diff --git a/prairie/.htaccess b/prairie/.htaccess
index f6b4777..da6c382 100755
--- a/prairie/.htaccess
+++ b/prairie/.htaccess
@@ -24,4 +24,4 @@ IndexIgnore */*
 RewriteEngine On
 RewriteCond %{REQUEST_FILENAME} !-f
 RewriteCond %{REQUEST_FILENAME} !-d
-RewriteRule . index.php
+RewriteRule ^(.*) index.php/$1
diff --git a/prairie/account.php b/prairie/account.php
index 7cfbcab..9b88e15 100755
--- a/prairie/account.php
+++ b/prairie/account.php
@@ -40,7 +40,7 @@
 		SET 
 		user_email_notify=" . $email_notify . " 
 		WHERE
-		user_id=" . $_SESSION['user_id']
+		user_id=" . (int)$_SESSION['user_id']
 	;
 	
 	$db->Execute($query);
@@ -75,7 +75,7 @@
 			user_language=" . $db->qstr($_POST['user_language']) . ",
 			user_timezone=" . $db->qstr($_POST['user_timezone']) . ",
 			user_birthdate=" . $db->qstr($_POST['user_birthdate']) . "
-			WHERE user_id=" . $_SESSION['user_id'].";";
+			WHERE user_id=" . (int)$_SESSION['user_id'].";";
 
 		$db->Execute($query);
 		
@@ -133,7 +133,7 @@
 		$query = "
 			UPDATE " . $db->prefix . "_user
 			SET user_email=" . $db->qstr(trim($_POST['user_email1'])) . " 
-			WHERE user_id=" . $_SESSION['user_id']
+			WHERE user_id=" . (int)$_SESSION['user_id']
 		;
 
 		$db->Execute($query);
@@ -159,7 +159,7 @@
 		$query = "
 			SELECT user_id
 			FROM " . $db->prefix . "_user
-			WHERE user_id=" . $_SESSION['user_id'] . "
+			WHERE user_id=" . (int)$_SESSION['user_id'] . "
 			AND user_password=" . $db->qstr(md5($_POST['user_password_old']))
 		;
 		
@@ -175,7 +175,7 @@
 			UPDATE " . $db->prefix . "_user
 			SET user_password=" . $db->qstr(md5($_POST['user_password1'])) . "
 			WHERE
-			user_id=" . $_SESSION['user_id'] . " AND
+			user_id=" . (int)$_SESSION['user_id'] . " AND
 			user_password=" . $db->qstr(md5($_POST['user_password_old']))
 		;
 		
@@ -188,7 +188,7 @@
 
 
 // CHECK TO DISPLAY AVATAR DELETE BUTTON ------
-$av = glob($core_config['file']['dir'] . "avatars/" . $_SESSION['user_id'] . "/100*");
+$av = glob($core_config['file']['dir'] . "avatars/" . (int)$_SESSION['user_id'] . "/100*");
 
 if (isset($av[0])) {
 	$body->set('display_avatar_delete_button', 1);
diff --git a/prairie/class/Db.class.php b/prairie/class/Db.class.php
index 2479b61..08ca892 100755
--- a/prairie/class/Db.class.php
+++ b/prairie/class/Db.class.php
@@ -114,7 +114,7 @@ function Execute($query, $rows=null, $offset=null) {
 	function qstr($s) {
 		
 		if (!get_magic_quotes_gpc()) {
- 			$s = addslashes($s);
+ 			$s =  mysql_real_escape_string($s);
 		}
 		return "'" . $s . "'";
 	}
diff --git a/prairie/class/Openid.class.php b/prairie/class/Openid.class.php
index 985748b..299d46e 100644
--- a/prairie/class/Openid.class.php
+++ b/prairie/class/Openid.class.php
@@ -387,7 +387,7 @@ function checkid_setup($type = null) {
 			$openid_return_to = GetFromURL("openid_return_to"); 
 			
 			if ($openid_identity == 'http://specs.openid.net/auth/2.0/identifier_select'){
-				$openid_identity='http://'.$_SERVER['SERVER_NAME'].'/'; 
+				$openid_identity='http'.(isset($_SERVER['HTTPS'])&& (strtolower($_SERVER['HTTPS']) == 'on' || $_SERVER['HTTPS'] == 1) ? 's' : '').'://'.$_SERVER['SERVER_NAME'].'/'; 
 			}
 			
 			$openIDns=GetFromURL("openid_ns"); 
@@ -469,7 +469,7 @@ function checkid_immediate() {
 		$openid_return_to = GetFromURL("openid_return_to"); 
 					
 		if ($openid_identity == 'http://specs.openid.net/auth/2.0/identifier_select'){
-			$openid_identity='http://'.$_SERVER['SERVER_NAME'].'/'; 
+			$openid_identity='http'.(isset($_SERVER['HTTPS'])&& (strtolower($_SERVER['HTTPS']) == 'on' || $_SERVER['HTTPS'] == 1) ? 's' : '').'://'.$_SERVER['SERVER_NAME'].'/'; 
 		}	
 		
 		if (!empty($_SESSION['user_id'])) {
diff --git a/prairie/editor.php b/prairie/editor.php
index 1fe2c44..06ee725 100644
--- a/prairie/editor.php
+++ b/prairie/editor.php
@@ -30,7 +30,7 @@
 if (isset($_POST['save_profile'])) {
 	$title = trim($_POST['webspace_title']);
 	
-	if (is_file('theme/' . $_POST['theme_name'] . '/thumb.png')) {
+	if (in_array($_POST['theme_name'], barnraiser_scandir('theme/')) && is_file('theme/' . $_POST['theme_name'] . '/thumb.png')) {
 		$theme_name = $_POST['theme_name'];
 	}
 	else {
@@ -40,7 +40,7 @@
 	$query = "
 		SELECT user_id
 		FROM " . $db->prefix . "_webspace
-		WHERE user_id=" . $_SESSION['user_id']
+		WHERE user_id=" . (int)$_SESSION['user_id']
 	;
 	
 	$result = $db->Execute($query);
@@ -63,17 +63,17 @@
 			webspace_title=" . $db->qstr($title) . ",
 			webspace_theme=" . $db->qstr($theme_name) . "
 			WHERE 
-			user_id=" . $_SESSION['user_id']
+			user_id=" . (int)$_SESSION['user_id']
 		;
 	
 		$db->Execute($query);
 	}
 
 	if (!empty($title)) {
-		makeThemeHeader($core_config['file']['dir'], $_SESSION['user_id'], $theme_name, $title);
+		makeThemeHeader($core_config['file']['dir'], (int)$_SESSION['user_id'], $theme_name, $title);
 	}
 	else {
-		unlink($core_config['file']['dir'] . "/titles/" . $_SESSION['user_id'] . ".png");
+		unlink($core_config['file']['dir'] . "/titles/" . (int)$_SESSION['user_id'] . ".png");
 	}
 
 	header('location: /editor');
@@ -89,7 +89,7 @@
 	$query = "
 		SELECT user_id
 		FROM " . $db->prefix . "_webspace
-		WHERE user_id=" . $_SESSION['user_id']
+		WHERE user_id=" . (int)$_SESSION['user_id']
 	;
 	
 	$result = $db->Execute($query);
@@ -111,7 +111,7 @@
 			SET 
 			webspace_html=" . $db->qstr($html) . " 
 			WHERE 
-			user_id=" . $_SESSION['user_id']
+			user_id=" . (int)$_SESSION['user_id']
 		;
 		$db->Execute($query);
 	}
@@ -123,7 +123,7 @@
 $query = "
 	SELECT *
 	FROM " . $db->prefix . "_webspace
-	WHERE user_id=" . $_SESSION['user_id']
+	WHERE user_id=" . (int)$_SESSION['user_id']
 ;
 
 $result = $db->Execute($query);
diff --git a/prairie/get_file.php b/prairie/get_file.php
index 2fd2b49..b993866 100755
--- a/prairie/get_file.php
+++ b/prairie/get_file.php
@@ -47,17 +47,17 @@
 		$_REQUEST['width'] = 100;
 	}
 
-	$av = glob($core_config['file']['dir'] . 'avatars/' . $_REQUEST['avatar'] . '/' . $_REQUEST['width'] . '*');
+	$av = glob($core_config['file']['dir'] . 'avatars/' . (int)$_REQUEST['avatar'] . '/' . (int)$_REQUEST['width'] . '*');
 
 	if (isset($av[0])) {
 		$file = $av[0];
 	}
 	else {
-		$file = 'template/silver/img/no_avatar_' . $_REQUEST['width'] . '.png';
+		$file = 'template/silver/img/no_avatar_' . (int)$_REQUEST['width'] . '.png';
 	}
 }
 elseif (isset($_REQUEST['title'])) { // ?title=file = webpage title image
-	$file = $core_config['file']['dir'] . 'titles/' . $_REQUEST['title'] . '.png';
+	$file = $core_config['file']['dir'] . 'titles/' . (int)$_REQUEST['title'] . '.png';
 
 	if (!is_file($file)) {
 		$file = $core_config['file']['dir'] . 'titles/0.png';
diff --git a/prairie/inc/functions.inc.php b/prairie/inc/functions.inc.php
index 1df9f19..94e9554 100644
--- a/prairie/inc/functions.inc.php
+++ b/prairie/inc/functions.inc.php
@@ -135,7 +135,7 @@ function labeltextarea_($name, $label, $value="") {
 function input_($name,  $defval="", $type="text", $size=45, $maxlength=0, $style=""){
 	$html='<input'; 
 	if ($style)$html.=' class="'.$style.'"'; 
-	$html .=' name="'.$name.'" type="'.$type.'" value="'.$defval.'"'; 
+	$html .=' name="'.$name.'" type="'.$type.'" value="'.htmlspecialchars($defval).'"'; 
 	$html .= ' id="'.$name.'" size="'.$size.'"'; 
 	if ($maxlength!=0) $html.=' maxlength="'.$maxlength.'"'; 
 	$html.="/>\n"; 
@@ -151,16 +151,10 @@ function textarea_($name, $content="", $cols=60, $rows=4, $style="" ) {
 
 // URL routing into array
 function routeURL ($webspace_name=null) {
-
-	$document_root = trim(dirname($_SERVER['PHP_SELF']), '/');
-	$script_name = $_SERVER['PHP_SELF'];
-
-	$request_uri = substr($_SERVER['REQUEST_URI'], strlen($document_root) + 1);
-	
-	$tmp = strpos($request_uri, '?');
-	
-	if ($tmp) {
-		$request_uri = substr($request_uri, 0, $tmp);
+	if (isset($_SERVER['ORIG_PATH_INFO'])) {
+		$request_uri = substr($_SERVER['ORIG_PATH_INFO'], 1);
+	} else {
+		$request_uri = substr($_SERVER['PATH_INFO'], 1);
 	}
 	
 	$request_arr = explode('/', $request_uri);
diff --git a/prairie/index.php b/prairie/index.php
index 5fc6c8d..a35d4dd 100644
--- a/prairie/index.php
+++ b/prairie/index.php
@@ -157,9 +157,15 @@
 						$data_to_send = Array ();
 						$data_to_send['openid.ns'] = 'http://specs.openid.net/auth/2.0';
 						$data_to_send['openid.mode'] = 'setup_needed';
-						$data_to_send['openid.user_setup_url'] = 'http://'.$_SERVER['SERVER_NAME'] . '/login';
+						$data_to_send['openid.user_setup_url'] = 'http'.(isset($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS']) == 'on' || $_SERVER['HTTPS'] == 1) ? 's' : '').'://'.$_SERVER['SERVER_NAME'] . '/login';
 					
-						header('location: ' . $openid_return_to . $s . http_build_query($data_to_send));
+						$redirurl = $openid_return_to . $s . http_build_query($data_to_send);
+						if (strpos($redirurl, '\n') !== FALSE || (strpos($redirurl, 'http://')!==0 && strpos($redirurl, 'https://')!==0)) {
+							header("Status: 500");
+							echo "Invalid return URL found.";
+							exit;
+						}
+						header('location: ' . $redirurl);
 						exit;
 					}
 						
diff --git a/prairie/login.php b/prairie/login.php
index 67b05c9..280bfcf 100755
--- a/prairie/login.php
+++ b/prairie/login.php
@@ -127,7 +127,7 @@
 			$query = "
 				UPDATE " . $db->prefix . "_user
 				SET user_password=" . $db->qstr(md5($new_password)) . "
-				WHERE user_id=" . $result[0]['user_id']
+				WHERE user_id=" . (int)$result[0]['user_id']
 			;
 			
 			$db->Execute($query);
diff --git a/prairie/maintain.php b/prairie/maintain.php
index 41c5b30..ff52b08 100755
--- a/prairie/maintain.php
+++ b/prairie/maintain.php
@@ -41,7 +41,7 @@
 		user_email=" . $db->qstr($_POST['user_email']) . ",
 		user_dob=" . $db->qstr($dob) . " 
 		WHERE
-		user_id=" . $_POST['user_id']
+		user_id=" . (int)$_POST['user_id']
 	;
 
 	$db->Execute($query);
@@ -52,7 +52,7 @@
 		SELECT user_id
 		FROM " . $db->prefix . "_user
 		WHERE
-		user_id=" . $_POST['user_id']
+		user_id=" . (int)$_POST['user_id']
 	;
 
 	$result = $db->Execute($query, 1);
@@ -65,7 +65,7 @@
 		$query = "
 			UPDATE " . $db->prefix . "_user
 			SET user_password=" . $db->qstr(md5($new_password)) . "
-			WHERE user_id=" . $result[0]['user_id']
+			WHERE user_id=" . (int)$result[0]['user_id']
 		;
 		
 		$db->Execute($query);
@@ -107,7 +107,7 @@
 	$query = "
 		UPDATE " . $db->prefix . "_user
 		SET user_registration_key=" . $db->qstr($key) . "
-		WHERE user_id=" . $_POST['user_id']
+		WHERE user_id=" . (int)$_POST['user_id']
 	;
 
 	$db->Execute($query);
@@ -215,7 +215,7 @@
 		SELECT user_id, openid_name, user_name, user_email, user_dob, user_live 
 		FROM " . $db->prefix . "_user 
 		WHERE 
-		user_id=".$uri_routing[2]
+		user_id=".(int)$uri_routing[2]
 	;
 	
 	$result = $db->Execute($query, 1);
diff --git a/prairie/profile.php b/prairie/profile.php
index 44e7e58..58908f2 100755
--- a/prairie/profile.php
+++ b/prairie/profile.php
@@ -50,11 +50,11 @@
 
 		require_once('class/Mail/class.phpmailer.php');
 
-		$email_subject = stripslashes(htmlspecialchars($_POST['contact_subject']));
+		$email_subject = htmlspecialchars($_POST['contact_subject']);
 		
 		$mail->Subject = $email_subject;
 	
-		$email_message = stripslashes(htmlspecialchars($_POST['contact_message']));
+		$email_message = htmlspecialchars($_POST['contact_message']);
 	
 		if (!empty($_POST['contact_email'])) {
 			$email_message .= "\n\n";
diff --git a/prairie/register.php b/prairie/register.php
index 7e5c39a..278a8e2 100755
--- a/prairie/register.php
+++ b/prairie/register.php
@@ -44,7 +44,7 @@
 			user_registration_key=NULL,
 			user_live=1 
 			WHERE 
-			user_id=" . $result[0]['user_id']
+			user_id=" . (int)$result[0]['user_id']
 		;
 		
 		$db->Execute($query);
diff --git a/prairie/template/account.tpl.php b/prairie/template/account.tpl.php
index 20f1ddf..bbddcbd 100755
--- a/prairie/template/account.tpl.php
+++ b/prairie/template/account.tpl.php
@@ -35,7 +35,7 @@
 		<div class="box_body">
 			<p>
 				<label for="id_user_name"><?php echo _("Name");?></label>
-				<input type="text" name="user_name" id="id_user_name" value="<?php if (isset($_SESSION['user_name'])) { echo $_SESSION['user_name']; }?>" />
+				<input type="text" name="user_name" id="id_user_name" value="<?php if (isset($_SESSION['user_name'])) { echo htmlspecialchars($_SESSION['user_name']); }?>" />
 			</p>
 				
 			<p>
@@ -114,7 +114,7 @@
 			
 			<p>
 				<label for="id_user_location"><?php echo _("Location");?></label>
-				<input type="text" name="user_location" id="id_user_location" value="<?php if (isset($_SESSION['user_location'])) echo $_SESSION['user_location']; ?>" />
+				<input type="text" name="user_location" id="id_user_location" value="<?php if (isset($_SESSION['user_location'])) echo htmlspecialchars($_SESSION['user_location']); ?>" />
 			</p>
 			
 			<p class="warning">
@@ -123,37 +123,37 @@
 			
 			<p>
 				<label for="id_user_nick"><?php echo _("Nickname");?></label>
-				<input type="text" name="user_nick" id="id_user_nick" value="<?php if (isset($_SESSION['user_nick'])) echo $_SESSION['user_nick']; ?>" />
+				<input type="text" name="user_nick" id="id_user_nick" value="<?php if (isset($_SESSION['user_nick'])) echo htmlspecialchars($_SESSION['user_nick']); ?>" />
 			</p>
 			<p>
 				<label for="id_user_gender"><?php echo _("Gender (M/F)");?></label>
-				<input type="text" name="user_gender" id="id_user_gender" value="<?php if (isset($_SESSION['user_gender'])) echo $_SESSION['user_gender']; ?>" />
+				<input type="text" name="user_gender" id="id_user_gender" value="<?php if (isset($_SESSION['user_gender'])) echo htmlspecialchars($_SESSION['user_gender']); ?>" />
 			</p>
 			
 			<p>
 				<label for="id_user_postcode"><?php echo _("Postcode");?></label>
-				<input type="text" name="user_postcode" id="id_user_postcode" value="<?php if (isset($_SESSION['user_postcode'])) echo $_SESSION['user_postcode']; ?>" />
+				<input type="text" name="user_postcode" id="id_user_postcode" value="<?php if (isset($_SESSION['user_postcode'])) echo htmlspecialchars($_SESSION['user_postcode']); ?>" />
 			</p>
 			
 			<p>
 				<label for="id_user_country"><?php echo _("Country code");?></label>
-				<input type="text" name="user_country" id="id_user_country" value="<?php if (isset($_SESSION['user_country'])) echo $_SESSION['user_country']; ?>" />
+				<input type="text" name="user_country" id="id_user_country" value="<?php if (isset($_SESSION['user_country'])) echo htmlspecialchars($_SESSION['user_country']); ?>" />
 			</p>
 		
 		
 			<p>
 				<label for="id_user_language"><?php echo _("Preferred Language (EN)");?></label>
-				<input type="text" name="user_language" id="id_user_language" value="<?php if (isset($_SESSION['user_language'])) echo $_SESSION['user_language']; ?>" />
+				<input type="text" name="user_language" id="id_user_language" value="<?php if (isset($_SESSION['user_language'])) echo htmlspecialchars($_SESSION['user_language']); ?>" />
 			</p>
 			
 			<p>
 				<label for="id_user_timezone"><?php echo _("Timezone (Europe/Paris)");?></label>
-				<input type="text" name="user_timezone" id="id_user_timezone" value="<?php if (isset($_SESSION['user_timezone'])) echo $_SESSION['user_timezone']; ?>" />
+				<input type="text" name="user_timezone" id="id_user_timezone" value="<?php if (isset($_SESSION['user_timezone'])) echo htmlspecialchars($_SESSION['user_timezone']); ?>" />
 			</p>
 			
 			<p>
 				<label for="id_user_birthdate"><?php echo _("Birthdate (YYYY-MM-DD)");?></label>
-				<input type="text" name="user_birthdate" id="id_user_birthdate" value="<?php if (isset($_SESSION['user_birthdate'])) echo $_SESSION['user_birthdate']; ?>" />
+				<input type="text" name="user_birthdate" id="id_user_birthdate" value="<?php if (isset($_SESSION['user_birthdate'])) echo htmlspecialchars($_SESSION['user_birthdate']); ?>" />
 			</p>
 			
 			<p class="buttons">
@@ -174,7 +174,7 @@
 		
 		<div class="box_body">
 			<div style="text-align:center;">
-				<img src="/get_file.php?avatar=<?php echo $_SESSION['user_id'];?>&amp;width=200" width="200" class="avatar" />
+				<img src="/get_file.php?avatar=<?php echo (int)$_SESSION['user_id'];?>&amp;width=200" width="200" class="avatar" />
 			</div>
 			
 			<p>
@@ -206,7 +206,7 @@
 			<p>
 				<?php 
 				$text = _("Your current email address is {1}.");
-				echo str_replace("{1}", $_SESSION['user_email'], $text);
+				echo str_replace("{1}", htmlspecialchars($_SESSION['user_email']), $text);
 				?>
 			</p>
 
diff --git a/prairie/template/editor.tpl.php b/prairie/template/editor.tpl.php
index 2e66174..9d22334 100644
--- a/prairie/template/editor.tpl.php
+++ b/prairie/template/editor.tpl.php
@@ -34,7 +34,7 @@
 		<div class="box_body">
 			<p>
 				<label for="id_webspace_title"><?php echo _("Title");?></label>
-				<input type="text" name="webspace_title" id="id_webspace_title" value="<?php if (isset($webspace['webspace_title'])) { echo $webspace['webspace_title']; }?>" />
+				<input type="text" name="webspace_title" id="id_webspace_title" value="<?php if (isset($webspace['webspace_title'])) { echo htmlspecialchars($webspace['webspace_title']); }?>" />
 			</p>
 	
 	
@@ -91,7 +91,7 @@ function selectTheme(theme) {
 		<div class="box_body">
 			<p>
 				<label for="id_html"><?php echo _("HTML");?></label>
-				<textarea id="id_html" name="html" class="mceEditor"><?php if (isset($webspace['webspace_html'])) echo $webspace['webspace_html']; ?></textarea>
+				<textarea id="id_html" name="html" class="mceEditor"><?php if (isset($webspace['webspace_html'])) echo htmlspecialchars($webspace['webspace_html']); ?></textarea>
 				<script  type="text/javascript">
 				tinyMCE.init({
 			// General options
diff --git a/prairie/template/maintain.tpl.php b/prairie/template/maintain.tpl.php
index dd0dc71..d97a2c3 100755
--- a/prairie/template/maintain.tpl.php
+++ b/prairie/template/maintain.tpl.php
@@ -39,8 +39,8 @@
 			<?php
 			if (isset($account)) {
 			?>
-			<input type="hidden" name="user_id" value="<?php echo $account['user_id'];?>" />
-			<input type="hidden" name="openid_name" value="<?php echo $account['openid_name'];?>" />
+			<input type="hidden" name="user_id" value="<?php echo htmlspecialchars($account['user_id']);?>" />
+			<input type="hidden" name="openid_name" value="<?php echo htmlspecialchars($account['openid_name']);?>" />
 			
 			<p>
 				<label for="id_dob_year"><?php echo _("Memorable date");?></label>
@@ -114,7 +114,7 @@
 
 			<p>
 				<label><?php echo _("email address");?></label>
-				<input type="text" name="user_email" value="<?php echo $account['user_email'];?>" />
+				<input type="text" name="user_email" value="<?php echo htmlspecialchars($account['user_email']);?>" />
 			</p>
 
 			<p class="buttons">
@@ -167,10 +167,10 @@
 			foreach ($accounts as $key => $i):
 			?>
 			<li>
-				<span class="openid_name"><a href="/maintain/account/<?php echo $i['user_id'];?>"><?php echo $i['openid_name'];?></a></span>
-				<span class="user_name"><?php echo $i['user_name'];?></span>
-				<span class="user_email"><a href="mailto:<?php echo $i['user_email'];?>"><?php echo $i['user_email'];?></a></span>
-				<span class="user_dob"><?php echo $i['user_dob'];?></span>
+				<span class="openid_name"><a href="/maintain/account/<?php echo htmlspecialchars($i['user_id']);?>"><?php echo htmlspecialchars($i['openid_name']);?></a></span>
+				<span class="user_name"><?php echo htmlspecialchars($i['user_name']);?></span>
+				<span class="user_email"><a href="mailto:<?php echo htmlspecialchars($i['user_email']);?>"><?php echo htmlspecialchars($i['user_email']);?></a></span>
+				<span class="user_dob"><?php echo htmlspecialchars($i['user_dob']);?></span>
 				<span class="user_live"><?php if (!empty($i['user_live'])) { echo _("Live");} else { echo _("Pending");}?></span>
 			</li>
 			<?php
@@ -238,7 +238,7 @@
 			
 			<p>
 				<label for="id_unauthorized_openid_names"><?php echo _("Names");?></label>
-				<input type="text" name="unauthorized_openid_names" id="id_unauthorized_openid_names" value="<?php echo $arr_reg['unauthorized_openid_names'];?>" />
+				<input type="text" name="unauthorized_openid_names" id="id_unauthorized_openid_names" value="<?php echo htmlspecialchars($arr_reg['unauthorized_openid_names']);?>" />
 			</p>
 			
 			<p class="note">
@@ -311,7 +311,7 @@
 			
 			<p>
 				<label for="id_maintainer_openids"><?php echo _("Account names");?></label>
-				<input type="text" name="maintainer_openids" id="id_maintainer_openids" value="<?php echo $arr_security['maintainer_openids'];?>" />
+				<input type="text" name="maintainer_openids" id="id_maintainer_openids" value="<?php echo htmlspecialchars($arr_security['maintainer_openids']);?>" />
 			</p>
 			
 			<p class="buttons">
@@ -333,7 +333,7 @@
 			
 			<p>
 				<label for="id_authorized_email_domains"><?php echo _("Email domains");?></label>
-				<input type="text" name="authorized_email_domains" id="id_authorized_email_domains" value="<?php echo $arr_reg['email_domains'];?>" />
+				<input type="text" name="authorized_email_domains" id="id_authorized_email_domains" value="<?php echo htmlspecialchars($arr_reg['email_domains']);?>" />
 			</p>
 			
 			<p class="note">
@@ -359,12 +359,12 @@
 			
 			<p>
 				<label for="id_standard_locale"><?php echo _("Standard locale");?></label>
-				<input type="text" name="standard_locale" id="id_standard_locale" value="<?php echo $arr_lang['standard_locale'];?>" />
+				<input type="text" name="standard_locale" id="id_standard_locale" value="<?php echo htmlspecialchars($arr_lang['standard_locale']);?>" />
 			</p>
 			
 			<p>
 				<label for="id_server_locale"><?php echo _("Server locale");?></label>
-				<input type="text" name="server_locale" id="id_server_locale" value="<?php echo $arr_lang['server_locale'];?>" />
+				<input type="text" name="server_locale" id="id_server_locale" value="<?php echo htmlspecialchars($arr_lang['server_locale']);?>" />
 			</p>
 
 			<p class="buttons">
diff --git a/prairie/template/profile.tpl.php b/prairie/template/profile.tpl.php
index c3cba71..9a27b6d 100644
--- a/prairie/template/profile.tpl.php
+++ b/prairie/template/profile.tpl.php
@@ -51,12 +51,12 @@
 	}
 	else {
 		$freetext = _("OpenID for {1}.");
-		$freetext = str_replace("{1}", WEBSPACE_OPENID, $freetext);
+		$freetext = str_replace("{1}", htmlspecialchars(WEBSPACE_OPENID), $freetext);
 		$bodyText = theme_article_wrapper($freetext);
 	}
 	
 	echo theme_profile_body($emailForm, $bodyText ); 
-	echo theme_profile_sidebar ("/get_file.php?avatar=".$webspace['user_id']."&amp;width=200", 
-				$webspace['user_name'],
-				$webspace['user_location'] ); 
+	echo theme_profile_sidebar ("/get_file.php?avatar=".(int)$webspace['user_id']."&amp;width=200", 
+				htmlspecialchars($webspace['user_name']),
+				htmlspecialchars($webspace['user_location']) ); 
 ?>
\ No newline at end of file
diff --git a/prairie/template/register.tpl.php b/prairie/template/register.tpl.php
index 9e43b14..8a1b7ba 100755
--- a/prairie/template/register.tpl.php
+++ b/prairie/template/register.tpl.php
@@ -50,7 +50,7 @@
 				if (isset($email_domains)) {
 					$email_domains_str = implode (", ", $email_domains);
 					$email_domain_str = _("Registration is limited to people whom have an email account ending with {1}.");
-					$email_domain_str = str_replace("{1}", $email_domains_str, $email_domain_str);
+					$email_domain_str = str_replace("{1}", htmlspecialchars($email_domains_str), $email_domain_str);
 					echo $email_domain_str;
 				}
 				else {
@@ -67,7 +67,7 @@
 			
 			<p>
 				<label for="id_user_email"><?php echo _("Email");?></label>
-				<input type="text" name="user_email" id="id_user_email" value="<?php if (isset($_POST['user_email'])) { echo $_POST['user_email'];}?>"/>
+				<input type="text" name="user_email" id="id_user_email" value="<?php if (isset($_POST['user_email'])) { echo htmlspecialchars($_POST['user_email']);}?>"/>
 			</p>
 			
 			<p>
@@ -76,12 +76,12 @@
 			
 			<p>
 				<label for="id_user_password1"><?php echo _("Password");?></label>
-				<input type="password" name="user_password1" id="id_user_password1" value="<?php if (isset($_POST['user_password1'])) { echo $_POST['user_password1']; }?>" />
+				<input type="password" name="user_password1" id="id_user_password1" value="<?php if (isset($_POST['user_password1'])) { echo htmlspecialchars($_POST['user_password1']); }?>" />
 			</p>
 	
 			<p>
 				<label for="id_user_password2"><?php echo _("Repeat password");?></label>
-				<input type="password" name="user_password2" id="id_user_password2" value="<?php if (isset($_POST['user_password2'])) { echo $_POST['user_password2']; }?>" />
+				<input type="password" name="user_password2" id="id_user_password2" value="<?php if (isset($_POST['user_password2'])) { echo htmlspecialchars($_POST['user_password2']); }?>" />
 			</p>
 
 
@@ -93,7 +93,7 @@
 			
 			<p>
 				<label for="id_openid_name"><?php echo _("OpenID name");?></label>
-				<input type="text" name="openid_name" id="id_openid_name" value="<?php if (isset($_POST['openid_name'])) { echo $_POST['openid_name'];}?>" />
+				<input type="text" name="openid_name" id="id_openid_name" value="<?php if (isset($_POST['openid_name'])) { echo htmlspecialchars($_POST['openid_name']);}?>" />
 			</p>
 	
 			
@@ -101,12 +101,12 @@
 	
 			<p>
 				<label for="id_user_name"><?php echo _("Name");?></label>
-				<input type="text" id="id_user_name" name="user_name" value="<?php if (isset($_POST['user_name'])) { echo $_POST['user_name']; }?>"/>
+				<input type="text" id="id_user_name" name="user_name" value="<?php if (isset($_POST['user_name'])) { echo htmlspecialchars($_POST['user_name']); }?>"/>
 			</p>
 	
 			<p>
 				<label for="id_user_location"><?php echo _("Location");?></label>
-				<input type="text" id="id_user_location" name="user_location" value="<?php if (isset($_POST['user_location'])) { echo $_POST['user_location']; }?>"/>
+				<input type="text" id="id_user_location" name="user_location" value="<?php if (isset($_POST['user_location'])) { echo htmlspecialchars($_POST['user_location']); }?>"/>
 			</p>
 			
 			<p>
diff --git a/prairie/template/trust.tpl.php b/prairie/template/trust.tpl.php
index 6bb66ba..716edf3 100755
--- a/prairie/template/trust.tpl.php
+++ b/prairie/template/trust.tpl.php
@@ -41,7 +41,7 @@
 if (isset($trust)) {
 
 $trust_string = _("You are about to login to <a href='{1}'>{1}</a>. You have done this {2} times before. Last login datetime: {3}");
-$trust_string = str_replace('{1}', '<a href="'.$trust['trust_url'].'">'.$trust['trust_url'].'</a>', $trust_string);
+$trust_string = str_replace('{1}', '<a href="'.htmlspecialchars($trust['trust_url']).'">'.htmlspecialchars($trust['trust_url']).'</a>', $trust_string);
 $trust_string = str_replace('{2}', $trust['trust_total'], $trust_string);
 $trust_string = str_replace('{3}', $trust['trust_last_visit'], $trust_string);
 ?>
@@ -51,7 +51,7 @@
 elseif (isset($trust_url)) {
 
 $trust_string = _("You are about to login to <a href='{1}'>{1}</a>. This is the first time you login to that site.");
-$trust_string = str_replace('{1}', $trust_url, $trust_string);
+$trust_string = str_replace('{1}', htmlspecialchars($trust_url), $trust_string);
 ?>
 	<p><?php echo $trust_string;?></p>
 <?php }?>
diff --git a/prairie/template/wrapper.tpl.php b/prairie/template/wrapper.tpl.php
index f752747..9149633 100644
--- a/prairie/template/wrapper.tpl.php
+++ b/prairie/template/wrapper.tpl.php
@@ -58,11 +58,11 @@ function render_topMenu ($startblock = "", $endblock = "") {
 	<?php
 	if (defined('SCRIPT_NAME') && SCRIPT_NAME == 'profile') {
 	?>
-		<link rel="openid2.provider" href="http://<?php echo $_SERVER['HTTP_HOST']; ?>/login" />
-		<link rel="openid.server" href="http://<?php echo $_SERVER['HTTP_HOST']; ?>/login" />
+		<link rel="openid2.provider" href="http<?php if (isset($_SERVER['HTTPS'])&& (strtolower($_SERVER['HTTPS']) == 'on' || $_SERVER['HTTPS'] == 1)) { echo 's';} ?>://<?php echo $_SERVER['HTTP_HOST']; ?>/login" />
+		<link rel="openid.server" href="http<?php if (isset($_SERVER['HTTPS'])&& (strtolower($_SERVER['HTTPS']) == 'on' || $_SERVER['HTTPS'] == 1)) { echo 's'; } ?>://<?php echo $_SERVER['HTTP_HOST']; ?>/login" />
 	<?php }?>
 
-	<title><?php if (isset($webspace_title)) { echo $webspace_title; } else { echo _("Prairie");}?></title>
+	<title><?php if (isset($webspace_title)) { echo htmlspecialchars($webspace_title); } else { echo _("Prairie");}?></title>
 
 	<script type="text/javascript" src="/<?php echo SCRIPT_TEMPLATE_PATH;?>js/functions.js"></script>
 	<script type="text/javascript" src="/tiny_mce/tiny_mce.js"></script>
diff --git a/prairie/theme/blue/theme_functions.php b/prairie/theme/blue/theme_functions.php
index 5e6b66e..38fef29 100644
--- a/prairie/theme/blue/theme_functions.php
+++ b/prairie/theme/blue/theme_functions.php
@@ -190,7 +190,7 @@ function theme_head ($menu) {
 //	else $imgUrl = "/get_file.php?title=0";
 //	$cont = link_('<img src="'.$imgUrl.'" border="0" alt="" />', "/"); 
 	// Alternate: Have header as TEXT. 
-	$cont = WEBSPACE_USERNAME; 
+	$cont = htmlspecialchars(WEBSPACE_USERNAME);
 	$html = <<<HDD
 	<!-- header -->
   <div class="art-header">
diff --git a/prairie/theme/silver/theme_functions.php b/prairie/theme/silver/theme_functions.php
index b625d04..a065abd 100644
--- a/prairie/theme/silver/theme_functions.php
+++ b/prairie/theme/silver/theme_functions.php
@@ -103,7 +103,7 @@ function theme_topMenuItem ($selected, $buttontext, $menuURL) {
 
 function theme_head ($menu) {
 	
-	if (defined('WEBSPACE_USERID')) $imgUrl = "/get_file.php?title=".WEBSPACE_USERID; 
+	if (defined('WEBSPACE_USERID')) $imgUrl = "/get_file.php?title=".(int)WEBSPACE_USERID; 
 	else $imgUrl = "/get_file.php?title=0";
 	$cont = link_('<img src="'.$imgUrl.'" border="0" alt="" />', "/"); 
 	$html = <<<HDD
diff --git a/prairie/trust.php b/prairie/trust.php
index 652a74b..a335554 100755
--- a/prairie/trust.php
+++ b/prairie/trust.php
@@ -57,7 +57,7 @@
 	if (empty($result)) {
 		$rec = array();
 
-		$rec['user_id'] = $_SESSION['user_id'];
+		$rec['user_id'] = (int)$_SESSION['user_id'];
 		$rec['trust_url'] = $trust_url;
 		$rec['trust_total'] = 1;
 		$rec['trust_last_visit'] = time();
@@ -72,13 +72,18 @@
 			UPDATE " . $db->prefix . "_trust
 			SET trust_total=trust_total+1, 
 			trust_last_visit=NOW()
-			WHERE trust_id=" . $result[0]['trust_id']
+			WHERE trust_id=" . (int)$result[0]['trust_id']
 		;
 		
 		$db->Execute($query);
 	}
 }
 elseif (isset($_POST['cancel'])) {
+	if (strpos($openIDreturnTo, '\n') !== FALSE || (strpos($openIDreturnTo, 'http://')!==0 && strpos($openIDreturnTo, 'https://')!==0)) {
+		header("Status: 500");
+		echo "Invalid return URL found.";
+		exit;
+	}
 	header("Location: " . $openIDreturnTo);
 	exit;
 }
diff --git a/prairie/upload_file.php b/prairie/upload_file.php
index 6197b29..313ad68 100755
--- a/prairie/upload_file.php
+++ b/prairie/upload_file.php
@@ -36,7 +36,7 @@
 }
 
 if (isset($_POST['submit_delete_avatar'])) {
-	$destination = $core_config['file']['dir'] . "avatars/" . $_SESSION['user_id'] . "/";
+	$destination = $core_config['file']['dir'] . "avatars/" . (int)$_SESSION['user_id'] . "/";
 
 	foreach(glob($destination . '*') as $i) {
 		unlink($i);
@@ -66,7 +66,7 @@
 		if (isset($_POST['submit_upload_avatar'])) {
 			
 			$thumbnail_width = array(60, 100, 200);
-			$destination = $core_config['file']['dir'] . "avatars/" . $_SESSION['user_id'] . "/";
+			$destination = $core_config['file']['dir'] . "avatars/" . (int)$_SESSION['user_id'] . "/";
 	
 			if (!is_dir($destination)) {
 				$oldumask = umask(0);
@@ -165,7 +165,7 @@ function validateMimeType($mimes, $mime_type) {
 	echo $tpl->fetch($outer_tpl);
 }
 else {
-	header("Location: " . $_SERVER['HTTP_REFERER']);
+	header("Location: /");
 	exit;
 }
 ?>
\ No newline at end of file