*  Beefed up the referrer check in admin/options.
*  Fixed a bunch of path disclosures.
*  Fixed possible e-mail reset annoyance.
*  Fixed XSS vulnerability involving HTTP_REFERER when sending form e-mail.
*  Moved template tag replacement of pun_include to the top of all
   replacements to prevent exploitation via XSS vulnerabilities. On top of
   this, all included files must have one of the file extensions .php, .php4,
   .php5, .inc, .html, .htm or .txt.
*  Made sure the profile field URL actually starts with "http://".
*  Fixed XSS vulnerability when deleting a category (admin only).
*  Fixed unregister_globals() not being called when ini_get() fails due to
   being disabled in php.ini.
*  Added missing xmlns attribute to html tag in several files.
*  Stricter permission checks for moderate.php.
*  Fixed two PostgreSQL bugs.
*  Fixed topics appearing multiple times in certain searches.
*  Fixed "Mark topics as read" failing after timeout.
*  Fixed users appearing multiple times in the online list.
*  Fixed disabling "Search All Forums" not actually removing the ability to
   search all forums.
*  Fixed non-integer timezones being truncated (e.g. +3.5 -> +3) when
   registering.
*  Optimized a query in search.
*  Fixed online indicator not displaying properly in IE7.