diff --git a/account.php b/account.php
index 2f2914a4a2893f439e16f4a1ad95fa437d16c609..a272c6f3d9e45ec52f5f2ccca1c1f2384dcb4ca1 100644
--- a/account.php
+++ b/account.php
@@ -57,6 +57,7 @@ elseif ($_POST) {
     if ($thisclient) {
         $user_form->getField('email')->configure('disabled', true);
         $user_form->getField('email')->value = $thisclient->getEmail();
+        $_POST['email'] = $thisclient->getEmail();
     }
 
     if (!$user_form->isValid(function($f) { return !$f->isVisibleToUsers(); }))
diff --git a/include/class.charset.php b/include/class.charset.php
index 160c26fadb59a8bc3dc10a4aba7277e2f269af21..e8357b9aa262589b9be30949398b6fb2a85e04cd 100644
--- a/include/class.charset.php
+++ b/include/class.charset.php
@@ -29,7 +29,8 @@ class Charset {
         // ks_c_5601-1987: Korean alias for cp949
         case preg_match('`^ks_c_5601-1987`i', $charset):
             return 'cp949';
-        case preg_match('`^iso-?(\S+)$`i', $charset, $match):
+        // Remove trailing junk from ISO charset
+        case preg_match('`^iso-?(\S+[^i])(-i)?$`i', $charset, $match):
             return "ISO-".$match[1];
         // GBK superceded gb2312 and is backward compatible
         case preg_match('`^gb2312`i', $charset):
diff --git a/include/class.dynamic_forms.php b/include/class.dynamic_forms.php
index ca46bed6994d3d4e92a616a639607058bfd1f76c..dfc59d22d9d80e02de9ac7ca9919a80e967904bf 100644
--- a/include/class.dynamic_forms.php
+++ b/include/class.dynamic_forms.php
@@ -1795,7 +1795,8 @@ class SelectionField extends FormField {
             // Add in the properties for all selected list items in sub
             // labeled by their field id
             foreach ($v as $id=>$L) {
-                if (!($li = DynamicListItem::lookup($id)))
+                if (!($li = DynamicListItem::lookup($id))
+                      || !$li->getListId())
                     continue;
                 foreach ($li->getFilterData() as $prop=>$value) {
                     if (!isset($data[$prop]))
diff --git a/include/class.file.php b/include/class.file.php
index 419a2820922f6405f83d236b8cc47934f566dbc5..ad1ffd49bf2303b8b3548a7c0a2f6474d1990c0d 100644
--- a/include/class.file.php
+++ b/include/class.file.php
@@ -268,11 +268,7 @@ class AttachmentFile extends VerySimpleModel {
         $ttl = ($expires) ? $expires - Misc::gmtime() : false;
         $this->makeCacheable($ttl);
         $type = $this->getType() ?: 'application/octet-stream';
-        if (isset($_REQUEST['overridetype']))
-            $type = $_REQUEST['overridetype'];
-        elseif (!strcasecmp($disposition, 'attachment'))
-            $type = 'application/octet-stream';
-        Http::download($name ?: $this->getName(), $type, null, $disposition);
+        Http::download($this->getName(), $type, null, 'inline');
         header('Content-Length: '.$this->getSize());
         $this->sendData(false);
         exit();
diff --git a/include/class.forms.php b/include/class.forms.php
index 45a3b3bf1cc852570a77d61e8a81309933a3e4b5..a6f57acef1eac179cb4c5fb4a4966a3fa7dcfa46 100644
--- a/include/class.forms.php
+++ b/include/class.forms.php
@@ -3420,6 +3420,9 @@ class FileUploadField extends FormField {
         $file = array_shift($files);
         $file['name'] = urldecode($file['name']);
 
+        if (!$this->isValidFile($file))
+            Http::response(413, 'Invalid File');
+
         if (!$bypass && !$this->isValidFileType($file['name'], $file['type']))
             Http::response(415, 'File type is not allowed');
 
@@ -3446,6 +3449,9 @@ class FileUploadField extends FormField {
         if (!$this->isValidFileType($file['name'], $file['type']))
             throw new FileUploadError(__('File type is not allowed'));
 
+        if (!$this->isValidFile($file))
+             throw new FileUploadError(__('Invalid File'));
+
         $config = $this->getConfiguration();
         if ($file['size'] > $config['size'])
             throw new FileUploadError(__('File size is too large'));
@@ -3481,6 +3487,18 @@ class FileUploadField extends FormField {
         return $F;
     }
 
+    function isValidFile($file) {
+
+        // Check invalid image hacks
+        if ($file['tmp_name']
+                && stripos($file['type'], 'image/') === 0
+                && function_exists('exif_imagetype')
+                && !exif_imagetype($file['tmp_name']))
+            return false;
+
+        return true;
+    }
+
     function isValidFileType($name, $type=false) {
         $config = $this->getConfiguration();
 
diff --git a/include/class.search.php b/include/class.search.php
index 2e05d9445ed1e5195cd96dd04469986579d55e39..3bc1ec35552ea4a7d7ecadb050e7c2aea18ff18e 100755
--- a/include/class.search.php
+++ b/include/class.search.php
@@ -482,7 +482,7 @@ class MysqlSearchBackend extends SearchBackend {
         $sql = "SELECT A1.`id`, A1.`title`, A1.`body`, A1.`format` FROM `".THREAD_ENTRY_TABLE."` A1
             LEFT JOIN `".TABLE_PREFIX."_search` A2 ON (A1.`id` = A2.`object_id` AND A2.`object_type`='H')
             WHERE A2.`object_id` IS NULL AND (A1.poster <> 'SYSTEM')
-            AND (LENGTH(A1.`title`) + LENGTH(A1.`body`) > 0)
+            AND (IFNULL(LENGTH(A1.`title`), 0) + IFNULL(LENGTH(A1.`body`), 0) > 0)
             ORDER BY A1.`id` DESC LIMIT 500";
         if (!($res = db_query_unbuffered($sql, $auto_create)))
             return false;