* Fixed post preview inconsistently preparsing BBCode (post.php and edit.php differed in the way they preparsed and displayed BBCode). * Fixed SQL injection vulnerabilities in the admin interface (only exploitable by admins and mods). * Fixed rare CGI error on admin index page. * Fixed XSS vulnerability involving URL BBCode (only affects Internet Explorer). * Fixed SQL injection vulnerability in search (only exploitable with register_globals enabled). * Fixed banned users still appearing in the online list. * Fixed updating certain admin options not always working properly.