diff --git a/src/zm_image.cpp b/src/zm_image.cpp
index 21745da9e..890999e1a 100644
--- a/src/zm_image.cpp
+++ b/src/zm_image.cpp
@@ -1650,6 +1650,7 @@ Image *Image::Highlight( unsigned int n_images, Image *images[], const Rgb thres
   unsigned int size = result->size;
   for ( unsigned int c = 0; c < colours; c++ )
   {
+    unsigned int ref_colour_rgb = RGB_VAL(ref_colour,c);
     for ( unsigned int i = 0; i < size; i++ )
     {
       unsigned int count = 0;
@@ -1658,12 +1659,8 @@ Image *Image::Highlight( unsigned int n_images, Image *images[], const Rgb thres
       {
         uint8_t *psrc = images[j]->buffer+c;
 
-#ifndef SOLARIS
-        if ( (unsigned)abs((*psrc)-RGB_VAL(ref_colour,c)) >= RGB_VAL(threshold,c) )
-#else
-        if ( (unsigned)std::abs((*psrc)-RGB_VAL(ref_colour,c)) >= RGB_VAL(threshold,c) )
-#endif
-        {
+        unsigned int diff = ((*psrc)-ref_colour_rgb) > 0 ? (*psrc)-ref_colour_rgb : ref_colour_rgb - (*psrc);
+        if (diff >= RGB_VAL(threshold,c)) {
           count++;
         }
         psrc += colours;
diff --git a/src/zm_user.cpp b/src/zm_user.cpp
index 12dcf0cf4..ba1996ba2 100644
--- a/src/zm_user.cpp
+++ b/src/zm_user.cpp
@@ -98,18 +98,23 @@ bool User::canAccess( int monitor_id )
 
 // Function to load a user from username and password
 // Please note that in auth relay mode = none, password is NULL
-User *zmLoadUser( const char *username, const char *password )
-{
-  char sql[ZM_SQL_SML_BUFSIZ] = "";
-  char safer_username[65]; // current db username size is 32
-  char safer_password[129]; // current db password size is 64
+User *zmLoadUser( const char *username, const char *password ) {
+  char sql[ZM_SQL_MED_BUFSIZ] = "";
+  int username_length = strlen(username);
+  char *safer_username = new char[(username_length * 2) + 1];
 
   // According to docs, size of safer_whatever must be 2*length+1 due to unicode conversions + null terminator.
-  mysql_real_escape_string(&dbconn, safer_username, username, strlen( username ) );
+  mysql_real_escape_string(&dbconn, safer_username, username, username_length );
 
   if ( password ) {
-    mysql_real_escape_string(&dbconn, safer_password, password, strlen( password ) );
-    snprintf( sql, sizeof(sql), "select Username, Password, Enabled, Stream+0, Events+0, Control+0, Monitors+0, System+0, MonitorIds from Users where Username = '%s' and Password = password('%s') and Enabled = 1", safer_username, safer_password );
+    int password_length = strlen(password);
+    char *safer_password = new char[(password_length * 2) + 1];
+    mysql_real_escape_string(&dbconn, safer_password, password, password_length);
+    snprintf(sql, sizeof(sql),
+        "SELECT Id, Username, Password, Enabled, Stream+0, Events+0, Control+0, Monitors+0, System+0, MonitorIds"
+        " FROM Users WHERE Username = '%s' AND Password = password('%s') AND Enabled = 1",
+        safer_username, safer_password );
+    delete safer_password;
   } else {
     snprintf( sql, sizeof(sql), "select Username, Password, Enabled, Stream+0, Events+0, Control+0, Monitors+0, System+0, MonitorIds from Users where Username = '%s' and Enabled = 1", safer_username );
   }
@@ -139,7 +144,8 @@ User *zmLoadUser( const char *username, const char *password )
   User *user = new User( dbrow );
   Info( "Authenticated user '%s'", user->getUsername() );
 
-  mysql_free_result( result );
+  mysql_free_result(result);
+  delete safer_username;
 
   return( user );
 }
diff --git a/version b/version
index 593d72103..ff592d353 100644
--- a/version
+++ b/version
@@ -1 +1 @@
-1.30.4
+1.30.5
diff --git a/web/api/app/Plugin/Crud b/web/api/app/Plugin/Crud
index c3976f147..0bd63fb46 160000
--- a/web/api/app/Plugin/Crud
+++ b/web/api/app/Plugin/Crud
@@ -1 +1 @@
-Subproject commit c3976f1478c681b0bbc132ec3a3e82c3984eeed5
+Subproject commit 0bd63fb464957080ead342db58ca9e01532cf1ef
diff --git a/web/skins/classic/includes/functions.php b/web/skins/classic/includes/functions.php
index 7fba6c5ac..86bbff99a 100644
--- a/web/skins/classic/includes/functions.php
+++ b/web/skins/classic/includes/functions.php
@@ -44,7 +44,7 @@ function xhtmlHeaders( $file, $title )
 <head>
   <meta charset="utf-8">
   <meta http-equiv="X-UA-Compatible" content="IE=edge">
-  <meta name="viewport" content="width=device-width, initial-scale=1, maxiumum-scale=1.0, user-scalable=no">
+  <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1.0, user-scalable=no">
   <title><?php echo ZM_WEB_TITLE_PREFIX ?> - <?php echo validHtmlStr($title) ?></title>
   <link rel="icon" type="image/ico" href="graphics/favicon.ico"/>
   <link rel="shortcut icon" href="graphics/favicon.ico"/>
diff --git a/web/skins/classic/views/montagereview.php b/web/skins/classic/views/montagereview.php
index b85ca9fda..9cdb882ce 100644
--- a/web/skins/classic/views/montagereview.php
+++ b/web/skins/classic/views/montagereview.php
@@ -474,6 +474,11 @@ foreach ($monitors as $m)
     $numMonitors += 1;
 }
 echo "var numMonitors = $numMonitors;\n";
+
+if ( ! $minTimeSecs )
+$minTimeSecs = strtotime("2036-01-01 01:01:01");
+if ( ! $maxTimeSecs )
+$maxTimeSecs = strtotime("1950-01-01 01:01:01");
 echo "var minTimeSecs="     . $minTimeSecs . ";\n";
 echo "var maxTimeSecs="     . $maxTimeSecs . ";\n";
 echo "var rangeTimeSecs="   . ( $maxTimeSecs - $minTimeSecs + 1) . ";\n";