first").text();
+
+				$(element).attr({'from': from.php_htmlspecialchars()});
+
+				from = '=' + from;
+				content = '';
+				$(element).children("cite:first").remove();
+				content = this.elementToBbcode($(element));
+			}
+			else
+			{
+				if (typeof $(element).attr('from') != 'undefined')
+				{
+					from = '=' + $(element).attr('from').php_unhtmlspecialchars();
+				}
+			}
+
+			return '[code' + from + ']' + content.replace('&#91;', '[') + '[/code]';
+
+		},
+		html: function(element, attrs, content) {
+			var from = '';
+			if(typeof attrs.defaultattr !== "undefined")
+				from = '<cite>' + attrs.defaultattr + '</cite>';
+
+			return '<code>' + from + content.replace('[', '&#91;') + '</code>'
+		}
+	}
+);
+
+$.sceditorBBCodePlugin.bbcode.set(
+	'quote', {
+		tags: {
+			blockquote: null,
+			cite: null
+		},
+		quoteType: $.sceditor.BBCodeParser.QuoteType.never,
+		breakBefore: false,
+		isInline: false,
+		format: function(element, content) {
+			var author = '';
+			var date = '';
+			var link = '';
+
+			// The <cite> contains only the graphic for the quote, so we can skip it
+			if(element[0].tagName.toLowerCase() === 'cite')
+				return '';
+
+			if(element.attr('author'))
+				author = ' author=' + element.attr('author').php_unhtmlspecialchars();
+			if(element.attr('date'))
+				date = ' date=' + element.attr('date');
+			if(element.attr('link'))
+				link = ' link=' + element.attr('link');
+
+			return '[quote' + author + date + link + ']' + content + '[/quote]';
+		},
+		html: function(element, attrs, content) {
+			var attr_author = '', author = '';
+			var attr_date = '', sDate = '';
+			var attr_link = '', link = '';
+
+			if(typeof attrs.author !== "undefined" && attrs.author)
+			{
+				attr_author = attrs.author;
+				author = bbc_quote_from + ': ' + attr_author;
+			}
+
+			// Links could be in the form: link=topic=71.msg201#msg201 that would fool javascript, so we need a workaround
+			// Probably no more necessary
+			for (var key in attrs)
+			{
+				if (key.substr(0, 4) == 'link' && attrs.hasOwnProperty(key))
+				{
+					var attr_link = key.length > 4 ? key.substr(5) + '=' + attrs[key] : attrs[key];
+
+					link = attr_link.substr(0, 7) == 'http://' ? attr_link : smf_scripturl + '?' + attr_link;
+					author = author == '' ? '<a href="' + link + '">' + bbc_quote_from + ': ' + link + '</a>' : '<a href="' + link + '">' + author + '</a>';
+				}
+			}
+
+			if(typeof attrs.date !== "undefined" && attrs.date)
+			{
+				attr_date = attrs.date;
+				sDate = '<date timestamp="' + attr_date + '">' + new Date(attrs.date * 1000) + '</date>';
+			}
+
+			if (author == '' && sDate == '')
+				author = bbc_quote;
+			else
+				author += ' ' + bbc_search_on;
+
+			content = '<blockquote author="' + attr_author + '" date="' + attr_date + '" link="' + attr_link + '"><cite>' + author + ' ' + sDate + '</cite>' + content + '</blockquote>';
+
+			return content;
+		}
+	}
+);

other/install_2-1_postgresql.sql

@@ -2426,7 +2426,7 @@ INSERT INTO {$db_prefix}smileys	(code, filename, description, smiley_order, hidd
 INSERT INTO {$db_prefix}smileys	(code, filename, description, smiley_order, hidden) VALUES (':P', 'tongue.gif', '{$default_tongue_smiley}', 10, 0);
 INSERT INTO {$db_prefix}smileys	(code, filename, description, smiley_order, hidden) VALUES (':-[', 'embarrassed.gif', '{$default_embarrassed_smiley}', 11, 0);
 INSERT INTO {$db_prefix}smileys	(code, filename, description, smiley_order, hidden) VALUES (':-X', 'lipsrsealed.gif', '{$default_lips_sealed_smiley}', 12, 0);
-INSERT INTO {$db_prefix}smileys	(code, filename, description, smiley_order, hidden) VALUES (':-\', 'undecided.gif', '{$default_undecided_smiley}', 13, 0);
+INSERT INTO {$db_prefix}smileys	(code, filename, description, smiley_order, hidden) VALUES (':-\\', 'undecided.gif', '{$default_undecided_smiley}', 13, 0);
 INSERT INTO {$db_prefix}smileys	(code, filename, description, smiley_order, hidden) VALUES (':-*', 'kiss.gif', '{$default_kiss_smiley}', 14, 0);
 INSERT INTO {$db_prefix}smileys	(code, filename, description, smiley_order, hidden) VALUES (':''(', 'cry.gif', '{$default_cry_smiley}', 15, 0);
 INSERT INTO {$db_prefix}smileys	(code, filename, description, smiley_order, hidden) VALUES ('>:D', 'evil.gif', '{$default_evil_smiley}', 16, 1);

other/upgrade_2-1_postgresql.sql

@@ -393,7 +393,7 @@ CREATE TABLE {$db_prefix}user_drafts (
 	poster_time int NOT NULL default '0',
 	id_member int NOT NULL default '0',
 	subject varchar(255) NOT NULL default '',
-	smileys_enabled NOT NULL default '1',
+	smileys_enabled smallint NOT NULL default '1',
 	body text NOT NULL,
 	icon varchar(16) NOT NULL default 'xx',
 	locked smallint NOT NULL default '0',